From a53620218b198be806c307e517b9d672a7006880 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 23 Aug 2010 21:20:20 +1000 Subject: - (djm) Release OpenSSH-5.6p1 --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ba9858d03..e3ac6a925 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20100823 + - (djm) Release OpenSSH-5.6p1 + 20100816 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to -- cgit v1.2.3 From 6889abd9ad3cf0ec9a136b9ece71373c05087e38 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 27 Aug 2010 10:12:54 +1000 Subject: - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, remove. Patch from martynas at venck us. --- ChangeLog | 4 ++++ contrib/redhat/sshd.init | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e3ac6a925..532750d01 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20100827 + - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, + remove. Patch from martynas at venck us + 20100823 - (djm) Release OpenSSH-5.6p1 diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index e5d837cbc..854aff665 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init @@ -104,7 +104,7 @@ start() do_dsa_keygen echo -n $"Starting $prog:" - initlog -c "$SSHD $OPTIONS" && success || failure + $SSHD $OPTIONS && success || failure RETVAL=$? [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd echo -- cgit v1.2.3 From afdae616354e19d2b420fd533ddc2099de4c404c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:31:14 +1000 Subject: - jmc@cvs.openbsd.org 2010/08/08 19:36:30 [ssh-keysign.8 ssh.1 sshd.8] use the same template for all FILES sections; i.e. -compact/.Pp where we have multiple items, and .Pa for path names; --- ChangeLog | 7 +++++++ ssh-keysign.8 | 14 +++++++++----- ssh.1 | 46 +++++++++++++++++++++++----------------------- sshd.8 | 56 ++++++++++++++++++++++++++++---------------------------- 4 files changed, 67 insertions(+), 56 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 532750d01..18a356510 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20100931 + - OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/08/08 19:36:30 + [ssh-keysign.8 ssh.1 sshd.8] + use the same template for all FILES sections; i.e. -compact/.Pp where we + have multiple items, and .Pa for path names; + 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, remove. Patch from martynas at venck us diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 46c0ee9cd..2e47f1203 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.10 2010/08/04 05:42:47 djm Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.11 2010/08/08 19:36:30 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 4 2010 $ +.Dd $Mdocdate: August 8 2010 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -55,12 +55,14 @@ and .Xr sshd 8 for more information about host-based authentication. .Sh FILES -.Bl -tag -width Ds +.Bl -tag -width Ds -compact .It Pa /etc/ssh/ssh_config Controls whether .Nm is enabled. -.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key +.Pp +.It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable only by root, and not @@ -68,7 +70,9 @@ accessible to others. Since they are readable only by root, .Nm must be set-uid root if host-based authentication is used. -.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub, /etc/ssh/ssh_host_rsa_key-cert.pub +.Pp +.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub +.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub If these files exist they are assumed to contain public certificate information corresponding with the private keys above. .El diff --git a/ssh.1 b/ssh.1 index 02d28a00b..9b134f4ba 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.308 2010/08/04 05:37:01 djm Exp $ -.Dd $Mdocdate: August 4 2010 $ +.\" $OpenBSD: ssh.1,v 1.309 2010/08/08 19:36:30 jmc Exp $ +.Dd $Mdocdate: August 8 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -1250,7 +1250,7 @@ option in .Xr sshd_config 5 . .Sh FILES .Bl -tag -width Ds -compact -.It ~/.rhosts +.It Pa ~/.rhosts This file is used for host-based authentication (see above). On some machines this file may need to be world-readable if the user's home directory is on an NFS partition, @@ -1263,20 +1263,20 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -.It ~/.shosts +.It Pa ~/.shosts This file is used in exactly the same way as .Pa .rhosts , but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It ~/.ssh/ +.It Pa ~/.ssh/ This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp -.It ~/.ssh/authorized_keys +.It Pa ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the .Xr sshd 8 @@ -1284,21 +1284,21 @@ manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp -.It ~/.ssh/config +.It Pa ~/.ssh/config This is the per-user configuration file. The file format and configuration options are described in .Xr ssh_config 5 . Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others. .Pp -.It ~/.ssh/environment +.It Pa ~/.ssh/environment Contains additional definitions for environment variables; see .Sx ENVIRONMENT , above. .Pp -.It ~/.ssh/identity -.It ~/.ssh/id_dsa -.It ~/.ssh/id_rsa +.It Pa ~/.ssh/identity +.It Pa ~/.ssh/id_dsa +.It Pa ~/.ssh/id_rsa Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not @@ -1309,21 +1309,21 @@ It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using 3DES. .Pp -.It ~/.ssh/identity.pub -.It ~/.ssh/id_dsa.pub -.It ~/.ssh/id_rsa.pub +.It Pa ~/.ssh/identity.pub +.It Pa ~/.ssh/id_dsa.pub +.It Pa ~/.ssh/id_rsa.pub Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone. .Pp -.It ~/.ssh/known_hosts +.It Pa ~/.ssh/known_hosts Contains a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys. See .Xr sshd 8 for further details of the format of this file. .Pp -.It ~/.ssh/rc +.It Pa ~/.ssh/rc Commands in this file are executed by .Nm when the user logs in, just before the user's shell (or command) is @@ -1332,11 +1332,11 @@ See the .Xr sshd 8 manual page for more information. .Pp -.It /etc/hosts.equiv +.It Pa /etc/hosts.equiv This file is for host-based authentication (see above). It should only be writable by root. .Pp -.It /etc/shosts.equiv +.It Pa /etc/shosts.equiv This file is used in exactly the same way as .Pa hosts.equiv , but allows host-based authentication without permitting login with @@ -1347,9 +1347,9 @@ Systemwide configuration file. The file format and configuration options are described in .Xr ssh_config 5 . .Pp -.It /etc/ssh/ssh_host_key -.It /etc/ssh/ssh_host_dsa_key -.It /etc/ssh/ssh_host_rsa_key +.It Pa /etc/ssh/ssh_host_key +.It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for host-based authentication. If protocol version 1 is used, @@ -1367,7 +1367,7 @@ By default .Nm is not setuid root. .Pp -.It /etc/ssh/ssh_known_hosts +.It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the @@ -1377,7 +1377,7 @@ See .Xr sshd 8 for further details of the format of this file. .Pp -.It /etc/ssh/sshrc +.It Pa /etc/ssh/sshrc Commands in this file are executed by .Nm when the user logs in, just before the user's shell (or command) is started. diff --git a/sshd.8 b/sshd.8 index d3685b92b..bf9d6a2ec 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.257 2010/08/04 05:37:01 djm Exp $ -.Dd $Mdocdate: August 4 2010 $ +.\" $OpenBSD: sshd.8,v 1.258 2010/08/08 19:36:30 jmc Exp $ +.Dd $Mdocdate: August 8 2010 $ .Dt SSHD 8 .Os .Sh NAME @@ -751,7 +751,7 @@ AAAA1234.....= .Ed .Sh FILES .Bl -tag -width Ds -compact -.It ~/.hushlogin +.It Pa ~/.hushlogin This file is used to suppress printing the last login time and .Pa /etc/motd , if @@ -763,7 +763,7 @@ are enabled. It does not suppress printing of the banner specified by .Cm Banner . .Pp -.It ~/.rhosts +.It Pa ~/.rhosts This file is used for host-based authentication (see .Xr ssh 1 for more information). @@ -778,20 +778,20 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -.It ~/.shosts +.It Pa ~/.shosts This file is used in exactly the same way as .Pa .rhosts , but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It ~/.ssh/ +.It Pa ~/.ssh/ This directory is the default location for all user-specific configuration and authentication information. There is no general requirement to keep the entire contents of this directory secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp -.It ~/.ssh/authorized_keys +.It Pa ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described above. The content of the file is not highly sensitive, but the recommended @@ -809,7 +809,7 @@ will not allow it to be used unless the option has been set to .Dq no . .Pp -.It ~/.ssh/environment +.It Pa ~/.ssh/environment This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with .Ql # ) , @@ -821,40 +821,40 @@ controlled via the .Cm PermitUserEnvironment option. .Pp -.It ~/.ssh/known_hosts +.It Pa ~/.ssh/known_hosts Contains a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys. The format of this file is described above. This file should be writable only by root/the owner and can, but need not be, world-readable. .Pp -.It ~/.ssh/rc +.It Pa ~/.ssh/rc Contains initialization routines to be run before the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp -.It /etc/hosts.allow -.It /etc/hosts.deny +.It Pa /etc/hosts.allow +.It Pa /etc/hosts.deny Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in .Xr hosts_access 5 . .Pp -.It /etc/hosts.equiv +.It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . It should only be writable by root. .Pp -.It /etc/moduli +.It Pa /etc/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". The file format is described in .Xr moduli 5 . .Pp -.It /etc/motd +.It Pa /etc/motd See .Xr motd 5 . .Pp -.It /etc/nologin +.It Pa /etc/nologin If this file exists, .Nm refuses to let anyone except root log in. @@ -863,15 +863,15 @@ are displayed to anyone trying to log in, and non-root connections are refused. The file should be world-readable. .Pp -.It /etc/shosts.equiv +.It Pa /etc/shosts.equiv This file is used in exactly the same way as .Pa hosts.equiv , but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It /etc/ssh/ssh_host_key -.It /etc/ssh/ssh_host_dsa_key -.It /etc/ssh/ssh_host_rsa_key +.It Pa /etc/ssh/ssh_host_key +.It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. @@ -879,9 +879,9 @@ Note that .Nm does not start if these files are group/world-accessible. .Pp -.It /etc/ssh/ssh_host_key.pub -.It /etc/ssh/ssh_host_dsa_key.pub -.It /etc/ssh/ssh_host_rsa_key.pub +.It Pa /etc/ssh/ssh_host_key.pub +.It Pa /etc/ssh/ssh_host_dsa_key.pub +.It Pa /etc/ssh/ssh_host_rsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by root. @@ -892,7 +892,7 @@ the user so their contents can be copied to known hosts files. These files are created using .Xr ssh-keygen 1 . .Pp -.It /etc/ssh/ssh_known_hosts +.It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the @@ -901,20 +901,20 @@ The format of this file is described above. This file should be writable only by root/the owner and should be world-readable. .Pp -.It /etc/ssh/sshd_config +.It Pa /etc/ssh/sshd_config Contains configuration data for .Nm sshd . The file format and configuration options are described in .Xr sshd_config 5 . .Pp -.It /etc/ssh/sshrc +.It Pa /etc/ssh/sshrc Similar to .Pa ~/.ssh/rc , it can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. .Pp -.It /var/empty +.It Pa /var/empty .Xr chroot 2 directory used by .Nm @@ -922,7 +922,7 @@ during privilege separation in the pre-authentication phase. The directory should not contain any files and must be owned by root and not group or world-writable. .Pp -.It /var/run/sshd.pid +.It Pa /var/run/sshd.pid Contains the process ID of the .Nm listening for connections (if there are several daemons running -- cgit v1.2.3 From 9b87e795387f748a21cd4d6c26ae57e800c36b54 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:31:37 +1000 Subject: - tedu@cvs.openbsd.org 2010/08/12 23:34:39 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm --- ChangeLog | 4 ++++ ssh-add.c | 4 ++-- ssh-agent.c | 4 ++-- ssh-keygen.c | 4 ++-- ssh-keysign.c | 4 ++-- ssh.c | 4 ++-- sshd.c | 4 ++-- 7 files changed, 16 insertions(+), 12 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 18a356510..f18c8de92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [ssh-keysign.8 ssh.1 sshd.8] use the same template for all FILES sections; i.e. -compact/.Pp where we have multiple items, and .Pa for path names; + - tedu@cvs.openbsd.org 2010/08/12 23:34:39 + [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] + OpenSSL_add_all_algorithms is the name of the function we have a man page + for, so use that. ok djm 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, diff --git a/ssh-add.c b/ssh-add.c index fb641ec48..e3e89d34c 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.97 2010/08/12 23:34:38 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -372,7 +372,7 @@ main(int argc, char **argv) init_rng(); seed_rng(); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); diff --git a/ssh-agent.c b/ssh-agent.c index 2c0e28696..d5690e0c5 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.166 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.167 2010/08/12 23:34:38 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1092,7 +1092,7 @@ main(int ac, char **av) prctl(PR_SET_DUMPABLE, 0); #endif - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); __progname = ssh_get_progname(av[0]); init_rng(); diff --git a/ssh-keygen.c b/ssh-keygen.c index d90b1dfdd..37670ba67 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.197 2010/08/04 06:07:11 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.198 2010/08/12 23:34:38 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1781,7 +1781,7 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); init_rng(); diff --git a/ssh-keysign.c b/ssh-keysign.c index 0c7077050..eddbcf707 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.32 2010/08/04 06:08:40 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.33 2010/08/12 23:34:39 tedu Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -194,7 +194,7 @@ main(int argc, char **argv) if (key_fd[0] == -1 && key_fd[1] == -1) fatal("could not open any host key"); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); diff --git a/ssh.c b/ssh.c index 4419f7642..34215a00d 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.347 2010/08/12 23:34:39 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -599,7 +599,7 @@ main(int ac, char **av) if (!host) usage(); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* Initialize the command to execute on remote host. */ diff --git a/sshd.c b/sshd.c index a7d3ee5c4..e61c0b9d6 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.375 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.376 2010/08/12 23:34:39 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1464,7 +1464,7 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); /* * Force logging to stderr until we have loaded the private host -- cgit v1.2.3 From d96546f5b0f7c57395a338dbb9ac3ac5a48b77fa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:32:12 +1000 Subject: - djm@cvs.openbsd.org 2010/08/16 04:06:06 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] backout previous temporarily; discussed with deraadt@ --- ChangeLog | 3 +++ ssh-add.c | 4 ++-- ssh-agent.c | 4 ++-- ssh-keygen.c | 4 ++-- ssh-keysign.c | 4 ++-- ssh.c | 4 ++-- sshd.c | 4 ++-- 7 files changed, 15 insertions(+), 12 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f18c8de92..a56f04349 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm + - djm@cvs.openbsd.org 2010/08/16 04:06:06 + [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] + backout previous temporarily; discussed with deraadt@ 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, diff --git a/ssh-add.c b/ssh-add.c index e3e89d34c..7f8fb2c6d 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.97 2010/08/12 23:34:38 tedu Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.98 2010/08/16 04:06:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -372,7 +372,7 @@ main(int argc, char **argv) init_rng(); seed_rng(); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); diff --git a/ssh-agent.c b/ssh-agent.c index d5690e0c5..e6725ea88 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.167 2010/08/12 23:34:38 tedu Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.168 2010/08/16 04:06:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1092,7 +1092,7 @@ main(int ac, char **av) prctl(PR_SET_DUMPABLE, 0); #endif - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); __progname = ssh_get_progname(av[0]); init_rng(); diff --git a/ssh-keygen.c b/ssh-keygen.c index 37670ba67..93f598004 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.198 2010/08/12 23:34:38 tedu Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.199 2010/08/16 04:06:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1781,7 +1781,7 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); init_rng(); diff --git a/ssh-keysign.c b/ssh-keysign.c index eddbcf707..cf3bf1b9b 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.33 2010/08/12 23:34:39 tedu Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.34 2010/08/16 04:06:06 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -194,7 +194,7 @@ main(int argc, char **argv) if (key_fd[0] == -1 && key_fd[1] == -1) fatal("could not open any host key"); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); diff --git a/ssh.c b/ssh.c index 34215a00d..44b570bf9 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.347 2010/08/12 23:34:39 tedu Exp $ */ +/* $OpenBSD: ssh.c,v 1.348 2010/08/16 04:06:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -599,7 +599,7 @@ main(int ac, char **av) if (!host) usage(); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); /* Initialize the command to execute on remote host. */ diff --git a/sshd.c b/sshd.c index e61c0b9d6..52a3789bb 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.376 2010/08/12 23:34:39 tedu Exp $ */ +/* $OpenBSD: sshd.c,v 1.377 2010/08/16 04:06:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1464,7 +1464,7 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); - OpenSSL_add_all_algorithms(); + SSLeay_add_all_algorithms(); /* * Force logging to stderr until we have loaded the private host -- cgit v1.2.3 From da108ece6843f1268aa36d7c8ed0030dc53acd15 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:36:39 +1000 Subject: - djm@cvs.openbsd.org 2010/08/31 09:58:37 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] [packet.h ssh-dss.c ssh-rsa.c] Add buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely. --- ChangeLog | 14 ++++++++++++++ auth-options.c | 8 ++++---- auth1.c | 6 +++--- auth2.c | 10 +++++----- bufaux.c | 35 ++++++++++++++++++++++++++++++++++- buffer.h | 4 +++- kex.c | 4 ++-- key.c | 13 ++++--------- packet.c | 9 ++++++++- packet.h | 3 ++- ssh-dss.c | 4 ++-- ssh-rsa.c | 4 ++-- 12 files changed, 83 insertions(+), 31 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a56f04349..2f4acd9de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,20 @@ - djm@cvs.openbsd.org 2010/08/16 04:06:06 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] backout previous temporarily; discussed with deraadt@ + - djm@cvs.openbsd.org 2010/08/31 09:58:37 + [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] + [packet.h ssh-dss.c ssh-rsa.c] + Add buffer_get_cstring() and related functions that verify that the + string extracted from the buffer contains no embedded \0 characters* + This prevents random (possibly malicious) crap from being appended to + strings where it would not be noticed if the string is used with + a string(3) function. + + Use the new API in a few sensitive places. + + * actually, we allow a single one at the end of the string for now because + we don't know how many deployed implementations get this wrong, but don't + count on this to remain indefinitely. 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, diff --git a/auth-options.c b/auth-options.c index a7040247f..a9c26add6 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.52 2010/05/20 23:46:02 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.53 2010/08/31 09:58:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -444,7 +444,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, buffer_append(&c, optblob, optblob_len); while (buffer_len(&c) > 0) { - if ((name = buffer_get_string_ret(&c, &nlen)) == NULL || + if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL || (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) { error("Certificate options corrupt"); goto out; @@ -479,7 +479,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, } if (!found && (which & OPTIONS_CRITICAL) != 0) { if (strcmp(name, "force-command") == 0) { - if ((command = buffer_get_string_ret(&data, + if ((command = buffer_get_cstring_ret(&data, &clen)) == NULL) { error("Certificate constraint \"%s\" " "corrupt", name); @@ -500,7 +500,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, found = 1; } if (strcmp(name, "source-address") == 0) { - if ((allowed = buffer_get_string_ret(&data, + if ((allowed = buffer_get_cstring_ret(&data, &clen)) == NULL) { error("Certificate constraint " "\"%s\" corrupt", name); diff --git a/auth1.c b/auth1.c index bf442dbf6..cc85aec74 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.74 2010/06/25 08:46:17 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.75 2010/08/31 09:58:37 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -167,7 +167,7 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) * trust the client; root on the client machine can * claim to be any user. */ - client_user = packet_get_string(&ulen); + client_user = packet_get_cstring(&ulen); /* Get the client host key. */ client_host_key = key_new(KEY_RSA1); @@ -389,7 +389,7 @@ do_authentication(Authctxt *authctxt) packet_read_expect(SSH_CMSG_USER); /* Get the user name. */ - user = packet_get_string(&ulen); + user = packet_get_cstring(&ulen); packet_check_eom(); if ((style = strchr(user, ':')) != NULL) diff --git a/auth2.c b/auth2.c index 5d5468559..95820f96f 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.121 2009/06/22 05:39:28 dtucker Exp $ */ +/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -182,7 +182,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) Authctxt *authctxt = ctxt; u_int len; int acceptit = 0; - char *service = packet_get_string(&len); + char *service = packet_get_cstring(&len); packet_check_eom(); if (authctxt == NULL) @@ -221,9 +221,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); - user = packet_get_string(NULL); - service = packet_get_string(NULL); - method = packet_get_string(NULL); + user = packet_get_cstring(NULL); + service = packet_get_cstring(NULL); + method = packet_get_cstring(NULL); debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); diff --git a/bufaux.c b/bufaux.c index 854fd510a..00208ca27 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.49 2010/03/26 03:13:17 djm Exp $ */ +/* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -202,6 +202,39 @@ buffer_get_string(Buffer *buffer, u_int *length_ptr) return (ret); } +char * +buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) +{ + u_int length; + char *cp, *ret = buffer_get_string_ret(buffer, &length); + + if (ret == NULL) + return NULL; + if ((cp = memchr(ret, '\0', length)) != NULL) { + /* XXX allow \0 at end-of-string for a while, remove later */ + if (cp == ret + length - 1) + error("buffer_get_cstring_ret: string contains \\0"); + else { + bzero(ret, length); + xfree(ret); + return NULL; + } + } + if (length_ptr != NULL) + *length_ptr = length; + return ret; +} + +char * +buffer_get_cstring(Buffer *buffer, u_int *length_ptr) +{ + char *ret; + + if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL) + fatal("buffer_get_cstring: buffer error"); + return ret; +} + void * buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr) { diff --git a/buffer.h b/buffer.h index 4ef4f80b3..93baae2c8 100644 --- a/buffer.h +++ b/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.19 2010/02/09 03:56:28 djm Exp $ */ +/* $OpenBSD: buffer.h,v 1.20 2010/08/31 09:58:37 djm Exp $ */ /* * Author: Tatu Ylonen @@ -68,6 +68,7 @@ void buffer_put_char(Buffer *, int); void *buffer_get_string(Buffer *, u_int *); void *buffer_get_string_ptr(Buffer *, u_int *); void buffer_put_string(Buffer *, const void *, u_int); +char *buffer_get_cstring(Buffer *, u_int *); void buffer_put_cstring(Buffer *, const char *); #define buffer_skip_string(b) \ @@ -81,6 +82,7 @@ int buffer_get_short_ret(u_short *, Buffer *); int buffer_get_int_ret(u_int *, Buffer *); int buffer_get_int64_ret(u_int64_t *, Buffer *); void *buffer_get_string_ret(Buffer *, u_int *); +char *buffer_get_cstring_ret(Buffer *, u_int *); void *buffer_get_string_ptr_ret(Buffer *, u_int *); int buffer_get_char_ret(char *, Buffer *); diff --git a/kex.c b/kex.c index 148cfee80..ca5aae3e4 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */ +/* $OpenBSD: kex.c,v 1.83 2010/08/31 09:58:37 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -98,7 +98,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) buffer_get_char(&b); /* extract kex init proposal strings */ for (i = 0; i < PROPOSAL_MAX; i++) { - proposal[i] = buffer_get_string(&b,NULL); + proposal[i] = buffer_get_cstring(&b,NULL); debug2("kex_parse_kexinit: %s", proposal[i]); } /* first kex follows / reserved */ diff --git a/key.c b/key.c index e4aa25c03..aed4678cb 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.90 2010/07/13 23:13:16 djm Exp $ */ +/* $OpenBSD: key.c,v 1.91 2010/08/31 09:58:37 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1067,7 +1067,7 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) principals = exts = critical = sig_key = sig = NULL; if ((!v00 && buffer_get_int64_ret(&key->cert->serial, b) != 0) || buffer_get_int_ret(&key->cert->type, b) != 0 || - (key->cert->key_id = buffer_get_string_ret(b, &kidlen)) == NULL || + (key->cert->key_id = buffer_get_cstring_ret(b, &kidlen)) == NULL || (principals = buffer_get_string_ret(b, &plen)) == NULL || buffer_get_int64_ret(&key->cert->valid_after, b) != 0 || buffer_get_int64_ret(&key->cert->valid_before, b) != 0 || @@ -1105,15 +1105,10 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) error("%s: Too many principals", __func__); goto out; } - if ((principal = buffer_get_string_ret(&tmp, &plen)) == NULL) { + if ((principal = buffer_get_cstring_ret(&tmp, &plen)) == NULL) { error("%s: Principals data invalid", __func__); goto out; } - if (strlen(principal) != plen) { - error("%s: Principal contains \\0 character", - __func__); - goto out; - } key->cert->principals = xrealloc(key->cert->principals, key->cert->nprincipals + 1, sizeof(*key->cert->principals)); key->cert->principals[key->cert->nprincipals++] = principal; @@ -1200,7 +1195,7 @@ key_from_blob(const u_char *blob, u_int blen) #endif buffer_init(&b); buffer_append(&b, blob, blen); - if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) { + if ((ktype = buffer_get_cstring_ret(&b, NULL)) == NULL) { error("key_from_blob: can't read key type"); goto out; } diff --git a/packet.c b/packet.c index 48f7fe613..49aa97335 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.168 2010/07/13 23:13:16 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.169 2010/08/31 09:58:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1546,6 +1546,13 @@ packet_get_string_ptr(u_int *length_ptr) return buffer_get_string_ptr(&active_state->incoming_packet, length_ptr); } +/* Ensures the returned string has no embedded \0 characters in it. */ +char * +packet_get_cstring(u_int *length_ptr) +{ + return buffer_get_cstring(&active_state->incoming_packet, length_ptr); +} + /* * Sends a diagnostic message from the server to the client. This message * can be sent at any time (but not while constructing another message). The diff --git a/packet.h b/packet.h index 33523d750..fd0b056fd 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.52 2009/06/27 09:29:06 andreas Exp $ */ +/* $OpenBSD: packet.h,v 1.53 2010/08/31 09:58:37 djm Exp $ */ /* * Author: Tatu Ylonen @@ -61,6 +61,7 @@ void packet_get_bignum(BIGNUM * value); void packet_get_bignum2(BIGNUM * value); void *packet_get_raw(u_int *length_ptr); void *packet_get_string(u_int *length_ptr); +char *packet_get_cstring(u_int *length_ptr); void *packet_get_string_ptr(u_int *length_ptr); void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff --git a/ssh-dss.c b/ssh-dss.c index 175e4d030..ede5e21e5 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.26 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -133,7 +133,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, char *ktype; buffer_init(&b); buffer_append(&b, signature, signaturelen); - ktype = buffer_get_string(&b, NULL); + ktype = buffer_get_cstring(&b, NULL); if (strcmp("ssh-dss", ktype) != 0) { error("ssh_dss_verify: cannot handle type %s", ktype); buffer_free(&b); diff --git a/ssh-rsa.c b/ssh-rsa.c index c471ff323..c6355fa09 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.44 2010/07/16 14:07:35 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.45 2010/08/31 09:58:37 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -127,7 +127,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, } buffer_init(&b); buffer_append(&b, signature, signaturelen); - ktype = buffer_get_string(&b, NULL); + ktype = buffer_get_cstring(&b, NULL); if (strcmp("ssh-rsa", ktype) != 0) { error("ssh_rsa_verify: cannot handle type %s", ktype); buffer_free(&b); -- cgit v1.2.3 From eb8b60e320cdade9f4c07e2abacfb92c52e01348 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:41:14 +1000 Subject: - djm@cvs.openbsd.org 2010/08/31 11:54:45 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@ --- ChangeLog | 23 +++ PROTOCOL | 45 +++-- PROTOCOL.agent | 44 +++-- PROTOCOL.certkeys | 89 ++++++--- auth2-jpake.c | 7 +- authfd.c | 20 +- authfile.c | 32 +++- bufec.c | 140 ++++++++++++++ buffer.h | 9 +- dns.c | 3 +- kex.c | 10 +- kex.h | 16 +- kexecdh.c | 108 +++++++++++ kexecdhc.c | 156 ++++++++++++++++ kexecdhs.c | 161 ++++++++++++++++ key.c | 541 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- key.h | 23 ++- monitor.c | 3 +- monitor_wrap.c | 3 +- myproposal.h | 32 +++- packet.c | 14 +- packet.h | 5 +- pathnames.h | 4 +- readconf.c | 8 +- ssh-add.1 | 13 +- ssh-add.c | 3 +- ssh-agent.1 | 11 +- ssh-agent.c | 60 +++++- ssh-ecdsa.c | 160 ++++++++++++++++ ssh-keygen.1 | 9 +- ssh-keygen.c | 40 +++- ssh-keyscan.1 | 20 +- ssh-keyscan.c | 13 +- ssh-keysign.8 | 6 +- ssh.1 | 25 ++- ssh.c | 27 ++- ssh2.h | 6 +- ssh_config.5 | 23 ++- sshconnect.c | 4 +- sshconnect2.c | 3 +- sshd.8 | 20 +- sshd.c | 7 +- sshd_config.5 | 12 +- uuencode.c | 4 +- uuencode.h | 4 +- 45 files changed, 1793 insertions(+), 173 deletions(-) create mode 100644 bufec.c create mode 100644 kexecdh.c create mode 100644 kexecdhc.c create mode 100644 kexecdhs.c create mode 100644 ssh-ecdsa.c (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2f4acd9de..889580e5e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,29 @@ * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely. + - djm@cvs.openbsd.org 2010/08/31 11:54:45 + [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] + [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] + [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] + [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] + [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] + [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] + [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] + Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and + host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer + better performance than plain DH and DSA at the same equivalent symmetric + key length, as well as much shorter keys. + + Only the mandatory sections of RFC5656 are implemented, specifically the + three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and + ECDSA. Point compression (optional in RFC5656 is NOT implemented). + + Certificate host and user keys using the new ECDSA key types are supported. + + Note that this code has not been tested for interoperability and may be + subject to change. + + feedback and ok markus@ 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, diff --git a/PROTOCOL b/PROTOCOL index 5fc31eade..5d2a7118a 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -12,7 +12,9 @@ are individually implemented as extensions described below. The protocol used by OpenSSH's ssh-agent is described in the file PROTOCOL.agent -1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com" +1. Transport protocol changes + +1.1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com" This is a new transport-layer MAC method using the UMAC algorithm (rfc4418). This method is identical to the "umac-64" method documented @@ -20,7 +22,7 @@ in: http://www.openssh.com/txt/draft-miller-secsh-umac-01.txt -2. transport: Protocol 2 compression algorithm "zlib@openssh.com" +1.2. transport: Protocol 2 compression algorithm "zlib@openssh.com" This transport-layer compression method uses the zlib compression algorithm (identical to the "zlib" method in rfc4253), but delays the @@ -31,14 +33,27 @@ The method is documented in: http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt -3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com" and - "ssh-dsa-cert-v00@openssh.com" +1.3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com", + "ssh-dsa-cert-v00@openssh.com", + "ecdsa-sha2-nistp256-cert-v01@openssh.com", + "ecdsa-sha2-nistp384-cert-v01@openssh.com" and + "ecdsa-sha2-nistp521-cert-v01@openssh.com" -OpenSSH introduces two new public key algorithms to support certificate +OpenSSH introduces new public key algorithms to support certificate authentication for users and hostkeys. These methods are documented in the file PROTOCOL.certkeys -4. connection: Channel write close extension "eow@openssh.com" +1.4. transport: Elliptic Curve cryptography + +OpenSSH supports ECC key exchange and public key authentication as +specified in RFC5656. Only the ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 +and ecdsa-sha2-nistp521 curves over GF(p) are supported. Elliptic +curve points encoded using point compression are NOT accepted or +generated. + +2. Connection protocol changes + +2.1. connection: Channel write close extension "eow@openssh.com" The SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF message to allow an endpoint to signal its peer that it will send no @@ -77,8 +92,8 @@ message is only sent to OpenSSH peers (identified by banner). Other SSH implementations may be whitelisted to receive this message upon request. -5. connection: disallow additional sessions extension - "no-more-sessions@openssh.com" +2.2. connection: disallow additional sessions extension + "no-more-sessions@openssh.com" Most SSH connections will only ever request a single session, but a attacker may abuse a running ssh client to surreptitiously open @@ -105,7 +120,7 @@ of this message, the no-more-sessions request is only sent to OpenSSH servers (identified by banner). Other SSH implementations may be whitelisted to receive this message upon request. -6. connection: Tunnel forward extension "tun@openssh.com" +2.3. connection: Tunnel forward extension "tun@openssh.com" OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" channel type. This channel type supports forwarding of network packets @@ -166,7 +181,9 @@ The contents of the "data" field for layer 2 packets is: The "frame" field contains an IEEE 802.3 Ethernet frame, including header. -7. sftp: Reversal of arguments to SSH_FXP_SYMLINK +3. SFTP protocol changes + +3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK When OpenSSH's sftp-server was implemented, the order of the arguments to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately, @@ -179,7 +196,7 @@ SSH_FXP_SYMLINK as follows: string targetpath string linkpath -8. sftp: Server extension announcement in SSH_FXP_VERSION +3.2. sftp: Server extension announcement in SSH_FXP_VERSION OpenSSH's sftp-server lists the extensions it supports using the standard extension announcement mechanism in the SSH_FXP_VERSION server @@ -200,7 +217,7 @@ ever changed in an incompatible way. The server MAY advertise the same extension with multiple versions (though this is unlikely). Clients MUST check the version number before attempting to use the extension. -9. sftp: Extension request "posix-rename@openssh.com" +3.3. sftp: Extension request "posix-rename@openssh.com" This operation provides a rename operation with POSIX semantics, which are different to those provided by the standard SSH_FXP_RENAME in @@ -217,7 +234,7 @@ rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -10. sftp: Extension requests "statvfs@openssh.com" and +3.4. sftp: Extension requests "statvfs@openssh.com" and "fstatvfs@openssh.com" These requests correspond to the statvfs and fstatvfs POSIX system @@ -258,4 +275,4 @@ The values of the f_flag bitmask are as follows: Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are advertised in the SSH_FXP_VERSION hello with version "2". -$OpenBSD: PROTOCOL,v 1.15 2010/02/26 20:29:54 djm Exp $ +$OpenBSD: PROTOCOL,v 1.16 2010/08/31 11:54:45 djm Exp $ diff --git a/PROTOCOL.agent b/PROTOCOL.agent index b34fcd318..de94d037d 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent @@ -159,8 +159,8 @@ successfully added or a SSH_AGENT_FAILURE if an error occurred. 2.2.3 Add protocol 2 key -The OpenSSH agent supports DSA and RSA keys for protocol 2. DSA keys may -be added using the following request +The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA +keys may be added using the following request byte SSH2_AGENTC_ADD_IDENTITY or SSH2_AGENTC_ADD_ID_CONSTRAINED @@ -182,6 +182,30 @@ DSA certificates may be added with: string key_comment constraint[] key_constraints +ECDSA keys may be added using the following request + + byte SSH2_AGENTC_ADD_IDENTITY or + SSH2_AGENTC_ADD_ID_CONSTRAINED + string "ecdsa-sha2-nistp256" | + "ecdsa-sha2-nistp384" | + "ecdsa-sha2-nistp521" + string ecdsa_curve_name + string ecdsa_public_key + mpint ecdsa_private + string key_comment + constraint[] key_constraints + +ECDSA certificates may be added with: + byte SSH2_AGENTC_ADD_IDENTITY or + SSH2_AGENTC_ADD_ID_CONSTRAINED + string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | + "ecdsa-sha2-nistp384-cert-v01@openssh.com" | + "ecdsa-sha2-nistp521-cert-v01@openssh.com" + string certificate + mpint ecdsa_private_key + string key_comment + constraint[] key_constraints + RSA keys may be added with this request: byte SSH2_AGENTC_ADD_IDENTITY or @@ -214,7 +238,7 @@ order to the protocol 1 add keys message. As with the corresponding protocol 1 "add key" request, the private key is overspecified to avoid redundant processing. -For both DSA and RSA key add requests, "key_constraints" may only be +For DSA, ECDSA and RSA key add requests, "key_constraints" may only be present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. The agent will reply with a SSH_AGENT_SUCCESS if the key has been @@ -294,8 +318,7 @@ Protocol 2 keys may be removed with the following request: string key_blob Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for either of the supported key types: "ssh-dss" or -"ssh-rsa". +Algorithms" for any of the supported protocol 2 key types. The agent will delete any private key matching the specified public key and return SSH_AGENT_SUCCESS. If no such key was found, the agent will @@ -364,8 +387,7 @@ Followed by zero or more consecutive keys, encoded as: string key_comment Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for either of the supported key types: "ssh-dss" or -"ssh-rsa". +Algorithms" for any of the supported protocol 2 key types. 2.6 Private key operations @@ -429,9 +451,9 @@ a protocol 2 key: uint32 flags Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for either of the supported key types: "ssh-dss" or -"ssh-rsa". "flags" is a bit-mask, but at present only one possible value -is defined (see below for its meaning): +Algorithms" for any of the supported protocol 2 key types. "flags" is +a bit-mask, but at present only one possible value is defined (see below +for its meaning): SSH_AGENT_OLD_SIGNATURE 1 @@ -535,4 +557,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys. SSH_AGENT_CONSTRAIN_LIFETIME 1 SSH_AGENT_CONSTRAIN_CONFIRM 2 -$OpenBSD: PROTOCOL.agent,v 1.5 2010/02/26 20:29:54 djm Exp $ +$OpenBSD: PROTOCOL.agent,v 1.6 2010/08/31 11:54:45 djm Exp $ diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 1d1be13da..2f9764981 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys @@ -5,31 +5,37 @@ Background ---------- The SSH protocol currently supports a simple public key authentication -mechanism. Unlike other public key implementations, SSH eschews the -use of X.509 certificates and uses raw keys. This approach has some -benefits relating to simplicity of configuration and minimisation -of attack surface, but it does not support the important use-cases -of centrally managed, passwordless authentication and centrally -certified host keys. +mechanism. Unlike other public key implementations, SSH eschews the use +of X.509 certificates and uses raw keys. This approach has some benefits +relating to simplicity of configuration and minimisation of attack +surface, but it does not support the important use-cases of centrally +managed, passwordless authentication and centrally certified host keys. These protocol extensions build on the simple public key authentication -system already in SSH to allow certificate-based authentication. -The certificates used are not traditional X.509 certificates, with -numerous options and complex encoding rules, but something rather -more minimal: a key, some identity information and usage options -that have been signed with some other trusted key. +system already in SSH to allow certificate-based authentication. The +certificates used are not traditional X.509 certificates, with numerous +options and complex encoding rules, but something rather more minimal: a +key, some identity information and usage options that have been signed +with some other trusted key. A sshd server may be configured to allow authentication via certified -keys, by extending the existing ~/.ssh/authorized_keys mechanism -to allow specification of certification authority keys in addition -to raw user keys. The ssh client will support automatic verification -of acceptance of certified host keys, by adding a similar ability -to specify CA keys in ~/.ssh/known_hosts. +keys, by extending the existing ~/.ssh/authorized_keys mechanism to +allow specification of certification authority keys in addition to +raw user keys. The ssh client will support automatic verification of +acceptance of certified host keys, by adding a similar ability to +specify CA keys in ~/.ssh/known_hosts. -Certified keys are represented using two new key types: -ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com that -include certification information along with the public key that is used -to sign challenges. ssh-keygen performs the CA signing operation. +Certified keys are represented using new key types: + + ssh-rsa-cert-v01@openssh.com + ssh-dss-cert-v01@openssh.com + ecdsa-sha2-nistp256-cert-v01@openssh.com + ecdsa-sha2-nistp384-cert-v01@openssh.com + ecdsa-sha2-nistp521-cert-v01@openssh.com + +These include certification information along with the public key +that is used to sign challenges. ssh-keygen performs the CA signing +operation. Protocol extensions ------------------- @@ -47,10 +53,9 @@ in RFC4252 section 7. New public key formats ---------------------- -The ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com key -types take a similar high-level format (note: data types and -encoding are as per RFC4251 section 5). The serialised wire encoding of -these certificates is also used for storing them on disk. +The certificate key types take a similar high-level format (note: data +types and encoding are as per RFC4251 section 5). The serialised wire +encoding of these certificates is also used for storing them on disk. #define SSH_CERT_TYPE_USER 1 #define SSH_CERT_TYPE_HOST 2 @@ -93,6 +98,26 @@ DSA certificate string signature key string signature +ECDSA certificate + + string "ecdsa-sha2-nistp256@openssh.com" | + "ecdsa-sha2-nistp384@openssh.com" | + "ecdsa-sha2-nistp521@openssh.com" + string nonce + string curve + string public_key + uint64 serial + uint32 type + string key id + string valid principals + uint64 valid after + uint64 valid before + string critical options + string extensions + string reserved + string signature key + string signature + The nonce field is a CA-provided random bitstring of arbitrary length (but typically 16 or 32 bytes) included to make attacks that depend on inducing collisions in the signature hash infeasible. @@ -101,6 +126,9 @@ e and n are the RSA exponent and public modulus respectively. p, q, g, y are the DSA parameters as described in FIPS-186-2. +curve and public key are respectively the ECDSA "[identifier]" and "Q" +defined in section 3.1 of RFC5656. + serial is an optional certificate serial number set by the CA to provide an abbreviated way to refer to certificates from that CA. If a CA does not wish to number its certificates it must set this @@ -123,7 +151,8 @@ any principal of the specified type. XXX DNS wildcards? "valid after" and "valid before" specify a validity period for the certificate. Each represents a time in seconds since 1970-01-01 00:00:00. A certificate is considered valid if: - valid after <= current time < valid before + + valid after <= current time < valid before criticial options is a set of zero or more key options encoded as below. All such options are "critical" in the sense that an implementation @@ -137,15 +166,17 @@ The reserved field is currently unused and is ignored in this version of the protocol. signature key contains the CA key used to sign the certificate. -The valid key types for CA keys are ssh-rsa and ssh-dss. "Chained" +The valid key types for CA keys are ssh-rsa, ssh-dss and the ECDSA types +ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521. "Chained" certificates, where the signature key type is a certificate type itself are NOT supported. Note that it is possible for a RSA certificate key to -be signed by a DSS CA key and vice-versa. +be signed by a DSS or ECDSA CA key and vice-versa. signature is computed over all preceding fields from the initial string up to, and including the signature key. Signatures are computed and encoded according to the rules defined for the CA's public key algorithm -(RFC4253 section 6.6 for ssh-rsa and ssh-dss). +(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA +types). Critical options ---------------- @@ -222,4 +253,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.7 2010/08/04 05:40:39 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $ diff --git a/auth2-jpake.c b/auth2-jpake.c index 5de5506a6..a460e8216 100644 --- a/auth2-jpake.c +++ b/auth2-jpake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-jpake.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */ +/* $OpenBSD: auth2-jpake.c,v 1.4 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -162,6 +162,11 @@ derive_rawsalt(const char *username, u_char *rawsalt, u_int len) fatal("%s: DSA key missing priv_key", __func__); buffer_put_bignum2(&b, k->dsa->priv_key); break; + case KEY_ECDSA: + if (EC_KEY_get0_private_key(k->ecdsa) == NULL) + fatal("%s: ECDSA key missing priv_key", __func__); + buffer_put_bignum2(&b, EC_KEY_get0_private_key(k->ecdsa)); + break; default: fatal("%s: unknown key type %d", __func__, k->type); } diff --git a/authfd.c b/authfd.c index 739722fbf..ec537d2e9 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.83 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -509,6 +509,19 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) buffer_len(&key->cert->certblob)); buffer_put_bignum2(b, key->dsa->priv_key); break; + case KEY_ECDSA: + buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid)); + buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa), + EC_KEY_get0_public_key(key->ecdsa)); + buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); + break; + case KEY_ECDSA_CERT: + if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) + fatal("%s: no cert/certblob", __func__); + buffer_put_string(b, buffer_ptr(&key->cert->certblob), + buffer_len(&key->cert->certblob)); + buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); + break; } buffer_put_cstring(b, comment); } @@ -541,6 +554,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, case KEY_DSA: case KEY_DSA_CERT: case KEY_DSA_CERT_V00: + case KEY_ECDSA: + case KEY_ECDSA_CERT: type = constrained ? SSH2_AGENTC_ADD_ID_CONSTRAINED : SSH2_AGENTC_ADD_IDENTITY; @@ -589,7 +604,8 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); } else if (key_type_plain(key->type) == KEY_DSA || - key_type_plain(key->type) == KEY_RSA) { + key_type_plain(key->type) == KEY_RSA || + key_type_plain(key->type) == KEY_ECDSA) { key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); diff --git a/authfile.c b/authfile.c index 2bd887845..865e7faf9 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.83 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -213,6 +213,10 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase, success = PEM_write_DSAPrivateKey(fp, key->dsa, cipher, passphrase, len, NULL, NULL); break; + case KEY_ECDSA: + success = PEM_write_ECPrivateKey(fp, key->ecdsa, + cipher, passphrase, len, NULL, NULL); + break; case KEY_RSA: success = PEM_write_RSAPrivateKey(fp, key->rsa, cipher, passphrase, len, NULL, NULL); @@ -231,6 +235,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase, return key_save_private_rsa1(key, filename, passphrase, comment); case KEY_DSA: + case KEY_ECDSA: case KEY_RSA: return key_save_private_pem(key, filename, passphrase, comment); @@ -509,6 +514,29 @@ key_load_private_pem(int fd, int type, const char *passphrase, name = "dsa w/o comment"; #ifdef DEBUG_PK DSA_print_fp(stderr, prv->dsa, 8); +#endif + } else if (pk->type == EVP_PKEY_EC && + (type == KEY_UNSPEC||type==KEY_ECDSA)) { + prv = key_new(KEY_UNSPEC); + prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); + prv->type = KEY_ECDSA; + prv->ecdsa_nid = key_ecdsa_group_to_nid( + EC_KEY_get0_group(prv->ecdsa)); + if (key_curve_nid_to_name(prv->ecdsa_nid) == NULL) { + key_free(prv); + prv = NULL; + } + if (key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), + EC_KEY_get0_public_key(prv->ecdsa)) != 0 || + key_ec_validate_private(prv->ecdsa) != 0) { + error("%s: bad ECDSA key", __func__); + key_free(prv); + prv = NULL; + } + name = "dsa w/o comment"; +#ifdef DEBUG_PK + if (prv->ecdsa != NULL) + key_dump_ec_key(prv->ecdsa); #endif } else { error("PEM_read_PrivateKey: mismatch or " @@ -581,6 +609,7 @@ key_load_private_type(int type, const char *filename, const char *passphrase, commentp); /* closes fd */ case KEY_DSA: + case KEY_ECDSA: case KEY_RSA: case KEY_UNSPEC: return key_load_private_pem(fd, type, passphrase, commentp); @@ -721,6 +750,7 @@ key_load_private_cert(int type, const char *filename, const char *passphrase, switch (type) { case KEY_RSA: case KEY_DSA: + case KEY_ECDSA: break; default: error("%s: unsupported key type", __func__); diff --git a/bufec.c b/bufec.c new file mode 100644 index 000000000..dff9c69c9 --- /dev/null +++ b/bufec.c @@ -0,0 +1,140 @@ +/* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* + * Copyright (c) 2010 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include + +#include +#include + +#include +#include + +#include "xmalloc.h" +#include "buffer.h" +#include "log.h" +#include "misc.h" + +/* + * Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed + * encoding represents this as two bitstring points that should each + * be no longer than the field length, SEC1 specifies a 1 byte + * point type header. + * Being paranoid here may insulate us to parsing problems in + * EC_POINT_oct2point. + */ +#define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1) + +/* + * Append an EC_POINT to the buffer as a string containing a SEC1 encoded + * uncompressed point. Fortunately OpenSSL handles the gory details for us. + */ +int +buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, + const EC_POINT *point) +{ + u_char *buf = NULL; + size_t len; + BN_CTX *bnctx; + int ret = -1; + + /* Determine length */ + if ((bnctx = BN_CTX_new()) == NULL) + fatal("%s: BN_CTX_new failed", __func__); + len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, bnctx); + if (len > BUFFER_MAX_ECPOINT_LEN) { + error("%s: giant EC point: len = %lu (max %u)", + __func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN); + goto out; + } + /* Convert */ + buf = xmalloc(len); + if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED, + buf, len, bnctx) != len) { + error("%s: EC_POINT_point2oct length mismatch", __func__); + goto out; + } + /* Append */ + buffer_put_string(buffer, buf, len); + ret = 0; + out: + if (buf != NULL) { + bzero(buf, len); + xfree(buf); + } + BN_CTX_free(bnctx); + return ret; +} + +void +buffer_put_ecpoint(Buffer *buffer, const EC_GROUP *curve, + const EC_POINT *point) +{ + if (buffer_put_ecpoint_ret(buffer, curve, point) == -1) + fatal("%s: buffer error", __func__); +} + +int +buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, + EC_POINT *point) +{ + u_char *buf; + u_int len; + BN_CTX *bnctx; + int ret = -1; + + if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) { + error("%s: invalid point", __func__); + return -1; + } + if ((bnctx = BN_CTX_new()) == NULL) + fatal("%s: BN_CTX_new failed", __func__); + if (len > BUFFER_MAX_ECPOINT_LEN) { + error("%s: EC_POINT too long: %u > max %u", __func__, + len, BUFFER_MAX_ECPOINT_LEN); + goto out; + } + if (len == 0) { + error("%s: EC_POINT buffer is empty", __func__); + goto out; + } + if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) { + error("%s: EC_POINT is in an incorrect form: " + "0x%02x (want 0x%02x)", __func__, buf[0], + POINT_CONVERSION_UNCOMPRESSED); + goto out; + } + if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) { + error("buffer_get_bignum2_ret: BN_bin2bn failed"); + goto out; + } + /* EC_POINT_oct2point verifies that the point is on the curve for us */ + ret = 0; + out: + BN_CTX_free(bnctx); + bzero(buf, len); + xfree(buf); + return ret; +} + +void +buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, + EC_POINT *point) +{ + if (buffer_get_ecpoint_ret(buffer, curve, point) == -1) + fatal("%s: buffer error", __func__); +} + diff --git a/buffer.h b/buffer.h index 93baae2c8..1fb3f1666 100644 --- a/buffer.h +++ b/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.20 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: buffer.h,v 1.21 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen @@ -86,4 +86,11 @@ char *buffer_get_cstring_ret(Buffer *, u_int *); void *buffer_get_string_ptr_ret(Buffer *, u_int *); int buffer_get_char_ret(char *, Buffer *); +#include + +int buffer_put_ecpoint_ret(Buffer *, const EC_GROUP *, const EC_POINT *); +void buffer_put_ecpoint(Buffer *, const EC_GROUP *, const EC_POINT *); +int buffer_get_ecpoint_ret(Buffer *, const EC_GROUP *, EC_POINT *); +void buffer_get_ecpoint(Buffer *, const EC_GROUP *, EC_POINT *); + #endif /* BUFFER_H */ diff --git a/dns.c b/dns.c index 2e7bb5aae..131cb3d8b 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.26 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.27 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -86,6 +86,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, case KEY_DSA: *algorithm = SSHFP_KEY_DSA; break; + /* XXX KEY_ECDSA */ default: *algorithm = SSHFP_KEY_RESERVED; /* 0 */ } diff --git a/kex.c b/kex.c index ca5aae3e4..abe9b9f5d 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.83 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -325,6 +325,10 @@ choose_kex(Kex *k, char *client, char *server) } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { k->kex_type = KEX_DH_GEX_SHA256; k->evp_md = evp_ssh_sha256(); + } else if (strncmp(k->name, KEX_ECDH_SHA256, + sizeof(KEX_ECDH_SHA256) - 1) == 0) { + k->kex_type = KEX_ECDH_SHA2; + k->evp_md = evp_ssh_sha256(); #endif } else fatal("bad kex alg %s", k->name); @@ -559,11 +563,11 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, memset(&md, 0, sizeof(md)); } -#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) +#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void dump_digest(char *msg, u_char *digest, int len) { - u_int i; + int i; fprintf(stderr, "%s\n", msg); for (i = 0; i < len; i++) { diff --git a/kex.h b/kex.h index 62fa2ea50..a183ffda2 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.49 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.50 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -29,6 +29,7 @@ #include #include #include +#include #define KEX_COOKIE_LEN 16 @@ -37,6 +38,8 @@ #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" #define KEX_RESUME "resume@appgate.com" +/* The following represents the family of ECDH methods */ +#define KEX_ECDH_SHA256 "ecdh-sha2-" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -67,6 +70,7 @@ enum kex_exchange { KEX_DH_GRP14_SHA1, KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, + KEX_ECDH_SHA2, KEX_MAX }; @@ -145,6 +149,8 @@ void kexdh_client(Kex *); void kexdh_server(Kex *); void kexgex_client(Kex *); void kexgex_server(Kex *); +void kexecdh_client(Kex *); +void kexecdh_server(Kex *); void kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, @@ -153,11 +159,17 @@ void kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); +void +kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, + char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, + const BIGNUM *, u_char **, u_int *); + +int kex_ecdh_name_to_nid(const char *); void derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); -#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) +#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void dump_digest(char *, u_char *, int); #endif diff --git a/kexecdh.c b/kexecdh.c new file mode 100644 index 000000000..a5a14f4bd --- /dev/null +++ b/kexecdh.c @@ -0,0 +1,108 @@ +/* $OpenBSD: kexecdh.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include + +#include +#include +#include +#include + +#include "buffer.h" +#include "ssh2.h" +#include "key.h" +#include "cipher.h" +#include "kex.h" +#include "log.h" + +int +kex_ecdh_name_to_nid(const char *kexname) +{ + int ret; + + if (strlen(kexname) < sizeof(KEX_ECDH_SHA256) - 1) + fatal("%s: kexname too short \"%s\"", __func__, kexname); + ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA256) - 1); + if (ret == -1) + fatal("%s: unsupported curve negotiated \"%s\"", __func__, + kexname); + return ret; +} + +void +kex_ecdh_hash( + const EVP_MD *evp_md, + const EC_GROUP *ec_group, + char *client_version_string, + char *server_version_string, + char *ckexinit, int ckexinitlen, + char *skexinit, int skexinitlen, + u_char *serverhostkeyblob, int sbloblen, + const EC_POINT *client_dh_pub, + const EC_POINT *server_dh_pub, + const BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) +{ + Buffer b; + EVP_MD_CTX md; + static u_char digest[EVP_MAX_MD_SIZE]; + + buffer_init(&b); + buffer_put_cstring(&b, client_version_string); + buffer_put_cstring(&b, server_version_string); + + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + buffer_put_int(&b, ckexinitlen+1); + buffer_put_char(&b, SSH2_MSG_KEXINIT); + buffer_append(&b, ckexinit, ckexinitlen); + buffer_put_int(&b, skexinitlen+1); + buffer_put_char(&b, SSH2_MSG_KEXINIT); + buffer_append(&b, skexinit, skexinitlen); + + buffer_put_string(&b, serverhostkeyblob, sbloblen); + buffer_put_ecpoint(&b, ec_group, client_dh_pub); + buffer_put_ecpoint(&b, ec_group, server_dh_pub); + buffer_put_bignum2(&b, shared_secret); + +#ifdef DEBUG_KEX + buffer_dump(&b); +#endif + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); + EVP_DigestFinal(&md, digest, NULL); + + buffer_free(&b); + +#ifdef DEBUG_KEX + dump_digest("hash", digest, EVP_MD_size(evp_md)); +#endif + *hash = digest; + *hashlen = EVP_MD_size(evp_md); +} + diff --git a/kexecdhc.c b/kexecdhc.c new file mode 100644 index 000000000..f6d9977c5 --- /dev/null +++ b/kexecdhc.c @@ -0,0 +1,156 @@ +/* $OpenBSD: kexecdhc.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include +#include + +#include + +#include "xmalloc.h" +#include "buffer.h" +#include "key.h" +#include "cipher.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" + +void +kexecdh_client(Kex *kex) +{ + EC_KEY *client_key; + EC_POINT *server_public; + const EC_GROUP *group; + BIGNUM *shared_secret; + Key *server_host_key; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char *kbuf, *hash; + u_int klen, slen, sbloblen, hashlen; + int curve_nid; + + curve_nid = kex_ecdh_name_to_nid(kex->name); + if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) + fatal("%s: EC_KEY_new_by_curve_name failed", __func__); + if (EC_KEY_generate_key(client_key) != 1) + fatal("%s: EC_KEY_generate_key failed", __func__); + group = EC_KEY_get0_group(client_key); + + packet_start(SSH2_MSG_KEX_ECDH_INIT); + packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key)); + packet_send(); + debug("sending SSH2_MSG_KEX_ECDH_INIT"); + +#ifdef DEBUG_KEXECDH + fputs("client private key:\n", stderr); + key_dump_ec_key(client_key); +#endif + + debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); + packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY); + + /* hostkey */ + server_host_key_blob = packet_get_string(&sbloblen); + server_host_key = key_from_blob(server_host_key_blob, sbloblen); + if (server_host_key == NULL) + fatal("cannot decode server_host_key_blob"); + if (server_host_key->type != kex->hostkey_type) + fatal("type mismatch for decoded server_host_key_blob"); + if (kex->verify_host_key == NULL) + fatal("cannot verify server_host_key"); + if (kex->verify_host_key(server_host_key) == -1) + fatal("server_host_key verification failed"); + + /* Q_S, server public key */ + if ((server_public = EC_POINT_new(group)) == NULL) + fatal("%s: EC_POINT_new failed", __func__); + packet_get_ecpoint(group, server_public); + + if (key_ec_validate_public(group, server_public) != 0) + fatal("%s: invalid server public key", __func__); + +#ifdef DEBUG_KEXECDH + fputs("server public key:\n", stderr); + key_dump_ec_point(group, server_public); +#endif + + /* signed H */ + signature = packet_get_string(&slen); + packet_check_eom(); + + klen = (EC_GROUP_get_degree(group) + 7) / 8; + kbuf = xmalloc(klen); + if (ECDH_compute_key(kbuf, klen, server_public, + client_key, NULL) != (int)klen) + fatal("%s: ECDH_compute_key failed", __func__); + +#ifdef DEBUG_KEXECDH + dump_digest("shared secret", kbuf, klen); +#endif + if ((shared_secret = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); + if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) + fatal("%s: BN_bin2bn failed", __func__); + memset(kbuf, 0, klen); + xfree(kbuf); + + /* calc and verify H */ + kex_ecdh_hash( + kex->evp_md, + group, + kex->client_version_string, + kex->server_version_string, + buffer_ptr(&kex->my), buffer_len(&kex->my), + buffer_ptr(&kex->peer), buffer_len(&kex->peer), + server_host_key_blob, sbloblen, + EC_KEY_get0_public_key(client_key), + server_public, + shared_secret, + &hash, &hashlen + ); + xfree(server_host_key_blob); + EC_POINT_clear_free(server_public); + EC_KEY_free(client_key); + + if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) + fatal("key_verify failed for server_host_key"); + key_free(server_host_key); + xfree(signature); + + /* save session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = xmalloc(kex->session_id_len); + memcpy(kex->session_id, hash, kex->session_id_len); + } + + kex_derive_keys(kex, hash, hashlen, shared_secret); + BN_clear_free(shared_secret); + kex_finish(kex); +} diff --git a/kexecdhs.c b/kexecdhs.c new file mode 100644 index 000000000..d73333893 --- /dev/null +++ b/kexecdhs.c @@ -0,0 +1,161 @@ +/* $OpenBSD: kexecdhs.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include + +#include + +#include "xmalloc.h" +#include "buffer.h" +#include "key.h" +#include "cipher.h" +#include "kex.h" +#include "log.h" +#include "packet.h" +#include "dh.h" +#include "ssh2.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif +#include "monitor_wrap.h" + +void +kexecdh_server(Kex *kex) +{ + EC_POINT *client_public; + EC_KEY *server_key; + const EC_GROUP *group; + BIGNUM *shared_secret; + Key *server_host_private, *server_host_public; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char *kbuf, *hash; + u_int klen, slen, sbloblen, hashlen; + int curve_nid; + + curve_nid = kex_ecdh_name_to_nid(kex->name); + if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) + fatal("%s: EC_KEY_new_by_curve_name failed", __func__); + if (EC_KEY_generate_key(server_key) != 1) + fatal("%s: EC_KEY_generate_key failed", __func__); + group = EC_KEY_get0_group(server_key); + +#ifdef DEBUG_KEXECDH + fputs("server private key:\n", stderr); + key_dump_ec_key(server_key); +#endif + + if (kex->load_host_public_key == NULL || + kex->load_host_private_key == NULL) + fatal("Cannot load hostkey"); + server_host_public = kex->load_host_public_key(kex->hostkey_type); + if (server_host_public == NULL) + fatal("Unsupported hostkey type %d", kex->hostkey_type); + server_host_private = kex->load_host_private_key(kex->hostkey_type); + if (server_host_private == NULL) + fatal("Missing private key for hostkey type %d", + kex->hostkey_type); + + debug("expecting SSH2_MSG_KEX_ECDH_INIT"); + packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); + if ((client_public = EC_POINT_new(group)) == NULL) + fatal("%s: EC_POINT_new failed", __func__); + packet_get_ecpoint(group, client_public); + packet_check_eom(); + + if (key_ec_validate_public(group, client_public) != 0) + fatal("%s: invalid client public key", __func__); + +#ifdef DEBUG_KEXECDH + fputs("client public key:\n", stderr); + key_dump_ec_point(group, client_public); +#endif + + /* Calculate shared_secret */ + klen = (EC_GROUP_get_degree(group) + 7) / 8; + kbuf = xmalloc(klen); + if (ECDH_compute_key(kbuf, klen, client_public, + server_key, NULL) != (int)klen) + fatal("%s: ECDH_compute_key failed", __func__); + +#ifdef DEBUG_KEXDH + dump_digest("shared secret", kbuf, klen); +#endif + if ((shared_secret = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); + if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) + fatal("%s: BN_bin2bn failed", __func__); + memset(kbuf, 0, klen); + xfree(kbuf); + + /* calc H */ + key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); + kex_ecdh_hash( + kex->evp_md, + group, + kex->client_version_string, + kex->server_version_string, + buffer_ptr(&kex->peer), buffer_len(&kex->peer), + buffer_ptr(&kex->my), buffer_len(&kex->my), + server_host_key_blob, sbloblen, + client_public, + EC_KEY_get0_public_key(server_key), + shared_secret, + &hash, &hashlen + ); + EC_POINT_clear_free(client_public); + + /* save session id := H */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = xmalloc(kex->session_id_len); + memcpy(kex->session_id, hash, kex->session_id_len); + } + + /* sign H */ + if (PRIVSEP(key_sign(server_host_private, &signature, &slen, + hash, hashlen)) < 0) + fatal("kexdh_server: key_sign failed"); + + /* destroy_sensitive_data(); */ + + /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ + packet_start(SSH2_MSG_KEX_ECDH_REPLY); + packet_put_string(server_host_key_blob, sbloblen); + packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key)); + packet_put_string(signature, slen); + packet_send(); + + xfree(signature); + xfree(server_host_key_blob); + /* have keys, free server key */ + EC_KEY_free(server_key); + + kex_derive_keys(kex, hash, hashlen, shared_secret); + BN_clear_free(shared_secret); + kex_finish(kex); +} diff --git a/key.c b/key.c index aed4678cb..842280a9f 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.91 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: key.c,v 1.92 2010/08/31 11:54:45 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,6 +78,8 @@ key_new(int type) DSA *dsa; k = xcalloc(1, sizeof(*k)); k->type = type; + k->ecdsa = NULL; + k->ecdsa_nid = -1; k->dsa = NULL; k->rsa = NULL; k->cert = NULL; @@ -109,6 +111,10 @@ key_new(int type) fatal("key_new: BN_new failed"); k->dsa = dsa; break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + /* Cannot do anything until we know the group */ + break; case KEY_UNSPEC: break; default: @@ -149,6 +155,10 @@ key_add_private(Key *k) if ((k->dsa->priv_key = BN_new()) == NULL) fatal("key_new_private: BN_new failed"); break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + /* Cannot do anything until we know the group */ + break; case KEY_UNSPEC: break; default: @@ -204,6 +214,12 @@ key_free(Key *k) DSA_free(k->dsa); k->dsa = NULL; break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if (k->ecdsa != NULL) + EC_KEY_free(k->ecdsa); + k->ecdsa = NULL; + break; case KEY_UNSPEC: break; default: @@ -241,6 +257,8 @@ cert_compare(struct KeyCert *a, struct KeyCert *b) int key_equal_public(const Key *a, const Key *b) { + BN_CTX *bnctx; + if (a == NULL || b == NULL || key_type_plain(a->type) != key_type_plain(b->type)) return 0; @@ -261,6 +279,24 @@ key_equal_public(const Key *a, const Key *b) BN_cmp(a->dsa->q, b->dsa->q) == 0 && BN_cmp(a->dsa->g, b->dsa->g) == 0 && BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; + case KEY_ECDSA_CERT: + case KEY_ECDSA: + if (a->ecdsa == NULL || b->ecdsa == NULL || + EC_KEY_get0_public_key(a->ecdsa) == NULL || + EC_KEY_get0_public_key(b->ecdsa) == NULL) + return 0; + if ((bnctx = BN_CTX_new()) == NULL) + fatal("%s: BN_CTX_new failed", __func__); + if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa), + EC_KEY_get0_group(b->ecdsa), bnctx) != 0 || + EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa), + EC_KEY_get0_public_key(a->ecdsa), + EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) { + BN_CTX_free(bnctx); + return 0; + } + BN_CTX_free(bnctx); + return 1; default: fatal("key_equal: bad key type %d", a->type); } @@ -312,12 +348,14 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) BN_bn2bin(k->rsa->e, blob + nlen); break; case KEY_DSA: + case KEY_ECDSA: case KEY_RSA: key_to_blob(k, &blob, &len); break; case KEY_DSA_CERT_V00: case KEY_RSA_CERT_V00: case KEY_DSA_CERT: + case KEY_ECDSA_CERT: case KEY_RSA_CERT: /* We want a fingerprint of the _key_ not of the cert */ otype = k->type; @@ -612,7 +650,7 @@ key_read(Key *ret, char **cpp) Key *k; int success = -1; char *cp, *space; - int len, n, type; + int len, n, type, curve_nid = -1; u_int bits; u_char *blob; @@ -644,9 +682,11 @@ key_read(Key *ret, char **cpp) case KEY_UNSPEC: case KEY_RSA: case KEY_DSA: + case KEY_ECDSA: case KEY_DSA_CERT_V00: case KEY_RSA_CERT_V00: case KEY_DSA_CERT: + case KEY_ECDSA_CERT: case KEY_RSA_CERT: space = strchr(cp, ' '); if (space == NULL) { @@ -655,6 +695,11 @@ key_read(Key *ret, char **cpp) } *space = '\0'; type = key_type_from_name(cp); + if (key_type_plain(type) == KEY_ECDSA && + (curve_nid = key_ecdsa_nid_from_name(cp)) == -1) { + debug("key_read: invalid curve"); + return -1; + } *space = ' '; if (type == KEY_UNSPEC) { debug3("key_read: missing keytype"); @@ -691,6 +736,12 @@ key_read(Key *ret, char **cpp) key_free(k); return -1; } + if (key_type_plain(type) == KEY_ECDSA && + curve_nid != k->ecdsa_nid) { + error("key_read: type mismatch: EC curve mismatch"); + key_free(k); + return -1; + } /*XXXX*/ if (key_is_cert(ret)) { if (!key_is_cert(k)) { @@ -719,6 +770,17 @@ key_read(Key *ret, char **cpp) k->dsa = NULL; #ifdef DEBUG_PK DSA_print_fp(stderr, ret->dsa, 8); +#endif + } + if (key_type_plain(ret->type) == KEY_ECDSA) { + if (ret->ecdsa != NULL) + EC_KEY_free(ret->ecdsa); + ret->ecdsa = k->ecdsa; + ret->ecdsa_nid = k->ecdsa_nid; + k->ecdsa = NULL; + k->ecdsa_nid = -1; +#ifdef DEBUG_PK + key_dump_ec_key(ret->ecdsa); #endif } success = 1; @@ -777,6 +839,11 @@ key_write(const Key *key, FILE *f) if (key->dsa == NULL) return 0; break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if (key->ecdsa == NULL) + return 0; + break; case KEY_RSA: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: @@ -810,6 +877,8 @@ key_type(const Key *k) return "RSA"; case KEY_DSA: return "DSA"; + case KEY_ECDSA: + return "ECDSA"; case KEY_RSA_CERT_V00: return "RSA-CERT-V00"; case KEY_DSA_CERT_V00: @@ -818,6 +887,8 @@ key_type(const Key *k) return "RSA-CERT"; case KEY_DSA_CERT: return "DSA-CERT"; + case KEY_ECDSA_CERT: + return "ECDSA-CERT"; } return "unknown"; } @@ -835,10 +906,10 @@ key_cert_type(const Key *k) } } -const char * -key_ssh_name(const Key *k) +static const char * +key_ssh_name_from_type_nid(int type, int nid) { - switch (k->type) { + switch (type) { case KEY_RSA: return "ssh-rsa"; case KEY_DSA: @@ -851,10 +922,47 @@ key_ssh_name(const Key *k) return "ssh-rsa-cert-v01@openssh.com"; case KEY_DSA_CERT: return "ssh-dss-cert-v01@openssh.com"; + case KEY_ECDSA: + switch (nid) { + case NID_X9_62_prime256v1: + return "ecdsa-sha2-nistp256"; + case NID_secp384r1: + return "ecdsa-sha2-nistp384"; + case NID_secp521r1: + return "ecdsa-sha2-nistp521"; + default: + break; + } + break; + case KEY_ECDSA_CERT: + switch (nid) { + case NID_X9_62_prime256v1: + return "ecdsa-sha2-nistp256-cert-v01@openssh.com"; + case NID_secp384r1: + return "ecdsa-sha2-nistp384-cert-v01@openssh.com"; + case NID_secp521r1: + return "ecdsa-sha2-nistp521-cert-v01@openssh.com"; + default: + break; + } + break; } return "ssh-unknown"; } +const char * +key_ssh_name(const Key *k) +{ + return key_ssh_name_from_type_nid(k->type, k->ecdsa_nid); +} + +const char * +key_ssh_name_plain(const Key *k) +{ + return key_ssh_name_from_type_nid(key_type_plain(k->type), + k->ecdsa_nid); +} + u_int key_size(const Key *k) { @@ -868,6 +976,19 @@ key_size(const Key *k) case KEY_DSA_CERT_V00: case KEY_DSA_CERT: return BN_num_bits(k->dsa->p); + case KEY_ECDSA: + case KEY_ECDSA_CERT: + switch (k->ecdsa_nid) { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; + case NID_secp521r1: + return 521; + default: + break; + } + break; } return 0; } @@ -897,6 +1018,69 @@ dsa_generate_private_key(u_int bits) return private; } +int +key_ecdsa_bits_to_nid(int bits) +{ + switch (bits) { + case 256: + return NID_X9_62_prime256v1; + case 384: + return NID_secp384r1; + case 521: + return NID_secp521r1; + default: + return -1; + } +} + +/* + * This is horrid, but OpenSSL's PEM_read_PrivateKey seems not to restore + * the EC_GROUP nid when loading a key... + */ +int +key_ecdsa_group_to_nid(const EC_GROUP *g) +{ + EC_GROUP *eg; + int nids[] = { + NID_X9_62_prime256v1, + NID_secp384r1, + NID_secp521r1, + -1 + }; + u_int i; + BN_CTX *bnctx; + + if ((bnctx = BN_CTX_new()) == NULL) + fatal("%s: BN_CTX_new() failed", __func__); + for (i = 0; nids[i] != -1; i++) { + if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) + fatal("%s: EC_GROUP_new_by_curve_name failed", + __func__); + if (EC_GROUP_cmp(g, eg, bnctx) == 0) { + EC_GROUP_free(eg); + break; + } + EC_GROUP_free(eg); + } + BN_CTX_free(bnctx); + debug3("%s: nid = %d", __func__, nids[i]); + return nids[i]; +} + +static EC_KEY* +ecdsa_generate_private_key(u_int bits, int *nid) +{ + EC_KEY *private; + + if ((*nid = key_ecdsa_bits_to_nid(bits)) == -1) + fatal("%s: invalid key length", __func__); + if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) + fatal("%s: EC_KEY_new_by_curve_name failed", __func__); + if (EC_KEY_generate_key(private) != 1) + fatal("%s: EC_KEY_generate_key failed", __func__); + return private; +} + Key * key_generate(int type, u_int bits) { @@ -905,6 +1089,9 @@ key_generate(int type, u_int bits) case KEY_DSA: k->dsa = dsa_generate_private_key(bits); break; + case KEY_ECDSA: + k->ecdsa = ecdsa_generate_private_key(bits, &k->ecdsa_nid); + break; case KEY_RSA: case KEY_RSA1: k->rsa = rsa_generate_private_key(bits); @@ -981,6 +1168,16 @@ key_from_private(const Key *k) (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) fatal("key_from_private: BN_copy failed"); break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + n = key_new(k->type); + n->ecdsa_nid = k->ecdsa_nid; + if ((n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid)) == NULL) + fatal("%s: EC_KEY_new_by_curve_name failed", __func__); + if (EC_KEY_set_public_key(n->ecdsa, + EC_KEY_get0_public_key(k->ecdsa)) != 1) + fatal("%s: EC_KEY_set_public_key failed", __func__); + break; case KEY_RSA: case KEY_RSA1: case KEY_RSA_CERT_V00: @@ -1012,6 +1209,11 @@ key_type_from_name(char *name) return KEY_RSA; } else if (strcmp(name, "ssh-dss") == 0) { return KEY_DSA; + } else if (strcmp(name, "ecdsa") == 0 || + strcmp(name, "ecdsa-sha2-nistp256") == 0 || + strcmp(name, "ecdsa-sha2-nistp384") == 0 || + strcmp(name, "ecdsa-sha2-nistp521") == 0) { + return KEY_ECDSA; } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { return KEY_RSA_CERT_V00; } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { @@ -1020,11 +1222,32 @@ key_type_from_name(char *name) return KEY_RSA_CERT; } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { return KEY_DSA_CERT; - } + } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 || + strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 || + strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) + return KEY_ECDSA_CERT; + debug2("key_type_from_name: unknown key type '%s'", name); return KEY_UNSPEC; } +int +key_ecdsa_nid_from_name(const char *name) +{ + if (strcmp(name, "ecdsa-sha2-nistp256") == 0 || + strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0) + return NID_X9_62_prime256v1; + if (strcmp(name, "ecdsa-sha2-nistp384") == 0 || + strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0) + return NID_secp384r1; + if (strcmp(name, "ecdsa-sha2-nistp521") == 0 || + strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) + return NID_secp521r1; + + debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); + return -1; +} + int key_names_valid2(const char *names) { @@ -1146,7 +1369,8 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) goto out; } if (key->cert->signature_key->type != KEY_RSA && - key->cert->signature_key->type != KEY_DSA) { + key->cert->signature_key->type != KEY_DSA && + key->cert->signature_key->type != KEY_ECDSA) { error("%s: Invalid signature key type %s (%d)", __func__, key_type(key->cert->signature_key), key->cert->signature_key->type); @@ -1186,9 +1410,10 @@ Key * key_from_blob(const u_char *blob, u_int blen) { Buffer b; - int rlen, type; - char *ktype = NULL; + int rlen, type, nid = -1; + char *ktype = NULL, *curve = NULL; Key *key = NULL; + EC_POINT *q = NULL; #ifdef DEBUG_PK dump_base64(stderr, blob, blen); @@ -1201,6 +1426,8 @@ key_from_blob(const u_char *blob, u_int blen) } type = key_type_from_name(ktype); + if (key_type_plain(type) == KEY_ECDSA) + nid = key_ecdsa_nid_from_name(ktype); switch (type) { case KEY_RSA_CERT: @@ -1236,6 +1463,41 @@ key_from_blob(const u_char *blob, u_int blen) } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); +#endif + break; + case KEY_ECDSA_CERT: + (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ + /* FALLTHROUGH */ + case KEY_ECDSA: + key = key_new(type); + key->ecdsa_nid = nid; + if ((curve = buffer_get_string_ret(&b, NULL)) == NULL) { + error("key_from_blob: can't read ecdsa curve"); + goto badkey; + } + if (key->ecdsa_nid != key_curve_name_to_nid(curve)) { + error("key_from_blob: ecdsa curve doesn't match type"); + goto badkey; + } + if (key->ecdsa != NULL) + EC_KEY_free(key->ecdsa); + if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) + == NULL) + fatal("key_from_blob: EC_KEY_new_by_curve_name failed"); + if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL) + fatal("key_from_blob: EC_POINT_new failed"); + if (buffer_get_ecpoint_ret(&b, EC_KEY_get0_group(key->ecdsa), + q) == -1) { + error("key_from_blob: can't read ecdsa key point"); + goto badkey; + } + if (key_ec_validate_public(EC_KEY_get0_group(key->ecdsa), + q) != 0) + goto badkey; + if (EC_KEY_set_public_key(key->ecdsa, q) != 1) + fatal("key_from_blob: EC_KEY_set_public_key failed"); +#ifdef DEBUG_PK + key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); #endif break; case KEY_UNSPEC: @@ -1255,6 +1517,10 @@ key_from_blob(const u_char *blob, u_int blen) out: if (ktype != NULL) xfree(ktype); + if (curve != NULL) + xfree(curve); + if (q != NULL) + EC_POINT_free(q); buffer_free(&b); return key; } @@ -1274,6 +1540,7 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) case KEY_DSA_CERT_V00: case KEY_RSA_CERT_V00: case KEY_DSA_CERT: + case KEY_ECDSA_CERT: case KEY_RSA_CERT: /* Use the existing blob */ buffer_append(&b, buffer_ptr(&key->cert->certblob), @@ -1286,6 +1553,12 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) buffer_put_bignum2(&b, key->dsa->g); buffer_put_bignum2(&b, key->dsa->pub_key); break; + case KEY_ECDSA: + buffer_put_cstring(&b, key_ssh_name(key)); + buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid)); + buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa), + EC_KEY_get0_public_key(key->ecdsa)); + break; case KEY_RSA: buffer_put_cstring(&b, key_ssh_name(key)); buffer_put_bignum2(&b, key->rsa->e); @@ -1319,6 +1592,9 @@ key_sign( case KEY_DSA_CERT: case KEY_DSA: return ssh_dss_sign(key, sigp, lenp, data, datalen); + case KEY_ECDSA_CERT: + case KEY_ECDSA: + return ssh_ecdsa_sign(key, sigp, lenp, data, datalen); case KEY_RSA_CERT_V00: case KEY_RSA_CERT: case KEY_RSA: @@ -1347,6 +1623,9 @@ key_verify( case KEY_DSA_CERT: case KEY_DSA: return ssh_dss_verify(key, signature, signaturelen, data, datalen); + case KEY_ECDSA_CERT: + case KEY_ECDSA: + return ssh_ecdsa_verify(key, signature, signaturelen, data, datalen); case KEY_RSA_CERT_V00: case KEY_RSA_CERT: case KEY_RSA: @@ -1366,7 +1645,9 @@ key_demote(const Key *k) pk = xcalloc(1, sizeof(*pk)); pk->type = k->type; pk->flags = k->flags; + pk->ecdsa_nid = k->ecdsa_nid; pk->dsa = NULL; + pk->ecdsa = NULL; pk->rsa = NULL; switch (k->type) { @@ -1399,6 +1680,16 @@ key_demote(const Key *k) if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) fatal("key_demote: BN_dup failed"); break; + case KEY_ECDSA_CERT: + key_cert_copy(k, pk); + /* FALLTHROUGH */ + case KEY_ECDSA: + if ((pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid)) == NULL) + fatal("key_demote: EC_KEY_new_by_curve_name failed"); + if (EC_KEY_set_public_key(pk->ecdsa, + EC_KEY_get0_public_key(k->ecdsa)) != 1) + fatal("key_demote: EC_KEY_set_public_key failed"); + break; default: fatal("key_free: bad key type %d", k->type); break; @@ -1417,6 +1708,7 @@ key_is_cert(const Key *k) case KEY_DSA_CERT_V00: case KEY_RSA_CERT: case KEY_DSA_CERT: + case KEY_ECDSA_CERT: return 1; default: return 0; @@ -1434,6 +1726,8 @@ key_type_plain(int type) case KEY_DSA_CERT_V00: case KEY_DSA_CERT: return KEY_DSA; + case KEY_ECDSA_CERT: + return KEY_ECDSA; default: return type; } @@ -1452,6 +1746,10 @@ key_to_certified(Key *k, int legacy) k->cert = cert_new(); k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT; return 0; + case KEY_ECDSA: + k->cert = cert_new(); + k->type = KEY_ECDSA_CERT; + return 0; default: error("%s: key has incorrect type %s", __func__, key_type(k)); return -1; @@ -1473,13 +1771,20 @@ key_drop_cert(Key *k) cert_free(k->cert); k->type = KEY_DSA; return 0; + case KEY_ECDSA_CERT: + cert_free(k->cert); + k->type = KEY_ECDSA; + return 0; default: error("%s: key has incorrect type %s", __func__, key_type(k)); return -1; } } -/* Sign a KEY_RSA_CERT or KEY_DSA_CERT, (re-)generating the signed certblob */ +/* + * Sign a KEY_RSA_CERT, KEY_DSA_CERT or KEY_ECDSA_CERT, (re-)generating + * the signed certblob + */ int key_certify(Key *k, Key *ca) { @@ -1498,7 +1803,8 @@ key_certify(Key *k, Key *ca) return -1; } - if (ca->type != KEY_RSA && ca->type != KEY_DSA) { + if (ca->type != KEY_RSA && ca->type != KEY_DSA && + ca->type != KEY_ECDSA) { error("%s: CA key has unsupported type %s", __func__, key_type(ca)); return -1; @@ -1510,7 +1816,7 @@ key_certify(Key *k, Key *ca) buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); /* -v01 certs put nonce first */ - if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) { + if (!key_cert_is_legacy(k)) { arc4random_buf(&nonce, sizeof(nonce)); buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); } @@ -1523,6 +1829,13 @@ key_certify(Key *k, Key *ca) buffer_put_bignum2(&k->cert->certblob, k->dsa->g); buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key); break; + case KEY_ECDSA_CERT: + buffer_put_cstring(&k->cert->certblob, + key_curve_nid_to_name(k->ecdsa_nid)); + buffer_put_ecpoint(&k->cert->certblob, + EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa)); + break; case KEY_RSA_CERT_V00: case KEY_RSA_CERT: buffer_put_bignum2(&k->cert->certblob, k->rsa->e); @@ -1536,7 +1849,7 @@ key_certify(Key *k, Key *ca) } /* -v01 certs have a serial number next */ - if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) + if (!key_cert_is_legacy(k)) buffer_put_int64(&k->cert->certblob, k->cert->serial); buffer_put_int(&k->cert->certblob, k->cert->type); @@ -1555,14 +1868,14 @@ key_certify(Key *k, Key *ca) buffer_ptr(&k->cert->critical), buffer_len(&k->cert->critical)); /* -v01 certs have non-critical options here */ - if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) { + if (!key_cert_is_legacy(k)) { buffer_put_string(&k->cert->certblob, buffer_ptr(&k->cert->extensions), buffer_len(&k->cert->extensions)); } /* -v00 certs put the nonce at the end */ - if (k->type == KEY_DSA_CERT_V00 || k->type == KEY_RSA_CERT_V00) + if (key_cert_is_legacy(k)) buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ @@ -1647,3 +1960,201 @@ key_cert_is_legacy(Key *k) return 0; } } + +int +key_curve_name_to_nid(const char *name) +{ + if (strcmp(name, "nistp256") == 0) + return NID_X9_62_prime256v1; + else if (strcmp(name, "nistp384") == 0) + return NID_secp384r1; + else if (strcmp(name, "nistp521") == 0) + return NID_secp521r1; + + debug("%s: unsupported EC curve name \"%.100s\"", __func__, name); + return -1; +} + +const char * +key_curve_nid_to_name(int nid) +{ + if (nid == NID_X9_62_prime256v1) + return "nistp256"; + else if (nid == NID_secp384r1) + return "nistp384"; + else if (nid == NID_secp521r1) + return "nistp521"; + + error("%s: unsupported EC curve nid %d", __func__, nid); + return NULL; +} + +int +key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) +{ + BN_CTX *bnctx; + EC_POINT *nq = NULL; + BIGNUM *order, *x, *y, *tmp; + int ret = -1; + + if ((bnctx = BN_CTX_new()) == NULL) + fatal("%s: BN_CTX_new failed", __func__); + BN_CTX_start(bnctx); + + /* + * We shouldn't ever hit this case because bignum_get_ecpoint() + * refuses to load GF2m points. + */ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_prime_field) { + error("%s: group is not a prime field", __func__); + goto out; + } + + /* Q != infinity */ + if (EC_POINT_is_at_infinity(group, public)) { + error("%s: received degenerate public key (infinity)", + __func__); + goto out; + } + + if ((x = BN_CTX_get(bnctx)) == NULL || + (y = BN_CTX_get(bnctx)) == NULL || + (order = BN_CTX_get(bnctx)) == NULL || + (tmp = BN_CTX_get(bnctx)) == NULL) + fatal("%s: BN_CTX_get failed", __func__); + + /* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */ + if (EC_GROUP_get_order(group, order, bnctx) != 1) + fatal("%s: EC_GROUP_get_order failed", __func__); + if (EC_POINT_get_affine_coordinates_GFp(group, public, + x, y, bnctx) != 1) + fatal("%s: EC_POINT_get_affine_coordinates_GFp", __func__); + if (BN_num_bits(x) <= BN_num_bits(order) / 2) { + error("%s: public key x coordinate too small: " + "bits(x) = %d, bits(order)/2 = %d", __func__, + BN_num_bits(x), BN_num_bits(order) / 2); + goto out; + } + if (BN_num_bits(y) <= BN_num_bits(order) / 2) { + error("%s: public key y coordinate too small: " + "bits(y) = %d, bits(order)/2 = %d", __func__, + BN_num_bits(x), BN_num_bits(order) / 2); + goto out; + } + + /* nQ == infinity (n == order of subgroup) */ + if ((nq = EC_POINT_new(group)) == NULL) + fatal("%s: BN_CTX_tmp failed", __func__); + if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1) + fatal("%s: EC_GROUP_mul failed", __func__); + if (EC_POINT_is_at_infinity(group, nq) != 1) { + error("%s: received degenerate public key (nQ != infinity)", + __func__); + goto out; + } + + /* x < order - 1, y < order - 1 */ + if (!BN_sub(tmp, order, BN_value_one())) + fatal("%s: BN_sub failed", __func__); + if (BN_cmp(x, tmp) >= 0) { + error("%s: public key x coordinate >= group order - 1", + __func__); + goto out; + } + if (BN_cmp(y, tmp) >= 0) { + error("%s: public key y coordinate >= group order - 1", + __func__); + goto out; + } + ret = 0; + out: + BN_CTX_free(bnctx); + EC_POINT_free(nq); + return ret; +} + +int +key_ec_validate_private(const EC_KEY *key) +{ + BN_CTX *bnctx; + BIGNUM *order, *tmp; + int ret = -1; + + if ((bnctx = BN_CTX_new()) == NULL) + fatal("%s: BN_CTX_new failed", __func__); + BN_CTX_start(bnctx); + + if ((order = BN_CTX_get(bnctx)) == NULL || + (tmp = BN_CTX_get(bnctx)) == NULL) + fatal("%s: BN_CTX_get failed", __func__); + + /* log2(private) > log2(order)/2 */ + if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1) + fatal("%s: EC_GROUP_get_order failed", __func__); + if (BN_num_bits(EC_KEY_get0_private_key(key)) <= + BN_num_bits(order) / 2) { + error("%s: private key too small: " + "bits(y) = %d, bits(order)/2 = %d", __func__, + BN_num_bits(EC_KEY_get0_private_key(key)), + BN_num_bits(order) / 2); + goto out; + } + + /* private < order - 1 */ + if (!BN_sub(tmp, order, BN_value_one())) + fatal("%s: BN_sub failed", __func__); + if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) { + error("%s: private key >= group order - 1", __func__); + goto out; + } + ret = 0; + out: + BN_CTX_free(bnctx); + return ret; +} + +#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) +void +key_dump_ec_point(const EC_GROUP *group, const EC_POINT *point) +{ + BIGNUM *x, *y; + BN_CTX *bnctx; + + if (point == NULL) { + fputs("point=(NULL)\n", stderr); + return; + } + if ((bnctx = BN_CTX_new()) == NULL) + fatal("%s: BN_CTX_new failed", __func__); + BN_CTX_start(bnctx); + if ((x = BN_CTX_get(bnctx)) == NULL || (y = BN_CTX_get(bnctx)) == NULL) + fatal("%s: BN_CTX_get failed", __func__); + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_prime_field) + fatal("%s: group is not a prime field", __func__); + if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, bnctx) != 1) + fatal("%s: EC_POINT_get_affine_coordinates_GFp", __func__); + fputs("x=", stderr); + BN_print_fp(stderr, x); + fputs("\ny=", stderr); + BN_print_fp(stderr, y); + fputs("\n", stderr); + BN_CTX_free(bnctx); +} + +void +key_dump_ec_key(const EC_KEY *key) +{ + const BIGNUM *exponent; + + key_dump_ec_point(EC_KEY_get0_group(key), EC_KEY_get0_public_key(key)); + fputs("exponent=", stderr); + if ((exponent = EC_KEY_get0_private_key(key)) == NULL) + fputs("(NULL)", stderr); + else + BN_print_fp(stderr, EC_KEY_get0_private_key(key)); + fputs("\n", stderr); +} +#endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ + diff --git a/key.h b/key.h index 11d30eae6..2eb124364 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.30 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: key.h,v 1.31 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -29,14 +29,17 @@ #include "buffer.h" #include #include +#include typedef struct Key Key; enum types { KEY_RSA1, KEY_RSA, KEY_DSA, + KEY_ECDSA, KEY_RSA_CERT, KEY_DSA_CERT, + KEY_ECDSA_CERT, KEY_RSA_CERT_V00, KEY_DSA_CERT_V00, KEY_UNSPEC @@ -73,6 +76,8 @@ struct Key { int flags; RSA *rsa; DSA *dsa; + int ecdsa_nid; /* NID of curve */ + EC_KEY *ecdsa; struct KeyCert *cert; }; @@ -104,9 +109,18 @@ int key_cert_check_authority(const Key *, int, int, const char *, const char **); int key_cert_is_legacy(Key *); +int key_ecdsa_nid_from_name(const char *); +int key_curve_name_to_nid(const char *); +const char * key_curve_nid_to_name(int); +int key_ecdsa_bits_to_nid(int); +int key_ecdsa_group_to_nid(const EC_GROUP *); +int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); +int key_ec_validate_private(const EC_KEY *); + Key *key_from_blob(const u_char *, u_int); int key_to_blob(const Key *, u_char **, u_int *); const char *key_ssh_name(const Key *); +const char *key_ssh_name_plain(const Key *); int key_names_valid2(const char *); int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); @@ -114,7 +128,14 @@ int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); +int ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); +#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) +void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); +void key_dump_ec_key(const EC_KEY *); +#endif + #endif diff --git a/monitor.c b/monitor.c index 9eb4e35c9..32395ee44 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.108 2010/07/13 23:13:16 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.109 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1691,6 +1691,7 @@ mm_get_kex(Buffer *m) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; + kex->kex[KEX_ECDH_SHA2] = kexecdh_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m); diff --git a/monitor_wrap.c b/monitor_wrap.c index faeb02cfa..1a5dda561 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.69 2010/03/07 11:57:13 dtucker Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.70 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -73,6 +73,7 @@ #include "misc.h" #include "schnorr.h" #include "jpake.h" +#include "uuencode.h" #include "channels.h" #include "session.h" diff --git a/myproposal.h b/myproposal.h index 7bedfab0a..71f90ee5e 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.25 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.26 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -32,20 +32,38 @@ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" + +#define KEX_DEFAULT_PK_ALG \ + "ssh-rsa-cert-v01@openssh.com," \ + "ssh-dss-cert-v01@openssh.com," \ + "ssh-rsa-cert-v00@openssh.com," \ + "ssh-dss-cert-v00@openssh.com," \ + "ssh-rsa," \ + "ssh-dss" #else # define KEX_DEFAULT_KEX \ + "ecdh-sha2-nistp521," \ + "ecdh-sha2-nistp256," \ + "ecdh-sha2-nistp384," \ "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" -#endif #define KEX_DEFAULT_PK_ALG \ - "ssh-rsa-cert-v01@openssh.com," \ - "ssh-dss-cert-v01@openssh.com," \ - "ssh-rsa-cert-v00@openssh.com," \ - "ssh-dss-cert-v00@openssh.com," \ - "ssh-rsa,ssh-dss" + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ + "ssh-rsa-cert-v01@openssh.com," \ + "ssh-dss-cert-v01@openssh.com," \ + "ssh-rsa-cert-v00@openssh.com," \ + "ssh-dss-cert-v00@openssh.com," \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," \ + "ecdsa-sha2-nistp521," \ + "ssh-rsa," \ + "ssh-dss" +#endif #define KEX_DEFAULT_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ diff --git a/packet.c b/packet.c index 49aa97335..a06c5e3ef 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.169 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.170 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -641,6 +641,12 @@ packet_put_bignum2(BIGNUM * value) buffer_put_bignum2(&active_state->outgoing_packet, value); } +void +packet_put_ecpoint(const EC_GROUP *curve, const EC_POINT *point) +{ + buffer_put_ecpoint(&active_state->outgoing_packet, curve, point); +} + /* * Finalizes and sends the packet. If the encryption key has been set, * encrypts the packet before sending. @@ -1511,6 +1517,12 @@ packet_get_bignum2(BIGNUM * value) buffer_get_bignum2(&active_state->incoming_packet, value); } +void +packet_get_ecpoint(const EC_GROUP *curve, EC_POINT *point) +{ + buffer_get_ecpoint(&active_state->incoming_packet, curve, point); +} + void * packet_get_raw(u_int *length_ptr) { diff --git a/packet.h b/packet.h index fd0b056fd..827561cdb 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.53 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.54 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen @@ -19,6 +19,7 @@ #include #include +#include void packet_set_connection(int, int); void packet_set_timeout(int, int); @@ -42,6 +43,7 @@ void packet_put_int(u_int value); void packet_put_int64(u_int64_t value); void packet_put_bignum(BIGNUM * value); void packet_put_bignum2(BIGNUM * value); +void packet_put_ecpoint(const EC_GROUP *, const EC_POINT *); void packet_put_string(const void *buf, u_int len); void packet_put_cstring(const char *str); void packet_put_raw(const void *buf, u_int len); @@ -59,6 +61,7 @@ u_int packet_get_int(void); u_int64_t packet_get_int64(void); void packet_get_bignum(BIGNUM * value); void packet_get_bignum2(BIGNUM * value); +void packet_get_ecpoint(const EC_GROUP *, EC_POINT *); void *packet_get_raw(u_int *length_ptr); void *packet_get_string(u_int *length_ptr); char *packet_get_cstring(u_int *length_ptr); diff --git a/pathnames.h b/pathnames.h index 9e50950fe..e2dd49a9b 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.19 2010/02/11 20:37:47 djm Exp $ */ +/* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,6 +38,7 @@ #define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" +#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" #define _PATH_DH_MODULI SSHDIR "/moduli" /* Backwards compatibility */ @@ -74,6 +75,7 @@ */ #define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity" #define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa" +#define _PATH_SSH_CLIENT_ID_ECDSA ".ssh/id_ecdsa" #define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" /* diff --git a/readconf.c b/readconf.c index 0296590e2..98ce3017f 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.187 2010/07/19 09:15:12 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.188 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1214,6 +1214,12 @@ fill_default_options(Options * options) xmalloc(len); snprintf(options->identity_files[options->num_identity_files++], len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); + + len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1; + options->identity_files[options->num_identity_files] = + xmalloc(len); + snprintf(options->identity_files[options->num_identity_files++], + len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA); } } if (options->escape_char == -1) diff --git a/ssh-add.1 b/ssh-add.1 index d7cc53101..3699db5eb 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.52 2010/03/05 10:28:21 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.53 2010/08/31 11:54:45 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -37,12 +37,12 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 5 2010 $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSH-ADD 1 .Os .Sh NAME .Nm ssh-add -.Nd adds RSA or DSA identities to the authentication agent +.Nd adds private key identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add .Op Fl cDdLlXx @@ -54,11 +54,12 @@ .Fl e Ar pkcs11 .Sh DESCRIPTION .Nm -adds RSA or DSA identities to the authentication agent, +adds private key identities to the authentication agent, .Xr ssh-agent 1 . When run without arguments, it adds the files .Pa ~/.ssh/id_rsa , -.Pa ~/.ssh/id_dsa +.Pa ~/.ssh/id_dsa , +.Pa ~/.ssh/id_ecdsa and .Pa ~/.ssh/identity . After loading a private key, @@ -165,6 +166,8 @@ socket used to communicate with the agent. Contains the protocol version 1 RSA authentication identity of the user. .It Pa ~/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. +.It Pa ~/.ssh/id_ecdsa +Contains the protocol version 2 ECDSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. .El diff --git a/ssh-add.c b/ssh-add.c index 7f8fb2c6d..31e618390 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.98 2010/08/16 04:06:06 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.99 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -70,6 +70,7 @@ extern char *__progname; static char *default_files[] = { _PATH_SSH_CLIENT_ID_RSA, _PATH_SSH_CLIENT_ID_DSA, + _PATH_SSH_CLIENT_ID_ECDSA, _PATH_SSH_CLIENT_IDENTITY, NULL }; diff --git a/ssh-agent.1 b/ssh-agent.1 index f65e8e625..88ad490bc 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.50 2010/01/17 21:49:09 tedu Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.51 2010/08/31 11:54:45 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 17 2010 $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -53,7 +53,7 @@ .Sh DESCRIPTION .Nm is a program to hold private keys used for public key authentication -(RSA, DSA). +(RSA, DSA, ECDSA). The idea is that .Nm is started in the beginning of an X-session or a login session, and @@ -114,7 +114,8 @@ When executed without arguments, .Xr ssh-add 1 adds the files .Pa ~/.ssh/id_rsa , -.Pa ~/.ssh/id_dsa +.Pa ~/.ssh/id_dsa , +.Pa ~/.ssh/id_ecdsa and .Pa ~/.ssh/identity . If the identity has a passphrase, @@ -187,6 +188,8 @@ line terminates. Contains the protocol version 1 RSA authentication identity of the user. .It Pa ~/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. +.It Pa ~/.ssh/id_ecdsa +Contains the protocol version 2 ECDSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. .It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt diff --git a/ssh-agent.c b/ssh-agent.c index e6725ea88..fbfd79c13 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.168 2010/08/16 04:06:06 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.169 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -466,8 +466,10 @@ process_add_identity(SocketEntry *e, int version) Idtab *tab = idtab_lookup(version); Identity *id; int type, success = 0, death = 0, confirm = 0; - char *type_name, *comment; + char *type_name, *comment, *curve; Key *k = NULL; + BIGNUM *exponent; + EC_POINT *q; u_char *cert; u_int len; @@ -490,7 +492,6 @@ process_add_identity(SocketEntry *e, int version) case 2: type_name = buffer_get_string(&e->request, NULL); type = key_type_from_name(type_name); - xfree(type_name); switch (type) { case KEY_DSA: k = key_new_private(type); @@ -509,6 +510,57 @@ process_add_identity(SocketEntry *e, int version) key_add_private(k); buffer_get_bignum2(&e->request, k->dsa->priv_key); break; + case KEY_ECDSA: + k = key_new_private(type); + k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); + curve = buffer_get_string(&e->request, NULL); + if (k->ecdsa_nid != key_curve_name_to_nid(curve)) + fatal("%s: curve names mismatch", __func__); + xfree(curve); + k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); + if (k->ecdsa == NULL) + fatal("%s: EC_KEY_new_by_curve_name failed", + __func__); + q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); + if (q == NULL) + fatal("%s: BN_new failed", __func__); + if ((exponent = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); + buffer_get_ecpoint(&e->request, + EC_KEY_get0_group(k->ecdsa), q); + buffer_get_bignum2(&e->request, exponent); + if (EC_KEY_set_public_key(k->ecdsa, q) != 1) + fatal("%s: EC_KEY_set_public_key failed", + __func__); + if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) + fatal("%s: EC_KEY_set_private_key failed", + __func__); + if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa)) != 0) + fatal("%s: bad ECDSA public key", __func__); + if (key_ec_validate_private(k->ecdsa) != 0) + fatal("%s: bad ECDSA private key", __func__); + BN_clear_free(exponent); + EC_POINT_free(q); + break; + case KEY_ECDSA_CERT: + cert = buffer_get_string(&e->request, &len); + if ((k = key_from_blob(cert, len)) == NULL) + fatal("Certificate parse failed"); + xfree(cert); + key_add_private(k); + if ((exponent = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); + buffer_get_bignum2(&e->request, exponent); + if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) + fatal("%s: EC_KEY_set_private_key failed", + __func__); + if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), + EC_KEY_get0_public_key(k->ecdsa)) != 0 || + key_ec_validate_private(k->ecdsa) != 0) + fatal("%s: bad ECDSA key", __func__); + BN_clear_free(exponent); + break; case KEY_RSA: k = key_new_private(type); buffer_get_bignum2(&e->request, k->rsa->n); @@ -534,9 +586,11 @@ process_add_identity(SocketEntry *e, int version) buffer_get_bignum2(&e->request, k->rsa->q); break; default: + xfree(type_name); buffer_clear(&e->request); goto send; } + xfree(type_name); break; } /* enable blinding */ diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c new file mode 100644 index 000000000..a1c1bdb60 --- /dev/null +++ b/ssh-ecdsa.c @@ -0,0 +1,160 @@ +/* $OpenBSD */ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include +#include +#include +#include + +#include + +#include "xmalloc.h" +#include "buffer.h" +#include "compat.h" +#include "log.h" +#include "key.h" + +int +ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) +{ + ECDSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha256(); + EVP_MD_CTX md; + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; + + if (key == NULL || key->ecdsa == NULL || + (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { + error("%s: no ECDSA key", __func__); + return -1; + } + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, data, datalen); + EVP_DigestFinal(&md, digest, &dlen); + + sig = ECDSA_do_sign(digest, dlen, key->ecdsa); + memset(digest, 'd', sizeof(digest)); + + if (sig == NULL) { + error("%s: sign failed", __func__); + return -1; + } + + buffer_init(&bb); + buffer_put_bignum2(&bb, sig->r); + buffer_put_bignum2(&bb, sig->s); + ECDSA_SIG_free(sig); + + buffer_init(&b); + buffer_put_cstring(&b, key_ssh_name_plain(key)); + buffer_put_string(&b, buffer_ptr(&bb), buffer_len(&bb)); + buffer_free(&bb); + len = buffer_len(&b); + if (lenp != NULL) + *lenp = len; + if (sigp != NULL) { + *sigp = xmalloc(len); + memcpy(*sigp, buffer_ptr(&b), len); + } + buffer_free(&b); + + return 0; +} +int +ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) +{ + ECDSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha256(); + EVP_MD_CTX md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b, bb; + + if (key == NULL || key->ecdsa == NULL || + (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { + error("%s: no ECDSA key", __func__); + return -1; + } + + /* fetch signature */ + char *ktype; + buffer_init(&b); + buffer_append(&b, signature, signaturelen); + ktype = buffer_get_string(&b, NULL); + if (strcmp(key_ssh_name_plain(key), ktype) != 0) { + error("%s: cannot handle type %s", __func__, ktype); + buffer_free(&b); + xfree(ktype); + return -1; + } + xfree(ktype); + sigblob = buffer_get_string(&b, &len); + rlen = buffer_len(&b); + buffer_free(&b); + if (rlen != 0) { + error("%s: remaining bytes in signature %d", __func__, rlen); + xfree(sigblob); + return -1; + } + + /* parse signature */ + if ((sig = ECDSA_SIG_new()) == NULL) + fatal("%s: ECDSA_SIG_new failed", __func__); + if ((sig->r = BN_new()) == NULL || + (sig->s = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); + + buffer_init(&bb); + buffer_append(&bb, sigblob, len); + buffer_get_bignum2(&bb, sig->r); + buffer_get_bignum2(&bb, sig->s); + if (buffer_len(&bb) != 0) + fatal("%s: remaining bytes in inner sigblob", __func__); + + /* clean up */ + memset(sigblob, 0, len); + xfree(sigblob); + + /* hash the data */ + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, data, datalen); + EVP_DigestFinal(&md, digest, &dlen); + + ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); + memset(digest, 'd', sizeof(digest)); + + ECDSA_SIG_free(sig); + + debug("%s: signature %s", __func__, + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + return ret; +} diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 9acd8f8c9..4b95a4e1c 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.99 2010/08/31 11:54:45 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 4 2010 $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -125,7 +125,7 @@ generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create RSA keys for use by SSH protocol version 1 and RSA or DSA +can create RSA keys for use by SSH protocol version 1 and RSA, DSA or ECDSA keys for use by SSH protocol version 2. The type of key to be generated is specified with the .Fl t @@ -142,9 +142,10 @@ See the section for details. .Pp Normally each user wishing to use SSH -with RSA or DSA authentication runs this once to create the authentication +with public key authentication runs this once to create the authentication key in .Pa ~/.ssh/identity , +.Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_dsa or .Pa ~/.ssh/id_rsa . diff --git a/ssh-keygen.c b/ssh-keygen.c index 93f598004..448585185 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.199 2010/08/16 04:06:06 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.200 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -57,6 +57,7 @@ /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ #define DEFAULT_BITS 2048 #define DEFAULT_BITS_DSA 1024 +#define DEFAULT_BITS_ECDSA 521 u_int32_t bits = 0; /* @@ -176,6 +177,10 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_DSA: name = _PATH_SSH_CLIENT_ID_DSA; break; + case KEY_ECDSA_CERT: + case KEY_ECDSA: + name = _PATH_SSH_CLIENT_ID_ECDSA; + break; case KEY_RSA_CERT: case KEY_RSA_CERT_V00: case KEY_RSA: @@ -260,6 +265,10 @@ do_convert_to_pkcs8(Key *k) if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) fatal("PEM_write_DSA_PUBKEY failed"); break; + case KEY_ECDSA: + if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) + fatal("PEM_write_EC_PUBKEY failed"); + break; default: fatal("%s: unsupported key type %s", __func__, key_type(k)); } @@ -280,6 +289,7 @@ do_convert_to_pem(Key *k) fatal("PEM_write_DSAPublicKey failed"); break; #endif + /* XXX ECDSA? */ default: fatal("%s: unsupported key type %s", __func__, key_type(k)); } @@ -539,6 +549,13 @@ do_convert_from_pkcs8(Key **k, int *private) (*k)->type = KEY_DSA; (*k)->dsa = EVP_PKEY_get1_DSA(pubkey); break; + case EVP_PKEY_EC: + *k = key_new(KEY_UNSPEC); + (*k)->type = KEY_ECDSA; + (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); + (*k)->ecdsa_nid = key_ecdsa_group_to_nid( + EC_KEY_get0_group((*k)->ecdsa)); + break; default: fatal("%s: unsupported pubkey type %d", __func__, EVP_PKEY_type(pubkey->type)); @@ -574,6 +591,7 @@ do_convert_from_pem(Key **k, int *private) fclose(fp); return; } + /* XXX ECDSA */ #endif fatal("%s: unrecognised raw private key format", __func__); } @@ -614,6 +632,10 @@ do_convert_from(struct passwd *pw) ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL); break; + case KEY_ECDSA: + ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL, + NULL, 0, NULL, NULL); + break; case KEY_RSA: ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL); @@ -1404,7 +1426,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) tmp = tilde_expand_filename(argv[i], pw->pw_uid); if ((public = key_load_public(tmp, &comment)) == NULL) fatal("%s: unable to open \"%s\"", __func__, tmp); - if (public->type != KEY_RSA && public->type != KEY_DSA) + if (public->type != KEY_RSA && public->type != KEY_DSA && + public->type != KEY_ECDSA) fatal("%s: key \"%s\" type %s cannot be certified", __func__, tmp, key_type(public)); @@ -2086,8 +2109,14 @@ main(int argc, char **argv) fprintf(stderr, "unknown key type %s\n", key_type_name); exit(1); } - if (bits == 0) - bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; + if (bits == 0) { + if (type == KEY_DSA) + bits = DEFAULT_BITS_DSA; + else if (type == KEY_ECDSA) + bits = DEFAULT_BITS_ECDSA; + else + bits = DEFAULT_BITS; + } maxbits = (type == KEY_DSA) ? OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; if (bits > maxbits) { @@ -2096,6 +2125,9 @@ main(int argc, char **argv) } if (type == KEY_DSA && bits != 1024) fatal("DSA keys must be 1024 bits"); + else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) + fatal("Invalid ECDSA key length - valid lengths are " + "256, 384 or 521 bits"); if (!quiet) printf("Generating public/private %s key pair.\n", key_type_name); private = key_generate(type, bits); diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 78255ff79..fe9bb6e07 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.29 2010/08/31 11:54:45 djm Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: January 9 2010 $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -88,9 +88,10 @@ Specifies the type of the key to fetch from the scanned hosts. The possible values are .Dq rsa1 for protocol version 1 and -.Dq rsa +.Dq dsa , +.Dq ecdsa or -.Dq dsa +.Dq rsa for protocol version 2. Multiple values may be specified by separating them with commas. The default is @@ -122,7 +123,7 @@ attacks which have begun after the ssh_known_hosts file was created. host-or-namelist bits exponent modulus .Ed .Pp -.Pa Output format for rsa and dsa keys: +.Pa Output format for rsa, dsa and ecdsa keys: .Bd -literal host-or-namelist keytype base64-encoded-key .Ed @@ -130,9 +131,12 @@ host-or-namelist keytype base64-encoded-key Where .Pa keytype is either -.Dq ssh-rsa +.Dq ecdsa-sha2-nistp256 , +.Dq ecdsa-sha2-nistp384 , +.Dq ecdsa-sha2-nistp521 , +.Dq ssh-dss or -.Dq ssh-dss . +.Dq ssh-rsa . .Pp .Pa /etc/ssh/ssh_known_hosts .Sh EXAMPLES @@ -149,7 +153,7 @@ Find all hosts from the file which have new or different keys from those in the sorted file .Pa ssh_known_hosts : .Bd -literal -$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e +$ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e sort -u - ssh_known_hosts | diff ssh_known_hosts - .Ed .Sh SEE ALSO diff --git a/ssh-keyscan.c b/ssh-keyscan.c index b6cf427cd..3fb1214e2 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.82 2010/06/22 04:54:30 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.83 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -52,9 +52,10 @@ int IPv4or6 = AF_UNSPEC; int ssh_port = SSH_DEFAULT_PORT; -#define KT_RSA1 1 -#define KT_DSA 2 -#define KT_RSA 4 +#define KT_RSA1 1 +#define KT_DSA 2 +#define KT_RSA 4 +#define KT_ECDSA 8 int get_keytypes = KT_RSA; /* Get only RSA keys by default */ @@ -251,6 +252,7 @@ keygrab_ssh2(con *c) c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; + c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client; c->c_kex->verify_host_key = hostjump; if (!(j = setjmp(kexjmp))) { @@ -673,6 +675,9 @@ main(int argc, char **argv) case KEY_DSA: get_keytypes |= KT_DSA; break; + case KEY_ECDSA: + get_keytypes |= KT_ECDSA; + break; case KEY_RSA: get_keytypes |= KT_RSA; break; diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 2e47f1203..5e09e0271 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.11 2010/08/08 19:36:30 jmc Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.12 2010/08/31 11:54:45 djm Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 8 2010 $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -62,6 +62,7 @@ Controls whether is enabled. .Pp .It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys used to generate the digital signature. @@ -72,6 +73,7 @@ Since they are readable only by root, must be set-uid root if host-based authentication is used. .Pp .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub +.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub If these files exist they are assumed to contain public certificate information corresponding with the private keys above. diff --git a/ssh.1 b/ssh.1 index 9b134f4ba..a3d001152 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.309 2010/08/08 19:36:30 jmc Exp $ -.Dd $Mdocdate: August 8 2010 $ +.\" $OpenBSD: ssh.1,v 1.310 2010/08/31 11:54:45 djm Exp $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -269,13 +269,14 @@ should use to communicate with a PKCS#11 token providing the user's private RSA key. .It Fl i Ar identity_file Selects a file from which the identity (private key) for -RSA or DSA authentication is read. +public key authentication is read. The default is .Pa ~/.ssh/identity for protocol version 1, and -.Pa ~/.ssh/id_rsa +.Pa ~/.ssh/id_dsa , +.Pa ~/.ssh/id_ecdsa and -.Pa ~/.ssh/id_dsa +.Pa ~/.ssh/id_rsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. @@ -721,9 +722,9 @@ key pair for authentication purposes. The server knows the public key, and only the user knows the private key. .Nm implements public key authentication protocol automatically, -using either the RSA or DSA algorithms. +using one of the DSA, ECDSA or RSA algorithms. Protocol 1 is restricted to using only RSA keys, -but protocol 2 may use either. +but protocol 2 may use any. The .Sx HISTORY section of @@ -748,6 +749,8 @@ This stores the private key in (protocol 1), .Pa ~/.ssh/id_dsa (protocol 2 DSA), +.Pa ~/.ssh/id_ecdsa +(protocol 2 ECDSA), or .Pa ~/.ssh/id_rsa (protocol 2 RSA) @@ -756,6 +759,8 @@ and stores the public key in (protocol 1), .Pa ~/.ssh/id_dsa.pub (protocol 2 DSA), +.Pa ~/.ssh/id_ecdsa.pub +(protocol 2 ECDSA), or .Pa ~/.ssh/id_rsa.pub (protocol 2 RSA) @@ -1277,7 +1282,8 @@ secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp .It Pa ~/.ssh/authorized_keys -Lists the public keys (RSA/DSA) that can be used for logging in as this user. +Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as +this user. The format of this file is described in the .Xr sshd 8 manual page. @@ -1298,6 +1304,7 @@ above. .Pp .It Pa ~/.ssh/identity .It Pa ~/.ssh/id_dsa +.It Pa ~/.ssh/id_ecdsa .It Pa ~/.ssh/id_rsa Contains the private key for authentication. These files @@ -1311,6 +1318,7 @@ sensitive part of this file using 3DES. .Pp .It Pa ~/.ssh/identity.pub .It Pa ~/.ssh/id_dsa.pub +.It Pa ~/.ssh/id_ecdsa.pub .It Pa ~/.ssh/id_rsa.pub Contains the public key for authentication. These files are not @@ -1349,6 +1357,7 @@ The file format and configuration options are described in .Pp .It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for host-based authentication. diff --git a/ssh.c b/ssh.c index 44b570bf9..1cdfc58e3 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.348 2010/08/16 04:06:06 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.349 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -780,7 +780,7 @@ main(int ac, char **av) sensitive_data.external_keysign = 0; if (options.rhosts_rsa_authentication || options.hostbased_authentication) { - sensitive_data.nkeys = 5; + sensitive_data.nkeys = 7; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); @@ -789,25 +789,34 @@ main(int ac, char **av) _PATH_HOST_KEY_FILE, "", NULL, NULL); sensitive_data.keys[1] = key_load_private_cert(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL); - sensitive_data.keys[2] = key_load_private_cert(KEY_RSA, + sensitive_data.keys[2] = key_load_private_cert(KEY_ECDSA, + _PATH_HOST_ECDSA_KEY_FILE, "", NULL); + sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL); - sensitive_data.keys[3] = key_load_private_type(KEY_DSA, + sensitive_data.keys[4] = key_load_private_type(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[4] = key_load_private_type(KEY_RSA, + sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, + _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); + sensitive_data.keys[6] = key_load_private_type(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && sensitive_data.keys[0] == NULL && - sensitive_data.keys[3] == NULL && - sensitive_data.keys[4] == NULL) { + sensitive_data.keys[4] == NULL && + sensitive_data.keys[5] == NULL && + sensitive_data.keys[6] == NULL) { sensitive_data.keys[1] = key_load_cert( _PATH_HOST_DSA_KEY_FILE); sensitive_data.keys[2] = key_load_cert( + _PATH_HOST_ECDSA_KEY_FILE); + sensitive_data.keys[3] = key_load_cert( _PATH_HOST_RSA_KEY_FILE); - sensitive_data.keys[3] = key_load_public( - _PATH_HOST_DSA_KEY_FILE, NULL); sensitive_data.keys[4] = key_load_public( + _PATH_HOST_DSA_KEY_FILE, NULL); + sensitive_data.keys[5] = key_load_public( + _PATH_HOST_ECDSA_KEY_FILE, NULL); + sensitive_data.keys[6] = key_load_public( _PATH_HOST_RSA_KEY_FILE, NULL); sensitive_data.external_keysign = 1; } diff --git a/ssh2.h b/ssh2.h index 3ffaf686b..51a963cae 100644 --- a/ssh2.h +++ b/ssh2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh2.h,v 1.13 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: ssh2.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -98,6 +98,10 @@ #define SSH2_MSG_KEX_DH_GEX_REPLY 33 #define SSH2_MSG_KEX_DH_GEX_REQUEST 34 +/* ecdh */ +#define SSH2_MSG_KEX_ECDH_INIT 30 +#define SSH2_MSG_KEX_ECDH_REPLY 31 + /* user authentication: generic */ #define SSH2_MSG_USERAUTH_REQUEST 50 diff --git a/ssh_config.5 b/ssh_config.5 index ddb806ec0..33038ffcf 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.138 2010/08/04 05:37:01 djm Exp $ -.Dd $Mdocdate: August 4 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.139 2010/08/31 11:54:45 djm Exp $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -547,7 +547,15 @@ is similar to Specifies the protocol version 2 host key algorithms that the client wants to use in order of preference. The default for this option is: -.Dq ssh-rsa,ssh-dss . +.Bd -literal -offset 3n +ecdsa-sha2-nistp256-cert-v01@openssh.com, +ecdsa-sha2-nistp384-cert-v01@openssh.com, +ecdsa-sha2-nistp521-cert-v01@openssh.com, +ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, +ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +ssh-rsa,ssh-dss +.Ed .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -583,14 +591,15 @@ offers many different identities. The default is .Dq no . .It Cm IdentityFile -Specifies a file from which the user's RSA or DSA authentication identity -is read. +Specifies a file from which the user's DSA, ECDSA or DSA authentication +identity is read. The default is .Pa ~/.ssh/identity for protocol version 1, and -.Pa ~/.ssh/id_rsa +.Pa ~/.ssh/id_dsa , +.Pa ~/.ssh/id_ecdsa and -.Pa ~/.ssh/id_dsa +.Pa ~/.ssh/id_rsa for protocol version 2. Additionally, any identities represented by the authentication agent will be used for authentication. diff --git a/sshconnect.c b/sshconnect.c index f55beffe4..4d3a08551 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.224 2010/04/16 21:14:27 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.225 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1173,7 +1173,7 @@ show_key_from_file(const char *file, const char *host, int keytype) static int show_other_keys(const char *host, Key *key) { - int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, -1}; + int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -1}; int i, found = 0; for (i = 0; type[i] != -1; i++) { diff --git a/sshconnect2.c b/sshconnect2.c index 4c379ae59..a31a663d4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.183 2010/04/26 22:28:24 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.184 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -145,6 +145,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; + kex->kex[KEX_ECDH_SHA2] = kexecdh_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; diff --git a/sshd.8 b/sshd.8 index bf9d6a2ec..9d2efc7e1 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.258 2010/08/08 19:36:30 jmc Exp $ -.Dd $Mdocdate: August 8 2010 $ +.\" $OpenBSD: sshd.8,v 1.259 2010/08/31 11:54:45 djm Exp $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSHD 8 .Os .Sh NAME @@ -170,9 +170,10 @@ host key files are normally not readable by anyone but root). The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key +.Pa /etc/ssh/ssh_host_dsa_key , +.Pa /etc/ssh/ssh_host_ecdsa_key and -.Pa /etc/ssh/ssh_host_dsa_key +.Pa /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. @@ -275,7 +276,7 @@ though this can be changed via the .Cm Protocol option in .Xr sshd_config 5 . -Protocol 2 supports both RSA and DSA keys; +Protocol 2 supports DSA, ECDSA and RSA keys; protocol 1 only supports RSA keys. For both protocols, each host has a host-specific key, @@ -483,6 +484,9 @@ protocol version 1; the comment field is not used for anything (but may be convenient for the user to identify the key). For protocol version 2 the keytype is +.Dq ecdsa-sha2-nistp256 , +.Dq ecdsa-sha2-nistp384 , +.Dq ecdsa-sha2-nistp521 , .Dq ssh-dss or .Dq ssh-rsa . @@ -494,6 +498,7 @@ keys up to 16 kilobits. You don't want to type them in; instead, copy the .Pa identity.pub , .Pa id_dsa.pub , +.Pa id_ecdsa.pub , or the .Pa id_rsa.pub file and edit it. @@ -792,7 +797,8 @@ secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp .It Pa ~/.ssh/authorized_keys -Lists the public keys (RSA/DSA) that can be used for logging in as this user. +Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in +as this user. The format of this file is described above. The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. @@ -871,6 +877,7 @@ rlogin/rsh. .Pp .It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not @@ -881,6 +888,7 @@ does not start if these files are group/world-accessible. .Pp .It Pa /etc/ssh/ssh_host_key.pub .It Pa /etc/ssh/ssh_host_dsa_key.pub +.It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_rsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by diff --git a/sshd.c b/sshd.c index 52a3789bb..658a4978d 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.377 2010/08/16 04:06:06 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.378 2010/08/31 11:54:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -733,6 +733,7 @@ list_hostkey_types(void) switch (key->type) { case KEY_RSA: case KEY_DSA: + case KEY_ECDSA: if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); p = key_ssh_name(key); @@ -748,6 +749,7 @@ list_hostkey_types(void) case KEY_DSA_CERT_V00: case KEY_RSA_CERT: case KEY_DSA_CERT: + case KEY_ECDSA_CERT: if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); p = key_ssh_name(key); @@ -774,6 +776,7 @@ get_hostkey_by_type(int type, int need_private) case KEY_DSA_CERT_V00: case KEY_RSA_CERT: case KEY_DSA_CERT: + case KEY_ECDSA_CERT: key = sensitive_data.host_certificates[i]; break; default: @@ -1576,6 +1579,7 @@ main(int ac, char **av) break; case KEY_RSA: case KEY_DSA: + case KEY_ECDSA: sensitive_data.have_ssh2_key = 1; break; } @@ -2302,6 +2306,7 @@ do_ssh2_kex(void) kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; + kex->kex[KEX_ECDH_SHA2] = kexecdh_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; diff --git a/sshd_config.5 b/sshd_config.5 index 596a728f8..af3d89b80 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $ -.Dd $Mdocdate: June 30 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.126 2010/08/31 11:54:45 djm Exp $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -470,9 +470,10 @@ used by SSH. The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key +.Pa /etc/ssh/ssh_host_dsa_key , +.Pa /etc/ssh/ssh_host_ecdsa_key and -.Pa /etc/ssh/ssh_host_dsa_key +.Pa /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that .Xr sshd 8 @@ -480,7 +481,8 @@ will refuse to use a file if it is group/world-accessible. It is possible to have multiple host key files. .Dq rsa1 keys are used for version 1 and -.Dq dsa +.Dq dsa , +.Dq ecdsa or .Dq rsa are used for version 2 of the SSH protocol. diff --git a/uuencode.c b/uuencode.c index b9e57e993..09d80d2fc 100644 --- a/uuencode.c +++ b/uuencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.c,v 1.25 2009/03/05 11:30:50 djm Exp $ */ +/* $OpenBSD: uuencode.c,v 1.26 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -72,7 +72,7 @@ uudecode(const char *src, u_char *target, size_t targsize) } void -dump_base64(FILE *fp, u_char *data, u_int len) +dump_base64(FILE *fp, const u_char *data, u_int len) { char *buf; int i, n; diff --git a/uuencode.h b/uuencode.h index fec55b491..4d9888126 100644 --- a/uuencode.h +++ b/uuencode.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,4 +26,4 @@ int uuencode(const u_char *, u_int, char *, size_t); int uudecode(const char *, u_char *, size_t); -void dump_base64(FILE *, u_char *, u_int); +void dump_base64(FILE *, const u_char *, u_int); -- cgit v1.2.3 From b5a62d0300b9e469ee2e84df6de1ad36e32ed4d7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:47:15 +1000 Subject: - (djm) [Makefile.in] Add new ECC files --- ChangeLog | 1 + Makefile.in | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 889580e5e..3488c8215 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,7 @@ subject to change. feedback and ok markus@ + - (djm) [Makefile.in] Add new ECC files 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, diff --git a/Makefile.in b/Makefile.in index 5654d4341..bfd37d51e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.310 2010/05/12 06:51:39 dtucker Exp $ +# $Id: Makefile.in,v 1.311 2010/08/31 12:47:15 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -71,10 +71,10 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ log.o match.o md-sha256.o moduli.o nchan.o packet.o \ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ - monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ - kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \ - entropy.o gss-genr.o umac.o jpake.o schnorr.o \ - ssh-pkcs11.o + monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ + kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ + msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \ + schnorr.o ssh-pkcs11.o SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ @@ -86,7 +86,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ auth-chall.o auth2-chall.o groupaccess.o \ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \ - monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ + monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ -- cgit v1.2.3 From c79ff0770e0ac1e0d9acc2741190cf7599bb6bd8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Aug 2010 22:50:48 +1000 Subject: - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include includes.h --- ChangeLog | 2 ++ bufec.c | 3 +++ kexecdh.c | 2 ++ kexecdhc.c | 2 ++ kexecdhs.c | 2 ++ ssh-ecdsa.c | 2 ++ 6 files changed, 13 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3488c8215..a71eab347 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,8 @@ feedback and ok markus@ - (djm) [Makefile.in] Add new ECC files + - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include + includes.h 20100827 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, diff --git a/bufec.c b/bufec.c index dff9c69c9..c77d1ecb9 100644 --- a/bufec.c +++ b/bufec.c @@ -14,6 +14,9 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "includes.h" + #include #include diff --git a/kexecdh.c b/kexecdh.c index a5a14f4bd..bd5718136 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "includes.h" + #include #include diff --git a/kexecdhc.c b/kexecdhc.c index f6d9977c5..7ac7b1ee2 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "includes.h" + #include #include diff --git a/kexecdhs.c b/kexecdhs.c index d73333893..e49a0ef37 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "includes.h" + #include #include #include diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index a1c1bdb60..3069ca5bc 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "includes.h" + #include #include -- cgit v1.2.3 From 50e3bab2421e41cbce9093c5047298ed7ad730cb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 10 Sep 2010 10:30:25 +1000 Subject: - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact return code since it can apparently return -1 under some conditions. From openssh bugs werbittewas de, ok djm@ --- ChangeLog | 7 ++++++- openbsd-compat/port-linux.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a71eab347..63216685b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ -20100931 +2010910 + - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact + return code since it can apparently return -1 under some conditions. From + openssh bugs werbittewas de, ok djm@ + +20100831 - OpenBSD CVS Sync - jmc@cvs.openbsd.org 2010/08/08 19:36:30 [ssh-keysign.8 ssh.1 sshd.8] diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 89b9a7340..86d16dc6e 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.9 2010/09/10 00:30:25 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -45,7 +45,7 @@ ssh_selinux_enabled(void) static int enabled = -1; if (enabled == -1) { - enabled = is_selinux_enabled(); + enabled = (is_selinux_enabled() == 1); debug("SELinux support %s", enabled ? "enabled" : "disabled"); } -- cgit v1.2.3 From 4314c2b5489da5af3b70c440fcd2c44ddc4745a8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:12:09 +1000 Subject: - djm@cvs.openbsd.org 2010/08/31 12:33:38 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] reintroduce commit from tedu@, which I pulled out for release engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm --- ChangeLog | 9 ++++++++- ssh-add.c | 4 ++-- ssh-agent.c | 4 ++-- ssh-ecdsa.c | 2 +- ssh-keygen.c | 4 ++-- ssh-keysign.c | 4 ++-- ssh.c | 4 ++-- sshd.c | 4 ++-- 8 files changed, 21 insertions(+), 14 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 63216685b..594ebc24c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,14 @@ -2010910 +20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact return code since it can apparently return -1 under some conditions. From openssh bugs werbittewas de, ok djm@ + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/08/31 12:33:38 + [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] + reintroduce commit from tedu@, which I pulled out for release + engineering: + OpenSSL_add_all_algorithms is the name of the function we have a + man page for, so use that. ok djm 20100831 - OpenBSD CVS Sync diff --git a/ssh-add.c b/ssh-add.c index 31e618390..8bf5675fb 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.99 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -373,7 +373,7 @@ main(int argc, char **argv) init_rng(); seed_rng(); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); diff --git a/ssh-agent.c b/ssh-agent.c index fbfd79c13..87939b2b6 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.169 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.170 2010/08/31 12:33:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1146,7 +1146,7 @@ main(int ac, char **av) prctl(PR_SET_DUMPABLE, 0); #endif - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); __progname = ssh_get_progname(av[0]); init_rng(); diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 3069ca5bc..0627ee5c0 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD */ +/* $OpenBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. diff --git a/ssh-keygen.c b/ssh-keygen.c index 448585185..a66e8508c 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.200 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.201 2010/08/31 12:33:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1804,7 +1804,7 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); init_rng(); diff --git a/ssh-keysign.c b/ssh-keysign.c index cf3bf1b9b..d05156005 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.34 2010/08/16 04:06:06 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.35 2010/08/31 12:33:38 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -194,7 +194,7 @@ main(int argc, char **argv) if (key_fd[0] == -1 && key_fd[1] == -1) fatal("could not open any host key"); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); diff --git a/ssh.c b/ssh.c index 1cdfc58e3..e5b643258 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.349 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.350 2010/08/31 12:33:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -599,7 +599,7 @@ main(int ac, char **av) if (!host) usage(); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* Initialize the command to execute on remote host. */ diff --git a/sshd.c b/sshd.c index 658a4978d..7995f5a1d 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.378 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.379 2010/08/31 12:33:38 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1467,7 +1467,7 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); /* * Force logging to stderr until we have loaded the private host -- cgit v1.2.3 From de735ea3bddf5813aabd76de18151e55172626b3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:12:38 +1000 Subject: - jmc@cvs.openbsd.org 2010/08/31 17:40:54 [ssh-agent.1] fix some macro abuse; --- ChangeLog | 3 +++ ssh-agent.1 | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 594ebc24c..50dd15954 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm + - jmc@cvs.openbsd.org 2010/08/31 17:40:54 + [ssh-agent.1] + fix some macro abuse; 20100831 - OpenBSD CVS Sync diff --git a/ssh-agent.1 b/ssh-agent.1 index 88ad490bc..134b93ae9 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.51 2010/08/31 11:54:45 djm Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.52 2010/08/31 17:40:54 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,13 +42,13 @@ .Nd authentication agent .Sh SYNOPSIS .Nm ssh-agent -.Op Fl c Li | Fl s +.Op Fl c | s .Op Fl d .Op Fl a Ar bind_address .Op Fl t Ar life .Op Ar command Op Ar arg ... .Nm ssh-agent -.Op Fl c Li | Fl s +.Op Fl c | s .Fl k .Sh DESCRIPTION .Nm -- cgit v1.2.3 From d44279029243ca238682bbc171e80531badbd3fb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:15:10 +1000 Subject: - jmc@cvs.openbsd.org 2010/08/31 21:14:58 [ssh.1] small text tweak to accommodate previous; --- ChangeLog | 3 +++ ssh.1 | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 50dd15954..d4558ea15 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ - jmc@cvs.openbsd.org 2010/08/31 17:40:54 [ssh-agent.1] fix some macro abuse; + - jmc@cvs.openbsd.org 2010/08/31 21:14:58 + [ssh.1] + small text tweak to accommodate previous; 20100831 - OpenBSD CVS Sync diff --git a/ssh.1 b/ssh.1 index a3d001152..be4a334f3 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.310 2010/08/31 11:54:45 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.311 2010/08/31 21:14:58 jmc Exp $ .Dd $Mdocdate: August 31 2010 $ .Dt SSH 1 .Os @@ -729,7 +729,7 @@ The .Sx HISTORY section of .Xr ssl 8 -contains a brief discussion of the two algorithms. +contains a brief discussion of the DSA and RSA algorithms. .Pp The file .Pa ~/.ssh/authorized_keys -- cgit v1.2.3 From e13cadf41b920ccce3eb51e600a61ceaf1c37542 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:15:33 +1000 Subject: - naddy@cvs.openbsd.org 2010/09/01 15:21:35 [servconf.c] pick up ECDSA host key by default; ok djm@ --- ChangeLog | 3 +++ servconf.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d4558ea15..af1c8b1e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ - jmc@cvs.openbsd.org 2010/08/31 21:14:58 [ssh.1] small text tweak to accommodate previous; + - naddy@cvs.openbsd.org 2010/09/01 15:21:35 + [servconf.c] + pick up ECDSA host key by default; ok djm@ 20100831 - OpenBSD CVS Sync diff --git a/servconf.c b/servconf.c index 986a5b92f..def6b716a 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.210 2010/09/01 15:21:35 naddy Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -154,6 +154,8 @@ fill_default_server_options(ServerOptions *options) _PATH_HOST_RSA_KEY_FILE; options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; + options->host_key_files[options->num_host_key_files++] = + _PATH_HOST_ECDSA_KEY_FILE; } } /* No certificates by default */ -- cgit v1.2.3 From 5773794d55a4e30eac2b45adb4dfcb48727c07ae Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:16:37 +1000 Subject: - markus@cvs.openbsd.org 2010/09/02 16:07:25 [ssh-keygen.c] permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ --- ChangeLog | 3 +++ ssh-keygen.c | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index af1c8b1e5..e3b6da975 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ - naddy@cvs.openbsd.org 2010/09/01 15:21:35 [servconf.c] pick up ECDSA host key by default; ok djm@ + - markus@cvs.openbsd.org 2010/09/02 16:07:25 + [ssh-keygen.c] + permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ 20100831 - OpenBSD CVS Sync diff --git a/ssh-keygen.c b/ssh-keygen.c index a66e8508c..0abf10f61 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.201 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.202 2010/09/02 16:07:25 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1825,7 +1825,7 @@ main(int argc, char **argv) "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { switch (opt) { case 'b': - bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); + bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr); if (errstr) fatal("Bits has bad value %s (%s)", optarg, errstr); @@ -2125,6 +2125,8 @@ main(int argc, char **argv) } if (type == KEY_DSA && bits != 1024) fatal("DSA keys must be 1024 bits"); + else if (type != KEY_ECDSA && bits < 768) + fatal("Key must at least be 768 bits"); else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) fatal("Invalid ECDSA key length - valid lengths are " "256, 384 or 521 bits"); -- cgit v1.2.3 From 5929c52f65fc2029fb9b496ccfa91bd4cecca0be Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:17:02 +1000 Subject: - markus@cvs.openbsd.org 2010/09/02 16:08:39 [ssh.c] unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ --- ChangeLog | 3 +++ ssh.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e3b6da975..d90bf37c8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,9 @@ - markus@cvs.openbsd.org 2010/09/02 16:07:25 [ssh-keygen.c] permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ + - markus@cvs.openbsd.org 2010/09/02 16:08:39 + [ssh.c] + unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ 20100831 - OpenBSD CVS Sync diff --git a/ssh.c b/ssh.c index e5b643258..51c68d7da 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.350 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.351 2010/09/02 16:08:39 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -936,6 +936,7 @@ control_persist_detach(void) tty_flag = otty_flag; close(muxserver_sock); muxserver_sock = -1; + options.control_master = SSHCTL_MASTER_NO; muxclient(options.control_path); /* muxclient() doesn't return on success. */ fatal("Failed to connect to new control master"); -- cgit v1.2.3 From 6e9f680cd2bb19b96280e90adaef5a536d8ae160 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:17:38 +1000 Subject: - naddy@cvs.openbsd.org 2010/09/02 17:21:50 [ssh-keygen.c] Switch ECDSA default key size to 256 bits, which according to RFC5656 should still be better than our current RSA-2048 default. ok djm@, markus@ --- ChangeLog | 5 +++++ ssh-keygen.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d90bf37c8..9372e4666 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,11 @@ - markus@cvs.openbsd.org 2010/09/02 16:08:39 [ssh.c] unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ + - naddy@cvs.openbsd.org 2010/09/02 17:21:50 + [ssh-keygen.c] + Switch ECDSA default key size to 256 bits, which according to RFC5656 + should still be better than our current RSA-2048 default. + ok djm@, markus@ 20100831 - OpenBSD CVS Sync diff --git a/ssh-keygen.c b/ssh-keygen.c index 0abf10f61..43b8c7f97 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.202 2010/09/02 16:07:25 markus Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.203 2010/09/02 17:21:50 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -57,7 +57,7 @@ /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ #define DEFAULT_BITS 2048 #define DEFAULT_BITS_DSA 1024 -#define DEFAULT_BITS_ECDSA 521 +#define DEFAULT_BITS_ECDSA 256 u_int32_t bits = 0; /* -- cgit v1.2.3 From 390f1532f2861f6dad19f34852d8088a8ef8bc73 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:17:54 +1000 Subject: - jmc@cvs.openbsd.org 2010/09/03 11:09:29 [scp.1] add an EXIT STATUS section for /usr/bin; --- ChangeLog | 7 +++++-- scp.1 | 6 +++--- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9372e4666..7e0c6722a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,10 +18,10 @@ - naddy@cvs.openbsd.org 2010/09/01 15:21:35 [servconf.c] pick up ECDSA host key by default; ok djm@ - - markus@cvs.openbsd.org 2010/09/02 16:07:25 + - markus@cvs.openbsd.org 2010/09/02 16:07:25 [ssh-keygen.c] permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ - - markus@cvs.openbsd.org 2010/09/02 16:08:39 + - markus@cvs.openbsd.org 2010/09/02 16:08:39 [ssh.c] unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ - naddy@cvs.openbsd.org 2010/09/02 17:21:50 @@ -29,6 +29,9 @@ Switch ECDSA default key size to 256 bits, which according to RFC5656 should still be better than our current RSA-2048 default. ok djm@, markus@ + - jmc@cvs.openbsd.org 2010/09/03 11:09:29 + [scp.1] + add an EXIT STATUS section for /usr/bin; 20100831 - OpenBSD CVS Sync diff --git a/scp.1 b/scp.1 index bc5e259f5..82da30f4f 100644 --- a/scp.1 +++ b/scp.1 @@ -9,9 +9,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.50 2010/02/08 10:50:20 markus Exp $ +.\" $OpenBSD: scp.1,v 1.51 2010/09/03 11:09:29 jmc Exp $ .\" -.Dd $Mdocdate: February 8 2010 $ +.Dd $Mdocdate: September 3 2010 $ .Dt SCP 1 .Os .Sh NAME @@ -209,7 +209,7 @@ to print debugging messages about their progress. This is helpful in debugging connection, authentication, and configuration problems. .El -.Pp +.Sh EXIT STATUS .Ex -std scp .Sh SEE ALSO .Xr rcp 1 , -- cgit v1.2.3 From daa7b2254f6391bfddde2c6b4acb1957843feaa1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:19:33 +1000 Subject: - jmc@cvs.openbsd.org 2010/09/04 09:38:34 [ssh-add.1 ssh.1] two more EXIT STATUS sections; --- ChangeLog | 3 +++ ssh-add.1 | 6 +++--- ssh.1 | 12 ++++++------ 3 files changed, 12 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7e0c6722a..134a37162 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,9 @@ - jmc@cvs.openbsd.org 2010/09/03 11:09:29 [scp.1] add an EXIT STATUS section for /usr/bin; + - jmc@cvs.openbsd.org 2010/09/04 09:38:34 + [ssh-add.1 ssh.1] + two more EXIT STATUS sections; 20100831 - OpenBSD CVS Sync diff --git a/ssh-add.1 b/ssh-add.1 index 3699db5eb..1862eed8d 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.53 2010/08/31 11:54:45 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.54 2010/09/04 09:38:34 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2010 $ +.Dd $Mdocdate: September 4 2010 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -176,7 +176,7 @@ Identity files should not be readable by anyone but the user. Note that .Nm ignores identity files if they are accessible by others. -.Sh DIAGNOSTICS +.Sh EXIT STATUS Exit status is 0 on success, 1 if the specified command fails, and 2 if .Nm diff --git a/ssh.1 b/ssh.1 index be4a334f3..95ee85689 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.311 2010/08/31 21:14:58 jmc Exp $ -.Dd $Mdocdate: August 31 2010 $ +.\" $OpenBSD: ssh.1,v 1.312 2010/09/04 09:38:34 jmc Exp $ +.Dd $Mdocdate: September 4 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -647,10 +647,6 @@ may additionally obtain configuration data from a per-user configuration file and a system-wide configuration file. The file format and configuration options are described in .Xr ssh_config 5 . -.Pp -.Nm -exits with the exit status of the remote command or with 255 -if an error occurred. .Sh AUTHENTICATION The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to use protocol 2 only, @@ -1394,6 +1390,10 @@ See the .Xr sshd 8 manual page for more information. .El +.Sh EXIT STATUS +.Nm +exits with the exit status of the remote command or with 255 +if an error occurred. .Sh SEE ALSO .Xr scp 1 , .Xr sftp 1 , -- cgit v1.2.3 From 80ed82aaf4d62ab76920d7b7d5fb181ed909ed8c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:20:11 +1000 Subject: - naddy@cvs.openbsd.org 2010/09/06 17:10:19 [sshd_config] add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste ok deraadt@ --- ChangeLog | 5 +++++ sshd_config | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 134a37162..318d5d3fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,11 @@ - jmc@cvs.openbsd.org 2010/09/04 09:38:34 [ssh-add.1 ssh.1] two more EXIT STATUS sections; + - naddy@cvs.openbsd.org 2010/09/06 17:10:19 + [sshd_config] + add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste + + ok deraadt@ 20100831 - OpenBSD CVS Sync diff --git a/sshd_config b/sshd_config index 72fbae37b..4534841c1 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -23,6 +23,7 @@ # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h -- cgit v1.2.3 From bf0423e550e47bc4b3a40fe165da4e5c68b4aa5c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:20:38 +1000 Subject: - djm@cvs.openbsd.org 2010/09/08 03:54:36 [authfile.c] typo --- ChangeLog | 3 +++ authfile.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 318d5d3fd..5dac860fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,9 @@ add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste ok deraadt@ + - djm@cvs.openbsd.org 2010/09/08 03:54:36 + [authfile.c] + typo 20100831 - OpenBSD CVS Sync diff --git a/authfile.c b/authfile.c index 865e7faf9..20ac8c76d 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.83 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.84 2010/09/08 03:54:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -533,7 +533,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, key_free(prv); prv = NULL; } - name = "dsa w/o comment"; + name = "ecdsa w/o comment"; #ifdef DEBUG_PK if (prv->ecdsa != NULL) key_dump_ec_key(prv->ecdsa); -- cgit v1.2.3 From 3796ab47d3f68f69512c360f178b77bf0fb12b4f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:20:59 +1000 Subject: - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 [compress.c] work around name-space collisions some buggy compilers (looking at you gcc, at least in earlier versions, but this does not forgive your current transgressions) seen between zlib and openssl ok djm --- ChangeLog | 6 ++++++ compress.c | 5 +++-- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5dac860fa..32f82369d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,12 @@ - djm@cvs.openbsd.org 2010/09/08 03:54:36 [authfile.c] typo + - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 + [compress.c] + work around name-space collisions some buggy compilers (looking at you + gcc, at least in earlier versions, but this does not forgive your current + transgressions) seen between zlib and openssl + ok djm 20100831 - OpenBSD CVS Sync diff --git a/compress.c b/compress.c index c058d2224..24778e524 100644 --- a/compress.c +++ b/compress.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compress.c,v 1.25 2006/08/06 01:13:32 stevesk Exp $ */ +/* $OpenBSD: compress.c,v 1.26 2010/09/08 04:13:31 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -17,12 +17,13 @@ #include #include -#include #include "log.h" #include "buffer.h" #include "compress.h" +#include + z_stream incoming_stream; z_stream outgoing_stream; static int compress_init_send_called = 0; -- cgit v1.2.3 From 041ab7c1e7d6514ed84a539a767f79ffb356e807 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:23:34 +1000 Subject: - djm@cvs.openbsd.org 2010/09/09 10:45:45 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] ECDH/ECDSA compliance fix: these methods vary the hash function they use (SHA256/384/512) depending on the length of the curve in use. The previous code incorrectly used SHA256 in all cases. This fix will cause authentication failure when using 384 or 521-bit curve keys if one peer hasn't been upgraded and the other has. (256-bit curve keys work ok). In particular you may need to specify HostkeyAlgorithms when connecting to a server that has not been upgraded from an upgraded client. ok naddy@ --- ChangeLog | 13 +++++++++++++ kex.c | 10 +++++----- kex.h | 5 +++-- kexecdh.c | 14 +++++++++++--- key.c | 47 +++++++++++++++++++++++++++++++++++------------ key.h | 4 +++- monitor.c | 8 ++++---- ssh-ecdsa.c | 10 ++++++---- 8 files changed, 80 insertions(+), 31 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 32f82369d..87fee3bf0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,19 @@ gcc, at least in earlier versions, but this does not forgive your current transgressions) seen between zlib and openssl ok djm + - djm@cvs.openbsd.org 2010/09/09 10:45:45 + [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] + ECDH/ECDSA compliance fix: these methods vary the hash function they use + (SHA256/384/512) depending on the length of the curve in use. The previous + code incorrectly used SHA256 in all cases. + + This fix will cause authentication failure when using 384 or 521-bit curve + keys if one peer hasn't been upgraded and the other has. (256-bit curve + keys work ok). In particular you may need to specify HostkeyAlgorithms + when connecting to a server that has not been upgraded from an upgraded + client. + + ok naddy@ 20100831 - OpenBSD CVS Sync diff --git a/kex.c b/kex.c index abe9b9f5d..7c8763191 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.85 2010/09/09 10:45:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -325,10 +325,10 @@ choose_kex(Kex *k, char *client, char *server) } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { k->kex_type = KEX_DH_GEX_SHA256; k->evp_md = evp_ssh_sha256(); - } else if (strncmp(k->name, KEX_ECDH_SHA256, - sizeof(KEX_ECDH_SHA256) - 1) == 0) { - k->kex_type = KEX_ECDH_SHA2; - k->evp_md = evp_ssh_sha256(); + } else if (strncmp(k->name, KEX_ECDH_SHA2_STEM, + sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) { + k->kex_type = KEX_ECDH_SHA2; + k->evp_md = kex_ecdh_name_to_evpmd(k->name); #endif } else fatal("bad kex alg %s", k->name); diff --git a/kex.h b/kex.h index a183ffda2..f5dcc8791 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.50 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.51 2010/09/09 10:45:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -39,7 +39,7 @@ #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" #define KEX_RESUME "resume@appgate.com" /* The following represents the family of ECDH methods */ -#define KEX_ECDH_SHA256 "ecdh-sha2-" +#define KEX_ECDH_SHA2_STEM "ecdh-sha2-" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -165,6 +165,7 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, const BIGNUM *, u_char **, u_int *); int kex_ecdh_name_to_nid(const char *); +const EVP_MD *kex_ecdh_name_to_evpmd(const char *); void derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); diff --git a/kexecdh.c b/kexecdh.c index bd5718136..f59d7b903 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.2 2010/09/09 10:45:45 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -48,15 +48,23 @@ kex_ecdh_name_to_nid(const char *kexname) { int ret; - if (strlen(kexname) < sizeof(KEX_ECDH_SHA256) - 1) + if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) fatal("%s: kexname too short \"%s\"", __func__, kexname); - ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA256) - 1); + ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); if (ret == -1) fatal("%s: unsupported curve negotiated \"%s\"", __func__, kexname); return ret; } +const EVP_MD * +kex_ecdh_name_to_evpmd(const char *kexname) +{ + int nid = kex_ecdh_name_to_nid(kexname); + + return key_ec_nid_to_evpmd(nid); +} + void kex_ecdh_hash( const EVP_MD *evp_md, diff --git a/key.c b/key.c index 842280a9f..b9dc2355b 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.92 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: key.c,v 1.93 2010/09/09 10:45:45 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -978,17 +978,7 @@ key_size(const Key *k) return BN_num_bits(k->dsa->p); case KEY_ECDSA: case KEY_ECDSA_CERT: - switch (k->ecdsa_nid) { - case NID_X9_62_prime256v1: - return 256; - case NID_secp384r1: - return 384; - case NID_secp521r1: - return 521; - default: - break; - } - break; + return key_curve_nid_to_bits(k->ecdsa_nid); } return 0; } @@ -1961,6 +1951,7 @@ key_cert_is_legacy(Key *k) } } +/* XXX: these are really begging for a table-driven approach */ int key_curve_name_to_nid(const char *name) { @@ -1975,6 +1966,22 @@ key_curve_name_to_nid(const char *name) return -1; } +u_int +key_curve_nid_to_bits(int nid) +{ + switch (nid) { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; + case NID_secp521r1: + return 521; + default: + error("%s: unsupported EC curve nid %d", __func__, nid); + return 0; + } +} + const char * key_curve_nid_to_name(int nid) { @@ -1989,6 +1996,22 @@ key_curve_nid_to_name(int nid) return NULL; } +const EVP_MD * +key_ec_nid_to_evpmd(int nid) +{ + int kbits = key_curve_nid_to_bits(nid); + + if (kbits == 0) + fatal("%s: invalid nid %d", __func__, nid); + /* RFC5656 section 6.2.1 */ + if (kbits <= 256) + return EVP_sha256(); + else if (kbits <= 384) + return EVP_sha384(); + else + return EVP_sha512(); +} + int key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) { diff --git a/key.h b/key.h index 2eb124364..ba1a20c07 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.31 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: key.h,v 1.32 2010/09/09 10:45:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -112,8 +112,10 @@ int key_cert_is_legacy(Key *); int key_ecdsa_nid_from_name(const char *); int key_curve_name_to_nid(const char *); const char * key_curve_nid_to_name(int); +u_int key_curve_nid_to_bits(int); int key_ecdsa_bits_to_nid(int); int key_ecdsa_group_to_nid(const EC_GROUP *); +const EVP_MD * key_ec_nid_to_evpmd(int nid); int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); int key_ec_validate_private(const EC_KEY *); diff --git a/monitor.c b/monitor.c index 32395ee44..29d987c70 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.109 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.110 2010/09/09 10:45:45 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -590,10 +590,10 @@ mm_answer_sign(int sock, Buffer *m) p = buffer_get_string(m, &datlen); /* - * Supported KEX types will only return SHA1 (20 byte) or - * SHA256 (32 byte) hashes + * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), + * SHA384 (48 bytes) and SHA512 (64 bytes). */ - if (datlen != 20 && datlen != 32) + if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) fatal("%s: data length incorrect: %u", __func__, datlen); /* save session id, it will be passed on the first call */ diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 0627ee5c0..5c4ce2311 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD$ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.4 2010/09/10 01:04:10 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -46,7 +46,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen) { ECDSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha256(); + const EVP_MD *evp_md; EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE]; u_int len, dlen; @@ -57,6 +57,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, error("%s: no ECDSA key", __func__); return -1; } + evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); @@ -94,21 +95,22 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, const u_char *data, u_int datalen) { ECDSA_SIG *sig; - const EVP_MD *evp_md = EVP_sha256(); + const EVP_MD *evp_md; EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE], *sigblob; u_int len, dlen; int rlen, ret; Buffer b, bb; + char *ktype; if (key == NULL || key->ecdsa == NULL || (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) { error("%s: no ECDSA key", __func__); return -1; } + evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid); /* fetch signature */ - char *ktype; buffer_init(&b); buffer_append(&b, signature, signaturelen); ktype = buffer_get_string(&b, NULL); -- cgit v1.2.3 From 6af914a15c0c33e8b5bab5ca61919b8562ff1db9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 10 Sep 2010 11:39:26 +1000 Subject: - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@ --- ChangeLog | 4 ++++ authfd.c | 2 ++ authfile.c | 4 ++++ bufec.c | 3 +++ buffer.h | 2 ++ configure.ac | 26 +++++++++++++++++++++-- kex.h | 5 ++++- kexecdh.c | 3 +++ kexecdhc.c | 13 ++++++++++-- kexecdhs.c | 13 ++++++++++-- key.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- key.h | 10 ++++++++- myproposal.h | 53 +++++++++++++++++++++++++---------------------- packet.c | 4 ++++ readconf.c | 3 ++- ssh-agent.c | 4 ++++ ssh-ecdsa.c | 4 ++++ ssh-keygen.c | 6 ++++++ ssh.c | 10 +++++++++ 19 files changed, 200 insertions(+), 36 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 87fee3bf0..742e966c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,10 @@ client. ok naddy@ + - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] + [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] + [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on + platforms that don't have the requisite OpenSSL support. ok dtucker@ 20100831 - OpenBSD CVS Sync diff --git a/authfd.c b/authfd.c index ec537d2e9..c11c3f5a8 100644 --- a/authfd.c +++ b/authfd.c @@ -509,6 +509,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) buffer_len(&key->cert->certblob)); buffer_put_bignum2(b, key->dsa->priv_key); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid)); buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa), @@ -522,6 +523,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) buffer_len(&key->cert->certblob)); buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); break; +#endif } buffer_put_cstring(b, comment); } diff --git a/authfile.c b/authfile.c index 20ac8c76d..b1e3eda5c 100644 --- a/authfile.c +++ b/authfile.c @@ -213,10 +213,12 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase, success = PEM_write_DSAPrivateKey(fp, key->dsa, cipher, passphrase, len, NULL, NULL); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: success = PEM_write_ECPrivateKey(fp, key->ecdsa, cipher, passphrase, len, NULL, NULL); break; +#endif case KEY_RSA: success = PEM_write_RSAPrivateKey(fp, key->rsa, cipher, passphrase, len, NULL, NULL); @@ -515,6 +517,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, #ifdef DEBUG_PK DSA_print_fp(stderr, prv->dsa, 8); #endif +#ifdef OPENSSL_HAS_ECC } else if (pk->type == EVP_PKEY_EC && (type == KEY_UNSPEC||type==KEY_ECDSA)) { prv = key_new(KEY_UNSPEC); @@ -538,6 +541,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, if (prv->ecdsa != NULL) key_dump_ec_key(prv->ecdsa); #endif +#endif /* OPENSSL_HAS_ECC */ } else { error("PEM_read_PrivateKey: mismatch or " "unknown EVP_PKEY save_type %d", pk->save_type); diff --git a/bufec.c b/bufec.c index c77d1ecb9..3dcb49477 100644 --- a/bufec.c +++ b/bufec.c @@ -17,6 +17,8 @@ #include "includes.h" +#ifdef OPENSSL_HAS_ECC + #include #include @@ -141,3 +143,4 @@ buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, fatal("%s: buffer error", __func__); } +#endif /* OPENSSL_HAS_ECC */ diff --git a/buffer.h b/buffer.h index 1fb3f1666..e2a9dd100 100644 --- a/buffer.h +++ b/buffer.h @@ -86,11 +86,13 @@ char *buffer_get_cstring_ret(Buffer *, u_int *); void *buffer_get_string_ptr_ret(Buffer *, u_int *); int buffer_get_char_ret(char *, Buffer *); +#ifdef OPENSSL_HAS_ECC #include int buffer_put_ecpoint_ret(Buffer *, const EC_GROUP *, const EC_POINT *); void buffer_put_ecpoint(Buffer *, const EC_GROUP *, const EC_POINT *); int buffer_get_ecpoint_ret(Buffer *, const EC_GROUP *, EC_POINT *); void buffer_get_ecpoint(Buffer *, const EC_GROUP *, EC_POINT *); +#endif #endif /* BUFFER_H */ diff --git a/configure.ac b/configure.ac index 637e7b536..d267ba2b1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.451 2010/08/16 03:15:23 dtucker Exp $ +# $Id: configure.ac,v 1.452 2010/09/10 01:39:27 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.451 $) +AC_REVISION($Revision: 1.452 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -2158,6 +2158,28 @@ fi # Search for SHA256 support in libc and/or OpenSSL AC_CHECK_FUNCS(SHA256_Update EVP_sha256) +# Check complete ECC support in OpenSSL +AC_MSG_CHECKING([whether OpenSSL has complete ECC support]) +AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include +#include +int main(void) { + EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); + const EVP_MD *m = EVP_sha512(); /* We need this too */ +} + ]])], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(OPENSSL_HAS_ECC, 1, + [libcrypto includes complete ECC support]) + ], + [ + AC_MSG_RESULT(no) + ] +) + saved_LIBS="$LIBS" AC_CHECK_LIB(iaf, ia_openinfo, [ LIBS="$LIBS -liaf" diff --git a/kex.h b/kex.h index f5dcc8791..06914756a 100644 --- a/kex.h +++ b/kex.h @@ -159,13 +159,16 @@ void kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); +#ifdef OPENSSL_HAS_ECC void kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char **, u_int *); - int kex_ecdh_name_to_nid(const char *); const EVP_MD *kex_ecdh_name_to_evpmd(const char *); +#else +# define kex_ecdh_name_to_evpmd(x) NULL +#endif void derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); diff --git a/kexecdh.c b/kexecdh.c index f59d7b903..4c58a5122 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -26,6 +26,8 @@ #include "includes.h" +#ifdef OPENSSL_HAS_ECC + #include #include @@ -116,3 +118,4 @@ kex_ecdh_hash( *hashlen = EVP_MD_size(evp_md); } +#endif /* OPENSSL_HAS_ECC */ diff --git a/kexecdhc.c b/kexecdhc.c index 7ac7b1ee2..297a0e5a9 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -32,8 +32,6 @@ #include #include -#include - #include "xmalloc.h" #include "buffer.h" #include "key.h" @@ -44,6 +42,10 @@ #include "dh.h" #include "ssh2.h" +#ifdef OPENSSL_HAS_ECC + +#include + void kexecdh_client(Kex *kex) { @@ -156,3 +158,10 @@ kexecdh_client(Kex *kex) BN_clear_free(shared_secret); kex_finish(kex); } +#else /* OPENSSL_HAS_ECC */ +void +kexecdh_client(Kex *kex) +{ + fatal("ECC support is not enabled"); +} +#endif /* OPENSSL_HAS_ECC */ diff --git a/kexecdhs.c b/kexecdhs.c index e49a0ef37..d2c3feb09 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -30,8 +30,6 @@ #include #include -#include - #include "xmalloc.h" #include "buffer.h" #include "key.h" @@ -46,6 +44,10 @@ #endif #include "monitor_wrap.h" +#ifdef OPENSSL_HAS_ECC + +#include + void kexecdh_server(Kex *kex) { @@ -161,3 +163,10 @@ kexecdh_server(Kex *kex) BN_clear_free(shared_secret); kex_finish(kex); } +#else /* OPENSSL_HAS_ECC */ +void +kexecdh_server(Kex *kex) +{ + fatal("ECC support is not enabled"); +} +#endif /* OPENSSL_HAS_ECC */ diff --git a/key.c b/key.c index b9dc2355b..3cda8f2cb 100644 --- a/key.c +++ b/key.c @@ -111,10 +111,12 @@ key_new(int type) fatal("key_new: BN_new failed"); k->dsa = dsa; break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ break; +#endif case KEY_UNSPEC: break; default: @@ -214,12 +216,14 @@ key_free(Key *k) DSA_free(k->dsa); k->dsa = NULL; break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: if (k->ecdsa != NULL) EC_KEY_free(k->ecdsa); k->ecdsa = NULL; break; +#endif case KEY_UNSPEC: break; default: @@ -279,6 +283,7 @@ key_equal_public(const Key *a, const Key *b) BN_cmp(a->dsa->q, b->dsa->q) == 0 && BN_cmp(a->dsa->g, b->dsa->g) == 0 && BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: if (a->ecdsa == NULL || b->ecdsa == NULL || @@ -297,6 +302,7 @@ key_equal_public(const Key *a, const Key *b) } BN_CTX_free(bnctx); return 1; +#endif /* OPENSSL_HAS_ECC */ default: fatal("key_equal: bad key type %d", a->type); } @@ -695,11 +701,13 @@ key_read(Key *ret, char **cpp) } *space = '\0'; type = key_type_from_name(cp); +#ifdef OPENSSL_HAS_ECC if (key_type_plain(type) == KEY_ECDSA && (curve_nid = key_ecdsa_nid_from_name(cp)) == -1) { debug("key_read: invalid curve"); return -1; } +#endif *space = ' '; if (type == KEY_UNSPEC) { debug3("key_read: missing keytype"); @@ -736,12 +744,14 @@ key_read(Key *ret, char **cpp) key_free(k); return -1; } +#ifdef OPENSSL_HAS_ECC if (key_type_plain(type) == KEY_ECDSA && curve_nid != k->ecdsa_nid) { error("key_read: type mismatch: EC curve mismatch"); key_free(k); return -1; } +#endif /*XXXX*/ if (key_is_cert(ret)) { if (!key_is_cert(k)) { @@ -772,6 +782,7 @@ key_read(Key *ret, char **cpp) DSA_print_fp(stderr, ret->dsa, 8); #endif } +#ifdef OPENSSL_HAS_ECC if (key_type_plain(ret->type) == KEY_ECDSA) { if (ret->ecdsa != NULL) EC_KEY_free(ret->ecdsa); @@ -783,6 +794,7 @@ key_read(Key *ret, char **cpp) key_dump_ec_key(ret->ecdsa); #endif } +#endif success = 1; /*XXXX*/ key_free(k); @@ -839,11 +851,13 @@ key_write(const Key *key, FILE *f) if (key->dsa == NULL) return 0; break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: if (key->ecdsa == NULL) return 0; break; +#endif case KEY_RSA: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: @@ -877,8 +891,10 @@ key_type(const Key *k) return "RSA"; case KEY_DSA: return "DSA"; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: return "ECDSA"; +#endif case KEY_RSA_CERT_V00: return "RSA-CERT-V00"; case KEY_DSA_CERT_V00: @@ -887,8 +903,10 @@ key_type(const Key *k) return "RSA-CERT"; case KEY_DSA_CERT: return "DSA-CERT"; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: return "ECDSA-CERT"; +#endif } return "unknown"; } @@ -922,6 +940,7 @@ key_ssh_name_from_type_nid(int type, int nid) return "ssh-rsa-cert-v01@openssh.com"; case KEY_DSA_CERT: return "ssh-dss-cert-v01@openssh.com"; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: switch (nid) { case NID_X9_62_prime256v1: @@ -946,6 +965,7 @@ key_ssh_name_from_type_nid(int type, int nid) break; } break; +#endif /* OPENSSL_HAS_ECC */ } return "ssh-unknown"; } @@ -976,9 +996,11 @@ key_size(const Key *k) case KEY_DSA_CERT_V00: case KEY_DSA_CERT: return BN_num_bits(k->dsa->p); +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: return key_curve_nid_to_bits(k->ecdsa_nid); +#endif } return 0; } @@ -1012,17 +1034,20 @@ int key_ecdsa_bits_to_nid(int bits) { switch (bits) { +#ifdef OPENSSL_HAS_ECC case 256: return NID_X9_62_prime256v1; case 384: return NID_secp384r1; case 521: return NID_secp521r1; +#endif default: return -1; } } +#ifdef OPENSSL_HAS_ECC /* * This is horrid, but OpenSSL's PEM_read_PrivateKey seems not to restore * the EC_GROUP nid when loading a key... @@ -1070,6 +1095,7 @@ ecdsa_generate_private_key(u_int bits, int *nid) fatal("%s: EC_KEY_generate_key failed", __func__); return private; } +#endif /* OPENSSL_HAS_ECC */ Key * key_generate(int type, u_int bits) @@ -1079,9 +1105,11 @@ key_generate(int type, u_int bits) case KEY_DSA: k->dsa = dsa_generate_private_key(bits); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: k->ecdsa = ecdsa_generate_private_key(bits, &k->ecdsa_nid); break; +#endif case KEY_RSA: case KEY_RSA1: k->rsa = rsa_generate_private_key(bits); @@ -1158,6 +1186,7 @@ key_from_private(const Key *k) (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) fatal("key_from_private: BN_copy failed"); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: n = key_new(k->type); @@ -1168,6 +1197,7 @@ key_from_private(const Key *k) EC_KEY_get0_public_key(k->ecdsa)) != 1) fatal("%s: EC_KEY_set_public_key failed", __func__); break; +#endif case KEY_RSA: case KEY_RSA1: case KEY_RSA_CERT_V00: @@ -1199,11 +1229,13 @@ key_type_from_name(char *name) return KEY_RSA; } else if (strcmp(name, "ssh-dss") == 0) { return KEY_DSA; +#ifdef OPENSSL_HAS_ECC } else if (strcmp(name, "ecdsa") == 0 || strcmp(name, "ecdsa-sha2-nistp256") == 0 || strcmp(name, "ecdsa-sha2-nistp384") == 0 || strcmp(name, "ecdsa-sha2-nistp521") == 0) { return KEY_ECDSA; +#endif } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { return KEY_RSA_CERT_V00; } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { @@ -1212,10 +1244,13 @@ key_type_from_name(char *name) return KEY_RSA_CERT; } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { return KEY_DSA_CERT; +#ifdef OPENSSL_HAS_ECC } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 || strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 || - strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) + strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) { return KEY_ECDSA_CERT; +#endif + } debug2("key_type_from_name: unknown key type '%s'", name); return KEY_UNSPEC; @@ -1224,6 +1259,7 @@ key_type_from_name(char *name) int key_ecdsa_nid_from_name(const char *name) { +#ifdef OPENSSL_HAS_ECC if (strcmp(name, "ecdsa-sha2-nistp256") == 0 || strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0) return NID_X9_62_prime256v1; @@ -1233,6 +1269,7 @@ key_ecdsa_nid_from_name(const char *name) if (strcmp(name, "ecdsa-sha2-nistp521") == 0 || strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) return NID_secp521r1; +#endif /* OPENSSL_HAS_ECC */ debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); return -1; @@ -1403,7 +1440,9 @@ key_from_blob(const u_char *blob, u_int blen) int rlen, type, nid = -1; char *ktype = NULL, *curve = NULL; Key *key = NULL; +#ifdef OPENSSL_HAS_ECC EC_POINT *q = NULL; +#endif #ifdef DEBUG_PK dump_base64(stderr, blob, blen); @@ -1416,8 +1455,10 @@ key_from_blob(const u_char *blob, u_int blen) } type = key_type_from_name(ktype); +#ifdef OPENSSL_HAS_ECC if (key_type_plain(type) == KEY_ECDSA) nid = key_ecdsa_nid_from_name(ktype); +#endif switch (type) { case KEY_RSA_CERT: @@ -1455,6 +1496,7 @@ key_from_blob(const u_char *blob, u_int blen) DSA_print_fp(stderr, key->dsa, 8); #endif break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ /* FALLTHROUGH */ @@ -1490,6 +1532,7 @@ key_from_blob(const u_char *blob, u_int blen) key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); #endif break; +#endif /* OPENSSL_HAS_ECC */ case KEY_UNSPEC: key = key_new(type); break; @@ -1509,8 +1552,10 @@ key_from_blob(const u_char *blob, u_int blen) xfree(ktype); if (curve != NULL) xfree(curve); +#ifdef OPENSSL_HAS_ECC if (q != NULL) EC_POINT_free(q); +#endif buffer_free(&b); return key; } @@ -1543,12 +1588,14 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) buffer_put_bignum2(&b, key->dsa->g); buffer_put_bignum2(&b, key->dsa->pub_key); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: buffer_put_cstring(&b, key_ssh_name(key)); buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid)); buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa), EC_KEY_get0_public_key(key->ecdsa)); break; +#endif case KEY_RSA: buffer_put_cstring(&b, key_ssh_name(key)); buffer_put_bignum2(&b, key->rsa->e); @@ -1582,9 +1629,11 @@ key_sign( case KEY_DSA_CERT: case KEY_DSA: return ssh_dss_sign(key, sigp, lenp, data, datalen); +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: return ssh_ecdsa_sign(key, sigp, lenp, data, datalen); +#endif case KEY_RSA_CERT_V00: case KEY_RSA_CERT: case KEY_RSA: @@ -1613,9 +1662,11 @@ key_verify( case KEY_DSA_CERT: case KEY_DSA: return ssh_dss_verify(key, signature, signaturelen, data, datalen); +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: return ssh_ecdsa_verify(key, signature, signaturelen, data, datalen); +#endif case KEY_RSA_CERT_V00: case KEY_RSA_CERT: case KEY_RSA: @@ -1670,6 +1721,7 @@ key_demote(const Key *k) if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) fatal("key_demote: BN_dup failed"); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: key_cert_copy(k, pk); /* FALLTHROUGH */ @@ -1680,6 +1732,7 @@ key_demote(const Key *k) EC_KEY_get0_public_key(k->ecdsa)) != 1) fatal("key_demote: EC_KEY_set_public_key failed"); break; +#endif default: fatal("key_free: bad key type %d", k->type); break; @@ -1819,6 +1872,7 @@ key_certify(Key *k, Key *ca) buffer_put_bignum2(&k->cert->certblob, k->dsa->g); buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: buffer_put_cstring(&k->cert->certblob, key_curve_nid_to_name(k->ecdsa_nid)); @@ -1826,6 +1880,7 @@ key_certify(Key *k, Key *ca) EC_KEY_get0_group(k->ecdsa), EC_KEY_get0_public_key(k->ecdsa)); break; +#endif case KEY_RSA_CERT_V00: case KEY_RSA_CERT: buffer_put_bignum2(&k->cert->certblob, k->rsa->e); @@ -1955,12 +2010,14 @@ key_cert_is_legacy(Key *k) int key_curve_name_to_nid(const char *name) { +#ifdef OPENSSL_HAS_ECC if (strcmp(name, "nistp256") == 0) return NID_X9_62_prime256v1; else if (strcmp(name, "nistp384") == 0) return NID_secp384r1; else if (strcmp(name, "nistp521") == 0) return NID_secp521r1; +#endif debug("%s: unsupported EC curve name \"%.100s\"", __func__, name); return -1; @@ -1970,12 +2027,14 @@ u_int key_curve_nid_to_bits(int nid) { switch (nid) { +#ifdef OPENSSL_HAS_ECC case NID_X9_62_prime256v1: return 256; case NID_secp384r1: return 384; case NID_secp521r1: return 521; +#endif default: error("%s: unsupported EC curve nid %d", __func__, nid); return 0; @@ -1985,17 +2044,19 @@ key_curve_nid_to_bits(int nid) const char * key_curve_nid_to_name(int nid) { +#ifdef OPENSSL_HAS_ECC if (nid == NID_X9_62_prime256v1) return "nistp256"; else if (nid == NID_secp384r1) return "nistp384"; else if (nid == NID_secp521r1) return "nistp521"; - +#endif error("%s: unsupported EC curve nid %d", __func__, nid); return NULL; } +#ifdef OPENSSL_HAS_ECC const EVP_MD * key_ec_nid_to_evpmd(int nid) { @@ -2180,4 +2241,4 @@ key_dump_ec_key(const EC_KEY *key) fputs("\n", stderr); } #endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ - +#endif /* OPENSSL_HAS_ECC */ diff --git a/key.h b/key.h index ba1a20c07..86a1d889c 100644 --- a/key.h +++ b/key.h @@ -29,7 +29,9 @@ #include "buffer.h" #include #include +#ifdef OPENSSL_HAS_ECC #include +#endif typedef struct Key Key; enum types { @@ -77,7 +79,11 @@ struct Key { RSA *rsa; DSA *dsa; int ecdsa_nid; /* NID of curve */ +#ifdef OPENSSL_HAS_ECC EC_KEY *ecdsa; +#else + void *ecdsa; +#endif struct KeyCert *cert; }; @@ -114,10 +120,12 @@ int key_curve_name_to_nid(const char *); const char * key_curve_nid_to_name(int); u_int key_curve_nid_to_bits(int); int key_ecdsa_bits_to_nid(int); +#ifdef OPENSSL_HAS_ECC int key_ecdsa_group_to_nid(const EC_GROUP *); const EVP_MD * key_ec_nid_to_evpmd(int nid); int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); int key_ec_validate_private(const EC_KEY *); +#endif Key *key_from_blob(const u_char *, u_int); int key_to_blob(const Key *, u_char **, u_int *); @@ -135,7 +143,7 @@ int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int) int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) +#if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK)) void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); void key_dump_ec_key(const EC_KEY *); #endif diff --git a/myproposal.h b/myproposal.h index 5daca533b..893190788 100644 --- a/myproposal.h +++ b/myproposal.h @@ -26,44 +26,49 @@ #include +#ifdef OPENSSL_HAS_ECC +# define KEX_ECDH_METHODS \ + "ecdh-sha2-nistp256," \ + "ecdh-sha2-nistp384," \ + "ecdh-sha2-nistp521," +# define HOSTKEY_ECDSA_CERT_METHODS \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp521-cert-v01@openssh.com," +# define HOSTKEY_ECDSA_METHODS \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," \ + "ecdsa-sha2-nistp521," +#else +# define KEX_ECDH_METHODS +# define HOSTKEY_ECDSA_CERT_METHODS +# define HOSTKEY_ECDSA_METHODS +#endif + /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ #if OPENSSL_VERSION_NUMBER < 0x00907000L -# define KEX_DEFAULT_KEX \ - "diffie-hellman-group-exchange-sha1," \ - "diffie-hellman-group14-sha1," \ - "diffie-hellman-group1-sha1" - -#define KEX_DEFAULT_PK_ALG \ - "ssh-rsa-cert-v01@openssh.com," \ - "ssh-dss-cert-v01@openssh.com," \ - "ssh-rsa-cert-v00@openssh.com," \ - "ssh-dss-cert-v00@openssh.com," \ - "ssh-rsa," \ - "ssh-dss" +# define KEX_SHA256_METHODS \ + "diffie-hellman-group-exchange-sha1," #else -# define KEX_DEFAULT_KEX \ - "ecdh-sha2-nistp256," \ - "ecdh-sha2-nistp384," \ - "ecdh-sha2-nistp521," \ - "diffie-hellman-group-exchange-sha256," \ +# define KEX_SHA256_METHODS +#endif + +# define KEX_DEFAULT_KEX \ + KEX_ECDH_METHODS \ + KEX_SHA256_METHODS \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" #define KEX_DEFAULT_PK_ALG \ - "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ - "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ - "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ + HOSTKEY_ECDSA_CERT_METHODS \ "ssh-rsa-cert-v01@openssh.com," \ "ssh-dss-cert-v01@openssh.com," \ "ssh-rsa-cert-v00@openssh.com," \ "ssh-dss-cert-v00@openssh.com," \ - "ecdsa-sha2-nistp256," \ - "ecdsa-sha2-nistp384," \ - "ecdsa-sha2-nistp521," \ + HOSTKEY_ECDSA_METHODS \ "ssh-rsa," \ "ssh-dss" -#endif #define KEX_DEFAULT_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ diff --git a/packet.c b/packet.c index a06c5e3ef..0018d5839 100644 --- a/packet.c +++ b/packet.c @@ -641,11 +641,13 @@ packet_put_bignum2(BIGNUM * value) buffer_put_bignum2(&active_state->outgoing_packet, value); } +#ifdef OPENSSL_HAS_ECC void packet_put_ecpoint(const EC_GROUP *curve, const EC_POINT *point) { buffer_put_ecpoint(&active_state->outgoing_packet, curve, point); } +#endif /* * Finalizes and sends the packet. If the encryption key has been set, @@ -1517,11 +1519,13 @@ packet_get_bignum2(BIGNUM * value) buffer_get_bignum2(&active_state->incoming_packet, value); } +#ifdef OPENSSL_HAS_ECC void packet_get_ecpoint(const EC_GROUP *curve, EC_POINT *point) { buffer_get_ecpoint(&active_state->incoming_packet, curve, point); } +#endif void * packet_get_raw(u_int *length_ptr) diff --git a/readconf.c b/readconf.c index 98ce3017f..586422930 100644 --- a/readconf.c +++ b/readconf.c @@ -1214,12 +1214,13 @@ fill_default_options(Options * options) xmalloc(len); snprintf(options->identity_files[options->num_identity_files++], len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); - +#ifdef OPENSSL_HAS_ECC len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1; options->identity_files[options->num_identity_files] = xmalloc(len); snprintf(options->identity_files[options->num_identity_files++], len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA); +#endif } } if (options->escape_char == -1) diff --git a/ssh-agent.c b/ssh-agent.c index 87939b2b6..8f19fb157 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -468,8 +468,10 @@ process_add_identity(SocketEntry *e, int version) int type, success = 0, death = 0, confirm = 0; char *type_name, *comment, *curve; Key *k = NULL; +#ifdef OPENSSL_HAS_ECC BIGNUM *exponent; EC_POINT *q; +#endif u_char *cert; u_int len; @@ -510,6 +512,7 @@ process_add_identity(SocketEntry *e, int version) key_add_private(k); buffer_get_bignum2(&e->request, k->dsa->priv_key); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: k = key_new_private(type); k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); @@ -561,6 +564,7 @@ process_add_identity(SocketEntry *e, int version) fatal("%s: bad ECDSA key", __func__); BN_clear_free(exponent); break; +#endif /* OPENSSL_HAS_ECC */ case KEY_RSA: k = key_new_private(type); buffer_get_bignum2(&e->request, k->rsa->n); diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 5c4ce2311..c8276b460 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -26,6 +26,8 @@ #include "includes.h" +#ifdef OPENSSL_HAS_ECC + #include #include @@ -162,3 +164,5 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); return ret; } + +#endif /* OPENSSL_HAS_ECC */ diff --git a/ssh-keygen.c b/ssh-keygen.c index 43b8c7f97..bbd434b0b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -265,10 +265,12 @@ do_convert_to_pkcs8(Key *k) if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) fatal("PEM_write_DSA_PUBKEY failed"); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) fatal("PEM_write_EC_PUBKEY failed"); break; +#endif default: fatal("%s: unsupported key type %s", __func__, key_type(k)); } @@ -549,6 +551,7 @@ do_convert_from_pkcs8(Key **k, int *private) (*k)->type = KEY_DSA; (*k)->dsa = EVP_PKEY_get1_DSA(pubkey); break; +#ifdef OPENSSL_HAS_ECC case EVP_PKEY_EC: *k = key_new(KEY_UNSPEC); (*k)->type = KEY_ECDSA; @@ -556,6 +559,7 @@ do_convert_from_pkcs8(Key **k, int *private) (*k)->ecdsa_nid = key_ecdsa_group_to_nid( EC_KEY_get0_group((*k)->ecdsa)); break; +#endif default: fatal("%s: unsupported pubkey type %d", __func__, EVP_PKEY_type(pubkey->type)); @@ -632,10 +636,12 @@ do_convert_from(struct passwd *pw) ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL); break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA: ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL, NULL, 0, NULL, NULL); break; +#endif case KEY_RSA: ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL); diff --git a/ssh.c b/ssh.c index 51c68d7da..3ade744b6 100644 --- a/ssh.c +++ b/ssh.c @@ -783,20 +783,26 @@ main(int ac, char **av) sensitive_data.nkeys = 7; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); + for (i = 0; i < sensitive_data.nkeys; i++) + sensitive_data.keys[i] = NULL; PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL, NULL); sensitive_data.keys[1] = key_load_private_cert(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL); +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[2] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL); +#endif sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL); sensitive_data.keys[4] = key_load_private_type(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); +#endif sensitive_data.keys[6] = key_load_private_type(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); PRIV_END; @@ -808,14 +814,18 @@ main(int ac, char **av) sensitive_data.keys[6] == NULL) { sensitive_data.keys[1] = key_load_cert( _PATH_HOST_DSA_KEY_FILE); +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[2] = key_load_cert( _PATH_HOST_ECDSA_KEY_FILE); +#endif sensitive_data.keys[3] = key_load_cert( _PATH_HOST_RSA_KEY_FILE); sensitive_data.keys[4] = key_load_public( _PATH_HOST_DSA_KEY_FILE, NULL); +#ifdef OPENSSL_HAS_ECC sensitive_data.keys[5] = key_load_public( _PATH_HOST_ECDSA_KEY_FILE, NULL); +#endif sensitive_data.keys[6] = key_load_public( _PATH_HOST_RSA_KEY_FILE, NULL); sensitive_data.external_keysign = 1; -- cgit v1.2.3 From 8ccb7392e7ea45d2997afdfa981a450c7db85211 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 10 Sep 2010 12:28:24 +1000 Subject: - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs for missing headers and compiler warnings. --- ChangeLog | 2 ++ kex.h | 2 ++ key.c | 10 ++++++++-- packet.h | 6 ++++++ ssh-agent.c | 3 ++- ssh.c | 13 +++++++++++-- 6 files changed, 31 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 742e966c5..c3c18d722 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,8 @@ [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@ + - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs + for missing headers and compiler warnings. 20100831 - OpenBSD CVS Sync diff --git a/kex.h b/kex.h index 06914756a..3e312fb44 100644 --- a/kex.h +++ b/kex.h @@ -29,7 +29,9 @@ #include #include #include +#ifdef OPENSSL_HAS_ECC #include +#endif #define KEX_COOKIE_LEN 16 diff --git a/key.c b/key.c index 3cda8f2cb..196092de5 100644 --- a/key.c +++ b/key.c @@ -261,7 +261,9 @@ cert_compare(struct KeyCert *a, struct KeyCert *b) int key_equal_public(const Key *a, const Key *b) { +#ifdef OPENSSL_HAS_ECC BN_CTX *bnctx; +#endif if (a == NULL || b == NULL || key_type_plain(a->type) != key_type_plain(b->type)) @@ -656,9 +658,12 @@ key_read(Key *ret, char **cpp) Key *k; int success = -1; char *cp, *space; - int len, n, type, curve_nid = -1; + int len, n, type; u_int bits; u_char *blob; +#ifdef OPENSSL_HAS_ECC + int curve_nid = -1; +#endif cp = *cpp; @@ -1437,11 +1442,12 @@ Key * key_from_blob(const u_char *blob, u_int blen) { Buffer b; - int rlen, type, nid = -1; + int rlen, type; char *ktype = NULL, *curve = NULL; Key *key = NULL; #ifdef OPENSSL_HAS_ECC EC_POINT *q = NULL; + int nid = -1; #endif #ifdef DEBUG_PK diff --git a/packet.h b/packet.h index 827561cdb..864b82855 100644 --- a/packet.h +++ b/packet.h @@ -19,7 +19,9 @@ #include #include +#ifdef OPENSSL_HAS_ECC #include +#endif void packet_set_connection(int, int); void packet_set_timeout(int, int); @@ -43,7 +45,9 @@ void packet_put_int(u_int value); void packet_put_int64(u_int64_t value); void packet_put_bignum(BIGNUM * value); void packet_put_bignum2(BIGNUM * value); +#ifdef OPENSSL_HAS_ECC void packet_put_ecpoint(const EC_GROUP *, const EC_POINT *); +#endif void packet_put_string(const void *buf, u_int len); void packet_put_cstring(const char *str); void packet_put_raw(const void *buf, u_int len); @@ -61,7 +65,9 @@ u_int packet_get_int(void); u_int64_t packet_get_int64(void); void packet_get_bignum(BIGNUM * value); void packet_get_bignum2(BIGNUM * value); +#ifdef OPENSSL_HAS_ECC void packet_get_ecpoint(const EC_GROUP *, EC_POINT *); +#endif void *packet_get_raw(u_int *length_ptr); void *packet_get_string(u_int *length_ptr); char *packet_get_cstring(u_int *length_ptr); diff --git a/ssh-agent.c b/ssh-agent.c index 8f19fb157..45c8e37a3 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -466,11 +466,12 @@ process_add_identity(SocketEntry *e, int version) Idtab *tab = idtab_lookup(version); Identity *id; int type, success = 0, death = 0, confirm = 0; - char *type_name, *comment, *curve; + char *type_name, *comment; Key *k = NULL; #ifdef OPENSSL_HAS_ECC BIGNUM *exponent; EC_POINT *q; + int *curve; #endif u_char *cert; u_int len; diff --git a/ssh.c b/ssh.c index 3ade744b6..70c71bc00 100644 --- a/ssh.c +++ b/ssh.c @@ -849,10 +849,19 @@ main(int ac, char **av) */ r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { +#ifdef WITH_SELINUX + char *scon; + + matchpathcon(buf, 0700, &scon); + setfscreatecon(scon); +#endif if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); - +#ifdef WITH_SELINUX + setfscreatecon(NULL); +#endif + } /* load options.identity_files */ load_public_identity_files(); -- cgit v1.2.3 From 6186bbc7fbdda96d8a5febba9e158fdf2f3f4db4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:00:54 +1000 Subject: - naddy@cvs.openbsd.org 2010/09/10 15:19:29 [ssh-keygen.1] * mention ECDSA in more places * less repetition in FILES section * SSHv1 keys are still encrypted with 3DES help and ok jmc@ --- ChangeLog | 9 +++++++++ ssh-keygen.1 | 43 +++++++++++++++++-------------------------- 2 files changed, 26 insertions(+), 26 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c3c18d722..a605d86c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +20100924 + - (djm) OpenBSD CVS Sync + - naddy@cvs.openbsd.org 2010/09/10 15:19:29 + [ssh-keygen.1] + * mention ECDSA in more places + * less repetition in FILES section + * SSHv1 keys are still encrypted with 3DES + help and ok jmc@ + 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact return code since it can apparently return -1 under some conditions. From diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 4b95a4e1c..b9700230b 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.99 2010/08/31 11:54:45 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.100 2010/09/10 15:19:29 naddy Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2010 $ +.Dd $Mdocdate: September 10 2010 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -125,7 +125,7 @@ generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create RSA keys for use by SSH protocol version 1 and RSA, DSA or ECDSA +can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type of key to be generated is specified with the .Fl t @@ -427,9 +427,10 @@ Specifies the type of key to create. The possible values are .Dq rsa1 for protocol version 1 and -.Dq rsa +.Dq dsa , +.Dq ecdsa or -.Dq dsa +.Dq rsa for protocol version 2. .It Fl V Ar validity_interval Specify a validity interval when signing a certificate. @@ -606,18 +607,19 @@ or .Xr ssh 1 . Please refer to those manual pages for details. .Sh FILES -.Bl -tag -width Ds +.Bl -tag -width Ds -compact .It Pa ~/.ssh/identity Contains the protocol version 1 RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 128-bit AES. +used to encrypt the private part of this file using 3DES. This file is not automatically accessed by .Nm but it is offered as the default file for the private key. .Xr ssh 1 will read this file when a login attempt is made. +.Pp .It Pa ~/.ssh/identity.pub Contains the protocol version 1 RSA public key for authentication. The contents of this file should be added to @@ -625,26 +627,11 @@ The contents of this file should be added to on all machines where the user wishes to log in using RSA authentication. There is no need to keep the contents of this file secret. +.Pp .It Pa ~/.ssh/id_dsa -Contains the protocol version 2 DSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 128-bit AES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr ssh 1 -will read this file when a login attempt is made. -.It Pa ~/.ssh/id_dsa.pub -Contains the protocol version 2 DSA public key for authentication. -The contents of this file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using public key authentication. -There is no need to keep the contents of this file secret. +.It Pa ~/.ssh/id_ecdsa .It Pa ~/.ssh/id_rsa -Contains the protocol version 2 RSA authentication identity of the user. +Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -654,13 +641,17 @@ This file is not automatically accessed by but it is offered as the default file for the private key. .Xr ssh 1 will read this file when a login attempt is made. +.Pp +.It Pa ~/.ssh/id_dsa.pub +.It Pa ~/.ssh/id_ecdsa.pub .It Pa ~/.ssh/id_rsa.pub -Contains the protocol version 2 RSA public key for authentication. +Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. The contents of this file should be added to .Pa ~/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. +.Pp .It Pa /etc/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format is described in -- cgit v1.2.3 From 1ca94693180f4be6ece4056b9d3e95dc484973bb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:01:22 +1000 Subject: - djm@cvs.openbsd.org 2010/09/11 21:44:20 [ssh.1] mention RFC 5656 for ECC stuff --- ChangeLog | 3 +++ ssh.1 | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a605d86c9..99a2d4979 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ * less repetition in FILES section * SSHv1 keys are still encrypted with 3DES help and ok jmc@ + - djm@cvs.openbsd.org 2010/09/11 21:44:20 + [ssh.1] + mention RFC 5656 for ECC stuff 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/ssh.1 b/ssh.1 index 95ee85689..3209a388f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.312 2010/09/04 09:38:34 jmc Exp $ -.Dd $Mdocdate: September 4 2010 $ +.\" $OpenBSD: ssh.1,v 1.313 2010/09/11 21:44:20 djm Exp $ +.Dd $Mdocdate: September 11 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -1467,6 +1467,11 @@ if an error occurred. .%D 2006 .Re .Rs +.%R RFC 5656 +.%T "Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer" +.%D 2009 +.Re +.Rs .%T "Hash Visualization: a New Technique to improve Real-World Security" .%A A. Perrig .%A D. Song -- cgit v1.2.3 From 881adf74eba06251604151cd4686fef3640b9008 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:01:54 +1000 Subject: - jmc@cvs.openbsd.org 2010/09/19 21:30:05 [sftp.1] more wacky macro fixing; --- ChangeLog | 3 +++ sftp.1 | 10 ++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 99a2d4979..f8596098d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ - djm@cvs.openbsd.org 2010/09/11 21:44:20 [ssh.1] mention RFC 5656 for ECC stuff + - jmc@cvs.openbsd.org 2010/09/19 21:30:05 + [sftp.1] + more wacky macro fixing; 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/sftp.1 b/sftp.1 index 777b02a58..49d88de03 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.83 2010/02/08 10:50:20 markus Exp $ +.\" $OpenBSD: sftp.1,v 1.84 2010/09/19 21:30:05 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 8 2010 $ +.Dd $Mdocdate: September 19 2010 $ .Dt SFTP 1 .Os .Sh NAME @@ -49,9 +49,11 @@ .Oo Ar user Ns @ Oc Ns .Ar host Ns Op : Ns Ar .Nm sftp -.Oo Ar user Ns @ Oc Ns +.Oo +.Ar user Ns @ Oc Ns .Ar host Ns Oo : Ns Ar dir Ns -.Op Ar / Oc +.Op Ar / +.Oc .Nm sftp .Fl b Ar batchfile .Oo Ar user Ns @ Oc Ns Ar host -- cgit v1.2.3 From 857b02e37f3bd6d5390711521e2dd021beca3a3c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:02:56 +1000 Subject: - djm@cvs.openbsd.org 2010/09/20 04:41:47 [ssh.c] install a SIGCHLD handler to reap expiried child process; ok markus@ --- ChangeLog | 3 +++ ssh.c | 21 ++++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f8596098d..f9e0f6c09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ - jmc@cvs.openbsd.org 2010/09/19 21:30:05 [sftp.1] more wacky macro fixing; + - djm@cvs.openbsd.org 2010/09/20 04:41:47 + [ssh.c] + install a SIGCHLD handler to reap expiried child process; ok markus@ 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/ssh.c b/ssh.c index 70c71bc00..20de28a64 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.351 2010/09/02 16:08:39 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.352 2010/09/20 04:41:47 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -50,6 +50,7 @@ #include #include #include +#include #include #include @@ -210,6 +211,7 @@ usage(void) static int ssh_session(void); static int ssh_session2(void); static void load_public_identity_files(void); +static void main_sigchld_handler(int); /* from muxclient.c */ void muxclient(const char *); @@ -877,6 +879,7 @@ main(int ac, char **av) tilde_expand_filename(options.user_hostfile2, original_real_uid); signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ + signal(SIGCHLD, main_sigchld_handler); /* Log into the remote system. Never returns if the login fails. */ ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, @@ -1545,3 +1548,19 @@ load_public_identity_files(void) bzero(pwdir, strlen(pwdir)); xfree(pwdir); } + +static void +main_sigchld_handler(int sig) +{ + int save_errno = errno; + pid_t pid; + int status; + + while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || + (pid < 0 && errno == EINTR)) + ; + + signal(sig, main_sigchld_handler); + errno = save_errno; +} + -- cgit v1.2.3 From f7540cd5c4047675d03b2426bb6c32d3ff811bf7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:03:24 +1000 Subject: - djm@cvs.openbsd.org 2010/09/20 04:50:53 [jpake.c schnorr.c] check that received values are smaller than the group size in the disabled and unfinished J-PAKE code. avoids catastrophic security failure found by Sebastien Martini --- ChangeLog | 5 +++++ jpake.c | 8 +++++++- schnorr.c | 10 +++++++++- 3 files changed, 21 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f9e0f6c09..ddfd7b357 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,11 @@ - djm@cvs.openbsd.org 2010/09/20 04:41:47 [ssh.c] install a SIGCHLD handler to reap expiried child process; ok markus@ + - djm@cvs.openbsd.org 2010/09/20 04:50:53 + [jpake.c schnorr.c] + check that received values are smaller than the group size in the + disabled and unfinished J-PAKE code. + avoids catastrophic security failure found by Sebastien Martini 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/jpake.c b/jpake.c index cdf65f509..38fc255c3 100644 --- a/jpake.c +++ b/jpake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jpake.c,v 1.4 2010/07/13 23:13:16 djm Exp $ */ +/* $OpenBSD: jpake.c,v 1.5 2010/09/20 04:50:53 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -257,8 +257,12 @@ jpake_step2(struct modp_group *grp, BIGNUM *s, /* Validate peer's step 1 values */ if (BN_cmp(theirpub1, BN_value_one()) <= 0) fatal("%s: theirpub1 <= 1", __func__); + if (BN_cmp(theirpub1, grp->p) >= 0) + fatal("%s: theirpub1 >= p", __func__); if (BN_cmp(theirpub2, BN_value_one()) <= 0) fatal("%s: theirpub2 <= 1", __func__); + if (BN_cmp(theirpub2, grp->p) >= 0) + fatal("%s: theirpub2 >= p", __func__); if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1, theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1) @@ -363,6 +367,8 @@ jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val, /* Validate step 2 values */ if (BN_cmp(step2_val, BN_value_one()) <= 0) fatal("%s: step2_val <= 1", __func__); + if (BN_cmp(step2_val, grp->p) >= 0) + fatal("%s: step2_val >= p", __func__); /* * theirpriv2_s_proof is calculated with a different generator: diff --git a/schnorr.c b/schnorr.c index c17ff3241..8da2feaad 100644 --- a/schnorr.c +++ b/schnorr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: schnorr.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */ +/* $OpenBSD: schnorr.c,v 1.4 2010/09/20 04:50:53 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -138,6 +138,10 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, error("%s: g_x < 1", __func__); return -1; } + if (BN_cmp(g_x, grp_p) >= 0) { + error("%s: g_x > g", __func__); + return -1; + } h = g_v = r = tmp = v = NULL; if ((bn_ctx = BN_CTX_new()) == NULL) { @@ -264,6 +268,10 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, error("%s: g_x < 1", __func__); return -1; } + if (BN_cmp(g_x, grp_p) >= 0) { + error("%s: g_x >= p", __func__); + return -1; + } h = g_xh = g_r = expected = NULL; if ((bn_ctx = BN_CTX_new()) == NULL) { -- cgit v1.2.3 From 18e1cab1a112052580bbd3f35fbaec15661d098d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:07:17 +1000 Subject: - djm@cvs.openbsd.org 2010/09/20 04:54:07 [jpake.c] missing #include --- ChangeLog | 3 +++ jpake.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ddfd7b357..adfb63d0e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,9 @@ check that received values are smaller than the group size in the disabled and unfinished J-PAKE code. avoids catastrophic security failure found by Sebastien Martini + - djm@cvs.openbsd.org 2010/09/20 04:54:07 + [jpake.c] + missing #include 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/jpake.c b/jpake.c index 38fc255c3..ac9a4bc34 100644 --- a/jpake.c +++ b/jpake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jpake.c,v 1.5 2010/09/20 04:50:53 djm Exp $ */ +/* $OpenBSD: jpake.c,v 1.6 2010/09/20 04:54:07 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -45,6 +45,7 @@ #include "packet.h" #include "dispatch.h" #include "log.h" +#include "misc.h" #include "jpake.h" #include "schnorr.h" -- cgit v1.2.3 From 603134e077e667b4819effb0e121803842df621f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:07:55 +1000 Subject: - djm@cvs.openbsd.org 2010/09/20 07:19:27 [mux.c] "atomically" create the listening mux socket by binding it on a temorary name and then linking it into position after listen() has succeeded. this allows the mux clients to determine that the server socket is either ready or stale without races. stale server sockets are now automatically removed ok deraadt --- ChangeLog | 8 ++++++++ mux.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 54 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index adfb63d0e..7d9e994d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,14 @@ - djm@cvs.openbsd.org 2010/09/20 04:54:07 [jpake.c] missing #include + - djm@cvs.openbsd.org 2010/09/20 07:19:27 + [mux.c] + "atomically" create the listening mux socket by binding it on a temorary + name and then linking it into position after listen() has succeeded. + this allows the mux clients to determine that the server socket is + either ready or stale without races. stale server sockets are now + automatically removed + ok deraadt 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/mux.c b/mux.c index 5c3857ee8..c010b614e 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.21 2010/06/25 23:15:36 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.22 2010/09/20 07:19:27 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -1026,6 +1026,9 @@ muxserver_listen(void) struct sockaddr_un addr; socklen_t sun_len; mode_t old_umask; + char *orig_control_path = options.control_path; + char rbuf[16+1]; + u_int i, r; if (options.control_path == NULL || options.control_master == SSHCTL_MASTER_NO) @@ -1033,6 +1036,23 @@ muxserver_listen(void) debug("setting up multiplex master socket"); + /* + * Use a temporary path before listen so we can pseudo-atomically + * establish the listening socket in its final location to avoid + * other processes racing in between bind() and listen() and hitting + * an unready socket. + */ + for (i = 0; i < sizeof(rbuf) - 1; i++) { + r = arc4random_uniform(26+26+10); + rbuf[i] = (r < 26) ? 'a' + r : + (r < 26*2) ? 'A' + r - 26 : + '0' + r - 26 - 26; + } + rbuf[sizeof(rbuf) - 1] = '\0'; + options.control_path = NULL; + xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf); + debug3("%s: temporary control path %s", __func__, options.control_path); + memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; sun_len = offsetof(struct sockaddr_un, sun_path) + @@ -1051,6 +1071,7 @@ muxserver_listen(void) if (errno == EINVAL || errno == EADDRINUSE) { error("ControlSocket %s already exists, " "disabling multiplexing", options.control_path); + disable_mux_master: close(muxserver_sock); muxserver_sock = -1; xfree(options.control_path); @@ -1065,12 +1086,29 @@ muxserver_listen(void) if (listen(muxserver_sock, 64) == -1) fatal("%s listen(): %s", __func__, strerror(errno)); + /* Now atomically "move" the mux socket into position */ + if (link(options.control_path, orig_control_path) != 0) { + if (errno != EEXIST) { + fatal("%s: link mux listener %s => %s: %s", __func__, + options.control_path, orig_control_path, + strerror(errno)); + } + error("ControlSocket %s already exists, disabling multiplexing", + orig_control_path); + xfree(orig_control_path); + unlink(options.control_path); + goto disable_mux_master; + } + unlink(options.control_path); + xfree(options.control_path); + options.control_path = orig_control_path; + set_nonblock(muxserver_sock); mux_listener_channel = channel_new("mux listener", SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, addr.sun_path, 1); + 0, options.control_path, 1); mux_listener_channel->mux_rcb = mux_master_read_cb; debug3("%s: mux listener channel %d fd %d", __func__, mux_listener_channel->self, mux_listener_channel->sock); @@ -1823,9 +1861,13 @@ muxclient(const char *path) fatal("Control socket connect(%.100s): %s", path, strerror(errno)); } - if (errno == ENOENT) + if (errno == ECONNREFUSED && + options.control_master != SSHCTL_MASTER_NO) { + debug("Stale control socket %.100s, unlinking", path); + unlink(path); + } else if (errno == ENOENT) { debug("Control socket \"%.100s\" does not exist", path); - else { + } else { error("Control socket connect(%.100s): %s", path, strerror(errno)); } -- cgit v1.2.3 From d5f62bf280b0798d7009d4424594a648a4e887fb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:11:14 +1000 Subject: - djm@cvs.openbsd.org 2010/09/22 05:01:30 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@ --- ChangeLog | 7 +++++++ kex.c | 30 +++++++++++++++++++++++++++++- kex.h | 7 +++++-- kexecdh.c | 12 ++++-------- kexecdhc.c | 5 +++-- kexecdhs.c | 5 +++-- readconf.c | 18 +++++++++++++++++- readconf.h | 3 ++- servconf.c | 17 ++++++++++++++++- servconf.h | 3 ++- ssh_config.5 | 15 +++++++++++++-- sshconnect2.c | 4 +++- sshd.c | 4 +++- sshd_config.5 | 15 +++++++++++++-- 14 files changed, 120 insertions(+), 25 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7d9e994d1..5cb4c880d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,13 @@ either ready or stale without races. stale server sockets are now automatically removed ok deraadt + - djm@cvs.openbsd.org 2010/09/22 05:01:30 + [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] + [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] + add a KexAlgorithms knob to the client and server configuration to allow + selection of which key exchange methods are used by ssh(1) and sshd(8) + and their order of preference. + ok markus@ 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/kex.c b/kex.c index 7c8763191..c65e28f94 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.85 2010/09/09 10:45:45 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.86 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -62,6 +62,34 @@ extern const EVP_MD *evp_ssh_sha256(void); static void kex_kexinit_finish(Kex *); static void kex_choose_conf(Kex *); +/* Validate KEX method name list */ +int +kex_names_valid(const char *names) +{ + char *s, *cp, *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + s = cp = xstrdup(names); + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + if (strcmp(p, KEX_DHGEX_SHA256) != 0 && + strcmp(p, KEX_DHGEX_SHA1) != 0 && + strcmp(p, KEX_DH14) != 0 && + strcmp(p, KEX_DH1) != 0 && + (strncmp(p, KEX_ECDH_SHA2_STEM, + sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 || + kex_ecdh_name_to_nid(p) == -1)) { + error("Unsupported KEX algorithm \"%.100s\"", p); + xfree(s); + return 0; + } + } + debug3("kex names ok: [%s]", names); + xfree(s); + return 1; +} + /* put algorithm proposal into buffer */ static void kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) diff --git a/kex.h b/kex.h index 3e312fb44..7373d3c78 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.51 2010/09/09 10:45:45 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.52 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -138,6 +138,8 @@ struct Kex { void (*kex[KEX_MAX])(Kex *); }; +int kex_names_valid(const char *); + Kex *kex_setup(char *[PROPOSAL_MAX]); void kex_finish(Kex *); @@ -169,7 +171,8 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, int kex_ecdh_name_to_nid(const char *); const EVP_MD *kex_ecdh_name_to_evpmd(const char *); #else -# define kex_ecdh_name_to_evpmd(x) NULL +# define kex_ecdh_name_to_nid(x) (-1) +# define kex_ecdh_name_to_evpmd(x) (NULL) #endif void diff --git a/kexecdh.c b/kexecdh.c index 4c58a5122..f13f69d3b 100644 --- a/kexecdh.c +++ b/kexecdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdh.c,v 1.2 2010/09/09 10:45:45 djm Exp $ */ +/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -48,15 +48,9 @@ int kex_ecdh_name_to_nid(const char *kexname) { - int ret; - if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) fatal("%s: kexname too short \"%s\"", __func__, kexname); - ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); - if (ret == -1) - fatal("%s: unsupported curve negotiated \"%s\"", __func__, - kexname); - return ret; + return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); } const EVP_MD * @@ -64,6 +58,8 @@ kex_ecdh_name_to_evpmd(const char *kexname) { int nid = kex_ecdh_name_to_nid(kexname); + if (nid == -1) + fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname); return key_ec_nid_to_evpmd(nid); } diff --git a/kexecdhc.c b/kexecdhc.c index 297a0e5a9..115d4bf83 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -59,7 +59,8 @@ kexecdh_client(Kex *kex) u_int klen, slen, sbloblen, hashlen; int curve_nid; - curve_nid = kex_ecdh_name_to_nid(kex->name); + if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) + fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) fatal("%s: EC_KEY_new_by_curve_name failed", __func__); if (EC_KEY_generate_key(client_key) != 1) diff --git a/kexecdhs.c b/kexecdhs.c index d2c3feb09..8c515dfa6 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -61,7 +61,8 @@ kexecdh_server(Kex *kex) u_int klen, slen, sbloblen, hashlen; int curve_nid; - curve_nid = kex_ecdh_name_to_nid(kex->name); + if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) + fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) fatal("%s: EC_KEY_new_by_curve_name failed", __func__); if (EC_KEY_generate_key(server_key) != 1) diff --git a/readconf.c b/readconf.c index 586422930..da7efd193 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.188 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.189 2010/09/22 05:01:29 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -132,6 +132,7 @@ typedef enum { oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, + oKexAlgorithms, oDeprecated, oUnsupported } OpCodes; @@ -240,6 +241,7 @@ static struct { #else { "zeroknowledgepasswordauthentication", oUnsupported }, #endif + { "kexalgorithms", oKexAlgorithms }, { NULL, oBadOption } }; @@ -699,6 +701,18 @@ parse_int: options->macs = xstrdup(arg); break; + case oKexAlgorithms: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + if (!kex_names_valid(arg)) + fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", + filename, linenum, arg ? arg : ""); + if (*activep && options->kex_algorithms == NULL) + options->kex_algorithms = xstrdup(arg); + break; + case oHostKeyAlgorithms: arg = strdelim(&s); if (!arg || *arg == '\0') @@ -1078,6 +1092,7 @@ initialize_options(Options * options) options->cipher = -1; options->ciphers = NULL; options->macs = NULL; + options->kex_algorithms = NULL; options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; @@ -1191,6 +1206,7 @@ fill_default_options(Options * options) options->cipher = SSH_CIPHER_NOT_SET; /* options->ciphers, default set in myproposals.h */ /* options->macs, default set in myproposals.h */ + /* options->kex_algorithms, default set in myproposals.h */ /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_2; diff --git a/readconf.h b/readconf.h index 95d104674..ae61466df 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.86 2010/07/19 09:15:12 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.87 2010/09/22 05:01:29 djm Exp $ */ /* * Author: Tatu Ylonen @@ -73,6 +73,7 @@ typedef struct { char *ciphers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ + char *kex_algorithms; /* SSH2 kex methods in order of preference. */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ diff --git a/servconf.c b/servconf.c index def6b716a..d26a7db05 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.210 2010/09/01 15:21:35 naddy Exp $ */ +/* $OpenBSD: servconf.c,v 1.211 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -109,6 +109,7 @@ initialize_server_options(ServerOptions *options) options->num_deny_groups = 0; options->ciphers = NULL; options->macs = NULL; + options->kex_algorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; @@ -314,6 +315,7 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sKexAlgorithms, sDeprecated, sUnsupported } ServerOpCodes; @@ -436,6 +438,7 @@ static struct { { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { NULL, sBadOption, 0 } }; @@ -1131,6 +1134,18 @@ process_server_config_line(ServerOptions *options, char *line, options->macs = xstrdup(arg); break; + case sKexAlgorithms: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing argument.", + filename, linenum); + if (!kex_names_valid(arg)) + fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", + filename, linenum, arg ? arg : ""); + if (options->kex_algorithms == NULL) + options->kex_algorithms = xstrdup(arg); + break; + case sProtocol: intptr = &options->protocol; arg = strdelim(&cp); diff --git a/servconf.h b/servconf.h index 45d2a2ae3..ad13f2edd 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.93 2010/05/07 11:30:30 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.94 2010/09/22 05:01:29 djm Exp $ */ /* * Author: Tatu Ylonen @@ -72,6 +72,7 @@ typedef struct { int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ + char *kex_algorithms; /* SSH2 kex methods in order of preference. */ int protocol; /* Supported protocol versions. */ int gateway_ports; /* If true, allow remote connects to forwarded ports. */ SyslogFacility log_facility; /* Facility for system logging. */ diff --git a/ssh_config.5 b/ssh_config.5 index 33038ffcf..6e49842a7 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.139 2010/08/31 11:54:45 djm Exp $ -.Dd $Mdocdate: August 31 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.140 2010/09/22 05:01:29 djm Exp $ +.Dd $Mdocdate: September 22 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -646,6 +646,17 @@ it may be zero or more of: .Dq pam , and .Dq skey . +.It Cm KexAlgorithms +Specifies the available KEX (Key Exchange) algorithms. +Multiple algorithms must be comma-separated. +The default is +.Dq ecdh-sha2-nistp256 , +.Dq ecdh-sha2-nistp384 , +.Dq ecdh-sha2-nistp521 , +.Dq diffie-hellman-group-exchange-sha256 , +.Dq diffie-hellman-group-exchange-sha1 , +.Dq diffie-hellman-group14-sha1 , +.Dq diffie-hellman-group1-sha1 . .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. diff --git a/sshconnect2.c b/sshconnect2.c index a31a663d4..6fe356cca 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.184 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.185 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -135,6 +135,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) if (options.hostkeyalgorithms != NULL) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; + if (options.kex_algorithms != NULL) + myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; if (options.rekey_limit) packet_set_rekey_limit((u_int32_t)options.rekey_limit); diff --git a/sshd.c b/sshd.c index 7995f5a1d..5d4d14ae2 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.379 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.380 2010/09/22 05:01:29 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2297,6 +2297,8 @@ do_ssh2_kex(void) myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; } + if (options.kex_algorithms != NULL) + myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); diff --git a/sshd_config.5 b/sshd_config.5 index af3d89b80..d87f60246 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.126 2010/08/31 11:54:45 djm Exp $ -.Dd $Mdocdate: August 31 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.127 2010/09/22 05:01:30 djm Exp $ +.Dd $Mdocdate: September 22 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -538,6 +538,17 @@ Specifies whether to automatically destroy the user's ticket cache file on logout. The default is .Dq yes . +.It Cm KexAlgorithms +Specifies the available KEX (Key Exchange) algorithms. +Multiple algorithms must be comma-separated. +The default is +.Dq ecdh-sha2-nistp256 , +.Dq ecdh-sha2-nistp384 , +.Dq ecdh-sha2-nistp521 , +.Dq diffie-hellman-group-exchange-sha256 , +.Dq diffie-hellman-group-exchange-sha1 , +.Dq diffie-hellman-group14-sha1 , +.Dq diffie-hellman-group1-sha1 . .It Cm KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). -- cgit v1.2.3 From 7fe2b1fec3b364faf952828f3875b8e7eed8feb4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:11:53 +1000 Subject: - jmc@cvs.openbsd.org 2010/09/22 08:30:08 [ssh.1 ssh_config.5] ssh.1: add kexalgorithms to the -o list ssh_config.5: format the kexalgorithms in a more consistent (prettier!) way ok djm --- ChangeLog | 6 ++++++ ssh.1 | 5 +++-- ssh_config.5 | 18 +++++++++--------- 3 files changed, 18 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5cb4c880d..5f3914007 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,12 @@ selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@ + - jmc@cvs.openbsd.org 2010/09/22 08:30:08 + [ssh.1 ssh_config.5] + ssh.1: add kexalgorithms to the -o list + ssh_config.5: format the kexalgorithms in a more consistent + (prettier!) way + ok djm 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/ssh.1 b/ssh.1 index 3209a388f..a3d66cb19 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.313 2010/09/11 21:44:20 djm Exp $ -.Dd $Mdocdate: September 11 2010 $ +.\" $OpenBSD: ssh.1,v 1.314 2010/09/22 08:30:08 jmc Exp $ +.Dd $Mdocdate: September 22 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -437,6 +437,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It KbdInteractiveDevices +.It KexAlgorithms .It LocalCommand .It LocalForward .It LogLevel diff --git a/ssh_config.5 b/ssh_config.5 index 6e49842a7..4a71e2af0 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.140 2010/09/22 05:01:29 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.141 2010/09/22 08:30:08 jmc Exp $ .Dd $Mdocdate: September 22 2010 $ .Dt SSH_CONFIG 5 .Os @@ -649,14 +649,14 @@ and .It Cm KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. -The default is -.Dq ecdh-sha2-nistp256 , -.Dq ecdh-sha2-nistp384 , -.Dq ecdh-sha2-nistp521 , -.Dq diffie-hellman-group-exchange-sha256 , -.Dq diffie-hellman-group-exchange-sha1 , -.Dq diffie-hellman-group14-sha1 , -.Dq diffie-hellman-group1-sha1 . +The default is: +.Bd -literal -offset indent +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, +diffie-hellman-group-exchange-sha256, +diffie-hellman-group-exchange-sha1, +diffie-hellman-group14-sha1, +diffie-hellman-group1-sha1 +.Ed .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. -- cgit v1.2.3 From 65e42f87fe945a2bf30d7e02358554dbaefa8a4c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:15:11 +1000 Subject: - djm@cvs.openbsd.org 2010/09/22 22:58:51 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] [sftp-client.h sftp.1 sftp.c] add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@ --- ChangeLog | 10 +++ atomicio.c | 33 +++++++-- atomicio.h | 8 ++- misc.c | 66 +++++++++++++++++- misc.h | 11 ++- scp.c | 122 ++++++-------------------------- sftp-client.c | 219 ++++++++++++++++++++++++++++++++-------------------------- sftp-client.h | 4 +- sftp.1 | 7 +- sftp.c | 15 +++- 10 files changed, 282 insertions(+), 213 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5f3914007..b3338dcb7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,16 @@ ssh_config.5: format the kexalgorithms in a more consistent (prettier!) way ok djm + - djm@cvs.openbsd.org 2010/09/22 22:58:51 + [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] + [sftp-client.h sftp.1 sftp.c] + add an option per-read/write callback to atomicio + + factor out bandwidth limiting code from scp(1) into a generic bandwidth + limiter that can be attached using the atomicio callback mechanism + + add a bandwidth limit option to sftp(1) using the above + "very nice" markus@ 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/atomicio.c b/atomicio.c index a6b2d127a..601b3c371 100644 --- a/atomicio.c +++ b/atomicio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.25 2007/06/25 12:02:27 dtucker Exp $ */ +/* $OpenBSD: atomicio.c,v 1.26 2010/09/22 22:58:51 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -48,7 +48,8 @@ * ensure all of data on socket comes through. f==read || f==vwrite */ size_t -atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) +atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, + int (*cb)(void *, size_t), void *cb_arg) { char *s = _s; size_t pos = 0; @@ -73,17 +74,28 @@ atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) return pos; default: pos += (size_t)res; + if (cb != NULL && cb(cb_arg, (size_t)res) == -1) { + errno = EINTR; + return pos; + } } } - return (pos); + return pos; +} + +size_t +atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) +{ + return atomicio6(f, fd, _s, n, NULL, NULL); } /* * ensure all of data on socket comes through. f==readv || f==writev */ size_t -atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, - const struct iovec *_iov, int iovcnt) +atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, + const struct iovec *_iov, int iovcnt, + int (*cb)(void *, size_t), void *cb_arg) { size_t pos = 0, rem; ssize_t res; @@ -137,6 +149,17 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, iov[0].iov_base = ((char *)iov[0].iov_base) + rem; iov[0].iov_len -= rem; } + if (cb != NULL && cb(cb_arg, (size_t)res) == -1) { + errno = EINTR; + return pos; + } } return pos; } + +size_t +atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, + const struct iovec *_iov, int iovcnt) +{ + return atomiciov6(f, fd, _iov, iovcnt, NULL, NULL); +} diff --git a/atomicio.h b/atomicio.h index 2fcd25d43..0d728ac86 100644 --- a/atomicio.h +++ b/atomicio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.h,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. @@ -32,6 +32,9 @@ /* * Ensure all of data on socket comes through. f==read || f==vwrite */ +size_t +atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, + int (*cb)(void *, size_t), void *); size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); #define vwrite (ssize_t (*)(int, void *, size_t))write @@ -39,6 +42,9 @@ size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); /* * ensure all of data on socket comes through. f==readv || f==writev */ +size_t +atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, + const struct iovec *_iov, int iovcnt, int (*cb)(void *, size_t), void *); size_t atomiciov(ssize_t (*)(int, const struct iovec *, int), int, const struct iovec *, int); diff --git a/misc.c b/misc.c index a82e7936e..41c92a82b 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.80 2010/07/21 02:10:58 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.81 2010/09/22 22:58:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -860,6 +860,70 @@ timingsafe_bcmp(const void *b1, const void *b2, size_t n) ret |= *p1++ ^ *p2++; return (ret != 0); } + +void +bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) +{ + bw->buflen = buflen; + bw->rate = kbps; + bw->thresh = bw->rate; + bw->lamt = 0; + timerclear(&bw->bwstart); + timerclear(&bw->bwend); +} + +/* Callback from read/write loop to insert bandwidth-limiting delays */ +void +bandwidth_limit(struct bwlimit *bw, size_t read_len) +{ + u_int64_t waitlen; + struct timespec ts, rm; + + if (!timerisset(&bw->bwstart)) { + gettimeofday(&bw->bwstart, NULL); + return; + } + + bw->lamt += read_len; + if (bw->lamt < bw->thresh) + return; + + gettimeofday(&bw->bwend, NULL); + timersub(&bw->bwend, &bw->bwstart, &bw->bwend); + if (!timerisset(&bw->bwend)) + return; + + bw->lamt *= 8; + waitlen = (double)1000000L * bw->lamt / bw->rate; + + bw->bwstart.tv_sec = waitlen / 1000000L; + bw->bwstart.tv_usec = waitlen % 1000000L; + + if (timercmp(&bw->bwstart, &bw->bwend, >)) { + timersub(&bw->bwstart, &bw->bwend, &bw->bwend); + + /* Adjust the wait time */ + if (bw->bwend.tv_sec) { + bw->thresh /= 2; + if (bw->thresh < bw->buflen / 4) + bw->thresh = bw->buflen / 4; + } else if (bw->bwend.tv_usec < 10000) { + bw->thresh *= 2; + if (bw->thresh > bw->buflen * 8) + bw->thresh = bw->buflen * 8; + } + + TIMEVAL_TO_TIMESPEC(&bw->bwend, &ts); + while (nanosleep(&ts, &rm) == -1) { + if (errno != EINTR) + break; + ts = rm; + } + } + + bw->lamt = 0; + gettimeofday(&bw->bwstart, NULL); +} void sock_set_v6only(int s) { diff --git a/misc.h b/misc.h index bb799f616..f5aab029b 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.43 2010/07/13 23:13:16 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.44 2010/09/22 22:58:51 djm Exp $ */ /* * Author: Tatu Ylonen @@ -80,6 +80,15 @@ void put_u32(void *, u_int32_t) void put_u16(void *, u_int16_t) __attribute__((__bounded__( __minbytes__, 1, 2))); +struct bwlimit { + size_t buflen; + u_int64_t rate, thresh, lamt; + struct timeval bwstart, bwend; +}; + +void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); +void bandwidth_limit(struct bwlimit *, size_t); + /* readpass.c */ diff --git a/scp.c b/scp.c index e07de42f7..a4066c668 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.166 2010/07/01 13:06:59 millert Exp $ */ +/* $OpenBSD: scp.c,v 1.167 2010/09/22 22:58:51 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -120,13 +120,12 @@ extern char *__progname; int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); -void bwlimit(int); - /* Struct for addargs */ arglist args; /* Bandwidth limit */ -off_t limit_rate = 0; +long long limit_kbps = 0; +struct bwlimit bwlimit; /* Name of current file being transferred. */ char *curfile; @@ -312,15 +311,14 @@ void sink(int, char *[]); void source(int, char *[]); void tolocal(int, char *[]); void toremote(char *, int, char *[]); -size_t scpio(ssize_t (*)(int, void *, size_t), int, void *, size_t, off_t *); void usage(void); int main(int argc, char **argv) { int ch, fflag, tflag, status, n; - double speed; - char *targ, *endp, **newargv; + char *targ, **newargv; + const char *errstr; extern char *optarg; extern int optind; @@ -369,10 +367,12 @@ main(int argc, char **argv) addargs(&args, "-oBatchmode yes"); break; case 'l': - speed = strtod(optarg, &endp); - if (speed <= 0 || *endp != '\0') + limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024, + &errstr); + if (errstr != NULL) usage(); - limit_rate = speed * 1024; + limit_kbps *= 1024; /* kbps */ + bandwidth_limit_init(&bwlimit, limit_kbps, COPY_BUFLEN); break; case 'p': pflag = 1; @@ -474,41 +474,16 @@ main(int argc, char **argv) exit(errs != 0); } -/* - * atomicio-like wrapper that also applies bandwidth limits and updates - * the progressmeter counter. - */ -size_t -scpio(ssize_t (*f)(int, void *, size_t), int fd, void *_p, size_t l, off_t *c) +/* Callback from atomicio6 to update progress meter and limit bandwidth */ +static int +scpio(void *_cnt, size_t s) { - u_char *p = (u_char *)_p; - size_t offset; - ssize_t r; - struct pollfd pfd; - - pfd.fd = fd; - pfd.events = f == read ? POLLIN : POLLOUT; - for (offset = 0; offset < l;) { - r = f(fd, p + offset, l - offset); - if (r == 0) { - errno = EPIPE; - return offset; - } - if (r < 0) { - if (errno == EINTR) - continue; - if (errno == EAGAIN || errno == EWOULDBLOCK) { - (void)poll(&pfd, 1, -1); /* Ignore errors */ - continue; - } - return offset; - } - offset += (size_t)r; - *c += (off_t)r; - if (limit_rate) - bwlimit(r); - } - return offset; + off_t *cnt = (off_t *)_cnt; + + *cnt += s; + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; } void @@ -750,7 +725,7 @@ next: if (fd != -1) { (void)atomicio(vwrite, remout, bp->buf, amt); continue; } - if (scpio(vwrite, remout, bp->buf, amt, + if (atomicio6(vwrite, remout, bp->buf, amt, scpio, &statbytes) != amt) haderr = errno; } @@ -824,60 +799,6 @@ rsource(char *name, struct stat *statp) (void) response(); } -void -bwlimit(int amount) -{ - static struct timeval bwstart, bwend; - static int lamt, thresh = 16384; - u_int64_t waitlen; - struct timespec ts, rm; - - if (!timerisset(&bwstart)) { - gettimeofday(&bwstart, NULL); - return; - } - - lamt += amount; - if (lamt < thresh) - return; - - gettimeofday(&bwend, NULL); - timersub(&bwend, &bwstart, &bwend); - if (!timerisset(&bwend)) - return; - - lamt *= 8; - waitlen = (double)1000000L * lamt / limit_rate; - - bwstart.tv_sec = waitlen / 1000000L; - bwstart.tv_usec = waitlen % 1000000L; - - if (timercmp(&bwstart, &bwend, >)) { - timersub(&bwstart, &bwend, &bwend); - - /* Adjust the wait time */ - if (bwend.tv_sec) { - thresh /= 2; - if (thresh < 2048) - thresh = 2048; - } else if (bwend.tv_usec < 10000) { - thresh *= 2; - if (thresh > COPY_BUFLEN * 4) - thresh = COPY_BUFLEN * 4; - } - - TIMEVAL_TO_TIMESPEC(&bwend, &ts); - while (nanosleep(&ts, &rm) == -1) { - if (errno != EINTR) - break; - ts = rm; - } - } - - lamt = 0; - gettimeofday(&bwstart, NULL); -} - void sink(int argc, char **argv) { @@ -1071,7 +992,8 @@ bad: run_err("%s: %s", np, strerror(errno)); amt = size - i; count += amt; do { - j = scpio(read, remin, cp, amt, &statbytes); + j = atomicio6(read, remin, cp, amt, + scpio, &statbytes); if (j == 0) { run_err("%s", j != EPIPE ? strerror(errno) : diff --git a/sftp-client.c b/sftp-client.c index 9dab47780..4e009ef25 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.92 2010/07/19 03:16:33 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.93 2010/09/22 22:58:51 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -76,14 +76,26 @@ struct sftp_conn { #define SFTP_EXT_STATVFS 0x00000002 #define SFTP_EXT_FSTATVFS 0x00000004 u_int exts; + u_int64_t limit_kbps; + struct bwlimit bwlimit_in, bwlimit_out; }; static char * -get_handle(int fd, u_int expected_id, u_int *len, const char *errfmt, ...) - __attribute__((format(printf, 4, 5))); +get_handle(struct sftp_conn *conn, u_int expected_id, u_int *len, + const char *errfmt, ...) __attribute__((format(printf, 4, 5))); + +/* ARGSUSED */ +static int +sftpio(void *_bwlimit, size_t amount) +{ + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + + bandwidth_limit(bwlimit, amount); + return 0; +} static void -send_msg(int fd, Buffer *m) +send_msg(struct sftp_conn *conn, Buffer *m) { u_char mlen[4]; struct iovec iov[2]; @@ -98,19 +110,22 @@ send_msg(int fd, Buffer *m) iov[1].iov_base = buffer_ptr(m); iov[1].iov_len = buffer_len(m); - if (atomiciov(writev, fd, iov, 2) != buffer_len(m) + sizeof(mlen)) + if (atomiciov6(writev, conn->fd_out, iov, 2, + conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != + buffer_len(m) + sizeof(mlen)) fatal("Couldn't send packet: %s", strerror(errno)); buffer_clear(m); } static void -get_msg(int fd, Buffer *m) +get_msg(struct sftp_conn *conn, Buffer *m) { u_int msg_len; buffer_append_space(m, 4); - if (atomicio(read, fd, buffer_ptr(m), 4) != 4) { + if (atomicio6(read, conn->fd_in, buffer_ptr(m), 4, + conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { if (errno == EPIPE) fatal("Connection closed"); else @@ -122,7 +137,9 @@ get_msg(int fd, Buffer *m) fatal("Received message too long %u", msg_len); buffer_append_space(m, msg_len); - if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) { + if (atomicio6(read, conn->fd_in, buffer_ptr(m), msg_len, + conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) + != msg_len) { if (errno == EPIPE) fatal("Connection closed"); else @@ -131,7 +148,7 @@ get_msg(int fd, Buffer *m) } static void -send_string_request(int fd, u_int id, u_int code, char *s, +send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s, u_int len) { Buffer msg; @@ -140,14 +157,14 @@ send_string_request(int fd, u_int id, u_int code, char *s, buffer_put_char(&msg, code); buffer_put_int(&msg, id); buffer_put_string(&msg, s, len); - send_msg(fd, &msg); - debug3("Sent message fd %d T:%u I:%u", fd, code, id); + send_msg(conn, &msg); + debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id); buffer_free(&msg); } static void -send_string_attrs_request(int fd, u_int id, u_int code, char *s, - u_int len, Attrib *a) +send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code, + char *s, u_int len, Attrib *a) { Buffer msg; @@ -156,19 +173,19 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s, buffer_put_int(&msg, id); buffer_put_string(&msg, s, len); encode_attrib(&msg, a); - send_msg(fd, &msg); - debug3("Sent message fd %d T:%u I:%u", fd, code, id); + send_msg(conn, &msg); + debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id); buffer_free(&msg); } static u_int -get_status(int fd, u_int expected_id) +get_status(struct sftp_conn *conn, u_int expected_id) { Buffer msg; u_int type, id, status; buffer_init(&msg); - get_msg(fd, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); @@ -183,11 +200,12 @@ get_status(int fd, u_int expected_id) debug3("SSH2_FXP_STATUS %u", status); - return(status); + return status; } static char * -get_handle(int fd, u_int expected_id, u_int *len, const char *errfmt, ...) +get_handle(struct sftp_conn *conn, u_int expected_id, u_int *len, + const char *errfmt, ...) { Buffer msg; u_int type, id; @@ -201,7 +219,7 @@ get_handle(int fd, u_int expected_id, u_int *len, const char *errfmt, ...) va_end(args); buffer_init(&msg); - get_msg(fd, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); @@ -225,14 +243,14 @@ get_handle(int fd, u_int expected_id, u_int *len, const char *errfmt, ...) } static Attrib * -get_decode_stat(int fd, u_int expected_id, int quiet) +get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) { Buffer msg; u_int type, id; Attrib *a; buffer_init(&msg); - get_msg(fd, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); @@ -260,14 +278,14 @@ get_decode_stat(int fd, u_int expected_id, int quiet) } static int -get_decode_statvfs(int fd, struct sftp_statvfs *st, u_int expected_id, - int quiet) +get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st, + u_int expected_id, int quiet) { Buffer msg; u_int type, id, flag; buffer_init(&msg); - get_msg(fd, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); @@ -311,21 +329,29 @@ get_decode_statvfs(int fd, struct sftp_statvfs *st, u_int expected_id, } struct sftp_conn * -do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) +do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, + u_int64_t limit_kbps) { - u_int type, exts = 0; - int version; + u_int type; Buffer msg; struct sftp_conn *ret; + ret = xmalloc(sizeof(*ret)); + ret->fd_in = fd_in; + ret->fd_out = fd_out; + ret->transfer_buflen = transfer_buflen; + ret->num_requests = num_requests; + ret->exts = 0; + ret->limit_kbps = 0; + buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_INIT); buffer_put_int(&msg, SSH2_FILEXFER_VERSION); - send_msg(fd_out, &msg); + send_msg(ret, &msg); buffer_clear(&msg); - get_msg(fd_in, &msg); + get_msg(ret, &msg); /* Expecting a VERSION reply */ if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) { @@ -334,9 +360,9 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) buffer_free(&msg); return(NULL); } - version = buffer_get_int(&msg); + ret->version = buffer_get_int(&msg); - debug2("Remote version: %d", version); + debug2("Remote version: %u", ret->version); /* Check for extensions */ while (buffer_len(&msg) > 0) { @@ -346,15 +372,15 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) if (strcmp(name, "posix-rename@openssh.com") == 0 && strcmp(value, "1") == 0) { - exts |= SFTP_EXT_POSIX_RENAME; + ret->exts |= SFTP_EXT_POSIX_RENAME; known = 1; } else if (strcmp(name, "statvfs@openssh.com") == 0 && strcmp(value, "2") == 0) { - exts |= SFTP_EXT_STATVFS; + ret->exts |= SFTP_EXT_STATVFS; known = 1; } if (strcmp(name, "fstatvfs@openssh.com") == 0 && strcmp(value, "2") == 0) { - exts |= SFTP_EXT_FSTATVFS; + ret->exts |= SFTP_EXT_FSTATVFS; known = 1; } if (known) { @@ -369,26 +395,25 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) buffer_free(&msg); - ret = xmalloc(sizeof(*ret)); - ret->fd_in = fd_in; - ret->fd_out = fd_out; - ret->transfer_buflen = transfer_buflen; - ret->num_requests = num_requests; - ret->version = version; - ret->msg_id = 1; - ret->exts = exts; - /* Some filexfer v.0 servers don't support large packets */ - if (version == 0) + if (ret->version == 0) ret->transfer_buflen = MIN(ret->transfer_buflen, 20480); - return(ret); + ret->limit_kbps = limit_kbps; + if (ret->limit_kbps > 0) { + bandwidth_limit_init(&ret->bwlimit_in, ret->limit_kbps, + ret->transfer_buflen); + bandwidth_limit_init(&ret->bwlimit_out, ret->limit_kbps, + ret->transfer_buflen); + } + + return ret; } u_int sftp_proto_version(struct sftp_conn *conn) { - return(conn->version); + return conn->version; } int @@ -403,16 +428,16 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len) buffer_put_char(&msg, SSH2_FXP_CLOSE); buffer_put_int(&msg, id); buffer_put_string(&msg, handle, handle_len); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); debug3("Sent message SSH2_FXP_CLOSE I:%u", id); - status = get_status(conn->fd_in, id); + status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't close file: %s", fx2txt(status)); buffer_free(&msg); - return(status); + return status; } @@ -430,14 +455,14 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, buffer_put_char(&msg, SSH2_FXP_OPENDIR); buffer_put_int(&msg, id); buffer_put_cstring(&msg, path); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); buffer_clear(&msg); - handle = get_handle(conn->fd_in, id, &handle_len, + handle = get_handle(conn, id, &handle_len, "remote readdir(\"%s\")", path); if (handle == NULL) - return(-1); + return -1; if (dir) { ents = 0; @@ -454,11 +479,11 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, buffer_put_char(&msg, SSH2_FXP_READDIR); buffer_put_int(&msg, id); buffer_put_string(&msg, handle, handle_len); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); buffer_clear(&msg); - get_msg(conn->fd_in, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); @@ -537,7 +562,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, **dir = NULL; } - return(0); + return 0; } int @@ -566,9 +591,8 @@ do_rm(struct sftp_conn *conn, char *path) debug2("Sending SSH2_FXP_REMOVE \"%s\"", path); id = conn->msg_id++; - send_string_request(conn->fd_out, id, SSH2_FXP_REMOVE, path, - strlen(path)); - status = get_status(conn->fd_in, id); + send_string_request(conn, id, SSH2_FXP_REMOVE, path, strlen(path)); + status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't delete file: %s", fx2txt(status)); return(status); @@ -580,10 +604,10 @@ do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag) u_int status, id; id = conn->msg_id++; - send_string_attrs_request(conn->fd_out, id, SSH2_FXP_MKDIR, path, + send_string_attrs_request(conn, id, SSH2_FXP_MKDIR, path, strlen(path), a); - status = get_status(conn->fd_in, id); + status = get_status(conn, id); if (status != SSH2_FX_OK && printflag) error("Couldn't create directory: %s", fx2txt(status)); @@ -596,10 +620,10 @@ do_rmdir(struct sftp_conn *conn, char *path) u_int status, id; id = conn->msg_id++; - send_string_request(conn->fd_out, id, SSH2_FXP_RMDIR, path, + send_string_request(conn, id, SSH2_FXP_RMDIR, path, strlen(path)); - status = get_status(conn->fd_in, id); + status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't remove directory: %s", fx2txt(status)); @@ -613,11 +637,11 @@ do_stat(struct sftp_conn *conn, char *path, int quiet) id = conn->msg_id++; - send_string_request(conn->fd_out, id, + send_string_request(conn, id, conn->version == 0 ? SSH2_FXP_STAT_VERSION_0 : SSH2_FXP_STAT, path, strlen(path)); - return(get_decode_stat(conn->fd_in, id, quiet)); + return(get_decode_stat(conn, id, quiet)); } Attrib * @@ -634,10 +658,10 @@ do_lstat(struct sftp_conn *conn, char *path, int quiet) } id = conn->msg_id++; - send_string_request(conn->fd_out, id, SSH2_FXP_LSTAT, path, + send_string_request(conn, id, SSH2_FXP_LSTAT, path, strlen(path)); - return(get_decode_stat(conn->fd_in, id, quiet)); + return(get_decode_stat(conn, id, quiet)); } #ifdef notyet @@ -647,10 +671,10 @@ do_fstat(struct sftp_conn *conn, char *handle, u_int handle_len, int quiet) u_int id; id = conn->msg_id++; - send_string_request(conn->fd_out, id, SSH2_FXP_FSTAT, handle, + send_string_request(conn, id, SSH2_FXP_FSTAT, handle, handle_len); - return(get_decode_stat(conn->fd_in, id, quiet)); + return(get_decode_stat(conn, id, quiet)); } #endif @@ -660,10 +684,10 @@ do_setstat(struct sftp_conn *conn, char *path, Attrib *a) u_int status, id; id = conn->msg_id++; - send_string_attrs_request(conn->fd_out, id, SSH2_FXP_SETSTAT, path, + send_string_attrs_request(conn, id, SSH2_FXP_SETSTAT, path, strlen(path), a); - status = get_status(conn->fd_in, id); + status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't setstat on \"%s\": %s", path, fx2txt(status)); @@ -678,10 +702,10 @@ do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len, u_int status, id; id = conn->msg_id++; - send_string_attrs_request(conn->fd_out, id, SSH2_FXP_FSETSTAT, handle, + send_string_attrs_request(conn, id, SSH2_FXP_FSETSTAT, handle, handle_len, a); - status = get_status(conn->fd_in, id); + status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't fsetstat: %s", fx2txt(status)); @@ -697,12 +721,12 @@ do_realpath(struct sftp_conn *conn, char *path) Attrib *a; expected_id = id = conn->msg_id++; - send_string_request(conn->fd_out, id, SSH2_FXP_REALPATH, path, + send_string_request(conn, id, SSH2_FXP_REALPATH, path, strlen(path)); buffer_init(&msg); - get_msg(conn->fd_in, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); @@ -756,13 +780,13 @@ do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) } buffer_put_cstring(&msg, oldpath); buffer_put_cstring(&msg, newpath); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); debug3("Sent message %s \"%s\" -> \"%s\"", (conn->exts & SFTP_EXT_POSIX_RENAME) ? "posix-rename@openssh.com" : "SSH2_FXP_RENAME", oldpath, newpath); buffer_free(&msg); - status = get_status(conn->fd_in, id); + status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't rename file \"%s\" to \"%s\": %s", oldpath, newpath, fx2txt(status)); @@ -789,12 +813,12 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) buffer_put_int(&msg, id); buffer_put_cstring(&msg, oldpath); buffer_put_cstring(&msg, newpath); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath, newpath); buffer_free(&msg); - status = get_status(conn->fd_in, id); + status = get_status(conn, id); if (status != SSH2_FX_OK) error("Couldn't symlink file \"%s\" to \"%s\": %s", oldpath, newpath, fx2txt(status)); @@ -812,12 +836,11 @@ do_readlink(struct sftp_conn *conn, char *path) Attrib *a; expected_id = id = conn->msg_id++; - send_string_request(conn->fd_out, id, SSH2_FXP_READLINK, path, - strlen(path)); + send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path)); buffer_init(&msg); - get_msg(conn->fd_in, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); @@ -871,10 +894,10 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st, buffer_put_int(&msg, id); buffer_put_cstring(&msg, "statvfs@openssh.com"); buffer_put_cstring(&msg, path); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); buffer_free(&msg); - return get_decode_statvfs(conn->fd_in, st, id, quiet); + return get_decode_statvfs(conn, st, id, quiet); } #ifdef notyet @@ -898,16 +921,16 @@ do_fstatvfs(struct sftp_conn *conn, const char *handle, u_int handle_len, buffer_put_int(&msg, id); buffer_put_cstring(&msg, "fstatvfs@openssh.com"); buffer_put_string(&msg, handle, handle_len); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); buffer_free(&msg); - return get_decode_statvfs(conn->fd_in, st, id, quiet); + return get_decode_statvfs(conn, st, id, quiet); } #endif static void -send_read_request(int fd_out, u_int id, u_int64_t offset, u_int len, - char *handle, u_int handle_len) +send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, + u_int len, char *handle, u_int handle_len) { Buffer msg; @@ -918,7 +941,7 @@ send_read_request(int fd_out, u_int id, u_int64_t offset, u_int len, buffer_put_string(&msg, handle, handle_len); buffer_put_int64(&msg, offset); buffer_put_int(&msg, len); - send_msg(fd_out, &msg); + send_msg(conn, &msg); buffer_free(&msg); } @@ -976,10 +999,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, buffer_put_int(&msg, SSH2_FXF_READ); attrib_clear(&junk); /* Send empty attributes */ encode_attrib(&msg, &junk); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); - handle = get_handle(conn->fd_in, id, &handle_len, + handle = get_handle(conn, id, &handle_len, "remote open(\"%s\")", remote_path); if (handle == NULL) { buffer_free(&msg); @@ -1032,12 +1055,12 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, offset += buflen; num_req++; TAILQ_INSERT_TAIL(&requests, req, tq); - send_read_request(conn->fd_out, req->id, req->offset, + send_read_request(conn, req->id, req->offset, req->len, handle, handle_len); } buffer_clear(&msg); - get_msg(conn->fd_in, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); id = buffer_get_int(&msg); debug3("Received reply T:%u I:%u R:%d", type, id, max_req); @@ -1092,7 +1115,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, req->id = conn->msg_id++; req->len -= len; req->offset += len; - send_read_request(conn->fd_out, req->id, + send_read_request(conn, req->id, req->offset, req->len, handle, handle_len); /* Reduce the request size */ if (len < buflen) @@ -1327,12 +1350,12 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_cstring(&msg, remote_path); buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC); encode_attrib(&msg, &a); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); buffer_clear(&msg); - handle = get_handle(conn->fd_in, id, &handle_len, + handle = get_handle(conn, id, &handle_len, "remote open(\"%s\")", remote_path); if (handle == NULL) { close(local_fd); @@ -1381,7 +1404,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, buffer_put_string(&msg, handle, handle_len); buffer_put_int64(&msg, offset); buffer_put_string(&msg, data, len); - send_msg(conn->fd_out, &msg); + send_msg(conn, &msg); debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", id, (unsigned long long)offset, len); } else if (TAILQ_FIRST(&acks) == NULL) @@ -1395,7 +1418,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, u_int r_id; buffer_clear(&msg); - get_msg(conn->fd_in, &msg); + get_msg(conn, &msg); type = buffer_get_char(&msg); r_id = buffer_get_int(&msg); diff --git a/sftp-client.h b/sftp-client.h index 1d08c4049..145fc38ee 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.18 2009/08/18 18:36:20 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.19 2010/09/22 22:58:51 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -51,7 +51,7 @@ struct sftp_statvfs { * Initialise a SSH filexfer connection. Returns NULL on error or * a pointer to a initialized sftp_conn struct on success. */ -struct sftp_conn *do_init(int, int, u_int, u_int); +struct sftp_conn *do_init(int, int, u_int, u_int, u_int64_t); u_int sftp_proto_version(struct sftp_conn *); diff --git a/sftp.1 b/sftp.1 index 49d88de03..b2a19b72d 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.84 2010/09/19 21:30:05 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.85 2010/09/22 22:58:51 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 19 2010 $ +.Dd $Mdocdate: September 22 2010 $ .Dt SFTP 1 .Os .Sh NAME @@ -38,6 +38,7 @@ .Op Fl D Ar sftp_server_path .Op Fl F Ar ssh_config .Op Fl i Ar identity_file +.Op Fl l Ar limit .Op Fl o Ar ssh_option .Op Fl P Ar port .Op Fl R Ar num_requests @@ -159,6 +160,8 @@ Selects the file from which the identity (private key) for public key authentication is read. This option is directly passed to .Xr ssh 1 . +.It Fl l Ar limit +Limits the used bandwidth, specified in Kbit/s. .It Fl o Ar ssh_option Can be used to pass options to .Nm ssh diff --git a/sftp.c b/sftp.c index 229f12987..8ce7d91fb 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.125 2010/06/18 00:58:39 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.126 2010/09/22 22:58:51 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -2073,6 +2073,7 @@ main(int argc, char **argv) int debug_level = 0, sshver = 2; char *file1 = NULL, *sftp_server = NULL; char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL; + const char *errstr; LogLevel ll = SYSLOG_LEVEL_INFO; arglist args; extern int optind; @@ -2080,6 +2081,7 @@ main(int argc, char **argv) struct sftp_conn *conn; size_t copy_buffer_len = DEFAULT_COPY_BUFLEN; size_t num_requests = DEFAULT_NUM_REQUESTS; + long long limit_kbps = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -2097,7 +2099,7 @@ main(int argc, char **argv) infile = stdin; while ((ch = getopt(argc, argv, - "1246hpqrvCc:D:i:o:s:S:b:B:F:P:R:")) != -1) { + "1246hpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { switch (ch) { /* Passed through to ssh(1) */ case '4': @@ -2158,6 +2160,13 @@ main(int argc, char **argv) case 'D': sftp_direct = optarg; break; + case 'l': + limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024, + &errstr); + if (errstr != NULL) + usage(); + limit_kbps *= 1024; /* kbps */ + break; case 'r': global_rflag = 1; break; @@ -2235,7 +2244,7 @@ main(int argc, char **argv) } freeargs(&args); - conn = do_init(in, out, copy_buffer_len, num_requests); + conn = do_init(in, out, copy_buffer_len, num_requests, limit_kbps); if (conn == NULL) fatal("Couldn't initialise connection to server"); -- cgit v1.2.3 From 56883e194fce3dea230cffddba512181398c06c4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:15:39 +1000 Subject: - jmc@cvs.openbsd.org 2010/09/23 13:34:43 [sftp.c] add [-l limit] to usage(); --- ChangeLog | 3 +++ sftp.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b3338dcb7..1dc4f82e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,9 @@ add a bandwidth limit option to sftp(1) using the above "very nice" markus@ + - jmc@cvs.openbsd.org 2010/09/23 13:34:43 + [sftp.c] + add [-l limit] to usage(); 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/sftp.c b/sftp.c index 8ce7d91fb..f6cadd113 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.126 2010/09/22 22:58:51 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.127 2010/09/23 13:34:43 jmc Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -2054,7 +2054,7 @@ usage(void) fprintf(stderr, "usage: %s [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n" " [-D sftp_server_path] [-F ssh_config] " - "[-i identity_file]\n" + "[-i identity_file] [-l limit]\n" " [-o ssh_option] [-P port] [-R num_requests] " "[-S program]\n" " [-s subsystem | sftp_server] host\n" -- cgit v1.2.3 From 2beb32f290390c4f7c2a86dd5d096475e3b76c5b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 24 Sep 2010 22:16:03 +1000 Subject: - jmc@cvs.openbsd.org 2010/09/23 13:36:46 [scp.1 sftp.1] add KexAlgorithms to the -o list; --- ChangeLog | 3 +++ scp.1 | 5 +++-- sftp.1 | 5 +++-- 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1dc4f82e4..2b0f5c045 100644 --- a/ChangeLog +++ b/ChangeLog @@ -57,6 +57,9 @@ - jmc@cvs.openbsd.org 2010/09/23 13:34:43 [sftp.c] add [-l limit] to usage(); + - jmc@cvs.openbsd.org 2010/09/23 13:36:46 + [scp.1 sftp.1] + add KexAlgorithms to the -o list; 20100910 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact diff --git a/scp.1 b/scp.1 index 82da30f4f..13a43f6b4 100644 --- a/scp.1 +++ b/scp.1 @@ -9,9 +9,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.51 2010/09/03 11:09:29 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.52 2010/09/23 13:36:46 jmc Exp $ .\" -.Dd $Mdocdate: September 3 2010 $ +.Dd $Mdocdate: September 23 2010 $ .Dt SCP 1 .Os .Sh NAME @@ -148,6 +148,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It KbdInteractiveDevices +.It KexAlgorithms .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/sftp.1 b/sftp.1 index b2a19b72d..0d253cc8f 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.85 2010/09/22 22:58:51 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.86 2010/09/23 13:36:46 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 22 2010 $ +.Dd $Mdocdate: September 23 2010 $ .Dt SFTP 1 .Os .Sh NAME @@ -202,6 +202,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It KbdInteractiveDevices +.It KexAlgorithms .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost -- cgit v1.2.3 From aa18063baf35e303832d9ec58204ffaab221de85 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 21:25:27 +1100 Subject: - matthew@cvs.openbsd.org 2010/09/24 13:33:00 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] [openbsd-compat/timingsafe_bcmp.c] Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH --- ChangeLog | 10 ++++++++++ configure.ac | 5 +++-- misc.c | 13 +------------ misc.h | 3 +-- openbsd-compat/openbsd-compat.h | 6 +++++- openbsd-compat/timingsafe_bcmp.c | 34 ++++++++++++++++++++++++++++++++++ 6 files changed, 54 insertions(+), 17 deletions(-) create mode 100644 openbsd-compat/timingsafe_bcmp.c (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2b0f5c045..f29bfd731 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +20101007 + - (djm) OpenBSD CVS Sync + - matthew@cvs.openbsd.org 2010/09/24 13:33:00 + [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] + [openbsd-compat/timingsafe_bcmp.c] + Add timingsafe_bcmp(3) to libc, mention that it's already in the + kernel in kern(9), and remove it from OpenSSH. + ok deraadt@, djm@ + NB. re-added under openbsd-compat/ for portable OpenSSH + 20100924 - (djm) OpenBSD CVS Sync - naddy@cvs.openbsd.org 2010/09/10 15:19:29 diff --git a/configure.ac b/configure.ac index d267ba2b1..9b67e3d47 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.452 2010/09/10 01:39:27 djm Exp $ +# $Id: configure.ac,v 1.453 2010/10/07 10:25:28 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.452 $) +AC_REVISION($Revision: 1.453 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1434,6 +1434,7 @@ AC_CHECK_FUNCS( \ swap32 \ sysconf \ tcgetpgrp \ + timingsafe_bcmp \ truncate \ unsetenv \ updwtmpx \ diff --git a/misc.c b/misc.c index 41c92a82b..ff09becf9 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.81 2010/09/22 22:58:51 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.82 2010/09/24 13:33:00 matthew Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -850,17 +850,6 @@ ms_to_timeval(struct timeval *tv, int ms) tv->tv_usec = (ms % 1000) * 1000; } -int -timingsafe_bcmp(const void *b1, const void *b2, size_t n) -{ - const unsigned char *p1 = b1, *p2 = b2; - int ret = 0; - - for (; n > 0; n--) - ret |= *p1++ ^ *p2++; - return (ret != 0); -} - void bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) { diff --git a/misc.h b/misc.h index f5aab029b..1368931a0 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.44 2010/09/22 22:58:51 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.45 2010/09/24 13:33:00 matthew Exp $ */ /* * Author: Tatu Ylonen @@ -36,7 +36,6 @@ void sanitise_stdfd(void); void ms_subtract_diff(struct timeval *, int *); void ms_to_timeval(struct timeval *, int); void sock_set_v6only(int); -int timingsafe_bcmp(const void *, const void *, size_t); struct passwd *pwcopy(struct passwd *); const char *ssh_gai_strerror(int); diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index e15d2bd96..77c5ed2b1 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.50 2010/08/16 03:15:23 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.51 2010/10/07 10:25:29 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -213,6 +213,10 @@ char *user_from_uid(uid_t, int); char *group_from_gid(gid_t, int); #endif +#ifndef HAVE_TIMINGSAFE_BCMP +int timingsafe_bcmp(const void *, const void *, size_t); +#endif + void *xmmap(size_t size); char *xcrypt(const char *password, const char *salt); char *shadow_pw(struct passwd *pw); diff --git a/openbsd-compat/timingsafe_bcmp.c b/openbsd-compat/timingsafe_bcmp.c new file mode 100644 index 000000000..7e28c0e2a --- /dev/null +++ b/openbsd-compat/timingsafe_bcmp.c @@ -0,0 +1,34 @@ +/* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ +/* + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */ + +#include "includes.h" +#ifndef HAVE_TIMINGSAFE_BCMP + +int +timingsafe_bcmp(const void *b1, const void *b2, size_t n) +{ + const unsigned char *p1 = b1, *p2 = b2; + int ret = 0; + + for (; n > 0; n--) + ret |= *p1++ ^ *p2++; + return (ret != 0); +} + +#endif /* TIMINGSAFE_BCMP */ -- cgit v1.2.3 From a6e121aaa0ab61965db2dcfe8e2ba5d719fbe1e6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 21:39:17 +1100 Subject: - djm@cvs.openbsd.org 2010/09/25 09:30:16 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] make use of new glob(3) GLOB_KEEPSTAT extension to save extra server rountrips to fetch per-file stat(2) information. NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to match. --- ChangeLog | 6 ++ configure.ac | 26 ++++- openbsd-compat/charclass.h | 31 ++++++ openbsd-compat/glob.c | 232 +++++++++++++++++++++++++++++++++------------ openbsd-compat/glob.h | 14 ++- sftp.c | 56 ++++------- 6 files changed, 259 insertions(+), 106 deletions(-) create mode 100644 openbsd-compat/charclass.h (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f29bfd731..f6588cca3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,12 @@ kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH + - djm@cvs.openbsd.org 2010/09/25 09:30:16 + [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] + make use of new glob(3) GLOB_KEEPSTAT extension to save extra server + rountrips to fetch per-file stat(2) information. + NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to + match. 20100924 - (djm) OpenBSD CVS Sync diff --git a/configure.ac b/configure.ac index 9b67e3d47..4deb0fe2e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.453 2010/10/07 10:25:28 djm Exp $ +# $Id: configure.ac,v 1.454 2010/10/07 10:39:17 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.453 $) +AC_REVISION($Revision: 1.454 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1118,6 +1118,28 @@ AC_TRY_COMPILE( ] ) +# Check for g.gl_statv glob() extension +AC_MSG_CHECKING(for gl_statv and GLOB_KEEPSTAT extensions for glob) +AC_TRY_COMPILE( + [ #include ], + [ +#ifndef GLOB_KEEPSTAT +#error "glob does not support GLOB_KEEPSTAT extension" +#endif +glob_t g; +g.gl_statv = NULL; +], + [ + AC_DEFINE(GLOB_HAS_GL_STATV, 1, + [Define if your system glob() function has + gl_statv options in glob_t]) + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + ] +) + AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include ]) AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) diff --git a/openbsd-compat/charclass.h b/openbsd-compat/charclass.h new file mode 100644 index 000000000..91f517447 --- /dev/null +++ b/openbsd-compat/charclass.h @@ -0,0 +1,31 @@ +/* + * Public domain, 2008, Todd C. Miller + * + * $OpenBSD: charclass.h,v 1.1 2008/10/01 23:04:13 millert Exp $ + */ + +/* OPENBSD ORIGINAL: lib/libc/gen/charclass.h */ + +/* + * POSIX character class support for fnmatch() and glob(). + */ +static struct cclass { + const char *name; + int (*isctype)(int); +} cclasses[] = { + { "alnum", isalnum }, + { "alpha", isalpha }, + { "blank", isblank }, + { "cntrl", iscntrl }, + { "digit", isdigit }, + { "graph", isgraph }, + { "lower", islower }, + { "print", isprint }, + { "punct", ispunct }, + { "space", isspace }, + { "upper", isupper }, + { "xdigit", isxdigit }, + { NULL, NULL } +}; + +#define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1) diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 74b506403..7bbe6c71a 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.c,v 1.26 2005/11/28 17:50:12 deraadt Exp $ */ +/* $OpenBSD: glob.c,v 1.33 2010/09/26 22:15:39 djm Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -33,6 +33,31 @@ /* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ +/* + * glob(3) -- a superset of the one defined in POSIX 1003.2. + * + * The [!...] convention to negate a range is supported (SysV, Posix, ksh). + * + * Optional extra services, controlled by flags not defined by POSIX: + * + * GLOB_QUOTE: + * Escaping convention: \ inhibits any special meaning the following + * character might have (except \ at end of string is retained). + * GLOB_MAGCHAR: + * Set in gl_flags if pattern contained a globbing character. + * GLOB_NOMAGIC: + * Same as GLOB_NOCHECK, but it will only append pattern if it did + * not contain any magic characters. [Used in csh style globbing] + * GLOB_ALTDIRFUNC: + * Use alternately specified directory access functions. + * GLOB_TILDE: + * expand ~user/foo to the /home/dir/of/user/foo + * GLOB_BRACE: + * expand {1,2}{a,b} to 1a 1b 2a 2b + * gl_matchc: + * Number of matches in the current invocation of glob. + */ + #include "includes.h" #include @@ -47,7 +72,7 @@ #include #if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) || \ + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ defined(BROKEN_GLOB) @@ -63,31 +88,7 @@ get_arg_max(void) #endif } -/* - * glob(3) -- a superset of the one defined in POSIX 1003.2. - * - * The [!...] convention to negate a range is supported (SysV, Posix, ksh). - * - * Optional extra services, controlled by flags not defined by POSIX: - * - * GLOB_QUOTE: - * Escaping convention: \ inhibits any special meaning the following - * character might have (except \ at end of string is retained). - * GLOB_MAGCHAR: - * Set in gl_flags if pattern contained a globbing character. - * GLOB_NOMAGIC: - * Same as GLOB_NOCHECK, but it will only append pattern if it did - * not contain any magic characters. [Used in csh style globbing] - * GLOB_ALTDIRFUNC: - * Use alternately specified directory access functions. - * GLOB_TILDE: - * expand ~user/foo to the /home/dir/of/user/foo - * GLOB_BRACE: - * expand {1,2}{a,b} to 1a 1b 2a 2b - * gl_matchc: - * Number of matches in the current invocation of glob. - */ - +#include "charclass.h" #define DOLLAR '$' #define DOT '.' @@ -100,7 +101,6 @@ get_arg_max(void) #define RBRACKET ']' #define SEP '/' #define STAR '*' -#undef TILDE /* Some platforms may already define it */ #define TILDE '~' #define UNDERSCORE '_' #define LBRACE '{' @@ -137,6 +137,7 @@ typedef char Char; #define M_ONE META('?') #define M_RNG META('-') #define M_SET META('[') +#define M_CLASS META(':') #define ismeta(c) (((c)&M_QUOTE) != 0) @@ -144,7 +145,8 @@ static int compare(const void *, const void *); static int g_Ctoc(const Char *, char *, u_int); static int g_lstat(Char *, struct stat *, glob_t *); static DIR *g_opendir(Char *, glob_t *); -static Char *g_strchr(Char *, int); +static Char *g_strchr(const Char *, int); +static int g_strncmp(const Char *, const char *, size_t); static int g_stat(Char *, struct stat *, glob_t *); static int glob0(const Char *, glob_t *); static int glob1(Char *, Char *, glob_t *, size_t *); @@ -152,11 +154,11 @@ static int glob2(Char *, Char *, Char *, Char *, Char *, Char *, glob_t *, size_t *); static int glob3(Char *, Char *, Char *, Char *, Char *, Char *, Char *, glob_t *, size_t *); -static int globextend(const Char *, glob_t *, size_t *); +static int globextend(const Char *, glob_t *, size_t *, struct stat *); static const Char * globtilde(const Char *, Char *, size_t, glob_t *); static int globexp1(const Char *, glob_t *); -static int globexp2(const Char *, const Char *, glob_t *, int *); +static int globexp2(const Char *, const Char *, glob_t *); static int match(Char *, Char *, Char *); #ifdef DEBUG static void qprintf(const char *, Char *); @@ -174,6 +176,7 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), if (!(flags & GLOB_APPEND)) { pglob->gl_pathc = 0; pglob->gl_pathv = NULL; + pglob->gl_statv = NULL; if (!(flags & GLOB_DOOFFS)) pglob->gl_offs = 0; } @@ -215,15 +218,13 @@ static int globexp1(const Char *pattern, glob_t *pglob) { const Char* ptr = pattern; - int rv; /* Protect a single {}, for find(1), like csh */ if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS) return glob0(pattern, pglob); - while ((ptr = (const Char *) g_strchr((Char *) ptr, LBRACE)) != NULL) - if (!globexp2(ptr, pattern, pglob, &rv)) - return rv; + if ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL) + return globexp2(ptr, pattern, pglob); return glob0(pattern, pglob); } @@ -235,9 +236,9 @@ globexp1(const Char *pattern, glob_t *pglob) * If it fails then it tries to glob the rest of the pattern and returns. */ static int -globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) +globexp2(const Char *ptr, const Char *pattern, glob_t *pglob) { - int i; + int i, rv; Char *lm, *ls; const Char *pe, *pm, *pl; Char patbuf[MAXPATHLEN]; @@ -270,10 +271,8 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) } /* Non matching braces; just glob the pattern */ - if (i != 0 || *pe == EOS) { - *rv = glob0(patbuf, pglob); - return 0; - } + if (i != 0 || *pe == EOS) + return glob0(patbuf, pglob); for (i = 0, pl = pm = ptr; pm <= pe; pm++) { switch (*pm) { @@ -319,7 +318,9 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) #ifdef DEBUG qprintf("globexp2:", patbuf); #endif - *rv = globexp1(patbuf, pglob); + rv = globexp1(patbuf, pglob); + if (rv && rv != GLOB_NOMATCH) + return rv; /* move after the comma, to the next string */ pl = pm + 1; @@ -330,7 +331,6 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) break; } } - *rv = 0; return 0; } @@ -399,6 +399,47 @@ globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob) return patbuf; } +static int +g_strncmp(const Char *s1, const char *s2, size_t n) +{ + int rv = 0; + + while (n--) { + rv = *(Char *)s1 - *(const unsigned char *)s2++; + if (rv) + break; + if (*s1++ == '\0') + break; + } + return rv; +} + +static int +g_charclass(const Char **patternp, Char **bufnextp) +{ + const Char *pattern = *patternp + 1; + Char *bufnext = *bufnextp; + const Char *colon; + struct cclass *cc; + size_t len; + + if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']') + return 1; /* not a character class */ + + len = (size_t)(colon - pattern); + for (cc = cclasses; cc->name != NULL; cc++) { + if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0') + break; + } + if (cc->name == NULL) + return -1; /* invalid character class */ + *bufnext++ = M_CLASS; + *bufnext++ = (Char)(cc - &cclasses[0]); + *bufnextp = bufnext; + *patternp += len + 3; + + return 0; +} /* * The main glob() routine: compiles the pattern (optionally processing @@ -427,7 +468,7 @@ glob0(const Char *pattern, glob_t *pglob) if (c == NOT) ++qpatnext; if (*qpatnext == EOS || - g_strchr((Char *) qpatnext+1, RBRACKET) == NULL) { + g_strchr(qpatnext+1, RBRACKET) == NULL) { *bufnext++ = LBRACKET; if (c == NOT) --qpatnext; @@ -438,6 +479,20 @@ glob0(const Char *pattern, glob_t *pglob) *bufnext++ = M_NOT; c = *qpatnext++; do { + if (c == LBRACKET && *qpatnext == ':') { + do { + err = g_charclass(&qpatnext, + &bufnext); + if (err) + break; + c = *qpatnext++; + } while (c == LBRACKET && *qpatnext == ':'); + if (err == -1 && + !(pglob->gl_flags & GLOB_NOCHECK)) + return GLOB_NOMATCH; + if (c == RBRACKET) + break; + } *bufnext++ = CHAR(c); if (*qpatnext == RANGE && (c = qpatnext[1]) != RBRACKET) { @@ -484,7 +539,7 @@ glob0(const Char *pattern, glob_t *pglob) if ((pglob->gl_flags & GLOB_NOCHECK) || ((pglob->gl_flags & GLOB_NOMAGIC) && !(pglob->gl_flags & GLOB_MAGCHAR))) - return(globextend(pattern, pglob, &limit)); + return(globextend(pattern, pglob, &limit, NULL)); else return(GLOB_NOMATCH); } @@ -547,7 +602,7 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, *pathend = EOS; } ++pglob->gl_matchc; - return(globextend(pathbuf, pglob, limitp)); + return(globextend(pathbuf, pglob, limitp, &sb)); } /* Find end of next segment, copy tentatively to pathend. */ @@ -670,25 +725,40 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, * gl_pathv points to (gl_offs + gl_pathc + 1) items. */ static int -globextend(const Char *path, glob_t *pglob, size_t *limitp) +globextend(const Char *path, glob_t *pglob, size_t *limitp, struct stat *sb) { char **pathv; - int i; - u_int newsize, len; - char *copy; + ssize_t i; + size_t newn, len; + char *copy = NULL; const Char *p; - - newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); - pathv = pglob->gl_pathv ? realloc((char *)pglob->gl_pathv, newsize) : - malloc(newsize); - if (pathv == NULL) { + struct stat **statv; + + newn = 2 + pglob->gl_pathc + pglob->gl_offs; + if (SIZE_MAX / sizeof(*pathv) <= newn || + SIZE_MAX / sizeof(*statv) <= newn) { + nospace: + for (i = pglob->gl_offs; i < newn - 2; i++) { + if (pglob->gl_pathv && pglob->gl_pathv[i]) + free(pglob->gl_pathv[i]); + if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 && + pglob->gl_pathv && pglob->gl_pathv[i]) + free(pglob->gl_statv[i]); + } if (pglob->gl_pathv) { free(pglob->gl_pathv); pglob->gl_pathv = NULL; } + if (pglob->gl_statv) { + free(pglob->gl_statv); + pglob->gl_statv = NULL; + } return(GLOB_NOSPACE); } + pathv = realloc(pglob->gl_pathv, newn * sizeof(*pathv)); + if (pathv == NULL) + goto nospace; if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { /* first time around -- clear initial gl_offs items */ pathv += pglob->gl_offs; @@ -697,6 +767,29 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp) } pglob->gl_pathv = pathv; + if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0) { + statv = realloc(pglob->gl_statv, newn * sizeof(*statv)); + if (statv == NULL) + goto nospace; + if (pglob->gl_statv == NULL && pglob->gl_offs > 0) { + /* first time around -- clear initial gl_offs items */ + statv += pglob->gl_offs; + for (i = pglob->gl_offs; --i >= 0; ) + *--statv = NULL; + } + pglob->gl_statv = statv; + if (sb == NULL) + statv[pglob->gl_offs + pglob->gl_pathc] = NULL; + else { + if ((statv[pglob->gl_offs + pglob->gl_pathc] = + malloc(sizeof(**statv))) == NULL) + goto copy_error; + memcpy(statv[pglob->gl_offs + pglob->gl_pathc], sb, + sizeof(*sb)); + } + statv[pglob->gl_offs + pglob->gl_pathc + 1] = NULL; + } + for (p = path; *p++;) ; len = (size_t)(p - path); @@ -711,11 +804,11 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp) pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; if ((pglob->gl_flags & GLOB_LIMIT) && - newsize + *limitp >= (u_int) get_arg_max()) { + (newn * sizeof(*pathv)) + *limitp >= ARG_MAX) { errno = 0; return(GLOB_NOSPACE); } - + copy_error: return(copy == NULL ? GLOB_NOSPACE : 0); } @@ -751,13 +844,21 @@ match(Char *name, Char *pat, Char *patend) return(0); if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS) ++pat; - while (((c = *pat++) & M_MASK) != M_END) + while (((c = *pat++) & M_MASK) != M_END) { + if ((c & M_MASK) == M_CLASS) { + int idx = *pat & M_MASK; + if (idx < NCCLASSES && + cclasses[idx].isctype(k)) + ok = 1; + ++pat; + } if ((*pat & M_MASK) == M_RNG) { if (c <= k && k <= pat[1]) ok = 1; pat += 2; } else if (c == k) ok = 1; + } if (ok == negate_range) return(0); break; @@ -785,6 +886,14 @@ globfree(glob_t *pglob) free(pglob->gl_pathv); pglob->gl_pathv = NULL; } + if (pglob->gl_statv != NULL) { + for (i = 0; i < pglob->gl_pathc; i++) { + if (pglob->gl_statv[i] != NULL) + free(pglob->gl_statv[i]); + } + free(pglob->gl_statv); + pglob->gl_statv = NULL; + } } static DIR * @@ -830,11 +939,11 @@ g_stat(Char *fn, struct stat *sb, glob_t *pglob) } static Char * -g_strchr(Char *str, int ch) +g_strchr(const Char *str, int ch) { do { if (*str == ch) - return (str); + return ((Char *)str); } while (*str++); return (NULL); } @@ -870,5 +979,4 @@ qprintf(const char *str, Char *s) #endif #endif /* !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || - !defined(GLOB_HAS_GL_MATCHC) */ - + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) */ diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index a2b36f974..8ea391306 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.h,v 1.10 2005/12/13 00:35:22 millert Exp $ */ +/* $OpenBSD: glob.h,v 1.11 2010/09/24 13:32:55 djm Exp $ */ /* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ /* @@ -38,13 +38,16 @@ /* OPENBSD ORIGINAL: include/glob.h */ #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) || \ + !defined(GLOB_HAS_GL_MATCHC) || !define(GLOB_HAS_GL_STATV) \ !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ defined(BROKEN_GLOB) #ifndef _GLOB_H_ #define _GLOB_H_ +#include +#include + struct stat; typedef struct { int gl_pathc; /* Count of total paths so far. */ @@ -52,6 +55,7 @@ typedef struct { int gl_offs; /* Reserved at beginning of gl_pathv. */ int gl_flags; /* Copy of flags parameter to glob. */ char **gl_pathv; /* List of paths matching pattern. */ + struct stat **gl_statv; /* Stat entries corresponding to gl_pathv */ /* Copy of errfunc parameter to glob. */ int (*gl_errfunc)(const char *, int); @@ -75,12 +79,10 @@ typedef struct { #define GLOB_NOSORT 0x0020 /* Don't sort. */ #define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */ -/* Error values returned by glob(3) */ #define GLOB_NOSPACE (-1) /* Malloc call failed. */ #define GLOB_ABORTED (-2) /* Unignored error. */ #define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */ #define GLOB_NOSYS (-4) /* Function not supported. */ -#define GLOB_ABEND GLOB_ABORTED #define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ #define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ @@ -89,6 +91,8 @@ typedef struct { #define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ #define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ #define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */ +#define GLOB_KEEPSTAT 0x4000 /* Retain stat data for paths in gl_statv. */ +#define GLOB_ABEND GLOB_ABORTED /* backward compatibility */ int glob(const char *, int, int (*)(const char *, int), glob_t *); void globfree(glob_t *); @@ -96,5 +100,5 @@ void globfree(glob_t *); #endif /* !_GLOB_H_ */ #endif /* !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || - !defined(GLOB_HAS_GL_MATCHC */ + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOH_HAS_GL_STATV) */ diff --git a/sftp.c b/sftp.c index f6cadd113..46bee1982 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.127 2010/09/23 13:34:43 jmc Exp $ */ +/* $OpenBSD: sftp.c,v 1.128 2010/09/25 09:30:16 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -761,15 +761,18 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, glob_t g; u_int i, c = 1, colspace = 0, columns = 1; Attrib *a = NULL; + int err; + char *fname, *lname; memset(&g, 0, sizeof(g)); - if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, - NULL, &g) || (g.gl_pathc && !g.gl_matchc)) { + if (remote_glob(conn, path, + GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT, NULL, &g) || + (g.gl_pathc && !g.gl_matchc)) { if (g.gl_pathc) globfree(&g); error("Can't ls: \"%s\" not found", path); - return (-1); + return -1; } if (interrupted) @@ -779,19 +782,11 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, * If the glob returns a single match and it is a directory, * then just list its contents. */ - if (g.gl_matchc == 1) { - if ((a = do_lstat(conn, g.gl_pathv[0], 1)) == NULL) { - globfree(&g); - return (-1); - } - if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && - S_ISDIR(a->perm)) { - int err; - - err = do_ls_dir(conn, g.gl_pathv[0], strip_path, lflag); - globfree(&g); - return (err); - } + if (g.gl_matchc == 1 && g.gl_statv[0] != NULL && + S_ISDIR(g.gl_statv[0]->st_mode)) { + err = do_ls_dir(conn, g.gl_pathv[0], strip_path, lflag); + globfree(&g); + return err; } if (!(lflag & LS_SHORT_VIEW)) { @@ -811,27 +806,14 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) { - char *fname; - fname = path_strip(g.gl_pathv[i], strip_path); - if (lflag & LS_LONG_VIEW) { - char *lname; - struct stat sb; - - /* - * XXX: this is slow - 1 roundtrip per path - * A solution to this is to fork glob() and - * build a sftp specific version which keeps the - * attribs (which currently get thrown away) - * that the server returns as well as the filenames. - */ - memset(&sb, 0, sizeof(sb)); - if (a == NULL) - a = do_lstat(conn, g.gl_pathv[i], 1); - if (a != NULL) - attrib_to_stat(a, &sb); - lname = ls_file(fname, &sb, 1, (lflag & LS_SI_UNITS)); + if (g.gl_statv[i] == NULL) { + error("no stat information for %s", fname); + continue; + } + lname = ls_file(fname, g.gl_statv[i], 1, + (lflag & LS_SI_UNITS)); printf("%s\n", lname); xfree(lname); } else { @@ -852,7 +834,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, if (g.gl_pathc) globfree(&g); - return (0); + return 0; } static int -- cgit v1.2.3 From 68e2e56ea90d88f514672991a2ac11445df0e4ac Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 21:39:55 +1100 Subject: - djm@cvs.openbsd.org 2010/09/26 22:26:33 [sftp.c] when performing an "ls" in columnated (short) mode, only call ioctl(TIOCGWINSZ) once to get the window width instead of per- filename --- ChangeLog | 5 +++++ sftp.c | 18 ++++++++---------- 2 files changed, 13 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f6588cca3..b9d763a7a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,11 @@ rountrips to fetch per-file stat(2) information. NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to match. + - djm@cvs.openbsd.org 2010/09/26 22:26:33 + [sftp.c] + when performing an "ls" in columnated (short) mode, only call + ioctl(TIOCGWINSZ) once to get the window width instead of per- + filename 20100924 - (djm) OpenBSD CVS Sync diff --git a/sftp.c b/sftp.c index 46bee1982..7b4a85235 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.128 2010/09/25 09:30:16 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.129 2010/09/26 22:26:33 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -758,11 +758,12 @@ static int do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { - glob_t g; - u_int i, c = 1, colspace = 0, columns = 1; Attrib *a = NULL; - int err; char *fname, *lname; + glob_t g; + int err; + struct winsize ws; + u_int i, c = 1, colspace = 0, columns = 1, m = 0, width = 80; memset(&g, 0, sizeof(g)); @@ -789,17 +790,14 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, return err; } - if (!(lflag & LS_SHORT_VIEW)) { - u_int m = 0, width = 80; - struct winsize ws; + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) + width = ws.ws_col; + if (!(lflag & LS_SHORT_VIEW)) { /* Count entries for sort and find longest filename */ for (i = 0; g.gl_pathv[i]; i++) m = MAX(m, strlen(g.gl_pathv[i])); - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) - width = ws.ws_col; - columns = width / (m + 2); columns = MAX(columns, 1); colspace = width / columns; -- cgit v1.2.3 From c54b02c4eb82ed71449109774eecf5935bdc61bf Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 21:40:17 +1100 Subject: - djm@cvs.openbsd.org 2010/09/30 11:04:51 [servconf.c] prevent free() of string in .rodata when overriding AuthorizedKeys in a Match block; patch from rein AT basefarm.no --- ChangeLog | 4 ++++ servconf.c | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b9d763a7a..092374fc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ when performing an "ls" in columnated (short) mode, only call ioctl(TIOCGWINSZ) once to get the window width instead of per- filename + - djm@cvs.openbsd.org 2010/09/30 11:04:51 + [servconf.c] + prevent free() of string in .rodata when overriding AuthorizedKeys in + a Match block; patch from rein AT basefarm.no 20100924 - (djm) OpenBSD CVS Sync diff --git a/servconf.c b/servconf.c index d26a7db05..41c9c6964 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.211 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -259,12 +259,12 @@ fill_default_server_options(ServerOptions *options) if (options->authorized_keys_file2 == NULL) { /* authorized_keys_file2 falls back to authorized_keys_file */ if (options->authorized_keys_file != NULL) - options->authorized_keys_file2 = options->authorized_keys_file; + options->authorized_keys_file2 = xstrdup(options->authorized_keys_file); else - options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; + options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); } if (options->authorized_keys_file == NULL) - options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; if (options->zero_knowledge_password_authentication == -1) -- cgit v1.2.3 From 9a3d0dc062e4ebcafdc399ed8522df97066b139e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:06:42 +1100 Subject: - djm@cvs.openbsd.org 2010/10/01 23:05:32 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] adapt to API changes in openssl-1.0.0a NB. contains compat code to select correct API for older OpenSSL --- ChangeLog | 5 +++++ cipher-3des1.c | 5 +++-- cipher-acss.c | 2 +- cipher-aes.c | 2 +- cipher-bf1.c | 8 +++++--- cipher-ctr.c | 12 ++++++------ openbsd-compat/openssl-compat.h | 9 ++++++++- 7 files changed, 29 insertions(+), 14 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 092374fc5..9628478e7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ 20101007 + - (djm) [ssh-agent.c] Fix type for curve name. - (djm) OpenBSD CVS Sync - matthew@cvs.openbsd.org 2010/09/24 13:33:00 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] @@ -22,6 +23,10 @@ [servconf.c] prevent free() of string in .rodata when overriding AuthorizedKeys in a Match block; patch from rein AT basefarm.no + - djm@cvs.openbsd.org 2010/10/01 23:05:32 + [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] + adapt to API changes in openssl-1.0.0a + NB. contains compat code to select correct API for older OpenSSL 20100924 - (djm) OpenBSD CVS Sync diff --git a/cipher-3des1.c b/cipher-3des1.c index 17a13a133..b7aa588cd 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-3des1.c,v 1.6 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -103,7 +103,8 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, } static int -ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) +ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, + LIBCRYPTO_EVP_INL_TYPE len) { struct ssh1_3des_ctx *c; diff --git a/cipher-acss.c b/cipher-acss.c index cb0bf736c..df74b0cb6 100644 --- a/cipher-acss.c +++ b/cipher-acss.c @@ -43,7 +43,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, - unsigned int inl) + LIBCRYPTO_EVP_INL_TYPE inl) { acss(&data(ctx)->ks,inl,in,out); return 1; diff --git a/cipher-aes.c b/cipher-aes.c index 3ea594969..bfda6d2f2 100644 --- a/cipher-aes.c +++ b/cipher-aes.c @@ -72,7 +72,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, static int ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, - u_int len) + LIBCRYPTO_EVP_INL_TYPE len) { struct ssh_rijndael_ctx *c; u_char buf[RIJNDAEL_BLOCKSIZE]; diff --git a/cipher-bf1.c b/cipher-bf1.c index e0e33b4c0..309509dd7 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-bf1.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: cipher-bf1.c,v 1.6 2010/10/01 23:05:32 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -76,10 +76,12 @@ static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key, } #endif -static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; +static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, + const u_char *, LIBCRYPTO_EVP_INL_TYPE) = NULL; static int -bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) +bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, + LIBCRYPTO_EVP_INL_TYPE len) { int ret; diff --git a/cipher-ctr.c b/cipher-ctr.c index 3b86cc10b..04975b4b6 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl * @@ -34,7 +34,7 @@ #endif const EVP_CIPHER *evp_aes_128_ctr(void); -void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); struct ssh_aes_ctr_ctx { @@ -48,7 +48,7 @@ struct ssh_aes_ctr_ctx * (LSB at ctr[len-1], MSB at ctr[0]) */ static void -ssh_ctr_inc(u_char *ctr, u_int len) +ssh_ctr_inc(u_char *ctr, size_t len) { int i; @@ -59,10 +59,10 @@ ssh_ctr_inc(u_char *ctr, u_int len) static int ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, - u_int len) + LIBCRYPTO_EVP_INL_TYPE len) { struct ssh_aes_ctr_ctx *c; - u_int n = 0; + size_t n = 0; u_char buf[AES_BLOCK_SIZE]; if (len == 0) @@ -113,7 +113,7 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) } void -ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len) +ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len) { struct ssh_aes_ctr_ctx *c; diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index b7caa650c..beb81f420 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.15 2010/05/12 07:50:02 djm Exp $ */ +/* $Id: openssl-compat.h,v 1.16 2010/10/07 11:06:44 djm Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -17,6 +17,7 @@ */ #include "includes.h" +#include #include #include #include @@ -39,6 +40,12 @@ # define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #endif +#if OPENSSL_VERSION_NUMBER < 0x1000000fL +# define LIBCRYPTO_EVP_INL_TYPE unsigned int +#else +# define LIBCRYPTO_EVP_INL_TYPE size_t +#endif + #if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES) # define USE_BUILTIN_RIJNDAEL #endif -- cgit v1.2.3 From 38d9a965bfc795fba1c000e0b42e705e2bcd34c9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:07:11 +1100 Subject: - djm@cvs.openbsd.org 2010/10/05 05:13:18 [sftp.c sshconnect.c] use default shell /bin/sh if $SHELL is ""; ok markus@ --- ChangeLog | 3 +++ sftp.c | 4 ++-- sshconnect.c | 6 +++--- 3 files changed, 8 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9628478e7..f5253a431 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,9 @@ [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] adapt to API changes in openssl-1.0.0a NB. contains compat code to select correct API for older OpenSSL + - djm@cvs.openbsd.org 2010/10/05 05:13:18 + [sftp.c sshconnect.c] + use default shell /bin/sh if $SHELL is ""; ok markus@ 20100924 - (djm) OpenBSD CVS Sync diff --git a/sftp.c b/sftp.c index 7b4a85235..1421fcb02 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.129 2010/09/26 22:26:33 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.130 2010/10/05 05:13:18 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -269,7 +269,7 @@ local_do_shell(const char *args) if (!*args) args = NULL; - if ((shell = getenv("SHELL")) == NULL) + if ((shell = getenv("SHELL")) == NULL || *shell == '\0') shell = _PATH_BSHELL; if ((pid = fork()) == -1) diff --git a/sshconnect.c b/sshconnect.c index 4d3a08551..6d2f1341c 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.225 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.226 2010/10/05 05:13:18 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -87,7 +87,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) pid_t pid; char *shell, strport[NI_MAXSERV]; - if ((shell = getenv("SHELL")) == NULL) + if ((shell = getenv("SHELL")) == NULL || *shell == '\0') shell = _PATH_BSHELL; /* Convert the port number into a string. */ @@ -1237,7 +1237,7 @@ ssh_local_cmd(const char *args) args == NULL || !*args) return (1); - if ((shell = getenv("SHELL")) == NULL) + if ((shell = getenv("SHELL")) == NULL || *shell == '\0') shell = _PATH_BSHELL; pid = fork(); -- cgit v1.2.3 From a41ccca643364b3b1b65d7a818577dd35360fa20 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:07:32 +1100 Subject: - djm@cvs.openbsd.org 2010/10/06 06:39:28 [clientloop.c ssh.c sshconnect.c sshconnect.h] kill proxy command on fatal() (we already kill it on clean exit); ok markus@ --- ChangeLog | 4 ++++ clientloop.c | 3 ++- ssh.c | 13 +++---------- sshconnect.c | 16 ++++++++++++++-- sshconnect.h | 3 ++- 5 files changed, 25 insertions(+), 14 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f5253a431..69711b9b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,10 @@ - djm@cvs.openbsd.org 2010/10/05 05:13:18 [sftp.c sshconnect.c] use default shell /bin/sh if $SHELL is ""; ok markus@ + - djm@cvs.openbsd.org 2010/10/06 06:39:28 + [clientloop.c ssh.c sshconnect.c sshconnect.h] + kill proxy command on fatal() (we already kill it on clean exit); + ok markus@ 20100924 - (djm) OpenBSD CVS Sync diff --git a/clientloop.c b/clientloop.c index de7979366..848aacd4a 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.222 2010/07/19 09:15:12 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.223 2010/10/06 06:39:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2129,5 +2129,6 @@ cleanup_exit(int i) leave_non_blocking(); if (options.control_path != NULL && muxserver_sock != -1) unlink(options.control_path); + ssh_kill_proxy_command(); _exit(i); } diff --git a/ssh.c b/ssh.c index 20de28a64..7632cf51e 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.352 2010/09/20 04:41:47 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.353 2010/10/06 06:39:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -183,9 +183,6 @@ int subsystem_flag = 0; /* # of replies received for global requests */ static int remote_forward_confirms_received = 0; -/* pid of proxycommand child process */ -pid_t proxy_command_pid = 0; - /* mux.c */ extern int muxserver_sock; extern u_int muxclient_command; @@ -921,12 +918,8 @@ main(int ac, char **av) if (options.control_path != NULL && muxserver_sock != -1) unlink(options.control_path); - /* - * Send SIGHUP to proxy command if used. We don't wait() in - * case it hangs and instead rely on init to reap the child - */ - if (proxy_command_pid > 1) - kill(proxy_command_pid, SIGHUP); + /* Kill ProxyCommand if it is running. */ + ssh_kill_proxy_command(); return exit_status; } diff --git a/sshconnect.c b/sshconnect.c index 6d2f1341c..c849ca393 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.226 2010/10/05 05:13:18 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.227 2010/10/06 06:39:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -66,12 +66,13 @@ char *server_version_string = NULL; static int matching_host_key_dns = 0; +static pid_t proxy_command_pid = 0; + /* import */ extern Options options; extern char *__progname; extern uid_t original_real_uid; extern uid_t original_effective_uid; -extern pid_t proxy_command_pid; static int show_other_keys(const char *, Key *); static void warn_changed_key(Key *); @@ -167,6 +168,17 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) return 0; } +void +ssh_kill_proxy_command(void) +{ + /* + * Send SIGHUP to proxy command if used. We don't wait() in + * case it hangs and instead rely on init to reap the child + */ + if (proxy_command_pid > 1) + kill(SIGHUP, proxy_command_pid); +} + /* * Creates a (possibly privileged) socket for use as the ssh connection. */ diff --git a/sshconnect.h b/sshconnect.h index c59a097f4..69163afbc 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.25 2009/05/27 06:38:16 andreas Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.26 2010/10/06 06:39:28 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -34,6 +34,7 @@ struct Sensitive { int ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int, int *, int, int, const char *); +void ssh_kill_proxy_command(void); void ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *, int); -- cgit v1.2.3 From 45fcdaa1cf21557a076660d701e6e7a068907374 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:07:58 +1100 Subject: - djm@cvs.openbsd.org 2010/10/06 21:10:21 [sshconnect.c] swapped args to kill(2) --- ChangeLog | 3 +++ sshconnect.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 69711b9b2..f1f6738f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,9 @@ [clientloop.c ssh.c sshconnect.c sshconnect.h] kill proxy command on fatal() (we already kill it on clean exit); ok markus@ + - djm@cvs.openbsd.org 2010/10/06 21:10:21 + [sshconnect.c] + swapped args to kill(2) 20100924 - (djm) OpenBSD CVS Sync diff --git a/sshconnect.c b/sshconnect.c index c849ca393..2cbd47d0c 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.227 2010/10/06 06:39:28 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.228 2010/10/06 21:10:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -176,7 +176,7 @@ ssh_kill_proxy_command(void) * case it hangs and instead rely on init to reap the child */ if (proxy_command_pid > 1) - kill(SIGHUP, proxy_command_pid); + kill(proxy_command_pid, SIGHUP); } /* -- cgit v1.2.3 From 37f4f1892f1af1dd9f3a646f79ff8afaf9c8a646 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:10:38 +1100 Subject: - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. --- ChangeLog | 1 + openbsd-compat/glob.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f1f6738f3..3ddf1f961 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,7 @@ - djm@cvs.openbsd.org 2010/10/06 21:10:21 [sshconnect.c] swapped args to kill(2) + - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 20100924 - (djm) OpenBSD CVS Sync diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 7bbe6c71a..e52bef729 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -804,7 +804,7 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp, struct stat *sb) pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; if ((pglob->gl_flags & GLOB_LIMIT) && - (newn * sizeof(*pathv)) + *limitp >= ARG_MAX) { + (newn * sizeof(*pathv)) + *limitp >= (u_int) get_arg_max()) { errno = 0; return(GLOB_NOSPACE); } -- cgit v1.2.3 From 80e99539385bf55f09f4e0fa3e37b5eff9cc9cbe Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:12:08 +1100 Subject: - (djm) [cipher-acss.c] Add missing header. --- ChangeLog | 1 + cipher-acss.c | 1 + 2 files changed, 2 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3ddf1f961..8d8615bb6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,7 @@ [sshconnect.c] swapped args to kill(2) - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. + - (djm) [cipher-acss.c] Add missing header. 20100924 - (djm) OpenBSD CVS Sync diff --git a/cipher-acss.c b/cipher-acss.c index df74b0cb6..e755f92b9 100644 --- a/cipher-acss.c +++ b/cipher-acss.c @@ -23,6 +23,7 @@ #if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) #include "acss.h" +#include "openbsd-compat/openssl-compat.h" #define data(ctx) ((EVP_ACSS_KEY *)(ctx)->cipher_data) -- cgit v1.2.3 From 88b844f19b93c68dff1700effb4d42959caea91a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:19:23 +1100 Subject: - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp --- ChangeLog | 1 + openbsd-compat/Makefile.in | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 8d8615bb6..60089f763 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,7 @@ swapped args to kill(2) - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. - (djm) [cipher-acss.c] Add missing header. + - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 20100924 - (djm) OpenBSD CVS Sync diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index d22efd66c..41b22d837 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.45 2010/08/16 03:15:23 dtucker Exp $ +# $Id: Makefile.in,v 1.46 2010/10/07 11:19:24 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o -- cgit v1.2.3 From 1f78980099b72270538b671a40b6052e8875d0b3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 11 Oct 2010 22:35:22 +1100 Subject: - (djm) [configure.ac] Use = instead of == in shell tests. Patch from dr AT vasco.com --- ChangeLog | 4 ++++ configure.ac | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 60089f763..001b8bc20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101011 + - (djm) [configure.ac] Use = instead of == in shell tests. Patch from + dr AT vasco.com + 20101007 - (djm) [ssh-agent.c] Fix type for curve name. - (djm) OpenBSD CVS Sync diff --git a/configure.ac b/configure.ac index 4deb0fe2e..2b57e8e06 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.454 2010/10/07 10:39:17 djm Exp $ +# $Id: configure.ac,v 1.455 2010/10/11 11:35:23 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.454 $) +AC_REVISION($Revision: 1.455 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1295,7 +1295,7 @@ AC_ARG_WITH(libedit, LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi fi - if test "x$use_pkgconfig_for_libedit" == "xyes"; then + if test "x$use_pkgconfig_for_libedit" = "xyes"; then LIBEDIT=`$PKGCONFIG --libs-only-l libedit` CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" else -- cgit v1.2.3 From 47e57bfab40ba681edf47e136474fe30db2dab73 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 12 Oct 2010 13:28:12 +1100 Subject: - (djm) [canohost.c] Zero a4 instead of addr to better match type. bz#1825, reported by foo AT mailinator.com --- ChangeLog | 4 ++++ canohost.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 001b8bc20..0f6b2c91d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101011 + - (djm) [canohost.c] Zero a4 instead of addr to better match type. + bz#1825, reported by foo AT mailinator.com + 20101011 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from dr AT vasco.com diff --git a/canohost.c b/canohost.c index ef94d9155..dabd8a31a 100644 --- a/canohost.c +++ b/canohost.c @@ -199,7 +199,7 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr)); port = a6->sin6_port; - memset(addr, 0, sizeof(*a4)); + bzero(a4, sizeof(*a4)); a4->sin_family = AF_INET; *len = sizeof(*a4); -- cgit v1.2.3 From 9c0c31d2db8563b21e15d920ee589c891593a006 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 12 Oct 2010 13:30:44 +1100 Subject: - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) --- ChangeLog | 1 + sshconnect.c | 1 + 2 files changed, 2 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0f6b2c91d..1f358d483 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20101011 - (djm) [canohost.c] Zero a4 instead of addr to better match type. bz#1825, reported by foo AT mailinator.com + - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 20101011 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from diff --git a/sshconnect.c b/sshconnect.c index 2cbd47d0c..78068c602 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -34,6 +34,7 @@ #include #endif #include +#include #include #include #include -- cgit v1.2.3 From 68512c034140611e9df7a52e12ac5e4cd19f2db1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 21 Oct 2010 15:21:11 +1100 Subject: - OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 [mux.c] Typo in confirmation message. bz#1827, patch from imorgan at nas nasa gov --- ChangeLog | 7 +++++++ mux.c | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1f358d483..c0e3d3bf3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20101021 + - OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 + [mux.c] + Typo in confirmation message. bz#1827, patch from imorgan at + nas nasa gov + 20101011 - (djm) [canohost.c] Zero a4 instead of addr to better match type. bz#1825, reported by foo AT mailinator.com diff --git a/mux.c b/mux.c index c010b614e..f1f7e6b13 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.22 2010/09/20 07:19:27 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.23 2010/10/12 02:22:24 dtucker Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -879,7 +879,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) if (options.control_master == SSHCTL_MASTER_ASK || options.control_master == SSHCTL_MASTER_AUTO_ASK) { - if (!ask_permission("Allow forward to to %s:%u? ", + if (!ask_permission("Allow forward to %s:%u? ", chost, cport)) { debug2("%s: stdio fwd refused by user", __func__); /* prepare reply */ -- cgit v1.2.3 From 6fd2d7de4b4ea3a361141cbe56f70bf70710546c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 21 Oct 2010 15:27:14 +1100 Subject: - djm@cvs.openbsd.org 2010/08/31 12:24:09 [regress/cert-hostkey.sh regress/cert-userkey.sh] tests for ECDSA certificates --- ChangeLog | 3 +++ regress/cert-hostkey.sh | 23 ++++++++++++++++------- regress/cert-userkey.sh | 19 +++++++++++++------ 3 files changed, 32 insertions(+), 13 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c0e3d3bf3..de3fb011c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ [mux.c] Typo in confirmation message. bz#1827, patch from imorgan at nas nasa gov + - djm@cvs.openbsd.org 2010/08/31 12:24:09 + [regress/cert-hostkey.sh regress/cert-userkey.sh] + tests for ECDSA certificates 20101011 - (djm) [canohost.c] Zero a4 instead of addr to better match type. diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 0265e8f6b..22ae4999d 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.4 2010/04/16 01:58:45 djm Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.5 2010/08/31 12:24:09 djm Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -18,7 +18,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ ) > $OBJ/known_hosts-cert # Generate and sign host keys -for ktype in rsa dsa ; do +for ktype in rsa dsa ecdsa ; do verbose "$tid: sign host ${ktype} cert" # Generate and sign a host key ${SSHKEYGEN} -q -N '' -t ${ktype} \ @@ -28,6 +28,8 @@ for ktype in rsa dsa ; do -I "regress host key for $USER" \ -n $HOSTS $OBJ/cert_host_key_${ktype} || fail "couldn't sign cert_host_key_${ktype}" + # v00 ecdsa certs do not exist + test "{ktype}" = "ecdsa" && continue cp $OBJ/cert_host_key_${ktype} $OBJ/cert_host_key_${ktype}_v00 cp $OBJ/cert_host_key_${ktype}.pub $OBJ/cert_host_key_${ktype}_v00.pub ${SSHKEYGEN} -t v00 -h -q -s $OBJ/host_ca_key \ @@ -38,7 +40,7 @@ done # Basic connect tests for privsep in yes no ; do - for ktype in rsa dsa rsa_v00 dsa_v00; do + for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do verbose "$tid: host ${ktype} cert connect privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -66,6 +68,9 @@ done cat $OBJ/cert_host_key_rsa.pub echon '@revoked ' echon "* " + cat $OBJ/cert_host_key_ecdsa.pub + echon '@revoked ' + echon "* " cat $OBJ/cert_host_key_dsa.pub echon '@revoked ' echon "* " @@ -75,7 +80,7 @@ done cat $OBJ/cert_host_key_dsa_v00.pub ) > $OBJ/known_hosts-cert for privsep in yes no ; do - for ktype in rsa dsa rsa_v00 dsa_v00; do + for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do verbose "$tid: host ${ktype} revoked cert privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -102,7 +107,7 @@ done echon "* " cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert -for ktype in rsa dsa rsa_v00 dsa_v00 ; do +for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do verbose "$tid: host ${ktype} revoked cert" ( cat $OBJ/sshd_proxy_bak @@ -173,7 +178,9 @@ test_one "cert has constraints" failure "-h -Oforce-command=false" # Check downgrade of cert to raw key when no CA found for v in v01 v00 ; do - for ktype in rsa dsa ; do + for ktype in rsa dsa ecdsa ; do + # v00 ecdsa certs do not exist. + test "${v}${ktype}" = "v00ecdsa" && continue rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* verbose "$tid: host ${ktype} ${v} cert downgrade to raw key" # Generate and sign a host key @@ -210,7 +217,9 @@ done cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert for v in v01 v00 ; do - for kt in rsa dsa ; do + for kt in rsa dsa ecdsa ; do + # v00 ecdsa certs do not exist. + test "${v}${ktype}" = "v00ecdsa" && continue rm -f $OBJ/cert_host_key* # Self-sign key ${SSHKEYGEN} -q -N '' -t ${kt} \ diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index a41a9a9c0..01f3b40a4 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.6 2010/06/29 23:59:54 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.7 2010/08/31 12:24:09 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -11,7 +11,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\ fail "ssh-keygen of user_ca_key failed" # Generate and sign user keys -for ktype in rsa dsa ; do +for ktype in rsa dsa ecdsa ; do verbose "$tid: sign user ${ktype} cert" ${SSHKEYGEN} -q -N '' -t ${ktype} \ -f $OBJ/cert_user_key_${ktype} || \ @@ -20,6 +20,8 @@ for ktype in rsa dsa ; do "regress user key for $USER" \ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || fail "couldn't sign cert_user_key_${ktype}" + # v00 ecdsa certs do not exist + test "{ktype}" = "ecdsa" && continue cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00 cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub ${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \ @@ -29,7 +31,7 @@ for ktype in rsa dsa ; do done # Test explicitly-specified principals -for ktype in rsa dsa rsa_v00 dsa_v00 ; do +for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do for privsep in yes no ; do _prefix="${ktype} privsep $privsep" @@ -155,7 +157,7 @@ basic_tests() { extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" fi - for ktype in rsa dsa rsa_v00 dsa_v00 ; do + for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do for privsep in yes no ; do _prefix="${ktype} privsep $privsep $auth" # Simple connect @@ -230,6 +232,11 @@ test_one() { for auth in $auth_choice ; do for ktype in rsa rsa_v00 ; do + case $ktype in + *_v00) keyv="-t v00" ;; + *) keyv="" ;; + esac + cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy if test "x$auth" = "xauthorized_keys" ; then # Add CA to authorized_keys @@ -249,7 +256,7 @@ test_one() { verbose "$tid: $ident auth $auth expect $result $ktype" ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ -I "regress user key for $USER" \ - $sign_opts \ + $sign_opts $keyv \ $OBJ/cert_user_key_${ktype} || fail "couldn't sign cert_user_key_${ktype}" @@ -302,7 +309,7 @@ test_one "principals key option no principals" failure "" \ # Wrong certificate cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy -for ktype in rsa dsa rsa_v00 dsa_v00 ; do +for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do case $ktype in *_v00) args="-t v00" ;; *) args="" ;; -- cgit v1.2.3 From a53939332dab05db474d75446211160b21a9742c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 24 Oct 2010 10:47:30 +1100 Subject: - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. --- ChangeLog | 3 +++ includes.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index de3fb011c..2843d9463 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20101024 + - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. + 20101021 - OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 diff --git a/includes.h b/includes.h index 6bb987807..b4c53d9b4 100644 --- a/includes.h +++ b/includes.h @@ -30,7 +30,7 @@ # include #endif #if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ - defined(GLOB_HAS_GL_MATCHC) && \ + defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ !defined(BROKEN_GLOB) # include -- cgit v1.2.3 From d78739ab90f6561d7fef5a7de495644868e01a24 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 24 Oct 2010 10:56:32 +1100 Subject: - sthen@cvs.openbsd.org 2010/10/23 22:06:12 [sftp.c] escape '[' in filename tab-completion; fix a type while there. ok djm@ --- ChangeLog | 5 +++++ sftp.c | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2843d9463..13f619a60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 20101024 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. + - (dtucker) OpenBSD CVS Sync + - sthen@cvs.openbsd.org 2010/10/23 22:06:12 + [sftp.c] + escape '[' in filename tab-completion; fix a type while there. + ok djm@ 20101021 - OpenBSD CVS Sync diff --git a/sftp.c b/sftp.c index 1421fcb02..d605505ea 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.130 2010/10/05 05:13:18 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.131 2010/10/23 22:06:12 sthen Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1725,6 +1725,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, case '"': case '\\': case '\t': + case '[': case ' ': if (quote == '\0' || tmp2[i] == quote) { if (el_insertstr(el, ins) == -1) @@ -1854,7 +1855,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) /* Tab Completion */ el_set(el, EL_ADDFN, "ftp-complete", - "Context senstive argument completion", complete); + "Context sensitive argument completion", complete); complete_ctx.conn = conn; complete_ctx.remote_pathp = &remote_path; el_set(el, EL_CLIENTDATA, (void*)&complete_ctx); -- cgit v1.2.3 From bfd9b1be41300a6a789873f990127ffb0438c333 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 24 Oct 2010 11:19:26 +1100 Subject: - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms which don't have ECC support in libcrypto. --- ChangeLog | 2 ++ regress/cert-hostkey.sh | 19 +++++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 13f619a60..990a7e536 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20101024 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. + - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms + which don't have ECC support in libcrypto. - (dtucker) OpenBSD CVS Sync - sthen@cvs.openbsd.org 2010/10/23 22:06:12 [sftp.c] diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 22ae4999d..7461beca6 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -3,6 +3,13 @@ tid="certified host keys" +# used to disable ECC based tests on platforms without ECC +ecdsa="" +if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1 +then + ecdsa=ecdsa +fi + rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak @@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ ) > $OBJ/known_hosts-cert # Generate and sign host keys -for ktype in rsa dsa ecdsa ; do +for ktype in rsa dsa $ecdsa ; do verbose "$tid: sign host ${ktype} cert" # Generate and sign a host key ${SSHKEYGEN} -q -N '' -t ${ktype} \ @@ -40,7 +47,7 @@ done # Basic connect tests for privsep in yes no ; do - for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do + for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do verbose "$tid: host ${ktype} cert connect privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -80,7 +87,7 @@ done cat $OBJ/cert_host_key_dsa_v00.pub ) > $OBJ/known_hosts-cert for privsep in yes no ; do - for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do + for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do verbose "$tid: host ${ktype} revoked cert privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -107,7 +114,7 @@ done echon "* " cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert -for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do +for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do verbose "$tid: host ${ktype} revoked cert" ( cat $OBJ/sshd_proxy_bak @@ -178,7 +185,7 @@ test_one "cert has constraints" failure "-h -Oforce-command=false" # Check downgrade of cert to raw key when no CA found for v in v01 v00 ; do - for ktype in rsa dsa ecdsa ; do + for ktype in rsa dsa $ecdsa ; do # v00 ecdsa certs do not exist. test "${v}${ktype}" = "v00ecdsa" && continue rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* @@ -217,7 +224,7 @@ done cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert for v in v01 v00 ; do - for kt in rsa dsa ecdsa ; do + for kt in rsa dsa $ecdsa ; do # v00 ecdsa certs do not exist. test "${v}${ktype}" = "v00ecdsa" && continue rm -f $OBJ/cert_host_key* -- cgit v1.2.3 From d633fef4712f87324516bd7e6c0314dfb37a5820 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 24 Oct 2010 11:33:07 +1100 Subject: - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms which don't have ECC support in libcrypto. --- ChangeLog | 2 ++ regress/cert-userkey.sh | 15 +++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 990a7e536..6cf9897d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms which don't have ECC support in libcrypto. + - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms + which don't have ECC support in libcrypto. - (dtucker) OpenBSD CVS Sync - sthen@cvs.openbsd.org 2010/10/23 22:06:12 [sftp.c] diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 01f3b40a4..a7760a2f6 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -3,6 +3,13 @@ tid="certified user keys" +# used to disable ECC based tests on platforms without ECC +ecdsa="" +if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1 +then + ecdsa=ecdsa +fi + rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak @@ -11,7 +18,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\ fail "ssh-keygen of user_ca_key failed" # Generate and sign user keys -for ktype in rsa dsa ecdsa ; do +for ktype in rsa dsa $ecdsa ; do verbose "$tid: sign user ${ktype} cert" ${SSHKEYGEN} -q -N '' -t ${ktype} \ -f $OBJ/cert_user_key_${ktype} || \ @@ -31,7 +38,7 @@ for ktype in rsa dsa ecdsa ; do done # Test explicitly-specified principals -for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do +for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do for privsep in yes no ; do _prefix="${ktype} privsep $privsep" @@ -157,7 +164,7 @@ basic_tests() { extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" fi - for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do + for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do for privsep in yes no ; do _prefix="${ktype} privsep $privsep $auth" # Simple connect @@ -309,7 +316,7 @@ test_one "principals key option no principals" failure "" \ # Wrong certificate cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy -for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do +for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do case $ktype in *_v00) args="-t v00" ;; *) args="" ;; -- cgit v1.2.3 From 7bc236de2124070a68e6b2360418142b0784a526 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 24 Oct 2010 11:58:43 +1100 Subject: - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't have it. --- ChangeLog | 2 ++ defines.h | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6cf9897d1..df2e7295e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ which don't have ECC support in libcrypto. - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms which don't have ECC support in libcrypto. + - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't + have it. - (dtucker) OpenBSD CVS Sync - sthen@cvs.openbsd.org 2010/10/23 22:06:12 [sftp.c] diff --git a/defines.h b/defines.h index fe25170e6..49c901aff 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.160 2010/04/09 08:13:27 dtucker Exp $ */ +/* $Id: defines.h,v 1.161 2010/10/24 00:58:44 dtucker Exp $ */ /* Constants */ @@ -250,6 +250,10 @@ typedef unsigned char u_char; #define SIZE_T_MAX ULONG_MAX #endif /* SIZE_T_MAX */ +#ifndef SIZE_MAX +#define SIZE_MAX UINT_MAX +#endif + #ifndef HAVE_SIZE_T typedef unsigned int size_t; # define HAVE_SIZE_T -- cgit v1.2.3 From bdd3e67c1965c262ae6a6ae1ac88d06dc4393bda Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 24 Oct 2010 18:35:55 -0700 Subject: - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 1.12 to unbreak Solaris build. ok djm@ --- ChangeLog | 5 +++++ openbsd-compat/glob.h | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index df2e7295e..f48cbb5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20101025 + - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with + 1.12 to unbreak Solaris build. + ok djm@ + 20101024 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index 4de16ffc8..f8a7fa5ff 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -45,7 +45,6 @@ #ifndef _GLOB_H_ #define _GLOB_H_ -#include #include struct stat; -- cgit v1.2.3 From 54b1f3121df1317627a52d9b6d1d854ad977cf76 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 25 Oct 2010 16:54:28 +1100 Subject: - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a native one. --- ChangeLog | 2 ++ defines.h | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f48cbb5c9..bed73463a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 1.12 to unbreak Solaris build. ok djm@ + - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a + native one. 20101024 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. diff --git a/defines.h b/defines.h index 49c901aff..61203c3fe 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.161 2010/10/24 00:58:44 dtucker Exp $ */ +/* $Id: defines.h,v 1.162 2010/10/25 05:54:28 dtucker Exp $ */ /* Constants */ @@ -250,16 +250,16 @@ typedef unsigned char u_char; #define SIZE_T_MAX ULONG_MAX #endif /* SIZE_T_MAX */ -#ifndef SIZE_MAX -#define SIZE_MAX UINT_MAX -#endif - #ifndef HAVE_SIZE_T typedef unsigned int size_t; # define HAVE_SIZE_T # define SIZE_T_MAX UINT_MAX #endif /* HAVE_SIZE_T */ +#ifndef SIZE_MAX +#define SIZE_MAX SIZE_T_MAX +#endif + #ifndef HAVE_SSIZE_T typedef int ssize_t; # define HAVE_SSIZE_T -- cgit v1.2.3 From 3a0e9f6479d50a95b5ccd7d7668b0ff45571de9c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Nov 2010 10:16:34 +1100 Subject: - djm@cvs.openbsd.org 2010/09/22 12:26:05 [regress/Makefile regress/kextype.sh] regress test for each of the key exchange algorithms that we support --- ChangeLog | 6 ++++++ regress/Makefile | 5 +++-- regress/kextype.sh | 26 ++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 regress/kextype.sh (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index bed73463a..2e7f92c94 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20101105 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/09/22 12:26:05 + [regress/Makefile regress/kextype.sh] + regress test for each of the key exchange algorithms that we support + 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 1.12 to unbreak Solaris build. diff --git a/regress/Makefile b/regress/Makefile index 9762ab204..f51307f02 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.54 2010/06/27 19:19:56 phessler Exp $ +# $OpenBSD: Makefile,v 1.55 2010/08/31 12:24:25 djm Exp $ -REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec +REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec tests: $(REGRESS_TARGETS) # Interop tests are not run by default @@ -61,6 +61,7 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ + t8.out t8.out.pub t9.out t9.out.pub \ authorized_keys_${USER} known_hosts pidfile \ ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ diff --git a/regress/kextype.sh b/regress/kextype.sh new file mode 100644 index 000000000..ba6fd9509 --- /dev/null +++ b/regress/kextype.sh @@ -0,0 +1,26 @@ +# $OpenBSD: kextype.sh,v 1.1 2010/09/22 12:26:05 djm Exp $ +# Placed in the Public Domain. + +tid="login with different key exchange algorithms" + +TIME=/usr/bin/time +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak +cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak + +kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521" +kextypes="$kextypes diffie-hellman-group-exchange-sha256" +kextypes="$kextypes diffie-hellman-group-exchange-sha1" +kextypes="$kextypes diffie-hellman-group14-sha1" +kextypes="$kextypes diffie-hellman-group1-sha1" + +tries="1 2 3 4" +for k in $kextypes; do + verbose "kex $k" + for i in $tries; do + ${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true + if [ $? -ne 0 ]; then + fail "ssh kex $k" + fi + done +done + -- cgit v1.2.3 From b472a90d4ceca15620aa525099bf4b2d5ba8a59b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Nov 2010 10:19:49 +1100 Subject: - djm@cvs.openbsd.org 2010/10/28 11:22:09 [authfile.c key.c key.h ssh-keygen.c] fix a possible NULL deref on loading a corrupt ECDH key store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things. --- ChangeLog | 8 ++++++++ authfile.c | 14 +++++--------- key.c | 31 ++++++++++++++++++++++--------- key.h | 4 ++-- ssh-keygen.c | 5 ++--- 5 files changed, 39 insertions(+), 23 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2e7f92c94..79419367e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,14 @@ - djm@cvs.openbsd.org 2010/09/22 12:26:05 [regress/Makefile regress/kextype.sh] regress test for each of the key exchange algorithms that we support + - djm@cvs.openbsd.org 2010/10/28 11:22:09 + [authfile.c key.c key.h ssh-keygen.c] + fix a possible NULL deref on loading a corrupt ECDH key + + store ECDH group information in private keys files as "named groups" + rather than as a set of explicit group parameters (by setting + the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and + retrieves the group's OpenSSL NID that we need for various things. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/authfile.c b/authfile.c index b1e3eda5c..7f98ab547 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.84 2010/09/08 03:54:36 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.85 2010/10/28 11:22:09 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -523,13 +523,9 @@ key_load_private_pem(int fd, int type, const char *passphrase, prv = key_new(KEY_UNSPEC); prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); prv->type = KEY_ECDSA; - prv->ecdsa_nid = key_ecdsa_group_to_nid( - EC_KEY_get0_group(prv->ecdsa)); - if (key_curve_nid_to_name(prv->ecdsa_nid) == NULL) { - key_free(prv); - prv = NULL; - } - if (key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), + if ((prv->ecdsa_nid = key_ecdsa_key_to_nid(prv->ecdsa)) == -1 || + key_curve_nid_to_name(prv->ecdsa_nid) == NULL || + key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa), EC_KEY_get0_public_key(prv->ecdsa)) != 0 || key_ec_validate_private(prv->ecdsa) != 0) { error("%s: bad ECDSA key", __func__); @@ -538,7 +534,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, } name = "ecdsa w/o comment"; #ifdef DEBUG_PK - if (prv->ecdsa != NULL) + if (prv != NULL && prv->ecdsa != NULL) key_dump_ec_key(prv->ecdsa); #endif #endif /* OPENSSL_HAS_ECC */ diff --git a/key.c b/key.c index 196092de5..c71bf5b0a 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.93 2010/09/09 10:45:45 djm Exp $ */ +/* $OpenBSD: key.c,v 1.94 2010/10/28 11:22:09 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1053,12 +1053,8 @@ key_ecdsa_bits_to_nid(int bits) } #ifdef OPENSSL_HAS_ECC -/* - * This is horrid, but OpenSSL's PEM_read_PrivateKey seems not to restore - * the EC_GROUP nid when loading a key... - */ int -key_ecdsa_group_to_nid(const EC_GROUP *g) +key_ecdsa_key_to_nid(EC_KEY *k) { EC_GROUP *eg; int nids[] = { @@ -1067,23 +1063,39 @@ key_ecdsa_group_to_nid(const EC_GROUP *g) NID_secp521r1, -1 }; + int nid; u_int i; BN_CTX *bnctx; + const EC_GROUP *g = EC_KEY_get0_group(k); + /* + * The group may be stored in a ASN.1 encoded private key in one of two + * ways: as a "named group", which is reconstituted by ASN.1 object ID + * or explicit group parameters encoded into the key blob. Only the + * "named group" case sets the group NID for us, but we can figure + * it out for the other case by comparing against all the groups that + * are supported. + */ + if ((nid = EC_GROUP_get_curve_name(g)) > 0) + return nid; if ((bnctx = BN_CTX_new()) == NULL) fatal("%s: BN_CTX_new() failed", __func__); for (i = 0; nids[i] != -1; i++) { if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) fatal("%s: EC_GROUP_new_by_curve_name failed", __func__); - if (EC_GROUP_cmp(g, eg, bnctx) == 0) { - EC_GROUP_free(eg); + if (EC_GROUP_cmp(g, eg, bnctx) == 0) break; - } EC_GROUP_free(eg); } BN_CTX_free(bnctx); debug3("%s: nid = %d", __func__, nids[i]); + if (nids[i] != -1) { + /* Use the group with the NID attached */ + EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(k, eg) != 1) + fatal("%s: EC_KEY_set_group", __func__); + } return nids[i]; } @@ -1098,6 +1110,7 @@ ecdsa_generate_private_key(u_int bits, int *nid) fatal("%s: EC_KEY_new_by_curve_name failed", __func__); if (EC_KEY_generate_key(private) != 1) fatal("%s: EC_KEY_generate_key failed", __func__); + EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); return private; } #endif /* OPENSSL_HAS_ECC */ diff --git a/key.h b/key.h index 86a1d889c..ec5ac5eb8 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.32 2010/09/09 10:45:45 djm Exp $ */ +/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -121,7 +121,7 @@ const char * key_curve_nid_to_name(int); u_int key_curve_nid_to_bits(int); int key_ecdsa_bits_to_nid(int); #ifdef OPENSSL_HAS_ECC -int key_ecdsa_group_to_nid(const EC_GROUP *); +int key_ecdsa_key_to_nid(EC_KEY *); const EVP_MD * key_ec_nid_to_evpmd(int nid); int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); int key_ec_validate_private(const EC_KEY *); diff --git a/ssh-keygen.c b/ssh-keygen.c index bbd434b0b..560c4818a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.203 2010/09/02 17:21:50 naddy Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.204 2010/10/28 11:22:09 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -556,8 +556,7 @@ do_convert_from_pkcs8(Key **k, int *private) *k = key_new(KEY_UNSPEC); (*k)->type = KEY_ECDSA; (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); - (*k)->ecdsa_nid = key_ecdsa_group_to_nid( - EC_KEY_get0_group((*k)->ecdsa)); + (*k)->ecdsa_nid = key_ecdsa_key_to_nid((*k)->ecdsa); break; #endif default: -- cgit v1.2.3 From 55fa56505b81dea6143f3e59735ecfbe07fd2254 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Nov 2010 10:20:14 +1100 Subject: - jmc@cvs.openbsd.org 2010/10/28 18:33:28 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines; --- ChangeLog | 3 +++ scp.1 | 5 ++--- ssh-add.1 | 6 ++---- ssh-keygen.1 | 6 ++---- ssh.1 | 5 ++--- ssh_config.5 | 5 ++--- sshd.8 | 5 ++--- sshd_config.5 | 5 ++--- 8 files changed, 17 insertions(+), 23 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 79419367e..b58bd9184 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things. + - jmc@cvs.openbsd.org 2010/10/28 18:33:28 + [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] + knock out some "-*- nroff -*-" lines; 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/scp.1 b/scp.1 index 13a43f6b4..24b88b565 100644 --- a/scp.1 +++ b/scp.1 @@ -1,4 +1,3 @@ -.\" -*- nroff -*- .\" .\" scp.1 .\" @@ -9,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.52 2010/09/23 13:36:46 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.53 2010/10/28 18:33:28 jmc Exp $ .\" -.Dd $Mdocdate: September 23 2010 $ +.Dd $Mdocdate: October 28 2010 $ .Dt SCP 1 .Os .Sh NAME diff --git a/ssh-add.1 b/ssh-add.1 index 1862eed8d..fd48ff98f 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,6 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.54 2010/09/04 09:38:34 jmc Exp $ -.\" -.\" -*- nroff -*- +.\" $OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 4 2010 $ +.Dd $Mdocdate: October 28 2010 $ .Dt SSH-ADD 1 .Os .Sh NAME diff --git a/ssh-keygen.1 b/ssh-keygen.1 index b9700230b..205f741b8 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,6 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.100 2010/09/10 15:19:29 naddy Exp $ -.\" -.\" -*- nroff -*- +.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2010 $ +.Dd $Mdocdate: October 28 2010 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME diff --git a/ssh.1 b/ssh.1 index a3d66cb19..225649180 100644 --- a/ssh.1 +++ b/ssh.1 @@ -1,4 +1,3 @@ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.314 2010/09/22 08:30:08 jmc Exp $ -.Dd $Mdocdate: September 22 2010 $ +.\" $OpenBSD: ssh.1,v 1.315 2010/10/28 18:33:28 jmc Exp $ +.Dd $Mdocdate: October 28 2010 $ .Dt SSH 1 .Os .Sh NAME diff --git a/ssh_config.5 b/ssh_config.5 index 4a71e2af0..dd39bfafb 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -1,4 +1,3 @@ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.141 2010/09/22 08:30:08 jmc Exp $ -.Dd $Mdocdate: September 22 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.142 2010/10/28 18:33:28 jmc Exp $ +.Dd $Mdocdate: October 28 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME diff --git a/sshd.8 b/sshd.8 index 9d2efc7e1..5503b1331 100644 --- a/sshd.8 +++ b/sshd.8 @@ -1,4 +1,3 @@ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.259 2010/08/31 11:54:45 djm Exp $ -.Dd $Mdocdate: August 31 2010 $ +.\" $OpenBSD: sshd.8,v 1.260 2010/10/28 18:33:28 jmc Exp $ +.Dd $Mdocdate: October 28 2010 $ .Dt SSHD 8 .Os .Sh NAME diff --git a/sshd_config.5 b/sshd_config.5 index d87f60246..d0c02ca7c 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -1,4 +1,3 @@ -.\" -*- nroff -*- .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.127 2010/09/22 05:01:30 djm Exp $ -.Dd $Mdocdate: September 22 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.128 2010/10/28 18:33:28 jmc Exp $ +.Dd $Mdocdate: October 28 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME -- cgit v1.2.3 From 07331211949938b0dce95d6a8aae1500da9f5750 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Nov 2010 10:20:31 +1100 Subject: - djm@cvs.openbsd.org 2010/11/04 02:45:34 [sftp-server.c] umask should be parsed as octal. reported by candland AT xmission.com; ok markus@ --- ChangeLog | 4 ++++ sftp-server.c | 16 ++++++++-------- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b58bd9184..27a1a64d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ - jmc@cvs.openbsd.org 2010/10/28 18:33:28 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines; + - djm@cvs.openbsd.org 2010/11/04 02:45:34 + [sftp-server.c] + umask should be parsed as octal. reported by candland AT xmission.com; + ok markus@ 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/sftp-server.c b/sftp-server.c index a98ac2b6d..47edcd0aa 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.91 2010/01/13 01:40:16 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.92 2010/11/04 02:45:34 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1377,8 +1377,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; char *cp, buf[4*4096]; - const char *errmsg; - mode_t mask; + long mask; extern char *optarg; extern char *__progname; @@ -1412,11 +1411,12 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) error("Invalid log facility \"%s\"", optarg); break; case 'u': - mask = (mode_t)strtonum(optarg, 0, 0777, &errmsg); - if (errmsg != NULL) - fatal("Invalid umask \"%s\": %s", - optarg, errmsg); - (void)umask(mask); + errno = 0; + mask = strtol(optarg, &cp, 8); + if (mask < 0 || mask > 0777 || *cp != '\0' || + cp == optarg || (mask == 0 && errno != 0)) + fatal("Invalid umask \"%s\"", optarg); + (void)umask((mode_t)mask); break; case 'h': default: -- cgit v1.2.3 From 34ee4204c6051f5f48113903750738e8e055a778 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Nov 2010 10:52:37 +1100 Subject: - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of int. Should fix bz#1817 cleanly; ok dtucker@ --- ChangeLog | 2 ++ loginrec.c | 13 +++++++------ loginrec.h | 12 ++++++------ 3 files changed, 15 insertions(+), 12 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 27a1a64d6..636e4d3dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ 20101105 + - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of + int. Should fix bz#1817 cleanly; ok dtucker@ - OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/09/22 12:26:05 [regress/Makefile regress/kextype.sh] diff --git a/loginrec.c b/loginrec.c index 6f655cb16..95f14c46f 100644 --- a/loginrec.c +++ b/loginrec.c @@ -273,7 +273,7 @@ login_logout(struct logininfo *li) * try to retrieve lastlog information from wtmp/wtmpx. */ unsigned int -login_get_lastlog_time(const int uid) +login_get_lastlog_time(const uid_t uid) { struct logininfo li; @@ -297,7 +297,7 @@ login_get_lastlog_time(const int uid) * 0 on failure (will use OpenSSH's logging facilities for diagnostics) */ struct logininfo * -login_get_lastlog(struct logininfo *li, const int uid) +login_get_lastlog(struct logininfo *li, const uid_t uid) { struct passwd *pw; @@ -311,7 +311,8 @@ login_get_lastlog(struct logininfo *li, const int uid) */ pw = getpwuid(uid); if (pw == NULL) - fatal("%s: Cannot find account for uid %i", __func__, uid); + fatal("%s: Cannot find account for uid %ld", __func__, + (long)uid); /* No MIN_SIZEOF here - we absolutely *must not* truncate the * username (XXX - so check for trunc!) */ @@ -335,7 +336,7 @@ login_get_lastlog(struct logininfo *li, const int uid) * allocation fails, the program halts. */ struct -logininfo *login_alloc_entry(int pid, const char *username, +logininfo *login_alloc_entry(pid_t pid, const char *username, const char *hostname, const char *line) { struct logininfo *newli; @@ -363,7 +364,7 @@ login_free_entry(struct logininfo *li) * Returns: 1 */ int -login_init_entry(struct logininfo *li, int pid, const char *username, +login_init_entry(struct logininfo *li, pid_t pid, const char *username, const char *hostname, const char *line) { struct passwd *pw; @@ -1496,7 +1497,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) if (S_ISREG(st.st_mode)) { /* find this uid's offset in the lastlog file */ - offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); + offset = (off_t) ((u_long)li->uid * sizeof(struct lastlog)); if (lseek(*fd, offset, SEEK_SET) != offset) { logit("%s: %s->lseek(): %s", __func__, diff --git a/loginrec.h b/loginrec.h index 84b486590..28923e781 100644 --- a/loginrec.h +++ b/loginrec.h @@ -63,8 +63,8 @@ struct logininfo { char progname[LINFO_PROGSIZE]; /* name of program (for PAM) */ int progname_null; short int type; /* type of login (LTYPE_*) */ - int pid; /* PID of login process */ - int uid; /* UID of this user */ + pid_t pid; /* PID of login process */ + uid_t uid; /* UID of this user */ char line[LINFO_LINESIZE]; /* tty/pty name */ char username[LINFO_NAMESIZE]; /* login username */ char hostname[LINFO_HOSTSIZE]; /* remote hostname */ @@ -86,12 +86,12 @@ struct logininfo { /** 'public' functions */ /* construct a new login entry */ -struct logininfo *login_alloc_entry(int pid, const char *username, +struct logininfo *login_alloc_entry(pid_t pid, const char *username, const char *hostname, const char *line); /* free a structure */ void login_free_entry(struct logininfo *li); /* fill out a pre-allocated structure with useful information */ -int login_init_entry(struct logininfo *li, int pid, const char *username, +int login_init_entry(struct logininfo *li, pid_t pid, const char *username, const char *hostname, const char *line); /* place the current time in a logininfo struct */ void login_set_current_time(struct logininfo *li); @@ -117,9 +117,9 @@ void login_set_addr(struct logininfo *li, const struct sockaddr *sa, * lastlog retrieval functions */ /* lastlog *entry* functions fill out a logininfo */ -struct logininfo *login_get_lastlog(struct logininfo *li, const int uid); +struct logininfo *login_get_lastlog(struct logininfo *li, const uid_t uid); /* lastlog *time* functions return time_t equivalent (uint) */ -unsigned int login_get_lastlog_time(const int uid); +unsigned int login_get_lastlog_time(const uid_t uid); /* produce various forms of the line filename */ char *line_fullname(char *dst, const char *src, u_int dstsize); -- cgit v1.2.3 From 97528353c2b4f27169ea9b81e5c4420c734ceea2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 12:03:05 +1100 Subject: - (dtucker) [configure.ac platform.{c,h} session.c openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. Patch from cory.erickson at csu mnscu edu with a bit of rework from me. ok djm@ --- ChangeLog | 4 ++++ configure.ac | 17 +++++++++++++++-- openbsd-compat/port-solaris.c | 32 +++++++++++++++++++++++++++++++- openbsd-compat/port-solaris.h | 5 ++++- platform.c | 12 +++++++++++- platform.h | 5 ++++- session.c | 2 ++ 7 files changed, 71 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 636e4d3dc..9622f1944 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,10 @@ [sftp-server.c] umask should be parsed as octal. reported by candland AT xmission.com; ok markus@ + - (dtucker) [configure.ac platform.{c,h} session.c + openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. + Patch from cory.erickson at csu mnscu edu with a bit of rework from me. + ok djm@ 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/configure.ac b/configure.ac index 2b57e8e06..39b68c70a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.455 2010/10/11 11:35:23 djm Exp $ +# $Id: configure.ac,v 1.456 2010/11/05 01:03:05 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.455 $) +AC_REVISION($Revision: 1.456 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -333,6 +333,7 @@ AC_CHECK_HEADERS(sys/mount.h, [], [], [ # Messages for features tested for in target-specific section SIA_MSG="no" SPC_MSG="no" +SP_MSG="no" # Check for some target-specific stuff case "$host" in @@ -704,6 +705,17 @@ mips-sony-bsd|mips-sony-newsos4) SPC_MSG="yes" ], ) ], ) + AC_ARG_WITH(solaris-projects, + [ --with-solaris-projects Enable Solaris projects (experimental)], + [ + AC_CHECK_LIB(project, setproject, + [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, + [Define if you have Solaris projects]) + SSHDLIBS="$SSHDLIBS -lproject" + AC_SUBST(SSHDLIBS) + SP_MSG="yes" ], ) + ], + ) ;; *-*-sunos4*) CPPFLAGS="$CPPFLAGS -DSUNOS4" @@ -4236,6 +4248,7 @@ echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" +echo " Solaris project support: $SP_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index 2ab64d487..25382f1c9 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -1,4 +1,4 @@ -/* $Id: port-solaris.c,v 1.3 2006/10/31 23:28:49 dtucker Exp $ */ +/* $Id: port-solaris.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -197,3 +197,33 @@ solaris_contract_post_fork_parent(pid_t pid) close(ctl_fd); } #endif + +#ifdef USE_SOLARIS_PROJECTS +#include +#include + +/* + * Get/set solaris default project. + * If we fail, just run along gracefully. + */ +void +solaris_set_default_project(struct passwd *pw) +{ + struct project *defaultproject; + struct project tempproject; + char buf[1024]; + + /* get default project, if we fail just return gracefully */ + if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, + sizeof(buf))) > 0) { + /* set default project */ + if (setproject(defaultproject->pj_name, pw->pw_name, + TASK_NORMAL) != 0) + debug("setproject(%s): %s", defaultproject->pj_name, + strerror(errno)); + } else { + /* debug on getdefaultproj() error */ + debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); + } +} +#endif /* USE_SOLARIS_PROJECTS */ diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h index 4c324871e..cd442e78b 100644 --- a/openbsd-compat/port-solaris.h +++ b/openbsd-compat/port-solaris.h @@ -1,4 +1,4 @@ -/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */ +/* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -20,8 +20,11 @@ #include +#include + void solaris_contract_pre_fork(void); void solaris_contract_post_fork_child(void); void solaris_contract_post_fork_parent(pid_t pid); +void solaris_set_default_project(struct passwd *); #endif diff --git a/platform.c b/platform.c index e3a428aaa..c894190b2 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.3 2009/12/20 23:49:22 dtucker Exp $ */ +/* $Id: platform.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -57,6 +57,16 @@ platform_post_fork_child(void) #endif } +void +platform_setusercontext(struct passwd *pw) +{ +#ifdef USE_SOLARIS_PROJECTS + /* if solaris projects were detected, set the default now */ + if (getuid() == 0 || geteuid() == 0) + solaris_set_default_project(pw); +#endif +} + char * platform_krb5_get_principal_name(const char *pw_name) { diff --git a/platform.h b/platform.h index 30a1d2259..f0cdd8037 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.4 2010/01/14 01:44:16 djm Exp $ */ +/* $Id: platform.h,v 1.5 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -18,10 +18,13 @@ #include +#include + void platform_pre_listen(void); void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); +void platform_setusercontext(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); diff --git a/session.c b/session.c index 71e4fbe7c..ab32bb55f 100644 --- a/session.c +++ b/session.c @@ -1469,6 +1469,8 @@ do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; + platform_setusercontext(pw); + #ifdef WITH_SELINUX /* Cache selinux status for later use */ (void)ssh_selinux_enabled(); -- cgit v1.2.3 From 920612e45ae8183226e8841ff27cdc54a8287ba2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 12:36:15 +1100 Subject: - (dtucker) [platform.c platform.h session.c] Add a platform hook to run after the user's groups are established and move the selinux calls into it. --- ChangeLog | 2 ++ platform.c | 23 ++++++++++++++++++++++- platform.h | 3 ++- session.c | 9 +-------- 4 files changed, 27 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9622f1944..d1a0cd0fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,8 @@ openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. Patch from cory.erickson at csu mnscu edu with a bit of rework from me. ok djm@ + - (dtucker) [platform.c platform.h session.c] Add a platform hook to run + after the user's groups are established and move the selinux calls into it. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index c894190b2..730e7b718 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ +/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -57,9 +57,18 @@ platform_post_fork_child(void) #endif } +/* + * This gets called before switching UIDs, and is called even when sshd is + * not running as root. + */ void platform_setusercontext(struct passwd *pw) { +#ifdef WITH_SELINUX + /* Cache selinux status for later use */ + (void)ssh_selinux_enabled(); +#endif + #ifdef USE_SOLARIS_PROJECTS /* if solaris projects were detected, set the default now */ if (getuid() == 0 || geteuid() == 0) @@ -67,6 +76,18 @@ platform_setusercontext(struct passwd *pw) #endif } +/* + * This gets called after we've established the user's groups, and is only + * called if sshd is running as root. + */ +void +platform_setusercontext_post_groups(struct passwd *pw) +{ +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif +} + char * platform_krb5_get_principal_name(const char *pw_name) { diff --git a/platform.h b/platform.h index f0cdd8037..be66d55c6 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.5 2010/11/05 01:03:05 dtucker Exp $ */ +/* $Id: platform.h,v 1.6 2010/11/05 01:36:15 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -25,6 +25,7 @@ void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); void platform_setusercontext(struct passwd *); +void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); diff --git a/session.c b/session.c index ab32bb55f..7994dd60b 100644 --- a/session.c +++ b/session.c @@ -1471,11 +1471,6 @@ do_setusercontext(struct passwd *pw) platform_setusercontext(pw); -#ifdef WITH_SELINUX - /* Cache selinux status for later use */ - (void)ssh_selinux_enabled(); -#endif - #ifndef HAVE_CYGWIN if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ @@ -1554,9 +1549,7 @@ do_setusercontext(struct passwd *pw) } #endif /* HAVE_SETPCRED */ -#ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); -#endif + platform_setusercontext_post_groups(pw); if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { -- cgit v1.2.3 From 4db380701d15727e43600e41a567d36177e4226e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 12:41:13 +1100 Subject: - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into platform.c --- ChangeLog | 2 ++ platform.c | 20 +++++++++++++++++++- session.c | 18 ------------------ 3 files changed, 21 insertions(+), 19 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d1a0cd0fd..cf6e00f6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,8 @@ ok djm@ - (dtucker) [platform.c platform.h session.c] Add a platform hook to run after the user's groups are established and move the selinux calls into it. + - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into + platform.c 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index 730e7b718..1604f8b59 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.5 2010/11/05 01:36:15 dtucker Exp $ */ +/* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -83,6 +83,24 @@ platform_setusercontext(struct passwd *pw) void platform_setusercontext_post_groups(struct passwd *pw) { +#ifdef HAVE_SETPCRED + /* + * If we have a chroot directory, we set all creds except real + * uid which we will need for chroot. If we don't have a + * chroot directory, we don't override anything. + */ + { + char **creds = NULL, *chroot_creds[] = + { "REAL_USER=root", NULL }; + + if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) + creds = chroot_creds; + + if (setpcred(pw->pw_name, creds) == -1) + fatal("Failed to set process credentials"); + } +#endif /* HAVE_SETPCRED */ #ifdef WITH_SELINUX ssh_selinux_setup_exec_context(pw->pw_name); #endif diff --git a/session.c b/session.c index 7994dd60b..78e7c5f50 100644 --- a/session.c +++ b/session.c @@ -1530,24 +1530,6 @@ do_setusercontext(struct passwd *pw) } # endif /* USE_LIBIAF */ #endif -#ifdef HAVE_SETPCRED - /* - * If we have a chroot directory, we set all creds except real - * uid which we will need for chroot. If we don't have a - * chroot directory, we don't override anything. - */ - { - char **creds = NULL, *chroot_creds[] = - { "REAL_USER=root", NULL }; - - if (options.chroot_directory != NULL && - strcasecmp(options.chroot_directory, "none") != 0) - creds = chroot_creds; - - if (setpcred(pw->pw_name, creds) == -1) - fatal("Failed to set process credentials"); - } -#endif /* HAVE_SETPCRED */ platform_setusercontext_post_groups(pw); -- cgit v1.2.3 From 44a97be0cc3ede56663b94548806465d2b090461 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 12:45:18 +1100 Subject: - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. --- ChangeLog | 1 + platform.c | 6 +++++- session.c | 3 --- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cf6e00f6b..002c88148 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,7 @@ after the user's groups are established and move the selinux calls into it. - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into platform.c + - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index 1604f8b59..20b478343 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.6 2010/11/05 01:41:13 dtucker Exp $ */ +/* $Id: platform.c,v 1.7 2010/11/05 01:45:18 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -74,6 +74,10 @@ platform_setusercontext(struct passwd *pw) if (getuid() == 0 || geteuid() == 0) solaris_set_default_project(pw); #endif + +#if defined(HAVE_LOGIN_CAP) && defined (__bsdi__) + setpgid(0, 0); +# endif } /* diff --git a/session.c b/session.c index 78e7c5f50..0775d78d2 100644 --- a/session.c +++ b/session.c @@ -1476,9 +1476,6 @@ do_setusercontext(struct passwd *pw) #endif /* HAVE_CYGWIN */ { #ifdef HAVE_LOGIN_CAP -# ifdef __bsdi__ - setpgid(0, 0); -# endif # ifdef USE_PAM if (options.use_pam) { do_pam_setcred(use_privsep); -- cgit v1.2.3 From fd4d8aa2cbe0acad520ab168656759cb46054c03 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 12:50:41 +1100 Subject: - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to retain previous behavior. --- ChangeLog | 2 ++ platform.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 002c88148..3f415d7dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,8 @@ - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into platform.c - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. + - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to + retain previous behavior. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index 20b478343..570f130ae 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.7 2010/11/05 01:45:18 dtucker Exp $ */ +/* $Id: platform.c,v 1.8 2010/11/05 01:50:41 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -76,7 +76,8 @@ platform_setusercontext(struct passwd *pw) #endif #if defined(HAVE_LOGIN_CAP) && defined (__bsdi__) - setpgid(0, 0); + if (getuid() == 0 || geteuid() == 0) + setpgid(0, 0); # endif } -- cgit v1.2.3 From 728d8371a1dc1b615284ece94b0085897b4c0b51 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 13:00:05 +1100 Subject: - (dtucker) [platform.c session.c] Move the PAM credential establishment for the LOGIN_CAP case into platform.c. --- ChangeLog | 2 ++ platform.c | 16 +++++++++++++++- session.c | 5 ----- 3 files changed, 17 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3f415d7dc..909b9fc59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,8 @@ - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to retain previous behavior. + - (dtucker) [platform.c session.c] Move the PAM credential establishment for + the LOGIN_CAP case into platform.c. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index 570f130ae..0335eaae6 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.8 2010/11/05 01:50:41 dtucker Exp $ */ +/* $Id: platform.c,v 1.9 2010/11/05 02:00:05 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -21,6 +21,8 @@ #include "openbsd-compat/openbsd-compat.h" +extern int use_privsep; + void platform_pre_listen(void) { @@ -79,6 +81,18 @@ platform_setusercontext(struct passwd *pw) if (getuid() == 0 || geteuid() == 0) setpgid(0, 0); # endif + +#if defined(HAVE_LOGIN_CAP) && defined(USE_PAM) + /* + * If we have both LOGIN_CAP and PAM, we want to establish creds + * before calling setusercontext (in session.c:do_setusercontext). + */ + if (getuid() == 0 || geteuid() == 0) { + if (options.use_pam) { + do_pam_setcred(use_privsep); + } + } +# endif /* USE_PAM */ } /* diff --git a/session.c b/session.c index 0775d78d2..a2d8bec8b 100644 --- a/session.c +++ b/session.c @@ -1476,11 +1476,6 @@ do_setusercontext(struct passwd *pw) #endif /* HAVE_CYGWIN */ { #ifdef HAVE_LOGIN_CAP -# ifdef USE_PAM - if (options.use_pam) { - do_pam_setcred(use_privsep); - } -# endif /* USE_PAM */ if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { perror("unable to set user context"); -- cgit v1.2.3 From 7a8afe3186bd2007da3a2fce4276e5b96ed877f6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 13:07:24 +1100 Subject: - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into platform.c --- ChangeLog | 2 ++ platform.c | 8 +++++++- session.c | 5 ----- 3 files changed, 9 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 909b9fc59..6595f6768 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,8 @@ retain previous behavior. - (dtucker) [platform.c session.c] Move the PAM credential establishment for the LOGIN_CAP case into platform.c. + - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into + platform.c 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index 0335eaae6..910e39713 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.9 2010/11/05 02:00:05 dtucker Exp $ */ +/* $Id: platform.c,v 1.10 2010/11/05 02:07:25 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -102,6 +102,12 @@ platform_setusercontext(struct passwd *pw) void platform_setusercontext_post_groups(struct passwd *pw) { +#if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF) + if (set_id(pw->pw_name) != 0) { + exit(1); + } +# endif /* USE_LIBIAF */ + #ifdef HAVE_SETPCRED /* * If we have a chroot directory, we set all creds except real diff --git a/session.c b/session.c index a2d8bec8b..6ef07c407 100644 --- a/session.c +++ b/session.c @@ -1516,11 +1516,6 @@ do_setusercontext(struct passwd *pw) # ifdef _AIX aix_usrinfo(pw); # endif /* _AIX */ -# ifdef USE_LIBIAF - if (set_id(pw->pw_name) != 0) { - exit(1); - } -# endif /* USE_LIBIAF */ #endif platform_setusercontext_post_groups(pw); -- cgit v1.2.3 From 676b912e780499e9f59e8add7859a014cb2db07d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 13:11:04 +1100 Subject: - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c. --- ChangeLog | 1 + platform.c | 6 +++++- session.c | 3 --- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6595f6768..a6380346b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,7 @@ the LOGIN_CAP case into platform.c. - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into platform.c + - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index 910e39713..97439b574 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.10 2010/11/05 02:07:25 dtucker Exp $ */ +/* $Id: platform.c,v 1.11 2010/11/05 02:11:04 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -102,6 +102,10 @@ platform_setusercontext(struct passwd *pw) void platform_setusercontext_post_groups(struct passwd *pw) { +#ifdef _AIX + aix_usrinfo(pw); +#endif /* _AIX */ + #if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF) if (set_id(pw->pw_name) != 0) { exit(1); diff --git a/session.c b/session.c index 6ef07c407..fc712ad93 100644 --- a/session.c +++ b/session.c @@ -1513,9 +1513,6 @@ do_setusercontext(struct passwd *pw) # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) irix_setusercontext(pw); # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ -# ifdef _AIX - aix_usrinfo(pw); -# endif /* _AIX */ #endif platform_setusercontext_post_groups(pw); -- cgit v1.2.3 From 0b2ee6452c6c6e0c37dc10072ec4cf711e8dde89 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 13:29:25 +1100 Subject: - (dtucker) [platform.c session.c] Move irix setusercontext fragment into platform.c. --- ChangeLog | 4 +++- platform.c | 7 ++++++- session.c | 3 --- 3 files changed, 9 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a6380346b..c82f56b87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,7 +35,9 @@ the LOGIN_CAP case into platform.c. - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into platform.c - - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c. + - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. + - (dtucker) [platform.c session.c] Move irix setusercontext fragment into + platform.c. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index 97439b574..c8163f901 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.11 2010/11/05 02:11:04 dtucker Exp $ */ +/* $Id: platform.c,v 1.12 2010/11/05 02:29:25 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -102,6 +102,11 @@ platform_setusercontext(struct passwd *pw) void platform_setusercontext_post_groups(struct passwd *pw) { +#if !defined(HAVE_LOGIN_CAP) && (defined(WITH_IRIX_PROJECT) || \ + defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)) + irix_setusercontext(pw); +#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ + #ifdef _AIX aix_usrinfo(pw); #endif /* _AIX */ diff --git a/session.c b/session.c index fc712ad93..002cfd844 100644 --- a/session.c +++ b/session.c @@ -1510,9 +1510,6 @@ do_setusercontext(struct passwd *pw) do_pam_setcred(use_privsep); } # endif /* USE_PAM */ -# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) - irix_setusercontext(pw); -# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ #endif platform_setusercontext_post_groups(pw); -- cgit v1.2.3 From cc12418e18242ce1f61d7035da4956274ba13a96 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 13:32:52 +1100 Subject: - (dtucker) [platform.c session.c] Move PAM credential establishment for the non-LOGIN_CAP case into platform.c. --- ChangeLog | 2 ++ platform.c | 13 ++++++++++++- session.c | 10 ---------- 3 files changed, 14 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c82f56b87..cc6e09ad5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,8 @@ - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. - (dtucker) [platform.c session.c] Move irix setusercontext fragment into platform.c. + - (dtucker) [platform.c session.c] Move PAM credential establishment for the + non-LOGIN_CAP case into platform.c. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index c8163f901..b4fb88e5f 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.12 2010/11/05 02:29:25 dtucker Exp $ */ +/* $Id: platform.c,v 1.13 2010/11/05 02:32:53 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -102,6 +102,17 @@ platform_setusercontext(struct passwd *pw) void platform_setusercontext_post_groups(struct passwd *pw) { +#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) + /* + * PAM credentials may take the form of supplementary groups. + * These will have been wiped by the above initgroups() call. + * Reestablish them here. + */ + if (options.use_pam) { + do_pam_setcred(use_privsep); + } +#endif /* USE_PAM */ + #if !defined(HAVE_LOGIN_CAP) && (defined(WITH_IRIX_PROJECT) || \ defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)) irix_setusercontext(pw); diff --git a/session.c b/session.c index 002cfd844..f1f26ef69 100644 --- a/session.c +++ b/session.c @@ -1500,16 +1500,6 @@ do_setusercontext(struct passwd *pw) exit(1); } endgrent(); -# ifdef USE_PAM - /* - * PAM credentials may take the form of supplementary groups. - * These will have been wiped by the above initgroups() call. - * Reestablish them here. - */ - if (options.use_pam) { - do_pam_setcred(use_privsep); - } -# endif /* USE_PAM */ #endif platform_setusercontext_post_groups(pw); -- cgit v1.2.3 From b12fe272a0e850175417aa56e6efef8f08250977 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 14:47:01 +1100 Subject: - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case check into platform.c --- ChangeLog | 2 ++ platform.c | 18 +++++++++++++++++- platform.h | 3 ++- session.c | 5 +---- 4 files changed, 22 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index cc6e09ad5..65e0f9e3e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,8 @@ platform.c. - (dtucker) [platform.c session.c] Move PAM credential establishment for the non-LOGIN_CAP case into platform.c. + - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case + check into platform.c 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index b4fb88e5f..f2cf11f56 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.13 2010/11/05 02:32:53 dtucker Exp $ */ +/* $Id: platform.c,v 1.14 2010/11/05 03:47:01 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -17,6 +17,10 @@ */ #include "config.h" + +#include +#include + #include "platform.h" #include "openbsd-compat/openbsd-compat.h" @@ -59,6 +63,18 @@ platform_post_fork_child(void) #endif } +/* return 1 if we are running with privilege to swap UIDs, 0 otherwise */ +int +platform_privileged_uidswap(void) +{ +#ifdef HAVE_CYGWIN + /* uid 0 is not special on Cygwin so always try */ + return 1; +#else + return (getuid() == 0 || geteuid() == 0); +#endif +} + /* * This gets called before switching UIDs, and is called even when sshd is * not running as root. diff --git a/platform.h b/platform.h index be66d55c6..944d2c340 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.6 2010/11/05 01:36:15 dtucker Exp $ */ +/* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -24,6 +24,7 @@ void platform_pre_listen(void); void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); +int platform_privileged_uidswap(void); void platform_setusercontext(struct passwd *); void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); diff --git a/session.c b/session.c index f1f26ef69..58e681282 100644 --- a/session.c +++ b/session.c @@ -1471,10 +1471,7 @@ do_setusercontext(struct passwd *pw) platform_setusercontext(pw); -#ifndef HAVE_CYGWIN - if (getuid() == 0 || geteuid() == 0) -#endif /* HAVE_CYGWIN */ - { + if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { -- cgit v1.2.3 From b69e033e6704000be33ed6dc47eb9ac28f10b14b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 18:19:15 +1100 Subject: - (dtucker) [regress/keytype.sh] Import new test. --- ChangeLog | 1 + regress/keytype.sh | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 regress/keytype.sh (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 65e0f9e3e..2f309739d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,7 @@ non-LOGIN_CAP case into platform.c. - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case check into platform.c + - (dtucker) [regress/keytype.sh] Import new test. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/regress/keytype.sh b/regress/keytype.sh new file mode 100644 index 000000000..7be3cc0c8 --- /dev/null +++ b/regress/keytype.sh @@ -0,0 +1,48 @@ +# $OpenBSD: keytype.sh,v 1.1 2010/09/02 16:12:55 markus Exp $ +# Placed in the Public Domain. + +tid="login with different key types" + +TIME=/usr/bin/time +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak +cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak + +ktypes="dsa-1024 rsa-2048 ecdsa-256 rsa-3072 ecdsa-384 ecdsa-521" + +for kt in $ktypes; do + rm -f $OBJ/key.$kt + bits=${kt#*-} + type=${kt%-*} + printf "keygen $type, $bits bits:\t" + ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ + fail "ssh-keygen for type $type, $bits bits failed" +done + +tries="1 2 3" +for ut in $ktypes; do + htypes=$ut + #htypes=$ktypes + for ht in $htypes; do + trace "ssh connect, userkey $ut, hostkey $ht" + ( + grep -v HostKey $OBJ/sshd_proxy_bak + echo HostKey $OBJ/key.$ht + ) > $OBJ/sshd_proxy + ( + grep -v IdentityFile $OBJ/ssh_proxy_bak + echo IdentityFile $OBJ/key.$ut + ) > $OBJ/ssh_proxy + ( + echo -n 'localhost-with-alias,127.0.0.1,::1 ' + cat $OBJ/key.$ht.pub + ) > $OBJ/known_hosts + cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER + for i in $tries; do + printf "userkey $ut, hostkey ${ht}:\t" + ${TIME} ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true + if [ $? -ne 0 ]; then + fail "ssh userkey $ut, hostkey $ht failed" + fi + done + done +done -- cgit v1.2.3 From eab5f0df90cad495ee65abdb557538dbfb625d15 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 18:23:38 +1100 Subject: - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] Import recent changes to regress/Makefile, pass a flag to enable ECC tests from configure through to regress/Makefile and use it in the tests. --- ChangeLog | 3 +++ configure.ac | 7 +++++-- regress/Makefile | 27 +++++++++++++++++++++++++++ regress/cert-hostkey.sh | 3 +-- regress/cert-userkey.sh | 3 +-- regress/kextype.sh | 4 +++- regress/keytype.sh | 5 ++++- 7 files changed, 44 insertions(+), 8 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2f309739d..c6dfa2403 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,6 +43,9 @@ - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case check into platform.c - (dtucker) [regress/keytype.sh] Import new test. + - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] + Import recent changes to regress/Makefile, pass a flag to enable ECC tests + from configure through to regress/Makefile and use it in the tests. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/configure.ac b/configure.ac index 39b68c70a..97d4e6bdb 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.456 2010/11/05 01:03:05 dtucker Exp $ +# $Id: configure.ac,v 1.457 2010/11/05 07:23:38 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.456 $) +AC_REVISION($Revision: 1.457 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -2209,11 +2209,14 @@ int main(void) { AC_MSG_RESULT(yes) AC_DEFINE(OPENSSL_HAS_ECC, 1, [libcrypto includes complete ECC support]) + TEST_SSH_ECC=yes ], [ AC_MSG_RESULT(no) + TEST_SSH_ECC=no ] ) +AC_SUBST(TEST_SSH_ECC) saved_LIBS="$LIBS" AC_CHECK_LIB(iaf, ia_openinfo, [ diff --git a/regress/Makefile b/regress/Makefile index f51307f02..d5668f08f 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -53,12 +53,16 @@ LTESTS= connect \ localcommand \ forcecommand \ portnum \ + keytype \ + kextype \ cert-hostkey \ cert-userkey INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp +#LTESTS= cipher-speed + USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ t8.out t8.out.pub t9.out t9.out.pub \ @@ -78,6 +82,10 @@ TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" t1: ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv + tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv + ssh-keygen -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv + awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv + ssh-keygen -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv t2: cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out @@ -110,6 +118,23 @@ t7: $(OBJ)/t7.out ssh-keygen -lf $(OBJ)/t7.out > /dev/null ssh-keygen -Bf $(OBJ)/t7.out > /dev/null +t8.out: + ssh-keygen -q -t dsa -N '' -f $@ + +t8: t8.out + ssh-keygen -lf t8.out > /dev/null + ssh-keygen -Bf t8.out > /dev/null + +t9.out: + test "${TEST_SSH_ECC}" != yes || \ + ssh-keygen -q -t ecdsa -N '' -f + +t9: t9.out + test "${TEST_SSH_ECC}" != yes || \ + ssh-keygen -lf t9.out > /dev/null + test "${TEST_SSH_ECC}" != yes || \ + ssh-keygen -Bf t9.out > /dev/null + t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ @@ -124,3 +149,5 @@ t-exec-interop: ${INTEROP_TESTS:=.sh} (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done +# Not run by default +interop: ${INTEROP_TARGETS} diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 7461beca6..1ae5d0bda 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -5,8 +5,7 @@ tid="certified host keys" # used to disable ECC based tests on platforms without ECC ecdsa="" -if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1 -then +if "$TEST_SSH_ECC" = "yes"; then ecdsa=ecdsa fi diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index a7760a2f6..a42c7f34a 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -5,8 +5,7 @@ tid="certified user keys" # used to disable ECC based tests on platforms without ECC ecdsa="" -if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1 -then +if "$TEST_SSH_ECC" = "yes"; then ecdsa=ecdsa fi diff --git a/regress/kextype.sh b/regress/kextype.sh index ba6fd9509..22ceb40c9 100644 --- a/regress/kextype.sh +++ b/regress/kextype.sh @@ -7,7 +7,9 @@ TIME=/usr/bin/time cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak -kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521" +if "$TEST_SSH_ECC" = "yes"; then + kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521" +fi kextypes="$kextypes diffie-hellman-group-exchange-sha256" kextypes="$kextypes diffie-hellman-group-exchange-sha1" kextypes="$kextypes diffie-hellman-group14-sha1" diff --git a/regress/keytype.sh b/regress/keytype.sh index 7be3cc0c8..cd9024587 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -7,7 +7,10 @@ TIME=/usr/bin/time cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak -ktypes="dsa-1024 rsa-2048 ecdsa-256 rsa-3072 ecdsa-384 ecdsa-521" +ktypes="dsa-1024 rsa-2048 rsa-3072" +if test "$TEST_SSH_ECC" = "yes"; then + ktypes="$ktypes ecdsa-256 ecdsa-384 ecdsa-521" +fi for kt in $ktypes; do rm -f $OBJ/key.$kt -- cgit v1.2.3 From 345178d95103a976044ed44de0ad19cf1075706b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 18:35:52 +1100 Subject: - (dtucker) [regress/kextype.sh] Add missing "test". --- ChangeLog | 1 + regress/kextype.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c6dfa2403..e540a4d18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,7 @@ - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] Import recent changes to regress/Makefile, pass a flag to enable ECC tests from configure through to regress/Makefile and use it in the tests. + - (dtucker) [regress/kextype.sh] Add missing "test". 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/regress/kextype.sh b/regress/kextype.sh index 22ceb40c9..9f8b7bcd0 100644 --- a/regress/kextype.sh +++ b/regress/kextype.sh @@ -7,7 +7,7 @@ TIME=/usr/bin/time cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak -if "$TEST_SSH_ECC" = "yes"; then +if test "$TEST_SSH_ECC" = "yes"; then kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521" fi kextypes="$kextypes diffie-hellman-group-exchange-sha256" -- cgit v1.2.3 From f619d1cad948193e53910ff48bc0b36547fa6d8f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 18:41:50 +1100 Subject: - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not strictly correct since while ECC requires sha256 the reverse is not true however it does prevent spurious test failures. --- ChangeLog | 3 +++ regress/kextype.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e540a4d18..b4211302a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,9 @@ Import recent changes to regress/Makefile, pass a flag to enable ECC tests from configure through to regress/Makefile and use it in the tests. - (dtucker) [regress/kextype.sh] Add missing "test". + - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not + strictly correct since while ECC requires sha256 the reverse is not true + however it does prevent spurious test failures. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/regress/kextype.sh b/regress/kextype.sh index 9f8b7bcd0..71e2ee060 100644 --- a/regress/kextype.sh +++ b/regress/kextype.sh @@ -9,8 +9,8 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak if test "$TEST_SSH_ECC" = "yes"; then kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521" + kextypes="$kextypes diffie-hellman-group-exchange-sha256" fi -kextypes="$kextypes diffie-hellman-group-exchange-sha256" kextypes="$kextypes diffie-hellman-group-exchange-sha1" kextypes="$kextypes diffie-hellman-group14-sha1" kextypes="$kextypes diffie-hellman-group1-sha1" -- cgit v1.2.3 From 9283d8cbc594419712f09258540253b899d2afd9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2010 18:56:08 +1100 Subject: - (dtucker) [platform.c] Need servconf.h and extern options. --- ChangeLog | 1 + platform.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b4211302a..f8e9a9aec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -50,6 +50,7 @@ - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not strictly correct since while ECC requires sha256 the reverse is not true however it does prevent spurious test failures. + - (dtucker) [platform.c] Need servconf.h and extern options. 20101025 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with diff --git a/platform.c b/platform.c index f2cf11f56..0d5b4f1bc 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.14 2010/11/05 03:47:01 dtucker Exp $ */ +/* $Id: platform.c,v 1.15 2010/11/05 07:56:08 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -19,13 +19,19 @@ #include "config.h" #include + +#include #include +#include "log.h" +#include "buffer.h" +#include "servconf.h" #include "platform.h" #include "openbsd-compat/openbsd-compat.h" extern int use_privsep; +extern ServerOptions options; void platform_pre_listen(void) -- cgit v1.2.3 From d1ece6e4a274df0447ad278f729c6f32b8e4a5e5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 7 Nov 2010 18:05:54 +1100 Subject: - (dtucker) [platform.c] includes.h instead of defines.h so that we get the correct typedefs. --- ChangeLog | 4 ++++ platform.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f8e9a9aec..d02a2dabf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101107 + - (dtucker) [platform.c] includes.h instead of defines.h so that we get + the correct typedefs. + 20101105 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of int. Should fix bz#1817 cleanly; ok dtucker@ diff --git a/platform.c b/platform.c index 0d5b4f1bc..f57c2eab3 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.15 2010/11/05 07:56:08 dtucker Exp $ */ +/* $Id: platform.c,v 1.16 2010/11/07 07:05:54 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -16,7 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "config.h" +#include "includes.h" #include -- cgit v1.2.3 From 522262f8b328e6d5951bf2a77f22080bdc123f04 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 7 Nov 2010 13:00:27 -0800 Subject: - (tim) [regress/Makefile] Fixes to allow building/testing outside source tree. --- ChangeLog | 4 ++++ regress/Makefile | 18 +++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d02a2dabf..ca87f0902 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101108 + - (tim) [regress/Makefile] Fixes to allow building/testing outside source + tree. + 20101107 - (dtucker) [platform.c] includes.h instead of defines.h so that we get the correct typedefs. diff --git a/regress/Makefile b/regress/Makefile index d5668f08f..d80b04ea8 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -118,22 +118,22 @@ t7: $(OBJ)/t7.out ssh-keygen -lf $(OBJ)/t7.out > /dev/null ssh-keygen -Bf $(OBJ)/t7.out > /dev/null -t8.out: +$(OBJ)/t8.out: ssh-keygen -q -t dsa -N '' -f $@ -t8: t8.out - ssh-keygen -lf t8.out > /dev/null - ssh-keygen -Bf t8.out > /dev/null +t8: $(OBJ)/t8.out + ssh-keygen -lf $(OBJ)/t8.out > /dev/null + ssh-keygen -Bf $(OBJ)/t8.out > /dev/null -t9.out: +$(OBJ)/t9.out: test "${TEST_SSH_ECC}" != yes || \ - ssh-keygen -q -t ecdsa -N '' -f + ssh-keygen -q -t ecdsa -N '' -f $@ -t9: t9.out +t9: $(OBJ)/t9.out test "${TEST_SSH_ECC}" != yes || \ - ssh-keygen -lf t9.out > /dev/null + ssh-keygen -lf $(OBJ)/t9.out > /dev/null test "${TEST_SSH_ECC}" != yes || \ - ssh-keygen -Bf t9.out > /dev/null + ssh-keygen -Bf $(OBJ)/t9.out > /dev/null t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ -- cgit v1.2.3 From c10aeaa8f2f8614de323c5e6d7268b063a321261 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 7 Nov 2010 13:03:11 -0800 Subject: - (tim) [regress/kextype.sh] Shell portability fix. --- ChangeLog | 1 + regress/keytype.sh | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ca87f0902..0b8d2c7f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20101108 - (tim) [regress/Makefile] Fixes to allow building/testing outside source tree. + - (tim) [regress/kextype.sh] Shell portability fix. 20101107 - (dtucker) [platform.c] includes.h instead of defines.h so that we get diff --git a/regress/keytype.sh b/regress/keytype.sh index cd9024587..73858668e 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -14,8 +14,8 @@ fi for kt in $ktypes; do rm -f $OBJ/key.$kt - bits=${kt#*-} - type=${kt%-*} + bits=`echo ${kt} | awk -F- '{print $2}'` + type=`echo ${kt} | awk -F- '{print $1}'` printf "keygen $type, $bits bits:\t" ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ fail "ssh-keygen for type $type, $bits bits failed" -- cgit v1.2.3 From e426f5e932cedeb6938469ded340f272390f6a07 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 8 Nov 2010 09:15:14 -0800 Subject: - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. Feedback from dtucker@ --- ChangeLog | 4 ++++ regress/keytype.sh | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0b8d2c7f6..13f077228 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101109 + - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. + Feedback from dtucker@ + 20101108 - (tim) [regress/Makefile] Fixes to allow building/testing outside source tree. diff --git a/regress/keytype.sh b/regress/keytype.sh index 73858668e..b3d3a0d57 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -3,7 +3,11 @@ tid="login with different key types" -TIME=/usr/bin/time +TIME=`which time` 2>/dev/null +if test ! -x "$TIME"; then + TIME="" +fi + cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak -- cgit v1.2.3 From c7a8af03a022e8ab52422b6ce26fdbcb729031fd Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 8 Nov 2010 14:26:23 -0800 Subject: - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add support for platforms missing isblank(). ok djm@ --- ChangeLog | 2 ++ configure.ac | 15 +++++++++++++-- openbsd-compat/bsd-misc.c | 7 +++++++ openbsd-compat/bsd-misc.h | 6 +++++- 4 files changed, 27 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 13f077228..21ab0c309 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20101109 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. Feedback from dtucker@ + - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add + support for platforms missing isblank(). ok djm@ 20101108 - (tim) [regress/Makefile] Fixes to allow building/testing outside source diff --git a/configure.ac b/configure.ac index 97d4e6bdb..c3700d8dd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.457 2010/11/05 07:23:38 dtucker Exp $ +# $Id: configure.ac,v 1.458 2010/11/08 22:26:23 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.457 $) +AC_REVISION($Revision: 1.458 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1479,6 +1479,17 @@ AC_CHECK_FUNCS( \ waitpid \ ) +AC_LINK_IFELSE( +[ +#include +int main(void) +{ + return (isblank('a')); +} +], + [AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3C).]) +]) + # PKCS#11 support requires dlopen() and co AC_SEARCH_LIBS(dlopen, dl, AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 55f100ac0..3ef373f56 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -240,3 +240,10 @@ strdup(const char *str) return NULL; } #endif + +#ifndef HAVE_ISBLANK +int isblank(int c) +{ + return (c == ' ' || c == '\t'); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index b61ec4244..e70c3f9e9 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */ +/* $Id: bsd-misc.h,v 1.19 2010/11/08 22:26:23 tim Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -95,4 +95,8 @@ mysig_t mysignal(int sig, mysig_t act); #define signal(a,b) mysignal(a,b) +#ifndef HAVE_ISBLANK +int isblank(int); +#endif + #endif /* _BSD_MISC_H */ -- cgit v1.2.3 From dd190ddfd7a8934808556354eeee6ee690443d3e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 11 Nov 2010 14:17:02 +1100 Subject: - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on platforms that don't support ECC. Fixes some spurious warnings reported by tim@ --- ChangeLog | 5 +++++ servconf.c | 2 ++ ssh-add.c | 2 ++ ssh-keygen.c | 2 ++ 4 files changed, 11 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 21ab0c309..601692cea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20101111 + - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on + platforms that don't support ECC. Fixes some spurious warnings reported + by tim@ + 20101109 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. Feedback from dtucker@ diff --git a/servconf.c b/servconf.c index 41c9c6964..4e5fd2f04 100644 --- a/servconf.c +++ b/servconf.c @@ -155,8 +155,10 @@ fill_default_server_options(ServerOptions *options) _PATH_HOST_RSA_KEY_FILE; options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; +#ifdef OPENSSL_HAS_ECC options->host_key_files[options->num_host_key_files++] = _PATH_HOST_ECDSA_KEY_FILE; +#endif } } /* No certificates by default */ diff --git a/ssh-add.c b/ssh-add.c index 8bf5675fb..125d6645b 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -70,7 +70,9 @@ extern char *__progname; static char *default_files[] = { _PATH_SSH_CLIENT_ID_RSA, _PATH_SSH_CLIENT_ID_DSA, +#ifdef OPENSSL_HAS_ECC _PATH_SSH_CLIENT_ID_ECDSA, +#endif _PATH_SSH_CLIENT_IDENTITY, NULL }; diff --git a/ssh-keygen.c b/ssh-keygen.c index 560c4818a..b9fd10abc 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -177,10 +177,12 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_DSA: name = _PATH_SSH_CLIENT_ID_DSA; break; +#ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: name = _PATH_SSH_CLIENT_ID_ECDSA; break; +#endif case KEY_RSA_CERT: case KEY_RSA_CERT_V00: case KEY_RSA: -- cgit v1.2.3 From 7a221a159188eceeea366d4f58345d2bdccaeb8d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 20 Nov 2010 15:14:29 +1100 Subject: - djm@cvs.openbsd.org 2010/11/05 02:46:47 [packet.c] whitespace KNF --- ChangeLog | 6 ++++++ packet.c | 21 ++++++++++----------- 2 files changed, 16 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 601692cea..64c7d8abd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20101120 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/11/05 02:46:47 + [packet.c] + whitespace KNF + 20101111 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on platforms that don't support ECC. Fixes some spurious warnings reported diff --git a/packet.c b/packet.c index 0018d5839..698920013 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.170 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.171 2010/11/05 02:46:47 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -199,13 +199,13 @@ static struct session_state *active_state, *backup_state; static struct session_state * alloc_session_state(void) { - struct session_state *s = xcalloc(1, sizeof(*s)); + struct session_state *s = xcalloc(1, sizeof(*s)); - s->connection_in = -1; - s->connection_out = -1; - s->max_packet_size = 32768; - s->packet_timeout_ms = -1; - return s; + s->connection_in = -1; + s->connection_out = -1; + s->max_packet_size = 32768; + s->packet_timeout_ms = -1; + return s; } /* @@ -391,8 +391,8 @@ packet_get_ssh1_cipher(void) } void -packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets, - u_int64_t *bytes) +packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, + u_int32_t *packets, u_int64_t *bytes) { struct packet_state *state; @@ -547,8 +547,7 @@ packet_start_compression(int level) */ void -packet_set_encryption_key(const u_char *key, u_int keylen, - int number) +packet_set_encryption_key(const u_char *key, u_int keylen, int number) { Cipher *cipher = cipher_by_number(number); -- cgit v1.2.3 From 4499f4cc20eee7e0f67b35f5a5c6078bf07dcbc0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 20 Nov 2010 15:15:49 +1100 Subject: - djm@cvs.openbsd.org 2010/11/10 01:33:07 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. these have been around for years by this time. ok markus --- ChangeLog | 4 ++++ kexdhc.c | 4 +++- kexdhs.c | 4 +++- kexgexc.c | 4 +++- kexgexs.c | 4 +++- key.c | 26 +++++++++++++++++--------- moduli.c | 8 ++++---- 7 files changed, 37 insertions(+), 17 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 64c7d8abd..0f9ed8524 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - djm@cvs.openbsd.org 2010/11/05 02:46:47 [packet.c] whitespace KNF + - djm@cvs.openbsd.org 2010/11/10 01:33:07 + [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] + use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. + these have been around for years by this time. ok markus 20101111 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on diff --git a/kexdhc.c b/kexdhc.c index d384c8052..76ceb5dd8 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -27,6 +27,8 @@ #include +#include + #include #include #include diff --git a/kexdhs.c b/kexdhs.c index e722877d5..f56e88764 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.11 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -31,6 +31,8 @@ #include #include +#include + #include "xmalloc.h" #include "buffer.h" #include "key.h" diff --git a/kexgexc.c b/kexgexc.c index adb973d5b..79552d709 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -28,6 +28,8 @@ #include +#include + #include #include #include diff --git a/kexgexs.c b/kexgexs.c index f4156af96..a5e3df7bc 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.13 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -33,6 +33,8 @@ #include #include +#include + #include "xmalloc.h" #include "buffer.h" #include "key.h" diff --git a/key.c b/key.c index c71bf5b0a..1defb1132 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.94 2010/10/28 11:22:09 djm Exp $ */ +/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1013,25 +1013,33 @@ key_size(const Key *k) static RSA * rsa_generate_private_key(u_int bits) { - RSA *private; + RSA *private = RSA_new(); + BIGNUM *f4 = BN_new(); - private = RSA_generate_key(bits, RSA_F4, NULL, NULL); if (private == NULL) - fatal("rsa_generate_private_key: key generation failed."); + fatal("%s: RSA_new failed", __func__); + if (f4 == NULL) + fatal("%s: BN_new failed", __func__); + if (!BN_set_word(f4, RSA_F4)) + fatal("%s: BN_new failed", __func__); + if (!RSA_generate_key_ex(private, bits, f4, NULL)) + fatal("%s: key generation failed.", __func__); + BN_free(f4); return private; } static DSA* dsa_generate_private_key(u_int bits) { - DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); + DSA *private = DSA_new(); if (private == NULL) - fatal("dsa_generate_private_key: DSA_generate_parameters failed"); + fatal("%s: DSA_new failed", __func__); + if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, + NULL, NULL)) + fatal("%s: DSA_generate_parameters failed", __func__); if (!DSA_generate_key(private)) - fatal("dsa_generate_private_key: DSA_generate_key failed."); - if (private == NULL) - fatal("dsa_generate_private_key: NULL."); + fatal("%s: DSA_generate_key failed.", __func__); return private; } diff --git a/moduli.c b/moduli.c index f737cb3f5..2c2b388c7 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.22 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -600,7 +600,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) * that p is also prime. A single pass will weed out the * vast majority of composite q's. */ - if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) { + if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) { debug("%10u: q failed first possible prime test", count_in); continue; @@ -613,14 +613,14 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) * will show up on the first Rabin-Miller iteration so it * doesn't hurt to specify a high iteration count. */ - if (!BN_is_prime(p, trials, NULL, ctx, NULL)) { + if (!BN_is_prime_ex(p, trials, ctx, NULL)) { debug("%10u: p is not prime", count_in); continue; } debug("%10u: p is almost certainly prime", count_in); /* recheck q more rigorously */ - if (!BN_is_prime(q, trials - 1, NULL, ctx, NULL)) { + if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) { debug("%10u: q is not prime", count_in); continue; } -- cgit v1.2.3 From 0dac6fb6b228a96f4ab3717e3d73871595a291a8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 20 Nov 2010 15:19:38 +1100 Subject: - djm@cvs.openbsd.org 2010/11/13 23:27:51 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ --- ChangeLog | 7 +++++++ clientloop.c | 5 ++++- misc.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- misc.h | 3 ++- packet.c | 9 +++++---- packet.h | 4 ++-- readconf.c | 30 ++++++++++++++++++++++++++++-- readconf.h | 4 +++- servconf.c | 38 +++++++++++++++++++++++++++++++++++--- servconf.h | 4 +++- session.c | 8 +++++--- ssh.c | 7 +++---- ssh_config.5 | 41 +++++++++++++++++++++++++++++++++++++++-- sshd_config.5 | 41 +++++++++++++++++++++++++++++++++++++++-- 14 files changed, 230 insertions(+), 27 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0f9ed8524..1ddba8a9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,13 @@ [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. these have been around for years by this time. ok markus + - djm@cvs.openbsd.org 2010/11/13 23:27:51 + [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] + [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] + allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of + hardcoding lowdelay/throughput. + + bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ 20101111 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on diff --git a/clientloop.c b/clientloop.c index 848aacd4a..52dcb4c04 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.223 2010/10/06 06:39:28 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.224 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1973,6 +1973,9 @@ client_session2_setup(int id, int want_tty, int want_subsystem, if ((c = channel_lookup(id)) == NULL) fatal("client_session2_setup: channel %d: unknown channel", id); + packet_set_interactive(want_tty, + options.ip_qos_interactive, options.ip_qos_bulk); + if (want_tty) { struct winsize ws; diff --git a/misc.c b/misc.c index ff09becf9..b88f5aaa8 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.82 2010/09/24 13:33:00 matthew Exp $ */ +/* $OpenBSD: misc.c,v 1.83 2010/11/13 23:27:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -38,6 +38,8 @@ #include #include +#include +#include #include #include @@ -913,6 +915,58 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) bw->lamt = 0; gettimeofday(&bw->bwstart, NULL); } + +static const struct { + const char *name; + int value; +} ipqos[] = { + { "af11", IPTOS_DSCP_AF11 }, + { "af12", IPTOS_DSCP_AF12 }, + { "af13", IPTOS_DSCP_AF13 }, + { "af14", IPTOS_DSCP_AF21 }, + { "af22", IPTOS_DSCP_AF22 }, + { "af23", IPTOS_DSCP_AF23 }, + { "af31", IPTOS_DSCP_AF31 }, + { "af32", IPTOS_DSCP_AF32 }, + { "af33", IPTOS_DSCP_AF33 }, + { "af41", IPTOS_DSCP_AF41 }, + { "af42", IPTOS_DSCP_AF42 }, + { "af43", IPTOS_DSCP_AF43 }, + { "cs0", IPTOS_DSCP_CS0 }, + { "cs1", IPTOS_DSCP_CS1 }, + { "cs2", IPTOS_DSCP_CS2 }, + { "cs3", IPTOS_DSCP_CS3 }, + { "cs4", IPTOS_DSCP_CS4 }, + { "cs5", IPTOS_DSCP_CS5 }, + { "cs6", IPTOS_DSCP_CS6 }, + { "cs7", IPTOS_DSCP_CS7 }, + { "ef", IPTOS_DSCP_EF }, + { "lowdelay", IPTOS_LOWDELAY }, + { "throughput", IPTOS_THROUGHPUT }, + { "reliability", IPTOS_RELIABILITY }, + { NULL, -1 } +}; + +int +parse_ipqos(const char *cp) +{ + u_int i; + char *ep; + long val; + + if (cp == NULL) + return -1; + for (i = 0; ipqos[i].name != NULL; i++) { + if (strcasecmp(cp, ipqos[i].name) == 0) + return ipqos[i].value; + } + /* Try parsing as an integer */ + val = strtol(cp, &ep, 0); + if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) + return -1; + return val; +} + void sock_set_v6only(int s) { diff --git a/misc.h b/misc.h index 1368931a0..a81ace309 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.45 2010/09/24 13:33:00 matthew Exp $ */ +/* $OpenBSD: misc.h,v 1.46 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen @@ -88,6 +88,7 @@ struct bwlimit { void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); void bandwidth_limit(struct bwlimit *, size_t); +int parse_ipqos(const char *); /* readpass.c */ diff --git a/packet.c b/packet.c index 698920013..012c39a3c 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.171 2010/11/05 02:46:47 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.172 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1750,7 +1750,7 @@ packet_not_very_much_data_to_write(void) } static void -packet_set_tos(int interactive) +packet_set_tos(int tos) { #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; @@ -1758,6 +1758,7 @@ packet_set_tos(int interactive) if (!packet_connection_is_on_socket() || !packet_connection_is_ipv4()) return; + debug3("%s: set IP_TOS 0x%02x", __func__, tos); if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) error("setsockopt IP_TOS %d: %.100s:", @@ -1768,7 +1769,7 @@ packet_set_tos(int interactive) /* Informs that the current session is interactive. Sets IP flags for that. */ void -packet_set_interactive(int interactive) +packet_set_interactive(int interactive, int qos_interactive, int qos_bulk) { if (active_state->set_interactive_called) return; @@ -1781,7 +1782,7 @@ packet_set_interactive(int interactive) if (!packet_connection_is_on_socket()) return; set_nodelay(active_state->connection_in); - packet_set_tos(interactive); + packet_set_tos(interactive ? qos_interactive : qos_bulk); } /* Returns true if the current connection is interactive. */ diff --git a/packet.h b/packet.h index 864b82855..d516aae8d 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.54 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.55 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen @@ -34,7 +34,7 @@ u_int packet_get_encryption_key(u_char *); void packet_set_protocol_flags(u_int); u_int packet_get_protocol_flags(void); void packet_start_compression(int); -void packet_set_interactive(int); +void packet_set_interactive(int, int, int); int packet_is_interactive(void); void packet_set_server(void); void packet_set_authenticated(void); diff --git a/readconf.c b/readconf.c index da7efd193..eb4a8b9ee 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.189 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -19,6 +19,8 @@ #include #include +#include +#include #include #include @@ -132,7 +134,7 @@ typedef enum { oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, - oKexAlgorithms, + oKexAlgorithms, oIPQoS, oDeprecated, oUnsupported } OpCodes; @@ -242,6 +244,7 @@ static struct { { "zeroknowledgepasswordauthentication", oUnsupported }, #endif { "kexalgorithms", oKexAlgorithms }, + { "ipqos", oIPQoS }, { NULL, oBadOption } }; @@ -973,6 +976,23 @@ parse_int: intptr = &options->visual_host_key; goto parse_flag; + case oIPQoS: + arg = strdelim(&s); + if ((value = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + arg = strdelim(&s); + if (arg == NULL) + value2 = value; + else if ((value2 = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + if (*activep) { + options->ip_qos_interactive = value; + options->ip_qos_bulk = value2; + } + break; + case oUseRoaming: intptr = &options->use_roaming; goto parse_flag; @@ -1135,6 +1155,8 @@ initialize_options(Options * options) options->use_roaming = -1; options->visual_host_key = -1; options->zero_knowledge_password_authentication = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; } /* @@ -1289,6 +1311,10 @@ fill_default_options(Options * options) options->visual_host_key = 0; if (options->zero_knowledge_password_authentication == -1) options->zero_knowledge_password_authentication = 0; + if (options->ip_qos_interactive == -1) + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) + options->ip_qos_bulk = IPTOS_THROUGHPUT; /* options->local_command should not be set by default */ /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ diff --git a/readconf.h b/readconf.h index ae61466df..ee160dfe7 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.87 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.88 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen @@ -59,6 +59,8 @@ typedef struct { int compression_level; /* Compression level 1 (fast) to 9 * (best). */ int tcp_keep_alive; /* Set SO_KEEPALIVE. */ + int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ diff --git a/servconf.c b/servconf.c index 4e5fd2f04..e2f20a3d1 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.212 2010/09/30 11:04:51 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -15,6 +15,10 @@ #include #include +#include +#include +#include + #include #include #include @@ -133,6 +137,8 @@ initialize_server_options(ServerOptions *options) options->revoked_keys_file = NULL; options->trusted_user_ca_keys = NULL; options->authorized_principals_file = NULL; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; } void @@ -271,6 +277,10 @@ fill_default_server_options(ServerOptions *options) options->permit_tun = SSH_TUNMODE_NO; if (options->zero_knowledge_password_authentication == -1) options->zero_knowledge_password_authentication = 0; + if (options->ip_qos_interactive == -1) + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) + options->ip_qos_bulk = IPTOS_THROUGHPUT; /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -317,7 +327,7 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, + sKexAlgorithms, sIPQoS, sDeprecated, sUnsupported } ServerOpCodes; @@ -441,6 +451,7 @@ static struct { { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, + { "ipqos", sIPQoS, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -670,7 +681,7 @@ process_server_config_line(ServerOptions *options, char *line, const char *host, const char *address) { char *cp, **charptr, *arg, *p; - int cmdline = 0, *intptr, value, n; + int cmdline = 0, *intptr, value, value2, n; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; @@ -1370,6 +1381,23 @@ process_server_config_line(ServerOptions *options, char *line, charptr = &options->revoked_keys_file; goto parse_filename; + case sIPQoS: + arg = strdelim(&cp); + if ((value = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + arg = strdelim(&cp); + if (arg == NULL) + value2 = value; + else if ((value2 = parse_ipqos(arg)) == -1) + fatal("%s line %d: Bad IPQoS value: %s", + filename, linenum, arg); + if (*activep) { + options->ip_qos_interactive = value; + options->ip_qos_bulk = value2; + } + break; + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -1480,6 +1508,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(x11_use_localhost); M_CP_INTOPT(max_sessions); M_CP_INTOPT(max_authtries); + M_CP_INTOPT(ip_qos_interactive); + M_CP_INTOPT(ip_qos_bulk); M_CP_STROPT(banner); if (preauth) @@ -1745,5 +1775,7 @@ dump_config(ServerOptions *o) } dump_cfg_string(sPermitTunnel, s); + printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); + channel_print_adm_permitted_opens(); } diff --git a/servconf.h b/servconf.h index ad13f2edd..5a058a416 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.94 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen @@ -70,6 +70,8 @@ typedef struct { char *xauth_location; /* Location of xauth program */ int strict_modes; /* If true, require string home dir modes. */ int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ + int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ diff --git a/session.c b/session.c index 58e681282..8c6022bf6 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ +/* $OpenBSD: session.c,v 1.257 2010/11/13 23:27:50 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -585,7 +585,8 @@ do_exec_no_pty(Session *s, const char *command) s->pid = pid; /* Set interactive/non-interactive mode. */ - packet_set_interactive(s->display != NULL); + packet_set_interactive(s->display != NULL, + options.ip_qos_interactive, options.ip_qos_bulk); /* * Clear loginmsg, since it's the child's responsibility to display @@ -739,7 +740,8 @@ do_exec_pty(Session *s, const char *command) /* Enter interactive session. */ s->ptymaster = ptymaster; - packet_set_interactive(1); + packet_set_interactive(1, + options.ip_qos_interactive, options.ip_qos_bulk); if (compat20) { session_set_fds(s, ptyfd, fdout, -1, 1, 1); } else { diff --git a/ssh.c b/ssh.c index 7632cf51e..f413f8a5c 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.353 2010/10/06 06:39:28 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.354 2010/11/13 23:27:50 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1224,7 +1224,8 @@ ssh_session(void) } } /* Tell the packet module whether this is an interactive session. */ - packet_set_interactive(interactive); + packet_set_interactive(interactive, + options.ip_qos_interactive, options.ip_qos_bulk); /* Request authentication agent forwarding if appropriate. */ check_agent_present(); @@ -1322,8 +1323,6 @@ ssh_session2_setup(int id, int success, void *arg) client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), NULL, fileno(stdin), &command, environ); - - packet_set_interactive(interactive); } /* open new channel for a session */ diff --git a/ssh_config.5 b/ssh_config.5 index dd39bfafb..9e82fa864 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.142 2010/10/28 18:33:28 jmc Exp $ -.Dd $Mdocdate: October 28 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.143 2010/11/13 23:27:50 djm Exp $ +.Dd $Mdocdate: November 13 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -626,6 +626,43 @@ escape characters: It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. +.It Cm IPQoS +Specifies the IPv4 type-of-service or DSCP class for connections. +Accepted values are +.Dq af11 , +.Dq af12 , +.Dq af13 , +.Dq af14 , +.Dq af22 , +.Dq af23 , +.Dq af31 , +.Dq af32 , +.Dq af33 , +.Dq af41 , +.Dq af42 , +.Dq af43 , +.Dq cs0 , +.Dq cs1 , +.Dq cs2 , +.Dq cs3 , +.Dq cs4 , +.Dq cs5 , +.Dq cs6 , +.Dq cs7 , +.Dq ef , +.Dq lowdelay , +.Dq throughput , +.Dq reliability , +or a numeric value. +This option may take one or two arguments. +If one argument is specified, it is used as the packet class unconditionally. +If two values are specified, the first is automatically selected for +interactive sessions and the second for non-interactive sessions. +The default is +.Dq lowdelay +for interactive sessions and +.Dq throughput +for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. The argument to this keyword must be diff --git a/sshd_config.5 b/sshd_config.5 index d0c02ca7c..60808d233 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.128 2010/10/28 18:33:28 jmc Exp $ -.Dd $Mdocdate: October 28 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.129 2010/11/13 23:27:51 djm Exp $ +.Dd $Mdocdate: November 13 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -512,6 +512,43 @@ or .Cm HostbasedAuthentication . The default is .Dq no . +.It Cm IPQoS +Specifies the IPv4 type-of-service or DSCP class for the connection. +Accepted values are +.Dq af11 , +.Dq af12 , +.Dq af13 , +.Dq af14 , +.Dq af22 , +.Dq af23 , +.Dq af31 , +.Dq af32 , +.Dq af33 , +.Dq af41 , +.Dq af42 , +.Dq af43 , +.Dq cs0 , +.Dq cs1 , +.Dq cs2 , +.Dq cs3 , +.Dq cs4 , +.Dq cs5 , +.Dq cs6 , +.Dq cs7 , +.Dq ef , +.Dq lowdelay , +.Dq throughput , +.Dq reliability , +or a numeric value. +This option may take one or two arguments. +If one argument is specified, it is used as the packet class unconditionally. +If two values are specified, the first is automatically selected for +interactive sessions and the second for non-interactive sessions. +The default is +.Dq lowdelay +for interactive sessions and +.Dq throughput +for non-interactive sessions. .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication -- cgit v1.2.3 From 8e1ea4e5a34185a445feba86c16231ef554bdb5e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 20 Nov 2010 15:20:10 +1100 Subject: - jmc@cvs.openbsd.org 2010/11/15 07:40:14 [ssh_config.5] libary -> library; --- ChangeLog | 3 +++ ssh_config.5 | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1ddba8a9c..338750207 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ + - jmc@cvs.openbsd.org 2010/11/15 07:40:14 + [ssh_config.5] + libary -> library; 20101111 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on diff --git a/ssh_config.5 b/ssh_config.5 index 9e82fa864..a51a37dde 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.143 2010/11/13 23:27:50 djm Exp $ -.Dd $Mdocdate: November 13 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.144 2010/11/15 07:40:14 jmc Exp $ +.Dd $Mdocdate: November 15 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -806,7 +806,7 @@ The default is .Dq no . .It Cm PKCS11Provider Specifies which PKCS#11 provider to use. -The argument to this keyword is the PKCS#11 shared libary +The argument to this keyword is the PKCS#11 shared library .Xr ssh 1 should use to communicate with a PKCS#11 token providing the user's private RSA key. -- cgit v1.2.3 From 0a1847347dc789e88143a7ec8fe899c63f1bbde3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 20 Nov 2010 15:21:03 +1100 Subject: - jmc@cvs.openbsd.org 2010/11/18 15:01:00 [scp.1 sftp.1 ssh.1 sshd_config.5] add IPQoS to the various -o lists, and zap some trailing whitespace; --- ChangeLog | 3 +++ scp.1 | 5 +++-- sftp.1 | 5 +++-- ssh.1 | 5 +++-- sshd_config.5 | 6 +++--- 5 files changed, 15 insertions(+), 9 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 338750207..9d1132fe9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,9 @@ - jmc@cvs.openbsd.org 2010/11/15 07:40:14 [ssh_config.5] libary -> library; + - jmc@cvs.openbsd.org 2010/11/18 15:01:00 + [scp.1 sftp.1 ssh.1 sshd_config.5] + add IPQoS to the various -o lists, and zap some trailing whitespace; 20101111 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on diff --git a/scp.1 b/scp.1 index 24b88b565..346e5e311 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.53 2010/10/28 18:33:28 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.54 2010/11/18 15:01:00 jmc Exp $ .\" -.Dd $Mdocdate: October 28 2010 $ +.Dd $Mdocdate: November 18 2010 $ .Dt SCP 1 .Os .Sh NAME @@ -146,6 +146,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It IPQoS .It KbdInteractiveDevices .It KexAlgorithms .It LogLevel diff --git a/sftp.1 b/sftp.1 index 0d253cc8f..3bb0c0646 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.86 2010/09/23 13:36:46 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.87 2010/11/18 15:01:00 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 23 2010 $ +.Dd $Mdocdate: November 18 2010 $ .Dt SFTP 1 .Os .Sh NAME @@ -201,6 +201,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It IPQoS .It KbdInteractiveDevices .It KexAlgorithms .It LogLevel diff --git a/ssh.1 b/ssh.1 index 225649180..e3a42b5ad 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.315 2010/10/28 18:33:28 jmc Exp $ -.Dd $Mdocdate: October 28 2010 $ +.\" $OpenBSD: ssh.1,v 1.316 2010/11/18 15:01:00 jmc Exp $ +.Dd $Mdocdate: November 18 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -435,6 +435,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It IPQoS .It KbdInteractiveDevices .It KexAlgorithms .It LocalCommand diff --git a/sshd_config.5 b/sshd_config.5 index 60808d233..d070a6de0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.129 2010/11/13 23:27:51 djm Exp $ -.Dd $Mdocdate: November 13 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.130 2010/11/18 15:01:00 jmc Exp $ +.Dd $Mdocdate: November 18 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -581,7 +581,7 @@ The default is .Dq ecdh-sha2-nistp256 , .Dq ecdh-sha2-nistp384 , .Dq ecdh-sha2-nistp521 , -.Dq diffie-hellman-group-exchange-sha256 , +.Dq diffie-hellman-group-exchange-sha256 , .Dq diffie-hellman-group-exchange-sha1 , .Dq diffie-hellman-group14-sha1 , .Dq diffie-hellman-group1-sha1 . -- cgit v1.2.3 From 9e0ff7afc894da2b5a9e5bfd334cf4a821acf0ae Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 22 Nov 2010 17:59:00 +1100 Subject: - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch from vapier at gentoo org. --- ChangeLog | 4 ++++ openbsd-compat/openssl-compat.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9d1132fe9..bb8332f43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101122 + - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch + from vapier at gentoo org. + 20101120 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/11/05 02:46:47 diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 420496caa..c9bb7cb50 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.9 2010/01/28 23:54:11 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.10 2010/11/22 06:59:00 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -20,6 +20,7 @@ #ifdef USE_OPENSSL_ENGINE # include +# include #endif #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS -- cgit v1.2.3 From d995712383c043c4f9d8ca52363e6e1df128dc72 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 24 Nov 2010 10:09:13 +1100 Subject: - (dtucker) [platform.c session.c] Move the getluid call out of session.c and into the platform-specific code Only affects SCO, tested by and ok tim@. --- ChangeLog | 4 ++++ platform.c | 10 +++++++++- session.c | 6 ------ 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index bb8332f43..62c9c6666 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101124 + - (dtucker) [platform.c session.c] Move the getluid call out of session.c and + into the platform-specific code Only affects SCO, tested by and ok tim@. + 20101122 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch from vapier at gentoo org. diff --git a/platform.c b/platform.c index f57c2eab3..60b87a6ae 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.16 2010/11/07 07:05:54 dtucker Exp $ */ +/* $Id: platform.c,v 1.17 2010/11/23 23:09:13 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -115,6 +115,14 @@ platform_setusercontext(struct passwd *pw) } } # endif /* USE_PAM */ + +#if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID) + if (getuid() == 0 || geteuid() == 0) { + /* Sets login uid for accounting */ + if (getluid() == -1 && setluid(pw->pw_uid) == -1) + error("setluid: %s", strerror(errno)); + } +#endif } /* diff --git a/session.c b/session.c index 8c6022bf6..3758f0fd1 100644 --- a/session.c +++ b/session.c @@ -1481,12 +1481,6 @@ do_setusercontext(struct passwd *pw) exit(1); } #else -# if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) - /* Sets login uid for accounting */ - if (getluid() == -1 && setluid(pw->pw_uid) == -1) - error("setluid: %s", strerror(errno)); -# endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ - if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); if (setgid(pw->pw_gid) < 0) { -- cgit v1.2.3 From 88e341e1ca9502403242a275941b11e509f669fb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 24 Nov 2010 10:36:15 +1100 Subject: - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow group read/write. ok dtucker@ --- ChangeLog | 2 ++ loginrec.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 62c9c6666..91e2c892a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and into the platform-specific code Only affects SCO, tested by and ok tim@. + - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow + group read/write. ok dtucker@ 20101122 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch diff --git a/loginrec.c b/loginrec.c index 95f14c46f..cccaa47ae 100644 --- a/loginrec.c +++ b/loginrec.c @@ -1673,7 +1673,7 @@ record_failed_login(const char *username, const char *hostname, strerror(errno)); goto out; } - if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){ + if((fst.st_mode & (S_IXGRP | S_IRWXO)) || (fst.st_uid != 0)){ logit("Excess permission or bad ownership on file %s", _PATH_BTMP); goto out; -- cgit v1.2.3 From 4b6cbf7aabbcbe170a69e9780e7c4ec06a3224e0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 24 Nov 2010 10:46:37 +1100 Subject: - (dtucker) [packet.c] Remove redundant local declaration of "int tos". --- ChangeLog | 1 + packet.c | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 91e2c892a..2e8fd43d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ into the platform-specific code Only affects SCO, tested by and ok tim@. - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow group read/write. ok dtucker@ + - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 20101122 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch diff --git a/packet.c b/packet.c index 012c39a3c..b4e01f716 100644 --- a/packet.c +++ b/packet.c @@ -1753,8 +1753,6 @@ static void packet_set_tos(int tos) { #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; - if (!packet_connection_is_on_socket() || !packet_connection_is_ipv4()) return; -- cgit v1.2.3 From 73de86ac5a1f8a82439dca4988288182ffd11489 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 24 Nov 2010 10:50:04 +1100 Subject: - (djm) [defines.h] Add IP DSCP defines --- ChangeLog | 1 + defines.h | 39 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2e8fd43d6..905cb1159 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow group read/write. ok dtucker@ - (dtucker) [packet.c] Remove redundant local declaration of "int tos". + - (djm) [defines.h] Add IP DSCP defines 20101122 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch diff --git a/defines.h b/defines.h index 61203c3fe..ed438bd88 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.162 2010/10/25 05:54:28 dtucker Exp $ */ +/* $Id: defines.h,v 1.163 2010/11/23 23:50:05 djm Exp $ */ /* Constants */ @@ -42,6 +42,9 @@ enum # define SHUT_RDWR SHUT_RDWR #endif +/* + * Definitions for IP type of service (ip_tos) + */ #ifndef IPTOS_LOWDELAY # define IPTOS_LOWDELAY 0x10 # define IPTOS_THROUGHPUT 0x08 @@ -50,6 +53,40 @@ enum # define IPTOS_MINCOST IPTOS_LOWCOST #endif /* IPTOS_LOWDELAY */ +/* + * Definitions for DiffServ Codepoints as per RFC2474 + */ +#include +#include +#ifndef IPTOS_DSCP_AF11 +# define IPTOS_DSCP_AF11 0x28 +# define IPTOS_DSCP_AF12 0x30 +# define IPTOS_DSCP_AF13 0x38 +# define IPTOS_DSCP_AF21 0x48 +# define IPTOS_DSCP_AF22 0x50 +# define IPTOS_DSCP_AF23 0x58 +# define IPTOS_DSCP_AF31 0x68 +# define IPTOS_DSCP_AF32 0x70 +# define IPTOS_DSCP_AF33 0x78 +# define IPTOS_DSCP_AF41 0x88 +# define IPTOS_DSCP_AF42 0x90 +# define IPTOS_DSCP_AF43 0x98 +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_AF11 */ +#ifndef IPTOS_DSCP_CS0 +# define IPTOS_DSCP_CS0 0x00 +# define IPTOS_DSCP_CS1 0x20 +# define IPTOS_DSCP_CS2 0x40 +# define IPTOS_DSCP_CS3 0x60 +# define IPTOS_DSCP_CS4 0x80 +# define IPTOS_DSCP_CS5 0xa0 +# define IPTOS_DSCP_CS6 0xc0 +# define IPTOS_DSCP_CS7 0xe0 +#endif /* IPTOS_DSCP_CS0 */ +#ifndef IPTOS_DSCP_EF +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_EF */ + #ifndef MAXPATHLEN # ifdef PATH_MAX # define MAXPATHLEN PATH_MAX -- cgit v1.2.3 From 188ea814b10e39a399178af1fb18a79ea406f9bb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 11:50:14 +1100 Subject: - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 [auth2-pubkey.c] clean up cases of ;; --- ChangeLog | 6 ++++++ auth2-pubkey.c | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 905cb1159..05d9962ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20101201 + - OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 + [auth2-pubkey.c] + clean up cases of ;; + 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and into the platform-specific code Only affects SCO, tested by and ok tim@. diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 35cf79c9f..7d2141355 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.26 2010/06/29 23:16:46 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -232,7 +232,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) if ((ep = strrchr(cp, ' ')) != NULL || (ep = strrchr(cp, '\t')) != NULL) { for (; *ep == ' ' || *ep == '\t'; ep++) - ;; + ; line_opts = cp; cp = ep; } -- cgit v1.2.3 From 2cd629349d9fc4067985fec04b23bfb5ff7aa8d8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 11:50:35 +1100 Subject: - djm@cvs.openbsd.org 2010/11/21 01:01:13 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@ --- ChangeLog | 4 ++++ clientloop.c | 4 ++-- misc.c | 19 ++++++++++++++++++- misc.h | 3 ++- ssh-agent.1 | 8 ++++---- ssh-agent.c | 4 ++-- 6 files changed, 32 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 05d9962ff..09e5ee805 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 [auth2-pubkey.c] clean up cases of ;; + - djm@cvs.openbsd.org 2010/11/21 01:01:13 + [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] + honour $TMPDIR for client xauth and ssh-agent temporary directories; + feedback and ok markus@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/clientloop.c b/clientloop.c index 52dcb4c04..076386cc2 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.224 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.225 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -325,7 +325,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, if (trusted == 0) { xauthdir = xmalloc(MAXPATHLEN); xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); + mktemp_proto(xauthdir, MAXPATHLEN); if (mkdtemp(xauthdir) != NULL) { do_unlink = 1; snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", diff --git a/misc.c b/misc.c index b88f5aaa8..1c57ce0ac 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.83 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.84 2010/11/21 01:01:13 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -916,6 +916,23 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) gettimeofday(&bw->bwstart, NULL); } +/* Make a template filename for mk[sd]temp() */ +void +mktemp_proto(char *s, size_t len) +{ + const char *tmpdir; + int r; + + if ((tmpdir = getenv("TMPDIR")) != NULL) { + r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); + if (r > 0 && (size_t)r < len) + return; + } + r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); + if (r < 0 || (size_t)r >= len) + fatal("%s: template string too short", __func__); +} + static const struct { const char *name; int value; diff --git a/misc.h b/misc.h index a81ace309..65cf4a616 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.46 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.47 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen @@ -89,6 +89,7 @@ void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); void bandwidth_limit(struct bwlimit *, size_t); int parse_ipqos(const char *); +void mktemp_proto(char *, size_t); /* readpass.c */ diff --git a/ssh-agent.1 b/ssh-agent.1 index 134b93ae9..bb801c902 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.52 2010/08/31 17:40:54 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.53 2010/11/21 01:01:13 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2010 $ +.Dd $Mdocdate: November 21 2010 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -72,7 +72,7 @@ Bind the agent to the socket .Ar bind_address . The default is -.Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . +.Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . .It Fl c Generate C-shell commands on .Dv stdout . @@ -192,7 +192,7 @@ Contains the protocol version 2 DSA authentication identity of the user. Contains the protocol version 2 ECDSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt +.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .Ux Ns -domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. diff --git a/ssh-agent.c b/ssh-agent.c index a978d293b..afba413d7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.170 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1232,7 +1232,7 @@ main(int ac, char **av) if (agentsocket == NULL) { /* Create private directory for agent socket */ - strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir); + mktemp_proto(socket_dir, sizeof(socket_dir)); if (mkdtemp(socket_dir) == NULL) { perror("mkdtemp: private socket dir"); exit(1); -- cgit v1.2.3 From a232792783655659395f445c0f265d4f9444bb7c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:01:21 +1100 Subject: - djm@cvs.openbsd.org 2010/11/21 10:57:07 [authfile.c] Refactor internals of private key loading and saving to work on memory buffers rather than directly on files. This will make a few things easier to do in the future; ok markus@ --- ChangeLog | 5 + authfile.c | 447 +++++++++++++++++++++++++++++++++++-------------------------- 2 files changed, 259 insertions(+), 193 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 09e5ee805..1b1cd5242 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,11 @@ [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@ + - djm@cvs.openbsd.org 2010/11/21 10:57:07 + [authfile.c] + Refactor internals of private key loading and saving to work on memory + buffers rather than directly on files. This will make a few things + easier to do in the future; ok markus@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/authfile.c b/authfile.c index 7f98ab547..f75c273fc 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.85 2010/10/28 11:22:09 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.86 2010/11/21 10:57:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -74,19 +74,18 @@ static const char authfile_id_string[] = "SSH PRIVATE KEY FILE FORMAT 1.1\n"; /* - * Saves the authentication (private) key in a file, encrypting it with - * passphrase. The identification of the file (lowest 64 bits of n) will + * Serialises the authentication (private) key to a blob, encrypting it with + * passphrase. The identification of the blob (lowest 64 bits of n) will * precede the key to provide identification of the key without needing a * passphrase. */ - static int -key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, +key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, const char *comment) { Buffer buffer, encrypted; u_char buf[100], *cp; - int fd, i, cipher_num; + int i, cipher_num; CipherContext ciphercontext; Cipher *cipher; u_int32_t rnd; @@ -157,163 +156,222 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, memset(buf, 0, sizeof(buf)); buffer_free(&buffer); - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if (fd < 0) { - error("open %s failed: %s.", filename, strerror(errno)); - buffer_free(&encrypted); - return 0; - } - if (atomicio(vwrite, fd, buffer_ptr(&encrypted), - buffer_len(&encrypted)) != buffer_len(&encrypted)) { - error("write to key file %s failed: %s", filename, - strerror(errno)); - buffer_free(&encrypted); - close(fd); - unlink(filename); - return 0; - } - close(fd); + buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); buffer_free(&encrypted); + return 1; } -/* save SSH v2 key in OpenSSL PEM format */ +/* convert SSH v2 key in OpenSSL PEM format */ static int -key_save_private_pem(Key *key, const char *filename, const char *_passphrase, +key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, const char *comment) { - FILE *fp; - int fd; int success = 0; - int len = strlen(_passphrase); + int blen, len = strlen(_passphrase); u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; #if (OPENSSL_VERSION_NUMBER < 0x00907000L) const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; #else const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; #endif + const u_char *bptr; + BIO *bio; if (len > 0 && len <= 4) { error("passphrase too short: have %d bytes, need > 4", len); return 0; } - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if (fd < 0) { - error("open %s failed: %s.", filename, strerror(errno)); - return 0; - } - fp = fdopen(fd, "w"); - if (fp == NULL) { - error("fdopen %s failed: %s.", filename, strerror(errno)); - close(fd); + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + error("%s: BIO_new failed", __func__); return 0; } switch (key->type) { case KEY_DSA: - success = PEM_write_DSAPrivateKey(fp, key->dsa, + success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, cipher, passphrase, len, NULL, NULL); break; #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: - success = PEM_write_ECPrivateKey(fp, key->ecdsa, + success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, cipher, passphrase, len, NULL, NULL); break; #endif case KEY_RSA: - success = PEM_write_RSAPrivateKey(fp, key->rsa, + success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, cipher, passphrase, len, NULL, NULL); break; } - fclose(fp); + if (success) { + if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) + success = 0; + else + buffer_append(blob, bptr, blen); + } + BIO_free(bio); return success; } -int -key_save_private(Key *key, const char *filename, const char *passphrase, +/* Save a key blob to a file */ +static int +key_save_private_blob(Buffer *keybuf, const char *filename) +{ + int fd; + + if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) { + error("open %s failed: %s.", filename, strerror(errno)); + return 0; + } + if (atomicio(vwrite, fd, buffer_ptr(keybuf), + buffer_len(keybuf)) != buffer_len(keybuf)) { + error("write to key file %s failed: %s", filename, + strerror(errno)); + close(fd); + unlink(filename); + return 0; + } + close(fd); + return 1; +} + +/* Serialise "key" to buffer "blob" */ +static int +key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, const char *comment) { switch (key->type) { case KEY_RSA1: - return key_save_private_rsa1(key, filename, passphrase, - comment); + return key_private_rsa1_to_blob(key, blob, passphrase, comment); case KEY_DSA: case KEY_ECDSA: case KEY_RSA: - return key_save_private_pem(key, filename, passphrase, - comment); + return key_private_pem_to_blob(key, blob, passphrase, comment); default: - break; + error("%s: cannot save key type %d", __func__, key->type); + return 0; } - error("key_save_private: cannot save key type %d", key->type); - return 0; +} + +int +key_save_private(Key *key, const char *filename, const char *passphrase, + const char *comment) +{ + Buffer keyblob; + int success = 0; + + buffer_init(&keyblob); + if (!key_private_to_blob(key, &keyblob, passphrase, comment)) + goto out; + if (!key_save_private_blob(&keyblob, filename)) + goto out; + success = 1; + out: + buffer_free(&keyblob); + return success; } /* - * Loads the public part of the ssh v1 key file. Returns NULL if an error was - * encountered (the file does not exist or is not readable), and the key - * otherwise. + * Parse the public, unencrypted portion of a RSA1 key. */ - static Key * -key_load_public_rsa1(int fd, const char *filename, char **commentp) +key_parse_public_rsa1(Buffer *blob, char **commentp) { - Buffer buffer; Key *pub; - struct stat st; - char *cp; - u_int i; + + /* Check that it is at least big enough to contain the ID string. */ + if (buffer_len(blob) < sizeof(authfile_id_string)) { + debug3("Truncated RSA1 identifier"); + return NULL; + } + + /* + * Make sure it begins with the id string. Consume the id string + * from the buffer. + */ + if (memcmp(buffer_ptr(blob), authfile_id_string, + sizeof(authfile_id_string)) != 0) { + debug3("Incorrect RSA1 identifier"); + return NULL; + } + buffer_consume(blob, sizeof(authfile_id_string)); + + /* Skip cipher type and reserved data. */ + (void) buffer_get_char(blob); /* cipher type */ + (void) buffer_get_int(blob); /* reserved */ + + /* Read the public key from the buffer. */ + (void) buffer_get_int(blob); + pub = key_new(KEY_RSA1); + buffer_get_bignum(blob, pub->rsa->n); + buffer_get_bignum(blob, pub->rsa->e); + if (commentp) + *commentp = buffer_get_string(blob, NULL); + /* The encrypted private part is not parsed by this function. */ + buffer_clear(blob); + + return pub; +} + +/* Load the contents of a key file into a buffer */ +static int +key_load_file(int fd, const char *filename, Buffer *blob) +{ size_t len; + u_char *cp; + struct stat st; if (fstat(fd, &st) < 0) { - error("fstat for key file %.200s failed: %.100s", - filename, strerror(errno)); - return NULL; + error("%s: fstat of key file %.200s%sfailed: %.100s", __func__, + filename == NULL ? "" : filename, + filename == NULL ? "" : " ", + strerror(errno)); + close(fd); + return 0; } if (st.st_size > 1*1024*1024) { - error("key file %.200s too large", filename); - return NULL; + error("%s: key file %.200s%stoo large", __func__, + filename == NULL ? "" : filename, + filename == NULL ? "" : " "); + close(fd); + return 0; } len = (size_t)st.st_size; /* truncated */ - buffer_init(&buffer); - cp = buffer_append_space(&buffer, len); + buffer_init(blob); + cp = buffer_append_space(blob, len); if (atomicio(read, fd, cp, len) != len) { - debug("Read from key file %.200s failed: %.100s", filename, + debug("%s: read from key file %.200s%sfailed: %.100s", __func__, + filename == NULL ? "" : filename, + filename == NULL ? "" : " ", strerror(errno)); - buffer_free(&buffer); - return NULL; + buffer_clear(blob); + close(fd); + return 0; } + return 1; +} - /* Check that it is at least big enough to contain the ID string. */ - if (len < sizeof(authfile_id_string)) { - debug3("Not a RSA1 key file %.200s.", filename); +/* + * Loads the public part of the ssh v1 key file. Returns NULL if an error was + * encountered (the file does not exist or is not readable), and the key + * otherwise. + */ +static Key * +key_load_public_rsa1(int fd, const char *filename, char **commentp) +{ + Buffer buffer; + Key *pub; + + buffer_init(&buffer); + if (!key_load_file(fd, filename, &buffer)) { buffer_free(&buffer); return NULL; } - /* - * Make sure it begins with the id string. Consume the id string - * from the buffer. - */ - for (i = 0; i < sizeof(authfile_id_string); i++) - if (buffer_get_char(&buffer) != authfile_id_string[i]) { - debug3("Not a RSA1 key file %.200s.", filename); - buffer_free(&buffer); - return NULL; - } - /* Skip cipher type and reserved data. */ - (void) buffer_get_char(&buffer); /* cipher type */ - (void) buffer_get_int(&buffer); /* reserved */ - - /* Read the public key from the buffer. */ - (void) buffer_get_int(&buffer); - pub = key_new(KEY_RSA1); - buffer_get_bignum(&buffer, pub->rsa->n); - buffer_get_bignum(&buffer, pub->rsa->e); - if (commentp) - *commentp = buffer_get_string(&buffer, NULL); - /* The encrypted private part is not parsed by this function. */ + pub = key_parse_public_rsa1(&buffer, commentp); + if (pub == NULL) + debug3("Could not load \"%s\" as a RSA1 public key", filename); buffer_free(&buffer); return pub; } @@ -336,113 +394,73 @@ key_load_public_type(int type, const char *filename, char **commentp) return NULL; } -/* - * Loads the private key from the file. Returns 0 if an error is encountered - * (file does not exist or is not readable, or passphrase is bad). This - * initializes the private key. - * Assumes we are called under uid of the owner of the file. - */ - static Key * -key_load_private_rsa1(int fd, const char *filename, const char *passphrase, - char **commentp) +key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) { - u_int i; int check1, check2, cipher_type; - size_t len; - Buffer buffer, decrypted; + Buffer decrypted; u_char *cp; CipherContext ciphercontext; Cipher *cipher; Key *prv = NULL; - struct stat st; - - if (fstat(fd, &st) < 0) { - error("fstat for key file %.200s failed: %.100s", - filename, strerror(errno)); - close(fd); - return NULL; - } - if (st.st_size > 1*1024*1024) { - error("key file %.200s too large", filename); - close(fd); - return (NULL); - } - len = (size_t)st.st_size; /* truncated */ - - buffer_init(&buffer); - cp = buffer_append_space(&buffer, len); - - if (atomicio(read, fd, cp, len) != len) { - debug("Read from key file %.200s failed: %.100s", filename, - strerror(errno)); - buffer_free(&buffer); - close(fd); - return NULL; - } /* Check that it is at least big enough to contain the ID string. */ - if (len < sizeof(authfile_id_string)) { - debug3("Not a RSA1 key file %.200s.", filename); - buffer_free(&buffer); - close(fd); + if (buffer_len(blob) < sizeof(authfile_id_string)) { + debug3("Truncated RSA1 identifier"); return NULL; } + /* * Make sure it begins with the id string. Consume the id string * from the buffer. */ - for (i = 0; i < sizeof(authfile_id_string); i++) - if (buffer_get_char(&buffer) != authfile_id_string[i]) { - debug3("Not a RSA1 key file %.200s.", filename); - buffer_free(&buffer); - close(fd); - return NULL; - } + if (memcmp(buffer_ptr(blob), authfile_id_string, + sizeof(authfile_id_string)) != 0) { + debug3("Incorrect RSA1 identifier"); + return NULL; + } + buffer_consume(blob, sizeof(authfile_id_string)); /* Read cipher type. */ - cipher_type = buffer_get_char(&buffer); - (void) buffer_get_int(&buffer); /* Reserved data. */ + cipher_type = buffer_get_char(blob); + (void) buffer_get_int(blob); /* Reserved data. */ /* Read the public key from the buffer. */ - (void) buffer_get_int(&buffer); + (void) buffer_get_int(blob); prv = key_new_private(KEY_RSA1); - buffer_get_bignum(&buffer, prv->rsa->n); - buffer_get_bignum(&buffer, prv->rsa->e); + buffer_get_bignum(blob, prv->rsa->n); + buffer_get_bignum(blob, prv->rsa->e); if (commentp) - *commentp = buffer_get_string(&buffer, NULL); + *commentp = buffer_get_string(blob, NULL); else - xfree(buffer_get_string(&buffer, NULL)); + (void)buffer_get_string_ptr(blob, NULL); /* Check that it is a supported cipher. */ cipher = cipher_by_number(cipher_type); if (cipher == NULL) { - debug("Unsupported cipher %d used in key file %.200s.", - cipher_type, filename); - buffer_free(&buffer); + debug("Unsupported RSA1 cipher %d", cipher_type); goto fail; } /* Initialize space for decrypted data. */ buffer_init(&decrypted); - cp = buffer_append_space(&decrypted, buffer_len(&buffer)); + cp = buffer_append_space(&decrypted, buffer_len(blob)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_DECRYPT); cipher_crypt(&ciphercontext, cp, - buffer_ptr(&buffer), buffer_len(&buffer)); + buffer_ptr(blob), buffer_len(blob)); cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); - buffer_free(&buffer); + buffer_clear(blob); check1 = buffer_get_char(&decrypted); check2 = buffer_get_char(&decrypted); if (check1 != buffer_get_char(&decrypted) || check2 != buffer_get_char(&decrypted)) { if (strcmp(passphrase, "") != 0) - debug("Bad passphrase supplied for key file %.200s.", - filename); + debug("Bad passphrase supplied for RSA1 key"); /* Bad passphrase. */ buffer_free(&decrypted); goto fail; @@ -461,38 +479,37 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, /* enable blinding */ if (RSA_blinding_on(prv->rsa, NULL) != 1) { - error("key_load_private_rsa1: RSA_blinding_on failed"); + error("%s: RSA_blinding_on failed", __func__); goto fail; } - close(fd); return prv; fail: if (commentp) xfree(*commentp); - close(fd); key_free(prv); return NULL; } -Key * -key_load_private_pem(int fd, int type, const char *passphrase, +static Key * +key_parse_private_pem(Buffer *blob, int type, const char *passphrase, char **commentp) { - FILE *fp; EVP_PKEY *pk = NULL; Key *prv = NULL; char *name = ""; + BIO *bio; - fp = fdopen(fd, "r"); - if (fp == NULL) { - error("fdopen failed: %s", strerror(errno)); - close(fd); + if ((bio = BIO_new_mem_buf(buffer_ptr(blob), + buffer_len(blob))) == NULL) { + error("%s: BIO_new_mem_buf failed", __func__); return NULL; } - pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase); + + pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase); + BIO_free(bio); if (pk == NULL) { - debug("PEM_read_PrivateKey failed"); + debug("%s: PEM_read_PrivateKey failed", __func__); (void)ERR_get_error(); } else if (pk->type == EVP_PKEY_RSA && (type == KEY_UNSPEC||type==KEY_RSA)) { @@ -504,7 +521,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, RSA_print_fp(stderr, prv->rsa, 8); #endif if (RSA_blinding_on(prv->rsa, NULL) != 1) { - error("key_load_private_pem: RSA_blinding_on failed"); + error("%s: RSA_blinding_on failed", __func__); key_free(prv); prv = NULL; } @@ -539,10 +556,9 @@ key_load_private_pem(int fd, int type, const char *passphrase, #endif #endif /* OPENSSL_HAS_ECC */ } else { - error("PEM_read_PrivateKey: mismatch or " - "unknown EVP_PKEY save_type %d", pk->save_type); + error("%s: PEM_read_PrivateKey: mismatch or " + "unknown EVP_PKEY save_type %d", __func__, pk->save_type); } - fclose(fp); if (pk != NULL) EVP_PKEY_free(pk); if (prv != NULL && commentp) @@ -552,6 +568,23 @@ key_load_private_pem(int fd, int type, const char *passphrase, return prv; } +Key * +key_load_private_pem(int fd, int type, const char *passphrase, + char **commentp) +{ + Buffer buffer; + Key *prv; + + buffer_init(&buffer); + if (!key_load_file(fd, NULL, &buffer)) { + buffer_free(&buffer); + return NULL; + } + prv = key_parse_private_pem(&buffer, type, passphrase, commentp); + buffer_free(&buffer); + return prv; +} + int key_perm_ok(int fd, const char *filename) { @@ -580,11 +613,31 @@ key_perm_ok(int fd, const char *filename) return 1; } +static Key * +key_parse_private_type(Buffer *blob, int type, const char *passphrase, + char **commentp) +{ + switch (type) { + case KEY_RSA1: + return key_parse_private_rsa1(blob, passphrase, commentp); + case KEY_DSA: + case KEY_ECDSA: + case KEY_RSA: + case KEY_UNSPEC: + return key_parse_private_pem(blob, type, passphrase, commentp); + default: + break; + } + return NULL; +} + Key * key_load_private_type(int type, const char *filename, const char *passphrase, char **commentp, int *perm_ok) { int fd; + Key *ret; + Buffer buffer; fd = open(filename, O_RDONLY); if (fd < 0) { @@ -603,22 +656,17 @@ key_load_private_type(int type, const char *filename, const char *passphrase, } if (perm_ok != NULL) *perm_ok = 1; - switch (type) { - case KEY_RSA1: - return key_load_private_rsa1(fd, filename, passphrase, - commentp); - /* closes fd */ - case KEY_DSA: - case KEY_ECDSA: - case KEY_RSA: - case KEY_UNSPEC: - return key_load_private_pem(fd, type, passphrase, commentp); - /* closes fd */ - default: + + buffer_init(&buffer); + if (!key_load_file(fd, filename, &buffer)) { + buffer_free(&buffer); close(fd); - break; + return NULL; } - return NULL; + close(fd); + ret = key_parse_private_type(&buffer, type, passphrase, commentp); + buffer_free(&buffer); + return ret; } Key * @@ -626,6 +674,7 @@ key_load_private(const char *filename, const char *passphrase, char **commentp) { Key *pub, *prv; + Buffer buffer, pubcopy; int fd; fd = open(filename, O_RDONLY); @@ -639,20 +688,32 @@ key_load_private(const char *filename, const char *passphrase, close(fd); return NULL; } - pub = key_load_public_rsa1(fd, filename, commentp); - lseek(fd, (off_t) 0, SEEK_SET); /* rewind */ + + buffer_init(&buffer); + if (!key_load_file(fd, filename, &buffer)) { + buffer_free(&buffer); + close(fd); + return NULL; + } + close(fd); + + buffer_init(&pubcopy); + buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer)); + /* it's a SSH v1 key if the public key part is readable */ + pub = key_parse_public_rsa1(&pubcopy, commentp); + buffer_free(&pubcopy); if (pub == NULL) { - /* closes fd */ - prv = key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL); + prv = key_parse_private_type(&buffer, KEY_UNSPEC, + passphrase, NULL); /* use the filename as a comment for PEM */ if (commentp && prv) *commentp = xstrdup(filename); } else { - /* it's a SSH v1 key if the public key part is readable */ key_free(pub); - /* closes fd */ - prv = key_load_private_rsa1(fd, filename, passphrase, NULL); + prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase, + commentp); } + buffer_free(&buffer); return prv; } -- cgit v1.2.3 From 6a740e7b92c8dba96e81ad3979849e7abcd26829 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:01:51 +1100 Subject: - djm@cvs.openbsd.org 2010/11/23 02:35:50 [auth.c] use strict_modes already passed as function argument over referencing global options.strict_modes --- ChangeLog | 4 ++++ auth.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1b1cd5242..de1fb753d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ Refactor internals of private key loading and saving to work on memory buffers rather than directly on files. This will make a few things easier to do in the future; ok markus@ + - djm@cvs.openbsd.org 2010/11/23 02:35:50 + [auth.c] + use strict_modes already passed as function argument over referencing + global options.strict_modes 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/auth.c b/auth.c index dba1e6555..6fe1b21a4 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.89 2010/08/04 05:42:47 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.90 2010/11/23 02:35:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -518,7 +518,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, close(fd); return NULL; } - if (options.strict_modes && + if (strict_modes && secure_filename(f, file, pw, line, sizeof(line)) != 0) { fclose(f); logit("Authentication refused: %s", line); -- cgit v1.2.3 From d0fdd6818c1633656fd47ee1de9438130eb9eb03 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:02:14 +1100 Subject: - djm@cvs.openbsd.org 2010/11/23 23:57:24 [clientloop.c] avoid NULL deref on receiving a channel request on an unknown or invalid channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ --- ChangeLog | 4 ++++ clientloop.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index de1fb753d..39d88701a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ [auth.c] use strict_modes already passed as function argument over referencing global options.strict_modes + - djm@cvs.openbsd.org 2010/11/23 23:57:24 + [clientloop.c] + avoid NULL deref on receiving a channel request on an unknown or invalid + channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/clientloop.c b/clientloop.c index 076386cc2..91eea8562 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.225 2010/11/21 01:01:13 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.226 2010/11/23 23:57:24 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1933,7 +1933,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); } - if (reply) { + if (reply && c != NULL) { packet_start(success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); packet_put_int(c->remote_id); -- cgit v1.2.3 From b7f827ae4586f6637bcad36b65ebafb51e727f36 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:02:35 +1100 Subject: - djm@cvs.openbsd.org 2010/11/24 01:24:14 [channels.c] remove a debug() that pollutes stderr on client connecting to a server in debug mode (channel_close_fds is called transitively from the session code post-fork); bz#1719, ok dtucker --- ChangeLog | 5 +++++ channels.c | 5 +---- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 39d88701a..25506a077 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,11 @@ [clientloop.c] avoid NULL deref on receiving a channel request on an unknown or invalid channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ + - djm@cvs.openbsd.org 2010/11/24 01:24:14 + [channels.c] + remove a debug() that pollutes stderr on client connecting to a server + in debug mode (channel_close_fds is called transitively from the session + code post-fork); bz#1719, ok dtucker 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/channels.c b/channels.c index 1cd5004c4..6abe2d012 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.309 2010/08/05 13:08:42 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -373,9 +373,6 @@ channel_close_fd(int *fdp) static void channel_close_fds(Channel *c) { - debug3("channel %d: close_fds r %d w %d e %d", - c->self, c->rfd, c->wfd, c->efd); - channel_close_fd(&c->sock); channel_close_fd(&c->rfd); channel_close_fd(&c->wfd); -- cgit v1.2.3 From f80c3deaafcb8194ba95e219f1b70e418bea3542 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:02:59 +1100 Subject: - djm@cvs.openbsd.org 2010/11/25 04:10:09 [session.c] replace close() loop for fds 3->64 with closefrom(); ok markus deraadt dtucker --- ChangeLog | 4 ++++ session.c | 7 ++----- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 25506a077..5c3ae0375 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,10 @@ remove a debug() that pollutes stderr on client connecting to a server in debug mode (channel_close_fds is called transitively from the session code post-fork); bz#1719, ok dtucker + - djm@cvs.openbsd.org 2010/11/25 04:10:09 + [session.c] + replace close() loop for fds 3->64 with closefrom(); + ok markus deraadt dtucker 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/session.c b/session.c index 3758f0fd1..fff31b02e 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.257 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: session.c,v 1.258 2010/11/25 04:10:09 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1569,8 +1569,6 @@ launch_login(struct passwd *pw, const char *hostname) static void child_close_fds(void) { - int i; - if (packet_get_connection_in() == packet_get_connection_out()) close(packet_get_connection_in()); else { @@ -1596,8 +1594,7 @@ child_close_fds(void) * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ - for (i = 3; i < 64; i++) - close(i); + closefrom(STDERR_FILENO + 1); } /* -- cgit v1.2.3 From 87dc0a4188191f5de738e61b3cd1cfc90582329a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:03:19 +1100 Subject: - djm@cvs.openbsd.org 2010/11/26 05:52:49 [scp.c] Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@ --- ChangeLog | 5 +++++ scp.c | 32 ++++++++++++++++++++++---------- 2 files changed, 27 insertions(+), 10 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5c3ae0375..7c7297731 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,6 +29,11 @@ [session.c] replace close() loop for fds 3->64 with closefrom(); ok markus deraadt dtucker + - djm@cvs.openbsd.org 2010/11/26 05:52:49 + [scp.c] + Pass through ssh command-line flags and options when doing remote-remote + transfers, e.g. to enable agent forwarding which is particularly useful + in this case; bz#1837 ok dtucker@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/scp.c b/scp.c index a4066c668..774e602f2 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.167 2010/09/22 22:58:51 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.168 2010/11/26 05:52:49 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -122,6 +122,7 @@ int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); /* Struct for addargs */ arglist args; +arglist remote_remote_args; /* Bandwidth limit */ long long limit_kbps = 0; @@ -334,12 +335,13 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); memset(&args, '\0', sizeof(args)); - args.list = NULL; + memset(&remote_remote_args, '\0', sizeof(remote_remote_args)); + args.list = remote_remote_args.list = NULL; addargs(&args, "%s", ssh_program); addargs(&args, "-x"); - addargs(&args, "-oForwardAgent no"); - addargs(&args, "-oPermitLocalCommand no"); - addargs(&args, "-oClearAllForwardings yes"); + addargs(&args, "-oForwardAgent=no"); + addargs(&args, "-oPermitLocalCommand=no"); + addargs(&args, "-oClearAllForwardings=yes"); fflag = tflag = 0; while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) @@ -351,20 +353,26 @@ main(int argc, char **argv) case '6': case 'C': addargs(&args, "-%c", ch); + addargs(&remote_remote_args, "-%c", ch); break; case 'o': case 'c': case 'i': case 'F': + addargs(&remote_remote_args, "-%c", ch); + addargs(&remote_remote_args, "%s", optarg); addargs(&args, "-%c", ch); addargs(&args, "%s", optarg); break; case 'P': + addargs(&remote_remote_args, "-p"); + addargs(&remote_remote_args, "%s", optarg); addargs(&args, "-p"); addargs(&args, "%s", optarg); break; case 'B': - addargs(&args, "-oBatchmode yes"); + addargs(&remote_remote_args, "-oBatchmode=yes"); + addargs(&args, "-oBatchmode=yes"); break; case 'l': limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024, @@ -385,10 +393,12 @@ main(int argc, char **argv) break; case 'v': addargs(&args, "-v"); + addargs(&remote_remote_args, "-v"); verbose_mode = 1; break; case 'q': addargs(&args, "-q"); + addargs(&remote_remote_args, "-q"); showprogress = 0; break; @@ -492,6 +502,7 @@ toremote(char *targ, int argc, char **argv) char *bp, *host, *src, *suser, *thost, *tuser, *arg; arglist alist; int i; + u_int j; memset(&alist, '\0', sizeof(alist)); alist.list = NULL; @@ -522,12 +533,13 @@ toremote(char *targ, int argc, char **argv) if (src) { /* remote to remote */ freeargs(&alist); addargs(&alist, "%s", ssh_program); - if (verbose_mode) - addargs(&alist, "-v"); addargs(&alist, "-x"); - addargs(&alist, "-oClearAllForwardings yes"); + addargs(&alist, "-oClearAllForwardings=yes"); addargs(&alist, "-n"); - + for (j = 0; j < remote_remote_args.num; j++) { + addargs(&alist, "%s", + remote_remote_args.list[j]); + } *src++ = 0; if (*src == 0) src = "."; -- cgit v1.2.3 From 03c0e533de56a1fc55ec1885d35c3197fdefbf94 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:03:39 +1100 Subject: - markus@cvs.openbsd.org 2010/11/29 18:57:04 [authfile.c] correctly load comment for encrypted rsa1 keys; report/fix Joachim Schipper; ok djm@ --- ChangeLog | 4 ++++ authfile.c | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7c7297731..44e45eb8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,10 @@ Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@ + - markus@cvs.openbsd.org 2010/11/29 18:57:04 + [authfile.c] + correctly load comment for encrypted rsa1 keys; + report/fix Joachim Schipper; ok djm@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/authfile.c b/authfile.c index f75c273fc..f2aec267a 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.86 2010/11/21 10:57:07 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -710,8 +710,9 @@ key_load_private(const char *filename, const char *passphrase, *commentp = xstrdup(filename); } else { key_free(pub); + /* key_parse_public_rsa1() has already loaded the comment */ prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase, - commentp); + NULL); } buffer_free(&buffer); return prv; -- cgit v1.2.3 From d925dcd8a5d1a3070061006788352bed93260582 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:21:51 +1100 Subject: - djm@cvs.openbsd.org 2010/11/29 23:45:51 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] [sshconnect.h sshconnect2.c] automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@ --- ChangeLog | 7 ++ auth.c | 30 +++--- hostfile.c | 301 ++++++++++++++++++++++++++++++++++------------------------ hostfile.h | 30 ++++-- ssh.c | 4 +- ssh_config.5 | 7 +- sshconnect.c | 291 +++++++++++++++++++++++++++++--------------------------- sshconnect.h | 11 ++- sshconnect2.c | 62 +++++++++++- 9 files changed, 452 insertions(+), 291 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 44e45eb8a..6ee7c0014 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,13 @@ [authfile.c] correctly load comment for encrypted rsa1 keys; report/fix Joachim Schipper; ok djm@ + - djm@cvs.openbsd.org 2010/11/29 23:45:51 + [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] + [sshconnect.h sshconnect2.c] + automatically order the hostkeys requested by the client based on + which hostkeys are already recorded in known_hosts. This avoids + hostkey warnings when connecting to servers with new ECDSA keys + that are preferred by default; with markus@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/auth.c b/auth.c index 6fe1b21a4..33680b91b 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.90 2010/11/23 02:35:50 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -379,16 +379,15 @@ HostStatus check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, const char *sysfile, const char *userfile) { - Key *found; char *user_hostfile; struct stat st; HostStatus host_status; + struct hostkeys *hostkeys; + const struct hostkey_entry *found; - /* Check if we know the host and its host key. */ - found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); - host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); - - if (host_status != HOST_OK && userfile != NULL) { + hostkeys = init_hostkeys(); + load_hostkeys(hostkeys, host, sysfile); + if (userfile != NULL) { user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && (stat(user_hostfile, &st) == 0) && @@ -401,16 +400,23 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, user_hostfile); } else { temporarily_use_uid(pw); - host_status = check_host_in_hostfile(user_hostfile, - host, key, found, NULL); + load_hostkeys(hostkeys, host, user_hostfile); restore_uid(); } xfree(user_hostfile); } - key_free(found); + host_status = check_key_in_hostkeys(hostkeys, key, &found); + if (host_status == HOST_REVOKED) + error("WARNING: revoked key for %s attempted authentication", + found->host); + else if (host_status == HOST_OK) + debug("%s: key for %s found at %s:%ld", __func__, + found->host, found->file, found->line); + else + debug("%s: key for host %s not found", __func__, host); + + free_hostkeys(hostkeys); - debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? - "ok" : "not found", host); return host_status; } diff --git a/hostfile.c b/hostfile.c index afab6dad1..9145529cb 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.48 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.49 2010/11/29 23:45:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -56,6 +56,12 @@ #include "key.h" #include "hostfile.h" #include "log.h" +#include "misc.h" + +struct hostkeys { + struct hostkey_entry *entries; + u_int num_entries; +}; static int extract_salt(const char *s, u_int l, char *salt, size_t salt_len) @@ -164,26 +170,28 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) /* Return results. */ *cpp = cp; - *bitsp = key_size(ret); + if (bitsp != NULL) + *bitsp = key_size(ret); return 1; } static int -hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, int linenum) +hostfile_check_key(int bits, const Key *key, const char *host, + const char *filename, u_long linenum) { if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; if (bits != BN_num_bits(key->rsa->n)) { - logit("Warning: %s, line %d: keysize mismatch for host %s: " + logit("Warning: %s, line %lu: keysize mismatch for host %s: " "actual %d vs. announced %d.", filename, linenum, host, BN_num_bits(key->rsa->n), bits); - logit("Warning: replace %d with %d in %s, line %d.", + logit("Warning: replace %d with %d in %s, line %lu.", bits, BN_num_bits(key->rsa->n), filename, linenum); } return 1; } -static enum { MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA } +static HostkeyMarker check_markers(char **cpp) { char marker[32], *sp, *cp = *cpp; @@ -218,49 +226,32 @@ check_markers(char **cpp) return ret; } -/* - * Checks whether the given host (which must be in all lowercase) is already - * in the list of our known hosts. Returns HOST_OK if the host is known and - * has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED - * if the host is known but used to have a different host key. - * - * If no 'key' has been specified and a key of type 'keytype' is known - * for the specified host, then HOST_FOUND is returned. - */ +struct hostkeys * +init_hostkeys(void) +{ + struct hostkeys *ret = xcalloc(1, sizeof(*ret)); -static HostStatus -check_host_in_hostfile_by_key_or_type(const char *filename, - const char *host, const Key *key, int keytype, Key *found, - int want_revocation, int *numret) + ret->entries = NULL; + return ret; +} + +void +load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) { FILE *f; char line[8192]; - int want, have, linenum = 0, want_cert = key_is_cert(key); - u_int kbits; + u_long linenum = 0, num_loaded = 0; char *cp, *cp2, *hashed_host; - HostStatus end_return; - - debug3("check_host_in_hostfile: host %s filename %s", host, filename); - - if (want_revocation && (key == NULL || keytype != 0 || found != NULL)) - fatal("%s: invalid arguments", __func__); - - /* Open the file containing the list of known hosts. */ - f = fopen(filename, "r"); - if (!f) - return HOST_NEW; - - /* - * Return value when the loop terminates. This is set to - * HOST_CHANGED if we have seen a different key for the host and have - * not found the proper one. - */ - end_return = HOST_NEW; - - /* Go through the file. */ - while (fgets(line, sizeof(line), f)) { + HostkeyMarker marker; + Key *key; + int kbits; + + if ((f = fopen(path, "r")) == NULL) + return; + debug3("%s: loading entries for host \"%.100s\" from file \"%s\"", + __func__, host, path); + while (read_keyfile_line(f, path, line, sizeof(line), &linenum) == 0) { cp = line; - linenum++; /* Skip any leading whitespace, comments and empty lines. */ for (; *cp == ' ' || *cp == '\t'; cp++) @@ -268,19 +259,11 @@ check_host_in_hostfile_by_key_or_type(const char *filename, if (!*cp || *cp == '#' || *cp == '\n') continue; - if (want_revocation) - want = MRK_REVOKE; - else if (want_cert) - want = MRK_CA; - else - want = MRK_NONE; - - if ((have = check_markers(&cp)) == MRK_ERROR) { - verbose("%s: invalid marker at %s:%d", - __func__, filename, linenum); - continue; - } else if (want != have) + if ((marker = check_markers(&cp)) == MRK_ERROR) { + verbose("%s: invalid marker at %s:%lu", + __func__, path, linenum); continue; + } /* Find the end of the host name portion. */ for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++) @@ -292,8 +275,8 @@ check_host_in_hostfile_by_key_or_type(const char *filename, continue; hashed_host = host_hash(host, cp, (u_int) (cp2 - cp)); if (hashed_host == NULL) { - debug("Invalid hashed host line %d of %s", - linenum, filename); + debug("Invalid hashed host line %lu of %s", + linenum, path); continue; } if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0) @@ -303,98 +286,166 @@ check_host_in_hostfile_by_key_or_type(const char *filename, /* Got a match. Skip host name. */ cp = cp2; - if (want_revocation) - found = key_new(KEY_UNSPEC); - /* * Extract the key from the line. This will skip any leading * whitespace. Ignore badly formatted lines. */ - if (!hostfile_read_key(&cp, &kbits, found)) + key = key_new(KEY_UNSPEC); + if (!hostfile_read_key(&cp, &kbits, key)) { + key_free(key); + key = key_new(KEY_RSA1); + if (!hostfile_read_key(&cp, &kbits, key)) { + key_free(key); + continue; + } + } + if (!hostfile_check_key(kbits, key, host, path, linenum)) continue; - if (numret != NULL) - *numret = linenum; + debug3("%s: found %skey type %s in file %s:%lu", __func__, + marker == MRK_NONE ? "" : + (marker == MRK_CA ? "ca " : "revoked "), + key_type(key), path, linenum); + hostkeys->entries = xrealloc(hostkeys->entries, + hostkeys->num_entries + 1, sizeof(*hostkeys->entries)); + hostkeys->entries[hostkeys->num_entries].host = xstrdup(host); + hostkeys->entries[hostkeys->num_entries].file = xstrdup(path); + hostkeys->entries[hostkeys->num_entries].line = linenum; + hostkeys->entries[hostkeys->num_entries].key = key; + hostkeys->entries[hostkeys->num_entries].marker = marker; + hostkeys->num_entries++; + num_loaded++; + } + debug3("%s: loaded %lu keys", __func__, num_loaded); + return; +} - if (key == NULL) { - /* we found a key of the requested type */ - if (found->type == keytype) { - fclose(f); - return HOST_FOUND; - } - continue; - } +void +free_hostkeys(struct hostkeys *hostkeys) +{ + u_int i; + + for (i = 0; i < hostkeys->num_entries; i++) { + xfree(hostkeys->entries[i].host); + xfree(hostkeys->entries[i].file); + key_free(hostkeys->entries[i].key); + bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); + } + if (hostkeys->entries != NULL) + xfree(hostkeys->entries); + hostkeys->entries = NULL; + hostkeys->num_entries = 0; + xfree(hostkeys); +} - if (!hostfile_check_key(kbits, found, host, filename, linenum)) +static int +check_key_not_revoked(struct hostkeys *hostkeys, Key *k) +{ + int is_cert = key_is_cert(k); + u_int i; + + for (i = 0; i < hostkeys->num_entries; i++) { + if (hostkeys->entries[i].marker != MRK_REVOKE) continue; + if (key_equal_public(k, hostkeys->entries[i].key)) + return -1; + if (is_cert && + key_equal_public(k->cert->signature_key, + hostkeys->entries[i].key)) + return -1; + } + return 0; +} - if (want_revocation) { - if (key_is_cert(key) && - key_equal_public(key->cert->signature_key, found)) { - verbose("check_host_in_hostfile: revoked CA " - "line %d", linenum); - key_free(found); - return HOST_REVOKED; - } - if (key_equal_public(key, found)) { - verbose("check_host_in_hostfile: revoked key " - "line %d", linenum); - key_free(found); - return HOST_REVOKED; - } - key_free(found); +/* + * Match keys against a specified key, or look one up by key type. + * + * If looking for a keytype (key == NULL) and one is found then return + * HOST_FOUND, otherwise HOST_NEW. + * + * If looking for a key (key != NULL): + * 1. If the key is a cert and a matching CA is found, return HOST_OK + * 2. If the key is not a cert and a matching key is found, return HOST_OK + * 3. If no key matches but a key with a different type is found, then + * return HOST_CHANGED + * 4. If no matching keys are found, then return HOST_NEW. + * + * Finally, check any found key is not revoked. + */ +static HostStatus +check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, + Key *k, int keytype, const struct hostkey_entry **found) +{ + u_int i; + HostStatus end_return = HOST_NEW; + int want_cert = key_is_cert(k); + HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; + int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2; + + if (found != NULL) + *found = NULL; + + for (i = 0; i < hostkeys->num_entries; i++) { + if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1) + continue; + if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1) continue; + if (hostkeys->entries[i].marker != want_marker) + continue; + if (k == NULL) { + if (hostkeys->entries[i].key->type != keytype) + continue; + end_return = HOST_FOUND; + if (found != NULL) + *found = hostkeys->entries + i; + k = hostkeys->entries[i].key; + break; } - - /* Check if the current key is the same as the given key. */ - if (want_cert && key_equal(key->cert->signature_key, found)) { - /* Found CA cert for key */ - debug3("check_host_in_hostfile: CA match line %d", - linenum); - fclose(f); - return HOST_OK; - } else if (!want_cert && key_equal(key, found)) { - /* Found identical key */ - debug3("check_host_in_hostfile: match line %d", linenum); - fclose(f); - return HOST_OK; + if (want_cert) { + if (key_equal_public(k->cert->signature_key, + hostkeys->entries[i].key)) { + /* A matching CA exists */ + end_return = HOST_OK; + if (found != NULL) + *found = hostkeys->entries + i; + break; + } + } else { + if (key_equal(k, hostkeys->entries[i].key)) { + end_return = HOST_OK; + if (found != NULL) + *found = hostkeys->entries + i; + break; + } + /* A non-maching key exists */ + end_return = HOST_CHANGED; + if (found != NULL) + *found = hostkeys->entries + i; } - /* - * They do not match. We will continue to go through the - * file; however, we note that we will not return that it is - * new. - */ - end_return = HOST_CHANGED; } - /* Clear variables and close the file. */ - fclose(f); - - /* - * Return either HOST_NEW or HOST_CHANGED, depending on whether we - * saw a different key for the host. - */ + if (check_key_not_revoked(hostkeys, k) != 0) { + end_return = HOST_REVOKED; + if (found != NULL) + *found = NULL; + } return end_return; } - + HostStatus -check_host_in_hostfile(const char *filename, const char *host, const Key *key, - Key *found, int *numret) +check_key_in_hostkeys(struct hostkeys *hostkeys, Key *key, + const struct hostkey_entry **found) { if (key == NULL) fatal("no key to look up"); - if (check_host_in_hostfile_by_key_or_type(filename, host, - key, 0, NULL, 1, NULL) == HOST_REVOKED) - return HOST_REVOKED; - return check_host_in_hostfile_by_key_or_type(filename, host, key, 0, - found, 0, numret); + return check_hostkeys_by_key_or_type(hostkeys, key, 0, found); } int -lookup_key_in_hostfile_by_type(const char *filename, const char *host, - int keytype, Key *found, int *numret) +lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype, + const struct hostkey_entry **found) { - return (check_host_in_hostfile_by_key_or_type(filename, host, NULL, - keytype, found, 0, numret) == HOST_FOUND); + return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype, + found) == HOST_FOUND); } /* diff --git a/hostfile.h b/hostfile.h index 1d460c1a9..d84d422ff 100644 --- a/hostfile.h +++ b/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.18 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: hostfile.h,v 1.19 2010/11/29 23:45:51 djm Exp $ */ /* * Author: Tatu Ylonen @@ -18,12 +18,30 @@ typedef enum { HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND } HostStatus; +typedef enum { + MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA +} HostkeyMarker; + +struct hostkey_entry { + char *host; + char *file; + u_long line; + Key *key; + HostkeyMarker marker; +}; +struct hostkeys; + +struct hostkeys *init_hostkeys(void); +void load_hostkeys(struct hostkeys *, const char *, const char *); +void free_hostkeys(struct hostkeys *); + +HostStatus check_key_in_hostkeys(struct hostkeys *, Key *, + const struct hostkey_entry **); +int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, + const struct hostkey_entry **); + int hostfile_read_key(char **, u_int *, Key *); -HostStatus check_host_in_hostfile(const char *, const char *, - const Key *, Key *, int *); -int add_host_to_hostfile(const char *, const char *, const Key *, int); -int lookup_key_in_hostfile_by_type(const char *, const char *, - int, Key *, int *); +int add_host_to_hostfile(const char *, const char *, const Key *, int); #define HASH_MAGIC "|1|" #define HASH_DELIM '|' diff --git a/ssh.c b/ssh.c index f413f8a5c..ec690ae38 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.354 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.355 2010/11/29 23:45:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -880,7 +880,7 @@ main(int ac, char **av) /* Log into the remote system. Never returns if the login fails. */ ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, - pw, timeout_ms); + options.port, pw, timeout_ms); if (packet_connection_is_on_socket()) { verbose("Authenticated to %s ([%s]:%d).", host, diff --git a/ssh_config.5 b/ssh_config.5 index a51a37dde..5c6673de3 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.144 2010/11/15 07:40:14 jmc Exp $ -.Dd $Mdocdate: November 15 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.145 2010/11/29 23:45:51 djm Exp $ +.Dd $Mdocdate: November 29 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -555,6 +555,9 @@ ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-rsa,ssh-dss .Ed +.Pp +If hostkeys are known for the destination host then this default is modified +to prefer their algorithms. .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key diff --git a/sshconnect.c b/sshconnect.c index 78068c602..064bb74b3 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.228 2010/10/06 21:10:21 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.229 2010/11/29 23:45:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -75,7 +75,7 @@ extern char *__progname; extern uid_t original_real_uid; extern uid_t original_effective_uid; -static int show_other_keys(const char *, Key *); +static int show_other_keys(struct hostkeys *, Key *); static void warn_changed_key(Key *); /* @@ -607,6 +607,79 @@ check_host_cert(const char *host, const Key *host_key) return 1; } +static int +sockaddr_is_local(struct sockaddr *hostaddr) +{ + switch (hostaddr->sa_family) { + case AF_INET: + return (ntohl(((struct sockaddr_in *)hostaddr)-> + sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; + case AF_INET6: + return IN6_IS_ADDR_LOOPBACK( + &(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); + default: + return 0; + } +} + +/* + * Prepare the hostname and ip address strings that are used to lookup + * host keys in known_hosts files. These may have a port number appended. + */ +void +get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, + u_short port, char **hostfile_hostname, char **hostfile_ipaddr) +{ + char ntop[NI_MAXHOST]; + socklen_t addrlen; + + switch (hostaddr == NULL ? -1 : hostaddr->sa_family) { + case -1: + addrlen = 0; + break; + case AF_INET: + addrlen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + addrlen = sizeof(struct sockaddr_in6); + break; + default: + addrlen = sizeof(struct sockaddr); + break; + } + + /* + * We don't have the remote ip-address for connections + * using a proxy command + */ + if (hostfile_ipaddr != NULL) { + if (options.proxy_command == NULL) { + if (getnameinfo(hostaddr, addrlen, + ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) + fatal("check_host_key: getnameinfo failed"); + *hostfile_ipaddr = put_host_port(ntop, port); + } else { + *hostfile_ipaddr = xstrdup(""); + } + } + + /* + * Allow the user to record the key under a different name or + * differentiate a non-standard port. This is useful for ssh + * tunneling over forwarded connections or if you run multiple + * sshd's on different ports on the same machine. + */ + if (hostfile_hostname != NULL) { + if (options.host_key_alias != NULL) { + *hostfile_hostname = xstrdup(options.host_key_alias); + debug("using hostkeyalias: %s", *hostfile_hostname); + } else { + *hostfile_hostname = put_host_port(hostname, port); + } + } +} + /* * check whether the supplied host key is valid, return -1 if the key * is not valid. the user_hostfile will not be updated if 'readonly' is true. @@ -616,21 +689,21 @@ check_host_cert(const char *host, const Key *host_key) #define ROQUIET 2 static int check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, - Key *host_key, int readonly, const char *user_hostfile, - const char *system_hostfile) + Key *host_key, int readonly, char *user_hostfile, + char *system_hostfile) { - Key *file_key, *raw_key = NULL; + Key *raw_key = NULL; const char *type; char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; HostStatus host_status; HostStatus ip_status; - int r, want_cert, local = 0, host_ip_differ = 0; - int salen; - char ntop[NI_MAXHOST]; + int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; + int local = sockaddr_is_local(hostaddr); char msg[1024]; - int len, host_line, ip_line, cancelled_forwarding = 0; - const char *host_file = NULL, *ip_file = NULL; + int len, cancelled_forwarding = 0; + struct hostkeys *host_hostkeys, *ip_hostkeys; + const struct hostkey_entry *host_found, *ip_found; /* * Force accepting of the host key for loopback/localhost. The @@ -640,23 +713,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, * essentially disables host authentication for localhost; however, * this is probably not a real problem. */ - /** hostaddr == 0! */ - switch (hostaddr->sa_family) { - case AF_INET: - local = (ntohl(((struct sockaddr_in *)hostaddr)-> - sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; - salen = sizeof(struct sockaddr_in); - break; - case AF_INET6: - local = IN6_IS_ADDR_LOOPBACK( - &(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); - salen = sizeof(struct sockaddr_in6); - break; - default: - local = 0; - salen = sizeof(struct sockaddr_storage); - break; - } if (options.no_host_authentication_for_localhost == 1 && local && options.host_key_alias == NULL) { debug("Forcing accepting of host key for " @@ -665,17 +721,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, } /* - * We don't have the remote ip-address for connections - * using a proxy command + * Prepare the hostname and address strings used for hostkey lookup. + * In some cases, these will have a port number appended. */ - if (options.proxy_command == NULL) { - if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), - NULL, 0, NI_NUMERICHOST) != 0) - fatal("check_host_key: getnameinfo failed"); - ip = put_host_port(ntop, port); - } else { - ip = xstrdup(""); - } + get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip); /* * Turn off check_host_ip if the connection is to localhost, via proxy @@ -685,74 +734,52 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) options.check_host_ip = 0; - /* - * Allow the user to record the key under a different name or - * differentiate a non-standard port. This is useful for ssh - * tunneling over forwarded connections or if you run multiple - * sshd's on different ports on the same machine. - */ - if (options.host_key_alias != NULL) { - host = xstrdup(options.host_key_alias); - debug("using hostkeyalias: %s", host); - } else { - host = put_host_port(hostname, port); + host_hostkeys = init_hostkeys(); + load_hostkeys(host_hostkeys, host, user_hostfile); + load_hostkeys(host_hostkeys, host, system_hostfile); + + ip_hostkeys = NULL; + if (!want_cert && options.check_host_ip) { + ip_hostkeys = init_hostkeys(); + load_hostkeys(ip_hostkeys, ip, user_hostfile); + load_hostkeys(ip_hostkeys, ip, system_hostfile); } retry: + /* Reload these as they may have changed on cert->key downgrade */ want_cert = key_is_cert(host_key); type = key_type(host_key); - /* - * Store the host key from the known host file in here so that we can - * compare it with the key for the IP address. - */ - file_key = key_new(key_is_cert(host_key) ? KEY_UNSPEC : host_key->type); - /* * Check if the host key is present in the user's list of known * hosts or in the systemwide list. */ - host_file = user_hostfile; - host_status = check_host_in_hostfile(host_file, host, host_key, - file_key, &host_line); - if (host_status == HOST_NEW) { - host_file = system_hostfile; - host_status = check_host_in_hostfile(host_file, host, host_key, - file_key, &host_line); - } + host_status = check_key_in_hostkeys(host_hostkeys, host_key, + &host_found); + /* * Also perform check for the ip address, skip the check if we are * localhost, looking for a certificate, or the hostname was an ip * address to begin with. */ - if (!want_cert && options.check_host_ip) { - Key *ip_key = key_new(host_key->type); - - ip_file = user_hostfile; - ip_status = check_host_in_hostfile(ip_file, ip, host_key, - ip_key, &ip_line); - if (ip_status == HOST_NEW) { - ip_file = system_hostfile; - ip_status = check_host_in_hostfile(ip_file, ip, - host_key, ip_key, &ip_line); - } + if (!want_cert && ip_hostkeys != NULL) { + ip_status = check_key_in_hostkeys(ip_hostkeys, host_key, + &ip_found); if (host_status == HOST_CHANGED && - (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) + (ip_status != HOST_CHANGED || + (ip_found != NULL && + !key_equal(ip_found->key, host_found->key)))) host_ip_differ = 1; - - key_free(ip_key); } else ip_status = host_status; - key_free(file_key); - switch (host_status) { case HOST_OK: /* The host is known and the key matches. */ debug("Host '%.200s' is known and matches the %s host %s.", host, type, want_cert ? "certificate" : "key"); - debug("Found %s in %s:%d", - want_cert ? "CA key" : "key", host_file, host_line); + debug("Found %s in %s:%lu", want_cert ? "CA key" : "key", + host_found->file, host_found->line); if (want_cert && !check_host_cert(hostname, host_key)) goto fail; if (options.check_host_ip && ip_status == HOST_NEW) { @@ -803,7 +830,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, } else if (options.strict_host_key_checking == 2) { char msg1[1024], msg2[1024]; - if (show_other_keys(host, host_key)) + if (show_other_keys(host_hostkeys, host_key)) snprintf(msg1, sizeof(msg1), "\nbut keys of different type are already" " known for this host."); @@ -844,8 +871,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, * local known_hosts file. */ if (options.check_host_ip && ip_status == HOST_NEW) { - snprintf(hostline, sizeof(hostline), "%s,%s", - host, ip); + snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); hostp = hostline; if (options.hash_known_hosts) { /* Add hash of host and IP separately */ @@ -899,8 +925,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, * all hosts that one might visit. */ debug("Host certificate authority does not " - "match %s in %s:%d", CA_MARKER, - host_file, host_line); + "match %s in %s:%lu", CA_MARKER, + host_found->file, host_found->line); goto fail; } if (readonly == ROQUIET) @@ -922,13 +948,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, error("DNS SPOOFING is happening or the IP address for the host"); error("and its host key have changed at the same time."); if (ip_status != HOST_NEW) - error("Offending key for IP in %s:%d", ip_file, ip_line); + error("Offending key for IP in %s:%lu", + ip_found->file, ip_found->line); } /* The host key has changed. */ warn_changed_key(host_key); error("Add correct host key in %.100s to get rid of this message.", user_hostfile); - error("Offending key in %s:%d", host_file, host_line); + error("Offending %s key in %s:%lu", key_type(host_found->key), + host_found->file, host_found->line); /* * If strict host key checking is in use, the user will have @@ -1013,13 +1041,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, snprintf(msg, sizeof(msg), "Warning: the %s host key for '%.200s' " "differs from the key for the IP address '%.128s'" - "\nOffending key for IP in %s:%d", - type, host, ip, ip_file, ip_line); + "\nOffending key for IP in %s:%lu", + type, host, ip, ip_found->file, ip_found->line); if (host_status == HOST_OK) { len = strlen(msg); snprintf(msg + len, sizeof(msg) - len, - "\nMatching host key in %s:%d", - host_file, host_line); + "\nMatching host key in %s:%lu", + host_found->file, host_found->line); } if (options.strict_host_key_checking == 1) { logit("%s", msg); @@ -1037,6 +1065,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, xfree(ip); xfree(host); + if (host_hostkeys != NULL) + free_hostkeys(host_hostkeys); + if (ip_hostkeys != NULL) + free_hostkeys(ip_hostkeys); return 0; fail: @@ -1056,6 +1088,10 @@ fail: key_free(raw_key); xfree(ip); xfree(host); + if (host_hostkeys != NULL) + free_hostkeys(host_hostkeys); + if (ip_hostkeys != NULL) + free_hostkeys(ip_hostkeys); return -1; } @@ -1065,6 +1101,11 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { struct stat st; int flags = 0; + char *fp; + + fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); + debug("Server host key: %s %s", key_type(host_key), fp); + xfree(fp); /* XXX certs are not yet supported for DNS */ if (!key_is_cert(host_key) && options.verify_host_key_dns && @@ -1108,7 +1149,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) */ void ssh_login(Sensitive *sensitive, const char *orighost, - struct sockaddr *hostaddr, struct passwd *pw, int timeout_ms) + struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms) { char *host, *cp; char *server_user, *local_user; @@ -1131,7 +1172,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, /* key exchange */ /* authenticate user */ if (compat20) { - ssh_kex2(host, hostaddr); + ssh_kex2(host, hostaddr, port); ssh_userauth2(local_user, server_user, host, sensitive); } else { ssh_kex(host, hostaddr); @@ -1158,61 +1199,35 @@ ssh_put_password(char *password) xfree(padded); } -static int -show_key_from_file(const char *file, const char *host, int keytype) -{ - Key *found; - char *fp, *ra; - int line, ret; - - found = key_new(keytype); - if ((ret = lookup_key_in_hostfile_by_type(file, host, - keytype, found, &line))) { - fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); - ra = key_fingerprint(found, SSH_FP_MD5, SSH_FP_RANDOMART); - logit("WARNING: %s key found for host %s\n" - "in %s:%d\n" - "%s key fingerprint %s.\n%s\n", - key_type(found), host, file, line, - key_type(found), fp, ra); - xfree(ra); - xfree(fp); - } - key_free(found); - return (ret); -} - /* print all known host keys for a given host, but skip keys of given type */ static int -show_other_keys(const char *host, Key *key) +show_other_keys(struct hostkeys *hostkeys, Key *key) { int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -1}; - int i, found = 0; + int i, ret = 0; + char *fp, *ra; + const struct hostkey_entry *found; for (i = 0; type[i] != -1; i++) { if (type[i] == key->type) continue; - if (type[i] != KEY_RSA1 && - show_key_from_file(options.user_hostfile2, host, type[i])) { - found = 1; - continue; - } - if (type[i] != KEY_RSA1 && - show_key_from_file(options.system_hostfile2, host, type[i])) { - found = 1; - continue; - } - if (show_key_from_file(options.user_hostfile, host, type[i])) { - found = 1; + if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) continue; - } - if (show_key_from_file(options.system_hostfile, host, type[i])) { - found = 1; - continue; - } - debug2("no key of type %d for host %s", type[i], host); + fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX); + ra = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_RANDOMART); + logit("WARNING: %s key found for host %s\n" + "in %s:%lu\n" + "%s key fingerprint %s.", + key_type(found->key), + found->host, found->file, found->line, + key_type(found->key), fp); + if (options.visual_host_key) + logit("%s", ra); + xfree(ra); + xfree(fp); + ret = 1; } - return (found); + return ret; } static void diff --git a/sshconnect.h b/sshconnect.h index 69163afbc..fd7f7f7c6 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.26 2010/10/06 06:39:28 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.27 2010/11/29 23:45:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -36,15 +36,18 @@ ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int, int *, int, int, const char *); void ssh_kill_proxy_command(void); -void -ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *, int); +void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, + struct passwd *, int); void ssh_exchange_identification(int); int verify_host_key(char *, struct sockaddr *, Key *); +void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, + char **, char **); + void ssh_kex(char *, struct sockaddr *); -void ssh_kex2(char *, struct sockaddr *); +void ssh_kex2(char *, struct sockaddr *, u_short); void ssh_userauth1(const char *, const char *, char *, Sensitive *); void ssh_userauth2(const char *, const char *, char *, Sensitive *); diff --git a/sshconnect2.c b/sshconnect2.c index 6fe356cca..3cb9b101c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.185 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.186 2010/11/29 23:45:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -69,6 +69,7 @@ #include "msg.h" #include "pathnames.h" #include "uidswap.h" +#include "hostfile.h" #include "schnorr.h" #include "jpake.h" @@ -101,8 +102,60 @@ verify_host_key_callback(Key *hostkey) return 0; } +static char * +order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) +{ + char *oavail, *avail, *first, *last, *alg, *hostname, *ret; + size_t maxlen; + struct hostkeys *hostkeys; + int ktype; + + /* Find all hostkeys for this hostname */ + get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL); + hostkeys = init_hostkeys(); + load_hostkeys(hostkeys, hostname, options.user_hostfile2); + load_hostkeys(hostkeys, hostname, options.system_hostfile2); + load_hostkeys(hostkeys, hostname, options.user_hostfile); + load_hostkeys(hostkeys, hostname, options.system_hostfile); + + oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG); + maxlen = strlen(avail) + 1; + first = xmalloc(maxlen); + last = xmalloc(maxlen); + *first = *last = '\0'; + +#define ALG_APPEND(to, from) \ + do { \ + if (*to != '\0') \ + strlcat(to, ",", maxlen); \ + strlcat(to, from, maxlen); \ + } while (0) + + while ((alg = strsep(&avail, ",")) && *alg != '\0') { + if ((ktype = key_type_from_name(alg)) == KEY_UNSPEC) + fatal("%s: unknown alg %s", __func__, alg); + if (lookup_key_in_hostkeys_by_type(hostkeys, + key_type_plain(ktype), NULL)) + ALG_APPEND(first, alg); + else + ALG_APPEND(last, alg); + } +#undef ALG_APPEND + xasprintf(&ret, "%s%s%s", first, *first == '\0' ? "" : ",", last); + if (*first != '\0') + debug3("%s: prefer hostkeyalgs: %s", __func__, first); + + xfree(first); + xfree(last); + xfree(hostname); + xfree(oavail); + free_hostkeys(hostkeys); + + return ret; +} + void -ssh_kex2(char *host, struct sockaddr *hostaddr) +ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { Kex *kex; @@ -135,6 +188,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) if (options.hostkeyalgorithms != NULL) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; + else { + /* Prefer algorithms that we already have keys for */ + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = + order_hostkeyalgs(host, hostaddr, port); + } if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; -- cgit v1.2.3 From d89745b9e7e2048c13b0173eadc2d41e23b6a79d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 3 Dec 2010 10:50:26 +1100 Subject: - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) instead of (arc4random() % range) --- ChangeLog | 4 ++++ openbsd-compat/bindresvport.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6ee7c0014..7e416859f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101204 + - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) + instead of (arc4random() % range) + 20101201 - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index c0d5bdb5c..c89f21403 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c @@ -89,7 +89,7 @@ bindresvport_sa(int sd, struct sockaddr *sa) port = ntohs(*portp); if (port == 0) - port = (arc4random() % NPORTS) + STARTPORT; + port = arc4random_uniform(NPORTS) + STARTPORT; /* Avoid warning */ error = -1; -- cgit v1.2.3 From ebdef76b5df3c33b05128b4fb2cc484427f99ca6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 4 Dec 2010 23:20:50 +1100 Subject: - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add shims for the new, non-deprecated OpenSSL key generation functions for platforms that don't have the new interfaces. --- ChangeLog | 3 ++ configure.ac | 6 ++-- moduli.c | 2 ++ openbsd-compat/openssl-compat.c | 64 ++++++++++++++++++++++++++++++++++++++++- openbsd-compat/openssl-compat.h | 15 +++++++++- 5 files changed, 86 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7e416859f..7b94b59e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) instead of (arc4random() % range) + - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add + shims for the new, non-deprecated OpenSSL key generation functions for + platforms that don't have the new interfaces. 20101201 - OpenBSD CVS Sync diff --git a/configure.ac b/configure.ac index c3700d8dd..0ea76c8fd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.458 2010/11/08 22:26:23 tim Exp $ +# $Id: configure.ac,v 1.459 2010/12/04 12:20:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.458 $) +AC_REVISION($Revision: 1.459 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -2136,6 +2136,8 @@ int main(void) { SSLeay_add_all_algorithms(); } ] ) +AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex) + AC_ARG_WITH(ssl-engine, [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], [ if test "x$withval" != "xno" ; then diff --git a/moduli.c b/moduli.c index 2c2b388c7..2964a8b3d 100644 --- a/moduli.c +++ b/moduli.c @@ -54,6 +54,8 @@ #include "dh.h" #include "log.h" +#include "openbsd-compat/openssl-compat.h" + /* * File output defines */ diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index c9bb7cb50..e2d090cf1 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.10 2010/11/22 06:59:00 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.11 2010/12/04 12:20:50 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -18,11 +18,16 @@ #include "includes.h" +#include +#include + #ifdef USE_OPENSSL_ENGINE # include # include #endif +#include "log.h" + #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" @@ -59,6 +64,63 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) } #endif +#ifndef HAVE_BN_IS_PRIME_EX +int +BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb) +{ + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + return BN_is_prime(p, nchecks, NULL, ctx, NULL); +} +#endif + +#ifndef HAVE_RSA_GENERATE_KEY_EX +int +RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb) +{ + RSA *new_rsa, tmp_rsa; + unsigned long e; + + sleep(1); + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + e = BN_get_word(bn_e); + if (e == 0xffffffffL) + fatal("%s: value of e too large", __func__); + new_rsa = RSA_generate_key(bits, e, NULL, NULL); + if (new_rsa == NULL) + return 0; + /* swap rsa/new_rsa then free new_rsa */ + tmp_rsa = *rsa; + *rsa = *new_rsa; + *new_rsa = tmp_rsa; + RSA_free(new_rsa); + return 1; +} +#endif + +#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX +int +DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, + int seed_len, int *counter_ret, unsigned long *h_ret, void *cb) +{ + DSA *new_dsa, tmp_dsa; + + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len, + counter_ret, h_ret, NULL, NULL); + if (new_dsa == NULL) + return 0; + /* swap dsa/new_dsa then free new_dsa */ + tmp_dsa = *dsa; + *dsa = *new_dsa; + *new_dsa = tmp_dsa; + DSA_free(new_dsa); + return 1; +} +#endif + #ifdef USE_OPENSSL_ENGINE void ssh_SSLeay_add_all_algorithms(void) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index beb81f420..c0ca20aaf 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.16 2010/10/07 11:06:44 djm Exp $ */ +/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -108,6 +108,19 @@ extern const EVP_CIPHER *evp_acss(void); # define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() # endif +# ifndef HAVE_BN_IS_PRIME_EX +int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *); +# endif + +# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX +int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *, + unsigned long *, void *); +# endif + +# ifndef HAVE_RSA_GENERATE_KEY_EX +int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *); +# endif + int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); -- cgit v1.2.3 From 37bb7568ab9299e64a838d4801bc374b090cf547 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 5 Dec 2010 08:46:05 +1100 Subject: - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from debugging. Spotted by djm. --- ChangeLog | 4 ++++ openbsd-compat/openssl-compat.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7b94b59e5..458f7330f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20101205 + - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from + debugging. Spotted by djm. + 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) instead of (arc4random() % range) diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index e2d090cf1..eb5ae7f85 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.11 2010/12/04 12:20:50 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.12 2010/12/04 21:46:05 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -81,7 +81,6 @@ RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb) RSA *new_rsa, tmp_rsa; unsigned long e; - sleep(1); if (cb != NULL) fatal("%s: callback args not supported", __func__); e = BN_get_word(bn_e); -- cgit v1.2.3 From 7336b904ffab8c8b412b8ef19d7d0387a584ec58 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 5 Dec 2010 09:00:30 +1100 Subject: - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/12/03 23:49:26 [schnorr.c] check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao (this code is still disabled, but apprently people are treating it as a reference implementation) --- ChangeLog | 6 ++++++ schnorr.c | 30 ++++++++++++++++++++++++------ 2 files changed, 30 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 458f7330f..26c9b477c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,12 @@ 20101205 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from debugging. Spotted by djm. + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/12/03 23:49:26 + [schnorr.c] + check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao + (this code is still disabled, but apprently people are treating it as + a reference implementation) 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) diff --git a/schnorr.c b/schnorr.c index 8da2feaad..4d54d6881 100644 --- a/schnorr.c +++ b/schnorr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: schnorr.c,v 1.4 2010/09/20 04:50:53 djm Exp $ */ +/* $OpenBSD: schnorr.c,v 1.5 2010/12/03 23:49:26 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -258,14 +258,15 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, const BIGNUM *r, const BIGNUM *e) { int success = -1; - BIGNUM *h, *g_xh, *g_r, *expected; + BIGNUM *h = NULL, *g_xh = NULL, *g_r = NULL, *gx_q = NULL; + BIGNUM *expected = NULL; BN_CTX *bn_ctx; SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__)); /* Avoid degenerate cases: g^0 yields a spoofable signature */ if (BN_cmp(g_x, BN_value_one()) <= 0) { - error("%s: g_x < 1", __func__); + error("%s: g_x <= 1", __func__); return -1; } if (BN_cmp(g_x, grp_p) >= 0) { @@ -280,6 +281,7 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, } if ((g_xh = BN_new()) == NULL || (g_r = BN_new()) == NULL || + (gx_q = BN_new()) == NULL || (expected = BN_new()) == NULL) { error("%s: BN_new", __func__); goto out; @@ -288,6 +290,17 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, SCHNORR_DEBUG_BN((e, "%s: e = ", __func__)); SCHNORR_DEBUG_BN((r, "%s: r = ", __func__)); + /* gx_q = (g^x)^q must === 1 mod p */ + if (BN_mod_exp(gx_q, g_x, grp_q, grp_p, bn_ctx) == -1) { + error("%s: BN_mod_exp (g_x^q mod p)", __func__); + goto out; + } + if (BN_cmp(gx_q, BN_value_one()) != 0) { + error("%s: Invalid signature (g^x)^q != 1 mod p", __func__); + goto out; + } + + SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__)); /* h = H(g || g^v || g^x || id) */ if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, e, g_x, id, idlen)) == NULL) { @@ -322,9 +335,14 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, BN_CTX_free(bn_ctx); if (h != NULL) BN_clear_free(h); - BN_clear_free(g_xh); - BN_clear_free(g_r); - BN_clear_free(expected); + if (gx_q != NULL) + BN_clear_free(gx_q); + if (g_xh != NULL) + BN_clear_free(g_xh); + if (g_r != NULL) + BN_clear_free(g_r); + if (expected != NULL) + BN_clear_free(expected); return success; } -- cgit v1.2.3 From adab6f12992c522e1208fa2bdf89ce572840ccf8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 5 Dec 2010 09:01:47 +1100 Subject: - djm@cvs.openbsd.org 2010/12/03 23:55:27 [auth-rsa.c] move check for revoked keys to run earlier (in auth_rsa_key_allowed) bz#1829; patch from ldv AT altlinux.org; ok markus@ --- ChangeLog | 4 ++++ auth-rsa.c | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 26c9b477c..a8aeacc56 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao (this code is still disabled, but apprently people are treating it as a reference implementation) + - djm@cvs.openbsd.org 2010/12/03 23:55:27 + [auth-rsa.c] + move check for revoked keys to run earlier (in auth_rsa_key_allowed) + bz#1829; patch from ldv AT altlinux.org; ok markus@ 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) diff --git a/auth-rsa.c b/auth-rsa.c index 56702d130..4edaab056 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.78 2010/07/13 23:13:16 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.79 2010/12/03 23:55:27 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -94,9 +94,6 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) MD5_CTX md; int len; - if (auth_key_is_revoked(key)) - return 0; - /* don't allow short keys */ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits", @@ -249,6 +246,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) "actual %d vs. announced %d.", file, linenum, BN_num_bits(key->rsa->n), bits); + /* Never accept a revoked key */ + if (auth_key_is_revoked(key)) + break; + /* We have found the desired key. */ /* * If our options do not allow this key to be used, -- cgit v1.2.3 From af1f90925494deba97a4b877798cf250f7dc75cf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 5 Dec 2010 09:02:47 +1100 Subject: - djm@cvs.openbsd.org 2010/12/04 00:18:01 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command; based on a patch from miklos AT szeredi.hu in bz#1555; ok markus@ --- ChangeLog | 7 +++++++ PROTOCOL | 18 +++++++++++++++++- sftp-client.c | 42 ++++++++++++++++++++++++++++++++++++++++-- sftp-client.h | 5 ++++- sftp-server.c | 28 +++++++++++++++++++++++++++- sftp.1 | 18 +++++++++++++----- sftp.c | 53 +++++++++++++++++++++++++++++++++++++++++++---------- 7 files changed, 151 insertions(+), 20 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a8aeacc56..4e60f137f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,13 @@ [auth-rsa.c] move check for revoked keys to run earlier (in auth_rsa_key_allowed) bz#1829; patch from ldv AT altlinux.org; ok markus@ + - djm@cvs.openbsd.org 2010/12/04 00:18:01 + [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] + add a protocol extension to support a hard link operation. It is + available through the "ln" command in the client. The old "ln" + behaviour of creating a symlink is available using its "-s" option + or through the preexisting "symlink" command; based on a patch from + miklos AT szeredi.hu in bz#1555; ok markus@ 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) diff --git a/PROTOCOL b/PROTOCOL index 5d2a7118a..c28196011 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -275,4 +275,20 @@ The values of the f_flag bitmask are as follows: Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are advertised in the SSH_FXP_VERSION hello with version "2". -$OpenBSD: PROTOCOL,v 1.16 2010/08/31 11:54:45 djm Exp $ +10. sftp: Extension request "hardlink@openssh.com" + +This request is for creating a hard link to a regular file. This +request is implemented as a SSH_FXP_EXTENDED request with the +following format: + + uint32 id + string "hardlink@openssh.com" + string oldpath + string newpath + +On receiving this request the server will perform the operation +link(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. +This extension is advertised in the SSH_FXP_VERSION hello with version +"1". + +$OpenBSD: PROTOCOL,v 1.17 2010/12/04 00:18:01 djm Exp $ diff --git a/sftp-client.c b/sftp-client.c index 4e009ef25..caa384b4e 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.93 2010/09/22 22:58:51 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.94 2010/12/04 00:18:01 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -75,6 +75,7 @@ struct sftp_conn { #define SFTP_EXT_POSIX_RENAME 0x00000001 #define SFTP_EXT_STATVFS 0x00000002 #define SFTP_EXT_FSTATVFS 0x00000004 +#define SFTP_EXT_HARDLINK 0x00000008 u_int exts; u_int64_t limit_kbps; struct bwlimit bwlimit_in, bwlimit_out; @@ -378,10 +379,14 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, strcmp(value, "2") == 0) { ret->exts |= SFTP_EXT_STATVFS; known = 1; - } if (strcmp(name, "fstatvfs@openssh.com") == 0 && + } else if (strcmp(name, "fstatvfs@openssh.com") == 0 && strcmp(value, "2") == 0) { ret->exts |= SFTP_EXT_FSTATVFS; known = 1; + } else if (strcmp(name, "hardlink@openssh.com") == 0 && + strcmp(value, "1") == 0) { + ret->exts |= SFTP_EXT_HARDLINK; + known = 1; } if (known) { debug2("Server supports extension \"%s\" revision %s", @@ -794,6 +799,39 @@ do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) return(status); } +int +do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath) +{ + Buffer msg; + u_int status, id; + + buffer_init(&msg); + + /* Send link request */ + id = conn->msg_id++; + if ((conn->exts & SFTP_EXT_HARDLINK) == 0) { + error("Server does not support hardlink@openssh.com extension"); + return -1; + } + + buffer_put_char(&msg, SSH2_FXP_EXTENDED); + buffer_put_int(&msg, id); + buffer_put_cstring(&msg, "hardlink@openssh.com"); + buffer_put_cstring(&msg, oldpath); + buffer_put_cstring(&msg, newpath); + send_msg(conn, &msg); + debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"", + oldpath, newpath); + buffer_free(&msg); + + status = get_status(conn, id); + if (status != SSH2_FX_OK) + error("Couldn't link file \"%s\" to \"%s\": %s", oldpath, + newpath, fx2txt(status)); + + return(status); +} + int do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) { diff --git a/sftp-client.h b/sftp-client.h index 145fc38ee..aef54ef49 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.19 2010/09/22 22:58:51 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.20 2010/12/04 00:18:01 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -94,6 +94,9 @@ int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int); /* Rename 'oldpath' to 'newpath' */ int do_rename(struct sftp_conn *, char *, char *); +/* Link 'oldpath' to 'newpath' */ +int do_hardlink(struct sftp_conn *, char *, char *); + /* Rename 'oldpath' to 'newpath' */ int do_symlink(struct sftp_conn *, char *, char *); diff --git a/sftp-server.c b/sftp-server.c index 47edcd0aa..b268d0883 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.92 2010/11/04 02:45:34 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.93 2010/12/04 00:18:01 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -535,6 +535,9 @@ process_init(void) /* fstatvfs extension */ buffer_put_cstring(&msg, "fstatvfs@openssh.com"); buffer_put_cstring(&msg, "2"); /* version */ + /* hardlink extension */ + buffer_put_cstring(&msg, "hardlink@openssh.com"); + buffer_put_cstring(&msg, "1"); /* version */ send_msg(&msg); buffer_free(&msg); } @@ -1222,6 +1225,27 @@ process_extended_fstatvfs(u_int32_t id) send_statvfs(id, &st); } +static void +process_extended_hardlink(u_int32_t id) +{ + char *oldpath, *newpath; + int ret, status; + + oldpath = get_string(NULL); + newpath = get_string(NULL); + debug3("request %u: hardlink", id); + logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath); + if (readonly) + status = SSH2_FX_PERMISSION_DENIED; + else { + ret = link(oldpath, newpath); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + } + send_status(id, status); + xfree(oldpath); + xfree(newpath); +} + static void process_extended(void) { @@ -1236,6 +1260,8 @@ process_extended(void) process_extended_statvfs(id); else if (strcmp(request, "fstatvfs@openssh.com") == 0) process_extended_fstatvfs(id); + else if (strcmp(request, "hardlink@openssh.com") == 0) + process_extended_hardlink(id); else send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ xfree(request); diff --git a/sftp.1 b/sftp.1 index 3bb0c0646..89b5d3544 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.87 2010/11/18 15:01:00 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.88 2010/12/04 00:18:01 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 18 2010 $ +.Dd $Mdocdate: December 4 2010 $ .Dt SFTP 1 .Os .Sh NAME @@ -128,7 +128,7 @@ commands fail: .Ic get , put , rename , ln , .Ic rm , mkdir , chdir , ls , .Ic lchdir , chmod , chown , -.Ic chgrp , lpwd , df , +.Ic chgrp , lpwd , df , symlink , and .Ic lmkdir . Termination on error can be suppressed on a command by command basis by @@ -392,11 +392,19 @@ characters and may match multiple files. .It Ic lmkdir Ar path Create local directory specified by .Ar path . -.It Ic ln Ar oldpath Ar newpath -Create a symbolic link from +.It Xo Ic ln +.Op Fl s +.Ar oldpath +.Ar newpath +.Xc +Create a link from .Ar oldpath to .Ar newpath . +If the +.Fl s +flag is specified the created link is a symbolic link, otherwise it is +a hard link. .It Ic lpwd Print local working directory. .It Xo Ic ls diff --git a/sftp.c b/sftp.c index d605505ea..ab667f5a5 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.131 2010/10/23 22:06:12 sthen Exp $ */ +/* $OpenBSD: sftp.c,v 1.132 2010/12/04 00:18:01 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -132,6 +132,7 @@ extern char *__progname; #define I_GET 5 #define I_HELP 6 #define I_LCHDIR 7 +#define I_LINK 25 #define I_LLS 8 #define I_LMKDIR 9 #define I_LPWD 10 @@ -176,7 +177,7 @@ static const struct CMD cmds[] = { { "lchdir", I_LCHDIR, LOCAL }, { "lls", I_LLS, LOCAL }, { "lmkdir", I_LMKDIR, LOCAL }, - { "ln", I_SYMLINK, REMOTE }, + { "ln", I_LINK, REMOTE }, { "lpwd", I_LPWD, LOCAL }, { "ls", I_LS, REMOTE }, { "lumask", I_LUMASK, NOARGS }, @@ -240,7 +241,7 @@ help(void) "lcd path Change local directory to 'path'\n" "lls [ls-options [path]] Display local directory listing\n" "lmkdir path Create local directory\n" - "ln oldpath newpath Symlink remote file\n" + "ln [-s] oldpath newpath Link remote file (-s for symlink)\n" "lpwd Print local working directory\n" "ls [-1afhlnrSt] [path] Display remote directory listing\n" "lumask umask Set local umask to 'umask'\n" @@ -376,6 +377,30 @@ parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag, return optind; } +static int +parse_link_flags(const char *cmd, char **argv, int argc, int *sflag) +{ + extern int opterr, optind, optopt, optreset; + int ch; + + optind = optreset = 1; + opterr = 0; + + *sflag = 0; + while ((ch = getopt(argc, argv, "s")) != -1) { + switch (ch) { + case 's': + *sflag = 1; + break; + default: + error("%s: Invalid flag -%c", cmd, optopt); + return -1; + } + } + + return optind; +} + static int parse_ls_flags(char **argv, int argc, int *lflag) { @@ -1088,7 +1113,7 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, static int parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, - int *hflag, unsigned long *n_arg, char **path1, char **path2) + int *hflag, int *sflag, unsigned long *n_arg, char **path1, char **path2) { const char *cmd, *cp = *cpp; char *cp2, **argv; @@ -1138,7 +1163,8 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, switch (cmdnum) { case I_GET: case I_PUT: - if ((optidx = parse_getput_flags(cmd, argv, argc, pflag, rflag)) == -1) + if ((optidx = parse_getput_flags(cmd, argv, argc, + pflag, rflag)) == -1) return -1; /* Get first pathname (mandatory) */ if (argc - optidx < 1) { @@ -1154,8 +1180,11 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, undo_glob_escape(*path2); } break; - case I_RENAME: + case I_LINK: + if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1) + return -1; case I_SYMLINK: + case I_RENAME: if (argc - optidx < 2) { error("You must specify two paths after a %s " "command.", cmd); @@ -1258,7 +1287,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, int err_abort) { char *path1, *path2, *tmp; - int pflag = 0, rflag = 0, lflag = 0, iflag = 0, hflag = 0, cmdnum, i; + int pflag = 0, rflag = 0, lflag = 0, iflag = 0, hflag = 0, sflag = 0; + int cmdnum, i; unsigned long n_arg = 0; Attrib a, *aa; char path_buf[MAXPATHLEN]; @@ -1266,8 +1296,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, glob_t g; path1 = path2 = NULL; - cmdnum = parse_args(&cmd, &pflag, &rflag, &lflag, &iflag, &hflag, &n_arg, - &path1, &path2); + cmdnum = parse_args(&cmd, &pflag, &rflag, &lflag, &iflag, &hflag, + &sflag, &n_arg, &path1, &path2); if (iflag != 0) err_abort = 0; @@ -1295,8 +1325,11 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, err = do_rename(conn, path1, path2); break; case I_SYMLINK: + sflag = 1; + case I_LINK: + path1 = make_absolute(path1, *pwd); path2 = make_absolute(path2, *pwd); - err = do_symlink(conn, path1, path2); + err = (sflag ? do_symlink : do_hardlink)(conn, path1, path2); break; case I_RM: path1 = make_absolute(path1, *pwd); -- cgit v1.2.3 From 094f1e99348bdcea46f62f5c0f0e9944ed698b4e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 5 Dec 2010 09:03:31 +1100 Subject: - djm@cvs.openbsd.org 2010/12/04 13:31:37 [hostfile.c] fix fd leak; spotted and ok dtucker --- ChangeLog | 3 +++ hostfile.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4e60f137f..fb23d52b0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command; based on a patch from miklos AT szeredi.hu in bz#1555; ok markus@ + - djm@cvs.openbsd.org 2010/12/04 13:31:37 + [hostfile.c] + fix fd leak; spotted and ok dtucker 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) diff --git a/hostfile.c b/hostfile.c index 9145529cb..b6f924b23 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.49 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -317,6 +317,7 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) num_loaded++; } debug3("%s: loaded %lu keys", __func__, num_loaded); + fclose(f); return; } -- cgit v1.2.3 From 7e1a5a4e1bcacd5f7248d5e616cdc4be33743fad Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 5 Dec 2010 09:29:31 +1100 Subject: - (dtucker) [regress/Makefile] Id sync. --- ChangeLog | 1 + regress/Makefile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fb23d52b0..585a984fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ - djm@cvs.openbsd.org 2010/12/04 13:31:37 [hostfile.c] fix fd leak; spotted and ok dtucker + - (dtucker) [regress/Makefile] Id sync. 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) diff --git a/regress/Makefile b/regress/Makefile index d80b04ea8..9ebb2500e 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.55 2010/08/31 12:24:25 djm Exp $ +# $OpenBSD: Makefile,v 1.57 2010/09/22 12:26:05 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec tests: $(REGRESS_TARGETS) -- cgit v1.2.3 From 4288c53d04a5726805bca06b9a543cb7db15e6d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 5 Dec 2010 09:45:50 +1100 Subject: - djm@cvs.openbsd.org 2010/12/04 00:21:19 [regress/sftp-cmds.sh] adjust for hard-link support --- ChangeLog | 3 +++ regress/sftp-cmds.sh | 10 ++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 585a984fb..825c2f41a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,9 @@ - djm@cvs.openbsd.org 2010/12/04 13:31:37 [hostfile.c] fix fd leak; spotted and ok dtucker + - djm@cvs.openbsd.org 2010/12/04 00:21:19 + [regress/sftp-cmds.sh] + adjust for hard-link support - (dtucker) [regress/Makefile] Id sync. 20101204 diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh index c4d6ae2de..26d735164 100644 --- a/regress/sftp-cmds.sh +++ b/regress/sftp-cmds.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp-cmds.sh,v 1.10 2009/08/13 01:11:55 djm Exp $ +# $OpenBSD: sftp-cmds.sh,v 1.10 2010/12/04 00:21:19 djm Exp $ # Placed in the Public Domain. # XXX - TODO: @@ -209,7 +209,13 @@ test -d ${COPY}.dd2 || fail "missing newname after rename directory" verbose "$tid: ln" echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed" -test -h ${COPY}.2 || fail "missing file after ln" +test -f ${COPY}.2 || fail "missing file after ln" +cmp ${COPY}.1 ${COPY}.2 || fail "created file is not equal after ln" + +verbose "$tid: ln -s" +rm -f ${COPY}.2 +echo "ln -s ${COPY}.1 ${COPY}.2" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "ln -s failed" +test -h ${COPY}.2 || fail "missing file after ln -s" verbose "$tid: mkdir" echo "mkdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ -- cgit v1.2.3 From 928362dc0312f5d258da0a98ab48f35bfaa368f1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 26 Dec 2010 14:26:45 +1100 Subject: - djm@cvs.openbsd.org 2010/12/08 04:02:47 [ssh_config.5 sshd_config.5] explain that IPQoS arguments are separated by whitespace; iirc requested by jmc@ a while back --- ChangeLog | 7 +++++++ ssh_config.5 | 6 +++--- sshd_config.5 | 6 +++--- 3 files changed, 13 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 825c2f41a..16100a052 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20101226 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/12/08 04:02:47 + [ssh_config.5 sshd_config.5] + explain that IPQoS arguments are separated by whitespace; iirc requested + by jmc@ a while back + 20101205 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from debugging. Spotted by djm. diff --git a/ssh_config.5 b/ssh_config.5 index 5c6673de3..50bcae82f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.145 2010/11/29 23:45:51 djm Exp $ -.Dd $Mdocdate: November 29 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $ +.Dd $Mdocdate: December 8 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -657,7 +657,7 @@ Accepted values are .Dq throughput , .Dq reliability , or a numeric value. -This option may take one or two arguments. +This option may take one or two arguments, separated by whitespace. If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. diff --git a/sshd_config.5 b/sshd_config.5 index d070a6de0..c3d6df30a 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.130 2010/11/18 15:01:00 jmc Exp $ -.Dd $Mdocdate: November 18 2010 $ +.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ +.Dd $Mdocdate: December 8 2010 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -540,7 +540,7 @@ Accepted values are .Dq throughput , .Dq reliability , or a numeric value. -This option may take one or two arguments. +This option may take one or two arguments, separated by whitespace. If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. -- cgit v1.2.3 From 4a06f9271fe5341c942232015add391cee366b68 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 2 Jan 2011 21:43:59 +1100 Subject: - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker --- ChangeLog | 3 +++ loginrec.c | 9 ++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 16100a052..5007e8c52 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20110102 + - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker + 20101226 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/12/08 04:02:47 diff --git a/loginrec.c b/loginrec.c index cccaa47ae..587d55f7d 100644 --- a/loginrec.c +++ b/loginrec.c @@ -873,11 +873,13 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) pos = (off_t)tty * sizeof(struct utmp); if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { logit("%s: lseek: %s", __func__, strerror(errno)); + close(fd); return (0); } if (ret != pos) { logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); + close(fd); return (0); } /* @@ -893,16 +895,20 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { logit("%s: lseek: %s", __func__, strerror(errno)); + close(fd); return (0); } if (ret != pos) { logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); + close(fd); return (0); } if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { logit("%s: error writing %s: %s", __func__, UTMP_FILE, strerror(errno)); + close(fd); + return (0); } close(fd); @@ -1206,7 +1212,7 @@ wtmp_get_entry(struct logininfo *li) close (fd); return (0); } - if ( wtmp_islogin(li, &ut) ) { + if (wtmp_islogin(li, &ut) ) { found = 1; /* * We've already checked for a time in struct @@ -1502,6 +1508,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) if (lseek(*fd, offset, SEEK_SET) != offset) { logit("%s: %s->lseek(): %s", __func__, lastlog_file, strerror(errno)); + close(*fd); return (0); } } -- cgit v1.2.3 From 41bccf75af219888d55552134242207392d91d67 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 2 Jan 2011 21:53:07 +1100 Subject: - (djm) [configure.ac] Check whether libdes is needed when building with Heimdal krb5 support. On OpenBSD this library no longer exists, so linking it unconditionally causes a build failure; ok dtucker --- ChangeLog | 3 +++ Makefile.in | 4 ++-- configure.ac | 8 +++++--- 3 files changed, 10 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5007e8c52..a1828c1f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 20110102 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker + - (djm) [configure.ac] Check whether libdes is needed when building + with Heimdal krb5 support. On OpenBSD this library no longer exists, + so linking it unconditionally causes a build failure; ok dtucker 20101226 - (dtucker) OpenBSD CVS Sync diff --git a/Makefile.in b/Makefile.in index bfd37d51e..889b23db3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.311 2010/08/31 12:47:15 djm Exp $ +# $Id: Makefile.in,v 1.312 2011/01/02 10:53:08 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -230,7 +230,7 @@ catman-do: @for f in $(MANPAGES_IN) ; do \ base=`echo $$f | sed 's/\..*$$//'` ; \ echo "$$f -> $$base.0" ; \ - nroff -mandoc $$f | cat -v | sed -e 's/.\^H//g' \ + mandoc $$f | cat -v | sed -e 's/.\^H//g' \ >$$base.0 ; \ done diff --git a/configure.ac b/configure.ac index 0ea76c8fd..ec562b1c2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.459 2010/12/04 12:20:50 dtucker Exp $ +# $Id: configure.ac,v 1.460 2011/01/02 10:53:09 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.459 $) +AC_REVISION($Revision: 1.460 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3516,10 +3516,12 @@ AC_ARG_WITH(kerberos5, [ char *tmp = heimdal_version; ], [ AC_MSG_RESULT(yes) AC_DEFINE(HEIMDAL) - K5LIBS="-lkrb5 -ldes" + K5LIBS="-lkrb5" K5LIBS="$K5LIBS -lcom_err -lasn1" AC_CHECK_LIB(roken, net_write, [K5LIBS="$K5LIBS -lroken"]) + AC_CHECK_LIB(des, des_cbc_encrypt, + [K5LIBS="$K5LIBS -ldes"]) ], [ AC_MSG_RESULT(no) K5LIBS="-lkrb5 -lk5crypto -lcom_err" -- cgit v1.2.3 From d197fd64a1fa309295a99ce46e9ee016b84d2a59 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Jan 2011 14:48:14 +1100 Subject: - (djm) [Makefile.in] revert local hack I didn't intend to commit --- ChangeLog | 3 +++ Makefile.in | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a1828c1f9..4ee52850b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20110102 + - (djm) [Makefile.in] revert local hack I didn't intend to commit + 20110102 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker - (djm) [configure.ac] Check whether libdes is needed when building diff --git a/Makefile.in b/Makefile.in index 889b23db3..b46a7b26f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.312 2011/01/02 10:53:08 djm Exp $ +# $Id: Makefile.in,v 1.313 2011/01/03 03:48:16 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -230,7 +230,7 @@ catman-do: @for f in $(MANPAGES_IN) ; do \ base=`echo $$f | sed 's/\..*$$//'` ; \ echo "$$f -> $$base.0" ; \ - mandoc $$f | cat -v | sed -e 's/.\^H//g' \ + nroff -mandoc $$f | cat -v | sed -e 's/.\^H//g' \ >$$base.0 ; \ done -- cgit v1.2.3 From 30a69e7bba0161eabb678b9902fbd04e7495d86e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 4 Jan 2011 08:16:27 +1100 Subject: - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage formatter if it is present, followed by nroff and groff respectively. Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports in favour of mandoc). feedback and ok tim --- ChangeLog | 8 +++++++- Makefile.in | 5 +++-- configure.ac | 20 ++++++++++++++++++-- 3 files changed, 28 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4ee52850b..135ad48fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,10 @@ -20110102 +20110104 + - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage + formatter if it is present, followed by nroff and groff respectively. + Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports + in favour of mandoc). feedback and ok tim + +20110103 - (djm) [Makefile.in] revert local hack I didn't intend to commit 20110102 diff --git a/Makefile.in b/Makefile.in index b46a7b26f..be65be6b3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.313 2011/01/03 03:48:16 djm Exp $ +# $Id: Makefile.in,v 1.314 2011/01/03 21:16:29 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -58,6 +58,7 @@ ENT=@ENT@ XAUTH_PATH=@XAUTH_PATH@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ EXEEXT=@EXEEXT@ +MANFMT=@MANFMT@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ @@ -230,7 +231,7 @@ catman-do: @for f in $(MANPAGES_IN) ; do \ base=`echo $$f | sed 's/\..*$$//'` ; \ echo "$$f -> $$base.0" ; \ - nroff -mandoc $$f | cat -v | sed -e 's/.\^H//g' \ + $(MANFMT) $$f | cat -v | sed -e 's/.\^H//g' \ >$$base.0 ; \ done diff --git a/configure.ac b/configure.ac index ec562b1c2..0eeb4df78 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.460 2011/01/02 10:53:09 djm Exp $ +# $Id: configure.ac,v 1.461 2011/01/03 21:16:29 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.460 $) +AC_REVISION($Revision: 1.461 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -41,8 +41,24 @@ AC_PATH_PROG(TEST_MINUS_S_SH, bash) AC_PATH_PROG(TEST_MINUS_S_SH, ksh) AC_PATH_PROG(TEST_MINUS_S_SH, sh) AC_PATH_PROG(SH, sh) +AC_PATH_PROG(GROFF, groff) +AC_PATH_PROG(NROFF, nroff) +AC_PATH_PROG(MANDOC, mandoc) AC_SUBST(TEST_SHELL,sh) +dnl select manpage formatter +if test "x$MANDOC" != "x" ; then + MANFMT="$MANDOC" +elif test "x$NROFF" != "x" ; then + MANFMT="$NROFF -mandoc" +elif test "x$GROFF" != "x" ; then + MANFMT="$GROFF -mandoc -Tascii" +else + AC_MSG_WARN([no manpage formatted found]) + MANFMT="false" +fi +AC_SUBST(MANFMT) + dnl for buildpkg.sh AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd, [/usr/sbin${PATH_SEPARATOR}/etc]) -- cgit v1.2.3 From f12114366b4ffcd34e3a638dd187f29ac03fbdbd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 Jan 2011 22:40:30 +1100 Subject: - markus@cvs.openbsd.org 2010/12/08 22:46:03 [scp.1 scp.c] add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) --- ChangeLog | 8 ++++++ scp.1 | 11 +++++--- scp.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 102 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 135ad48fa..aa98f9906 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20110106 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2010/12/08 22:46:03 + [scp.1 scp.c] + add a new -3 option to scp: Copies between two remote hosts are + transferred through the local host. Without this option the data + is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) + 20110104 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage formatter if it is present, followed by nroff and groff respectively. diff --git a/scp.1 b/scp.1 index 346e5e311..28bac5671 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.54 2010/11/18 15:01:00 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.55 2010/12/08 22:46:03 markus Exp $ .\" -.Dd $Mdocdate: November 18 2010 $ +.Dd $Mdocdate: December 8 2010 $ .Dt SCP 1 .Os .Sh NAME @@ -19,7 +19,7 @@ .Sh SYNOPSIS .Nm scp .Bk -words -.Op Fl 1246BCpqrv +.Op Fl 12346BCpqrv .Op Fl c Ar cipher .Op Fl F Ar ssh_config .Op Fl i Ar identity_file @@ -75,6 +75,11 @@ to use protocol 1. Forces .Nm to use protocol 2. +.It Fl 3 +Copies between two remote hosts are transferred through the local host. +Without this option the data is copied directly between the two remote +hosts. +Note that this options disables the progress meter. .It Fl 4 Forces .Nm diff --git a/scp.c b/scp.c index 774e602f2..1262e0aff 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.168 2010/11/26 05:52:49 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.169 2010/12/08 22:46:03 markus Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -119,6 +119,7 @@ extern char *__progname; #define COPY_BUFLEN 16384 int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); +int do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout); /* Struct for addargs */ arglist args; @@ -137,6 +138,12 @@ int verbose_mode = 0; /* This is set to zero if the progressmeter is not desired. */ int showprogress = 1; +/* + * This is set to non-zero if remote-remote copy should be piped + * through this process. + */ +int throughlocal = 0; + /* This is the program to execute for the secured connection. ("ssh" or -S) */ char *ssh_program = _PATH_SSH_PROGRAM; @@ -287,6 +294,50 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) return 0; } +/* + * This functions executes a command simlar to do_cmd(), but expects the + * input and output descriptors to be setup by a previous call to do_cmd(). + * This way the input and output of two commands can be connected. + */ +int +do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout) +{ + pid_t pid; + int status; + + if (verbose_mode) + fprintf(stderr, + "Executing: 2nd program %s host %s, user %s, command %s\n", + ssh_program, host, + remuser ? remuser : "(unspecified)", cmd); + + /* Fork a child to execute the command on the remote host using ssh. */ + pid = fork(); + if (pid == 0) { + dup2(fdin, 0); + dup2(fdout, 1); + + replacearg(&args, 0, "%s", ssh_program); + if (remuser != NULL) { + addargs(&args, "-l"); + addargs(&args, "%s", remuser); + } + addargs(&args, "--"); + addargs(&args, "%s", host); + addargs(&args, "%s", cmd); + + execvp(ssh_program, args.list); + perror(ssh_program); + exit(1); + } else if (pid == -1) { + fatal("fork: %s", strerror(errno)); + } + while (waitpid(pid, &status, 0) == -1) + if (errno != EINTR) + fatal("do_cmd2: waitpid: %s", strerror(errno)); + return 0; +} + typedef struct { size_t cnt; char *buf; @@ -344,7 +395,7 @@ main(int argc, char **argv) addargs(&args, "-oClearAllForwardings=yes"); fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) switch (ch) { /* User-visible flags. */ case '1': @@ -355,6 +406,9 @@ main(int argc, char **argv) addargs(&args, "-%c", ch); addargs(&remote_remote_args, "-%c", ch); break; + case '3': + throughlocal = 1; + break; case 'o': case 'c': case 'i': @@ -530,7 +584,36 @@ toremote(char *targ, int argc, char **argv) for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); - if (src) { /* remote to remote */ + if (src && throughlocal) { /* extended remote to remote */ + *src++ = 0; + if (*src == 0) + src = "."; + host = strrchr(argv[i], '@'); + if (host) { + *host++ = 0; + host = cleanhostname(host); + suser = argv[i]; + if (*suser == '\0') + suser = pwd->pw_name; + else if (!okname(suser)) + continue; + } else { + host = cleanhostname(argv[i]); + suser = NULL; + } + xasprintf(&bp, "%s -f -- %s", cmd, src); + if (do_cmd(host, suser, bp, &remin, &remout) < 0) + exit(1); + (void) xfree(bp); + host = cleanhostname(thost); + xasprintf(&bp, "%s -t -- %s", cmd, targ); + if (do_cmd2(host, tuser, bp, remin, remout) < 0) + exit(1); + (void) xfree(bp); + (void) close(remin); + (void) close(remout); + remin = remout = -1; + } else if (src) { /* standard remote to remote */ freeargs(&alist); addargs(&alist, "%s", ssh_program); addargs(&alist, "-x"); -- cgit v1.2.3 From 907998df72d7206d4dd5c37d8f185f9b2988b007 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 Jan 2011 22:41:21 +1100 Subject: - jmc@cvs.openbsd.org 2010/12/09 14:13:33 [scp.1 scp.c] scp.1: grammer fix scp.c: add -3 to usage() --- ChangeLog | 4 ++++ scp.1 | 6 +++--- scp.c | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index aa98f9906..9b8465438 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) + - jmc@cvs.openbsd.org 2010/12/09 14:13:33 + [scp.1 scp.c] + scp.1: grammer fix + scp.c: add -3 to usage() 20110104 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage diff --git a/scp.1 b/scp.1 index 28bac5671..577dd52c1 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.55 2010/12/08 22:46:03 markus Exp $ +.\" $OpenBSD: scp.1,v 1.56 2010/12/09 14:13:32 jmc Exp $ .\" -.Dd $Mdocdate: December 8 2010 $ +.Dd $Mdocdate: December 9 2010 $ .Dt SCP 1 .Os .Sh NAME @@ -79,7 +79,7 @@ to use protocol 2. Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. -Note that this options disables the progress meter. +Note that this option disables the progress meter. .It Fl 4 Forces .Nm diff --git a/scp.c b/scp.c index 1262e0aff..18b2597fe 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.169 2010/12/08 22:46:03 markus Exp $ */ +/* $OpenBSD: scp.c,v 1.170 2010/12/09 14:13:33 jmc Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1214,7 +1214,7 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" + "usage: scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" " [-l limit] [-o ssh_option] [-P port] [-S program]\n" " [[user@]host1:]file1 ... [[user@]host2:]file2\n"); exit(1); -- cgit v1.2.3 From 05c8997b33cf391784d6a5f9f0d85d275dcf7ce5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 Jan 2011 22:42:04 +1100 Subject: - markus@cvs.openbsd.org 2010/12/14 11:59:06 [sshconnect.c] don't mention key type in key-changed-warning, since we also print this warning if a new key type appears. ok djm@ --- ChangeLog | 4 ++++ sshconnect.c | 7 +++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 9b8465438..19b2d098d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ [scp.1 scp.c] scp.1: grammer fix scp.c: add -3 to usage() + - markus@cvs.openbsd.org 2010/12/14 11:59:06 + [sshconnect.c] + don't mention key type in key-changed-warning, since we also print + this warning if a new key type appears. ok djm@ 20110104 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage diff --git a/sshconnect.c b/sshconnect.c index 064bb74b3..45ba6ed12 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.229 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.230 2010/12/14 11:59:06 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1234,7 +1234,6 @@ static void warn_changed_key(Key *host_key) { char *fp; - const char *type = key_type(host_key); fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); @@ -1243,9 +1242,9 @@ warn_changed_key(Key *host_key) error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the %s host key has just been changed.", type); + error("It is also possible that a host key has just been changed."); error("The fingerprint for the %s key sent by the remote host is\n%s.", - type, fp); + key_type(host_key), fp); error("Please contact your system administrator."); xfree(fp); -- cgit v1.2.3 From 106079c06d308f6fb3b582607f590b2dcb4682b0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 Jan 2011 22:43:44 +1100 Subject: - djm@cvs.openbsd.org 2010/12/15 00:49:27 [readpass.c] fix ControlMaster=ask regression reset SIGCHLD handler before fork (and restore it after) so we don't miss the the askpass child's exit status. Correct test for exit status/signal to account for waitpid() failure; with claudio@ ok claudio@ markus@ --- ChangeLog | 6 ++++++ readpass.c | 27 ++++++++++++++++----------- 2 files changed, 22 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 19b2d098d..3be37d2c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,12 @@ [sshconnect.c] don't mention key type in key-changed-warning, since we also print this warning if a new key type appears. ok djm@ + - djm@cvs.openbsd.org 2010/12/15 00:49:27 + [readpass.c] + fix ControlMaster=ask regression + reset SIGCHLD handler before fork (and restore it after) so we don't miss + the the askpass child's exit status. Correct test for exit status/signal to + account for waitpid() failure; with claudio@ ok claudio@ markus@ 20110104 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage diff --git a/readpass.c b/readpass.c index bd144c2e3..599c8ef9a 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.47 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -33,6 +33,7 @@ #ifdef HAVE_PATHS_H # include #endif +#include #include #include #include @@ -49,11 +50,12 @@ static char * ssh_askpass(char *askpass, const char *msg) { - pid_t pid; + pid_t pid, ret; size_t len; char *pass; - int p[2], status, ret; + int p[2], status; char buf[1024]; + void (*osigchld)(int); if (fflush(stdout) != 0) error("ssh_askpass: fflush: %s", strerror(errno)); @@ -63,8 +65,10 @@ ssh_askpass(char *askpass, const char *msg) error("ssh_askpass: pipe: %s", strerror(errno)); return NULL; } + osigchld = signal(SIGCHLD, SIG_DFL); if ((pid = fork()) < 0) { error("ssh_askpass: fork: %s", strerror(errno)); + signal(SIGCHLD, osigchld); return NULL; } if (pid == 0) { @@ -77,23 +81,24 @@ ssh_askpass(char *askpass, const char *msg) } close(p[1]); - len = ret = 0; + len = 0; do { - ret = read(p[0], buf + len, sizeof(buf) - 1 - len); - if (ret == -1 && errno == EINTR) + ssize_t r = read(p[0], buf + len, sizeof(buf) - 1 - len); + + if (r == -1 && errno == EINTR) continue; - if (ret <= 0) + if (r <= 0) break; - len += ret; + len += r; } while (sizeof(buf) - 1 - len > 0); buf[len] = '\0'; close(p[0]); - while (waitpid(pid, &status, 0) < 0) + while ((ret = waitpid(pid, &status, 0)) < 0) if (errno != EINTR) break; - - if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + signal(SIGCHLD, osigchld); + if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { memset(buf, 0, sizeof(buf)); return NULL; } -- cgit v1.2.3 From de53fd04b1e58059673c4d827f7cc4752870174f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 Jan 2011 22:44:18 +1100 Subject: - djm@cvs.openbsd.org 2010/12/24 21:41:48 [auth-options.c] don't send the actual forced command in a debug message; ok markus deraadt --- ChangeLog | 3 +++ auth-options.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3be37d2c7..0cdc191b0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,9 @@ reset SIGCHLD handler before fork (and restore it after) so we don't miss the the askpass child's exit status. Correct test for exit status/signal to account for waitpid() failure; with claudio@ ok claudio@ markus@ + - djm@cvs.openbsd.org 2010/12/24 21:41:48 + [auth-options.c] + don't send the actual forced command in a debug message; ok markus deraadt 20110104 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage diff --git a/auth-options.c b/auth-options.c index a9c26add6..eae45cf2b 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.53 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -172,7 +172,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto bad_option; } forced_command[i] = '\0'; - auth_debug_add("Forced command: %.900s", forced_command); + auth_debug_add("Forced command."); opts++; goto next_option; } -- cgit v1.2.3 From 8ad960b4ba8d076e38587e4d5e57db92d395c4f3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 Jan 2011 22:44:44 +1100 Subject: - otto@cvs.openbsd.org 2011/01/04 20:44:13 [ssh-keyscan.c] handle ecdsa-sha2 with various key lengths; hint and ok djm@ --- ChangeLog | 3 +++ ssh-keyscan.c | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0cdc191b0..4e63aab5b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - djm@cvs.openbsd.org 2010/12/24 21:41:48 [auth-options.c] don't send the actual forced command in a debug message; ok markus deraadt + - otto@cvs.openbsd.org 2011/01/04 20:44:13 + [ssh-keyscan.c] + handle ecdsa-sha2 with various key lengths; hint and ok djm@ 20110104 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 3fb1214e2..25d7ac66f 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.83 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.84 2011/01/04 20:44:13 otto Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -246,7 +246,8 @@ keygrab_ssh2(con *c) packet_set_connection(c->c_fd, c->c_fd); enable_compat20(); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? - "ssh-dss": "ssh-rsa"; + "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" : + "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"); c->c_kex = kex_setup(myproposal); c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; @@ -573,7 +574,7 @@ do_host(char *host) if (name == NULL) return; - for (j = KT_RSA1; j <= KT_RSA; j *= 2) { + for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) { if (get_keytypes & j) { while (ncon >= MAXCON) conloop(); -- cgit v1.2.3 From 322125b9603cab2c70e827ae83d332cb6575e399 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Jan 2011 09:50:08 +1100 Subject: - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com --- ChangeLog | 4 ++++ regress/cert-hostkey.sh | 2 +- regress/cert-userkey.sh | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4e63aab5b..636524bba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20110107 + - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test + for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com + 20110106 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2010/12/08 22:46:03 diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 1ae5d0bda..c23a41c68 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -5,7 +5,7 @@ tid="certified host keys" # used to disable ECC based tests on platforms without ECC ecdsa="" -if "$TEST_SSH_ECC" = "yes"; then +if test "x$TEST_SSH_ECC" = "xyes"; then ecdsa=ecdsa fi diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index a42c7f34a..fcca3708b 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -5,7 +5,7 @@ tid="certified user keys" # used to disable ECC based tests on platforms without ECC ecdsa="" -if "$TEST_SSH_ECC" = "yes"; then +if test "x$TEST_SSH_ECC" = "xyes"; then ecdsa=ecdsa fi -- cgit v1.2.3 From 83f8a4014d1818687f4e0ab36d1d388abac78863 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Jan 2011 09:51:17 +1100 Subject: - djm@cvs.openbsd.org 2011/01/06 22:23:53 [ssh.c] unbreak %n expansion in LocalCommand; patch from bert.wesarg AT googlemail.com; ok markus@ --- ChangeLog | 4 ++++ ssh.c | 8 +++++--- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 636524bba..7d84b4c30 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20110107 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com + - djm@cvs.openbsd.org 2011/01/06 22:23:53 + [ssh.c] + unbreak %n expansion in LocalCommand; patch from bert.wesarg AT + googlemail.com; ok markus@ 20110106 - (djm) OpenBSD CVS Sync diff --git a/ssh.c b/ssh.c index ec690ae38..9409fa713 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.355 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.356 2011/01/06 22:23:53 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -221,7 +221,7 @@ int main(int ac, char **av) { int i, r, opt, exit_status, use_syslog; - char *p, *cp, *line, *argv0, buf[MAXPATHLEN]; + char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg; struct stat st; struct passwd *pw; int dummy, timeout_ms; @@ -693,6 +693,8 @@ main(int ac, char **av) options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; } + /* preserve host name given on command line for %n expansion */ + host_arg = host; if (options.hostname != NULL) { host = percent_expand(options.hostname, "h", host, (char *)NULL); @@ -707,7 +709,7 @@ main(int ac, char **av) debug3("expanding LocalCommand: %s", options.local_command); cp = options.local_command; options.local_command = percent_expand(cp, "d", pw->pw_dir, - "h", host, "l", thishost, "n", host, "r", options.user, + "h", host, "l", thishost, "n", host_arg, "r", options.user, "p", buf, "u", pw->pw_name, (char *)NULL); debug3("expanded LocalCommand: %s", options.local_command); xfree(cp); -- cgit v1.2.3 From 64abf31425e2e72b9d308b51519bd123ae77830f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Jan 2011 09:51:52 +1100 Subject: - djm@cvs.openbsd.org 2011/01/06 22:23:02 [clientloop.c] when exiting due to ServerAliveTimeout, mention the hostname that caused it (useful with backgrounded controlmaster) --- ChangeLog | 4 ++++ clientloop.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7d84b4c30..5e2089620 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ [ssh.c] unbreak %n expansion in LocalCommand; patch from bert.wesarg AT googlemail.com; ok markus@ + - djm@cvs.openbsd.org 2011/01/06 22:23:02 + [clientloop.c] + when exiting due to ServerAliveTimeout, mention the hostname that caused + it (useful with backgrounded controlmaster) 20110106 - (djm) OpenBSD CVS Sync diff --git a/clientloop.c b/clientloop.c index 91eea8562..184671d6c 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.226 2010/11/23 23:57:24 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.227 2011/01/06 22:23:02 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -544,7 +544,7 @@ static void server_alive_check(void) { if (packet_inc_alive_timeouts() > options.server_alive_count_max) { - logit("Timeout, server not responding."); + logit("Timeout, server %s not responding.", options.hostname); cleanup_exit(255); } packet_start(SSH2_MSG_GLOBAL_REQUEST); -- cgit v1.2.3 From 7d06b00032d2d57474dbba9fddd0b8cd9ef05ef3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Jan 2011 09:54:20 +1100 Subject: - djm@cvs.openbsd.org 2011/01/06 22:46:21 [regress/Makefile regress/host-expand.sh] regress test for LocalCommand %n expansion from bert.wesarg AT googlemail.com; ok markus@ --- ChangeLog | 4 ++++ regress/Makefile | 7 ++++--- regress/host-expand.sh | 18 ++++++++++++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 regress/host-expand.sh (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5e2089620..4fc608814 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,10 @@ [clientloop.c] when exiting due to ServerAliveTimeout, mention the hostname that caused it (useful with backgrounded controlmaster) + - djm@cvs.openbsd.org 2011/01/06 22:46:21 + [regress/Makefile regress/host-expand.sh] + regress test for LocalCommand %n expansion from bert.wesarg AT + googlemail.com; ok markus@ 20110106 - (djm) OpenBSD CVS Sync diff --git a/regress/Makefile b/regress/Makefile index 9ebb2500e..85fd3a5ad 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.57 2010/09/22 12:26:05 djm Exp $ +# $OpenBSD: Makefile,v 1.58 2011/01/06 22:46:21 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec tests: $(REGRESS_TARGETS) @@ -56,7 +56,8 @@ LTESTS= connect \ keytype \ kextype \ cert-hostkey \ - cert-userkey + cert-userkey \ + host-expand INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp @@ -75,7 +76,7 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ known_hosts-cert host_ca_key* cert_host_key* \ putty.rsa2 sshd_proxy_orig \ - authorized_principals_${USER} + authorized_principals_${USER} expect actual # Enable all malloc(3) randomisations and checks TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" diff --git a/regress/host-expand.sh b/regress/host-expand.sh new file mode 100644 index 000000000..c0417d9c9 --- /dev/null +++ b/regress/host-expand.sh @@ -0,0 +1,18 @@ +# Placed in the Public Domain. + +tid="expand %h and %n" + +echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy +printf 'LocalCommand printf "%%%%s\\n" "%%n" "%%h"\n' >> $OBJ/ssh_proxy + +cat >expect <actual + diff expect actual || fail "$tid proto $p" +done + -- cgit v1.2.3 From ed3a8eb65f7f04e5aeb121fe176336bbf5e0114f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Jan 2011 10:02:52 +1100 Subject: - djm@cvs.openbsd.org 2011/01/06 23:01:35 [sshconnect.c] reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; ok markus@ --- ChangeLog | 4 ++++ sshconnect.c | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4fc608814..1a385f793 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ [regress/Makefile regress/host-expand.sh] regress test for LocalCommand %n expansion from bert.wesarg AT googlemail.com; ok markus@ + - djm@cvs.openbsd.org 2011/01/06 23:01:35 + [sshconnect.c] + reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; + ok markus@ 20110106 - (djm) OpenBSD CVS Sync diff --git a/sshconnect.c b/sshconnect.c index 45ba6ed12..64dc032c4 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.230 2010/12/14 11:59:06 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.231 2011/01/06 23:01:35 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1259,6 +1259,7 @@ ssh_local_cmd(const char *args) char *shell; pid_t pid; int status; + void (*osighand)(int); if (!options.permit_local_command || args == NULL || !*args) @@ -1267,6 +1268,7 @@ ssh_local_cmd(const char *args) if ((shell = getenv("SHELL")) == NULL || *shell == '\0') shell = _PATH_BSHELL; + osighand = signal(SIGCHLD, SIG_DFL); pid = fork(); if (pid == 0) { debug3("Executing %s -c \"%s\"", shell, args); @@ -1279,6 +1281,7 @@ ssh_local_cmd(const char *args) while (waitpid(pid, &status, 0) == -1) if (errno != EINTR) fatal("Couldn't wait for child: %s", strerror(errno)); + signal(SIGCHLD, osighand); if (!WIFEXITED(status)) return (1); -- cgit v1.2.3 From 996384d5005130b0c77901ced4ca776dd3d9328f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 8 Jan 2011 21:58:20 +1100 Subject: - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress test on OSX and others. Reported by imorgan AT nas.nasa.gov --- ChangeLog | 4 ++++ regress/keytype.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1a385f793..31868a919 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20110108 + - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress + test on OSX and others. Reported by imorgan AT nas.nasa.gov + 20110107 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com diff --git a/regress/keytype.sh b/regress/keytype.sh index b3d3a0d57..2cbf132bd 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -40,7 +40,7 @@ for ut in $ktypes; do echo IdentityFile $OBJ/key.$ut ) > $OBJ/ssh_proxy ( - echo -n 'localhost-with-alias,127.0.0.1,::1 ' + echon 'localhost-with-alias,127.0.0.1,::1 ' cat $OBJ/key.$ht.pub ) > $OBJ/known_hosts cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER -- cgit v1.2.3 From e63b7f28213b28efb412e7ea723fdb2b8de4843b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 9 Jan 2011 09:19:50 +1100 Subject: - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by openssh AT roumenpetrov.info --- ChangeLog | 4 ++++ Makefile.in | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 31868a919..6dde0e858 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20110109 + - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by + openssh AT roumenpetrov.info + 20110108 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress test on OSX and others. Reported by imorgan AT nas.nasa.gov diff --git a/Makefile.in b/Makefile.in index be65be6b3..7c55c7582 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.314 2011/01/03 21:16:29 djm Exp $ +# $Id: Makefile.in,v 1.315 2011/01/08 22:19:53 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -109,6 +109,7 @@ PATHSUBS = \ -e 's|/usr/libexec|$(libexecdir)|g' \ -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \ -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \ + -e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \ -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ -- cgit v1.2.3 From 076a3b9ced9bbf5ee4f17a84b9593cc074308e15 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 10 Jan 2011 12:56:26 -0800 Subject: - (tim) [regress/host-expand.sh] Fix for building outside of read only source tree. --- ChangeLog | 4 ++++ regress/host-expand.sh | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6dde0e858..3e931f394 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20110111 + - (tim) [regress/host-expand.sh] Fix for building outside of read only + source tree. + 20110109 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by openssh AT roumenpetrov.info diff --git a/regress/host-expand.sh b/regress/host-expand.sh index c0417d9c9..a0188363d 100644 --- a/regress/host-expand.sh +++ b/regress/host-expand.sh @@ -5,14 +5,14 @@ tid="expand %h and %n" echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy printf 'LocalCommand printf "%%%%s\\n" "%%n" "%%h"\n' >> $OBJ/ssh_proxy -cat >expect <$OBJ/expect <actual - diff expect actual || fail "$tid proto $p" + ${SSH} -F $OBJ/ssh_proxy -$p somehost true >$OBJ/actual + diff $OBJ/expect $OBJ/actual || fail "$tid proto $p" done -- cgit v1.2.3 From 81ad4b1fc0f3d2004a0e0004607ebd9a3664034b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 11 Jan 2011 17:02:23 +1100 Subject: - (djm) [platform.c] Some missing includes that show up under -Werror --- ChangeLog | 1 + platform.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 3e931f394..5ddc26a6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20110111 - (tim) [regress/host-expand.sh] Fix for building outside of read only source tree. + - (djm) [platform.c] Some missing includes that show up under -Werror 20110109 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by diff --git a/platform.c b/platform.c index 60b87a6ae..a455472b3 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.17 2010/11/23 23:09:13 dtucker Exp $ */ +/* $Id: platform.c,v 1.18 2011/01/11 06:02:25 djm Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -26,6 +26,10 @@ #include "log.h" #include "buffer.h" #include "servconf.h" +#include "key.h" +#include "hostfile.h" +#include "auth.h" +#include "auth-pam.h" #include "platform.h" #include "openbsd-compat/openbsd-compat.h" -- cgit v1.2.3 From b73b6fd916a842dbcf800c13434a6abb6cd06ade Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 11 Jan 2011 17:18:56 +1100 Subject: - djm@cvs.openbsd.org 2011/01/08 10:51:51 [clientloop.c] use host and not options.hostname, as the latter may have unescaped substitution characters --- ChangeLog | 5 +++++ clientloop.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5ddc26a6a..828c6dee8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,11 @@ - (tim) [regress/host-expand.sh] Fix for building outside of read only source tree. - (djm) [platform.c] Some missing includes that show up under -Werror + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/01/08 10:51:51 + [clientloop.c] + use host and not options.hostname, as the latter may have unescaped + substitution characters 20110109 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by diff --git a/clientloop.c b/clientloop.c index 184671d6c..7712f69be 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.227 2011/01/06 22:23:02 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.228 2011/01/08 10:51:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -544,7 +544,7 @@ static void server_alive_check(void) { if (packet_inc_alive_timeouts() > options.server_alive_count_max) { - logit("Timeout, server %s not responding.", options.hostname); + logit("Timeout, server %s not responding.", host); cleanup_exit(255); } packet_start(SSH2_MSG_GLOBAL_REQUEST); -- cgit v1.2.3 From a256c8d680203b41c8c4c8f012c1edbc3cd72336 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 11 Jan 2011 17:20:05 +1100 Subject: - djm@cvs.openbsd.org 2011/01/11 06:06:09 [sshlogin.c] fd leak on error paths; from zinovik@ NB. Id sync only; we use loginrec.c that was also audited and fixed recently --- ChangeLog | 5 +++++ sshlogin.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 828c6dee8..db8af51fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,11 @@ [clientloop.c] use host and not options.hostname, as the latter may have unescaped substitution characters + - djm@cvs.openbsd.org 2011/01/11 06:06:09 + [sshlogin.c] + fd leak on error paths; from zinovik@ + NB. Id sync only; we use loginrec.c that was also audited and fixed + recently 20110109 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by diff --git a/sshlogin.c b/sshlogin.c index 33bd652fb..54629f747 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.26 2007/09/11 15:47:17 gilles Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.27 2011/01/11 06:06:09 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -- cgit v1.2.3 From 821de0ad2ea1036cb70872d26db2c9652694854d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 11 Jan 2011 17:20:29 +1100 Subject: - djm@cvs.openbsd.org 2011/01/11 06:13:10 [clientloop.c ssh-keygen.c sshd.c] some unsigned long long casts that make things a bit easier for portable without resorting to dropping PRIu64 formats everywhere --- ChangeLog | 4 ++++ clientloop.c | 4 ++-- ssh-keygen.c | 11 +++++++---- sshd.c | 5 +++-- 4 files changed, 16 insertions(+), 8 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index db8af51fb..d2e7dceb7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ fd leak on error paths; from zinovik@ NB. Id sync only; we use loginrec.c that was also audited and fixed recently + - djm@cvs.openbsd.org 2011/01/11 06:13:10 + [clientloop.c ssh-keygen.c sshd.c] + some unsigned long long casts that make things a bit easier for + portable without resorting to dropping PRIu64 formats everywhere 20110109 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by diff --git a/clientloop.c b/clientloop.c index 7712f69be..c60b758c7 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.228 2011/01/08 10:51:51 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.229 2011/01/11 06:13:10 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1622,7 +1622,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds", - obytes, ibytes, total_time); + (unsigned long long)obytes, (unsigned long long)ibytes, total_time); if (total_time > 0) verbose("Bytes per second: sent %.1f, received %.1f", obytes / total_time, ibytes / total_time); diff --git a/ssh-keygen.c b/ssh-keygen.c index b9fd10abc..c95e4ab29 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.204 2010/10/28 11:22:09 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.205 2011/01/11 06:13:10 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1480,7 +1480,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) if (!quiet) { logit("Signed %s key %s: id \"%s\" serial %llu%s%s " "valid %s", key_cert_type(public), - out, public->cert->key_id, public->cert->serial, + out, public->cert->key_id, + (unsigned long long)public->cert->serial, cert_principals != NULL ? " for " : "", cert_principals != NULL ? cert_principals : "", fmt_validity(cert_valid_from, cert_valid_to)); @@ -1705,8 +1706,10 @@ do_show_cert(struct passwd *pw) printf(" Signing CA: %s %s\n", key_type(key->cert->signature_key), ca_fp); printf(" Key ID: \"%s\"\n", key->cert->key_id); - if (!v00) - printf(" Serial: %llu\n", key->cert->serial); + if (!v00) { + printf(" Serial: %llu\n", + (unsigned long long)key->cert->serial); + } printf(" Valid: %s\n", fmt_validity(key->cert->valid_after, key->cert->valid_before)); printf(" Principals: "); diff --git a/sshd.c b/sshd.c index 5d4d14ae2..cb45cecbd 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.380 2010/09/22 05:01:29 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.381 2011/01/11 06:13:10 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2027,7 +2027,8 @@ main(int ac, char **av) /* The connection has been terminated. */ packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); - verbose("Transferred: sent %llu, received %llu bytes", obytes, ibytes); + verbose("Transferred: sent %llu, received %llu bytes", + (unsigned long long)obytes, (unsigned long long)ibytes); verbose("Closing connection to %.500s port %d", remote_ip, remote_port); -- cgit v1.2.3 From b66e91783186ad68b7a11fd67a81795fdbe103d8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Jan 2011 13:30:18 +1100 Subject: - nicm@cvs.openbsd.org 2010/10/08 21:48:42 [openbsd-compat/glob.c] Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit from ARG_MAX to 64K. Fixes glob-using programs (notably ftp) able to be triggered to hit resource limits. Idea from a similar NetBSD change, original problem reported by jasper@. ok millert tedu jasper --- ChangeLog | 11 ++++++ openbsd-compat/glob.c | 102 +++++++++++++++++++++++++++++++------------------- 2 files changed, 74 insertions(+), 39 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d2e7dceb7..4f7d0f4ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +20110212 + - OpenBSD CVS Sync + - nicm@cvs.openbsd.org 2010/10/08 21:48:42 + [openbsd-compat/glob.c] + Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit + from ARG_MAX to 64K. + Fixes glob-using programs (notably ftp) able to be triggered to hit + resource limits. + Idea from a similar NetBSD change, original problem reported by jasper@. + ok millert tedu jasper + 20110111 - (tim) [regress/host-expand.sh] Fix for building outside of read only source tree. diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index e52bef729..692e81045 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.c,v 1.33 2010/09/26 22:15:39 djm Exp $ */ +/* $OpenBSD: glob.c,v 1.34 2010/10/08 21:48:42 nicm Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -76,18 +76,6 @@ !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ defined(BROKEN_GLOB) -static long -get_arg_max(void) -{ -#ifdef ARG_MAX - return(ARG_MAX); -#elif defined(HAVE_SYSCONF) && defined(_SC_ARG_MAX) - return(sysconf(_SC_ARG_MAX)); -#else - return(256); /* XXX: arbitrary */ -#endif -} - #include "charclass.h" #define DOLLAR '$' @@ -140,6 +128,15 @@ typedef char Char; #define M_CLASS META(':') #define ismeta(c) (((c)&M_QUOTE) != 0) +#define GLOB_LIMIT_MALLOC 65536 +#define GLOB_LIMIT_STAT 128 +#define GLOB_LIMIT_READDIR 16384 + +struct glob_lim { + size_t glim_malloc; + size_t glim_stat; + size_t glim_readdir; +}; static int compare(const void *, const void *); static int g_Ctoc(const Char *, char *, u_int); @@ -148,17 +145,19 @@ static DIR *g_opendir(Char *, glob_t *); static Char *g_strchr(const Char *, int); static int g_strncmp(const Char *, const char *, size_t); static int g_stat(Char *, struct stat *, glob_t *); -static int glob0(const Char *, glob_t *); -static int glob1(Char *, Char *, glob_t *, size_t *); +static int glob0(const Char *, glob_t *, struct glob_lim *); +static int glob1(Char *, Char *, glob_t *, struct glob_lim *); static int glob2(Char *, Char *, Char *, Char *, Char *, Char *, - glob_t *, size_t *); + glob_t *, struct glob_lim *); static int glob3(Char *, Char *, Char *, Char *, Char *, - Char *, Char *, glob_t *, size_t *); -static int globextend(const Char *, glob_t *, size_t *, struct stat *); + Char *, Char *, glob_t *, struct glob_lim *); +static int globextend(const Char *, glob_t *, struct glob_lim *, + struct stat *); static const Char * globtilde(const Char *, Char *, size_t, glob_t *); -static int globexp1(const Char *, glob_t *); -static int globexp2(const Char *, const Char *, glob_t *); +static int globexp1(const Char *, glob_t *, struct glob_lim *); +static int globexp2(const Char *, const Char *, glob_t *, + struct glob_lim *); static int match(Char *, Char *, Char *); #ifdef DEBUG static void qprintf(const char *, Char *); @@ -171,6 +170,7 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), const u_char *patnext; int c; Char *bufnext, *bufend, patbuf[MAXPATHLEN]; + struct glob_lim limit = { 0, 0, 0 }; patnext = (u_char *) pattern; if (!(flags & GLOB_APPEND)) { @@ -204,9 +204,9 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), *bufnext = EOS; if (flags & GLOB_BRACE) - return globexp1(patbuf, pglob); + return globexp1(patbuf, pglob, &limit); else - return glob0(patbuf, pglob); + return glob0(patbuf, pglob, &limit); } /* @@ -215,18 +215,18 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), * characters */ static int -globexp1(const Char *pattern, glob_t *pglob) +globexp1(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) { const Char* ptr = pattern; /* Protect a single {}, for find(1), like csh */ if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS) - return glob0(pattern, pglob); + return glob0(pattern, pglob, limitp); if ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL) - return globexp2(ptr, pattern, pglob); + return globexp2(ptr, pattern, pglob, limitp); - return glob0(pattern, pglob); + return glob0(pattern, pglob, limitp); } @@ -236,7 +236,8 @@ globexp1(const Char *pattern, glob_t *pglob) * If it fails then it tries to glob the rest of the pattern and returns. */ static int -globexp2(const Char *ptr, const Char *pattern, glob_t *pglob) +globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, + struct glob_lim *limitp) { int i, rv; Char *lm, *ls; @@ -272,7 +273,7 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob) /* Non matching braces; just glob the pattern */ if (i != 0 || *pe == EOS) - return glob0(patbuf, pglob); + return glob0(patbuf, pglob, limitp); for (i = 0, pl = pm = ptr; pm <= pe; pm++) { switch (*pm) { @@ -318,7 +319,7 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob) #ifdef DEBUG qprintf("globexp2:", patbuf); #endif - rv = globexp1(patbuf, pglob); + rv = globexp1(patbuf, pglob, limitp); if (rv && rv != GLOB_NOMATCH) return rv; @@ -449,12 +450,11 @@ g_charclass(const Char **patternp, Char **bufnextp) * to find no matches. */ static int -glob0(const Char *pattern, glob_t *pglob) +glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) { const Char *qpatnext; int c, err, oldpathc; Char *bufnext, patbuf[MAXPATHLEN]; - size_t limit = 0; qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob); oldpathc = pglob->gl_pathc; @@ -526,7 +526,7 @@ glob0(const Char *pattern, glob_t *pglob) qprintf("glob0:", patbuf); #endif - if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, &limit)) != 0) + if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, limitp)) != 0) return(err); /* @@ -539,7 +539,7 @@ glob0(const Char *pattern, glob_t *pglob) if ((pglob->gl_flags & GLOB_NOCHECK) || ((pglob->gl_flags & GLOB_NOMAGIC) && !(pglob->gl_flags & GLOB_MAGCHAR))) - return(globextend(pattern, pglob, &limit, NULL)); + return(globextend(pattern, pglob, limitp, NULL)); else return(GLOB_NOMATCH); } @@ -556,7 +556,7 @@ compare(const void *p, const void *q) } static int -glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) +glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) { Char pathbuf[MAXPATHLEN]; @@ -575,7 +575,7 @@ glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) */ static int glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, - Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) + Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) { struct stat sb; Char *p, *q; @@ -591,6 +591,14 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, if (g_lstat(pathbuf, &sb, pglob)) return(0); + if ((pglob->gl_flags & GLOB_LIMIT) && + limitp->glim_stat++ >= GLOB_LIMIT_STAT) { + errno = 0; + *pathend++ = SEP; + *pathend = EOS; + return(GLOB_NOSPACE); + } + if (((pglob->gl_flags & GLOB_MARK) && pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) || (S_ISLNK(sb.st_mode) && @@ -636,7 +644,7 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, static int glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, Char *pattern, Char *restpattern, Char *restpattern_last, glob_t *pglob, - size_t *limitp) + struct glob_lim *limitp) { struct dirent *dp; DIR *dirp; @@ -679,6 +687,14 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, u_char *sc; Char *dc; + if ((pglob->gl_flags & GLOB_LIMIT) && + limitp->glim_readdir++ >= GLOB_LIMIT_READDIR) { + errno = 0; + *pathend++ = SEP; + *pathend = EOS; + return(GLOB_NOSPACE); + } + /* Initial DOT must be matched literally. */ if (dp->d_name[0] == DOT && *pattern != DOT) continue; @@ -725,7 +741,8 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, * gl_pathv points to (gl_offs + gl_pathc + 1) items. */ static int -globextend(const Char *path, glob_t *pglob, size_t *limitp, struct stat *sb) +globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp, + struct stat *sb) { char **pathv; ssize_t i; @@ -781,6 +798,12 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp, struct stat *sb) if (sb == NULL) statv[pglob->gl_offs + pglob->gl_pathc] = NULL; else { + limitp->glim_malloc += sizeof(**statv); + if ((pglob->gl_flags & GLOB_LIMIT) && + limitp->glim_malloc >= GLOB_LIMIT_MALLOC) { + errno = 0; + return(GLOB_NOSPACE); + } if ((statv[pglob->gl_offs + pglob->gl_pathc] = malloc(sizeof(**statv))) == NULL) goto copy_error; @@ -793,7 +816,7 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp, struct stat *sb) for (p = path; *p++;) ; len = (size_t)(p - path); - *limitp += len; + limitp->glim_malloc += len; if ((copy = malloc(len)) != NULL) { if (g_Ctoc(path, copy, len)) { free(copy); @@ -804,7 +827,8 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp, struct stat *sb) pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; if ((pglob->gl_flags & GLOB_LIMIT) && - (newn * sizeof(*pathv)) + *limitp >= (u_int) get_arg_max()) { + (newn * sizeof(*pathv)) + limitp->glim_malloc > + GLOB_LIMIT_MALLOC) { errno = 0; return(GLOB_NOSPACE); } -- cgit v1.2.3 From 4927aaf4460de407855676a0ad36bf39704e74a2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Jan 2011 13:32:03 +1100 Subject: - djm@cvs.openbsd.org 2011/01/12 01:53:14 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS and sanity check arguments (these will be unnecessary when we switch struct glob members from being type into to size_t in the future); "looks ok" tedu@ feedback guenther@ --- ChangeLog | 5 +++++ openbsd-compat/glob.c | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4f7d0f4ff..34106ead8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,11 @@ resource limits. Idea from a similar NetBSD change, original problem reported by jasper@. ok millert tedu jasper + - djm@cvs.openbsd.org 2011/01/12 01:53:14 + avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS + and sanity check arguments (these will be unnecessary when we switch + struct glob members from being type into to size_t in the future); + "looks ok" tedu@ feedback guenther@ 20110111 - (tim) [regress/host-expand.sh] Fix for building outside of read only diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 692e81045..0341225cd 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.c,v 1.34 2010/10/08 21:48:42 nicm Exp $ */ +/* $OpenBSD: glob.c,v 1.35 2011/01/12 01:53:14 djm Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -184,6 +184,11 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), pglob->gl_errfunc = errfunc; pglob->gl_matchc = 0; + if (pglob->gl_offs < 0 || pglob->gl_pathc < 0 || + pglob->gl_offs >= INT_MAX || pglob->gl_pathc >= INT_MAX || + pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1) + return GLOB_NOSPACE; + bufnext = patbuf; bufend = bufnext + MAXPATHLEN - 1; if (flags & GLOB_NOESCAPE) @@ -752,10 +757,13 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp, struct stat **statv; newn = 2 + pglob->gl_pathc + pglob->gl_offs; - if (SIZE_MAX / sizeof(*pathv) <= newn || + if (pglob->gl_offs >= INT_MAX || + pglob->gl_pathc >= INT_MAX || + newn >= INT_MAX || + SIZE_MAX / sizeof(*pathv) <= newn || SIZE_MAX / sizeof(*statv) <= newn) { nospace: - for (i = pglob->gl_offs; i < newn - 2; i++) { + for (i = pglob->gl_offs; i < (ssize_t)(newn - 2); i++) { if (pglob->gl_pathv && pglob->gl_pathv[i]) free(pglob->gl_pathv[i]); if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 && @@ -870,7 +878,7 @@ match(Char *name, Char *pat, Char *patend) ++pat; while (((c = *pat++) & M_MASK) != M_END) { if ((c & M_MASK) == M_CLASS) { - int idx = *pat & M_MASK; + Char idx = *pat & M_MASK; if (idx < NCCLASSES && cclasses[idx].isctype(k)) ok = 1; -- cgit v1.2.3 From 945aa0c744ea99544fdf7f868ff9cce0193c9fdd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Jan 2011 13:34:02 +1100 Subject: - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid silly warnings on write() calls we don't care succeed or not. --- ChangeLog | 2 ++ configure.ac | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 34106ead8..da374f544 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ and sanity check arguments (these will be unnecessary when we switch struct glob members from being type into to size_t in the future); "looks ok" tedu@ feedback guenther@ + - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid + silly warnings on write() calls we don't care succeed or not. 20110111 - (tim) [regress/host-expand.sh] Fix for building outside of read only diff --git a/configure.ac b/configure.ac index 0eeb4df78..020634b56 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.461 2011/01/03 21:16:29 djm Exp $ +# $Id: configure.ac,v 1.462 2011/01/12 02:34:02 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.461 $) +AC_REVISION($Revision: 1.462 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -124,7 +124,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then ;; 2.*) no_attrib_nonnull=1 ;; 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;; - 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing" ;; + 4.[0123]|4.[0123].*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing" ;; + 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing -Wno-unused-result" ;; *) ;; esac -- cgit v1.2.3 From 134d02a494f435458a1147dea9ed719f1274078c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Jan 2011 16:00:37 +1100 Subject: - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler flag tests that don't depend on gcc version at all; suggested by and ok dtucker@ --- ChangeLog | 3 +++ configure.ac | 32 +++++++++++++++++++++++++------- 2 files changed, 28 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index da374f544..f928331c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ "looks ok" tedu@ feedback guenther@ - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid silly warnings on write() calls we don't care succeed or not. + - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler + flag tests that don't depend on gcc version at all; suggested by and + ok dtucker@ 20110111 - (tim) [regress/host-expand.sh] Fix for building outside of read only diff --git a/configure.ac b/configure.ac index 020634b56..93dd22174 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.462 2011/01/12 02:34:02 djm Exp $ +# $Id: configure.ac,v 1.463 2011/01/12 05:00:39 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,9 +15,21 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.462 $) +AC_REVISION($Revision: 1.463 $) AC_CONFIG_SRCDIR([ssh.c]) +# local macros +AC_DEFUN([OPENSSH_CHECK_CFLAG_COMPILE], [{ + AC_MSG_CHECKING([if $CC supports $1]) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $1" + AC_COMPILE_IFELSE([void main(void) { return 0; }], + [ AC_MSG_RESULT(yes) ], + [ AC_MSG_RESULT(no) + CFLAGS="$saved_CFLAGS" ] + ) +}]) + AC_CONFIG_HEADER(config.h) AC_PROG_CC AC_CANONICAL_HOST @@ -113,21 +125,27 @@ AC_ARG_WITH(stackprotect, use_stack_protector=0 fi ]) + if test "$GCC" = "yes" || test "$GCC" = "egcs"; then - CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" + OPENSSH_CHECK_CFLAG_COMPILE([-Wall]) + OPENSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) + OPENSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) + OPENSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) + OPENSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) + OPENSSH_CHECK_CFLAG_COMPILE([-Wno-pointer-sign]) + OPENSSH_CHECK_CFLAG_COMPILE([-Wno-unused-result]) + OPENSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) + AC_MSG_CHECKING(gcc version) GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` case $GCC_VER in 1.*) no_attrib_nonnull=1 ;; 2.8* | 2.9*) - CFLAGS="$CFLAGS -Wsign-compare" no_attrib_nonnull=1 ;; 2.*) no_attrib_nonnull=1 ;; - 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;; - 4.[0123]|4.[0123].*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing" ;; - 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing -Wno-unused-result" ;; *) ;; esac + AC_MSG_RESULT($GCC_VER) AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset) saved_CFLAGS="$CFLAGS" -- cgit v1.2.3 From 1708cb7d0d318f2ef6d48ef763125162f99a3b8c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Jan 2011 12:21:34 +1100 Subject: - (djm) [misc.c] include time.h for nanosleep() prototype --- ChangeLog | 3 +++ misc.c | 1 + 2 files changed, 4 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f928331c3..986c2ae2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20110213 + - (djm) [misc.c] include time.h for nanosleep() prototype + 20110212 - OpenBSD CVS Sync - nicm@cvs.openbsd.org 2010/10/08 21:48:42 diff --git a/misc.c b/misc.c index 1c57ce0ac..919b04e6b 100644 --- a/misc.c +++ b/misc.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include -- cgit v1.2.3 From cce927c25f93596a62b6d45c61a9d7fddf3d35c2 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 12 Jan 2011 19:06:31 -0800 Subject: - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm --- ChangeLog | 1 + Makefile.in | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 986c2ae2c..56a808bcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype + - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm 20110212 - OpenBSD CVS Sync diff --git a/Makefile.in b/Makefile.in index 7c55c7582..13b6dedea 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.315 2011/01/08 22:19:53 djm Exp $ +# $Id: Makefile.in,v 1.316 2011/01/13 03:06:38 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -407,6 +407,7 @@ tests interop-tests: $(TARGETS) TEST_SSH_PUTTYGEN="puttygen"; \ TEST_SSH_CONCH="conch"; \ TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \ + TEST_SSH_ECC="@TEST_SSH_ECC@" ; \ cd $(srcdir)/regress || exit $$?; \ $(MAKE) \ .OBJDIR="$${BUILDDIR}/regress" \ @@ -427,7 +428,8 @@ tests interop-tests: $(TARGETS) TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \ TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \ TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \ - TEST_SSH_IPV6="@TEST_SSH_IPV6@" \ + TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \ + TEST_SSH_ECC="$${TEST_SSH_ECC}" \ EXEEXT="$(EXEEXT)" \ $@ && echo all tests passed -- cgit v1.2.3 From 9b87a5ce3ca693c257c6097fb4c6906910b1900b Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 12 Jan 2011 22:35:43 -0800 Subject: - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating ecdsa keys. ok djm. --- ChangeLog | 2 ++ Makefile.in | 28 ++++++++++++++++++---------- configure.ac | 7 +++++-- opensshd.init.in | 4 ++++ 4 files changed, 29 insertions(+), 12 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 56a808bcd..2cc303de0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm + - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating + ecdsa keys. ok djm. 20110212 - OpenBSD CVS Sync diff --git a/Makefile.in b/Makefile.in index 13b6dedea..ea6fadc4a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.316 2011/01/13 03:06:38 tim Exp $ +# $Id: Makefile.in,v 1.317 2011/01/13 06:35:46 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -326,20 +326,27 @@ install-sysconf: host-key: ssh-keygen$(EXEEXT) @if [ -z "$(DESTDIR)" ] ; then \ - if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \ + if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \ + echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \ else \ - ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \ + ./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \ fi ; \ - if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ + if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \ + echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ else \ - ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \ + ./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \ fi ; \ - if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ + if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \ + echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ else \ - ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ; \ + ./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \ + fi ; \ + if [ -z "@COMMENT_OUT_ECC@" ] ; then \ + if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \ + echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \ + else \ + ./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \ + fi ; \ fi ; \ fi ; @@ -347,6 +354,7 @@ host-key-force: ssh-keygen$(EXEEXT) ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" +@COMMENT_OUT_ECC@ ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N "" uninstallall: uninstall -rm -f $(DESTDIR)$(sysconfdir)/ssh_config diff --git a/configure.ac b/configure.ac index 93dd22174..3d4d11c92 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.463 2011/01/12 05:00:39 djm Exp $ +# $Id: configure.ac,v 1.464 2011/01/13 06:35:46 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.463 $) +AC_REVISION($Revision: 1.464 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -2258,13 +2258,16 @@ int main(void) { AC_DEFINE(OPENSSL_HAS_ECC, 1, [libcrypto includes complete ECC support]) TEST_SSH_ECC=yes + COMMENT_OUT_ECC="" ], [ AC_MSG_RESULT(no) TEST_SSH_ECC=no + COMMENT_OUT_ECC="#no ecc#" ] ) AC_SUBST(TEST_SSH_ECC) +AC_SUBST(COMMENT_OUT_ECC) saved_LIBS="$LIBS" AC_CHECK_LIB(iaf, ia_openinfo, [ diff --git a/opensshd.init.in b/opensshd.init.in index d0aff7794..0db60caa7 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -20,6 +20,7 @@ SSH_KEYGEN=$prefix/bin/ssh-keygen HOST_KEY_RSA1=$sysconfdir/ssh_host_key HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key +@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key checkkeys() { @@ -32,6 +33,9 @@ checkkeys() { if [ ! -f $HOST_KEY_RSA ]; then ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" fi +@COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then +@COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N "" +@COMMENT_OUT_ECC@ fi } stop_service() { -- cgit v1.2.3 From ff22df538ef29d0596c9bff03f3c93fcd37ffb6e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Jan 2011 21:05:27 +1100 Subject: - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid gcc warning on platforms where it defaults to int --- ChangeLog | 2 ++ entropy.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2cc303de0..438c2cdd7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating ecdsa keys. ok djm. + - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid + gcc warning on platforms where it defaults to int 20110212 - OpenBSD CVS Sync diff --git a/entropy.c b/entropy.c index 8b705397f..a82166258 100644 --- a/entropy.c +++ b/entropy.c @@ -157,7 +157,7 @@ init_rng(void) */ if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); + "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); #ifndef OPENSSL_PRNG_ONLY original_uid = getuid(); -- cgit v1.2.3 From cbaf8e6ec17ceceb488eed578a11f3ab73264a1e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Jan 2011 21:08:27 +1100 Subject: - (djm) [regress/Makefile] add a few more generated files to the clean target --- ChangeLog | 2 ++ regress/Makefile | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 438c2cdd7..baf445fd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ ecdsa keys. ok djm. - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid gcc warning on platforms where it defaults to int + - (djm) [regress/Makefile] add a few more generated files to the clean + target 20110212 - OpenBSD CVS Sync diff --git a/regress/Makefile b/regress/Makefile index 85fd3a5ad..776a29c54 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -75,7 +75,7 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ known_hosts-cert host_ca_key* cert_host_key* \ - putty.rsa2 sshd_proxy_orig \ + putty.rsa2 sshd_proxy_orig ssh_proxy_bak key.[rd]sa-* \ authorized_principals_${USER} expect actual # Enable all malloc(3) randomisations and checks -- cgit v1.2.3 From 9b16086e74c5df0b213bd871be6bee3c04c98f87 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Jan 2011 22:00:20 +1100 Subject: - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad #define that was causing diffie-hellman-group-exchange-sha256 to be incorrectly disabled --- ChangeLog | 3 +++ myproposal.h | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index baf445fd4..354127ebe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ gcc warning on platforms where it defaults to int - (djm) [regress/Makefile] add a few more generated files to the clean target + - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad + #define that was causing diffie-hellman-group-exchange-sha256 to be + incorrectly disabled 20110212 - OpenBSD CVS Sync diff --git a/myproposal.h b/myproposal.h index 893190788..2c43607a7 100644 --- a/myproposal.h +++ b/myproposal.h @@ -46,9 +46,9 @@ #endif /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ -#if OPENSSL_VERSION_NUMBER < 0x00907000L +#if OPENSSL_VERSION_NUMBER >= 0x00907000L # define KEX_SHA256_METHODS \ - "diffie-hellman-group-exchange-sha1," + "diffie-hellman-group-exchange-sha256," #else # define KEX_SHA256_METHODS #endif -- cgit v1.2.3 From 5278806e39bb1794959c71bba61610efb6ec0d58 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Jan 2011 22:05:14 +1100 Subject: - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 should not depend on ECC support --- ChangeLog | 2 ++ regress/kextype.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 354127ebe..a064d5690 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad #define that was causing diffie-hellman-group-exchange-sha256 to be incorrectly disabled + - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 + should not depend on ECC support 20110212 - OpenBSD CVS Sync diff --git a/regress/kextype.sh b/regress/kextype.sh index 71e2ee060..9f8b7bcd0 100644 --- a/regress/kextype.sh +++ b/regress/kextype.sh @@ -9,8 +9,8 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak if test "$TEST_SSH_ECC" = "yes"; then kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521" - kextypes="$kextypes diffie-hellman-group-exchange-sha256" fi +kextypes="$kextypes diffie-hellman-group-exchange-sha256" kextypes="$kextypes diffie-hellman-group-exchange-sha1" kextypes="$kextypes diffie-hellman-group14-sha1" kextypes="$kextypes diffie-hellman-group1-sha1" -- cgit v1.2.3 From 445c9a507d23bd84e146133dcb2b9ba07ab216c6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 14 Jan 2011 12:01:29 +1100 Subject: - djm@cvs.openbsd.org 2011/01/13 21:54:53 [mux.c] correct error messages; patch from bert.wesarg AT googlemail.com --- ChangeLog | 6 ++++++ mux.c | 10 +++++----- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a064d5690..a91768a57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20110214 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/01/13 21:54:53 + [mux.c] + correct error messages; patch from bert.wesarg AT googlemail.com + 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm diff --git a/mux.c b/mux.c index f1f7e6b13..e370462db 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.23 2010/10/12 02:22:24 dtucker Exp $ */ +/* $OpenBSD: mux.c,v 1.24 2011/01/13 21:54:53 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -1530,7 +1530,7 @@ mux_client_request_forward(int fd, u_int ftype, Forward *fwd) case MUX_S_FAILURE: e = buffer_get_string(&m, NULL); buffer_free(&m); - error("%s: session request failed: %s", __func__, e); + error("%s: forwarding request failed: %s", __func__, e); return -1; default: fatal("%s: unexpected response from master 0x%08x", @@ -1649,12 +1649,12 @@ mux_client_request_session(int fd) case MUX_S_PERMISSION_DENIED: e = buffer_get_string(&m, NULL); buffer_free(&m); - error("Master refused forwarding request: %s", e); + error("Master refused session request: %s", e); return -1; case MUX_S_FAILURE: e = buffer_get_string(&m, NULL); buffer_free(&m); - error("%s: forwarding request failed: %s", __func__, e); + error("%s: session request failed: %s", __func__, e); return -1; default: buffer_free(&m); @@ -1781,7 +1781,7 @@ mux_client_request_stdio_fwd(int fd) case MUX_S_PERMISSION_DENIED: e = buffer_get_string(&m, NULL); buffer_free(&m); - fatal("Master refused forwarding request: %s", e); + fatal("Master refused stdio forwarding request: %s", e); case MUX_S_FAILURE: e = buffer_get_string(&m, NULL); buffer_free(&m); -- cgit v1.2.3 From 42747df8b7986912b008b4341a707f80dd147997 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 14 Jan 2011 12:01:50 +1100 Subject: - djm@cvs.openbsd.org 2011/01/13 21:55:25 [PROTOCOL.mux] correct protocol names and add a couple of missing protocol number defines; patch from bert.wesarg AT googlemail.com --- ChangeLog | 4 ++++ PROTOCOL.mux | 26 +++++++++++++------------- 2 files changed, 17 insertions(+), 13 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a91768a57..5ea138ed7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - djm@cvs.openbsd.org 2011/01/13 21:54:53 [mux.c] correct error messages; patch from bert.wesarg AT googlemail.com + - djm@cvs.openbsd.org 2011/01/13 21:55:25 + [PROTOCOL.mux] + correct protocol names and add a couple of missing protocol number + defines; patch from bert.wesarg AT googlemail.com 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype diff --git a/PROTOCOL.mux b/PROTOCOL.mux index 1d8c463a7..3d6f81878 100644 --- a/PROTOCOL.mux +++ b/PROTOCOL.mux @@ -28,7 +28,7 @@ defined. To open a new multiplexed session, a client may send the following request: - uint32 MUX_C_MSG_NEW_SESSION + uint32 MUX_C_NEW_SESSION uint32 request id string reserved bool want tty flag @@ -99,7 +99,7 @@ The server will reply with one of MUX_S_OK or MUX_S_PERMISSION_DENIED. A client may request the master to establish a port forward: - uint32 MUX_C_OPEN_FORWARD + uint32 MUX_C_OPEN_FWD uint32 request id uint32 forwarding type string listen host @@ -118,24 +118,23 @@ For dynamically allocated listen port the server replies with uint32 client request id uint32 allocated remote listen port -5. Requesting closure of port forwards +6. Requesting closure of port forwards + +Note: currently unimplemented (server will always reply with MUX_S_FAILURE). A client may request the master to establish a port forward: - uint32 MUX_C_OPEN_FORWARD + uint32 MUX_C_CLOSE_FWD uint32 request id - uint32 forwarding type string listen host string listen port string connect host string connect port -forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. - A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. -6. Requesting stdio forwarding +7. Requesting stdio forwarding A client may request the master to establish a stdio forwarding: @@ -153,7 +152,7 @@ The contents of "reserved" are currently ignored. A server may reply with a MUX_S_SESSION_OPEED, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. -7. Status messages +8. Status messages The MUX_S_OK message is empty: @@ -170,14 +169,15 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason: uint32 client request id string reason -7. Protocol numbers +9. Protocol numbers #define MUX_MSG_HELLO 0x00000001 #define MUX_C_NEW_SESSION 0x10000002 #define MUX_C_ALIVE_CHECK 0x10000004 #define MUX_C_TERMINATE 0x10000005 -#define MUX_C_OPEN_FORWARD 0x10000006 -#define MUX_C_CLOSE_FORWARD 0x10000007 +#define MUX_C_OPEN_FWD 0x10000006 +#define MUX_C_CLOSE_FWD 0x10000007 +#define MUX_C_NEW_STDIO_FWD 0x10000008 #define MUX_S_OK 0x80000001 #define MUX_S_PERMISSION_DENIED 0x80000002 #define MUX_S_FAILURE 0x80000003 @@ -200,4 +200,4 @@ XXX server->client error/warning notifications XXX port0 rfwd (need custom response message) XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.2 2010/05/16 12:55:51 markus Exp $ +$OpenBSD: PROTOCOL.mux,v 1.3 2011/01/13 21:55:25 djm Exp $ -- cgit v1.2.3 From e9b40487fa41696a8f045ff7a5447ce9da511913 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 14 Jan 2011 14:47:37 +1100 Subject: - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in host-key-force target rather than a substitution that is replaced with a comment so that the Makefile.in is still a syntactically valid Makefile (useful to run the distprep target) --- ChangeLog | 4 ++++ Makefile.in | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5ea138ed7..f441d8d63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ [PROTOCOL.mux] correct protocol names and add a couple of missing protocol number defines; patch from bert.wesarg AT googlemail.com + - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in + host-key-force target rather than a substitution that is replaced with a + comment so that the Makefile.in is still a syntactically valid Makefile + (useful to run the distprep target) 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype diff --git a/Makefile.in b/Makefile.in index ea6fadc4a..3ace262e8 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.317 2011/01/13 06:35:46 tim Exp $ +# $Id: Makefile.in,v 1.318 2011/01/14 03:47:40 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -354,7 +354,7 @@ host-key-force: ssh-keygen$(EXEEXT) ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" -@COMMENT_OUT_ECC@ ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N "" + test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N "" uninstallall: uninstall -rm -f $(DESTDIR)$(sysconfdir)/ssh_config -- cgit v1.2.3 From 02d99da9760bc17ee383b7fffcd539b1731e3da5 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 13 Jan 2011 22:20:27 -0800 Subject: - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. --- ChangeLog | 1 + regress/cert-hostkey.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f441d8d63..6c43b045b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,7 @@ host-key-force target rather than a substitution that is replaced with a comment so that the Makefile.in is still a syntactically valid Makefile (useful to run the distprep target) + - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index c23a41c68..6ccf54cc0 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -35,7 +35,7 @@ for ktype in rsa dsa $ecdsa ; do -n $HOSTS $OBJ/cert_host_key_${ktype} || fail "couldn't sign cert_host_key_${ktype}" # v00 ecdsa certs do not exist - test "{ktype}" = "ecdsa" && continue + test "${ktype}" = "ecdsa" && continue cp $OBJ/cert_host_key_${ktype} $OBJ/cert_host_key_${ktype}_v00 cp $OBJ/cert_host_key_${ktype}.pub $OBJ/cert_host_key_${ktype}_v00.pub ${SSHKEYGEN} -t v00 -h -q -s $OBJ/host_ca_key \ -- cgit v1.2.3 From c5c346b101fbd0399d11c88d9e204ac475596117 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 13 Jan 2011 22:36:14 -0800 Subject: - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some ecdsa bits. --- ChangeLog | 2 ++ regress/cert-hostkey.sh | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6c43b045b..32ae1437f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ comment so that the Makefile.in is still a syntactically valid Makefile (useful to run the distprep target) - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. + - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some + ecdsa bits. 20110213 - (djm) [misc.c] include time.h for nanosleep() prototype diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 6ccf54cc0..3b147b9f7 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -72,9 +72,11 @@ done echon '@revoked ' echon "* " cat $OBJ/cert_host_key_rsa.pub - echon '@revoked ' - echon "* " - cat $OBJ/cert_host_key_ecdsa.pub + if test "x$TEST_SSH_ECC" = "xyes"; then + echon '@revoked ' + echon "* " + cat $OBJ/cert_host_key_ecdsa.pub + fi echon '@revoked ' echon "* " cat $OBJ/cert_host_key_dsa.pub -- cgit v1.2.3 From 08f83883f518fa0e9765ed25ae6c19e279633ea9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 16 Jan 2011 18:24:04 +1100 Subject: not February yet... --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 32ae1437f..ccc8bc302 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -20110214 +20110114 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/01/13 21:54:53 [mux.c] @@ -15,7 +15,7 @@ - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some ecdsa bits. -20110213 +20110113 - (djm) [misc.c] include time.h for nanosleep() prototype - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating @@ -30,7 +30,7 @@ - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 should not depend on ECC support -20110212 +20110112 - OpenBSD CVS Sync - nicm@cvs.openbsd.org 2010/10/08 21:48:42 [openbsd-compat/glob.c] -- cgit v1.2.3 From 50c61f88abdb356d45026dc1427ddb461b626e45 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 16 Jan 2011 18:28:09 +1100 Subject: - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based on configurations that don't have it. --- ChangeLog | 4 ++++ Makefile.in | 4 +++- configure.ac | 8 +++++--- regress/kextype.sh | 4 +++- 4 files changed, 15 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index ccc8bc302..1266e9984 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20110116 + - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based + on configurations that don't have it. + 20110114 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/01/13 21:54:53 diff --git a/Makefile.in b/Makefile.in index 3ace262e8..c4011daf7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.318 2011/01/14 03:47:40 djm Exp $ +# $Id: Makefile.in,v 1.319 2011/01/16 07:28:10 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -416,6 +416,7 @@ tests interop-tests: $(TARGETS) TEST_SSH_CONCH="conch"; \ TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \ TEST_SSH_ECC="@TEST_SSH_ECC@" ; \ + TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \ cd $(srcdir)/regress || exit $$?; \ $(MAKE) \ .OBJDIR="$${BUILDDIR}/regress" \ @@ -438,6 +439,7 @@ tests interop-tests: $(TARGETS) TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \ TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \ TEST_SSH_ECC="$${TEST_SSH_ECC}" \ + TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \ EXEEXT="$(EXEEXT)" \ $@ && echo all tests passed diff --git a/configure.ac b/configure.ac index 3d4d11c92..1817dd909 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.464 2011/01/13 06:35:46 tim Exp $ +# $Id: configure.ac,v 1.465 2011/01/16 07:28:12 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.464 $) +AC_REVISION($Revision: 1.465 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -2239,7 +2239,9 @@ if test "x$check_for_libcrypt_later" = "x1"; then fi # Search for SHA256 support in libc and/or OpenSSL -AC_CHECK_FUNCS(SHA256_Update EVP_sha256) +AC_CHECK_FUNCS(SHA256_Update EVP_sha256, [TEST_SSH_SHA256=yes], + [TEST_SSH_SHA256=no]) +AC_SUBST(TEST_SSH_SHA256) # Check complete ECC support in OpenSSL AC_MSG_CHECKING([whether OpenSSL has complete ECC support]) diff --git a/regress/kextype.sh b/regress/kextype.sh index 9f8b7bcd0..79c0817bb 100644 --- a/regress/kextype.sh +++ b/regress/kextype.sh @@ -10,7 +10,9 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak if test "$TEST_SSH_ECC" = "yes"; then kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521" fi -kextypes="$kextypes diffie-hellman-group-exchange-sha256" +if test "$TEST_SSH_SHA256" = "yes"; then + kextypes="$kextypes diffie-hellman-group-exchange-sha256" +fi kextypes="$kextypes diffie-hellman-group-exchange-sha1" kextypes="$kextypes diffie-hellman-group14-sha1" kextypes="$kextypes diffie-hellman-group1-sha1" -- cgit v1.2.3 From 4791f9dcecb89f5601d8b20e2e6b43dce6f25755 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 16 Jan 2011 23:16:53 +1100 Subject: - djm@cvs.openbsd.org 2011/01/16 11:50:05 [clientloop.c] Use atomicio when flushing protocol 1 std{out,err} buffers at session close. This was a latent bug exposed by setting a SIGCHLD handler and spotted by kevin.brott AT gmail.com; ok dtucker@ --- ChangeLog | 6 ++++++ clientloop.c | 14 +++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 1266e9984..7012e620e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,12 @@ 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based on configurations that don't have it. + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/01/16 11:50:05 + [clientloop.c] + Use atomicio when flushing protocol 1 std{out,err} buffers at + session close. This was a latent bug exposed by setting a SIGCHLD + handler and spotted by kevin.brott AT gmail.com; ok dtucker@ 20110114 - OpenBSD CVS Sync diff --git a/clientloop.c b/clientloop.c index c60b758c7..325657ba2 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.229 2011/01/11 06:13:10 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.230 2011/01/16 11:50:05 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1591,9 +1591,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) /* Output any buffered data for stdout. */ while (buffer_len(&stdout_buffer) > 0) { - len = write(fileno(stdout), buffer_ptr(&stdout_buffer), - buffer_len(&stdout_buffer)); - if (len <= 0) { + len = atomicio(vwrite, fileno(stdout), + buffer_ptr(&stdout_buffer), buffer_len(&stdout_buffer)); + if (len != buffer_len(&stdout_buffer)) { error("Write failed flushing stdout buffer."); break; } @@ -1602,9 +1602,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) /* Output any buffered data for stderr. */ while (buffer_len(&stderr_buffer) > 0) { - len = write(fileno(stderr), buffer_ptr(&stderr_buffer), - buffer_len(&stderr_buffer)); - if (len <= 0) { + len = atomicio(vwrite, fileno(stderr), + buffer_ptr(&stderr_buffer), buffer_len(&stderr_buffer)); + if (len != buffer_len(&stderr_buffer)) { error("Write failed flushing stderr buffer."); break; } -- cgit v1.2.3 From 6fb6fd566267da4f36499078caf46da5291f4b8c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 16 Jan 2011 23:17:45 +1100 Subject: - djm@cvs.openbsd.org 2011/01/16 11:50:36 [sshconnect.c] reset the SIGPIPE handler when forking to execute child processes; ok dtucker@ --- ChangeLog | 4 ++++ sshconnect.c | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7012e620e..d16a9fb42 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ Use atomicio when flushing protocol 1 std{out,err} buffers at session close. This was a latent bug exposed by setting a SIGCHLD handler and spotted by kevin.brott AT gmail.com; ok dtucker@ + - djm@cvs.openbsd.org 2011/01/16 11:50:36 + [sshconnect.c] + reset the SIGPIPE handler when forking to execute child processes; + ok dtucker@ 20110114 - OpenBSD CVS Sync diff --git a/sshconnect.c b/sshconnect.c index 64dc032c4..74643a8c4 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.231 2011/01/06 23:01:35 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.232 2011/01/16 11:50:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -143,6 +143,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) /* Execute the proxy command. Note that we gave up any extra privileges above. */ + signal(SIGPIPE, SIG_DFL); execv(argv[0], argv); perror(argv[0]); exit(1); @@ -1271,6 +1272,7 @@ ssh_local_cmd(const char *args) osighand = signal(SIGCHLD, SIG_DFL); pid = fork(); if (pid == 0) { + signal(SIGPIPE, SIG_DFL); debug3("Executing %s -c \"%s\"", shell, args); execl(shell, shell, "-c", args, (char *)NULL); error("Couldn't execute %s -c \"%s\": %s", -- cgit v1.2.3 From cfd6e4f57fc8489ed4065be06d85de3f30575fe2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 16 Jan 2011 23:18:33 +1100 Subject: - djm@cvs.openbsd.org 2011/01/16 12:05:59 [clientloop.c] a couple more tweaks to the post-close protocol 1 stderr/stdout flush: now that we use atomicio(), convert them from while loops to if statements add test and cast to compile cleanly with -Wsigned --- ChangeLog | 5 +++++ clientloop.c | 20 +++++++++----------- 2 files changed, 14 insertions(+), 11 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d16a9fb42..a0282b739 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,11 @@ [sshconnect.c] reset the SIGPIPE handler when forking to execute child processes; ok dtucker@ + - djm@cvs.openbsd.org 2011/01/16 12:05:59 + [clientloop.c] + a couple more tweaks to the post-close protocol 1 stderr/stdout flush: + now that we use atomicio(), convert them from while loops to if statements + add test and cast to compile cleanly with -Wsigned 20110114 - OpenBSD CVS Sync diff --git a/clientloop.c b/clientloop.c index 325657ba2..f6c1444a3 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.230 2011/01/16 11:50:05 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.231 2011/01/16 12:05:59 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1590,25 +1590,23 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) } /* Output any buffered data for stdout. */ - while (buffer_len(&stdout_buffer) > 0) { + if (buffer_len(&stdout_buffer) > 0) { len = atomicio(vwrite, fileno(stdout), buffer_ptr(&stdout_buffer), buffer_len(&stdout_buffer)); - if (len != buffer_len(&stdout_buffer)) { + if (len < 0 || (u_int)len != buffer_len(&stdout_buffer)) error("Write failed flushing stdout buffer."); - break; - } - buffer_consume(&stdout_buffer, len); + else + buffer_consume(&stdout_buffer, len); } /* Output any buffered data for stderr. */ - while (buffer_len(&stderr_buffer) > 0) { + if (buffer_len(&stderr_buffer) > 0) { len = atomicio(vwrite, fileno(stderr), buffer_ptr(&stderr_buffer), buffer_len(&stderr_buffer)); - if (len != buffer_len(&stderr_buffer)) { + if (len < 0 || (u_int)len != buffer_len(&stderr_buffer)) error("Write failed flushing stderr buffer."); - break; - } - buffer_consume(&stderr_buffer, len); + else + buffer_consume(&stderr_buffer, len); } /* Clear and free any buffers. */ -- cgit v1.2.3 From 369c0e8eefe767c244c085677e7901526ef462be Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Jan 2011 10:51:40 +1100 Subject: - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in $PATH, fix cleanup of droppings; reported by openssh AT roumenpetrov.info; ok dtucker@ --- ChangeLog | 5 +++++ regress/Makefile | 48 +++++++++++++++++++++++++----------------------- 2 files changed, 30 insertions(+), 23 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a0282b739..00e4bdbd5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20110117 + - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in + $PATH, fix cleanup of droppings; reported by openssh AT + roumenpetrov.info; ok dtucker@ + 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based on configurations that don't have it. diff --git a/regress/Makefile b/regress/Makefile index 776a29c54..f114c27e9 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -65,7 +65,7 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #LTESTS= cipher-speed USER!= id -un -CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ +CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ t8.out t8.out.pub t9.out t9.out.pub \ authorized_keys_${USER} known_hosts pidfile \ ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ @@ -75,66 +75,68 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ known_hosts-cert host_ca_key* cert_host_key* \ - putty.rsa2 sshd_proxy_orig ssh_proxy_bak key.[rd]sa-* \ + putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ + key.rsa-* key.dsa-* key.ecdsa-* \ authorized_principals_${USER} expect actual # Enable all malloc(3) randomisations and checks TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" +TEST_SSH_SSHKEYGEN?=ssh-keygen + t1: - ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv - ssh-keygen -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv - ssh-keygen -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv t2: cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out chmod 600 $(OBJ)/t2.out - ssh-keygen -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub t3: - ssh-keygen -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/rsa_secsh.pub - ssh-keygen -if $(OBJ)/rsa_secsh.pub | diff - ${.CURDIR}/rsa_openssh.pub - rm -f ${.CURDIR}/rsa_secsh.pub + ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out + ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub t4: - ssh-keygen -lf ${.CURDIR}/rsa_openssh.pub |\ + ${TEST_SSH_SSHKEYGEN} -lf ${.CURDIR}/rsa_openssh.pub |\ awk '{print $$2}' | diff - ${.CURDIR}/t4.ok t5: - ssh-keygen -Bf ${.CURDIR}/rsa_openssh.pub |\ + ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ awk '{print $$2}' | diff - ${.CURDIR}/t5.ok t6: - ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 - ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 chmod 600 $(OBJ)/t6.out1 - ssh-keygen -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 $(OBJ)/t7.out: - ssh-keygen -q -t rsa -N '' -f $@ + ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ t7: $(OBJ)/t7.out - ssh-keygen -lf $(OBJ)/t7.out > /dev/null - ssh-keygen -Bf $(OBJ)/t7.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null $(OBJ)/t8.out: - ssh-keygen -q -t dsa -N '' -f $@ + ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ t8: $(OBJ)/t8.out - ssh-keygen -lf $(OBJ)/t8.out > /dev/null - ssh-keygen -Bf $(OBJ)/t8.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null $(OBJ)/t9.out: test "${TEST_SSH_ECC}" != yes || \ - ssh-keygen -q -t ecdsa -N '' -f $@ + ${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $@ t9: $(OBJ)/t9.out test "${TEST_SSH_ECC}" != yes || \ - ssh-keygen -lf $(OBJ)/t9.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t9.out > /dev/null test "${TEST_SSH_ECC}" != yes || \ - ssh-keygen -Bf $(OBJ)/t9.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ -- cgit v1.2.3 From fd3669eb266086951f9181a3037a813b12eb6a94 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Jan 2011 11:20:18 +1100 Subject: - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding its unique snowflake of a gdb error to the ones we look for. --- ChangeLog | 2 ++ regress/agent-ptrace.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 00e4bdbd5..95b5b6bfd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in $PATH, fix cleanup of droppings; reported by openssh AT roumenpetrov.info; ok dtucker@ + - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding + its unique snowflake of a gdb error to the ones we look for. 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index d5892ed03..9f29464c5 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh @@ -41,7 +41,7 @@ EOF if [ $? -ne 0 ]; then fail "gdb failed: exit code $?" fi - egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out + egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null ${OBJ}/gdb.out r=$? rm -f ${OBJ}/gdb.out if [ $r -ne 0 ]; then -- cgit v1.2.3 From 1ccbfa88b1defffa6cd4b533bcc97f737162afee Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Jan 2011 11:52:40 +1100 Subject: - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running ssh-add to avoid $SUDO failures on Linux --- ChangeLog | 2 ++ regress/agent-getpeereid.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 95b5b6bfd..7dda03e0e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ roumenpetrov.info; ok dtucker@ - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding its unique snowflake of a gdb error to the ones we look for. + - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running + ssh-add to avoid $SUDO failures on Linux 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 5d7f73291..22276a29d 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -34,7 +34,7 @@ else fail "ssh-add failed with $r != 1" fi - < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1 + < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null r=$? if [ $r -lt 2 ]; then fail "ssh-add did not fail for ${UNPRIV}: $r < 2" -- cgit v1.2.3 From 0c93adc7c1814b113d25c5e214973a3aa630b0af Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 17 Jan 2011 11:55:59 +1100 Subject: - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback to the old values. Feedback from vapier at gentoo org and djm, ok djm. --- ChangeLog | 3 +++ openbsd-compat/port-linux.c | 55 +++++++++++++++++++++++++++++---------------- 2 files changed, 39 insertions(+), 19 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 7dda03e0e..e64a550f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ its unique snowflake of a gdb error to the ones we look for. - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running ssh-add to avoid $SUDO failures on Linux + - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new + Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback + to the old values. Feedback from vapier at gentoo org and djm, ok djm. 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 86d16dc6e..d89101d18 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.9 2010/09/10 00:30:25 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.10 2011/01/17 00:56:00 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -208,14 +208,22 @@ ssh_selinux_change_context(const char *newname) #endif /* WITH_SELINUX */ #ifdef LINUX_OOM_ADJUST -#define OOM_ADJ_PATH "/proc/self/oom_adj" /* - * The magic "don't kill me", as documented in eg: + * The magic "don't kill me" values, old and new, as documented in eg: * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt + * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt */ -#define OOM_ADJ_NOKILL -17 static int oom_adj_save = INT_MIN; +static char *oom_adj_path = NULL; +struct { + char *path; + int value; +} oom_adjust[] = { + {"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */ + {"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */ + {NULL, 0}, +}; /* * Tell the kernel's out-of-memory killer to avoid sshd. @@ -224,23 +232,31 @@ static int oom_adj_save = INT_MIN; void oom_adjust_setup(void) { + int i, value; FILE *fp; debug3("%s", __func__); - if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { - if (fscanf(fp, "%d", &oom_adj_save) != 1) - verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); - else { - rewind(fp); - if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) - verbose("error writing %s: %s", - OOM_ADJ_PATH, strerror(errno)); - else - verbose("Set %s from %d to %d", - OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL); + for (i = 0; oom_adjust[i].path != NULL; i++) { + oom_adj_path = oom_adjust[i].path; + value = oom_adjust[i].value; + if ((fp = fopen(oom_adj_path, "r+")) != NULL) { + if (fscanf(fp, "%d", &oom_adj_save) != 1) + verbose("error reading %s: %s", oom_adj_path, + strerror(errno)); + else { + rewind(fp); + if (fprintf(fp, "%d\n", value) <= 0) + verbose("error writing %s: %s", + oom_adj_path, strerror(errno)); + else + verbose("Set %s from %d to %d", + oom_adj_path, oom_adj_save, value); + } + fclose(fp); + return; } - fclose(fp); } + oom_adj_path = NULL; } /* Restore the saved OOM adjustment */ @@ -250,13 +266,14 @@ oom_adjust_restore(void) FILE *fp; debug3("%s", __func__); - if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL) + if (oom_adj_save == INT_MIN || oom_adj_save == NULL || + (fp = fopen(oom_adj_path, "w")) == NULL) return; if (fprintf(fp, "%d\n", oom_adj_save) <= 0) - verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); + verbose("error writing %s: %s", oom_adj_path, strerror(errno)); else - verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); + verbose("Set %s to %d", oom_adj_path, oom_adj_save); fclose(fp); return; -- cgit v1.2.3 From 58497780ab22d56ac5216c71f5a20efc1e39ce2e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 17 Jan 2011 16:17:09 +1100 Subject: - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are disabled on platforms that do not support them; add a "config_defined()" shell function that greps for defines in config.h and use them to decide on feature tests. Convert a couple of existing grep's over config.h to use the new function Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent backslash characters in filenames, enable it for Cygwin and use it to turn of tests for quotes backslashes in sftp-glob.sh. based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ --- ChangeLog | 10 ++++++++++ configure.ac | 5 +++-- regress/agent-getpeereid.sh | 5 +---- regress/multiplex.sh | 3 +-- regress/sftp-glob.sh | 23 +++++++++++++++-------- regress/test-exec.sh | 11 +++++++++++ 6 files changed, 41 insertions(+), 16 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e64a550f1..c6c6cb955 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,16 @@ - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback to the old values. Feedback from vapier at gentoo org and djm, ok djm. + - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] + [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are + disabled on platforms that do not support them; add a "config_defined()" + shell function that greps for defines in config.h and use them to decide + on feature tests. + Convert a couple of existing grep's over config.h to use the new function + Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent + backslash characters in filenames, enable it for Cygwin and use it to turn + of tests for quotes backslashes in sftp-glob.sh. + based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/configure.ac b/configure.ac index 1817dd909..02e8423c0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.465 2011/01/16 07:28:12 dtucker Exp $ +# $Id: configure.ac,v 1.466 2011/01/17 05:17:09 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.465 $) +AC_REVISION($Revision: 1.466 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -483,6 +483,7 @@ int main(void) { exit(0); } [Define if your platform needs to skip post auth file descriptor passing]) AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size]) + AC_DEFINE(FILESYSTEM_NO_BACKSLASH, 1, [File names may not contain backslash characters]) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN, 1, diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 22276a29d..f5f5ba55a 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -7,10 +7,7 @@ UNPRIV=nobody ASOCK=${OBJ}/agent SSH_AUTH_SOCK=/nonexistent -if grep "#undef.*HAVE_GETPEEREID" ${BUILDDIR}/config.h >/dev/null 2>&1 && \ - grep "#undef.*HAVE_GETPEERUCRED" ${BUILDDIR}/config.h >/dev/null && \ - grep "#undef.*HAVE_SO_PEERCRED" ${BUILDDIR}/config.h >/dev/null -then +if ! config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then echo "skipped (not supported on this platform)" exit 0 fi diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 8a98a6e54..b94cdf02f 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -5,8 +5,7 @@ CTL=/tmp/openssh.regress.ctl-sock.$$ tid="connection multiplexing" -if grep "#define.*DISABLE_FD_PASSING" ${BUILDDIR}/config.h >/dev/null 2>&1 -then +if config_defined DISABLE_FD_PASSING ; then echo "skipped (not supported on this platform)" exit 0 fi diff --git a/regress/sftp-glob.sh b/regress/sftp-glob.sh index 72bb17d75..8d4df2c98 100644 --- a/regress/sftp-glob.sh +++ b/regress/sftp-glob.sh @@ -3,11 +3,18 @@ tid="sftp glob" +config_defined FILESYSTEM_NO_BACKSLASH && nobs="not supported on this platform" + sftp_ls() { target=$1 errtag=$2 expected=$3 unexpected=$4 + skip=$5 + if test "x$skip" != "x" ; then + verbose "$tid: $errtag (skipped: $skip)" + return + fi verbose "$tid: $errtag" printf "ls -l %s" "${target}" | \ ${SFTP} -b - -D ${SFTPSERVER} 2>/dev/null | \ @@ -44,8 +51,8 @@ SPACE="${DIR}/g-q space" rm -rf ${BASE} mkdir -p ${DIR} -touch "${DATA}" "${GLOB1}" "${GLOB2}" "${QUOTE}" -touch "${QSLASH}" "${ESLASH}" "${SLASH}" "${SPACE}" +touch "${DATA}" "${GLOB1}" "${GLOB2}" "${QUOTE}" "${SPACE}" +test "x$nobs" = "x" && touch "${QSLASH}" "${ESLASH}" "${SLASH}" # target message expected unexpected sftp_ls "${DIR}/fil*" "file glob" "${DATA}" "" @@ -55,14 +62,14 @@ sftp_ls "${DIR}/g-wild\*" "escaped glob" "g-wild*" "g-wildx" sftp_ls "${DIR}/g-quote\\\"" "escaped quote" "g-quote\"" "" sftp_ls "\"${DIR}/g-quote\\\"\"" "quoted quote" "g-quote\"" "" sftp_ls "'${DIR}/g-quote\"'" "single-quoted quote" "g-quote\"" "" -sftp_ls "${DIR}/g-sl\\\\ash" "escaped slash" "g-sl\\ash" "" -sftp_ls "'${DIR}/g-sl\\\\ash'" "quoted slash" "g-sl\\ash" "" -sftp_ls "${DIR}/g-slash\\\\" "escaped slash at EOL" "g-slash\\" "" -sftp_ls "'${DIR}/g-slash\\\\'" "quoted slash at EOL" "g-slash\\" "" -sftp_ls "${DIR}/g-qs\\\\\\\"" "escaped slash+quote" "g-qs\\\"" "" -sftp_ls "'${DIR}/g-qs\\\\\"'" "quoted slash+quote" "g-qs\\\"" "" sftp_ls "${DIR}/g-q\\ space" "escaped space" "g-q space" "" sftp_ls "'${DIR}/g-q space'" "quoted space" "g-q space" "" +sftp_ls "${DIR}/g-sl\\\\ash" "escaped slash" "g-sl\\ash" "" "$nobs" +sftp_ls "'${DIR}/g-sl\\\\ash'" "quoted slash" "g-sl\\ash" "" "$nobs" +sftp_ls "${DIR}/g-slash\\\\" "escaped slash at EOL" "g-slash\\" "" "$nobs" +sftp_ls "'${DIR}/g-slash\\\\'" "quoted slash at EOL" "g-slash\\" "" "$nobs" +sftp_ls "${DIR}/g-qs\\\\\\\"" "escaped slash+quote" "g-qs\\\"" "" "$nobs" +sftp_ls "'${DIR}/g-qs\\\\\"'" "quoted slash+quote" "g-qs\\\"" "" "$nobs" rm -rf ${BASE} diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b64dcdbcf..5c56aefff 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -221,6 +221,17 @@ fatal () exit $RESULT } +# Check whether preprocessor symbols are defined in config.h. +config_defined () +{ + str=$1 + while test "x$2" != "x" ; do + str="$str|$2" + shift + done + egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1 +} + RESULT=0 PIDFILE=$OBJ/pidfile -- cgit v1.2.3 From 6dfcd34042197e904a6c92e277d6b60a58e7a90a Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Sun, 16 Jan 2011 22:53:56 -0800 Subject: - (tim) [regress/agent-getpeereid.sh] shell portability fix. --- ChangeLog | 1 + regress/agent-getpeereid.sh | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index c6c6cb955..b8c334ab0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ backslash characters in filenames, enable it for Cygwin and use it to turn of tests for quotes backslashes in sftp-glob.sh. based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ + - (tim) [regress/agent-getpeereid.sh] shell portability fix. 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index f5f5ba55a..faf654c04 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -7,7 +7,9 @@ UNPRIV=nobody ASOCK=${OBJ}/agent SSH_AUTH_SOCK=/nonexistent -if ! config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then +if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then + : +else echo "skipped (not supported on this platform)" exit 0 fi -- cgit v1.2.3 From 263d43d2a58f0fc4cf211808410560c8c3e451d2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 17 Jan 2011 18:50:22 +1100 Subject: - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on the tinderbox. --- ChangeLog | 2 ++ openbsd-compat/port-linux.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b8c334ab0..6230fdc26 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,8 @@ of tests for quotes backslashes in sftp-glob.sh. based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ - (tim) [regress/agent-getpeereid.sh] shell portability fix. + - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on + the tinderbox. 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index d89101d18..5b1cf402c 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.10 2011/01/17 00:56:00 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -266,7 +266,7 @@ oom_adjust_restore(void) FILE *fp; debug3("%s", __func__); - if (oom_adj_save == INT_MIN || oom_adj_save == NULL || + if (oom_adj_save == INT_MIN || oom_adj_path == NULL || (fp = fopen(oom_adj_path, "w")) == NULL) return; -- cgit v1.2.3 From ea52a829699e981a58a69a77342e7ca3715a5f5b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 17 Jan 2011 21:15:27 +1100 Subject: - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem support, based on patches from Tomas Mraz and jchadima at redhat. --- ChangeLog | 3 ++ LICENCE | 1 + Makefile.in | 5 ++- audit-bsm.c | 6 +-- audit-linux.c | 126 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ audit.c | 10 ++--- audit.h | 9 +++-- configure.ac | 16 ++++++-- defines.h | 7 +++- loginrec.c | 4 +- 10 files changed, 167 insertions(+), 20 deletions(-) create mode 100644 audit-linux.c (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 6230fdc26..f393ca491 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - (tim) [regress/agent-getpeereid.sh] shell portability fix. - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on the tinderbox. + - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h + configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem + support, based on patches from Tomas Mraz and jchadima at redhat. 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/LICENCE b/LICENCE index 3964b1d77..120d6fd54 100644 --- a/LICENCE +++ b/LICENCE @@ -206,6 +206,7 @@ OpenSSH contains no GPL code. Sun Microsystems The SCO Group Daniel Walsh + Red Hat, Inc * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile.in b/Makefile.in index c4011daf7..77a78aa61 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.319 2011/01/16 07:28:10 dtucker Exp $ +# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -82,6 +82,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ roaming_common.o roaming_client.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ + audit.o audit-bsm.o audit-linux.o platform.o \ sshpty.o sshlogin.o servconf.o serverloop.o \ auth.o auth1.o auth2.o auth-options.o session.o \ auth-chall.o auth2-chall.o groupaccess.o \ @@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \ + sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out diff --git a/audit-bsm.c b/audit-bsm.c index 2c417bc27..f196d4f1e 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */ /* * TODO @@ -305,13 +305,13 @@ audit_run_command(const char *command) } void -audit_session_open(const char *ttyn) +audit_session_open(struct logininfo *li) { /* not implemented */ } void -audit_session_close(const char *ttyn) +audit_session_close(struct logininfo *li) { /* not implemented */ } diff --git a/audit-linux.c b/audit-linux.c new file mode 100644 index 000000000..b3ee2f4da --- /dev/null +++ b/audit-linux.c @@ -0,0 +1,126 @@ +/* $Id: audit-linux.c,v 1.1 2011/01/17 10:15:30 dtucker Exp $ */ + +/* + * Copyright 2010 Red Hat, Inc. All rights reserved. + * Use is subject to license terms. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Red Hat author: Jan F. Chadima + */ + +#include "includes.h" +#if defined(USE_LINUX_AUDIT) +#include +#include +#include + +#include "log.h" +#include "audit.h" +#include "canohost.h" + +const char* audit_username(void); + +int +linux_audit_record_event(int uid, const char *username, + const char *hostname, const char *ip, const char *ttyn, int success) +{ + int audit_fd, rc, saved_errno; + + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno == EINVAL || errno == EPROTONOSUPPORT || + errno == EAFNOSUPPORT) + return 1; /* No audit support in kernel */ + else + return 0; /* Must prevent login */ + } + rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, + NULL, "login", username ? username : "(unknown)", + username == NULL ? uid : -1, hostname, ip, ttyn, success); + saved_errno = errno; + close(audit_fd); + /* + * Do not report error if the error is EPERM and sshd is run as non + * root user. + */ + if ((rc == -EPERM) && (geteuid() != 0)) + rc = 0; + errno = saved_errno; + return (rc >= 0); +} + +/* Below is the sshd audit API code */ + +void +audit_connection_from(const char *host, int port) +{ +} + /* not implemented */ + +void +audit_run_command(const char *command) +{ + /* not implemented */ +} + +void +audit_session_open(struct logininfo *li) +{ + if (linux_audit_record_event(li->uid, NULL, li->hostname, + NULL, li->line, 1) == 0) + fatal("linux_audit_write_entry failed: %s", strerror(errno)); +} + +void +audit_session_close(struct logininfo *li) +{ + /* not implemented */ +} + +void +audit_event(ssh_audit_event_t event) +{ + switch(event) { + case SSH_AUTH_SUCCESS: + case SSH_CONNECTION_CLOSE: + case SSH_NOLOGIN: + case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_ROOT_DENIED: + break; + + case SSH_AUTH_FAIL_NONE: + case SSH_AUTH_FAIL_PASSWD: + case SSH_AUTH_FAIL_KBDINT: + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + case SSH_INVALID_USER: + linux_audit_record_event(-1, audit_username(), NULL, + get_remote_ipaddr(), "sshd", 0); + break; + + default: + debug("%s: unhandled event %d", __func__, event); + } +} + +#endif /* USE_LINUX_AUDIT */ diff --git a/audit.c b/audit.c index dbea34cb2..ced57fa64 100644 --- a/audit.c +++ b/audit.c @@ -1,4 +1,4 @@ -/* $Id: audit.c,v 1.5 2006/09/01 05:38:36 djm Exp $ */ +/* $Id: audit.c,v 1.6 2011/01/17 10:15:30 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -147,9 +147,9 @@ audit_event(ssh_audit_event_t event) * within a single connection. */ void -audit_session_open(const char *ttyn) +audit_session_open(struct logininfo *li) { - const char *t = ttyn ? ttyn : "(no tty)"; + const char *t = li->line ? li->line : "(no tty)"; debug("audit session open euid %d user %s tty name %s", geteuid(), audit_username(), t); @@ -163,9 +163,9 @@ audit_session_open(const char *ttyn) * within a single connection. */ void -audit_session_close(const char *ttyn) +audit_session_close(struct logininfo *li) { - const char *t = ttyn ? ttyn : "(no tty)"; + const char *t = li->line ? li->line : "(no tty)"; debug("audit session close euid %d user %s tty name %s", geteuid(), audit_username(), t); diff --git a/audit.h b/audit.h index 695f72354..92ede5bc4 100644 --- a/audit.h +++ b/audit.h @@ -1,4 +1,4 @@ -/* $Id: audit.h,v 1.3 2006/08/05 14:05:10 dtucker Exp $ */ +/* $Id: audit.h,v 1.4 2011/01/17 10:15:30 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -26,6 +26,9 @@ #ifndef _SSH_AUDIT_H # define _SSH_AUDIT_H + +#include "loginrec.h" + enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, SSH_LOGIN_ROOT_DENIED, @@ -46,8 +49,8 @@ typedef enum ssh_audit_event_type ssh_audit_event_t; void audit_connection_from(const char *, int); void audit_event(ssh_audit_event_t); -void audit_session_open(const char *); -void audit_session_close(const char *); +void audit_session_open(struct logininfo *); +void audit_session_close(struct logininfo *); void audit_run_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); diff --git a/configure.ac b/configure.ac index 02e8423c0..233d3cfa1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.466 2011/01/17 05:17:09 djm Exp $ +# $Id: configure.ac,v 1.467 2011/01/17 10:15:30 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.466 $) +AC_REVISION($Revision: 1.467 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -1378,7 +1378,7 @@ int main(void) AUDIT_MODULE=none AC_ARG_WITH(audit, - [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], + [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], [ AC_MSG_CHECKING(for supported audit module) case "$withval" in @@ -1402,10 +1402,18 @@ AC_ARG_WITH(audit, AC_CHECK_FUNCS(getaudit_addr aug_get_machine) AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) ;; + linux) + AC_MSG_RESULT(linux) + AUDIT_MODULE=linux + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS(libaudit.h) + SSHDLIBS="$SSHDLIBS -laudit" + AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module]) + ;; debug) AUDIT_MODULE=debug AC_MSG_RESULT(debug) - AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module) + AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module]) ;; no) AC_MSG_RESULT(no) diff --git a/defines.h b/defines.h index ed438bd88..cd273066d 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.163 2010/11/23 23:50:05 djm Exp $ */ +/* $Id: defines.h,v 1.164 2011/01/17 10:15:31 dtucker Exp $ */ /* Constants */ @@ -607,6 +607,11 @@ struct winsize { # define CUSTOM_SSH_AUDIT_EVENTS #endif +#ifdef USE_LINUX_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) # define __func__ __FUNCTION__ #elif !defined(HAVE___func__) diff --git a/loginrec.c b/loginrec.c index 587d55f7d..32941c985 100644 --- a/loginrec.c +++ b/loginrec.c @@ -469,9 +469,9 @@ login_write(struct logininfo *li) #endif #ifdef SSH_AUDIT_EVENTS if (li->type == LTYPE_LOGIN) - audit_session_open(li->line); + audit_session_open(li); else if (li->type == LTYPE_LOGOUT) - audit_session_close(li->line); + audit_session_close(li); #endif return (0); } -- cgit v1.2.3 From 15e1b4dea756446a73bcfd9953fc994dea2ed0f6 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 18 Jan 2011 20:47:04 -0800 Subject: - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead of RPM so build completes. Signatures were changed to .asc since 4.1p1. --- ChangeLog | 4 ++++ contrib/caldera/openssh.spec | 10 +++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f393ca491..87066031a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20110119 + - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead + of RPM so build completes. Signatures were changed to .asc since 4.1p1. + 20110117 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in $PATH, fix cleanup of droppings; reported by openssh AT diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 515fe334d..b76e6fd73 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -57,7 +57,7 @@ BuildRequires : XFree86-imake # %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs Source0: see-above:/.../openssh-%{version}.tar.gz %if %{use_stable} -Source1: see-above:/.../openssh-%{version}.tar.gz.sig +Source1: see-above:/.../openssh-%{version}.tar.gz.asc %endif Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz Source3: http://www.openssh.com/faq.html @@ -182,7 +182,7 @@ CFLAGS="$RPM_OPT_FLAGS" \ --with-privsep-path=%{_var}/empty/sshd \ #leave this line for easy edits. -%__make CFLAGS="$RPM_OPT_FLAGS" +%__make cd %{askpass} %configure \ @@ -356,7 +356,11 @@ fi %ChangeLog +* Tue Jan 18 2011 Tim Rice +- Use CFLAGS from Makefile instead of RPM so build completes. +- Signatures were changed to .asc since 4.1p1. + * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.71 2010/08/08 16:32:09 djm Exp $ +$Id: openssh.spec,v 1.72 2011/01/19 04:47:07 tim Exp $ -- cgit v1.2.3 From e323ebc250bb25c51a27be4b34190bf5a371f50b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 19 Jan 2011 23:12:27 +1100 Subject: - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- release testing (random crashes and failure to load ECC keys). ok dtucker@ --- ChangeLog | 4 ++++ configure.ac | 10 ++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 87066031a..53c987f1b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20110119 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead of RPM so build completes. Signatures were changed to .asc since 4.1p1. + - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to + 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- + release testing (random crashes and failure to load ECC keys). + ok dtucker@ 20110117 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in diff --git a/configure.ac b/configure.ac index 233d3cfa1..208896ed8 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.467 2011/01/17 10:15:30 dtucker Exp $ +# $Id: configure.ac,v 1.468 2011/01/19 12:12:30 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.467 $) +AC_REVISION($Revision: 1.468 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -2257,8 +2257,14 @@ AC_MSG_CHECKING([whether OpenSSL has complete ECC support]) AC_LINK_IFELSE( [AC_LANG_SOURCE([[ #include +#include +#include #include #include +#include +#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ +# error "OpenSSL < 0.9.8g has unreliable ECC code" +#endif int main(void) { EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); const EVP_MD *m = EVP_sha512(); /* We need this too */ -- cgit v1.2.3 From 79241377df7fdd34a05d0565c7c5fb48ef6492a5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 22 Jan 2011 09:37:01 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add RSA_get_default_method() for the benefit of openssl versions that don't have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, ok djm@. --- ChangeLog | 6 ++++++ configure.ac | 6 +++--- openbsd-compat/openssl-compat.c | 14 +++++++++++++- openbsd-compat/openssl-compat.h | 6 +++++- 4 files changed, 27 insertions(+), 5 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 53c987f1b..78196a7c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20110122 + - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add + RSA_get_default_method() for the benefit of openssl versions that don't + have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, + ok djm@. + 20110119 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead of RPM so build completes. Signatures were changed to .asc since 4.1p1. diff --git a/configure.ac b/configure.ac index 208896ed8..769e83594 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.468 2011/01/19 12:12:30 djm Exp $ +# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.468 $) +AC_REVISION($Revision: 1.469 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -2180,7 +2180,7 @@ int main(void) { SSLeay_add_all_algorithms(); } ] ) -AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex) +AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method) AC_ARG_WITH(ssl-engine, [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index eb5ae7f85..b617fdf19 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.12 2010/12/04 21:46:05 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.13 2011/01/21 22:37:06 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -26,6 +26,10 @@ # include #endif +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +# include +#endif + #include "log.h" #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS @@ -120,6 +124,14 @@ DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, } #endif +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +RSA_METHOD * +RSA_get_default_method(void) +{ + return RSA_PKCS1_SSLeay(); +} +#endif + #ifdef USE_OPENSSL_ENGINE void ssh_SSLeay_add_all_algorithms(void) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index c0ca20aaf..6d4f3f215 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.18 2011/01/21 22:37:06 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -78,6 +78,10 @@ extern const EVP_CIPHER *evp_acss(void); # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) #endif +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +RSA_METHOD *RSA_get_default_method(void); +#endif + /* * We overload some of the OpenSSL crypto functions with ssh_* equivalents * which cater for older and/or less featureful OpenSSL version. -- cgit v1.2.3 From ad4b1adf95ff50e7066ef59abd1edc46cb35843a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 22 Jan 2011 20:21:33 +1100 Subject: - OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/01/22 09:18:53 [version.h] crank to OpenSSH-5.7 --- ChangeLog | 4 ++++ version.h | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 78196a7c2..25b0df643 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ RSA_get_default_method() for the benefit of openssl versions that don't have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, ok djm@. + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/01/22 09:18:53 + [version.h] + crank to OpenSSH-5.7 20110119 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead diff --git a/version.h b/version.h index 67d78dcc3..202e0dec2 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.59 2010/08/08 16:26:42 djm Exp $ */ +/* $OpenBSD: version.h,v 1.60 2011/01/22 09:18:53 djm Exp $ */ -#define SSH_VERSION "OpenSSH_5.6" +#define SSH_VERSION "OpenSSH_5.7" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- cgit v1.2.3 From 966accc5331784f26e3231dcd3c162f581e1dce6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 22 Jan 2011 20:23:10 +1100 Subject: - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] update versions in docs and spec files. --- ChangeLog | 2 ++ README | 4 ++-- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 25b0df643..e5fde13b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,8 @@ - djm@cvs.openbsd.org 2011/01/22 09:18:53 [version.h] crank to OpenSSH-5.7 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] update versions in docs and spec files. 20110119 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead diff --git a/README b/README index 4eaa54588..4e7e9a9f2 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.6 for the release notes. +See http://www.openssh.com/txt/release-5.7 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.74 2010/08/08 16:32:06 djm Exp $ +$Id: README,v 1.75 2011/01/22 09:23:12 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index b76e6fd73..23397b04d 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -16,7 +16,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 -%define version 5.6p1 +%define version 5.7p1 %if %{use_stable} %define cvs %{nil} %define release 1 @@ -363,4 +363,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.72 2011/01/19 04:47:07 tim Exp $ +$Id: openssh.spec,v 1.73 2011/01/22 09:23:33 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 77e66252e..8fc76b625 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 5.6p1 +%define ver 5.7p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index f099746f2..4573c52fd 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 5.6p1 +Version: 5.7p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 4a5eb41cee4cdda9d224d575b435d6277f4cc086 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 22 Jan 2011 20:24:34 +1100 Subject: trim entries older than 5.5p1 --- ChangeLog | 2743 ------------------------------------------------------------- 1 file changed, 2743 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e5fde13b7..39031f380 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1201,2746 +1201,3 @@ ok markus@ -20100410 - - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo - back so we disable the IPv6 tests if we don't have it. - -20100409 - - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong - ones. Based on a patch from Roumen Petrov. - - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we - have it and the path is not provided to --with-libedit. Based on a patch - from Iain Morgan. - - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable - utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@ - -20100326 - - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection - for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson - - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally - by Ingo Weinhold via Scott McCreary, ok djm@ - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/03/25 23:38:28 - [servconf.c] - from portable: getcwd(NULL, 0) doesn't work on all platforms, so - use a stack buffer; ok dtucker@ - - djm@cvs.openbsd.org 2010/03/26 00:26:58 - [ssh.1] - mention that -S none disables connection sharing; from Colin Watson - - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - - set up SELinux execution context before chroot() call. From Russell - Coker via Colin watson; bz#1726 ok dtucker@ - - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721 - ok dtucker@ - - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using - pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold). - - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys; - bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@ - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2010/03/26 01:06:13 - [ssh_config.5] - Reformat default value of PreferredAuthentications entry (current - formatting implies ", " is acceptable as a separator, which it's not. - ok djm@ - -20100324 - - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory - containing the services file explicitely case-insensitive. This allows to - tweak the Windows services file reliably. Patch from vinschen at redhat. - -20100321 - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/03/08 09:41:27 - [ssh-keygen.1] - sort the list of constraints (to -O); ok djm - - jmc@cvs.openbsd.org 2010/03/10 07:40:35 - [ssh-keygen.1] - typos; from Ross Richardson - closes prs 6334 and 6335 - - djm@cvs.openbsd.org 2010/03/10 23:27:17 - [auth2-pubkey.c] - correct certificate logging and make it more consistent between - authorized_keys and TrustedCAKeys; ok markus@ - - djm@cvs.openbsd.org 2010/03/12 01:06:25 - [servconf.c] - unbreak AuthorizedKeys option with a $HOME-relative path; reported by - vinschen AT redhat.com, ok dtucker@ - - markus@cvs.openbsd.org 2010/03/12 11:37:40 - [servconf.c] - do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths - free() (not xfree()) the buffer returned by getcwd() - - djm@cvs.openbsd.org 2010/03/13 21:10:38 - [clientloop.c] - protocol conformance fix: send language tag when disconnecting normally; - spotted by 1.41421 AT gmail.com, ok markus@ deraadt@ - - djm@cvs.openbsd.org 2010/03/13 21:45:46 - [ssh-keygen.1] - Certificates are named *-cert.pub, not *_cert.pub; committing a diff - from stevesk@ ok me - - jmc@cvs.openbsd.org 2010/03/13 23:38:13 - [ssh-keygen.1] - fix a formatting error (args need quoted); noted by stevesk - - stevesk@cvs.openbsd.org 2010/03/15 19:40:02 - [key.c key.h ssh-keygen.c] - also print certificate type (user or host) for ssh-keygen -L - ok djm kettenis - - stevesk@cvs.openbsd.org 2010/03/16 15:46:52 - [auth-options.c] - spelling in error message. ok djm kettenis - - djm@cvs.openbsd.org 2010/03/16 16:36:49 - [version.h] - crank version to openssh-5.5 since we have a few fixes since 5.4; - requested deraadt@ kettenis@ - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank version numbers - -20100314 - - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix - compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot - AT fefe.de - - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for - ssh-pkcs11-helper to repair static builds (we do the same for - ssh-keyscan). Reported by felix-mindrot AT fefe.de - -20100312 - - (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir) - - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets. - Patch from Corinna Vinschen. - - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install - on a Cygwin installation. Patch from Corinna Vinschen. - -20100311 - - (tim) [contrib/suse/openssh.spec] crank version number here too. - report by imorgan AT nas.nasa.gov - -20100309 - - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO - so setting it in CFLAGS correctly skips IPv6 tests. - -20100308 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/03/07 22:16:01 - [ssh-keygen.c] - make internal strptime string match strftime format; - suggested by vinschen AT redhat.com and markus@ - - djm@cvs.openbsd.org 2010/03/08 00:28:55 - [ssh-keygen.1] - document permit-agent-forwarding certificate constraint; patch from - stevesk@ - - djm@cvs.openbsd.org 2010/03/07 22:01:32 - [version.h] - openssh-5.4 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - crank version numbers - - (djm) Release OpenSSH-5.4p1 - -20100307 - - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that - it gets the passwd struct from the LAM that knows about the user which is - not necessarily the default. Patch from Alexandre Letourneau. - - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and - do not set real uid, since that's needed for the chroot, and will be set - by permanently_set_uid. - - (dtucker) [session.c] Also initialize creds to NULL for handing to - setpcred. - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2010/03/07 11:57:13 - [auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c] - Hold authentication debug messages until after successful authentication. - Fixes an info leak of environment variables specified in authorized_keys, - reported by Jacob Appelbaum. ok djm@ - -20100305 - - OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/03/04 12:51:25 - [ssh.1 sshd_config.5] - tweak previous; - - djm@cvs.openbsd.org 2010/03/04 20:35:08 - [ssh-keygen.1 ssh-keygen.c] - Add a -L flag to print the contents of a certificate; ok markus@ - - jmc@cvs.openbsd.org 2010/03/04 22:52:40 - [ssh-keygen.1] - fix Bk/Ek; - - djm@cvs.openbsd.org 2010/03/04 23:17:25 - [sshd_config.5] - missing word; spotted by jmc@ - - djm@cvs.openbsd.org 2010/03/04 23:19:29 - [ssh.1 sshd.8] - move section on CA and revoked keys from ssh.1 to sshd.8's known hosts - format section and rework it a bit; requested by jmc@ - - djm@cvs.openbsd.org 2010/03/04 23:27:25 - [auth-options.c ssh-keygen.c] - "force-command" is not spelled "forced-command"; spotted by - imorgan AT nas.nasa.gov - - djm@cvs.openbsd.org 2010/03/05 02:58:11 - [auth.c] - make the warning for a revoked key louder and more noticable - - jmc@cvs.openbsd.org 2010/03/05 06:50:35 - [ssh.1 sshd.8] - tweak previous; - - jmc@cvs.openbsd.org 2010/03/05 08:31:20 - [ssh.1] - document certificate authentication; help/ok djm - - djm@cvs.openbsd.org 2010/03/05 10:28:21 - [ssh-add.1 ssh.1 ssh_config.5] - mention loading of certificate files from [private]-cert.pub when - they are present; feedback and ok jmc@ - - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older - compilers. OK djm@ - - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure - on some platforms - - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@ - -20100304 - - (djm) [ssh-keygen.c] Use correct local variable, instead of - maybe-undefined global "optarg" - - (djm) [contrib/redhat/openssh.spec] Replace obsolete BuildPreReq - on XFree86-devel with neutral /usr/include/X11/Xlib.h; - imorgan AT nas.nasa.gov in bz#1731 - - (djm) [.cvsignore] Ignore ssh-pkcs11-helper - - (djm) [regress/Makefile] Cleanup sshd_proxy_orig - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/03/03 01:44:36 - [auth-options.c key.c] - reject strings with embedded ASCII nul chars in certificate key IDs, - principal names and constraints - - djm@cvs.openbsd.org 2010/03/03 22:49:50 - [sshd.8] - the authorized_keys option for CA keys is "cert-authority", not - "from=cert-authority". spotted by imorgan AT nas.nasa.gov - - djm@cvs.openbsd.org 2010/03/03 22:50:40 - [PROTOCOL.certkeys] - s/similar same/similar/; from imorgan AT nas.nasa.gov - - djm@cvs.openbsd.org 2010/03/04 01:44:57 - [key.c] - use buffer_get_string_ptr_ret() where we are checking the return - value explicitly instead of the fatal()-causing buffer_get_string_ptr() - - djm@cvs.openbsd.org 2010/03/04 10:36:03 - [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c] - [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h] - [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5] - Add a TrustedUserCAKeys option to sshd_config to specify CA keys that - are trusted to authenticate users (in addition than doing it per-user - in authorized_keys). - - Add a RevokedKeys option to sshd_config and a @revoked marker to - known_hosts to allow keys to me revoked and banned for user or host - authentication. - - feedback and ok markus@ - - djm@cvs.openbsd.org 2010/03/03 00:47:23 - [regress/cert-hostkey.sh regress/cert-userkey.sh] - add an extra test to ensure that authentication with the wrong - certificate fails as it should (and it does) - - djm@cvs.openbsd.org 2010/03/04 10:38:23 - [regress/cert-hostkey.sh regress/cert-userkey.sh] - additional regression tests for revoked keys and TrustedUserCAKeys - -20100303 - - (djm) [PROTOCOL.certkeys] Add RCS Ident - - OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/02/26 22:09:28 - [ssh-keygen.1 ssh.1 sshd.8] - tweak previous; - - otto@cvs.openbsd.org 2010/03/01 11:07:06 - [ssh-add.c] - zap what seems to be a left-over debug message; ok markus@ - - djm@cvs.openbsd.org 2010/03/02 23:20:57 - [ssh-keygen.c] - POSIX strptime is stricter than OpenBSD's so do a little dance to - appease it. - - (djm) [regress/cert-userkey.sh] s/echo -n/echon/ here too - -20100302 - - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from - http://git.savannah.gnu.org/gitweb/ (2009-12-30 and 2010-01-22 - respectively). - -20100301 - - (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace - "echo -n" with "echon" for portability. - - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM - adjust log at verbose only, since according to cjwatson in bug #1470 - some virtualization platforms don't allow writes. - -20100228 - - (djm) [auth.c] On Cygwin, refuse usernames that have differences in - case from that matched in the system password database. On this - platform, passwords are stored case-insensitively, but sshd requires - exact case matching for Match blocks in sshd_config(5). Based on - a patch from vinschen AT redhat.com. - - (tim) [ssh-pkcs11-helper.c] Move declarations before calling functions - to make older compilers (gcc 2.95) happy. - -20100227 - - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded - - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment - variables copied into sshd child processes. From vinschen AT redhat.com - -20100226 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/02/26 20:29:54 - [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c] - [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c] - [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c] - [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c] - [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c] - [sshconnect2.c sshd.8 sshd.c sshd_config.5] - Add support for certificate key types for users and hosts. - - OpenSSH certificate key types are not X.509 certificates, but a much - simpler format that encodes a public key, identity information and - some validity constraints and signs it with a CA key. CA keys are - regular SSH keys. This certificate style avoids the attack surface - of X.509 certificates and is very easy to deploy. - - Certified host keys allow automatic acceptance of new host keys - when a CA certificate is marked as trusted in ~/.ssh/known_hosts. - see VERIFYING HOST KEYS in ssh(1) for details. - - Certified user keys allow authentication of users when the signing - CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS - FILE FORMAT" in sshd(8) for details. - - Certificates are minted using ssh-keygen(1), documentation is in - the "CERTIFICATES" section of that manpage. - - Documentation on the format of certificates is in the file - PROTOCOL.certkeys - - feedback and ok markus@ - - djm@cvs.openbsd.org 2010/02/26 20:33:21 - [Makefile regress/cert-hostkey.sh regress/cert-userkey.sh] - regression tests for certified keys - -20100224 - - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] - [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/02/11 20:37:47 - [pathnames.h] - correct comment - - dtucker@cvs.openbsd.org 2009/11/09 04:20:04 - [regress/Makefile] - add regression test for ssh-keygen pubkey conversions - - dtucker@cvs.openbsd.org 2010/01/11 02:53:44 - [regress/forwarding.sh] - regress test for stdio forwarding - - djm@cvs.openbsd.org 2010/02/09 04:57:36 - [regress/addrmatch.sh] - clean up droppings - - djm@cvs.openbsd.org 2010/02/09 06:29:02 - [regress/Makefile] - turn on all the malloc(3) checking options when running regression - tests. this has caught a few bugs for me in the past; ok dtucker@ - - djm@cvs.openbsd.org 2010/02/24 06:21:56 - [regress/test-exec.sh] - wait for sshd to fully stop in cleanup() function; avoids races in tests - that do multiple start_sshd/cleanup cycles; "I hate pidfiles" deraadt@ - - markus@cvs.openbsd.org 2010/02/08 10:52:47 - [regress/agent-pkcs11.sh] - test for PKCS#11 support (currently disabled) - - (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helper - - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Add PKCS#11 helper binary and manpage - -20100212 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/02/02 22:49:34 - [bufaux.c] - make buffer_get_string_ret() really non-fatal in all cases (it was - using buffer_get_int(), which could fatal() on buffer empty); - ok markus dtucker - - markus@cvs.openbsd.org 2010/02/08 10:50:20 - [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] - [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] - replace our obsolete smartcard code with PKCS#11. - ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf - ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 - provider (shared library) while ssh-agent(1) delegates PKCS#11 to - a forked a ssh-pkcs11-helper process. - PKCS#11 is currently a compile time option. - feedback and ok djm@; inspired by patches from Alon Bar-Lev - - jmc@cvs.openbsd.org 2010/02/08 22:03:05 - [ssh-add.1 ssh-keygen.1 ssh.1 ssh.c] - tweak previous; ok markus - - djm@cvs.openbsd.org 2010/02/09 00:50:36 - [ssh-agent.c] - fallout from PKCS#11: unbreak -D - - djm@cvs.openbsd.org 2010/02/09 00:50:59 - [ssh-keygen.c] - fix -Wall - - djm@cvs.openbsd.org 2010/02/09 03:56:28 - [buffer.c buffer.h] - constify the arguments to buffer_len, buffer_ptr and buffer_dump - - djm@cvs.openbsd.org 2010/02/09 06:18:46 - [auth.c] - unbreak ChrootDirectory+internal-sftp by skipping check for executable - shell when chrooting; reported by danh AT wzrd.com; ok dtucker@ - - markus@cvs.openbsd.org 2010/02/10 23:20:38 - [ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5] - pkcs#11 is no longer optional; improve wording; ok jmc@ - - jmc@cvs.openbsd.org 2010/02/11 13:23:29 - [ssh.1] - libarary -> library; - - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c] - [scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java] - Remove obsolete smartcard support - - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] - Make it compile on OSX - - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] - Use ssh_get_progname to fill __progname - - (djm) [configure.ac] Enable PKCS#11 support only when we find a working - dlopen() - -20100210 - - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for - getseuserbyname; patch from calebcase AT gmail.com via - cjwatson AT debian.org - -20100202 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/01/30 21:08:33 - [sshd.8] - debug output goes to stderr, not "the system log"; ok markus dtucker - - djm@cvs.openbsd.org 2010/01/30 21:12:08 - [channels.c] - fake local addr:port when stdio fowarding as some servers (Tectia at - least) validate that they are well-formed; - reported by imorgan AT nas.nasa.gov - ok dtucker - -20100130 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/01/28 00:21:18 - [clientloop.c] - downgrade an error() to a debug() - this particular case can be hit in - normal operation for certain sequences of mux slave vs session closure - and is harmless - - djm@cvs.openbsd.org 2010/01/29 00:20:41 - [sshd.c] - set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com - ok dtucker@ - - djm@cvs.openbsd.org 2010/01/29 20:16:17 - [mux.c] - kill correct channel (was killing already-dead mux channel, not - its session channel) - - djm@cvs.openbsd.org 2010/01/30 02:54:53 - [mux.c] - don't mark channel as read failed if it is already closing; suppresses - harmless error messages when connecting to SSH.COM Tectia server - report by imorgan AT nas.nasa.gov - -20100129 - - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config() - after registering the hardware engines, which causes the openssl.cnf file to - be processed. See OpenSSL's man page for OPENSSL_config(3) for details. - Patch from Solomon Peachy, ok djm@. - -20100128 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/01/26 02:15:20 - [mux.c] - -Wuninitialized and remove a // comment; from portable - (Id sync only) - - djm@cvs.openbsd.org 2010/01/27 13:26:17 - [mux.c] - fix bug introduced in mux rewrite: - - In a mux master, when a socket to a mux slave closes before its server - session (as may occur when the slave has been signalled), gracefully - close the server session rather than deleting its channel immediately. - A server may have more messages on that channel to send (e.g. an exit - message) that will fatal() the client if they are sent to a channel that - has been prematurely deleted. - - spotted by imorgan AT nas.nasa.gov - - djm@cvs.openbsd.org 2010/01/27 19:21:39 - [sftp.c] - add missing "p" flag to getopt optstring; - bz#1704 from imorgan AT nas.nasa.gov - -20100126 - - (djm) OpenBSD CVS Sync - - tedu@cvs.openbsd.org 2010/01/17 21:49:09 - [ssh-agent.1] - Correct and clarify ssh-add's password asking behavior. - Improved text dtucker and ok jmc - - dtucker@cvs.openbsd.org 2010/01/18 01:50:27 - [roaming_client.c] - s/long long unsigned/unsigned long long/, from tim via portable - (Id sync only, change already in portable) - - djm@cvs.openbsd.org 2010/01/26 01:28:35 - [channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] - rewrite ssh(1) multiplexing code to a more sensible protocol. - - The new multiplexing code uses channels for the listener and - accepted control sockets to make the mux master non-blocking, so - no stalls when processing messages from a slave. - - avoid use of fatal() in mux master protocol parsing so an errant slave - process cannot take down a running master. - - implement requesting of port-forwards over multiplexed sessions. Any - port forwards requested by the slave are added to those the master has - established. - - add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. - - document master/slave mux protocol so that other tools can use it to - control a running ssh(1). Note: there are no guarantees that this - protocol won't be incompatibly changed (though it is versioned). - - feedback Salvador Fandino, dtucker@ - channel changes ok markus@ - -20100122 - - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of - socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size - in Cygwin to 65535. Patch from Corinna Vinschen. - -20100117 - - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too. - - (tim) [configure.ac] On SVR5 systems, use the C99-conforming functions - snprintf() and vsnprintf() named _xsnprintf() and _xvsnprintf(). - -20100116 - - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h - so we correctly detect whether or not we have a native user_from_uid. - - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid - and group_from_gid. - - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by - Tim. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2010/01/15 09:24:23 - [sftp-common.c] - unused - - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused - variable warnings. - - (dtucker) [openbsd-compat/openbsd-compat.h] Typo. - - (tim) [regress/portnum.sh] Shell portability fix. - - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native - getaddrinfo() is too old and limited for addr_pton() in addrmatch.c. - - (tim) [roaming_client.c] Use of is not really portable so we - use "openbsd-compat/sys-queue.h". s/long long unsigned/unsigned long long/ - to keep USL compilers happy. - -20100115 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/01/13 12:48:34 - [sftp.1 sftp.c] - sftp.1: put ls -h in the right place - sftp.c: as above, plus add -p to get/put, and shorten their arg names - to keep the help usage nicely aligned - ok djm - - djm@cvs.openbsd.org 2010/01/13 23:47:26 - [auth.c] - when using ChrootDirectory, make sure we test for the existence of the - user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu; - ok dtucker - - dtucker@cvs.openbsd.org 2010/01/14 23:41:49 - [sftp-common.c] - use user_from{uid,gid} to lookup up ids since it keeps a small cache. - ok djm - - guenther@cvs.openbsd.org 2010/01/15 00:05:22 - [sftp.c] - Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp - inherited SIGTERM as ignored it will still be able to kill the ssh it - starts. - ok dtucker@ - - (dtucker) [openbsd-compat/pwcache.c] Pull in pwcache.c from OpenBSD (no - changes yet but there will be some to come). - - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability - for pwcache. Also, added caching of negative hits. - -20100114 - - (djm) [platform.h] Add missing prototype for - platform_krb5_get_principal_name - -20100113 - - (dtucker) [monitor_fdpass.c] Wrap poll.h include in ifdefs. - - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: - missing restore of SIGTTOU and some whitespace. - - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21. - - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22. - Fixes bz #1590, where sometimes you could not interrupt a connection while - ssh was prompting for a passphrase or password. - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2010/01/13 00:19:04 - [sshconnect.c auth.c] - Fix a couple of typos/mispellings in comments - - dtucker@cvs.openbsd.org 2010/01/13 01:10:56 - [key.c] - Ignore and log any Protocol 1 keys where the claimed size is not equal to - the actual size. Noted by Derek Martin, ok djm@ - - dtucker@cvs.openbsd.org 2010/01/13 01:20:20 - [canohost.c ssh-keysign.c sshconnect2.c] - Make HostBased authentication work with a ProxyCommand. bz #1569, patch - from imorgan at nas nasa gov, ok djm@ - - djm@cvs.openbsd.org 2010/01/13 01:40:16 - [sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h] - support '-h' (human-readable units) for sftp's ls command, just like - ls(1); ok dtucker@ - - djm@cvs.openbsd.org 2010/01/13 03:48:13 - [servconf.c servconf.h sshd.c] - avoid run-time failures when specifying hostkeys via a relative - path by prepending the cwd in these cases; bz#1290; ok dtucker@ - - djm@cvs.openbsd.org 2010/01/13 04:10:50 - [sftp.c] - don't append a space after inserting a completion of a directory (i.e. - a path ending in '/') for a slightly better user experience; ok dtucker@ - - (dtucker) [sftp-common.c] Wrap include of util.h in an ifdef. - - (tim) [defines.h] openbsd-compat/readpassphrase.c now needs _NSIG. - feedback and ok dtucker@ - -20100112 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2010/01/11 01:39:46 - [ssh_config channels.c ssh.1 channels.h ssh.c] - Add a 'netcat mode' (ssh -W). This connects stdio on the client to a - single port forward on the server. This allows, for example, using ssh as - a ProxyCommand to route connections via intermediate servers. - bz #1618, man page help from jmc@, ok markus@ - - dtucker@cvs.openbsd.org 2010/01/11 04:46:45 - [authfile.c sshconnect2.c] - Do not prompt for a passphrase if we fail to open a keyfile, and log the - reason the open failed to debug. - bz #1693, found by tj AT castaglia org, ok djm@ - - djm@cvs.openbsd.org 2010/01/11 10:51:07 - [ssh-keygen.c] - when converting keys, truncate key comments at 72 chars as per RFC4716; - bz#1630 reported by tj AT castaglia.org; ok markus@ - - dtucker@cvs.openbsd.org 2010/01/12 00:16:47 - [authfile.c] - Fix bug introduced in r1.78 (incorrect brace location) that broke key auth. - Patch from joachim joachimschipper nl. - - djm@cvs.openbsd.org 2010/01/12 00:58:25 - [monitor_fdpass.c] - avoid spinning when fd passing on nonblocking sockets by calling poll() - in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@ - - djm@cvs.openbsd.org 2010/01/12 00:59:29 - [roaming_common.c] - delete with extreme prejudice a debug() that fired with every keypress; - ok dtucker deraadt - - dtucker@cvs.openbsd.org 2010/01/12 01:31:05 - [session.c] - Do not allow logins if /etc/nologin exists but is not readable by the user - logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@ - - djm@cvs.openbsd.org 2010/01/12 01:36:08 - [buffer.h bufaux.c] - add a buffer_get_string_ptr_ret() that does the same as - buffer_get_string_ptr() but does not fatal() on error; ok dtucker@ - - dtucker@cvs.openbsd.org 2010/01/12 08:33:17 - [session.c] - Add explicit stat so we reliably detect nologin with bad perms. - ok djm markus - -20100110 - - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] - Remove hacks add for RoutingDomain in preparation for its removal. - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 - [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h - ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c - readconf.h scp.1 sftp.1 ssh_config.5 misc.h] - Remove RoutingDomain from ssh since it's now not needed. It can be - replaced with "route exec" or "nc -V" as a proxycommand. "route exec" - also ensures that trafic such as DNS lookups stays withing the specified - routingdomain. For example (from reyk): - # route -T 2 exec /usr/sbin/sshd - or inherited from the parent process - $ route -T 2 exec sh - $ ssh 10.1.2.3 - ok deraadt@ markus@ stevesk@ reyk@ - - dtucker@cvs.openbsd.org 2010/01/10 03:51:17 - [servconf.c] - Add ChrootDirectory to sshd.c test-mode output - - dtucker@cvs.openbsd.org 2010/01/10 07:15:56 - [auth.c] - Output a debug if we can't open an existing keyfile. bz#1694, ok djm@ - -20100109 - - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't - have it. - - (dtucker) [defines.h] define PRIu64 for platforms that don't have it. - - (dtucker) [roaming_client.c] Wrap inttypes.h in an ifdef. - - (dtucker) [loginrec.c] Use the SUSv3 specified name for the user name - when using utmpx. Patch from Ed Schouten. - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/01/09 00:20:26 - [sftp-server.c sftp-server.8] - add a 'read-only' mode to sftp-server(8) that disables open in write mode - and all other fs-modifying protocol methods. bz#430 ok dtucker@ - - djm@cvs.openbsd.org 2010/01/09 00:57:10 - [PROTOCOL] - tweak language - - jmc@cvs.openbsd.org 2010/01/09 03:36:00 - [sftp-server.8] - bad place to forget a comma... - - djm@cvs.openbsd.org 2010/01/09 05:04:24 - [mux.c sshpty.h clientloop.c sshtty.c] - quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we - usually don't actually have a tty to read/set; bz#1686 ok dtucker@ - - dtucker@cvs.openbsd.org 2010/01/09 05:17:00 - [roaming_client.c] - Remove a PRIu64 format string that snuck in with roaming. ok djm@ - - dtucker@cvs.openbsd.org 2010/01/09 11:13:02 - [sftp.c] - Prevent sftp from derefing a null pointer when given a "-" without a - command. Also, allow whitespace to follow a "-". bz#1691, path from - Colin Watson via Debian. ok djm@ deraadt@ - - dtucker@cvs.openbsd.org 2010/01/09 11:17:56 - [sshd.c] - Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs - itself. Prevents two HUPs in quick succession from resulting in sshd - dying. bz#1692, patch from Colin Watson via Ubuntu. - - (dtucker) [defines.h] Remove now-undeeded PRIu64 define. - -20100108 - - (dtucker) OpenBSD CVS Sync - - andreas@cvs.openbsd.org 2009/10/24 11:11:58 - [roaming.h] - Declarations needed for upcoming changes. - ok markus@ - - andreas@cvs.openbsd.org 2009/10/24 11:13:54 - [sshconnect2.c kex.h kex.c] - Let the client detect if the server supports roaming by looking - for the resume@appgate.com kex algorithm. - ok markus@ - - andreas@cvs.openbsd.org 2009/10/24 11:15:29 - [clientloop.c] - client_loop() must detect if the session has been suspended and resumed, - and take appropriate action in that case. - From Martin Forssen, maf at appgate dot com - - andreas@cvs.openbsd.org 2009/10/24 11:19:17 - [ssh2.h] - Define the KEX messages used when resuming a suspended connection. - ok markus@ - - andreas@cvs.openbsd.org 2009/10/24 11:22:37 - [roaming_common.c] - Do the actual suspend/resume in the client. This won't be useful until - the server side supports roaming. - Most code from Martin Forssen, maf at appgate dot com. Some changes by - me and markus@ - ok markus@ - - andreas@cvs.openbsd.org 2009/10/24 11:23:42 - [ssh.c] - Request roaming to be enabled if UseRoaming is true and the server - supports it. - ok markus@ - - reyk@cvs.openbsd.org 2009/10/28 16:38:18 - [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c - channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 - sftp.1 sshd_config.5 readconf.c ssh.c misc.c] - Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. - ok markus@ - - jmc@cvs.openbsd.org 2009/10/28 21:45:08 - [sshd_config.5 sftp.1] - tweak previous; - - djm@cvs.openbsd.org 2009/11/10 02:56:22 - [ssh_config.5] - explain the constraints on LocalCommand some more so people don't - try to abuse it. - - djm@cvs.openbsd.org 2009/11/10 02:58:56 - [sshd_config.5] - clarify that StrictModes does not apply to ChrootDirectory. Permissions - and ownership are always checked when chrooting. bz#1532 - - dtucker@cvs.openbsd.org 2009/11/10 04:30:45 - [sshconnect2.c channels.c sshconnect.c] - Set close-on-exec on various descriptors so they don't get leaked to - child processes. bz #1643, patch from jchadima at redhat, ok deraadt. - - markus@cvs.openbsd.org 2009/11/11 21:37:03 - [channels.c channels.h] - fix race condition in x11/agent channel allocation: don't read after - the end of the select read/write fdset and make sure a reused FD - is not touched before the pre-handlers are called. - with and ok djm@ - - djm@cvs.openbsd.org 2009/11/17 05:31:44 - [clientloop.c] - fix incorrect exit status when multiplexing and channel ID 0 is recycled - bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker - - djm@cvs.openbsd.org 2009/11/19 23:39:50 - [session.c] - bz#1606: error when an attempt is made to connect to a server - with ForceCommand=internal-sftp with a shell session (i.e. not a - subsystem session). Avoids stuck client when attempting to ssh to such a - service. ok dtucker@ - - dtucker@cvs.openbsd.org 2009/11/20 00:15:41 - [session.c] - Warn but do not fail if stat()ing the subsystem binary fails. This helps - with chrootdirectory+forcecommand=sftp-server and restricted shells. - bz #1599, ok djm. - - djm@cvs.openbsd.org 2009/11/20 00:54:01 - [sftp.c] - bz#1588 change "Connecting to host..." message to "Connected to host." - and delay it until after the sftp protocol connection has been established. - Avoids confusing sequence of messages when the underlying ssh connection - experiences problems. ok dtucker@ - - dtucker@cvs.openbsd.org 2009/11/20 00:59:36 - [sshconnect2.c] - Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@ - - djm@cvs.openbsd.org 2009/11/20 03:24:07 - [misc.c] - correct off-by-one in percent_expand(): we would fatal() when trying - to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually - work. Note that nothing in OpenSSH actually uses close to this limit at - present. bz#1607 from Jan.Pechanec AT Sun.COM - - halex@cvs.openbsd.org 2009/11/22 13:18:00 - [sftp.c] - make passing of zero-length arguments to ssh safe by - passing "-" "" rather than "-" - ok dtucker@, guenther@, djm@ - - dtucker@cvs.openbsd.org 2009/12/06 23:41:15 - [sshconnect2.c] - zap unused variable and strlen; from Steve McClellan, ok djm - - djm@cvs.openbsd.org 2009/12/06 23:53:45 - [roaming_common.c] - use socklen_t for getsockopt optlen parameter; reported by - Steve.McClellan AT radisys.com, ok dtucker@ - - dtucker@cvs.openbsd.org 2009/12/06 23:53:54 - [sftp.c] - fix potential divide-by-zero in sftp's "df" output when talking to a server - that reports zero files on the filesystem (Unix filesystems always have at - least the root inode). From Steve McClellan at radisys, ok djm@ - - markus@cvs.openbsd.org 2009/12/11 18:16:33 - [key.c] - switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 - for the RSA public exponent; discussed with provos; ok djm@ - - guenther@cvs.openbsd.org 2009/12/20 07:28:36 - [ssh.c sftp.c scp.c] - When passing user-controlled options with arguments to other programs, - pass the option and option argument as separate argv entries and - not smashed into one (e.g., as -l foo and not -lfoo). Also, always - pass a "--" argument to stop option parsing, so that a positional - argument that starts with a '-' isn't treated as an option. This - fixes some error cases as well as the handling of hostnames and - filenames that start with a '-'. - Based on a diff by halex@ - ok halex@ djm@ deraadt@ - - djm@cvs.openbsd.org 2009/12/20 23:20:40 - [PROTOCOL] - fix an incorrect magic number and typo in PROTOCOL; bz#1688 - report and fix from ueno AT unixuser.org - - stevesk@cvs.openbsd.org 2009/12/25 19:40:21 - [readconf.c servconf.c misc.h ssh-keyscan.c misc.c] - validate routing domain is in range 0-RT_TABLEID_MAX. - 'Looks right' deraadt@ - - stevesk@cvs.openbsd.org 2009/12/29 16:38:41 - [sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1] - Rename RDomain config option to RoutingDomain to be more clear and - consistent with other options. - NOTE: if you currently use RDomain in the ssh client or server config, - or ssh/sshd -o, you must update to use RoutingDomain. - ok markus@ djm@ - - jmc@cvs.openbsd.org 2009/12/29 18:03:32 - [sshd_config.5 ssh_config.5] - sort previous; - - dtucker@cvs.openbsd.org 2010/01/04 01:45:30 - [sshconnect2.c] - Don't escape backslashes in the SSH2 banner. bz#1533, patch from - Michal Gorny via Gentoo. - - djm@cvs.openbsd.org 2010/01/04 02:03:57 - [sftp.c] - Implement tab-completion of commands, local and remote filenames for sftp. - Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009 - Google Summer of Code) and polished to a fine sheen by myself again. - It should deal more-or-less correctly with the ikky corner-cases presented - by quoted filenames, but the UI could still be slightly improved. - In particular, it is quite slow for remote completion on large directories. - bz#200; ok markus@ - - djm@cvs.openbsd.org 2010/01/04 02:25:15 - [sftp-server.c] - bz#1566 don't unnecessarily dup() in and out fds for sftp-server; - ok markus@ - - dtucker@cvs.openbsd.org 2010/01/08 21:50:49 - [sftp.c] - Fix two warnings: possibly used unitialized and use a nul byte instead of - NULL pointer. ok djm@ - - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import new - files for roaming and add to Makefile. - - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines. - - (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms that - don't have libedit. - - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make - RoutingDomain an unsupported option on platforms that don't have it. - - (dtucker) [sftp.c] Expand ifdef for libedit to cover complete_is_remote - too. - - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket to - be created. - - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN more - to eliminate an unused variable warning. - - (dtucker) [roaming_serv.c] Include includes.h for u_intXX_t types. - -20091226 - - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 - Gzip all man pages. Patch from Corinna Vinschen. - -20091221 - - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}] - Bug #1583: Use system's kerberos principal name on AIX if it's available. - Based on a patch from and tested by Miguel Sanders - -20091208 - - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, - based on a patch from Vaclav Ovsik and Colin Watson. ok djm. - -20091207 - - (dtucker) Bug #1160: use pkg-config for opensc config if it's available. - Tested by Martin Paljak. - - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass. - -20091121 - - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it. - Bug 1628. OK dtucker@ - -20091120 - - (djm) [ssh-rand-helper.c] Print error and usage() when passed command- - line arguments as none are supported. Exit when passed unrecognised - commandline flags. bz#1568 from gson AT araneus.fi - -20091118 - - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to - set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify - setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() - bz#1648, report and fix from jan.kratochvil AT redhat.com - - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal. - bz#1645, patch from jchadima AT redhat.com - -20091107 - - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private - keys when built with OpenSSL versions that don't do AES. - -20091105 - - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with - older versions of OpenSSL. - -20091024 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2009/10/11 23:03:15 - [hostfile.c] - mention the host name that we are looking for in check_host_in_hostfile() - - sobrado@cvs.openbsd.org 2009/10/17 12:10:39 - [sftp-server.c] - sort flags. - - sobrado@cvs.openbsd.org 2009/10/22 12:35:53 - [ssh.1 ssh-agent.1 ssh-add.1] - use the UNIX-related macros (.At and .Ux) where appropriate. - ok jmc@ - - sobrado@cvs.openbsd.org 2009/10/22 15:02:12 - [ssh-agent.1 ssh-add.1 ssh.1] - write UNIX-domain in a more consistent way; while here, replace a - few remaining ".Tn UNIX" macros with ".Ux" ones. - pointed out by ratchov@, thanks! - ok jmc@ - - djm@cvs.openbsd.org 2009/10/22 22:26:13 - [authfile.c] - switch from 3DES to AES-128 for encryption of passphrase-protected - SSH protocol 2 private keys; ok several - - djm@cvs.openbsd.org 2009/10/23 01:57:11 - [sshconnect2.c] - disallow a hostile server from checking jpake auth by sending an - out-of-sequence success message. (doesn't affect code enabled by default) - - dtucker@cvs.openbsd.org 2009/10/24 00:48:34 - [ssh-keygen.1] - ssh-keygen now uses AES-128 for private keys - - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro. - - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux - is enabled set the security context to "sftpd_t" before running the - internal sftp server Based on a patch from jchadima at redhat. - -20091011 - - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for - dirent d_type and DTTOIF as we've switched OpenBSD to the more portable - lstat. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2009/10/08 14:03:41 - [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5] - disable protocol 1 by default (after a transition period of about 10 years) - ok deraadt - - jmc@cvs.openbsd.org 2009/10/08 20:42:12 - [sshd_config.5 ssh_config.5 sshd.8 ssh.1] - some tweaks now that protocol 1 is not offered by default; ok markus - - dtucker@cvs.openbsd.org 2009/10/11 10:41:26 - [sftp-client.c] - d_type isn't portable so use lstat to get dirent modes. Suggested by and - "looks sane" deraadt@ - - markus@cvs.openbsd.org 2009/10/08 18:04:27 - [regress/test-exec.sh] - re-enable protocol v1 for the tests. - -20091007 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2009/08/12 00:13:00 - [sftp.c sftp.1] - support most of scp(1)'s commandline arguments in sftp(1), as a first - step towards making sftp(1) a drop-in replacement for scp(1). - One conflicting option (-P) has not been changed, pending further - discussion. - Patch from carlosvsilvapt@gmail.com as part of his work in the - Google Summer of Code - - jmc@cvs.openbsd.org 2009/08/12 06:31:42 - [sftp.1] - sort options; - - djm@cvs.openbsd.org 2009/08/13 01:11:19 - [sftp.1 sftp.c] - Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path", - add "-P port" to match scp(1). Fortunately, the -P option is only really - used by our regression scripts. - part of larger patch from carlosvsilvapt@gmail.com for his Google Summer - of Code work; ok deraadt markus - - jmc@cvs.openbsd.org 2009/08/13 13:39:54 - [sftp.1 sftp.c] - sync synopsis and usage(); - - djm@cvs.openbsd.org 2009/08/14 18:17:49 - [sftp-client.c] - make the "get_handle: ..." error messages vaguely useful by allowing - callers to specify their own error message strings. - - fgsch@cvs.openbsd.org 2009/08/15 18:56:34 - [auth.h] - remove unused define. markus@ ok. - (Id sync only, Portable still uses this.) - - dtucker@cvs.openbsd.org 2009/08/16 23:29:26 - [sshd_config.5] - Add PubkeyAuthentication to the list allowed in a Match block (bz #1577) - - djm@cvs.openbsd.org 2009/08/18 18:36:21 - [sftp-client.h sftp.1 sftp-client.c sftp.c] - recursive transfer support for get/put and on the commandline - work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code - with some tweaks by me; "go for it" deraadt@ - - djm@cvs.openbsd.org 2009/08/18 21:15:59 - [sftp.1] - fix "get" command usage, spotted by jmc@ - - jmc@cvs.openbsd.org 2009/08/19 04:56:03 - [sftp.1] - ether -> either; - - dtucker@cvs.openbsd.org 2009/08/20 23:54:28 - [mux.c] - subsystem_flag is defined in ssh.c so it's extern; ok djm - - djm@cvs.openbsd.org 2009/08/27 17:28:52 - [sftp-server.c] - allow setting an explicit umask on the commandline to override whatever - default the user has. bz#1229; ok dtucker@ deraadt@ markus@ - - djm@cvs.openbsd.org 2009/08/27 17:33:49 - [ssh-keygen.c] - force use of correct hash function for random-art signature display - as it was inheriting the wrong one when bubblebabble signatures were - activated; bz#1611 report and patch from fwojcik+openssh AT besh.com; - ok markus@ - - djm@cvs.openbsd.org 2009/08/27 17:43:00 - [sftp-server.8] - allow setting an explicit umask on the commandline to override whatever - default the user has. bz#1229; ok dtucker@ deraadt@ markus@ - - djm@cvs.openbsd.org 2009/08/27 17:44:52 - [authfd.c ssh-add.c authfd.h] - Do not fall back to adding keys without contraints (ssh-add -c / -t ...) - when the agent refuses the constrained add request. This was a useful - migration measure back in 2002 when constraints were new, but just - adds risk now. - bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@ - - djm@cvs.openbsd.org 2009/08/31 20:56:02 - [sftp-server.c] - check correct variable for error message, spotted by martynas@ - - djm@cvs.openbsd.org 2009/08/31 21:01:29 - [sftp-server.8] - document -e and -h; prodded by jmc@ - - djm@cvs.openbsd.org 2009/09/01 14:43:17 - [ssh-agent.c] - fix a race condition in ssh-agent that could result in a wedged or - spinning agent: don't read off the end of the allocated fd_sets, and - don't issue blocking read/write on agent sockets - just fall back to - select() on retriable read/write errors. bz#1633 reported and tested - by "noodle10000 AT googlemail.com"; ok dtucker@ markus@ - - grunk@cvs.openbsd.org 2009/10/01 11:37:33 - [dh.c] - fix a cast - ok djm@ markus@ - - djm@cvs.openbsd.org 2009/10/06 04:46:40 - [session.c] - bz#1596: fflush(NULL) before exec() to ensure that everying (motd - in particular) has made it out before the streams go away. - - djm@cvs.openbsd.org 2008/12/07 22:17:48 - [regress/addrmatch.sh] - match string "passwordauthentication" only at start of line, not anywhere - in sshd -T output - - dtucker@cvs.openbsd.org 2009/05/05 07:51:36 - [regress/multiplex.sh] - Always specify ssh_config for multiplex tests: prevents breakage caused - by options in ~/.ssh/config. From Dan Peterson. - - djm@cvs.openbsd.org 2009/08/13 00:57:17 - [regress/Makefile] - regression test for port number parsing. written as part of the a2port - change that went into 5.2 but I forgot to commit it at the time... - - djm@cvs.openbsd.org 2009/08/13 01:11:55 - [regress/sftp-batch.sh regress/sftp-badcmds.sh regress/sftp.sh - regress/sftp-cmds.sh regres/sftp-glob.sh] - date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7 - Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path", - add "-P port" to match scp(1). Fortunately, the -P option is only really - used by our regression scripts. - part of larger patch from carlosvsilvapt@gmail.com for his Google Summer - of Code work; ok deraadt markus - - djm@cvs.openbsd.org 2009/08/20 18:43:07 - [regress/ssh-com-sftp.sh] - fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos - Silva for Google Summer of Code - - dtucker@cvs.openbsd.org 2009/10/06 23:51:49 - [regress/ssh2putty.sh] - Add OpenBSD tag to make syncs easier - - (dtucker) [regress/portnum.sh] Import new test. - - (dtucker) [configure.ac sftp-client.c] DTOTIF is in fs/ffs/dir.h on at - least dragonflybsd. - - (dtucker) d_type is not mandated by POSIX, so add fallback code using - stat(), needed on at least cygwin. - -20091002 - - (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps. - spotted by des AT des.no - -20090926 - - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Update for release - - (djm) [README] update relnotes URL - - (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere - - (djm) Release 5.3p1 - -20090911 - - (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X - 10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch - from jbasney at ncsa uiuc edu. - -20090908 - - (djm) [serverloop.c] Fix test for server-assigned remote forwarding port - (-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@ - -20090901 - - (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for - krb5-config if it's not in the location specified by --with-kerberos5. - Patch from jchadima at redhat. - -20090829 - - (dtucker) [README.platform] Add text about development packages, based on - text from Chris Pepper in bug #1631. - -20090828 - - dtucker [auth-sia.c] Roll back the change for bug #1241 as it apparently - causes problems in some Tru64 configurations. - - (djm) [sshd_config.5] downgrade mention of login.conf to be an example - and mention PAM as another provider for ChallengeResponseAuthentication; - bz#1408; ok dtucker@ - - (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when - attempting atomic rename(); ok dtucker@ - - (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables - in argv, so pass them in the environment; ok dtucker@ - - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on - the pty master on Solaris, since it never succeeds and can hang if large - amounts of data is sent to the slave (eg a copy-paste). Based on a patch - originally from Doke Scott, ok djm@ - - (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer - size a compile-time option and set it to 64k on Cygwin, since Corinna - reports that it makes a significant difference to performance. ok djm@ - - (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry. - -20090820 - - (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not - using it since the type conflicts can cause problems on FreeBSD. Patch - from Jonathan Chen. - - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move - the setpcred call on AIX to immediately before the permanently_set_uid(). - Ensures that we still have privileges when we call chroot and - pam_open_sesson. Based on a patch from David Leonard. - -20090817 - - (dtucker) [configure.ac] Check for headers before libraries for openssl an - zlib, which should make the errors slightly more meaningful on platforms - where there's separate "-devel" packages for those. - - (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make - PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders. - -20090729 - - (tim) [contrib/cygwin/ssh-user-config] Change script to call correct error - function. Patch from Corinna Vinschen. - -20090713 - - (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it - fits into 16 bits to work around a bug in glibc's resolver where it masks - off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob. - -20090712 - - (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test, - prevents configure complaining on older BSDs. - - (dtucker [contrib/cygwin/ssh-{host,user}-config] Add license text. Patch - from Corinna Vinschen. - - (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on - logout to after the session close. Patch from Anicka Bernathova, - originally from Andreas Schwab via Novelll ok djm. - -20090707 - - (dtucker) [contrib/cygwin/ssh-host-config] better support for automated - scripts and fix usage of eval. Patch from Corinna Vinschen. - -20090705 - - (dtucker) OpenBSD CVS Sync - - andreas@cvs.openbsd.org 2009/06/27 09:29:06 - [packet.h packet.c] - packet_bacup_state() and packet_restore_state() will be used to - temporarily save the current state ren resuming a suspended connection. - ok markus@ - - andreas@cvs.openbsd.org 2009/06/27 09:32:43 - [roaming_common.c roaming.h] - It may be necessary to retransmit some data when resuming, so add it - to a buffer when roaming is enabled. - Most of this code was written by Martin Forssen, maf at appgate dot com. - ok markus@ - - andreas@cvs.openbsd.org 2009/06/27 09:35:06 - [readconf.h readconf.c] - Add client option UseRoaming. It doesn't do anything yet but will - control whether the client tries to use roaming if enabled on the - server. From Martin Forssen. - ok markus@ - - markus@cvs.openbsd.org 2009/06/30 14:54:40 - [version.h] - crank version; ok deraadt - - dtucker@cvs.openbsd.org 2009/07/02 02:11:47 - [ssh.c] - allow for long home dir paths (bz #1615). ok deraadt - (based in part on a patch from jchadima at redhat) - - stevesk@cvs.openbsd.org 2009/07/05 19:28:33 - [clientloop.c] - only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@ - ok deraadt@ markus@ - -20090622 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2009/06/22 05:39:28 - [monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c] - alphabetize includes; reduces diff vs portable and style(9). - ok stevesk djm - (Id sync only; these were already in order in -portable) - -20090621 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2009/03/17 21:37:00 - [ssh.c] - pass correct argv[0] to openlog(); ok djm@ - - jmc@cvs.openbsd.org 2009/03/19 15:15:09 - [ssh.1] - for "Ciphers", just point the reader to the keyword in ssh_config(5), just - as we do for "MACs": this stops us getting out of sync when the lists - change; - fixes documentation/6102, submitted by Peter J. Philipp - alternative fix proposed by djm - ok markus - - tobias@cvs.openbsd.org 2009/03/23 08:31:19 - [ssh-agent.c] - Fixed a possible out-of-bounds memory access if the environment variable - SHELL is shorter than 3 characters. - with input by and ok dtucker - - tobias@cvs.openbsd.org 2009/03/23 19:38:04 - [ssh-agent.c] - My previous commit didn't fix the problem at all, so stick at my first - version of the fix presented to dtucker. - Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). - ok dtucker - - sobrado@cvs.openbsd.org 2009/03/26 08:38:39 - [sftp-server.8 sshd.8 ssh-agent.1] - fix a few typographical errors found by spell(1). - ok dtucker@, jmc@ - - stevesk@cvs.openbsd.org 2009/04/13 19:07:44 - [sshd_config.5] - fix possessive; ok djm@ - - stevesk@cvs.openbsd.org 2009/04/14 16:33:42 - [sftp-server.c] - remove unused option character from getopt() optstring; ok markus@ - - jj@cvs.openbsd.org 2009/04/14 21:10:54 - [servconf.c] - Fixed a few the-the misspellings in comments. Skipped a bunch in - binutils,gcc and so on. ok jmc@ - - stevesk@cvs.openbsd.org 2009/04/17 19:23:06 - [session.c] - use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; - ok djm@ markus@ - - stevesk@cvs.openbsd.org 2009/04/17 19:40:17 - [sshd_config.5] - clarify that even internal-sftp needs /dev/log for logging to work; ok - markus@ - - jmc@cvs.openbsd.org 2009/04/18 18:39:10 - [sshd_config.5] - tweak previous; ok stevesk - - stevesk@cvs.openbsd.org 2009/04/21 15:13:17 - [sshd_config.5] - clarify we cd to user's home after chroot; ok markus@ on - earlier version; tweaks and ok jmc@ - - andreas@cvs.openbsd.org 2009/05/25 06:48:01 - [channels.c packet.c clientloop.c packet.h serverloop.c monitor_wrap.c - monitor.c] - Put the globals in packet.c into a struct and don't access it directly - from other files. No functional changes. - ok markus@ djm@ - - andreas@cvs.openbsd.org 2009/05/27 06:31:25 - [canohost.h canohost.c] - Add clear_cached_addr(), needed for upcoming changes allowing the peer - address to change. - ok markus@ - - andreas@cvs.openbsd.org 2009/05/27 06:33:39 - [clientloop.c] - Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger - change from Martin Forssen, maf at appgate dot com. - ok markus@ - - andreas@cvs.openbsd.org 2009/05/27 06:34:36 - [kex.c kex.h] - Move the KEX_COOKIE_LEN define to kex.h - ok markus@ - - andreas@cvs.openbsd.org 2009/05/27 06:36:07 - [packet.h packet.c] - Add packet_put_int64() and packet_get_int64(), part of a larger change - from Martin Forssen. - ok markus@ - - andreas@cvs.openbsd.org 2009/05/27 06:38:16 - [sshconnect.h sshconnect.c] - Un-static ssh_exchange_identification(), part of a larger change from - Martin Forssen and needed for upcoming changes. - ok markus@ - - andreas@cvs.openbsd.org 2009/05/28 16:50:16 - [sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c - monitor.c Added roaming.h roaming_common.c roaming_dummy.c] - Keep track of number of bytes read and written. Needed for upcoming - changes. Most code from Martin Forssen, maf at appgate dot com. - ok markus@ - Also, applied appropriate changes to Makefile.in - - andreas@cvs.openbsd.org 2009/06/12 20:43:22 - [monitor.c packet.c] - Fix warnings found by chl@ and djm@ and change roaming_atomicio's - return type to match atomicio's - Diff from djm@, ok markus@ - - andreas@cvs.openbsd.org 2009/06/12 20:58:32 - [packet.c] - Move some more statics into session_state - ok markus@ djm@ - - dtucker@cvs.openbsd.org 2009/06/21 07:37:15 - [kexdhs.c kexgexs.c] - abort if key_sign fails, preventing possible null deref. Based on report - from Paolo Ganci, ok markus@ djm@ - - dtucker@cvs.openbsd.org 2009/06/21 09:04:03 - [roaming.h roaming_common.c roaming_dummy.c] - Add tags for the benefit of the sync scripts - Also: pull in the changes for 1.1->1.2 missed in the previous sync. - - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and - header-order changes to reduce diff vs OpenBSD. - - (dtucker) [servconf.c sshd.c] More whitespace sync. - - (dtucker) [roaming_common.c roaming_dummy.c] Wrap #include in - ifdef. - -20090616 - - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t - is a struct with a __val member. Fixes build on, eg, Redhat 6.2. - -20090504 - - (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include - variable declarations. Should prevent unused warnings anywhere it's set - (only Crays as far as I can tell) and be a no-op everywhere else. - -20090318 - - (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem - that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005. - Based on patch from vinschen at redhat com. - -20090308 - - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c - auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} - openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old - version of Cygwin. Patch from vinschen at redhat com. - -20090307 - - (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it - exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS - has a /dev/random). - - (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add - EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c - to use them. Allows building with older OpenSSL versions. - - (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed. - - (dtucker) [configure.ac] Missing comma in type list. - - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] - EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg - in openssl 0.9.6) so add an explicit test for it. - -20090306 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2009/03/05 07:18:19 - [auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c] - [sshconnect2.c] - refactor the (disabled) Schnorr proof code to make it a little more - generally useful - - djm@cvs.openbsd.org 2009/03/05 11:30:50 - [uuencode.c] - document what these functions do so I don't ever have to recuse into - b64_pton/ntop to remember their return values - -20090223 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2009/02/22 23:50:57 - [ssh_config.5 sshd_config.5] - don't advertise experimental options - - djm@cvs.openbsd.org 2009/02/22 23:59:25 - [sshd_config.5] - missing period - - djm@cvs.openbsd.org 2009/02/23 00:06:15 - [version.h] - openssh-5.2 - - (djm) [README] update for 5.2 - - (djm) Release openssh-5.2p1 - -20090222 - - (djm) OpenBSD CVS Sync - - tobias@cvs.openbsd.org 2009/02/21 19:32:04 - [misc.c sftp-server-main.c ssh-keygen.c] - Added missing newlines in error messages. - ok dtucker - -20090221 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2009/02/17 01:28:32 - [ssh_config] - sync with revised default ciphers; pointed out by dkrause@ - - djm@cvs.openbsd.org 2009/02/18 04:31:21 - [schnorr.c] - signature should hash over the entire group, not just the generator - (this is still disabled code) - - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Prepare for 5.2p1 - -20090216 - - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh] - [regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled - interop tests from FATAL error to a warning. Allows some interop - tests to proceed if others are missing necessary prerequisites. - - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris - systems; patch from Aurelien Jarno via rmh AT aybabtu.com - -20090214 - - (djm) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2009/02/02 11:15:14 - [sftp.c] - Initialize a few variables to prevent spurious "may be used - uninitialized" warnings from newer gcc's. ok djm@ - - djm@cvs.openbsd.org 2009/02/12 03:00:56 - [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] - [readconf.h serverloop.c ssh.c] - support remote port forwarding with a zero listen port (-R0:...) to - dyamically allocate a listen port at runtime (this is actually - specified in rfc4254); bz#1003 ok markus@ - - djm@cvs.openbsd.org 2009/02/12 03:16:01 - [serverloop.c] - tighten check for -R0:... forwarding: only allow dynamic allocation - if want_reply is set in the packet - - djm@cvs.openbsd.org 2009/02/12 03:26:22 - [monitor.c] - some paranoia: check that the serialised key is really KEY_RSA before - diddling its internals - - djm@cvs.openbsd.org 2009/02/12 03:42:09 - [ssh.1] - document -R0:... usage - - djm@cvs.openbsd.org 2009/02/12 03:44:25 - [ssh.1] - consistency: Dq => Ql - - djm@cvs.openbsd.org 2009/02/12 03:46:17 - [ssh_config.5] - document RemoteForward usage with 0 listen port - - jmc@cvs.openbsd.org 2009/02/12 07:34:20 - [ssh_config.5] - kill trailing whitespace; - - markus@cvs.openbsd.org 2009/02/13 11:50:21 - [packet.c] - check for enc !=NULL in packet_start_discard - - djm@cvs.openbsd.org 2009/02/14 06:35:49 - [PROTOCOL] - mention that eow and no-more-sessions extensions are sent only to - OpenSSH peers - -20090212 - - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically - set ownership and modes, so avoid explicitly setting them - - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX. - OSX provides a getlastlogxbyname function that automates the reading of - a lastlog file. Also, the pututxline function will update lastlog so - there is no need for loginrec.c to do it explicitly. Collapse some - overly verbose code while I'm in there. - -20090201 - - (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in - channels.c too, so move the definition for non-IP6 platforms to defines.h - where it can be shared. - -20090129 - - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. - If the CYGWIN environment variable is empty, the installer script - should not install the service with an empty CYGWIN variable, but - rather without setting CYGWNI entirely. - - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes. - -20090128 - - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. - Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x. - The information given for the setting of the CYGWIN environment variable - is wrong for both releases so I just removed it, together with the - unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting. - -20081228 - - (djm) OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2008/12/09 03:20:42 - [channels.c servconf.c] - channel_print_adm_permitted_opens() should deal with all the printing - for that config option. suggested by markus@; ok markus@ djm@ - dtucker@ - - djm@cvs.openbsd.org 2008/12/09 04:32:22 - [auth2-chall.c] - replace by-hand string building with xasprinf(); ok deraadt@ - - sobrado@cvs.openbsd.org 2008/12/09 15:35:00 - [sftp.1 sftp.c] - update for the synopses displayed by the 'help' command, there are a - few missing flags; add 'bye' to the output of 'help'; sorting and spacing. - jmc@ suggested replacing .Oo/.Oc with a single .Op macro. - ok jmc@ - - stevesk@cvs.openbsd.org 2008/12/09 22:37:33 - [clientloop.c] - fix typo in error message - - stevesk@cvs.openbsd.org 2008/12/10 03:55:20 - [addrmatch.c] - o cannot be NULL here but use xfree() to be consistent; ok djm@ - - stevesk@cvs.openbsd.org 2008/12/29 01:12:36 - [ssh-keyscan.1] - fix example, default key type is rsa for 3+ years; from - frederic.perrin@resel.fr - - stevesk@cvs.openbsd.org 2008/12/29 02:23:26 - [pathnames.h] - no need to escape single quotes in comments - - okan@cvs.openbsd.org 2008/12/30 00:46:56 - [sshd_config.5] - add AllowAgentForwarding to available Match keywords list - ok djm - - djm@cvs.openbsd.org 2009/01/01 21:14:35 - [channels.c] - call channel destroy callbacks on receipt of open failure messages. - fixes client hangs when connecting to a server that has MaxSessions=0 - set spotted by imorgan AT nas.nasa.gov; ok markus@ - - djm@cvs.openbsd.org 2009/01/01 21:17:36 - [kexgexs.c] - fix hash calculation for KEXGEX: hash over the original client-supplied - values and not the sanity checked versions that we acutally use; - bz#1540 reported by john.smith AT arrows.demon.co.uk - ok markus@ - - djm@cvs.openbsd.org 2009/01/14 01:38:06 - [channels.c] - support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482; - "looks ok" markus@ - - stevesk@cvs.openbsd.org 2009/01/15 17:38:43 - [readconf.c] - 1) use obsolete instead of alias for consistency - 2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is - so move the comment. - 3) reorder so like options are together - ok djm@ - - djm@cvs.openbsd.org 2009/01/22 09:46:01 - [channels.c channels.h session.c] - make Channel->path an allocated string, saving a few bytes here and - there and fixing bz#1380 in the process; ok markus@ - - djm@cvs.openbsd.org 2009/01/22 09:49:57 - [channels.c] - oops! I committed the wrong version of the Channel->path diff, - it was missing some tweaks suggested by stevesk@ - - djm@cvs.openbsd.org 2009/01/22 10:02:34 - [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] - [serverloop.c ssh-keyscan.c ssh.c sshd.c] - make a2port() return -1 when it encounters an invalid port number - rather than 0, which it will now treat as valid (needed for future work) - adjust current consumers of a2port() to check its return value is <= 0, - which in turn required some things to be converted from u_short => int - make use of int vs. u_short consistent in some other places too - feedback & ok markus@ - - djm@cvs.openbsd.org 2009/01/22 10:09:16 - [auth-options.c] - another chunk of a2port() diff that got away. wtfdjm?? - - djm@cvs.openbsd.org 2009/01/23 07:58:11 - [myproposal.h] - prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC - modes; ok markus@ - - naddy@cvs.openbsd.org 2009/01/24 17:10:22 - [ssh_config.5 sshd_config.5] - sync list of preferred ciphers; ok djm@ - - markus@cvs.openbsd.org 2009/01/26 09:58:15 - [cipher.c cipher.h packet.c] - Work around the CPNI-957037 Plaintext Recovery Attack by always - reading 256K of data on packet size or HMAC errors (in CBC mode only). - Help, feedback and ok djm@ - Feedback from Martin Albrecht and Paterson Kenny - -20090107 - - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. - Patch based on one from vgiffin AT apple.com; ok dtucker@ - - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via - launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked; - ok dtucker@ - - (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make - ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity" - key). Patch from cjwatson AT debian.org - -20090107 - - (tim) [configure.ac defines.h openbsd-compat/port-uw.c - openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI. - OK djm@ dtucker@ - - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section. - OpenServer 6 doesn't need libcrypt. - -20081209 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/12/09 02:38:18 - [clientloop.c] - The ~C escape handler does not work correctly for multiplexed sessions - - it opens a commandline on the master session, instead of on the slave - that requested it. Disable it on slave sessions until such time as it - is fixed; bz#1543 report from Adrian Bridgett via Colin Watson - ok markus@ - - djm@cvs.openbsd.org 2008/12/09 02:39:59 - [sftp.c] - Deal correctly with failures in remote stat() operation in sftp, - correcting fail-on-error behaviour in batchmode. bz#1541 report and - fix from anedvedicky AT gmail.com; ok markus@ - - djm@cvs.openbsd.org 2008/12/09 02:58:16 - [readconf.c] - don't leave junk (free'd) pointers around in Forward *fwd argument on - failure; avoids double-free in ~C -L handler when given an invalid - forwarding specification; bz#1539 report from adejong AT debian.org - via Colin Watson; ok markus@ dtucker@ - - djm@cvs.openbsd.org 2008/12/09 03:02:37 - [sftp.1 sftp.c] - correct sftp(1) and corresponding usage syntax; - bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@ - -20081208 - - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually - use some stack in main(). - Report and suggested fix from vapier AT gentoo.org - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2008/12/02 19:01:07 - [clientloop.c] - we have to use the recipient's channel number (RFC 4254) for - SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages, - otherwise we trigger 'Non-public channel' error messages on sshd - systems with clientkeepalive enabled; noticed by sturm; ok djm; - - markus@cvs.openbsd.org 2008/12/02 19:08:59 - [serverloop.c] - backout 1.149, since it's not necessary and openssh clients send - broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@ - - markus@cvs.openbsd.org 2008/12/02 19:09:38 - [channels.c] - s/remote_id/id/ to be more consistent with other code; ok djm@ - -20081201 - - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files - and tweak the is-sshd-running check in ssh-host-config. Patch from - vinschen at redhat com. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2008/11/21 15:47:38 - [packet.c] - packet_disconnect() on padding error, too. should reduce the success - probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 - ok djm@ - - dtucker@cvs.openbsd.org 2008/11/30 11:59:26 - [monitor_fdpass.c] - Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@ - -20081123 - - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some - declarations, removing an unnecessary union member and adding whitespace. - cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago. - -20081118 - - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id - member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and - feedback by djm@ - -20081111 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2008/11/05 11:22:54 - [servconf.c] - passord -> password; - fixes user/5975 from Rene Maroufi - - stevesk@cvs.openbsd.org 2008/11/07 00:42:12 - [ssh-keygen.c] - spelling/typo in comment - - stevesk@cvs.openbsd.org 2008/11/07 18:50:18 - [nchan.c] - add space to some log/debug messages for readability; ok djm@ markus@ - - dtucker@cvs.openbsd.org 2008/11/07 23:34:48 - [auth2-jpake.c] - Move JPAKE define to make life easier for portable. ok djm@ - - tobias@cvs.openbsd.org 2008/11/09 12:34:47 - [session.c ssh.1] - typo fixed (overriden -> overridden) - ok espie, jmc - - stevesk@cvs.openbsd.org 2008/11/11 02:58:09 - [servconf.c] - USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing - kerberosgetafstoken. ok dtucker@ - (Id sync only, we still want the ifdef in portable) - - stevesk@cvs.openbsd.org 2008/11/11 03:55:11 - [channels.c] - for sshd -T print 'permitopen any' vs. 'permitopen' for case of no - permitopen's; ok and input dtucker@ - - djm@cvs.openbsd.org 2008/11/10 02:06:35 - [regress/putty-ciphers.sh] - PuTTY supports AES CTR modes, so interop test against them too - -20081105 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/11/03 08:59:41 - [servconf.c] - include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov - - djm@cvs.openbsd.org 2008/11/04 07:58:09 - [auth.c] - need unistd.h for close() prototype - (ID sync only) - - djm@cvs.openbsd.org 2008/11/04 08:22:13 - [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] - [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] - [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] - [Makefile.in] - Add support for an experimental zero-knowledge password authentication - method using the J-PAKE protocol described in F. Hao, P. Ryan, - "Password Authenticated Key Exchange by Juggling", 16th Workshop on - Security Protocols, Cambridge, April 2008. - - This method allows password-based authentication without exposing - the password to the server. Instead, the client and server exchange - cryptographic proofs to demonstrate of knowledge of the password while - revealing nothing useful to an attacker or compromised endpoint. - - This is experimental, work-in-progress code and is presently - compiled-time disabled (turn on -DJPAKE in Makefile.inc). - - "just commit it. It isn't too intrusive." deraadt@ - - stevesk@cvs.openbsd.org 2008/11/04 19:18:00 - [readconf.c] - because parse_forward() is now used to parse all forward types (DLR), - and it malloc's space for host variables, we don't need to malloc - here. fixes small memory leaks. - - previously dynamic forwards were not parsed in parse_forward() and - space was not malloc'd in that case. - - ok djm@ - - stevesk@cvs.openbsd.org 2008/11/05 03:23:09 - [clientloop.c ssh.1] - add dynamic forward escape command line; ok djm@ - -20081103 - - OpenBSD CVS Sync - - sthen@cvs.openbsd.org 2008/07/24 23:55:30 - [ssh-keygen.1] - Add "ssh-keygen -F -l" to synopsis (displays fingerprint from - known_hosts). ok djm@ - - grunk@cvs.openbsd.org 2008/07/25 06:56:35 - [ssh_config] - Add VisualHostKey to example file, ok djm@ - - grunk@cvs.openbsd.org 2008/07/25 07:05:16 - [key.c] - In random art visualization, make sure to use the end marker only at the - end. Initial diff by Dirk Loss, tweaks and ok djm@ - - markus@cvs.openbsd.org 2008/07/31 14:48:28 - [sshconnect2.c] - don't allocate space for empty banners; report t8m at centrum.cz; - ok deraadt - - krw@cvs.openbsd.org 2008/08/02 04:29:51 - [ssh_config.5] - whitepsace -> whitespace. From Matthew Clarke via bugs@. - - djm@cvs.openbsd.org 2008/08/21 04:09:57 - [session.c] - allow ForceCommand internal-sftp with arguments. based on patch from - michael.barabanov AT gmail.com; ok markus@ - - djm@cvs.openbsd.org 2008/09/06 12:24:13 - [kex.c] - OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our - replacement anymore - (ID sync only for portable - we still need this) - - markus@cvs.openbsd.org 2008/09/11 14:22:37 - [compat.c compat.h nchan.c ssh.c] - only send eow and no-more-sessions requests to openssh 5 and newer; - fixes interop problems with broken ssh v2 implementations; ok djm@ - - millert@cvs.openbsd.org 2008/10/02 14:39:35 - [session.c] - Convert an unchecked strdup to xstrdup. OK deraadt@ - - jmc@cvs.openbsd.org 2008/10/03 13:08:12 - [sshd.8] - do not give an example of how to chmod files: we can presume the user - knows that. removes an ambiguity in the permission of authorized_keys; - ok deraadt - - deraadt@cvs.openbsd.org 2008/10/03 23:56:28 - [sshconnect2.c] - Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the - function. - spotted by des@freebsd, who commited an incorrect fix to the freebsd tree - and (as is fairly typical) did not report the problem to us. But this fix - is correct. - ok djm - - djm@cvs.openbsd.org 2008/10/08 23:34:03 - [ssh.1 ssh.c] - Add -y option to force logging via syslog rather than stderr. - Useful for daemonised ssh connection (ssh -f). Patch originally from - and ok'd by markus@ - - djm@cvs.openbsd.org 2008/10/09 03:50:54 - [servconf.c sshd_config.5] - support setting PermitEmptyPasswords in a Match block - requested in PR3891; ok dtucker@ - - jmc@cvs.openbsd.org 2008/10/09 06:54:22 - [ssh.c] - add -y to usage(); - - stevesk@cvs.openbsd.org 2008/10/10 04:55:16 - [scp.c] - spelling in comment; ok djm@ - - stevesk@cvs.openbsd.org 2008/10/10 05:00:12 - [key.c] - typo in error message; ok djm@ - - stevesk@cvs.openbsd.org 2008/10/10 16:43:27 - [ssh_config.5] - use 'Privileged ports can be forwarded only when logging in as root on - the remote machine.' for RemoteForward just like ssh.1 -R. - ok djm@ jmc@ - - stevesk@cvs.openbsd.org 2008/10/14 18:11:33 - [sshconnect.c] - use #define ROQUIET here; no binary change. ok dtucker@ - - stevesk@cvs.openbsd.org 2008/10/17 18:36:24 - [ssh_config.5] - correct and clarify VisualHostKey; ok jmc@ - - stevesk@cvs.openbsd.org 2008/10/30 19:31:16 - [clientloop.c sshd.c] - don't need to #include "monitor_fdpass.h" - - stevesk@cvs.openbsd.org 2008/10/31 15:05:34 - [dispatch.c] - remove unused #define DISPATCH_MIN; ok markus@ - - djm@cvs.openbsd.org 2008/11/01 04:50:08 - [sshconnect2.c] - sprinkle ARGSUSED on dispatch handlers - nuke stale unusued prototype - - stevesk@cvs.openbsd.org 2008/11/01 06:43:33 - [channels.c] - fix some typos in log messages; ok djm@ - - sobrado@cvs.openbsd.org 2008/11/01 11:14:36 - [ssh-keyscan.1 ssh-keyscan.c] - the ellipsis is not an optional argument; while here, improve spacing. - - stevesk@cvs.openbsd.org 2008/11/01 17:40:33 - [clientloop.c readconf.c readconf.h ssh.c] - merge dynamic forward parsing into parse_forward(); - 'i think this is OK' djm@ - - stevesk@cvs.openbsd.org 2008/11/02 00:16:16 - [ttymodes.c] - protocol 2 tty modes support is now 7.5 years old so remove these - debug3()s; ok deraadt@ - - stevesk@cvs.openbsd.org 2008/11/03 01:07:02 - [readconf.c] - remove valueless comment - - stevesk@cvs.openbsd.org 2008/11/03 02:44:41 - [readconf.c] - fix comment - - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd] - Make example scripts generate keys with default sizes rather than fixed, - non-default 1024 bits; patch from imorgan AT nas.nasa.gov - - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam] - [contrib/redhat/sshd.pam] Move pam_nologin to account group from - incorrect auth group in example files; - patch from imorgan AT nas.nasa.gov - -20080906 - - (dtucker) [config.guess config.sub] Update to latest versions from - http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16 - respectively). - -20080830 - - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs - larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch - from Nicholas Marriott. - -20080721 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/07/23 07:36:55 - [servconf.c] - do not try to print options that have been compile-time disabled - in config test mode (sshd -T); report from nix-corp AT esperi.org.uk - ok dtucker@ - - (djm) [servconf.c] Print UsePAM option in config test mode (when it - has been compiled in); report from nix-corp AT esperi.org.uk - ok dtucker@ - -20080721 - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2008/07/18 22:51:01 - [sftp-server.8] - no need for .Pp before or after .Sh; - - djm@cvs.openbsd.org 2008/07/21 08:19:07 - [version.h] - openssh-5.1 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Update version number in README and RPM specs - - (djm) Release OpenSSH-5.1 - -20080717 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/07/17 08:48:00 - [sshconnect2.c] - strnvis preauth banner; pointed out by mpf@ ok markus@ - - djm@cvs.openbsd.org 2008/07/17 08:51:07 - [auth2-hostbased.c] - strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes - report and patch from res AT qoxp.net (bz#1200); ok markus@ - - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Remove long-unneeded compat - code, replace with equivalent cygwin library call. Patch from vinschen - at redhat.com, ok djm@. - - (djm) [sshconnect2.c] vis.h isn't available everywhere - -20080716 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/07/15 02:23:14 - [sftp.1] - number of pipelined requests is now 64; - prodded by Iain.Morgan AT nasa.gov - - djm@cvs.openbsd.org 2008/07/16 11:51:14 - [clientloop.c] - rename variable first_gc -> last_gc (since it is actually the last - in the list). - - djm@cvs.openbsd.org 2008/07/16 11:52:19 - [channels.c] - this loop index should be automatic, not static - -20080714 - - (djm) OpenBSD CVS Sync - - sthen@cvs.openbsd.org 2008/07/13 21:22:52 - [ssh-keygen.c] - Change "ssh-keygen -F [host] -l" to not display random art unless - -v is also specified, making it consistent with the manual and other - uses of -l. - ok grunk@ - - djm@cvs.openbsd.org 2008/07/13 22:13:07 - [channels.c] - use struct sockaddr_storage instead of struct sockaddr for accept(2) - address argument. from visibilis AT yahoo.com in bz#1485; ok markus@ - - djm@cvs.openbsd.org 2008/07/13 22:16:03 - [sftp.c] - increase number of piplelined requests so they properly fill the - (recently increased) channel window. prompted by rapier AT psc.edu; - ok markus@ - - djm@cvs.openbsd.org 2008/07/14 01:55:56 - [sftp-server.8] - mention requirement for /dev/log inside chroot when using sftp-server - with ChrootDirectory - - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to - avoid clash with sin(3) function; reported by - cristian.ionescu-idbohrn AT axis.com - - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close() - prototype; reported by cristian.ionescu-idbohrn AT axis.com - - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash; - reported by cristian.ionescu-idbohrn AT axis.com - - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config] - [contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd] - Revamped and simplified Cygwin ssh-host-config script that uses - unified csih configuration tool. Requires recent Cygwin. - Patch from vinschen AT redhat.com - -20080712 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/07/12 04:52:50 - [channels.c] - unbreak; move clearing of cctx struct to before first use - reported by dkrause@ - - djm@cvs.openbsd.org 2008/07/12 05:33:41 - [scp.1] - better description for -i flag: - s/RSA authentication/public key authentication/ - - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h] - return EAI_FAMILY when trying to lookup unsupported address family; - from vinschen AT redhat.com - -20080711 - - (djm) OpenBSD CVS Sync - - stevesk@cvs.openbsd.org 2008/07/07 00:31:41 - [ttymodes.c] - we don't need arg after the debug3() was removed. from lint. - ok djm@ - - stevesk@cvs.openbsd.org 2008/07/07 23:32:51 - [key.c] - /*NOTREACHED*/ for lint warning: - warning: function key_equal falls off bottom without returning value - ok djm@ - - markus@cvs.openbsd.org 2008/07/10 18:05:58 - [channels.c] - missing bzero; from mickey; ok djm@ - - markus@cvs.openbsd.org 2008/07/10 18:08:11 - [clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c] - sync v1 and v2 traffic accounting; add it to sshd, too; - ok djm@, dtucker@ - -20080709 - - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass - - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM - account check failure path. The vulnerable format buffer is supplied - from PAM and should not contain attacker-supplied data. - - (djm) [auth.c] Missing unistd.h for close() - - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x - -20080705 - - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed - passwords disabled. bz#1083 report & patch from senthilkumar_sen AT - hotpop.com, w/ dtucker@ - - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for - Tru64. readv doesn't seem to be a comparable object there. - bz#1386, patch from dtucker@ ok me - - (djm) [Makefile.in] Pass though pass to conch for interop tests - - (djm) [configure.ac] unbreak: remove extra closing brace - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/07/04 23:08:25 - [packet.c] - handle EINTR in packet_write_poll()l ok dtucker@ - - djm@cvs.openbsd.org 2008/07/04 23:30:16 - [auth1.c auth2.c] - Make protocol 1 MaxAuthTries logic match protocol 2's. - Do not treat the first protocol 2 authentication attempt as - a failure IFF it is for method "none". - Makes MaxAuthTries' user-visible behaviour identical for - protocol 1 vs 2. - ok dtucker@ - - djm@cvs.openbsd.org 2008/07/05 05:16:01 - [PROTOCOL] - grammar - -20080704 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/07/02 13:30:34 - [auth2.c] - really really remove the freebie "none" auth try for protocol 2 - - djm@cvs.openbsd.org 2008/07/02 13:47:39 - [ssh.1 ssh.c] - When forking after authentication ("ssh -f") with ExitOnForwardFailure - enabled, delay the fork until after replies for any -R forwards have - been seen. Allows for robust detection of -R forward failure when - using -f (similar to bz#92); ok dtucker@ - - otto@cvs.openbsd.org 2008/07/03 21:46:58 - [auth2-pubkey.c] - avoid nasty double free; ok dtucker@ djm@ - - djm@cvs.openbsd.org 2008/07/04 03:44:59 - [servconf.c groupaccess.h groupaccess.c] - support negation of groups in "Match group" block (bz#1315); ok dtucker@ - - dtucker@cvs.openbsd.org 2008/07/04 03:47:02 - [monitor.c] - Make debug a little clearer. ok djm@ - - djm@cvs.openbsd.org 2008/06/30 08:07:34 - [regress/key-options.sh] - shell portability: use "=" instead of "==" in test(1) expressions, - double-quote string with backslash escaped / - - djm@cvs.openbsd.org 2008/06/30 10:31:11 - [regress/{putty-transfer,putty-kex,putty-ciphers}.sh] - remove "set -e" left over from debugging - - djm@cvs.openbsd.org 2008/06/30 10:43:03 - [regress/conch-ciphers.sh] - explicitly disable conch options that could interfere with the test - - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link - returns EXDEV. Patch from Mike Garrison, ok djm@ - - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h] - [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] - [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on - some platforms (HP nonstop) it is a distinct errno; - bz#1467 reported by sconeu AT yahoo.com; ok dtucker@ - -20080702 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/06/30 08:05:59 - [PROTOCOL.agent] - typo: s/constraint_date/constraint_data/ - - djm@cvs.openbsd.org 2008/06/30 12:15:39 - [serverloop.c] - only pass channel requests on session channels through to the session - channel handler, avoiding spurious log messages; ok! markus@ - - djm@cvs.openbsd.org 2008/06/30 12:16:02 - [nchan.c] - only send eow@openssh.com notifications for session channels; ok! markus@ - - djm@cvs.openbsd.org 2008/06/30 12:18:34 - [PROTOCOL] - clarify that eow@openssh.com is only sent on session channels - - dtucker@cvs.openbsd.org 2008/07/01 07:20:52 - [sshconnect.c] - Check ExitOnForwardFailure if forwardings are disabled due to a failed - host key check. ok djm@ - - dtucker@cvs.openbsd.org 2008/07/01 07:24:22 - [sshconnect.c sshd.c] - Send CR LF during protocol banner exchanges, but only for Protocol 2 only, - in order to comply with RFC 4253. bz #1443, ok djm@ - - stevesk@cvs.openbsd.org 2008/07/01 23:12:47 - [PROTOCOL.agent] - fix some typos; ok djm@ - - djm@cvs.openbsd.org 2008/07/02 02:24:18 - [sshd_config sshd_config.5 sshd.8 servconf.c] - increase default size of ssh protocol 1 ephemeral key from 768 to 1024 - bits; prodded by & ok dtucker@ ok deraadt@ - - dtucker@cvs.openbsd.org 2008/07/02 12:03:51 - [auth-rsa.c auth.c auth2-pubkey.c auth.h] - Merge duplicate host key file checks, based in part on a patch from Rob - Holland via bz #1348 . Also checks for non-regular files during protocol - 1 RSA auth. ok djm@ - - djm@cvs.openbsd.org 2008/07/02 12:36:39 - [auth2-none.c auth2.c] - Make protocol 2 MaxAuthTries behaviour a little more sensible: - Check whether client has exceeded MaxAuthTries before running - an authentication method and skip it if they have, previously it - would always allow one try (for "none" auth). - Preincrement failure count before post-auth test - previously this - checked and postincremented, also to allow one "none" try. - Together, these two changes always count the "none" auth method - which could be skipped by a malicious client (e.g. an SSH worm) - to get an extra attempt at a real auth method. They also make - MaxAuthTries=0 a useful way to block users entirely (esp. in a - sshd_config Match block). - Also, move sending of any preauth banner from "none" auth method - to the first call to input_userauth_request(), so worms that skip - the "none" method get to see it too. - -20080630 - - (djm) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 - [regress/Makefile regress/key-options.sh] - Add regress test for key options. ok djm@ - - dtucker@cvs.openbsd.org 2008/06/11 23:11:40 - [regress/Makefile] - Don't run cipher-speed test by default; mistakenly enabled by me - - djm@cvs.openbsd.org 2008/06/28 13:57:25 - [regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh] - very basic regress test against Twisted Conch in "make interop" - target (conch is available in ports/devel/py-twisted/conch); - ok markus@ - - (djm) [regress/Makefile] search for conch by path, like we do putty - -20080629 - - (djm) OpenBSD CVS Sync - - martynas@cvs.openbsd.org 2008/06/21 07:46:46 - [sftp.c] - use optopt to get invalid flag, instead of return value of getopt, - which is always '?'; ok djm@ - - otto@cvs.openbsd.org 2008/06/25 11:13:43 - [key.c] - add key length to visual fingerprint; zap magical constants; - ok grunk@ djm@ - - djm@cvs.openbsd.org 2008/06/26 06:10:09 - [sftp-client.c sftp-server.c] - allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky - bits. Note that this only affects explicit setting of modes (e.g. via - sftp(1)'s chmod command) and not file transfers. (bz#1310) - ok deraadt@ at c2k8 - - djm@cvs.openbsd.org 2008/06/26 09:19:40 - [dh.c dh.h moduli.c] - when loading moduli from /etc/moduli in sshd(8), check that they - are of the expected "safe prime" structure and have had - appropriate primality tests performed; - feedback and ok dtucker@ - - grunk@cvs.openbsd.org 2008/06/26 11:46:31 - [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c] - Move SSH Fingerprint Visualization away from sharing the config option - CheckHostIP to an own config option named VisualHostKey. - While there, fix the behaviour that ssh would draw a random art picture - on every newly seen host even when the option was not enabled. - prodded by deraadt@, discussions, - help and ok markus@ djm@ dtucker@ - - jmc@cvs.openbsd.org 2008/06/26 21:11:46 - [ssh.1] - add VisualHostKey to the list of options listed in -o; - - djm@cvs.openbsd.org 2008/06/28 07:25:07 - [PROTOCOL] - spelling fixes - - djm@cvs.openbsd.org 2008/06/28 13:58:23 - [ssh-agent.c] - refuse to add a key that has unknown constraints specified; - ok markus - - djm@cvs.openbsd.org 2008/06/28 14:05:15 - [ssh-agent.c] - reset global compat flag after processing a protocol 2 signature - request with the legacy DSA encoding flag set; ok markus - - djm@cvs.openbsd.org 2008/06/28 14:08:30 - [PROTOCOL PROTOCOL.agent] - document the protocol used by ssh-agent; "looks ok" markus@ - -20080628 - - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec] - RFC.nroff lacks a license, remove it (it is long gone in OpenBSD). - -20080626 - - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD. - (bz#1372) - - (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Include moduli.5 in RPM spec files. - -20080616 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2008/06/16 13:22:53 - [session.c channels.c] - Rename the isatty argument to is_tty so we don't shadow - isatty(3). ok markus@ - - (dtucker) [channels.c] isatty -> is_tty here too. - -20080615 - - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. - - OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2008/06/14 15:49:48 - [sshd.c] - wrap long line at 80 chars - - dtucker@cvs.openbsd.org 2008/06/14 17:07:11 - [sshd.c] - ensure default umask disallows at least group and world write; ok djm@ - - djm@cvs.openbsd.org 2008/06/14 18:33:43 - [session.c] - suppress the warning message from chdir(homedir) failures - when chrooted (bz#1461); ok dtucker - - dtucker@cvs.openbsd.org 2008/06/14 19:42:10 - [scp.1] - Mention that scp follows symlinks during -r. bz #1466, - from nectar at apple - - dtucker@cvs.openbsd.org 2008/06/15 16:55:38 - [sshd_config.5] - MaxSessions is allowed in a Match block too - - dtucker@cvs.openbsd.org 2008/06/15 16:58:40 - [servconf.c sshd_config.5] - Allow MaxAuthTries within a Match block. ok djm@ - - djm@cvs.openbsd.org 2008/06/15 20:06:26 - [channels.c channels.h session.c] - don't call isatty() on a pty master, instead pass a flag down to - channel_set_fds() indicating that te fds refer to a tty. Fixes a - hang on exit on Solaris (bz#1463) in portable but is actually - a generic bug; ok dtucker deraadt markus - -20080614 - - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction - replacement code; patch from ighighi AT gmail.com in bz#1240; - ok dtucker - -20080613 - - (dtucker) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2008/06/13 09:44:36 - [packet.c] - compile on older gcc; no decl after code - - dtucker@cvs.openbsd.org 2008/06/13 13:56:59 - [monitor.c] - Clear key options in the monitor on failed authentication, prevents - applying additional restrictions to non-pubkey authentications in - the case where pubkey fails but another method subsequently succeeds. - bz #1472, found by Colin Watson, ok markus@ djm@ - - dtucker@cvs.openbsd.org 2008/06/13 14:18:51 - [auth2-pubkey.c auth-rhosts.c] - Include unistd.h for close(), prevents warnings in -portable - - dtucker@cvs.openbsd.org 2008/06/13 17:21:20 - [mux.c] - Friendlier error messages for mux fallback. ok djm@ - - dtucker@cvs.openbsd.org 2008/06/13 18:55:22 - [scp.c] - Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@ - - grunk@cvs.openbsd.org 2008/06/13 20:13:26 - [ssh.1] - Explain the use of SSH fpr visualization using random art, and cite the - original scientific paper inspiring that technique. - Much help with English and nroff by jmc@, thanks. - - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which - despite its name doesn't seem to implement all of GSSAPI. Patch from - Jan Engelhardt, sanity checked by Simon Wilkinson. - -20080612 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2008/06/11 07:30:37 - [sshd.8] - kill trailing whitespace; - - grunk@cvs.openbsd.org 2008/06/11 21:01:35 - [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c - sshconnect.c] - Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the - graphical hash visualization schemes known as "random art", and by - Dan Kaminsky's musings on the subject during a BlackOp talk at the - 23C3 in Berlin. - Scientific publication (original paper): - "Hash Visualization: a New Technique to improve Real-World Security", - Perrig A. and Song D., 1999, International Workshop on Cryptographic - Techniques and E-Commerce (CrypTEC '99) - http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf - The algorithm used here is a worm crawling over a discrete plane, - leaving a trace (augmenting the field) everywhere it goes. - Movement is taken from dgst_raw 2bit-wise. Bumping into walls - makes the respective movement vector be ignored for this turn, - thus switching to the other color of the chessboard. - Graphs are not unambiguous for now, because circles in graphs can be - walked in either direction. - discussions with several people, - help, corrections and ok markus@ djm@ - - grunk@cvs.openbsd.org 2008/06/11 21:38:25 - [ssh-keygen.c] - ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub - would not display you the random art as intended, spotted by canacar@ - - grunk@cvs.openbsd.org 2008/06/11 22:20:46 - [ssh-keygen.c ssh-keygen.1] - ssh-keygen would write fingerprints to STDOUT, and random art to STDERR, - that is not how it was envisioned. - Also correct manpage saying that -v is needed along with -l for it to work. - spotted by naddy@ - - otto@cvs.openbsd.org 2008/06/11 23:02:22 - [key.c] - simpler way of computing the augmentations; ok grunk@ - - grunk@cvs.openbsd.org 2008/06/11 23:03:56 - [ssh_config.5] - CheckHostIP set to ``fingerprint'' will display both hex and random art - spotted by naddy@ - - grunk@cvs.openbsd.org 2008/06/11 23:51:57 - [key.c] - #define statements that are not atoms need braces around them, else they - will cause trouble in some cases. - Also do a computation of -1 once, and not in a loop several times. - spotted by otto@ - - dtucker@cvs.openbsd.org 2008/06/12 00:03:49 - [dns.c canohost.c sshconnect.c] - Do not pass "0" strings as ports to getaddrinfo because the lookups - can slow things down and we never use the service info anyway. bz - #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok - deraadt@ djm@ - djm belives that the reason for the "0" strings is to ensure that - it's not possible to call getaddrinfo with both host and port being - NULL. In the case of canohost.c host is a local array. In the - case of sshconnect.c, it's checked for null immediately before use. - In dns.c it ultimately comes from ssh.c:main() and is guaranteed to - be non-null but it's not obvious, so I added a warning message in - case it is ever passed a null. - - grunk@cvs.openbsd.org 2008/06/12 00:13:55 - [sshconnect.c] - Make ssh print the random art also when ssh'ing to a host using IP only. - spotted by naddy@, ok and help djm@ dtucker@ - - otto@cvs.openbsd.org 2008/06/12 00:13:13 - [key.c] - use an odd number of rows and columns and a separate start marker, looks - better; ok grunk@ - - djm@cvs.openbsd.org 2008/06/12 03:40:52 - [clientloop.h mux.c channels.c clientloop.c channels.h] - Enable ~ escapes for multiplex slave sessions; give each channel - its own escape state and hook the escape filters up to muxed - channels. bz #1331 - Mux slaves do not currently support the ~^Z and ~& escapes. - NB. this change cranks the mux protocol version, so a new ssh - mux client will not be able to connect to a running old ssh - mux master. - ok dtucker@ - - djm@cvs.openbsd.org 2008/06/12 04:06:00 - [clientloop.h ssh.c clientloop.c] - maintain an ordered queue of outstanding global requests that we - expect replies to, similar to the per-channel confirmation queue. - Use this queue to verify success or failure for remote forward - establishment in a race free way. - ok dtucker@ - - djm@cvs.openbsd.org 2008/06/12 04:17:47 - [clientloop.c] - thall shalt not code past the eightieth column - - djm@cvs.openbsd.org 2008/06/12 04:24:06 - [ssh.c] - thal shalt not code past the eightieth column - - djm@cvs.openbsd.org 2008/06/12 05:15:41 - [PROTOCOL] - document tun@openssh.com forwarding method - - djm@cvs.openbsd.org 2008/06/12 05:32:30 - [mux.c] - some more TODO for me - - grunk@cvs.openbsd.org 2008/06/12 05:42:46 - [key.c] - supply the key type (rsa1, rsa, dsa) as a caption in the frame of the - random art. while there, stress the fact that the field base should at - least be 8 characters for the pictures to make sense. - comment and ok djm@ - - grunk@cvs.openbsd.org 2008/06/12 06:32:59 - [key.c] - We already mark the start of the worm, now also mark the end of the worm - in our random art drawings. - ok djm@ - - djm@cvs.openbsd.org 2008/06/12 15:19:17 - [clientloop.h channels.h clientloop.c channels.c mux.c] - The multiplexing escape char handler commit last night introduced a - small memory leak per session; plug it. - - dtucker@cvs.openbsd.org 2008/06/12 16:35:31 - [ssh_config.5 ssh.c] - keyword expansion for localcommand. ok djm@ - - jmc@cvs.openbsd.org 2008/06/12 19:10:09 - [ssh_config.5 ssh-keygen.1] - tweak the ascii art text; ok grunk - - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 - [sshd.c sshconnect.c packet.h misc.c misc.h packet.c] - Make keepalive timeouts apply while waiting for a packet, particularly - during key renegotiation (bz #1363). With djm and Matt Day, ok djm@ - - djm@cvs.openbsd.org 2008/06/12 20:47:04 - [sftp-client.c] - print extension revisions for extensions that we understand - - djm@cvs.openbsd.org 2008/06/12 21:06:25 - [clientloop.c] - I was coalescing expected global request confirmation replies at - the wrong end of the queue - fix; prompted by markus@ - - grunk@cvs.openbsd.org 2008/06/12 21:14:46 - [ssh-keygen.c] - make ssh-keygen -lf show the key type just as ssh-add -l would do it - ok djm@ markus@ - - grunk@cvs.openbsd.org 2008/06/12 22:03:36 - [key.c] - add my copyright, ok djm@ - - ian@cvs.openbsd.org 2008/06/12 23:24:58 - [sshconnect.c] - tweak wording in message, ok deraadt@ jmc@ - - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 - [sftp.h log.h] - replace __dead with __attribute__((noreturn)), makes things - a little easier to port. Also, add it to sigdie(). ok djm@ - - djm@cvs.openbsd.org 2008/06/13 00:16:49 - [mux.c] - fall back to creating a new TCP connection on most multiplexing errors - (socket connect fail, invalid version, refused permittion, corrupted - messages, etc.); bz #1329 ok dtucker@ - - dtucker@cvs.openbsd.org 2008/06/13 00:47:53 - [mux.c] - upcast size_t to u_long to match format arg; ok djm@ - - dtucker@cvs.openbsd.org 2008/06/13 00:51:47 - [mac.c] - upcast another size_t to u_long to match format - - dtucker@cvs.openbsd.org 2008/06/13 01:38:23 - [misc.c] - upcast uid to long with matching %ld, prevents warnings in portable - - djm@cvs.openbsd.org 2008/06/13 04:40:22 - [auth2-pubkey.c auth-rhosts.c] - refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not - regular files; report from Solar Designer via Colin Watson in bz#1471 - ok dtucker@ deraadt - - (dtucker) [clientloop.c serverloop.c] channel_register_filter now - takes 2 more args. with djm@ - - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch - from Todd Vierling. - - (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA - systems. Patch from R. Scott Bailey. - - (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used - on big endian machines, so ifdef them for little-endian only to prevent - unused function warnings on big-endians. - - (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent - compiler warnings on some platforms. Based on a discussion with otto@ - -20080611 - - (djm) [channels.c configure.ac] - Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) - bz#1464; ok dtucker - -20080610 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/06/10 03:57:27 - [servconf.c match.h sshd_config.5] - support CIDR address matching in sshd_config "Match address" blocks, with - full support for negation and fall-back to classic wildcard matching. - For example: - Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* - PasswordAuthentication yes - addrmatch.c code mostly lifted from flowd's addr.c - feedback and ok dtucker@ - - djm@cvs.openbsd.org 2008/06/10 04:17:46 - [sshd_config.5] - better reference for pattern-list - - dtucker@cvs.openbsd.org 2008/06/10 04:50:25 - [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8] - Add extended test mode (-T) and connection parameters for test mode (-C). - -T causes sshd to write its effective configuration to stdout and exit. - -C causes any relevant Match rules to be applied before output. The - combination allows tesing of the parser and config files. ok deraadt djm - - jmc@cvs.openbsd.org 2008/06/10 07:12:00 - [sshd_config.5] - tweak previous; - - jmc@cvs.openbsd.org 2008/06/10 08:17:40 - [sshd.8 sshd.c] - - update usage() - - fix SYNOPSIS, and sort options - - some minor additional fixes - - dtucker@cvs.openbsd.org 2008/06/09 18:06:32 - [regress/test-exec.sh] - Don't generate putty keys if we're not going to use them. ok djm - - dtucker@cvs.openbsd.org 2008/06/10 05:23:32 - [regress/addrmatch.sh regress/Makefile] - Regress test for Match CIDR rules. ok djm@ - - dtucker@cvs.openbsd.org 2008/06/10 15:21:41 - [test-exec.sh] - Use a more portable construct for checking if we're running a putty test - - dtucker@cvs.openbsd.org 2008/06/10 15:28:49 - [test-exec.sh] - Add quotes - - dtucker@cvs.openbsd.org 2008/06/10 18:21:24 - [ssh_config.5] - clarify that Host patterns are space-separated. ok deraadt - - djm@cvs.openbsd.org 2008/06/10 22:15:23 - [PROTOCOL ssh.c serverloop.c] - Add a no-more-sessions@openssh.com global request extension that the - client sends when it knows that it will never request another session - (i.e. when session multiplexing is disabled). This allows a server to - disallow further session requests and terminate the session. - Why would a non-multiplexing client ever issue additional session - requests? It could have been attacked with something like SSH'jack: - http://www.storm.net.nz/projects/7 - feedback & ok markus - - djm@cvs.openbsd.org 2008/06/10 23:06:19 - [auth-options.c match.c servconf.c addrmatch.c sshd.8] - support CIDR address matching in .ssh/authorized_keys from="..." stanzas - ok and extensive testing dtucker@ - - dtucker@cvs.openbsd.org 2008/06/10 23:21:34 - [bufaux.c] - Use '\0' for a nul byte rather than unadorned 0. ok djm@ - - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 - [Makefile regress/key-options.sh] - Add regress test for key options. ok djm@ - - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 - since the new CIDR code in addmatch.c references it. - - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 - specific tests on platforms that don't do IPv6. - - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well - as environment. - - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now. - -20080609 - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2008/06/08 17:04:41 - [sftp-server.c] - Add case for ENOSYS in errno_to_portable; ok deraadt - - dtucker@cvs.openbsd.org 2008/06/08 20:15:29 - [sftp.c sftp-client.c sftp-client.h] - Have the sftp client store the statvfs replies in wire format, - which prevents problems when the server's native sizes exceed the - client's. - Also extends the sizes of the remaining 32bit wire format to 64bit, - they're specified as unsigned long in the standard. - - dtucker@cvs.openbsd.org 2008/06/09 13:02:39 - [sftp-server.c] - Extend 32bit -> 64bit values for statvfs extension missed in previous - commit. - - dtucker@cvs.openbsd.org 2008/06/09 13:38:46 - [PROTOCOL] - Use a $OpenBSD tag so our scripts will sync changes. - -20080608 - - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c - openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h - openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and - fstatvfs and remove #defines around statvfs code. ok djm@ - - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a - macro to convert fsid to unsigned long for platforms where fsid is a - 2-member array. - -20080607 - - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H. - - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] - Do not enable statvfs extensions on platforms that do not have statvfs. - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/05/19 06:14:02 - [packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@ - - djm@cvs.openbsd.org 2008/05/19 15:45:07 - [sshtty.c ttymodes.c sshpty.h] - Fix sending tty modes when stdin is not a tty (bz#1199). Previously - we would send the modes corresponding to a zeroed struct termios, - whereas we should have been sending an empty list of modes. - Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ - - djm@cvs.openbsd.org 2008/05/19 15:46:31 - [ssh-keygen.c] - support -l (print fingerprint) in combination with -F (find host) to - search for a host in ~/.ssh/known_hosts and display its fingerprint; - ok markus@ - - djm@cvs.openbsd.org 2008/05/19 20:53:52 - [clientloop.c] - unbreak tree by committing this bit that I missed from: - Fix sending tty modes when stdin is not a tty (bz#1199). Previously - we would send the modes corresponding to a zeroed struct termios, - whereas we should have been sending an empty list of modes. - Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ - -20080604 - - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias - in arc4random_uniform with upper_bound in (2^30,2*31). Note that - OpenSSH did not make requests with upper bounds in this range. - -20080519 - - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in] - [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h] - Fix compilation on Linux, including pulling in fmt_scaled(3) - implementation from OpenBSD's libutil. - -20080518 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/04/04 05:14:38 - [sshd_config.5] - ChrootDirectory is supported in Match blocks (in fact, it is most useful - there). Spotted by Minstrel AT minstrel.org.uk - - djm@cvs.openbsd.org 2008/04/04 06:44:26 - [sshd_config.5] - oops, some unrelated stuff crept into that commit - backout. - spotted by jmc@ - - djm@cvs.openbsd.org 2008/04/05 02:46:02 - [sshd_config.5] - HostbasedAuthentication is supported under Match too - - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] - [configure.ac] Implement arc4random_buf(), import implementation of - arc4random_uniform() from OpenBSD - - (djm) [openbsd-compat/bsd-arc4random.c] Warning fixes - - (djm) [openbsd-compat/port-tun.c] needs sys/queue.h - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2008/04/13 00:22:17 - [dh.c sshd.c] - Use arc4random_buf() when requesting more than a single word of output - Use arc4random_uniform() when the desired random number upper bound - is not a power of two - ok deraadt@ millert@ - - djm@cvs.openbsd.org 2008/04/18 12:32:11 - [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h] - introduce sftp extension methods statvfs@openssh.com and - fstatvfs@openssh.com that implement statvfs(2)-like operations, - based on a patch from miklos AT szeredi.hu (bz#1399) - also add a "df" command to the sftp client that uses the - statvfs@openssh.com to produce a df(1)-like display of filesystem - space and inode utilisation - ok markus@ - - jmc@cvs.openbsd.org 2008/04/18 17:15:47 - [sftp.1] - macro fixage; - - djm@cvs.openbsd.org 2008/04/18 22:01:33 - [session.c] - remove unneccessary parentheses - - otto@cvs.openbsd.org 2008/04/29 11:20:31 - [monitor_mm.h] - garbage collect two unused fields in struct mm_master; ok markus@ - - djm@cvs.openbsd.org 2008/04/30 10:14:03 - [ssh-keyscan.1 ssh-keyscan.c] - default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by - larsnooden AT openoffice.org - - pyr@cvs.openbsd.org 2008/05/07 05:49:37 - [servconf.c servconf.h session.c sshd_config.5] - Enable the AllowAgentForwarding option in sshd_config (global and match - context), to specify if agents should be permitted on the server. - As the man page states: - ``Note that disabling Agent forwarding does not improve security - unless users are also denied shell access, as they can always install - their own forwarders.'' - ok djm@, ok and a mild frown markus@ - - pyr@cvs.openbsd.org 2008/05/07 06:43:35 - [sshd_config] - push the sshd_config bits in, spotted by ajacoutot@ - - jmc@cvs.openbsd.org 2008/05/07 08:00:14 - [sshd_config.5] - sort; - - markus@cvs.openbsd.org 2008/05/08 06:59:01 - [bufaux.c buffer.h channels.c packet.c packet.h] - avoid extra malloc/copy/free when receiving data over the net; - ~10% speedup for localhost-scp; ok djm@ - - djm@cvs.openbsd.org 2008/05/08 12:02:23 - [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] - [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] - [ssh.c sshd.c] - Implement a channel success/failure status confirmation callback - mechanism. Each channel maintains a queue of callbacks, which will - be drained in order (RFC4253 guarantees confirm messages are not - reordered within an channel). - Also includes a abandonment callback to clean up if a channel is - closed without sending confirmation messages. This probably - shouldn't happen in compliant implementations, but it could be - abused to leak memory. - ok markus@ (as part of a larger diff) - - djm@cvs.openbsd.org 2008/05/08 12:21:16 - [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] - [sshd_config sshd_config.5] - Make the maximum number of sessions run-time controllable via - a sshd_config MaxSessions knob. This is useful for disabling - login/shell/subsystem access while leaving port-forwarding working - (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or - simply increasing the number of allows multiplexed sessions. - Because some bozos are sure to configure MaxSessions in excess of the - number of available file descriptors in sshd (which, at peak, might be - as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds - on error paths, and make it fail gracefully on out-of-fd conditions - - sending channel errors instead of than exiting with fatal(). - bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com - ok markus@ - - djm@cvs.openbsd.org 2008/05/08 13:06:11 - [clientloop.c clientloop.h ssh.c] - Use new channel status confirmation callback system to properly deal - with "important" channel requests that fail, in particular command exec, - shell and subsystem requests. Previously we would optimistically assume - that the requests would always succeed, which could cause hangs if they - did not (e.g. when the server runs out of fds) or were unimplemented by - the server (bz #1384) - Also, properly report failing multiplex channel requests via the mux - client stderr (subject to LogLevel in the mux master) - better than - silently failing. - most bits ok markus@ (as part of a larger diff) - - djm@cvs.openbsd.org 2008/05/09 04:55:56 - [channels.c channels.h clientloop.c serverloop.c] - Try additional addresses when connecting to a port forward destination - whose DNS name resolves to more than one address. The previous behaviour - was to try the first address and give up. - Reported by stig AT venaas.com in bz#343 - great feedback and ok markus@ - - djm@cvs.openbsd.org 2008/05/09 14:18:44 - [clientloop.c clientloop.h ssh.c mux.c] - tidy up session multiplexing code, moving it into its own file and - making the function names more consistent - making ssh.c and - clientloop.c a fair bit more readable. - ok markus@ - - djm@cvs.openbsd.org 2008/05/09 14:26:08 - [ssh.c] - dingo stole my diff hunk - - markus@cvs.openbsd.org 2008/05/09 16:16:06 - [session.c] - re-add the USE_PIPES code and enable it. - without pipes shutdown-read from the sshd does not trigger - a SIGPIPE when the forked program does a write. - ok djm@ - (Id sync only, USE_PIPES never left portable OpenSSH) - - markus@cvs.openbsd.org 2008/05/09 16:17:51 - [channels.c] - error-fd race: don't enable the error fd in the select bitmask - for channels with both in- and output closed, since the channel - will go away before we call select(); - report, lots of debugging help and ok djm@ - - markus@cvs.openbsd.org 2008/05/09 16:21:13 - [channels.h clientloop.c nchan.c serverloop.c] - unbreak - ssh -2 localhost od /bin/ls | true - ignoring SIGPIPE by adding a new channel message (EOW) that signals - the peer that we're not interested in any data it might send. - fixes bz #85; discussion, debugging and ok djm@ - - pvalchev@cvs.openbsd.org 2008/05/12 20:52:20 - [umac.c] - Ensure nh_result lies on a 64-bit boundary (fixes warnings observed - on Itanium on Linux); from Dale Talcott (bug #1462); ok djm@ - - djm@cvs.openbsd.org 2008/05/15 23:52:24 - [nchan2.ms] - document eow message in ssh protocol 2 channel state machine; - feedback and ok markus@ - - djm@cvs.openbsd.org 2008/05/18 21:29:05 - [sftp-server.c] - comment extension announcement - - djm@cvs.openbsd.org 2008/05/16 08:30:42 - [PROTOCOL] - document our protocol extensions and deviations; ok markus@ - - djm@cvs.openbsd.org 2008/05/17 01:31:56 - [PROTOCOL] - grammar and correctness fixes from stevesk@ - -20080403 - - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- - time warnings on LynxOS. Patch from ops AT iki.fi - - (djm) Force string arguments to replacement setproctitle() though - strnvis first. Ok dtucker@ - -20080403 - - (djm) OpenBSD CVS sync: - - markus@cvs.openbsd.org 2008/04/02 15:36:51 - [channels.c] - avoid possible hijacking of x11-forwarded connections (back out 1.183) - CVE-2008-1483; ok djm@ - - jmc@cvs.openbsd.org 2008/03/27 22:37:57 - [sshd.8] - remove trailing whitespace; - - djm@cvs.openbsd.org 2008/04/03 09:50:14 - [version.h] - openssh-5.0 - - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank version numbers in RPM spec files - - (djm) [README] Update link to release notes - - (djm) Release 5.0p1 -- cgit v1.2.3 From 6f8f04b860765da07938bfe1fef017b00c3a3d55 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 22 Jan 2011 20:25:11 +1100 Subject: - (djm) Release 5.7p1 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 39031f380..0356a33c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ crank to OpenSSH-5.7 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] update versions in docs and spec files. + - (djm) Release 5.7p1 20110119 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead -- cgit v1.2.3