From 95767262caa6692eff1e1565be1f5cb297949a89 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 7 Mar 2016 19:02:43 +0000 Subject: upstream commit refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e --- monitor.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index ac7dd3099..6b780e480 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.157 2016/02/15 23:32:37 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.158 2016/03/07 19:02:43 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1469,6 +1469,7 @@ mm_answer_keyverify(int sock, Buffer *m) static void mm_record_login(Session *s, struct passwd *pw) { + struct ssh *ssh = active_state; /* XXX */ socklen_t fromlen; struct sockaddr_storage from; @@ -1490,7 +1491,7 @@ mm_record_login(Session *s, struct passwd *pw) } /* Record that there was a login on that tty from the remote host. */ record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, - get_remote_name_or_ip(utmp_len, options.use_dns), + session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen); } -- cgit v1.2.3 From 1a31d02b2411c4718de58ce796dbb7b5e14db93e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 2 May 2016 08:49:03 +0000 Subject: upstream commit fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820 --- auth2-chall.c | 6 +++--- auth2.c | 6 +++--- kex.h | 7 ++++--- kexc25519.c | 6 +++--- monitor.c | 27 ++++++++++++++++----------- servconf.c | 5 +++-- sftp-client.c | 5 ++--- ssh-agent.c | 15 ++++++++------- ssh-keygen.c | 8 ++++---- sshbuf-misc.c | 25 ++++++++++++++++++++++++- sshbuf.h | 9 ++++++++- sshconnect2.c | 6 +++--- sshd.c | 51 +++++++++++++++++++++++++++++++-------------------- 13 files changed, 112 insertions(+), 64 deletions(-) (limited to 'monitor.c') diff --git a/auth2-chall.c b/auth2-chall.c index 4aff09d80..ead480318 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.44 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -122,8 +122,8 @@ kbdint_alloc(const char *devs) buffer_append(&b, devices[i]->name, strlen(devices[i]->name)); } - buffer_append(&b, "\0", 1); - kbdintctxt->devices = xstrdup(buffer_ptr(&b)); + if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); } else { kbdintctxt->devices = xstrdup(devs); diff --git a/auth2.c b/auth2.c index 717796228..9108b8612 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */ +/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -424,8 +424,8 @@ authmethods_get(Authctxt *authctxt) buffer_append(&b, authmethods[i]->name, strlen(authmethods[i]->name)); } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); + if ((list = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); return list; } diff --git a/kex.h b/kex.h index 1c5896605..131b8d93d 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.76 2016/02/08 10:57:07 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -205,8 +205,9 @@ int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); -int kex_c25519_hash(int, const char *, const char *, const char *, size_t, - const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, +int kex_c25519_hash(int, const char *, const char *, + const u_char *, size_t, const u_char *, size_t, + const u_char *, size_t, const u_char *, const u_char *, const u_char *, size_t, u_char *, size_t *); void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) diff --git a/kexc25519.c b/kexc25519.c index 8d8cd4a2b..0897b8c51 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.10 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -86,8 +86,8 @@ kex_c25519_hash( int hash_alg, const char *client_version_string, const char *server_version_string, - const char *ckexinit, size_t ckexinitlen, - const char *skexinit, size_t skexinitlen, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, const u_char client_dh_pub[CURVE25519_SIZE], const u_char server_dh_pub[CURVE25519_SIZE], diff --git a/monitor.c b/monitor.c index 6b780e480..dce920c23 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.158 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.159 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -34,6 +34,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif @@ -688,7 +689,8 @@ mm_answer_sign(int sock, Buffer *m) u_char *p = NULL, *signature = NULL; char *alg = NULL; size_t datlen, siglen, alglen; - int r, keyid, is_proof = 0; + int r, is_proof = 0; + u_int keyid; const char proof_req[] = "hostkeys-prove-00@openssh.com"; debug3("%s", __func__); @@ -697,6 +699,8 @@ mm_answer_sign(int sock, Buffer *m) (r = sshbuf_get_string(m, &p, &datlen)) != 0 || (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (keyid > INT_MAX) + fatal("%s: invalid key ID", __func__); /* * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), @@ -1289,7 +1293,8 @@ static int monitor_valid_userblob(u_char *data, u_int datalen) { Buffer b; - char *p, *userstyle; + u_char *p; + char *userstyle, *cp; u_int len; int fail = 0; @@ -1314,26 +1319,26 @@ monitor_valid_userblob(u_char *data, u_int datalen) } if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; - p = buffer_get_cstring(&b, NULL); + cp = buffer_get_cstring(&b, NULL); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); - if (strcmp(userstyle, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - userstyle, p); + if (strcmp(userstyle, cp) != 0) { + logit("wrong user name passed to monitor: " + "expected %s != %.100s", userstyle, cp); fail++; } free(userstyle); - free(p); + free(cp); buffer_skip_string(&b); if (datafellows & SSH_BUG_PKAUTH) { if (!buffer_get_char(&b)) fail++; } else { - p = buffer_get_cstring(&b, NULL); - if (strcmp("publickey", p) != 0) + cp = buffer_get_cstring(&b, NULL); + if (strcmp("publickey", cp) != 0) fail++; - free(p); + free(cp); if (!buffer_get_char(&b)) fail++; buffer_skip_string(&b); diff --git a/servconf.c b/servconf.c index ba39dce1d..6111c5a94 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.286 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.287 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2059,7 +2059,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); - obuf = cbuf = xstrdup(buffer_ptr(conf)); + if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); active = connectinfo ? 0 : 1; linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { diff --git a/sftp-client.c b/sftp-client.c index cd990579e..faf14684c 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.122 2016/04/08 08:19:17 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.123 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -515,8 +515,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, struct sshbuf *msg; u_int count, id, i, expected_id, ents = 0; size_t handle_len; - u_char type; - char *handle; + u_char type, *handle; int status = SSH2_FX_FAILURE; int r; diff --git a/ssh-agent.c b/ssh-agent.c index c38906d94..8aa25b30d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -144,8 +144,8 @@ char socket_dir[PATH_MAX]; #define LOCK_SALT_SIZE 16 #define LOCK_ROUNDS 1 int locked = 0; -char lock_passwd[LOCK_SIZE]; -char lock_salt[LOCK_SALT_SIZE]; +u_char lock_pwhash[LOCK_SIZE]; +u_char lock_salt[LOCK_SALT_SIZE]; extern char *__progname; @@ -677,7 +677,8 @@ static void process_lock_agent(SocketEntry *e, int lock) { int r, success = 0, delay; - char *passwd, passwdhash[LOCK_SIZE]; + char *passwd; + u_char passwdhash[LOCK_SIZE]; static u_int fail_count = 0; size_t pwlen; @@ -689,11 +690,11 @@ process_lock_agent(SocketEntry *e, int lock) if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); - if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { + if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) { debug("agent unlocked"); locked = 0; fail_count = 0; - explicit_bzero(lock_passwd, sizeof(lock_passwd)); + explicit_bzero(lock_pwhash, sizeof(lock_pwhash)); success = 1; } else { /* delay in 0.1s increments up to 10s */ @@ -710,7 +711,7 @@ process_lock_agent(SocketEntry *e, int lock) locked = 1; arc4random_buf(lock_salt, sizeof(lock_salt)); if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), - lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) + lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); success = 1; } diff --git a/ssh-keygen.c b/ssh-keygen.c index 478520123..079f10321 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.289 2016/05/02 08:49:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -883,7 +883,7 @@ do_fingerprint(struct passwd *pw) char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; int i, invalid = 1; const char *path; - long int lnum = 0; + u_long lnum = 0; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); @@ -946,7 +946,7 @@ do_fingerprint(struct passwd *pw) } /* Retry after parsing leading hostname/key options */ if (public == NULL && (public = try_read_key(&cp)) == NULL) { - debug("%s:%ld: not a public key", path, lnum); + debug("%s:%lu: not a public key", path, lnum); continue; } @@ -1920,7 +1920,7 @@ do_show_cert(struct passwd *pw) FILE *f; char *cp, line[SSH_MAX_PUBKEY_BYTES]; const char *path; - long int lnum = 0; + u_long lnum = 0; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); diff --git a/sshbuf-misc.c b/sshbuf-misc.c index 3da4b80e7..15dcfbc79 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-misc.c,v 1.5 2015/10/05 17:11:21 djm Exp $ */ +/* $OpenBSD: sshbuf-misc.c,v 1.6 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -136,3 +136,26 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64) return 0; } +char * +sshbuf_dup_string(struct sshbuf *buf) +{ + const u_char *p = NULL, *s = sshbuf_ptr(buf); + size_t l = sshbuf_len(buf); + char *r; + + if (s == NULL || l > SIZE_MAX) + return NULL; + /* accept a nul only as the last character in the buffer */ + if (l > 0 && (p = memchr(s, '\0', l)) != NULL) { + if (p != s + l - 1) + return NULL; + l--; /* the nul is put back below */ + } + if ((r = malloc(l + 1)) == NULL) + return NULL; + if (l > 0) + memcpy(r, s, l); + r[l] = '\0'; + return r; +} + diff --git a/sshbuf.h b/sshbuf.h index 63495fbb0..52ff017cc 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.6 2015/12/10 07:01:35 mmcc Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.7 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -239,6 +239,13 @@ char *sshbuf_dtob64(struct sshbuf *buf); /* Decode base64 data and append it to the buffer */ int sshbuf_b64tod(struct sshbuf *buf, const char *b64); +/* + * Duplicate the contents of a buffer to a string (caller to free). + * Returns NULL on buffer error, or if the buffer contains a premature + * nul character. + */ +char *sshbuf_dup_string(struct sshbuf *buf); + /* Macros for decoding/encoding integers */ #define PEEK_U64(p) \ (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ diff --git a/sshconnect2.c b/sshconnect2.c index f7d0644e8..1dddf75aa 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.241 2016/04/28 14:30:21 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.242 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1922,8 +1922,8 @@ authmethods_get(void) buffer_append(&b, method->name, strlen(method->name)); } } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); + if ((list = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); return list; } diff --git a/sshd.c b/sshd.c index d21aed515..8b8af2494 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.466 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -845,8 +845,8 @@ list_hostkey_types(void) break; } } - buffer_append(&b, "\0", 1); - ret = xstrdup(buffer_ptr(&b)); + if ((ret = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); debug("list_hostkey_types: %s", ret); return ret; @@ -1027,12 +1027,13 @@ usage(void) } static void -send_rexec_state(int fd, Buffer *conf) +send_rexec_state(int fd, struct sshbuf *conf) { - Buffer m; + struct sshbuf *m; + int r; - debug3("%s: entering fd = %d config len %d", __func__, fd, - buffer_len(conf)); + debug3("%s: entering fd = %d config len %zu", __func__, fd, + sshbuf_len(conf)); /* * Protocol from reexec master to child: @@ -1046,31 +1047,41 @@ send_rexec_state(int fd, Buffer *conf) * bignum q " * string rngseed (only if OpenSSL is not self-seeded) */ - buffer_init(&m); - buffer_put_cstring(&m, buffer_ptr(conf)); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_stringb(m, conf)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef WITH_SSH1 if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { - buffer_put_int(&m, 1); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); + if ((r = sshbuf_put_u32(m, 1)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->e)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->n)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->d)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->iqmp)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->p)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->q)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else #endif - buffer_put_int(&m, 0); + if ((r = sshbuf_put_u32(m, 1)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_send_rng_seed(&m); + rexec_send_rng_seed(m); #endif - if (ssh_msg_send(fd, 0, &m) == -1) + if (ssh_msg_send(fd, 0, m) == -1) fatal("%s: ssh_msg_send failed", __func__); - buffer_free(&m); + sshbuf_free(m); debug3("%s: done", __func__); } -- cgit v1.2.3 From 0e8eeec8e75f6d0eaf33317376f773160018a9c7 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 2 May 2016 10:26:04 +0000 Subject: upstream commit add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f --- dh.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++-------- dh.h | 4 ++- kex.c | 7 +++-- kex.h | 12 ++++++--- kexdh.c | 9 ++++--- kexdhc.c | 10 ++++++- kexdhs.c | 10 ++++++- monitor.c | 5 +++- myproposal.h | 15 ++++++++--- ssh-keyscan.c | 5 +++- ssh_api.c | 8 +++++- sshconnect2.c | 5 +++- sshd.c | 5 +++- 13 files changed, 146 insertions(+), 32 deletions(-) (limited to 'monitor.c') diff --git a/dh.c b/dh.c index 20f819131..167d3714e 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */ +/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -314,6 +314,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) return (dh); } +/* rfc2409 "Second Oakley Group" (1024 bits) */ DH * dh_new_group1(void) { @@ -328,6 +329,7 @@ dh_new_group1(void) return (dh_new_group_asc(gen, group1)); } +/* rfc3526 group 14 "2048-bit MODP Group" */ DH * dh_new_group14(void) { @@ -347,12 +349,9 @@ dh_new_group14(void) return (dh_new_group_asc(gen, group14)); } -/* - * 4k bit fallback group used by DH-GEX if moduli file cannot be read. - * Source: MODP group 16 from RFC3526. - */ +/* rfc3526 group 16 "4096-bit MODP Group" */ DH * -dh_new_group_fallback(int max) +dh_new_group16(void) { static char *gen = "2", *group16 = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" @@ -378,12 +377,75 @@ dh_new_group_fallback(int max) "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" "FFFFFFFF" "FFFFFFFF"; - if (max < 4096) { - debug3("requested max size %d, using 2k bit group 14", max); + return (dh_new_group_asc(gen, group16)); +} + +/* rfc3526 group 18 "8192-bit MODP Group" */ +DH * +dh_new_group18(void) +{ + static char *gen = "2", *group16 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64" + "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7" + "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B" + "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C" + "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31" + "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7" + "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA" + "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6" + "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED" + "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9" + "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492" + "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD" + "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831" + "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B" + "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF" + "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6" + "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3" + "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA" + "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328" + "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C" + "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE" + "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4" + "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300" + "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568" + "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9" + "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B" + "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A" + "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36" + "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1" + "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92" + "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47" + "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71" + "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF"; + + return (dh_new_group_asc(gen, group16)); +} + +/* Select fallback group used by DH-GEX if moduli file cannot be read. */ +DH * +dh_new_group_fallback(int max) +{ + debug3("%s: requested max size %d", __func__, max); + if (max < 3072) { + debug3("using 2k bit group 14"); return dh_new_group14(); + } else if (max < 6144) { + debug3("using 4k bit group 16"); + return dh_new_group16(); } - debug3("using 4k bit group 16"); - return (dh_new_group_asc(gen, group16)); + debug3("using 8k bit group 18"); + return dh_new_group18(); } /* @@ -393,7 +455,6 @@ dh_new_group_fallback(int max) * Management Part 1 (rev 3) limited by the recommended maximum value * from RFC4419 section 3. */ - u_int dh_estimate(int bits) { diff --git a/dh.h b/dh.h index e191cfd8a..bcd485cf9 100644 --- a/dh.h +++ b/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */ +/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -37,6 +37,8 @@ DH *dh_new_group_asc(const char *, const char *); DH *dh_new_group(BIGNUM *, BIGNUM *); DH *dh_new_group1(void); DH *dh_new_group14(void); +DH *dh_new_group16(void); +DH *dh_new_group18(void); DH *dh_new_group_fallback(int); int dh_gen_key(DH *, int); diff --git a/kex.c b/kex.c index d371f47c4..430cd8868 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -88,7 +88,10 @@ struct kexalg { static const struct kexalg kexalgs[] = { #ifdef WITH_OPENSSL { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, - { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, + { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, #ifdef HAVE_EVP_SHA256 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, diff --git a/kex.h b/kex.h index 131b8d93d..c35195568 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -51,7 +51,10 @@ #define KEX_COOKIE_LEN 16 #define KEX_DH1 "diffie-hellman-group1-sha1" -#define KEX_DH14 "diffie-hellman-group14-sha1" +#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1" +#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256" +#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512" +#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" @@ -88,6 +91,9 @@ enum kex_modes { enum kex_exchange { KEX_DH_GRP1_SHA1, KEX_DH_GRP14_SHA1, + KEX_DH_GRP14_SHA256, + KEX_DH_GRP16_SHA512, + KEX_DH_GRP18_SHA512, KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, @@ -190,7 +196,7 @@ int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); -int kex_dh_hash(const char *, const char *, +int kex_dh_hash(int, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); diff --git a/kexdh.c b/kexdh.c index feea6697d..0bf0dc138 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ +/* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -43,6 +43,7 @@ int kex_dh_hash( + int hash_alg, const char *client_version_string, const char *server_version_string, const u_char *ckexinit, size_t ckexinitlen, @@ -56,7 +57,7 @@ kex_dh_hash( struct sshbuf *b; int r; - if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) + if (*hashlen < ssh_digest_bytes(hash_alg)) return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -79,12 +80,12 @@ kex_dh_hash( #ifdef DEBUG_KEX sshbuf_dump(b, stderr); #endif - if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { + if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { sshbuf_free(b); return SSH_ERR_LIBCRYPTO_ERROR; } sshbuf_free(b); - *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + *hashlen = ssh_digest_bytes(hash_alg); #ifdef DEBUG_KEX dump_digest("hash", hash, *hashlen); #endif diff --git a/kexdhc.c b/kexdhc.c index af259f16a..ad3975f09 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -63,8 +63,15 @@ kexdh_client(struct ssh *ssh) kex->dh = dh_new_group1(); break; case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: kex->dh = dh_new_group14(); break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); + break; default: r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -164,6 +171,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) /* calc and verify H */ hashlen = sizeof(hash); if ((r = kex_dh_hash( + kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->my), sshbuf_len(kex->my), diff --git a/kexdhs.c b/kexdhs.c index bf933e4c9..108f66427 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.23 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -63,8 +63,15 @@ kexdh_server(struct ssh *ssh) kex->dh = dh_new_group1(); break; case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: kex->dh = dh_new_group14(); break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); + break; default: r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -158,6 +165,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) /* calc H */ hashlen = sizeof(hash); if ((r = kex_dh_hash( + kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), diff --git a/monitor.c b/monitor.c index dce920c23..8b3c27a76 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.159 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.160 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1860,6 +1860,9 @@ monitor_apply_keystate(struct monitor *pmonitor) #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC diff --git a/myproposal.h b/myproposal.h index bdd05966f..597090164 100644 --- a/myproposal.h +++ b/myproposal.h @@ -67,13 +67,18 @@ #endif #ifdef HAVE_EVP_SHA256 -# define KEX_SHA256_METHODS \ - "diffie-hellman-group-exchange-sha256," +# define KEX_SHA2_METHODS \ + "diffie-hellman-group-exchange-sha256," \ + "diffie-hellman-group16-sha512," \ + "diffie-hellman-group18-sha512," +# define KEX_SHA2_GROUP14 \ + "diffie-hellman-group14-sha256," #define SHA2_HMAC_MODES \ "hmac-sha2-256," \ "hmac-sha2-512," #else -# define KEX_SHA256_METHODS +# define KEX_SHA2_METHODS +# define KEX_SHA2_GROUP14 # define SHA2_HMAC_MODES #endif @@ -86,13 +91,15 @@ #define KEX_COMMON_KEX \ KEX_CURVE25519_METHODS \ KEX_ECDH_METHODS \ - KEX_SHA256_METHODS + KEX_SHA2_METHODS #define KEX_SERVER_KEX KEX_COMMON_KEX \ + KEX_SHA2_GROUP14 \ "diffie-hellman-group14-sha1" \ #define KEX_CLIENT_KEX KEX_COMMON_KEX \ "diffie-hellman-group-exchange-sha1," \ + KEX_SHA2_GROUP14 \ "diffie-hellman-group14-sha1" #define KEX_DEFAULT_PK_ALG \ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7fe61e4e1..c30d54e62 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -302,6 +302,9 @@ keygrab_ssh2(con *c) #ifdef WITH_OPENSSL c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/ssh_api.c b/ssh_api.c index f544f006b..acd0b83c1 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.6 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -103,6 +103,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #ifdef WITH_OPENSSL ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC @@ -117,6 +120,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #ifdef WITH_OPENSSL ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/sshconnect2.c b/sshconnect2.c index 1dddf75aa..945471f15 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.242 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -206,6 +206,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/sshd.c b/sshd.c index 8b8af2494..47e046e24 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.468 2016/05/02 10:26:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2637,6 +2637,9 @@ do_ssh2_kex(void) #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC -- cgit v1.2.3 From 01558b7b07af43da774d3a11a5c51fa9c310849d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 18 Jul 2016 09:33:25 +1000 Subject: Handle PAM_MAXTRIES from modules. bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer password and keyboard-interative authentication methods. Should prevent "sshd ignoring max retries" warnings in the log. ok djm@ It probably won't trigger with keyboard-interactive in the default configuration because the retry counter is stored in module-private storage which goes away with the sshd PAM process (see bz#688). On the other hand, those cases probably won't log a warning either. --- auth-pam.c | 30 +++++++++++++++++++++++++++++- auth-pam.h | 2 ++ monitor.c | 5 +++++ monitor_wrap.c | 5 +++++ 4 files changed, 41 insertions(+), 1 deletion(-) (limited to 'monitor.c') diff --git a/auth-pam.c b/auth-pam.c index 465b5a702..1f13c181c 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -229,6 +229,7 @@ static int sshpam_authenticated = 0; static int sshpam_session_open = 0; static int sshpam_cred_established = 0; static int sshpam_account_status = -1; +static int sshpam_maxtries_reached = 0; static char **sshpam_env = NULL; static Authctxt *sshpam_authctxt = NULL; static const char *sshpam_password = NULL; @@ -450,6 +451,8 @@ sshpam_thread(void *ctxtp) if (sshpam_err != PAM_SUCCESS) goto auth_fail; sshpam_err = pam_authenticate(sshpam_handle, flags); + if (sshpam_err == PAM_MAXTRIES) + sshpam_set_maxtries_reached(1); if (sshpam_err != PAM_SUCCESS) goto auth_fail; @@ -501,6 +504,8 @@ sshpam_thread(void *ctxtp) /* XXX - can't do much about an error here */ if (sshpam_err == PAM_ACCT_EXPIRED) ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); + else if (sshpam_maxtries_reached) + ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer); else ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); buffer_free(&buffer); @@ -741,7 +746,11 @@ sshpam_query(void *ctx, char **name, char **info, free(msg); break; case PAM_ACCT_EXPIRED: - sshpam_account_status = 0; + case PAM_MAXTRIES: + if (type == PAM_ACCT_EXPIRED) + sshpam_account_status = 0; + if (type == PAM_MAXTRIES) + sshpam_set_maxtries_reached(1); /* FALLTHROUGH */ case PAM_AUTH_ERR: debug3("PAM: %s", pam_strerror(sshpam_handle, type)); @@ -1218,6 +1227,8 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam_password = NULL; free(fake); + if (sshpam_err == PAM_MAXTRIES) + sshpam_set_maxtries_reached(1); if (sshpam_err == PAM_SUCCESS && authctxt->valid) { debug("PAM: password authentication accepted for %.100s", authctxt->user); @@ -1229,4 +1240,21 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) return 0; } } + +int +sshpam_get_maxtries_reached(void) +{ + return sshpam_maxtries_reached; +} + +void +sshpam_set_maxtries_reached(int reached) +{ + if (reached == 0 || sshpam_maxtries_reached) + return; + sshpam_maxtries_reached = 1; + options.password_authentication = 0; + options.kbd_interactive_authentication = 0; + options.challenge_response_authentication = 0; +} #endif /* USE_PAM */ diff --git a/auth-pam.h b/auth-pam.h index a1a2b52d8..2e9a0c0a3 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -45,6 +45,8 @@ void free_pam_environment(char **); void sshpam_thread_cleanup(void); void sshpam_cleanup(void); int sshpam_auth_passwd(Authctxt *, const char *); +int sshpam_get_maxtries_reached(void); +void sshpam_set_maxtries_reached(int); int is_pam_session_open(void); #endif /* USE_PAM */ diff --git a/monitor.c b/monitor.c index 8b3c27a76..fbe965e7c 100644 --- a/monitor.c +++ b/monitor.c @@ -75,6 +75,7 @@ #include "cipher.h" #include "kex.h" #include "dh.h" +#include "auth-pam.h" #ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ #undef TARGET_OS_MAC #include "zlib.h" @@ -920,6 +921,9 @@ mm_answer_authpassword(int sock, Buffer *m) buffer_clear(m); buffer_put_int(m, authenticated); +#ifdef USE_PAM + buffer_put_int(m, sshpam_get_maxtries_reached()); +#endif debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); @@ -1119,6 +1123,7 @@ mm_answer_pam_query(int sock, Buffer *m) free(name); buffer_put_cstring(m, info); free(info); + buffer_put_int(m, sshpam_get_maxtries_reached()); buffer_put_int(m, num); for (i = 0; i < num; ++i) { buffer_put_cstring(m, prompts[i]); diff --git a/monitor_wrap.c b/monitor_wrap.c index 552004902..99dc13b61 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -60,6 +60,7 @@ #include "packet.h" #include "mac.h" #include "log.h" +#include "auth-pam.h" #ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ #undef TARGET_OS_MAC #include "zlib.h" @@ -362,6 +363,9 @@ mm_auth_password(Authctxt *authctxt, char *password) mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); authenticated = buffer_get_int(&m); +#ifdef USE_PAM + sshpam_set_maxtries_reached(buffer_get_int(&m)); +#endif buffer_free(&m); @@ -644,6 +648,7 @@ mm_sshpam_query(void *ctx, char **name, char **info, debug3("%s: pam_query returned %d", __func__, ret); *name = buffer_get_string(&m, NULL); *info = buffer_get_string(&m, NULL); + sshpam_set_maxtries_reached(buffer_get_int(&m)); *num = buffer_get_int(&m); if (*num > PAM_MAX_NUM_MSG) fatal("%s: recieved %u PAM messages, expected <= %u", -- cgit v1.2.3 From c36d91bd4ebf767f310f7cea88d61d1c15f53ddf Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 22 Jul 2016 03:39:13 +0000 Subject: upstream commit move debug("%p", key) to before key is free'd; probable undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a --- monitor.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index fbe965e7c..cb57bd066 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.160 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.161 2016/07/22 03:39:13 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1258,6 +1258,10 @@ mm_answer_keyallowed(int sock, Buffer *m) break; } } + + debug3("%s: key %p is %s", + __func__, key, allowed ? "allowed" : "not allowed"); + if (key != NULL) key_free(key); @@ -1279,9 +1283,6 @@ mm_answer_keyallowed(int sock, Buffer *m) free(chost); } - debug3("%s: key %p is %s", - __func__, key, allowed ? "allowed" : "not allowed"); - buffer_clear(m); buffer_put_int(m, allowed); buffer_put_int(m, forced_command != NULL); -- cgit v1.2.3