From 76c9fbbe35aabc1db977fb78e827644345e9442e Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Fri, 4 Dec 2015 16:41:28 +0000 Subject: upstream commit implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309 --- ssh2.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ssh2.h') diff --git a/ssh2.h b/ssh2.h index 59417e612..bdff6c5bd 100644 --- a/ssh2.h +++ b/ssh2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh2.h,v 1.15 2014/01/29 06:18:35 djm Exp $ */ +/* $OpenBSD: ssh2.h,v 1.16 2015/12/04 16:41:28 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -80,6 +80,7 @@ #define SSH2_MSG_DEBUG 4 #define SSH2_MSG_SERVICE_REQUEST 5 #define SSH2_MSG_SERVICE_ACCEPT 6 +#define SSH2_MSG_EXT_INFO 7 /* transport layer: alg negotiation */ -- cgit v1.2.3 From a306863831c57ec5fad918687cc5d289ee8e2635 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Thu, 14 Jan 2016 16:17:39 +0000 Subject: upstream commit remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56 --- Makefile.in | 15 ++- clientloop.c | 9 +- kex.c | 14 +-- kex.h | 4 +- monitor.c | 3 +- monitor_wrap.c | 3 +- opacket.c | 12 --- opacket.h | 2 - packet.c | 84 ++--------------- packet.h | 6 +- readconf.c | 12 +-- readconf.h | 4 +- roaming.h | 45 --------- roaming_client.c | 271 ------------------------------------------------------- roaming_common.c | 241 ------------------------------------------------- roaming_dummy.c | 72 --------------- roaming_serv.c | 31 ------- serverloop.c | 8 +- ssh.c | 3 +- ssh2.h | 9 +- sshconnect.c | 7 +- sshconnect2.c | 6 +- sshd.c | 7 +- 23 files changed, 37 insertions(+), 831 deletions(-) delete mode 100644 roaming_client.c delete mode 100644 roaming_common.c delete mode 100644 roaming_dummy.c delete mode 100644 roaming_serv.c (limited to 'ssh2.h') diff --git a/Makefile.in b/Makefile.in index 9e326411c..a8984c8fb 100644 --- a/Makefile.in +++ b/Makefile.in @@ -95,8 +95,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ platform-pledge.o SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ - sshconnect.o sshconnect1.o sshconnect2.o mux.o \ - roaming_common.o roaming_client.o + sshconnect.o sshconnect1.o sshconnect2.o mux.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ audit.o audit-bsm.o audit-linux.o platform.o \ @@ -109,7 +108,6 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ - roaming_common.o roaming_serv.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ sandbox-solaris.o @@ -180,14 +178,14 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o - $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o + $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o - $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) +ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o + $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -484,8 +482,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ UNITTESTS_TEST_KEX_OBJS=\ regress/unittests/kex/tests.o \ - regress/unittests/kex/test_kex.o \ - roaming_dummy.o + regress/unittests/kex/test_kex.o regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a diff --git a/clientloop.c b/clientloop.c index c0386d56b..d324e297b 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.280 2016/01/14 16:17:39 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -111,7 +111,6 @@ #include "sshpty.h" #include "match.h" #include "msg.h" -#include "roaming.h" #include "ssherr.h" #include "hostfile.h" @@ -756,7 +755,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) static void client_process_net_input(fd_set *readset) { - int len, cont = 0; + int len; char buf[SSH_IOBUFSZ]; /* @@ -765,8 +764,8 @@ client_process_net_input(fd_set *readset) */ if (FD_ISSET(connection_in, readset)) { /* Read as much as possible. */ - len = roaming_read(connection_in, buf, sizeof(buf), &cont); - if (len == 0 && cont == 0) { + len = read(connection_in, buf, sizeof(buf)); + if (len == 0) { /* * Received EOF. The remote host has closed the * connection. diff --git a/kex.c b/kex.c index 2dba1c56b..335b789fc 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.115 2015/12/13 22:42:23 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.116 2016/01/14 16:17:39 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -49,7 +49,6 @@ #include "misc.h" #include "dispatch.h" #include "monitor.h" -#include "roaming.h" #include "ssherr.h" #include "sshbuf.h" @@ -748,17 +747,6 @@ kex_choose_conf(struct ssh *ssh) sprop=peer; } - /* Check whether server offers roaming */ - if (!kex->server) { - char *roaming = match_list(KEX_RESUME, - peer[PROPOSAL_KEX_ALGS], NULL); - - if (roaming) { - kex->roaming = 1; - free(roaming); - } - } - /* Check whether client supports ext_info_c */ if (kex->server) { char *ext; diff --git a/kex.h b/kex.h index 25ccf2e0e..24d4aa15f 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.74 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.75 2016/01/14 16:17:39 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -54,7 +54,6 @@ #define KEX_DH14 "diffie-hellman-group14-sha1" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" -#define KEX_RESUME "resume@appgate.com" #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" @@ -133,7 +132,6 @@ struct kex { int hostkey_type; int hostkey_nid; u_int kex_type; - int roaming; int rsa_sha2; int ext_info_c; struct sshbuf *my; diff --git a/monitor.c b/monitor.c index b3edd648b..b7fe74b13 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.155 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.156 2016/01/14 16:17:39 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -100,7 +100,6 @@ #include "monitor_fdpass.h" #include "compat.h" #include "ssh2.h" -#include "roaming.h" #include "authfd.h" #include "match.h" #include "ssherr.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index d4bfaf372..c5db6df48 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.86 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.87 2016/01/14 16:17:40 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -80,7 +80,6 @@ #include "channels.h" #include "session.h" #include "servconf.h" -#include "roaming.h" #include "ssherr.h" diff --git a/opacket.c b/opacket.c index b9160d59d..5970dd377 100644 --- a/opacket.c +++ b/opacket.c @@ -235,18 +235,6 @@ packet_set_connection(int fd_in, int fd_out) fatal("%s: ssh_packet_set_connection failed", __func__); } -void -packet_backup_state(void) -{ - ssh_packet_backup_state(active_state, backup_state); -} - -void -packet_restore_state(void) -{ - ssh_packet_restore_state(active_state, backup_state); -} - u_int packet_get_char(void) { diff --git a/opacket.h b/opacket.h index a0a60e550..b14b6769a 100644 --- a/opacket.h +++ b/opacket.h @@ -39,8 +39,6 @@ do { \ void packet_close(void); u_int packet_get_char(void); u_int packet_get_int(void); -void packet_backup_state(void); -void packet_restore_state(void); void packet_set_connection(int, int); int packet_read_seqnr(u_int32_t *); int packet_read_poll_seqnr(u_int32_t *); diff --git a/packet.c b/packet.c index 27e85e3a1..9cf200cc3 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.221 2015/12/11 04:21:12 mmcc Exp $ */ +/* $OpenBSD: packet.c,v 1.222 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -83,7 +83,6 @@ #include "channels.h" #include "ssh.h" #include "packet.h" -#include "roaming.h" #include "ssherr.h" #include "sshbuf.h" @@ -1279,7 +1278,7 @@ int ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh->state; - int len, r, ms_remain, cont; + int len, r, ms_remain; fd_set *setp; char buf[8192]; struct timeval timeout, start, *timeoutp = NULL; @@ -1349,11 +1348,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (r == 0) return SSH_ERR_CONN_TIMEOUT; /* Read data from the socket. */ - do { - cont = 0; - len = roaming_read(state->connection_in, buf, - sizeof(buf), &cont); - } while (len == 0 && cont); + len = read(state->connection_in, buf, sizeof(buf)); if (len == 0) { r = SSH_ERR_CONN_CLOSED; goto out; @@ -2025,19 +2020,18 @@ ssh_packet_write_poll(struct ssh *ssh) { struct session_state *state = ssh->state; int len = sshbuf_len(state->output); - int cont, r; + int r; if (len > 0) { - cont = 0; - len = roaming_write(state->connection_out, - sshbuf_ptr(state->output), len, &cont); + len = write(state->connection_out, + sshbuf_ptr(state->output), len); if (len == -1) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) return 0; return SSH_ERR_SYSTEM_ERROR; } - if (len == 0 && !cont) + if (len == 0) return SSH_ERR_CONN_CLOSED; if ((r = sshbuf_consume(state->output, len)) != 0) return r; @@ -2314,58 +2308,6 @@ ssh_packet_get_output(struct ssh *ssh) return (void *)ssh->state->output; } -/* XXX TODO update roaming to new API (does not work anyway) */ -/* - * Save the state for the real connection, and use a separate state when - * resuming a suspended connection. - */ -void -ssh_packet_backup_state(struct ssh *ssh, - struct ssh *backup_state) -{ - struct ssh *tmp; - - close(ssh->state->connection_in); - ssh->state->connection_in = -1; - close(ssh->state->connection_out); - ssh->state->connection_out = -1; - if (backup_state) - tmp = backup_state; - else - tmp = ssh_alloc_session_state(); - backup_state = ssh; - ssh = tmp; -} - -/* XXX FIXME FIXME FIXME */ -/* - * Swap in the old state when resuming a connecion. - */ -void -ssh_packet_restore_state(struct ssh *ssh, - struct ssh *backup_state) -{ - struct ssh *tmp; - u_int len; - int r; - - tmp = backup_state; - backup_state = ssh; - ssh = tmp; - ssh->state->connection_in = backup_state->state->connection_in; - backup_state->state->connection_in = -1; - ssh->state->connection_out = backup_state->state->connection_out; - backup_state->state->connection_out = -1; - len = sshbuf_len(backup_state->state->input); - if (len > 0) { - if ((r = sshbuf_putb(ssh->state->input, - backup_state->state->input)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - sshbuf_reset(backup_state->state->input); - add_recv_bytes(len); - } -} - /* Reset after_authentication and reset compression in post-auth privsep */ static int ssh_packet_set_postauth(struct ssh *ssh) @@ -2515,11 +2457,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) (r = sshbuf_put_stringb(m, state->output)) != 0) return r; - if (compat20) { - if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 || - (r = sshbuf_put_u64(m, get_recv_bytes())) != 0) - return r; - } return 0; } @@ -2646,7 +2583,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) size_t ssh1keylen, rlen, slen, ilen, olen; int r; u_int ssh1cipher = 0; - u_int64_t sent_bytes = 0, recv_bytes = 0; if (!compat20) { if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || @@ -2711,12 +2647,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) (r = sshbuf_put(state->output, output, olen)) != 0) return r; - if (compat20) { - if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 || - (r = sshbuf_get_u64(m, &recv_bytes)) != 0) - return r; - roam_set_bytes(sent_bytes, recv_bytes); - } if (sshbuf_len(m)) return SSH_ERR_INVALID_FORMAT; debug3("%s: done", __func__); diff --git a/packet.h b/packet.h index bc2e2ba2e..c8f36eb7f 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.67 2015/12/11 03:24:25 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.68 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen @@ -149,10 +149,6 @@ int ssh_packet_need_rekeying(struct ssh *); void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); time_t ssh_packet_get_rekey_timeout(struct ssh *); -/* XXX FIXME */ -void ssh_packet_backup_state(struct ssh *, struct ssh *); -void ssh_packet_restore_state(struct ssh *, struct ssh *); - void *ssh_packet_get_input(struct ssh *); void *ssh_packet_get_output(struct ssh *); diff --git a/readconf.c b/readconf.c index bf1250738..8e9a25da7 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.247 2016/01/14 14:34:34 deraadt Exp $ */ +/* $OpenBSD: readconf.c,v 1.248 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -152,7 +152,7 @@ typedef enum { oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - oVisualHostKey, oUseRoaming, + oVisualHostKey, oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, @@ -263,7 +263,7 @@ static struct { { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, - { "useroaming", oUseRoaming }, + { "useroaming", oDeprecated }, { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, { "requesttty", oRequestTTY }, @@ -1425,10 +1425,6 @@ parse_keytypes: } break; - case oUseRoaming: - intptr = &options->use_roaming; - goto parse_flag; - case oRequestTTY: intptr = &options->request_tty; multistate_ptr = multistate_requesttty; @@ -1713,7 +1709,6 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; - options->use_roaming = 0; options->add_keys_to_agent = -1; options->visual_host_key = -1; options->ip_qos_interactive = -1; @@ -1889,7 +1884,6 @@ fill_default_options(Options * options) options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; - options->use_roaming = 0; if (options->visual_host_key == -1) options->visual_host_key = 0; if (options->ip_qos_interactive == -1) diff --git a/readconf.h b/readconf.h index 2034bfd9d..c84d068bd 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.112 2015/11/15 22:26:49 jcs Exp $ */ +/* $OpenBSD: readconf.h,v 1.113 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen @@ -137,8 +137,6 @@ typedef struct { int permit_local_command; int visual_host_key; - int use_roaming; - int request_tty; int proxy_use_fdpass; diff --git a/roaming.h b/roaming.h index da069f878..e69de29bb 100644 --- a/roaming.h +++ b/roaming.h @@ -1,45 +0,0 @@ -/* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef ROAMING_H -#define ROAMING_H - -#define DEFAULT_ROAMBUF 65536 -#define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */ -#define ROAMING_REQUEST "roaming@appgate.com" - -extern int roaming_enabled; -extern int resume_in_progress; - -void request_roaming(void); -int get_snd_buf_size(void); -int get_recv_buf_size(void); -void add_recv_bytes(u_int64_t); -int wait_for_roaming_reconnect(void); -void roaming_reply(int, u_int32_t, void *); -void set_out_buffer_size(size_t); -ssize_t roaming_write(int, const void *, size_t, int *); -ssize_t roaming_read(int, void *, size_t, int *); -size_t roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); -u_int64_t get_recv_bytes(void); -u_int64_t get_sent_bytes(void); -void roam_set_bytes(u_int64_t, u_int64_t); -void resend_bytes(int, u_int64_t *); -void calculate_new_key(u_int64_t *, u_int64_t, u_int64_t); -int resume_kex(void); - -#endif /* ROAMING */ diff --git a/roaming_client.c b/roaming_client.c deleted file mode 100644 index cb1328574..000000000 --- a/roaming_client.c +++ /dev/null @@ -1,271 +0,0 @@ -/* $OpenBSD: roaming_client.c,v 1.9 2015/01/27 12:54:06 okan Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include "openbsd-compat/sys-queue.h" -#include -#include - -#include -#include -#include - -#include "xmalloc.h" -#include "buffer.h" -#include "channels.h" -#include "cipher.h" -#include "dispatch.h" -#include "clientloop.h" -#include "log.h" -#include "match.h" -#include "misc.h" -#include "packet.h" -#include "ssh.h" -#include "key.h" -#include "kex.h" -#include "readconf.h" -#include "roaming.h" -#include "ssh2.h" -#include "sshconnect.h" -#include "digest.h" - -/* import */ -extern Options options; -extern char *host; -extern struct sockaddr_storage hostaddr; -extern int session_resumed; - -static u_int32_t roaming_id; -static u_int64_t cookie; -static u_int64_t lastseenchall; -static u_int64_t key1, key2, oldkey1, oldkey2; - -void -roaming_reply(int type, u_int32_t seq, void *ctxt) -{ - if (type == SSH2_MSG_REQUEST_FAILURE) { - logit("Server denied roaming"); - return; - } - verbose("Roaming enabled"); - roaming_id = packet_get_int(); - cookie = packet_get_int64(); - key1 = oldkey1 = packet_get_int64(); - key2 = oldkey2 = packet_get_int64(); - set_out_buffer_size(packet_get_int() + get_snd_buf_size()); - roaming_enabled = 1; -} - -void -request_roaming(void) -{ - packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring(ROAMING_REQUEST); - packet_put_char(1); - packet_put_int(get_recv_buf_size()); - packet_send(); - client_register_global_confirm(roaming_reply, NULL); -} - -static void -roaming_auth_required(void) -{ - u_char digest[SSH_DIGEST_MAX_LENGTH]; - Buffer b; - u_int64_t chall, oldchall; - - chall = packet_get_int64(); - oldchall = packet_get_int64(); - if (oldchall != lastseenchall) { - key1 = oldkey1; - key2 = oldkey2; - } - lastseenchall = chall; - - buffer_init(&b); - buffer_put_int64(&b, cookie); - buffer_put_int64(&b, chall); - if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0) - fatal("%s: ssh_digest_buffer failed", __func__); - buffer_free(&b); - - packet_start(SSH2_MSG_KEX_ROAMING_AUTH); - packet_put_int64(key1 ^ get_recv_bytes()); - packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1)); - packet_send(); - - oldkey1 = key1; - oldkey2 = key2; - calculate_new_key(&key1, cookie, chall); - calculate_new_key(&key2, cookie, chall); - - debug("Received %llu bytes", (unsigned long long)get_recv_bytes()); - debug("Sent roaming_auth packet"); -} - -int -resume_kex(void) -{ - /* - * This should not happen - if the client sends the kex method - * resume@appgate.com then the kex is done in roaming_resume(). - */ - return 1; -} - -static int -roaming_resume(void) -{ - u_int64_t recv_bytes; - char *str = NULL, *kexlist = NULL, *c; - int i, type; - int timeout_ms = options.connection_timeout * 1000; - u_int len; - u_int32_t rnd = 0; - - resume_in_progress = 1; - - /* Exchange banners */ - ssh_exchange_identification(timeout_ms); - packet_set_nonblocking(); - - /* Send a kexinit message with resume@appgate.com as only kex algo */ - packet_start(SSH2_MSG_KEXINIT); - for (i = 0; i < KEX_COOKIE_LEN; i++) { - if (i % 4 == 0) - rnd = arc4random(); - packet_put_char(rnd & 0xff); - rnd >>= 8; - } - packet_put_cstring(KEX_RESUME); - for (i = 1; i < PROPOSAL_MAX; i++) { - /* kex algorithm added so start with i=1 and not 0 */ - packet_put_cstring(""); /* Not used when we resume */ - } - packet_put_char(1); /* first kex_packet follows */ - packet_put_int(0); /* reserved */ - packet_send(); - - /* Assume that resume@appgate.com will be accepted */ - packet_start(SSH2_MSG_KEX_ROAMING_RESUME); - packet_put_int(roaming_id); - packet_send(); - - /* Read the server's kexinit and check for resume@appgate.com */ - if ((type = packet_read()) != SSH2_MSG_KEXINIT) { - debug("expected kexinit on resume, got %d", type); - goto fail; - } - for (i = 0; i < KEX_COOKIE_LEN; i++) - (void)packet_get_char(); - kexlist = packet_get_string(&len); - if (!kexlist - || (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) { - debug("server doesn't allow resume"); - goto fail; - } - free(str); - for (i = 1; i < PROPOSAL_MAX; i++) { - /* kex algorithm taken care of so start with i=1 and not 0 */ - free(packet_get_string(&len)); - } - i = packet_get_char(); /* first_kex_packet_follows */ - if (i && (c = strchr(kexlist, ','))) - *c = 0; - if (i && strcmp(kexlist, KEX_RESUME)) { - debug("server's kex guess (%s) was wrong, skipping", kexlist); - (void)packet_read(); /* Wrong guess - discard packet */ - } - - /* - * Read the ROAMING_AUTH_REQUIRED challenge from the server and - * send ROAMING_AUTH - */ - if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) { - debug("expected roaming_auth_required, got %d", type); - goto fail; - } - roaming_auth_required(); - - /* Read ROAMING_AUTH_OK from the server */ - if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) { - debug("expected roaming_auth_ok, got %d", type); - goto fail; - } - recv_bytes = packet_get_int64() ^ oldkey2; - debug("Peer received %llu bytes", (unsigned long long)recv_bytes); - resend_bytes(packet_get_connection_out(), &recv_bytes); - - resume_in_progress = 0; - - session_resumed = 1; /* Tell clientloop */ - - return 0; - -fail: - free(kexlist); - if (packet_get_connection_in() == packet_get_connection_out()) - close(packet_get_connection_in()); - else { - close(packet_get_connection_in()); - close(packet_get_connection_out()); - } - return 1; -} - -int -wait_for_roaming_reconnect(void) -{ - static int reenter_guard = 0; - int timeout_ms = options.connection_timeout * 1000; - int c; - - if (reenter_guard != 0) - fatal("Server refused resume, roaming timeout may be exceeded"); - reenter_guard = 1; - - fprintf(stderr, "[connection suspended, press return to resume]"); - fflush(stderr); - packet_backup_state(); - /* TODO Perhaps we should read from tty here */ - while ((c = fgetc(stdin)) != EOF) { - if (c == 'Z' - 64) { - kill(getpid(), SIGTSTP); - continue; - } - if (c != '\n' && c != '\r') - continue; - - if (ssh_connect(host, NULL, &hostaddr, options.port, - options.address_family, 1, &timeout_ms, - options.tcp_keep_alive, options.use_privileged_port) == 0 && - roaming_resume() == 0) { - packet_restore_state(); - reenter_guard = 0; - fprintf(stderr, "[connection resumed]\n"); - fflush(stderr); - return 0; - } - - fprintf(stderr, "[reconnect failed, press return to retry]"); - fflush(stderr); - } - fprintf(stderr, "[exiting]\n"); - fflush(stderr); - exit(0); -} diff --git a/roaming_common.c b/roaming_common.c deleted file mode 100644 index ea064605c..000000000 --- a/roaming_common.c +++ /dev/null @@ -1,241 +0,0 @@ -/* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include -#include - -#include -#include -#include -#include - -#include "atomicio.h" -#include "log.h" -#include "packet.h" -#include "xmalloc.h" -#include "cipher.h" -#include "buffer.h" -#include "roaming.h" -#include "digest.h" - -static size_t out_buf_size = 0; -static char *out_buf = NULL; -static size_t out_start; -static size_t out_last; - -static u_int64_t write_bytes = 0; -static u_int64_t read_bytes = 0; - -int roaming_enabled = 0; -int resume_in_progress = 0; - -int -get_snd_buf_size(void) -{ - int fd = packet_get_connection_out(); - int optval; - socklen_t optvallen = sizeof(optval); - - if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen) != 0) - optval = DEFAULT_ROAMBUF; - return optval; -} - -int -get_recv_buf_size(void) -{ - int fd = packet_get_connection_in(); - int optval; - socklen_t optvallen = sizeof(optval); - - if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &optval, &optvallen) != 0) - optval = DEFAULT_ROAMBUF; - return optval; -} - -void -set_out_buffer_size(size_t size) -{ - if (size == 0 || size > MAX_ROAMBUF) - fatal("%s: bad buffer size %lu", __func__, (u_long)size); - /* - * The buffer size can only be set once and the buffer will live - * as long as the session lives. - */ - if (out_buf == NULL) { - out_buf_size = size; - out_buf = xmalloc(size); - out_start = 0; - out_last = 0; - } -} - -u_int64_t -get_recv_bytes(void) -{ - return read_bytes; -} - -void -add_recv_bytes(u_int64_t num) -{ - read_bytes += num; -} - -u_int64_t -get_sent_bytes(void) -{ - return write_bytes; -} - -void -roam_set_bytes(u_int64_t sent, u_int64_t recvd) -{ - read_bytes = recvd; - write_bytes = sent; -} - -static void -buf_append(const char *buf, size_t count) -{ - if (count > out_buf_size) { - buf += count - out_buf_size; - count = out_buf_size; - } - if (count < out_buf_size - out_last) { - memcpy(out_buf + out_last, buf, count); - if (out_start > out_last) - out_start += count; - out_last += count; - } else { - /* data will wrap */ - size_t chunk = out_buf_size - out_last; - memcpy(out_buf + out_last, buf, chunk); - memcpy(out_buf, buf + chunk, count - chunk); - out_last = count - chunk; - out_start = out_last + 1; - } -} - -ssize_t -roaming_write(int fd, const void *buf, size_t count, int *cont) -{ - ssize_t ret; - - ret = write(fd, buf, count); - if (ret > 0 && !resume_in_progress) { - write_bytes += ret; - if (out_buf_size > 0) - buf_append(buf, ret); - } - if (out_buf_size > 0 && - (ret == 0 || (ret == -1 && errno == EPIPE))) { - if (wait_for_roaming_reconnect() != 0) { - ret = 0; - *cont = 1; - } else { - ret = -1; - errno = EAGAIN; - } - } - return ret; -} - -ssize_t -roaming_read(int fd, void *buf, size_t count, int *cont) -{ - ssize_t ret = read(fd, buf, count); - if (ret > 0) { - if (!resume_in_progress) { - read_bytes += ret; - } - } else if (out_buf_size > 0 && - (ret == 0 || (ret == -1 && (errno == ECONNRESET - || errno == ECONNABORTED || errno == ETIMEDOUT - || errno == EHOSTUNREACH)))) { - debug("roaming_read failed for %d ret=%ld errno=%d", - fd, (long)ret, errno); - ret = 0; - if (wait_for_roaming_reconnect() == 0) - *cont = 1; - } - return ret; -} - -size_t -roaming_atomicio(ssize_t(*f)(int, void*, size_t), int fd, void *buf, - size_t count) -{ - size_t ret = atomicio(f, fd, buf, count); - - if (f == vwrite && ret > 0 && !resume_in_progress) { - write_bytes += ret; - } else if (f == read && ret > 0 && !resume_in_progress) { - read_bytes += ret; - } - return ret; -} - -void -resend_bytes(int fd, u_int64_t *offset) -{ - size_t available, needed; - - if (out_start < out_last) - available = out_last - out_start; - else - available = out_buf_size; - needed = write_bytes - *offset; - debug3("resend_bytes: resend %lu bytes from %llu", - (unsigned long)needed, (unsigned long long)*offset); - if (needed > available) - fatal("Needed to resend more data than in the cache"); - if (out_last < needed) { - int chunkend = needed - out_last; - atomicio(vwrite, fd, out_buf + out_buf_size - chunkend, - chunkend); - atomicio(vwrite, fd, out_buf, out_last); - } else { - atomicio(vwrite, fd, out_buf + (out_last - needed), needed); - } -} - -/* - * Caclulate a new key after a reconnect - */ -void -calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) -{ - u_char hash[SSH_DIGEST_MAX_LENGTH]; - Buffer b; - - buffer_init(&b); - buffer_put_int64(&b, *key); - buffer_put_int64(&b, cookie); - buffer_put_int64(&b, challenge); - - if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0) - fatal("%s: digest_buffer failed", __func__); - - buffer_clear(&b); - buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); - *key = buffer_get_int64(&b); - buffer_free(&b); -} diff --git a/roaming_dummy.c b/roaming_dummy.c deleted file mode 100644 index 837de695d..000000000 --- a/roaming_dummy.c +++ /dev/null @@ -1,72 +0,0 @@ -/* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This file is included in the client programs which should not - * support roaming. - */ - -#include "includes.h" - -#include -#include - -#include "roaming.h" - -int resume_in_progress = 0; - -u_int64_t -get_recv_bytes(void) -{ - return 0; -} - -u_int64_t -get_sent_bytes(void) -{ - return 0; -} - -void -roam_set_bytes(u_int64_t sent, u_int64_t recvd) -{ -} - -ssize_t -roaming_write(int fd, const void *buf, size_t count, int *cont) -{ - return write(fd, buf, count); -} - -ssize_t -roaming_read(int fd, void *buf, size_t count, int *cont) -{ - if (cont) - *cont = 0; - return read(fd, buf, count); -} - -void -add_recv_bytes(u_int64_t num) -{ -} - -int -resume_kex(void) -{ - return 1; -} diff --git a/roaming_serv.c b/roaming_serv.c deleted file mode 100644 index 511ca8461..000000000 --- a/roaming_serv.c +++ /dev/null @@ -1,31 +0,0 @@ -/* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include "roaming.h" - -/* - * Wait for the roaming client to reconnect. Returns 0 if a connect ocurred. - */ -int -wait_for_roaming_reconnect(void) -{ - return 1; -} diff --git a/serverloop.c b/serverloop.c index 85fc8d3af..47bc168b2 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.180 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: serverloop.c,v 1.181 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,7 +78,6 @@ #include "dispatch.h" #include "auth-options.h" #include "serverloop.h" -#include "roaming.h" #include "ssherr.h" extern ServerOptions options; @@ -399,11 +398,8 @@ process_input(fd_set *readset) /* Read and buffer any input data from the client. */ if (FD_ISSET(connection_in, readset)) { - int cont = 0; - len = roaming_read(connection_in, buf, sizeof(buf), &cont); + len = read(connection_in, buf, sizeof(buf)); if (len == 0) { - if (cont) - return; verbose("Connection closed by %.100s", get_remote_ipaddr()); connection_closed = 1; diff --git a/ssh.c b/ssh.c index ecaf3022a..993ea1721 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.434 2016/01/14 14:34:34 deraadt Exp $ */ +/* $OpenBSD: ssh.c,v 1.435 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -105,7 +105,6 @@ #include "match.h" #include "msg.h" #include "uidswap.h" -#include "roaming.h" #include "version.h" #include "ssherr.h" #include "myproposal.h" diff --git a/ssh2.h b/ssh2.h index bdff6c5bd..5d1918bf8 100644 --- a/ssh2.h +++ b/ssh2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh2.h,v 1.16 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: ssh2.h,v 1.17 2016/01/14 16:17:40 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -165,13 +165,6 @@ #define SSH2_EXTENDED_DATA_STDERR 1 -/* kex messages for resume@appgate.com */ -#define SSH2_MSG_KEX_ROAMING_RESUME 30 -#define SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED 31 -#define SSH2_MSG_KEX_ROAMING_AUTH 32 -#define SSH2_MSG_KEX_ROAMING_AUTH_OK 33 -#define SSH2_MSG_KEX_ROAMING_AUTH_FAIL 34 - /* Certificate types for OpenSSH certificate keys extension */ #define SSH2_CERT_TYPE_USER 1 #define SSH2_CERT_TYPE_HOST 2 diff --git a/sshconnect.c b/sshconnect.c index 9dcbdeb66..a22710d9f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.269 2015/11/20 01:45:29 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.270 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -59,7 +59,6 @@ #include "readconf.h" #include "atomicio.h" #include "dns.h" -#include "roaming.h" #include "monitor_fdpass.h" #include "ssh2.h" #include "version.h" @@ -532,7 +531,7 @@ send_client_banner(int connection_out, int minor1) xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", PROTOCOL_MAJOR_1, minor1, SSH_VERSION); } - if (roaming_atomicio(vwrite, connection_out, client_version_string, + if (atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) fatal("write: %.100s", strerror(errno)); chop(client_version_string); @@ -592,7 +591,7 @@ ssh_exchange_identification(int timeout_ms) } } - len = roaming_atomicio(read, connection_in, &buf[i], 1); + len = atomicio(read, connection_in, &buf[i], 1); if (len != 1 && errno == EPIPE) fatal("ssh_exchange_identification: " diff --git a/sshconnect2.c b/sshconnect2.c index 6c79a7920..1f918533f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.235 2015/12/11 02:31:47 mmcc Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.236 2016/01/14 16:17:40 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -219,10 +219,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); - if (options.use_roaming && !kex->roaming) { - debug("Roaming not allowed by server"); - options.use_roaming = 0; - } /* remove ext-info from the KEX proposals for rekeying */ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(options.kex_algorithms); diff --git a/sshd.c b/sshd.c index 5d2e0a03c..7504bff6d 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.462 2015/12/10 17:08:40 mmcc Exp $ */ +/* $OpenBSD: sshd.c,v 1.463 2016/01/14 16:17:40 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -121,7 +121,6 @@ #include "ssh-gss.h" #endif #include "monitor_wrap.h" -#include "roaming.h" #include "ssh-sandbox.h" #include "version.h" #include "ssherr.h" @@ -437,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out) options.version_addendum, newline); /* Send our protocol version identification. */ - if (roaming_atomicio(vwrite, sock_out, server_version_string, + if (atomicio(vwrite, sock_out, server_version_string, strlen(server_version_string)) != strlen(server_version_string)) { logit("Could not write ident string to %s", get_remote_ipaddr()); @@ -447,7 +446,7 @@ sshd_exchange_identification(int sock_in, int sock_out) /* Read other sides version identification. */ memset(buf, 0, sizeof(buf)); for (i = 0; i < sizeof(buf) - 1; i++) { - if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) { + if (atomicio(read, sock_in, &buf[i], 1) != 1) { logit("Did not receive identification string from %s", get_remote_ipaddr()); cleanup_exit(255); -- cgit v1.2.3