d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of OpenSSH 5.9p1

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2011-09-28 08:14:41 +00:00
parent c00cf9e642
commit 1e26c29b77
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-crypto/openssh/dist/; revision=225825
svn path=/vendor-crypto/openssh/5.9p1/; revision=225826; tag=vendor/openssh/5.9p1
113 changed files with 10948 additions and 23683 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

484
ChangeLog
View File

@ -1,13 +1,463 @@
20110403
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Prepare for 5.8p2 release.
- (djm) [version.h] crank version
- Release 5.8p2
20110906
- (djm) [README version.h] Correct version
- (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
- (djm) Respin OpenSSH-5.9p1 release
20110905
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update version numbers.
20110904
- (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
regress errors for the sandbox to warnings. ok tim dtucker
- (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
support.
20110829
- (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
to switch SELinux context away from unconfined_t, based on patch from
Jan Chadima; bz#1919 ok dtucker@
20110827
- (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
20110818
- (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
20110817
- (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
OpenSSL 0.9.7. ok djm
- (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
- (djm) [configure.ac] error out if the host lacks the necessary bits for
an explicitly requested sandbox type
- (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
bisson AT archlinux.org
- (djm) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2011/06/03 05:35:10
[regress/cfgmatch.sh]
use OBJ to find test configs, patch from Tim Rice
- markus@cvs.openbsd.org 2011/06/30 22:44:43
[regress/connect-privsep.sh]
test with sandbox enabled; ok djm@
- djm@cvs.openbsd.org 2011/08/02 01:23:41
[regress/cipher-speed.sh regress/try-ciphers.sh]
add SHA256/SHA512 based HMAC modes
- (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
MAC tests for platforms that hack EVP_SHA2 support
20110812
- (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
change error by reporting old and new context names Patch from
jchadima at redhat.
- (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
[contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
init scrips from imorgan AT nas.nasa.gov; bz#1920
- (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
AT gmail.com; ok dtucker@
20110807
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2008/06/26 06:59:39
[moduli.5]
tweak previous;
- sobrado@cvs.openbsd.org 2009/10/28 08:56:54
[moduli.5]
"Diffie-Hellman" is the usual spelling for the cryptographic protocol
first published by Whitfield Diffie and Martin Hellman in 1976.
ok jmc@
- jmc@cvs.openbsd.org 2010/10/14 20:41:28
[moduli.5]
probabalistic -> probabilistic; from naddy
- dtucker@cvs.openbsd.org 2011/08/07 12:55:30
[sftp.1]
typo, fix from Laurent Gautrot
20110805
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/06/23 23:35:42
[monitor.c]
ignore EINTR errors from poll()
- tedu@cvs.openbsd.org 2011/07/06 18:09:21
[authfd.c]
bzero the agent address. the kernel was for a while very cranky about
these things. evne though that's fixed, always good to initialize
memory. ok deraadt djm
- djm@cvs.openbsd.org 2011/07/29 14:42:45
[sandbox-systrace.c]
fail open(2) with EPERM rather than SIGKILLing the whole process. libc
will call open() to do strerror() when NLS is enabled;
feedback and ok markus@
- markus@cvs.openbsd.org 2011/08/01 19:18:15
[gss-serv.c]
prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
report Adam Zabrock; ok djm@, deraadt@
- djm@cvs.openbsd.org 2011/08/02 01:22:11
[mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
Add new SHA256 and SHA512 based HMAC modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
Patch from mdb AT juniper.net; feedback and ok markus@
- djm@cvs.openbsd.org 2011/08/02 23:13:01
[version.h]
crank now, release later
- djm@cvs.openbsd.org 2011/08/02 23:15:03
[ssh.c]
typo in comment
20110624
- (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
markus@
20110623
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/06/22 21:47:28
[servconf.c]
reuse the multistate option arrays to pretty-print options for "sshd -T"
- djm@cvs.openbsd.org 2011/06/22 21:57:01
[servconf.c servconf.h sshd.c sshd_config.5]
[configure.ac Makefile.in]
introduce sandboxing of the pre-auth privsep child using systrace(4).
This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.
The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.
UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.
feedback dtucker@; ok markus@
- djm@cvs.openbsd.org 2011/06/22 22:08:42
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
hook up a channel confirm callback to warn the user then requested X11
forwarding was refused by the server; ok markus@
- djm@cvs.openbsd.org 2011/06/23 09:34:13
[sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
[sandbox-null.c]
rename sandbox.h => ssh-sandbox.h to make things easier for portable
- (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
setrlimit(2)
20110620
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/06/04 00:10:26
[ssh_config.5]
explain IdentifyFile's semantics a little better, prompted by bz#1898
ok dtucker jmc
- markus@cvs.openbsd.org 2011/06/14 22:49:18
[authfile.c]
make sure key_parse_public/private_rsa1() no longer consumes its input
buffer. fixes ssh-add for passphrase-protected ssh1-keys;
noted by naddy@; ok djm@
- djm@cvs.openbsd.org 2011/06/17 21:44:31
[log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
make the pre-auth privsep slave log via a socketpair shared with the
monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
- djm@cvs.openbsd.org 2011/06/17 21:46:16
[sftp-server.c]
the protocol version should be unsigned; bz#1913 reported by mb AT
smartftp.com
- djm@cvs.openbsd.org 2011/06/17 21:47:35
[servconf.c]
factor out multi-choice option parsing into a parse_multistate label
and some support structures; ok dtucker@
- djm@cvs.openbsd.org 2011/06/17 21:57:25
[clientloop.c]
setproctitle for a mux master that has been gracefully stopped;
bz#1911 from Bert.Wesarg AT googlemail.com
20110603
- (dtucker) [README version.h contrib/caldera/openssh.spec
contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
bumps from the 5.8p2 branch into HEAD. ok djm.
- (tim) [configure.ac defines.h] Run test program to detect system mail
directory. Add --with-maildir option to override. Fixed OpenServer 6
getting it wrong. Fixed many systems having MAIL=/var/mail//username
ok dtucker
- (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
unconditionally in other places and the survey data we have does not show
any systems that use it. "nuke it" djm@
- (djm) [configure.ac] enable setproctitle emulation for OS X
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/06/03 00:54:38
[ssh.c]
bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
AT googlemail.com; ok dtucker@
NB. includes additional portability code to enable setproctitle emulation
on platforms that don't support it.
- dtucker@cvs.openbsd.org 2011/06/03 01:37:40
[ssh-agent.c]
Check current parent process ID against saved one to determine if the parent
has exited, rather than attempting to send a zero signal, since the latter
won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
Gillmor, ok djm@
- dtucker@cvs.openbsd.org 2011/05/31 02:01:58
[regress/dynamic-forward.sh]
back out revs 1.6 and 1.5 since it's not reliable
- dtucker@cvs.openbsd.org 2011/05/31 02:03:34
[regress/dynamic-forward.sh]
work around startup and teardown races; caught by deraadt
- dtucker@cvs.openbsd.org 2011/06/03 00:29:52
[regress/dynamic-forward.sh]
Retry establishing the port forwarding after a small delay, should make
the tests less flaky when the previous test is slow to shut down and free
up the port.
- (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
20110529
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/23 03:30:07
[auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
[pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)
feedback and ok markus@ dtucker@
- djm@cvs.openbsd.org 2011/05/23 03:33:38
[auth.c]
make secure_filename() spam debug logs less
- djm@cvs.openbsd.org 2011/05/23 03:52:55
[sshconnect.c]
remove extra newline
- jmc@cvs.openbsd.org 2011/05/23 07:10:21
[sshd.8 sshd_config.5]
tweak previous; ok djm
- djm@cvs.openbsd.org 2011/05/23 07:24:57
[authfile.c]
read in key comments for v.2 keys (though note that these are not
passed over the agent protocol); bz#439, based on patch from binder
AT arago.de; ok markus@
- djm@cvs.openbsd.org 2011/05/24 07:15:47
[readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
Remove undocumented legacy options UserKnownHostsFile2 and
GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
accept multiple paths per line and making their defaults include
known_hosts2; ok markus
- djm@cvs.openbsd.org 2011/05/23 03:31:31
[regress/cfgmatch.sh]
include testing of multiple/overridden AuthorizedKeysFiles
refactor to simply daemon start/stop and get rid of racy constructs
20110520
- (djm) [session.c] call setexeccon() before executing passwd for pw
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
- (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
options, we should corresponding -W-option when trying to determine
whether it is accepted. Also includes a warning fix on the program
fragment uses (bad main() return type).
bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
- (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/15 08:09:01
[authfd.c monitor.c serverloop.c]
use FD_CLOEXEC consistently; patch from zion AT x96.org
- djm@cvs.openbsd.org 2011/05/17 07:13:31
[key.c]
fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)
- djm@cvs.openbsd.org 2011/05/20 00:55:02
[servconf.c]
the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
and AuthorizedPrincipalsFile were not being correctly applied in
Match blocks, despite being overridable there; ok dtucker@
- dtucker@cvs.openbsd.org 2011/05/20 02:00:19
[servconf.c]
Add comment documenting what should be after the preauth check. ok djm
- djm@cvs.openbsd.org 2011/05/20 03:25:45
[monitor.c monitor_wrap.c servconf.c servconf.h]
use a macro to define which string options to copy between configs
for Match. This avoids problems caused by forgetting to keep three
code locations in perfect sync and ordering
"this is at once beautiful and horrible" + ok dtucker@
- djm@cvs.openbsd.org 2011/05/17 07:13:31
[regress/cert-userkey.sh]
fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)
- djm@cvs.openbsd.org 2011/05/20 02:43:36
[cert-hostkey.sh]
another attempt to generate a v00 ECDSA key that broke the test
ID sync only - portable already had this somehow
- dtucker@cvs.openbsd.org 2011/05/20 05:19:50
[dynamic-forward.sh]
Prevent races in dynamic forwarding test; ok djm
- dtucker@cvs.openbsd.org 2011/05/20 06:32:30
[dynamic-forward.sh]
fix dumb error in dynamic-forward test
20110515
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/05 05:12:08
[mux.c]
gracefully fall back when ControlPath is too large for a
sockaddr_un. ok markus@ as part of a larger diff
- dtucker@cvs.openbsd.org 2011/05/06 01:03:35
[sshd_config]
clarify language about overriding defaults. bz#1892, from Petr Cerny
- djm@cvs.openbsd.org 2011/05/06 01:09:53
[sftp.1]
mention that IPv6 addresses must be enclosed in square brackets;
bz#1845
- djm@cvs.openbsd.org 2011/05/06 02:05:41
[sshconnect2.c]
fix memory leak; bz#1849 ok dtucker@
- djm@cvs.openbsd.org 2011/05/06 21:14:05
[packet.c packet.h]
set traffic class for IPv6 traffic as we do for IPv4 TOS;
patch from lionel AT mamane.lu via Colin Watson in bz#1855;
ok markus@
- djm@cvs.openbsd.org 2011/05/06 21:18:02
[ssh.c ssh_config.5]
add a %L expansion (short-form of the local host name) for ControlPath;
sync some more expansions with LocalCommand; ok markus@
- djm@cvs.openbsd.org 2011/05/06 21:31:38
[readconf.c ssh_config.5]
support negated Host matching, e.g.
Host *.example.org !c.example.org
User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
ok markus@
- djm@cvs.openbsd.org 2011/05/06 21:34:32
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
Add a RequestTTY ssh_config option to allow configuration-based
control over tty allocation (like -t/-T); ok markus@
- djm@cvs.openbsd.org 2011/05/06 21:38:58
[ssh.c]
fix dropping from previous diff
- djm@cvs.openbsd.org 2011/05/06 22:20:10
[PROTOCOL.mux]
fix numbering; from bert.wesarg AT googlemail.com
- jmc@cvs.openbsd.org 2011/05/07 23:19:39
[ssh_config.5]
- tweak previous
- come consistency fixes
ok djm
- jmc@cvs.openbsd.org 2011/05/07 23:20:25
[ssh.1]
+.It RequestTTY
- djm@cvs.openbsd.org 2011/05/08 12:52:01
[PROTOCOL.mux clientloop.c clientloop.h mux.c]
improve our behaviour when TTY allocation fails: if we are in
RequestTTY=auto mode (the default), then do not treat at TTY
allocation error as fatal but rather just restore the local TTY
to cooked mode and continue. This is more graceful on devices that
never allocate TTYs.
If RequestTTY is set to "yes" or "force", then failure to allocate
a TTY is fatal.
ok markus@
- djm@cvs.openbsd.org 2011/05/10 05:46:46
[authfile.c]
despam debug() logs by detecting that we are trying to load a private key
in key_try_load_public() and returning early; ok markus@
- djm@cvs.openbsd.org 2011/05/11 04:47:06
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@
- djm@cvs.openbsd.org 2011/05/13 00:05:36
[authfile.c]
warn on unexpected key type in key_parse_private_type()
- (djm) [packet.c] unbreak portability #endif
20110510
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
--with-ssl-engine which was broken with the change from deprecated
SSLeay_add_all_algorithms(). ok djm
20110506
- (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
for closefrom() in test code. Report from Dan Wallis via Gentoo.
20110505
- (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
definitions. From des AT des.no
- (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/03/10 02:52:57
[auth2-gss.c auth2.c auth.h]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
- okan@cvs.openbsd.org 2011/03/15 10:36:02
[ssh-keyscan.c]
use timerclear macro
ok djm@
- stevesk@cvs.openbsd.org 2011/03/23 15:16:22
[ssh-keygen.1 ssh-keygen.c]
Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
for which host keys do not exist, generate the host keys with the
default key file path, an empty passphrase, default bits for the key
type, and default comment. This will be used by /etc/rc to generate
new host keys. Idea from deraadt.
ok deraadt
- stevesk@cvs.openbsd.org 2011/03/23 16:24:56
[ssh-keygen.1]
-q not used in /etc/rc now so remove statement.
- stevesk@cvs.openbsd.org 2011/03/23 16:50:04
[ssh-keygen.c]
remove -d, documentation removed >10 years ago; ok markus
- jmc@cvs.openbsd.org 2011/03/24 15:29:30
[ssh-keygen.1]
zap trailing whitespace;
- stevesk@cvs.openbsd.org 2011/03/24 22:14:54
[ssh-keygen.c]
use strcasecmp() for "clear" cert permission option also; ok djm
- stevesk@cvs.openbsd.org 2011/03/29 18:54:17
[misc.c misc.h servconf.c]
print ipqos friendly string for sshd -T; ok markus
# sshd -Tf sshd_config|grep ipqos
ipqos lowdelay throughput
- djm@cvs.openbsd.org 2011/04/12 04:23:50
[ssh-keygen.c]
fix -Wshadow
- djm@cvs.openbsd.org 2011/04/12 05:32:49
[sshd.c]
exit with 0 status on SIGTERM; bz#1879
- djm@cvs.openbsd.org 2011/04/13 04:02:48
[ssh-keygen.1]
improve wording; bz#1861
- djm@cvs.openbsd.org 2011/04/13 04:09:37
[ssh-keygen.1]
mention valid -b sizes for ECDSA keys; bz#1862
- djm@cvs.openbsd.org 2011/04/17 22:42:42
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
allow graceful shutdown of multiplexing: request that a mux server
removes its listener socket and refuse future multiplexing requests;
ok markus@
- djm@cvs.openbsd.org 2011/04/18 00:46:05
[ssh-keygen.c]
certificate options are supposed to be packed in lexical order of
option name (though we don't actually enforce this at present).
Move one up that was out of sequence
- djm@cvs.openbsd.org 2011/05/04 21:15:29
[authfile.c authfile.h ssh-add.c]
allow "ssh-add - < key"; feedback and ok markus@
- (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
so autoreconf 2.68 is happy.
- (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
20110329
- (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds
noticed by tmraz AT redhat.com
20110221
- (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
Cygwin-specific service installer script ssh-host-config. The actual
@ -19,6 +469,13 @@
The new script also is more thorough to inform the user why the
script failed. Patch from vinschen at redhat com.
20110218
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/02/16 00:31:14
[ssh-keysign.c]
make hostbased auth with ECDSA keys work correctly. Based on patch
by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
20110206
- (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
selinux code. Patch from Leonardo Chiquitto
@ -46,6 +503,14 @@
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
20110127
- (tim) [config.guess config.sub] Sync with upstream.
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
20110125
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
@ -1256,4 +1721,3 @@
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@

6
INSTALL
View File

@ -16,9 +16,7 @@ The remaining items are optional.
NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
/dev/random, or failing that, either prngd or egd. If you don't have
any of these you will have to rely on ssh-rand-helper, which is inferior
to a good kernel-based solution or prngd.
/dev/random, or failing that, either prngd or egd
PRNGD:
@ -262,4 +260,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.85 2010/02/11 22:34:22 djm Exp $
$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $

55
Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.320.4.1 2011/02/04 00:42:13 djm Exp $
# $Id: Makefile.in,v 1.325 2011/08/05 20:15:18 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -26,7 +26,6 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
RAND_HELPER=$(libexecdir)/ssh-rand-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
STRIP_OPT=@STRIP_OPT@
@ -39,7 +38,6 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
-D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
-DSSH_RAND_HELPER=\"$(RAND_HELPER)\"
CC=@CC@
LD=@LD@
@ -61,10 +59,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
@ -94,17 +89,17 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
sftp-server.o sftp-common.o \
roaming_common.o roaming_serv.o
roaming_common.o roaming_serv.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
CONFIGFILES_IN=sshd_config ssh_config moduli
PATHSUBS = \
-e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \
-e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
-e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
-e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
@ -124,7 +119,7 @@ PATHSUBS = \
FIXPATHSCMD = $(SED) $(PATHSUBS)
all: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
$(LIBSSH_OBJS): Makefile.in config.h
$(SSHOBJS): Makefile.in config.h
@ -175,9 +170,6 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o s
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
$(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
@ -198,11 +190,6 @@ $(CONFIGFILES): $(CONFIGFILES_IN)
conffile=`echo $@ | sed 's/.out$$//'`; \
$(FIXPATHSCMD) $(srcdir)/$${conffile} > $@
ssh_prng_cmds.out: ssh_prng_cmds
if test ! -z "$(INSTALL_SSH_PRNG_CMDS)"; then \
$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
fi
# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
moduli:
echo
@ -215,7 +202,7 @@ clean: regressclean
distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core opensshd.init openssh.xml
rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds
rm -f Makefile buildpkg.sh config.h config.status
rm -f survey.sh openbsd-compat/regress/Makefile *~
rm -rf autom4te.cache
(cd openbsd-compat && $(MAKE) distclean)
@ -226,6 +213,8 @@ distclean: regressclean
veryclean: distclean
rm -f configure config.h.in *.0
cleandir: veryclean
mrproper: veryclean
realclean: veryclean
@ -242,9 +231,9 @@ distprep: catman-do
$(AUTORECONF)
-rm -rf autom4te.cache
install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf
install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
check-config:
-$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
@ -265,9 +254,6 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \
fi
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
@ -282,9 +268,6 @@ install-files:
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
fi
$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
@ -308,13 +291,6 @@ install-sysconf:
else \
echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
fi
@if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
else \
echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \
fi ; \
fi
@if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \
@ -361,7 +337,6 @@ host-key-force: ssh-keygen$(EXEEXT)
uninstallall: uninstall
-rm -f $(DESTDIR)$(sysconfdir)/ssh_config
-rm -f $(DESTDIR)$(sysconfdir)/sshd_config
-rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds
-rmdir $(DESTDIR)$(sysconfdir)
-rmdir $(DESTDIR)$(bindir)
-rmdir $(DESTDIR)$(sbindir)
@ -383,7 +358,6 @@ uninstall:
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
-rm -f $(DESTDIR)$(RAND_HELPER)$(EXEEXT)
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@ -392,7 +366,6 @@ uninstall:
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@ -462,7 +435,7 @@ survey: survey.sh ssh
send-survey: survey
mail portable-survey@mindrot.org <survey
package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
package: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
sh buildpkg.sh; \
fi

30
PROTOCOL.mux
View File

@ -73,6 +73,13 @@ non-multiplexed ssh(1) connection. Two additional cases that the
client must cope with are it receiving a signal itself and the
server disconnecting without sending an exit message.
A master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE
if remote TTY allocation was unsuccessful. The client may use this to
return its local tty to "cooked" mode.
uint32 MUX_S_TTY_ALLOC_FAIL
uint32 session id
3. Health checks
The client may request a health check/PID report from a server:
@ -149,10 +156,21 @@ The client then sends its standard input and output file descriptors
The contents of "reserved" are currently ignored.
A server may reply with a MUX_S_SESSION_OPEED, a MUX_S_PERMISSION_DENIED
A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
or a MUX_S_FAILURE.
8. Status messages
8. Requesting shutdown of mux listener
A client may request the master to stop accepting new multiplexing requests
and remove its listener socket.
uint32 MUX_C_STOP_LISTENING
uint32 request id
A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
MUX_S_FAILURE.
9. Status messages
The MUX_S_OK message is empty:
@ -169,7 +187,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason:
uint32 client request id
string reason
9. Protocol numbers
10. Protocol numbers
#define MUX_MSG_HELLO 0x00000001
#define MUX_C_NEW_SESSION 0x10000002
@ -178,6 +196,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason:
#define MUX_C_OPEN_FWD 0x10000006
#define MUX_C_CLOSE_FWD 0x10000007
#define MUX_C_NEW_STDIO_FWD 0x10000008
#define MUX_C_STOP_LISTENING 0x10000009
#define MUX_S_OK 0x80000001
#define MUX_S_PERMISSION_DENIED 0x80000002
#define MUX_S_FAILURE 0x80000003
@ -185,6 +204,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason:
#define MUX_S_ALIVE 0x80000005
#define MUX_S_SESSION_OPENED 0x80000006
#define MUX_S_REMOTE_PORT 0x80000007
#define MUX_S_TTY_ALLOC_FAIL 0x80000008
#define MUX_FWD_LOCAL 1
#define MUX_FWD_REMOTE 2
@ -192,12 +212,10 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason:
XXX TODO
XXX extended status (e.g. report open channels / forwards)
XXX graceful close (delete listening socket, but keep existing sessions active)
XXX lock (maybe)
XXX watch in/out traffic (pre/post crypto)
XXX inject packet (what about replies)
XXX server->client error/warning notifications
XXX port0 rfwd (need custom response message)
XXX send signals via mux
$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $
$OpenBSD: PROTOCOL.mux,v 1.7 2011/05/08 12:52:01 djm Exp $

4
README
View File

@ -1,4 +1,4 @@
See http://www.openssh.com/txt/release-5.8p2 for the release notes.
See http://www.openssh.com/txt/release-5.9 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@ -62,4 +62,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.75.4.2 2011/05/03 00:04:21 djm Exp $
$Id: README,v 1.77.2.2 2011/09/06 23:11:20 djm Exp $

30
aclocal.m4 vendored
View File

@ -1,8 +1,26 @@
dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $
dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $
dnl
dnl OpenSSH-specific autoconf macros
dnl
dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag])
dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
dnl 'check_flag'.
AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
AC_MSG_CHECKING([if $CC supports $1])
saved_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $1"
_define_flag="$2"
test "x$_define_flag" = "x" && _define_flag="$1"
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
[ AC_MSG_RESULT([yes])
CFLAGS="$saved_CFLAGS $_define_flag"],
[ AC_MSG_RESULT([no])
CFLAGS="$saved_CFLAGS" ]
)
}])
dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
@ -33,16 +51,6 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
fi
])
dnl OSSH_PATH_ENTROPY_PROG(variablename, command):
dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST
AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [
AC_PATH_PROG($1, $2)
if test -z "[$]$1" ; then
$1="undef"
fi
AC_SUBST($1)
])
dnl Check for socklen_t: historically on BSD it is an int, and in
dnl POSIX 1g it is a type of its own, but some platforms use different
dnl types for the argument to getsockopt, getpeername, etc. So we

70
auth-rsa.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-rsa.c,v 1.79 2010/12/03 23:55:27 djm Exp $ */
/* $OpenBSD: auth-rsa.c,v 1.80 2011/05/23 03:30:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -160,44 +160,27 @@ auth_rsa_challenge_dialog(Key *key)
return (success);
}
/*
* check if there's user key matching client_n,
* return key if login is allowed, NULL otherwise
*/
int
auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
static int
rsa_key_allowed_in_file(struct passwd *pw, char *file,
const BIGNUM *client_n, Key **rkey)
{
char line[SSH_MAX_PUBKEY_BYTES], *file;
char line[SSH_MAX_PUBKEY_BYTES];
int allowed = 0;
u_int bits;
FILE *f;
u_long linenum = 0;
Key *key;
/* Temporarily use the user's uid. */
temporarily_use_uid(pw);
/* The authorized keys. */
file = authorized_keys_file(pw);
debug("trying public RSA key file %s", file);
f = auth_openkeyfile(file, pw, options.strict_modes);
if (!f) {
xfree(file);
restore_uid();
return (0);
}
/* Flag indicating whether the key is allowed. */
allowed = 0;
key = key_new(KEY_RSA1);
if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
return 0;
/*
* Go though the accepted keys, looking for the current key. If
* found, perform a challenge-response dialog to verify that the
* user really has the corresponding private key.
*/
key = key_new(KEY_RSA1);
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp;
char *key_options;
@ -235,7 +218,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
}
/* cp now points to the comment part. */
/* Check if the we have found the desired key (identified by its modulus). */
/*
* Check if the we have found the desired key (identified
* by its modulus).
*/
if (BN_cmp(key->rsa->n, client_n) != 0)
continue;
@ -264,11 +250,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
break;
}
/* Restore the privileged uid. */
restore_uid();
/* Close the file. */
xfree(file);
fclose(f);
/* return key if allowed */
@ -276,7 +258,33 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
*rkey = key;
else
key_free(key);
return (allowed);
return allowed;
}
/*
* check if there's user key matching client_n,
* return key if login is allowed, NULL otherwise
*/
int
auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
{
char *file;
u_int i, allowed = 0;
temporarily_use_uid(pw);
for (i = 0; !allowed && i < options.num_authkeys_files; i++) {
file = expand_authorized_keys(
options.authorized_keys_files[i], pw);
allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
xfree(file);
}
restore_uid();
return allowed;
}
/*

1
auth-skey.c
View File

@ -39,6 +39,7 @@
#include "hostfile.h"
#include "auth.h"
#include "ssh-gss.h"
#include "log.h"
#include "monitor_wrap.h"
static void *

23
auth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */
/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -331,7 +331,7 @@ auth_root_allowed(char *method)
*
* This returns a buffer allocated by xmalloc.
*/
static char *
char *
expand_authorized_keys(const char *filename, struct passwd *pw)
{
char *file, ret[MAXPATHLEN];
@ -354,18 +354,6 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
return (xstrdup(ret));
}
char *
authorized_keys_file(struct passwd *pw)
{
return expand_authorized_keys(options.authorized_keys_file, pw);
}
char *
authorized_keys_file2(struct passwd *pw)
{
return expand_authorized_keys(options.authorized_keys_file2, pw);
}
char *
authorized_principals_file(struct passwd *pw)
{
@ -468,7 +456,6 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
}
strlcpy(buf, cp, sizeof(buf));
debug3("secure_filename: checking '%s'", buf);
if (stat(buf, &st) < 0 ||
(st.st_uid != 0 && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
@ -478,11 +465,9 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
}
/* If are past the homedir then we can stop */
if (comparehome && strcmp(homedir, buf) == 0) {
debug3("secure_filename: terminating check at '%s'",
buf);
if (comparehome && strcmp(homedir, buf) == 0)
break;
}
/*
* dirname should always complete with a "/" path,
* but we can be paranoid and check for "." too

6
auth.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.66 2010/05/07 11:30:29 djm Exp $ */
/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -53,6 +53,7 @@ struct Authctxt {
int valid; /* user exists and is allowed to login */
int attempt;
int failures;
int server_caused_failure;
int force_pwchange;
char *user; /* username sent by the client */
char *service;
@ -167,8 +168,7 @@ char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
void abandon_challenge_response(Authctxt *);
char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *);
char *expand_authorized_keys(const char *, struct passwd *pw);
char *authorized_principals_file(struct passwd *);
FILE *auth_openkeyfile(const char *, struct passwd *, int);

4
auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.17 2011/03/10 02:52:57 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -102,6 +102,7 @@ userauth_gssapi(Authctxt *authctxt)
if (!present) {
xfree(doid);
authctxt->server_caused_failure = 1;
return (0);
}
@ -109,6 +110,7 @@ userauth_gssapi(Authctxt *authctxt)
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
xfree(doid);
authctxt->server_caused_failure = 1;
return (0);
}

19
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.29 2011/05/23 03:30:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -436,7 +436,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
int
user_key_allowed(struct passwd *pw, Key *key)
{
int success;
u_int success, i;
char *file;
if (auth_key_is_revoked(key))
@ -448,16 +448,13 @@ user_key_allowed(struct passwd *pw, Key *key)
if (success)
return success;
file = authorized_keys_file(pw);
success = user_key_allowed2(pw, key, file);
xfree(file);
if (success)
return success;
for (i = 0; !success && i < options.num_authkeys_files; i++) {
file = expand_authorized_keys(
options.authorized_keys_files[i], pw);
success = user_key_allowed2(pw, key, file);
xfree(file);
}
/* try suffix "2" for backward compat, too */
file = authorized_keys_file2(pw);
success = user_key_allowed2(pw, key, file);
xfree(file);
return success;
}

6
auth2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -274,6 +274,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
#endif
authctxt->postponed = 0;
authctxt->server_caused_failure = 0;
/* try to authenticate user */
m = authmethod_lookup(method);
@ -346,7 +347,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
} else {
/* Allow initial try of "none" auth without failure penalty */
if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
if (!authctxt->server_caused_failure &&
(authctxt->attempt > 1 || strcmp(method, "none") != 0))
authctxt->failures++;
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS

5
authfd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */
/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -102,6 +102,7 @@ ssh_get_authentication_socket(void)
if (!authsocket)
return -1;
bzero(&sunaddr, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
@ -110,7 +111,7 @@ ssh_get_authentication_socket(void)
return -1;
/* close on exec */
if (fcntl(sock, F_SETFD, 1) == -1) {
if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) {
close(sock);
return -1;
}

154
authfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
/* $OpenBSD: authfile.c,v 1.92 2011/06/14 22:49:18 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -69,6 +69,8 @@
#include "misc.h"
#include "atomicio.h"
#define MAX_KEY_FILE_SIZE (1024 * 1024)
/* Version identification string for SSH v1 identity files. */
static const char authfile_id_string[] =
"SSH PRIVATE KEY FILE FORMAT 1.1\n";
@ -277,6 +279,7 @@ static Key *
key_parse_public_rsa1(Buffer *blob, char **commentp)
{
Key *pub;
Buffer copy;
/* Check that it is at least big enough to contain the ID string. */
if (buffer_len(blob) < sizeof(authfile_id_string)) {
@ -293,31 +296,33 @@ key_parse_public_rsa1(Buffer *blob, char **commentp)
debug3("Incorrect RSA1 identifier");
return NULL;
}
buffer_consume(blob, sizeof(authfile_id_string));
buffer_init(&copy);
buffer_append(&copy, buffer_ptr(blob), buffer_len(blob));
buffer_consume(&copy, sizeof(authfile_id_string));
/* Skip cipher type and reserved data. */
(void) buffer_get_char(blob); /* cipher type */
(void) buffer_get_int(blob); /* reserved */
(void) buffer_get_char(&copy); /* cipher type */
(void) buffer_get_int(&copy); /* reserved */
/* Read the public key from the buffer. */
(void) buffer_get_int(blob);
(void) buffer_get_int(&copy);
pub = key_new(KEY_RSA1);
buffer_get_bignum(blob, pub->rsa->n);
buffer_get_bignum(blob, pub->rsa->e);
buffer_get_bignum(&copy, pub->rsa->n);
buffer_get_bignum(&copy, pub->rsa->e);
if (commentp)
*commentp = buffer_get_string(blob, NULL);
*commentp = buffer_get_string(&copy, NULL);
/* The encrypted private part is not parsed by this function. */
buffer_clear(blob);
buffer_free(&copy);
return pub;
}
/* Load the contents of a key file into a buffer */
static int
/* Load a key from a fd into a buffer */
int
key_load_file(int fd, const char *filename, Buffer *blob)
{
u_char buf[1024];
size_t len;
u_char *cp;
struct stat st;
if (fstat(fd, &st) < 0) {
@ -325,30 +330,45 @@ key_load_file(int fd, const char *filename, Buffer *blob)
filename == NULL ? "" : filename,
filename == NULL ? "" : " ",
strerror(errno));
close(fd);
return 0;
}
if (st.st_size > 1*1024*1024) {
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
st.st_size > MAX_KEY_FILE_SIZE) {
toobig:
error("%s: key file %.200s%stoo large", __func__,
filename == NULL ? "" : filename,
filename == NULL ? "" : " ");
close(fd);
return 0;
}
len = (size_t)st.st_size; /* truncated */
buffer_init(blob);
cp = buffer_append_space(blob, len);
if (atomicio(read, fd, cp, len) != len) {
debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
filename == NULL ? "" : filename,
filename == NULL ? "" : " ",
strerror(errno));
for (;;) {
if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
if (errno == EPIPE)
break;
debug("%s: read from key file %.200s%sfailed: %.100s",
__func__, filename == NULL ? "" : filename,
filename == NULL ? "" : " ", strerror(errno));
buffer_clear(blob);
bzero(buf, sizeof(buf));
return 0;
}
buffer_append(blob, buf, len);
if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
buffer_clear(blob);
bzero(buf, sizeof(buf));
goto toobig;
}
}
bzero(buf, sizeof(buf));
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
st.st_size != buffer_len(blob)) {
debug("%s: key file %.200s%schanged size while reading",
__func__, filename == NULL ? "" : filename,
filename == NULL ? "" : " ");
buffer_clear(blob);
close(fd);
return 0;
}
return 1;
}
@ -403,6 +423,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
CipherContext ciphercontext;
Cipher *cipher;
Key *prv = NULL;
Buffer copy;
/* Check that it is at least big enough to contain the ID string. */
if (buffer_len(blob) < sizeof(authfile_id_string)) {
@ -419,41 +440,44 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
debug3("Incorrect RSA1 identifier");
return NULL;
}
buffer_consume(blob, sizeof(authfile_id_string));
buffer_init(&copy);
buffer_append(&copy, buffer_ptr(blob), buffer_len(blob));
buffer_consume(&copy, sizeof(authfile_id_string));
/* Read cipher type. */
cipher_type = buffer_get_char(blob);
(void) buffer_get_int(blob); /* Reserved data. */
cipher_type = buffer_get_char(&copy);
(void) buffer_get_int(&copy); /* Reserved data. */
/* Read the public key from the buffer. */
(void) buffer_get_int(blob);
(void) buffer_get_int(&copy);
prv = key_new_private(KEY_RSA1);
buffer_get_bignum(blob, prv->rsa->n);
buffer_get_bignum(blob, prv->rsa->e);
buffer_get_bignum(&copy, prv->rsa->n);
buffer_get_bignum(&copy, prv->rsa->e);
if (commentp)
*commentp = buffer_get_string(blob, NULL);
*commentp = buffer_get_string(&copy, NULL);
else
(void)buffer_get_string_ptr(blob, NULL);
(void)buffer_get_string_ptr(&copy, NULL);
/* Check that it is a supported cipher. */
cipher = cipher_by_number(cipher_type);
if (cipher == NULL) {
debug("Unsupported RSA1 cipher %d", cipher_type);
buffer_free(&copy);
goto fail;
}
/* Initialize space for decrypted data. */
buffer_init(&decrypted);
cp = buffer_append_space(&decrypted, buffer_len(blob));
cp = buffer_append_space(&decrypted, buffer_len(&copy));
/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_DECRYPT);
cipher_crypt(&ciphercontext, cp,
buffer_ptr(blob), buffer_len(blob));
buffer_ptr(&copy), buffer_len(&copy));
cipher_cleanup(&ciphercontext);
memset(&ciphercontext, 0, sizeof(ciphercontext));
buffer_clear(blob);
buffer_free(&copy);
check1 = buffer_get_char(&decrypted);
check2 = buffer_get_char(&decrypted);
@ -606,7 +630,7 @@ key_perm_ok(int fd, const char *filename)
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
error("It is recommended that your private key files are NOT accessible by others.");
error("It is required that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return 0;
}
@ -626,6 +650,7 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase,
case KEY_UNSPEC:
return key_parse_private_pem(blob, type, passphrase, commentp);
default:
error("%s: cannot parse key type %d", __func__, type);
break;
}
return NULL;
@ -669,12 +694,35 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
return ret;
}
Key *
key_parse_private(Buffer *buffer, const char *filename,
const char *passphrase, char **commentp)
{
Key *pub, *prv;
/* it's a SSH v1 key if the public key part is readable */
pub = key_parse_public_rsa1(buffer, commentp);
if (pub == NULL) {
prv = key_parse_private_type(buffer, KEY_UNSPEC,
passphrase, NULL);
/* use the filename as a comment for PEM */
if (commentp && prv)
*commentp = xstrdup(filename);
} else {
key_free(pub);
/* key_parse_public_rsa1() has already loaded the comment */
prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
NULL);
}
return prv;
}
Key *
key_load_private(const char *filename, const char *passphrase,
char **commentp)
{
Key *pub, *prv;
Buffer buffer, pubcopy;
Key *prv;
Buffer buffer;
int fd;
fd = open(filename, O_RDONLY);
@ -697,23 +745,7 @@ key_load_private(const char *filename, const char *passphrase,
}
close(fd);
buffer_init(&pubcopy);
buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer));
/* it's a SSH v1 key if the public key part is readable */
pub = key_parse_public_rsa1(&pubcopy, commentp);
buffer_free(&pubcopy);
if (pub == NULL) {
prv = key_parse_private_type(&buffer, KEY_UNSPEC,
passphrase, NULL);
/* use the filename as a comment for PEM */
if (commentp && prv)
*commentp = xstrdup(filename);
} else {
key_free(pub);
/* key_parse_public_rsa1() has already loaded the comment */
prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
NULL);
}
prv = key_parse_private(&buffer, filename, passphrase, commentp);
buffer_free(&buffer);
return prv;
}
@ -737,13 +769,19 @@ key_try_load_public(Key *k, const char *filename, char **commentp)
case '\0':
continue;
}
/* Abort loading if this looks like a private key */
if (strncmp(cp, "-----BEGIN", 10) == 0)
break;
/* Skip leading whitespace. */
for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
;
if (*cp) {
if (key_read(k, &cp) == 1) {
if (commentp)
*commentp=xstrdup(filename);
cp[strcspn(cp, "\r\n")] = '\0';
if (commentp) {
*commentp = xstrdup(*cp ?
cp : filename);
}
fclose(f);
return 1;
}

4
authfile.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfile.h,v 1.15 2010/08/04 05:42:47 djm Exp $ */
/* $OpenBSD: authfile.h,v 1.16 2011/05/04 21:15:29 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -16,9 +16,11 @@
#define AUTHFILE_H
int key_save_private(Key *, const char *, const char *, const char *);
int key_load_file(int, const char *, Buffer *);
Key *key_load_cert(const char *);
Key *key_load_public(const char *, char **);
Key *key_load_public_type(int, const char *, char **);
Key *key_parse_private(Buffer *, const char *, const char *, char **);
Key *key_load_private(const char *, const char *, char **);
Key *key_load_private_cert(int, const char *, const char *, int *);
Key *key_load_private_type(int, const char *, const char *, char **, int *);

7
buildpkg.sh.in
View File

@ -229,8 +229,6 @@ perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
# We don't want to overwrite config files on multiple installs
mv $FAKE_ROOT${sysconfdir}/ssh_config $FAKE_ROOT${sysconfdir}/ssh_config.default
mv $FAKE_ROOT${sysconfdir}/sshd_config $FAKE_ROOT${sysconfdir}/sshd_config.default
[ -f $FAKE_ROOT${sysconfdir}/ssh_prng_cmds ] && \
mv $FAKE_ROOT${sysconfdir}/ssh_prng_cmds $FAKE_ROOT${sysconfdir}/ssh_prng_cmds.default
# local tweeks here
[ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES}
@ -317,11 +315,6 @@ cat > postinstall << _EOF
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
}
# make rc?.d dirs only if we are doing a test install
[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {

6
channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */
/* $OpenBSD: channels.c,v 1.311 2011/06/22 22:08:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -3562,7 +3562,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt)
*/
void
x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
const char *proto, const char *data)
const char *proto, const char *data, int want_reply)
{
u_int data_len = (u_int) strlen(data) / 2;
u_int i, value;
@ -3615,7 +3615,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
/* Send the request packet. */
if (compat20) {
channel_request_start(client_session_id, "x11-req", 0);
channel_request_start(client_session_id, "x11-req", want_reply);
packet_put_char(0); /* XXX bool single connection */
} else {
packet_start(SSH_CMSG_X11_REQUEST_FORWARDING);

4
channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */
/* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -271,7 +271,7 @@ int x11_connect_display(void);
int x11_create_display_inet(int, int, int, u_int *, int **);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *,
const char *);
const char *, int);
void deny_input_open(int, u_int32_t, void *);
/* agent forwarding */

110
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.231 2011/01/16 12:05:59 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -130,9 +130,6 @@ extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
*/
extern char *host;
/* Force TTY allocation */
extern int force_tty_flag;
/*
* Flag to indicate that we have received a window change signal which has
* not yet been processed. This will cause a message indicating the new
@ -179,7 +176,8 @@ struct escape_filter_ctx {
/* Context for channel confirmation replies */
struct channel_reply_ctx {
const char *request_type;
int id, do_close;
int id;
enum confirm_action action;
};
/* Global request success/failure callbacks */
@ -265,10 +263,10 @@ static void
set_control_persist_exit_time(void)
{
if (muxserver_sock == -1 || !options.control_persist
|| options.control_persist_timeout == 0)
|| options.control_persist_timeout == 0) {
/* not using a ControlPersist timeout */
control_persist_exit_time = 0;
else if (channel_still_open()) {
} else if (channel_still_open()) {
/* some client connections are still open */
if (control_persist_exit_time > 0)
debug2("%s: cancel scheduled exit", __func__);
@ -662,7 +660,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
atomicio(vwrite, fileno(stderr), buffer_ptr(berr),
buffer_len(berr));
leave_raw_mode(force_tty_flag);
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
/*
* Free (and clear) the buffer to reduce the amount of data that gets
@ -683,7 +681,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
buffer_init(bout);
buffer_init(berr);
enter_raw_mode(force_tty_flag);
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
}
static void
@ -742,6 +740,15 @@ client_status_confirm(int type, Channel *c, void *ctx)
char errmsg[256];
int tochan;
/*
* If a TTY was explicitly requested, then a failure to allocate
* one is fatal.
*/
if (cr->action == CONFIRM_TTY &&
(options.request_tty == REQUEST_TTY_FORCE ||
options.request_tty == REQUEST_TTY_YES))
cr->action = CONFIRM_CLOSE;
/* XXX supress on mux _client_ quietmode */
tochan = options.log_level >= SYSLOG_LEVEL_ERROR &&
c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE;
@ -759,14 +766,27 @@ client_status_confirm(int type, Channel *c, void *ctx)
cr->request_type, c->self);
}
/* If error occurred on primary session channel, then exit */
if (cr->do_close && c->self == session_ident)
if (cr->action == CONFIRM_CLOSE && c->self == session_ident)
fatal("%s", errmsg);
/* If error occurred on mux client, append to their stderr */
if (tochan)
buffer_append(&c->extended, errmsg, strlen(errmsg));
else
/*
* If error occurred on mux client, append to
* their stderr.
*/
if (tochan) {
buffer_append(&c->extended, errmsg,
strlen(errmsg));
} else
error("%s", errmsg);
if (cr->do_close) {
if (cr->action == CONFIRM_TTY) {
/*
* If a TTY allocation error occurred, then arrange
* for the correct TTY to leave raw mode.
*/
if (c->self == session_ident)
leave_raw_mode(0);
else
mux_tty_alloc_failed(c);
} else if (cr->action == CONFIRM_CLOSE) {
chan_read_failed(c);
chan_write_failed(c);
}
@ -780,13 +800,14 @@ client_abandon_status_confirm(Channel *c, void *ctx)
xfree(ctx);
}
static void
client_expect_confirm(int id, const char *request, int do_close)
void
client_expect_confirm(int id, const char *request,
enum confirm_action action)
{
struct channel_reply_ctx *cr = xmalloc(sizeof(*cr));
cr->request_type = request;
cr->do_close = do_close;
cr->action = action;
channel_register_status_confirm(id, client_status_confirm,
client_abandon_status_confirm, cr);
@ -826,7 +847,7 @@ process_cmdline(void)
bzero(&fwd, sizeof(fwd));
fwd.listen_host = fwd.connect_host = NULL;
leave_raw_mode(force_tty_flag);
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
handler = signal(SIGINT, SIG_IGN);
cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
if (s == NULL)
@ -930,7 +951,7 @@ process_cmdline(void)
out:
signal(SIGINT, handler);
enter_raw_mode(force_tty_flag);
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
if (cmd)
xfree(cmd);
if (fwd.listen_host != NULL)
@ -1049,7 +1070,8 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
* more new connections).
*/
/* Restore tty modes. */
leave_raw_mode(force_tty_flag);
leave_raw_mode(
options.request_tty == REQUEST_TTY_FORCE);
/* Stop listening for new connections. */
channel_stop_listening();
@ -1344,7 +1366,7 @@ client_channel_closed(int id, void *arg)
{
channel_cancel_cleanup(id);
session_closed = 1;
leave_raw_mode(force_tty_flag);
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
}
/*
@ -1415,18 +1437,21 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
signal(SIGWINCH, window_change_handler);
if (have_pty)
enter_raw_mode(force_tty_flag);
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
if (compat20) {
session_ident = ssh2_chan_id;
if (escape_char_arg != SSH_ESCAPECHAR_NONE)
channel_register_filter(session_ident,
client_simple_escape_filter, NULL,
client_filter_cleanup,
client_new_escape_filter_ctx(escape_char_arg));
if (session_ident != -1)
if (session_ident != -1) {
if (escape_char_arg != SSH_ESCAPECHAR_NONE) {
channel_register_filter(session_ident,
client_simple_escape_filter, NULL,
client_filter_cleanup,
client_new_escape_filter_ctx(
escape_char_arg));
}
channel_register_cleanup(session_ident,
client_channel_closed, 0);
}
} else {
/* Check if we should immediately send eof on stdin. */
client_check_initial_eof_on_stdin();
@ -1556,7 +1581,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
channel_free_all();
if (have_pty)
leave_raw_mode(force_tty_flag);
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
/* restore blocking io */
if (!isatty(fileno(stdin)))
@ -1982,7 +2007,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
memset(&ws, 0, sizeof(ws));
channel_request_start(id, "pty-req", 1);
client_expect_confirm(id, "PTY allocation", 1);
client_expect_confirm(id, "PTY allocation", CONFIRM_TTY);
packet_put_cstring(term != NULL ? term : "");
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_row);
@ -2041,18 +2066,18 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
debug("Sending subsystem: %.*s",
len, (u_char*)buffer_ptr(cmd));
channel_request_start(id, "subsystem", 1);
client_expect_confirm(id, "subsystem", 1);
client_expect_confirm(id, "subsystem", CONFIRM_CLOSE);
} else {
debug("Sending command: %.*s",
len, (u_char*)buffer_ptr(cmd));
channel_request_start(id, "exec", 1);
client_expect_confirm(id, "exec", 1);
client_expect_confirm(id, "exec", CONFIRM_CLOSE);
}
packet_put_string(buffer_ptr(cmd), buffer_len(cmd));
packet_send();
} else {
channel_request_start(id, "shell", 1);
client_expect_confirm(id, "shell", 1);
client_expect_confirm(id, "shell", CONFIRM_CLOSE);
packet_send();
}
}
@ -2122,11 +2147,26 @@ client_init_dispatch(void)
client_init_dispatch_15();
}
void
client_stop_mux(void)
{
if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
/*
* If we are in persist mode, signal that we should close when all
* active channels are closed.
*/
if (options.control_persist) {
session_closed = 1;
setproctitle("[stopped mux]");
}
}
/* client specific fatal cleanup */
void
cleanup_exit(int i)
{
leave_raw_mode(force_tty_flag);
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
leave_non_blocking();
if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);

10
clientloop.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.h,v 1.25 2010/06/25 23:15:36 djm Exp $ */
/* $OpenBSD: clientloop.h,v 1.28 2011/06/22 22:08:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -45,6 +45,7 @@ void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
int, Buffer *, char **);
int client_request_tun_fwd(int, int, int);
void client_stop_mux(void);
/* Escape filter for protocol 2 sessions */
void *client_new_escape_filter_ctx(int);
@ -55,6 +56,10 @@ int client_simple_escape_filter(Channel *, char *, int);
typedef void global_confirm_cb(int, u_int32_t seq, void *);
void client_register_global_confirm(global_confirm_cb *, void *);
/* Channel request confirmation callbacks */
enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY };
void client_expect_confirm(int, const char *, enum confirm_action);
/* Multiplexing protocol version */
#define SSHMUX_VER 4
@ -64,7 +69,10 @@ void client_register_global_confirm(global_confirm_cb *, void *);
#define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */
#define SSHMUX_COMMAND_STDIO_FWD 4 /* Open stdio fwd (ssh -W) */
#define SSHMUX_COMMAND_FORWARD 5 /* Forward only, no command */
#define SSHMUX_COMMAND_STOP 6 /* Disable mux but not conn */
void muxserver_listen(void);
void muxclient(const char *);
void mux_exit_message(Channel *, int);
void mux_tty_alloc_failed(Channel *);

21
config.guess vendored
View File

@ -1,10 +1,10 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
# Free Software Foundation, Inc.
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011 Free Software Foundation, Inc.
timestamp='2009-12-30'
timestamp='2011-01-23'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -57,7 +57,7 @@ GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
@ -270,7 +270,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
exit ;;
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
@ -552,7 +555,7 @@ EOF
echo rs6000-ibm-aix3.2
fi
exit ;;
*:AIX:*:[456])
*:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
@ -968,6 +971,9 @@ EOF
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
tile*:Linux:*:*)
echo ${UNAME_MACHINE}-tilera-linux-gnu
exit ;;
vax:Linux:*:*)
echo ${UNAME_MACHINE}-dec-linux-gnu
exit ;;
@ -1231,6 +1237,9 @@ EOF
*:QNX:*:4*)
echo i386-pc-qnx
exit ;;
NEO-?:NONSTOP_KERNEL:*:*)
echo neo-tandem-nsk${UNAME_RELEASE}
exit ;;
NSE-?:NONSTOP_KERNEL:*:*)
echo nse-tandem-nsk${UNAME_RELEASE}
exit ;;

50
config.h.in
View File

@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
*/
#undef AIX_GETNAMEINFO_HACK
@ -122,9 +125,6 @@
/* Enable for PKCS#11 support */
#undef ENABLE_PKCS11
/* Builtin PRNG command timeout */
#undef ENTROPY_TIMEOUT_MSEC
/* File names may not contain backslash characters */
#undef FILESYSTEM_NO_BACKSLASH
@ -750,6 +750,9 @@
/* Define to 1 if you have the `recvmsg' function. */
#undef HAVE_RECVMSG
/* sys/resource.h has RLIMIT_NPROC */
#undef HAVE_RLIMIT_NPROC
/* Define to 1 if you have the <rpc/types.h> header file. */
#undef HAVE_RPC_TYPES_H
@ -762,6 +765,12 @@
/* Define to 1 if you have the `RSA_get_default_method' function. */
#undef HAVE_RSA_GET_DEFAULT_METHOD
/* Define to 1 if you have the <sandbox.h> header file. */
#undef HAVE_SANDBOX_H
/* Define to 1 if you have the `sandbox_init' function. */
#undef HAVE_SANDBOX_INIT
/* define if you have sa_family_t data type */
#undef HAVE_SA_FAMILY_T
@ -948,13 +957,13 @@
/* define if you have struct sockaddr_in6 data type */
#undef HAVE_STRUCT_SOCKADDR_IN6
/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */
/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
/* define if you have struct sockaddr_storage data type */
#undef HAVE_STRUCT_SOCKADDR_STORAGE
/* Define to 1 if `st_blksize' is member of `struct stat'. */
/* Define to 1 if `st_blksize' is a member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_BLKSIZE
/* Define to 1 if the system has the type `struct timespec'. */
@ -1259,7 +1268,7 @@
from environment and PATH */
#undef LOGIN_PROGRAM_FALLBACK
/* Set this to your mail directory if you don't have maillock.h */
/* Set this to your mail directory if you do not have _PATH_MAILDIR */
#undef MAIL_DIRECTORY
/* Define on *nto-qnx systems */
@ -1307,6 +1316,9 @@
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
@ -1329,6 +1341,18 @@
/* read(1) can return 0 for a non-closed fd */
#undef PTY_ZEROREAD
/* Sandbox using Darwin sandbox_init(3) */
#undef SANDBOX_DARWIN
/* no privsep sandboxing */
#undef SANDBOX_NULL
/* Sandbox using setrlimit(2) */
#undef SANDBOX_RLIMIT
/* Sandbox using systrace(4) */
#undef SANDBOX_SYSTRACE
/* Define if your platform breaks doing a seteuid before a setuid */
#undef SETEUID_BREAKS_SETUID
@ -1460,9 +1484,17 @@
/* Define if you want SELinux support. */
#undef WITH_SELINUX
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
# undef WORDS_BIGENDIAN
# endif
#endif
/* Define if xauth is found in your path */
#undef XAUTH_PATH

67
config.sub vendored
View File

@ -1,10 +1,10 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
# Free Software Foundation, Inc.
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011 Free Software Foundation, Inc.
timestamp='2010-01-22'
timestamp='2011-01-01'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@ -124,8 +124,9 @@ esac
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
@ -282,6 +283,7 @@ case $basic_machine in
| moxie \
| mt \
| msp430 \
| nds32 | nds32le | nds32be \
| nios | nios2 \
| ns16k | ns32k \
| or32 \
@ -295,7 +297,7 @@ case $basic_machine in
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
| spu | strongarm \
| tahoe | thumb | tic4x | tic80 | tron \
| tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \
| v850 | v850e \
| we32k \
@ -303,6 +305,15 @@ case $basic_machine in
| z8k | z80)
basic_machine=$basic_machine-unknown
;;
c54x)
basic_machine=tic54x-unknown
;;
c55x)
basic_machine=tic55x-unknown
;;
c6x)
basic_machine=tic6x-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12 | picochip)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
@ -334,7 +345,7 @@ case $basic_machine in
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
@ -368,6 +379,7 @@ case $basic_machine in
| mmix-* \
| mt-* \
| msp430-* \
| nds32-* | nds32le-* | nds32be-* \
| nios-* | nios2-* \
| none-* | np1-* | ns16k-* | ns32k-* \
| orion-* \
@ -482,6 +494,15 @@ case $basic_machine in
basic_machine=powerpc-ibm
os=-cnk
;;
c54x-*)
basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
c55x-*)
basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
c6x-*)
basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
c90)
basic_machine=c90-cray
os=-unicos
@ -518,7 +539,7 @@ case $basic_machine in
basic_machine=craynv-cray
os=-unicosmp
;;
cr16)
cr16 | cr16-*)
basic_machine=cr16-unknown
os=-elf
;;
@ -841,6 +862,12 @@ case $basic_machine in
np1)
basic_machine=np1-gould
;;
neo-tandem)
basic_machine=neo-tandem
;;
nse-tandem)
basic_machine=nse-tandem
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
@ -1075,18 +1102,6 @@ case $basic_machine in
basic_machine=t90-cray
os=-unicos
;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
tic55x | c55x*)
basic_machine=tic55x-unknown
os=-coff
;;
tic6x | c6x*)
basic_machine=tic6x-unknown
os=-coff
;;
# This must be matched before tile*.
tilegx*)
basic_machine=tilegx-unknown
@ -1301,7 +1316,8 @@ case $os in
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
| -mingw32* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
@ -1484,6 +1500,15 @@ case $basic_machine in
c4x-* | tic4x-*)
os=-coff
;;
tic54x-*)
os=-coff
;;
tic55x-*)
os=-coff
;;
tic6x-*)
os=-coff
;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20

27572
configure vendored
View File

File diff suppressed because it is too large Load Diff

2874
configure.ac
View File

File diff suppressed because it is too large Load Diff

11
contrib/aix/buildbff.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
#
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
# $Id: buildbff.sh,v 1.12 2010/04/18 03:35:00 dtucker Exp $
# $Id: buildbff.sh,v 1.13 2011/05/05 03:48:41 djm Exp $
#
# Author: Darren Tucker (dtucker at zip dot com dot au)
# This file is placed in the public domain and comes with absolutely
@ -156,13 +156,6 @@ do
mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
done
# AIX 5.3 and newer have /dev/random and don't create ssh_prng_cmds
if [ -f $FAKE_ROOT/$sysconfdir/ssh_prng_cmds ]
then
mv $FAKE_ROOT/$sysconfdir/ssh_prng_cmds \
$FAKE_ROOT/$sysconfdir/ssh_prng_cmds.default
fi
#
# Generate lpp control files.
# working dir is $FAKE_ROOT but files are generated in dir above
@ -197,7 +190,7 @@ cat <<EOF >>../openssh.post_i
#!/bin/sh
echo Creating configs from defaults if necessary.
for cfgfile in ssh_config sshd_config ssh_prng_cmds
for cfgfile in ssh_config sshd_config
do
if [ ! -f $sysconfdir/\$cfgfile ]
then

4
contrib/caldera/openssh.spec
View File

@ -16,7 +16,7 @@
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
%define version 5.8p2
%define version 5.9p1
%if %{use_stable}
%define cvs %{nil}
%define release 1
@ -363,4 +363,4 @@ fi
* Mon Jan 01 1998 ...
Template Version: 1.31
$Id: openssh.spec,v 1.73.4.2 2011/05/03 00:04:23 djm Exp $
$Id: openssh.spec,v 1.75.2.1 2011/09/05 00:28:11 djm Exp $

24
contrib/redhat/openssh.spec
View File

@ -1,4 +1,4 @@
%define ver 5.8p2
%define ver 5.9p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
@ -84,24 +84,24 @@ Obsoletes: ssh
%if %{build6x}
PreReq: initscripts >= 5.00
%else
PreReq: initscripts >= 5.20
Requires: initscripts >= 5.20
%endif
BuildPreReq: perl, openssl-devel, tcp_wrappers
BuildPreReq: /bin/login
BuildRequires: perl, openssl-devel, tcp_wrappers
BuildRequires: /bin/login
%if ! %{build6x}
BuildPreReq: glibc-devel, pam
%else
BuildPreReq: /usr/include/security/pam_appl.h
BuildRequires: /usr/include/security/pam_appl.h
%endif
%if ! %{no_x11_askpass}
BuildPreReq: /usr/include/X11/Xlib.h
BuildRequires: /usr/include/X11/Xlib.h
%endif
%if ! %{no_gnome_askpass}
BuildPreReq: pkgconfig
BuildRequires: pkgconfig
%endif
%if %{kerberos5}
BuildPreReq: krb5-devel
BuildPreReq: krb5-libs
BuildRequires: krb5-devel
BuildRequires: krb5-libs
%endif
%package clients
@ -114,7 +114,7 @@ Obsoletes: ssh-clients
Summary: The OpenSSH server daemon.
Group: System Environment/Daemons
Obsoletes: ssh-server
PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
Requires: openssh = %{version}-%{release}, chkconfig >= 0.9
%if ! %{build6x}
Requires: /etc/pam.d/system-auth
%endif
@ -712,7 +712,7 @@ fi
it generates.
* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
- Add BuildRequires on /usr/include/security/pam_appl.h to be sure we always
build PAM authentication in.
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
- Clean out no-longer-used patches.
@ -721,7 +721,7 @@ fi
* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update x11-askpass to 1.0.2. (#17835)
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
- Add BuildRequiress for /bin/login and /usr/bin/rsh so that configure will
always find them in the right place. (#17909)
- Set the default path to be the same as the one supplied by /bin/login, but
add /usr/X11R6/bin. (#17909)

71
contrib/redhat/sshd.init
View File

@ -22,70 +22,9 @@ RETVAL=0
prog="sshd"
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
fi
success $"RSA1 key generation"
echo
else
failure $"RSA1 key generation"
echo
exit 1
fi
fi
}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
fi
success $"RSA key generation"
echo
else
failure $"RSA key generation"
echo
exit 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo -n $"Generating SSH2 DSA host key: "
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
fi
success $"DSA key generation"
echo
else
failure $"DSA key generation"
echo
exit 1
fi
fi
}
do_restart_sanity_check()
{
$SSHD -t
@ -99,9 +38,13 @@ do_restart_sanity_check()
start()
{
# Create keys if necessary
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
/usr/bin/ssh-keygen -A
if [ -x /sbin/restorecon ]; then
/sbin/restorecon /etc/ssh/ssh_host_key.pub
/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
/sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
/sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
fi
echo -n $"Starting $prog:"
$SSHD $OPTIONS && success || failure

2
contrib/ssh-copy-id
View File

@ -25,7 +25,7 @@ else
fi
if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
GET_ID="cat ${ID_FILE}"
GET_ID="cat \"${ID_FILE}\""
fi
if [ -z "`eval $GET_ID`" ]; then

18
contrib/suse/openssh.spec
View File

@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 5.8p2
Version: 5.9p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
@ -28,11 +28,12 @@ Provides: ssh
# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
# building prerequisites -- stuff for
# OpenSSL (openssl-devel),
# TCP Wrappers (nkitb),
# TCP Wrappers (tcpd-devel),
# and Gnome (glibdev, gtkdev, and gnlibsd)
#
BuildPrereq: openssl
BuildPrereq: nkitb
BuildPrereq: tcpd-devel
BuildPrereq: zlib-devel
#BuildPrereq: glibdev
#BuildPrereq: gtkdev
#BuildPrereq: gnlibsd
@ -177,15 +178,8 @@ rm -rf $RPM_BUILD_ROOT
/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :
%post
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
echo "Generating SSH RSA host key..."
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
echo "Generating SSH DSA host key..."
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
fi
%{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
/usr/bin/ssh-keygen -A
%{fillup_and_insserv -n -y ssh sshd}
%run_permissions
%verifyscript

16
contrib/suse/rc.sshd
View File

@ -43,20 +43,8 @@ rc_reset
case "$1" in
start)
if ! test -f /etc/ssh/ssh_host_key ; then
echo Generating /etc/ssh/ssh_host_key.
ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
fi
if ! test -f /etc/ssh/ssh_host_dsa_key ; then
echo Generating /etc/ssh/ssh_host_dsa_key.
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
fi
if ! test -f /etc/ssh/ssh_host_rsa_key ; then
echo Generating /etc/ssh/ssh_host_rsa_key.
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
fi
# Generate any missing host keys
ssh-keygen -A
echo -n "Starting SSH daemon"
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.

21
defines.h
View File

@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.165 2011/05/05 01:19:15 djm Exp $ */
/* $Id: defines.h,v 1.167 2011/06/03 01:17:49 tim Exp $ */
/* Constants */
@ -131,6 +131,10 @@ enum
# define O_NONBLOCK 00004 /* Non Blocking Open */
#endif
#ifndef S_IFSOCK
# define S_IFSOCK 0
#endif /* S_IFSOCK */
#ifndef S_ISDIR
# define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR))
#endif /* S_ISDIR */
@ -385,18 +389,15 @@ struct winsize {
# define _PATH_DEVNULL "/dev/null"
#endif
#ifndef MAIL_DIRECTORY
# define MAIL_DIRECTORY "/var/spool/mail"
#endif
/* user may have set a different path */
#if defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY)
# undef _PATH_MAILDIR MAILDIR
#endif /* defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) */
#ifndef MAILDIR
# define MAILDIR MAIL_DIRECTORY
#ifdef MAIL_DIRECTORY
# define _PATH_MAILDIR MAIL_DIRECTORY
#endif
#if !defined(_PATH_MAILDIR) && defined(MAILDIR)
# define _PATH_MAILDIR MAILDIR
#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
#ifndef _PATH_NOLOGIN
# define _PATH_NOLOGIN "/etc/nologin"
#endif

235
entropy.c
View File

@ -25,19 +25,19 @@
#include "includes.h"
#include <sys/types.h>
#include <sys/wait.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#include <sys/socket.h>
#ifdef HAVE_SYS_UN_H
# include <sys/un.h>
#endif
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif
#include <stdarg.h>
#include <string.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <stddef.h> /* for offsetof */
#include <openssl/rand.h>
#include <openssl/crypto.h>
@ -54,119 +54,128 @@
/*
* Portable OpenSSH PRNG seeding:
* If OpenSSL has not "internally seeded" itself (e.g. pulled data from
* /dev/random), then we execute a "ssh-rand-helper" program which
* collects entropy and writes it to stdout. The child program must
* write at least RANDOM_SEED_SIZE bytes. The child is run with stderr
* attached, so error/debugging output should be visible.
*
* XXX: we should tell the child how many bytes we need.
* /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from
* PRNGd.
*/
#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
static uid_t original_uid, original_euid;
#endif
void
seed_rng(void)
/*
* Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
* listening either on 'tcp_port', or via Unix domain socket at *
* 'socket_path'.
* Either a non-zero tcp_port or a non-null socket_path must be
* supplied.
* Returns 0 on success, -1 on error
*/
int
get_random_bytes_prngd(unsigned char *buf, int len,
unsigned short tcp_port, char *socket_path)
{
#ifndef OPENSSL_PRNG_ONLY
int devnull;
int p[2];
pid_t pid;
int ret;
unsigned char buf[RANDOM_SEED_SIZE];
mysig_t old_sigchld;
int fd, addr_len, rval, errors;
u_char msg[2];
struct sockaddr_storage addr;
struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
mysig_t old_sigpipe;
if (RAND_status() == 1) {
debug3("RNG is ready, skipping seeding");
return;
/* Sanity checks */
if (socket_path == NULL && tcp_port == 0)
fatal("You must specify a port or a socket");
if (socket_path != NULL &&
strlen(socket_path) >= sizeof(addr_un->sun_path))
fatal("Random pool path is too long");
if (len <= 0 || len > 255)
fatal("Too many bytes (%d) to read from PRNGD", len);
memset(&addr, '\0', sizeof(addr));
if (tcp_port != 0) {
addr_in->sin_family = AF_INET;
addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
addr_in->sin_port = htons(tcp_port);
addr_len = sizeof(*addr_in);
} else {
addr_un->sun_family = AF_UNIX;
strlcpy(addr_un->sun_path, socket_path,
sizeof(addr_un->sun_path));
addr_len = offsetof(struct sockaddr_un, sun_path) +
strlen(socket_path) + 1;
}
debug3("Seeding PRNG from %s", SSH_RAND_HELPER);
old_sigpipe = mysignal(SIGPIPE, SIG_IGN);
if ((devnull = open("/dev/null", O_RDWR)) == -1)
fatal("Couldn't open /dev/null: %s", strerror(errno));
if (pipe(p) == -1)
fatal("pipe: %s", strerror(errno));
errors = 0;
rval = -1;
reopen:
fd = socket(addr.ss_family, SOCK_STREAM, 0);
if (fd == -1) {
error("Couldn't create socket: %s", strerror(errno));
goto done;
}
old_sigchld = signal(SIGCHLD, SIG_DFL);
if ((pid = fork()) == -1)
fatal("Couldn't fork: %s", strerror(errno));
if (pid == 0) {
dup2(devnull, STDIN_FILENO);
dup2(p[1], STDOUT_FILENO);
/* Keep stderr open for errors */
close(p[0]);
close(p[1]);
close(devnull);
closefrom(STDERR_FILENO + 1);
if (original_uid != original_euid &&
( seteuid(getuid()) == -1 ||
setuid(original_uid) == -1) ) {
fprintf(stderr, "(rand child) setuid(%li): %s\n",
(long int)original_uid, strerror(errno));
_exit(1);
if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
if (tcp_port != 0) {
error("Couldn't connect to PRNGD port %d: %s",
tcp_port, strerror(errno));
} else {
error("Couldn't connect to PRNGD socket \"%s\": %s",
addr_un->sun_path, strerror(errno));
}
execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL);
fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n",
SSH_RAND_HELPER, strerror(errno));
_exit(1);
goto done;
}
close(devnull);
close(p[1]);
/* Send blocking read request to PRNGD */
msg[0] = 0x02;
msg[1] = len;
memset(buf, '\0', sizeof(buf));
ret = atomicio(read, p[0], buf, sizeof(buf));
if (ret == -1)
fatal("Couldn't read from ssh-rand-helper: %s",
if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
if (errno == EPIPE && errors < 10) {
close(fd);
errors++;
goto reopen;
}
error("Couldn't write to PRNGD socket: %s",
strerror(errno));
if (ret != sizeof(buf))
fatal("ssh-rand-helper child produced insufficient data");
goto done;
}
close(p[0]);
if (waitpid(pid, &ret, 0) == -1)
fatal("Couldn't wait for ssh-rand-helper completion: %s",
if (atomicio(read, fd, buf, len) != (size_t)len) {
if (errno == EPIPE && errors < 10) {
close(fd);
errors++;
goto reopen;
}
error("Couldn't read from PRNGD socket: %s",
strerror(errno));
signal(SIGCHLD, old_sigchld);
goto done;
}
/* We don't mind if the child exits upon a SIGPIPE */
if (!WIFEXITED(ret) &&
(!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE))
fatal("ssh-rand-helper terminated abnormally");
if (WEXITSTATUS(ret) != 0)
fatal("ssh-rand-helper exit with exit status %d", ret);
RAND_add(buf, sizeof(buf), sizeof(buf));
memset(buf, '\0', sizeof(buf));
#endif /* OPENSSL_PRNG_ONLY */
if (RAND_status() != 1)
fatal("PRNG is not seeded");
rval = 0;
done:
mysignal(SIGPIPE, old_sigpipe);
if (fd != -1)
close(fd);
return rval;
}
void
init_rng(void)
static int
seed_from_prngd(unsigned char *buf, size_t bytes)
{
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch)
*/
if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
#ifndef OPENSSL_PRNG_ONLY
original_uid = getuid();
original_euid = geteuid();
#ifdef PRNGD_PORT
debug("trying egd/prngd port %d", PRNGD_PORT);
if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
return 0;
#endif
#ifdef PRNGD_SOCKET
debug("trying egd/prngd socket %s", PRNGD_SOCKET);
if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
return 0;
#endif
return -1;
}
#ifndef OPENSSL_PRNG_ONLY
void
rexec_send_rng_seed(Buffer *m)
{
@ -192,4 +201,34 @@ rexec_recv_rng_seed(Buffer *m)
RAND_add(buf, len, len);
}
}
#endif /* OPENSSL_PRNG_ONLY */
void
seed_rng(void)
{
#ifndef OPENSSL_PRNG_ONLY
unsigned char buf[RANDOM_SEED_SIZE];
#endif
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch)
*/
if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
#ifndef OPENSSL_PRNG_ONLY
if (RAND_status() == 1) {
debug3("RNG is ready, skipping seeding");
return;
}
if (seed_from_prngd(buf, sizeof(buf)) == -1)
fatal("Could not obtain seed from PRNGd");
RAND_add(buf, sizeof(buf), sizeof(buf));
memset(buf, '\0', sizeof(buf));
#endif /* OPENSSL_PRNG_ONLY */
if (RAND_status() != 1)
fatal("PRNG is not seeded");
}

4
gss-serv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -229,6 +229,8 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
name->length = get_u32(tok+offset);
offset += 4;
if (UINT_MAX - offset < name->length)
return GSS_S_FAILURE;
if (ename->length < offset+name->length)
return GSS_S_FAILURE;

5
key.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
/* $OpenBSD: key.c,v 1.97 2011/05/17 07:13:31 djm Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1817,6 +1817,9 @@ key_to_certified(Key *k, int legacy)
k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT;
return 0;
case KEY_ECDSA:
if (legacy)
fatal("%s: legacy ECDSA certificates are not supported",
__func__);
k->cert = cert_new();
k->type = KEY_ECDSA_CERT;
return 0;

35
log.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */
/* $OpenBSD: log.c,v 1.42 2011/06/17 21:44:30 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -56,6 +56,8 @@ static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 1;
static int log_facility = LOG_AUTH;
static char *argv0;
static log_handler_fn *log_handler;
static void *log_handler_ctx;
extern char *__progname;
@ -260,6 +262,9 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
exit(1);
}
log_handler = NULL;
log_handler_ctx = NULL;
log_on_stderr = on_stderr;
if (on_stderr)
return;
@ -326,6 +331,23 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
#define MSGBUFSIZ 1024
void
set_log_handler(log_handler_fn *handler, void *ctx)
{
log_handler = handler;
log_handler_ctx = ctx;
}
void
do_log2(LogLevel level, const char *fmt,...)
{
va_list args;
va_start(args, fmt);
do_log(level, fmt, args);
va_end(args);
}
void
do_log(LogLevel level, const char *fmt, va_list args)
{
@ -337,6 +359,7 @@ do_log(LogLevel level, const char *fmt, va_list args)
char *txt = NULL;
int pri = LOG_INFO;
int saved_errno = errno;
log_handler_fn *tmp_handler;
if (level > log_level)
return;
@ -375,7 +398,7 @@ do_log(LogLevel level, const char *fmt, va_list args)
pri = LOG_ERR;
break;
}
if (txt != NULL) {
if (txt != NULL && log_handler == NULL) {
snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt);
vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
} else {
@ -383,7 +406,13 @@ do_log(LogLevel level, const char *fmt, va_list args)
}
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
if (log_on_stderr) {
if (log_handler != NULL) {
/* Avoid recursion */
tmp_handler = log_handler;
log_handler = NULL;
tmp_handler(level, fmtbuf, log_handler_ctx);
log_handler = tmp_handler;
} else if (log_on_stderr) {
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
} else {

8
log.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: log.h,v 1.17 2008/06/13 00:12:02 dtucker Exp $ */
/* $OpenBSD: log.h,v 1.18 2011/06/17 21:44:30 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -46,6 +46,8 @@ typedef enum {
SYSLOG_LEVEL_NOT_SET = -1
} LogLevel;
typedef void (log_handler_fn)(LogLevel, const char *, void *);
void log_init(char *, LogLevel, SyslogFacility, int);
SyslogFacility log_facility_number(char *);
@ -64,6 +66,10 @@ void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
void set_log_handler(log_handler_fn *, void *);
void do_log2(LogLevel, const char *, ...)
__attribute__((format(printf, 2, 3)));
void do_log(LogLevel, const char *, va_list);
void cleanup_exit(int) __attribute__((noreturn));
#endif

8
mac.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mac.c,v 1.15 2008/06/13 00:51:47 dtucker Exp $ */
/* $OpenBSD: mac.c,v 1.16 2011/08/02 01:22:11 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -57,6 +57,12 @@ struct {
} macs[] = {
{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 },
{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 },
#ifdef HAVE_EVP_SHA256
{ "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 },
{ "hmac-sha2-256-96", SSH_EVP, EVP_sha256, 96, -1, -1 },
{ "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 },
{ "hmac-sha2-512-96", SSH_EVP, EVP_sha512, 96, -1, -1 },
#endif
{ "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 },
{ "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 },
{ "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 },

15
misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.84 2010/11/21 01:01:13 djm Exp $ */
/* $OpenBSD: misc.c,v 1.85 2011/03/29 18:54:17 stevesk Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -985,6 +985,19 @@ parse_ipqos(const char *cp)
return val;
}
const char *
iptos2str(int iptos)
{
int i;
static char iptos_str[sizeof "0xff"];
for (i = 0; ipqos[i].name != NULL; i++) {
if (ipqos[i].value == iptos)
return ipqos[i].name;
}
snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos);
return iptos_str;
}
void
sock_set_v6only(int s)
{

3
misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.47 2010/11/21 01:01:13 djm Exp $ */
/* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -89,6 +89,7 @@ void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t);
void bandwidth_limit(struct bwlimit *, size_t);
int parse_ipqos(const char *);
const char *iptos2str(int);
void mktemp_proto(char *, size_t);
/* readpass.c */

30
moduli.0
View File

@ -1,7 +1,7 @@
MODULI(5) OpenBSD Programmer's Manual MODULI(5)
NAME
moduli - Diffie Hellman moduli
moduli - Diffie-Hellman moduli
DESCRIPTION
The /etc/moduli file contains prime numbers and generators for use by
@ -10,12 +10,12 @@ DESCRIPTION
New moduli may be generated with ssh-keygen(1) using a two-step process.
An initial candidate generation pass, using ssh-keygen -G, calculates
numbers that are likely to be useful. A second primality testing pass,
using ssh-keygen -T provides a high degree of assurance that the numbers
are prime and are safe for use in Diffie Hellman operations by sshd(8).
using ssh-keygen -T, provides a high degree of assurance that the numbers
are prime and are safe for use in Diffie-Hellman operations by sshd(8).
This moduli format is used as the output from each pass.
The file consists of newline-separated records, one per modulus,
containing seven space separated fields. These fields are as follows:
containing seven space-separated fields. These fields are as follows:
timestamp The time that the modulus was last processed as
YYYYMMDDHHMMSS.
@ -23,12 +23,12 @@ DESCRIPTION
type Decimal number specifying the internal structure of
the prime modulus. Supported types are:
0 Unknown, not tested
0 Unknown, not tested.
2 "Safe" prime; (p-1)/2 is also prime.
4 Sophie Germain; (p+1)*2 is also prime.
Moduli candidates initially produced by ssh-keygen(1)
are Sophie Germain primes (type 4). Futher primality
are Sophie Germain primes (type 4). Further primality
testing with ssh-keygen(1) produces safe prime moduli
(type 2) that are ready for use in sshd(8). Other
types are not used by OpenSSH.
@ -37,18 +37,18 @@ DESCRIPTION
that the number has been subjected to represented as a
bitmask of the following values:
0x00 Not tested
0x00 Not tested.
0x01 Composite number - not prime.
0x02 Sieve of Eratosthenes
0x04 Probabalistic Miller-Rabin primality tests.
0x02 Sieve of Eratosthenes.
0x04 Probabilistic Miller-Rabin primality tests.
The ssh-keygen(1) moduli candidate generation uses the
Sieve of Eratosthenes (flag 0x02). Subsequent
ssh-keygen(1) primality tests are Miller-Rabin tests
(flag 0x04).
trials Decimal number indicating of primaility trials that
have been performed on the modulus.
trials Decimal number indicating the number of primality
trials that have been performed on the modulus.
size Decimal number indicating the size of the prime in
bits.
@ -58,15 +58,15 @@ DESCRIPTION
modulus The modulus itself in hexadecimal.
When performing Diffie Hellman Group Exchange, sshd(8) first estimates
the size of the modulus required to produce enough Diffie Hellman output
When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
the size of the modulus required to produce enough Diffie-Hellman output
to sufficiently key the selected symmetric cipher. sshd(8) then randomly
selects a modulus from /etc/moduli that best meets the size requirement.
SEE ALSO
ssh-keygen(1), sshd(8),
ssh-keygen(1), sshd(8)
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
Protocol, RFC 4419, 2006.
OpenBSD 4.9 June 26, 2008 OpenBSD 4.9
OpenBSD 5.0 October 14, 2010 OpenBSD 5.0

40
moduli.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $
.\" $OpenBSD: moduli.5,v 1.15 2010/10/14 20:41:28 jmc Exp $
.\"
.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org>
.\"
@ -13,16 +13,16 @@
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: June 26 2008 $
.Dd $Mdocdate: October 14 2010 $
.Dt MODULI 5
.Os
.Sh NAME
.Nm moduli
.Nd Diffie Hellman moduli
.Nd Diffie-Hellman moduli
.Sh DESCRIPTION
The
.Pa /etc/moduli
file contains prime numbers and generators for use by
file contains prime numbers and generators for use by
.Xr sshd 8
in the Diffie-Hellman Group Exchange key exchange method.
.Pp
@ -31,24 +31,23 @@ New moduli may be generated with
using a two-step process.
An initial
.Em candidate generation
pass, using
pass, using
.Ic ssh-keygen -G ,
calculates numbers that are likely to be useful.
A second
.Em primality testing
pass, using
.Ic ssh-keygen -T
.Ic ssh-keygen -T ,
provides a high degree of assurance that the numbers are prime and are
safe for use in Diffie Hellman operations by
safe for use in Diffie-Hellman operations by
.Xr sshd 8 .
This
.Nm
format is used as the output from each pass.
.Pp
The file consists of newline-separated records, one per modulus,
containing seven space separated fields.
containing seven space-separated fields.
These fields are as follows:
.Pp
.Bl -tag -width Description -offset indent
.It timestamp
The time that the modulus was last processed as YYYYMMDDHHMMSS.
@ -58,7 +57,7 @@ Supported types are:
.Pp
.Bl -tag -width 0x00 -compact
.It 0
Unknown, not tested
Unknown, not tested.
.It 2
"Safe" prime; (p-1)/2 is also prime.
.It 4
@ -68,7 +67,7 @@ Sophie Germain; (p+1)*2 is also prime.
Moduli candidates initially produced by
.Xr ssh-keygen 1
are Sophie Germain primes (type 4).
Futher primality testing with
Further primality testing with
.Xr ssh-keygen 1
produces safe prime moduli (type 2) that are ready for use in
.Xr sshd 8 .
@ -79,13 +78,13 @@ has been subjected to represented as a bitmask of the following values:
.Pp
.Bl -tag -width 0x00 -compact
.It 0x00
Not tested
Not tested.
.It 0x01
Composite number - not prime.
Composite number \(en not prime.
.It 0x02
Sieve of Eratosthenes
Sieve of Eratosthenes.
.It 0x04
Probabalistic Miller-Rabin primality tests.
Probabilistic Miller-Rabin primality tests.
.El
.Pp
The
@ -95,8 +94,8 @@ Subsequent
.Xr ssh-keygen 1
primality tests are Miller-Rabin tests (flag 0x04).
.It trials
Decimal number indicating of primaility trials that have been performed
on the modulus.
Decimal number indicating the number of primality trials
that have been performed on the modulus.
.It size
Decimal number indicating the size of the prime in bits.
.It generator
@ -105,18 +104,17 @@ The recommended generator for use with this modulus (hexadecimal).
The modulus itself in hexadecimal.
.El
.Pp
When performing Diffie Hellman Group Exchange,
When performing Diffie-Hellman Group Exchange,
.Xr sshd 8
first estimates the size of the modulus required to produce enough
Diffie Hellman output to sufficiently key the selected symmetric cipher.
Diffie-Hellman output to sufficiently key the selected symmetric cipher.
.Xr sshd 8
then randomly selects a modulus from
.Fa /etc/moduli
that best meets the size requirement.
.Pp
.Sh SEE ALSO
.Xr ssh-keygen 1 ,
.Xr sshd 8 ,
.Xr sshd 8
.Rs
.%R RFC 4419
.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"

156
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.110 2010/09/09 10:45:45 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.115 2011/06/23 23:35:42 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -44,6 +44,13 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_POLL_H
#include <poll.h>
#else
# ifdef HAVE_SYS_POLL_H
# include <sys/poll.h>
# endif
#endif
#ifdef SKEY
#include <skey.h>
@ -52,6 +59,7 @@
#include <openssl/dh.h>
#include "openbsd-compat/sys-queue.h"
#include "atomicio.h"
#include "xmalloc.h"
#include "ssh.h"
#include "key.h"
@ -179,6 +187,8 @@ int mm_answer_audit_event(int, Buffer *);
int mm_answer_audit_command(int, Buffer *);
#endif
static int monitor_read_log(struct monitor *);
static Authctxt *authctxt;
static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
@ -346,6 +356,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
debug3("preauth child monitor started");
close(pmonitor->m_recvfd);
close(pmonitor->m_log_sendfd);
pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
authctxt = _authctxt;
memset(authctxt, 0, sizeof(*authctxt));
@ -405,6 +419,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
#endif
}
/* Drain any buffered messages from the child */
while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
;
if (!authctxt->valid)
fatal("%s: authenticated invalid user", __func__);
if (strcmp(auth_method, "unknown") == 0)
@ -414,6 +432,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
__func__, authctxt->user);
mm_get_keystate(pmonitor);
close(pmonitor->m_sendfd);
close(pmonitor->m_log_recvfd);
pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
}
static void
@ -431,6 +453,9 @@ monitor_child_handler(int sig)
void
monitor_child_postauth(struct monitor *pmonitor)
{
close(pmonitor->m_recvfd);
pmonitor->m_recvfd = -1;
monitor_set_child_handler(pmonitor->m_pid);
signal(SIGHUP, &monitor_child_handler);
signal(SIGTERM, &monitor_child_handler);
@ -454,6 +479,9 @@ monitor_child_postauth(struct monitor *pmonitor)
for (;;)
monitor_read(pmonitor, mon_dispatch, NULL);
close(pmonitor->m_sendfd);
pmonitor->m_sendfd = -1;
}
void
@ -465,6 +493,52 @@ monitor_sync(struct monitor *pmonitor)
}
}
static int
monitor_read_log(struct monitor *pmonitor)
{
Buffer logmsg;
u_int len, level;
char *msg;
buffer_init(&logmsg);
/* Read length */
buffer_append_space(&logmsg, 4);
if (atomicio(read, pmonitor->m_log_recvfd,
buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
if (errno == EPIPE) {
debug("%s: child log fd closed", __func__);
close(pmonitor->m_log_recvfd);
pmonitor->m_log_recvfd = -1;
return -1;
}
fatal("%s: log fd read: %s", __func__, strerror(errno));
}
len = buffer_get_int(&logmsg);
if (len <= 4 || len > 8192)
fatal("%s: invalid log message length %u", __func__, len);
/* Read severity, message */
buffer_clear(&logmsg);
buffer_append_space(&logmsg, len);
if (atomicio(read, pmonitor->m_log_recvfd,
buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
fatal("%s: log fd read: %s", __func__, strerror(errno));
/* Log it */
level = buffer_get_int(&logmsg);
msg = buffer_get_string(&logmsg, NULL);
if (log_level_name(level) == NULL)
fatal("%s: invalid log level %u (corrupted message?)",
__func__, level);
do_log2(level, "%s [preauth]", msg);
buffer_free(&logmsg);
xfree(msg);
return 0;
}
int
monitor_read(struct monitor *pmonitor, struct mon_table *ent,
struct mon_table **pent)
@ -472,6 +546,30 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent,
Buffer m;
int ret;
u_char type;
struct pollfd pfd[2];
for (;;) {
bzero(&pfd, sizeof(pfd));
pfd[0].fd = pmonitor->m_sendfd;
pfd[0].events = POLLIN;
pfd[1].fd = pmonitor->m_log_recvfd;
pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
if (errno == EINTR || errno == EAGAIN)
continue;
fatal("%s: poll: %s", __func__, strerror(errno));
}
if (pfd[1].revents) {
/*
* Drain all log messages before processing next
* monitor request.
*/
monitor_read_log(pmonitor);
continue;
}
if (pfd[0].revents)
break; /* Continues below */
}
buffer_init(&m);
@ -632,6 +730,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
char *username;
struct passwd *pwent;
int allowed = 0;
u_int i;
debug3("%s", __func__);
@ -671,8 +770,20 @@ mm_answer_pwnamallow(int sock, Buffer *m)
out:
buffer_put_string(m, &options, sizeof(options));
if (options.banner != NULL)
buffer_put_cstring(m, options.banner);
#define M_CP_STROPT(x) do { \
if (options.x != NULL) \
buffer_put_cstring(m, options.x); \
} while (0)
#define M_CP_STRARRAYOPT(x, nx) do { \
for (i = 0; i < options.nx; i++) \
buffer_put_cstring(m, options.x[i]); \
} while (0)
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
#undef M_CP_STROPT
#undef M_CP_STRARRAYOPT
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
mm_request_send(sock, MONITOR_ANS_PWNAM, m);
@ -684,7 +795,6 @@ mm_answer_pwnamallow(int sock, Buffer *m)
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
}
#ifdef USE_PAM
if (options.use_pam)
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
@ -1834,22 +1944,31 @@ mm_init_compression(struct mm_master *mm)
/* XXX */
#define FD_CLOSEONEXEC(x) do { \
if (fcntl(x, F_SETFD, 1) == -1) \
if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
fatal("fcntl(%d, F_SETFD)", x); \
} while (0)
static void
monitor_socketpair(int *pair)
monitor_openfds(struct monitor *mon, int do_logfds)
{
#ifdef HAVE_SOCKETPAIR
int pair[2];
if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
fatal("%s: socketpair", __func__);
#else
fatal("%s: UsePrivilegeSeparation=yes not supported",
__func__);
#endif
fatal("%s: socketpair: %s", __func__, strerror(errno));
FD_CLOSEONEXEC(pair[0]);
FD_CLOSEONEXEC(pair[1]);
mon->m_recvfd = pair[0];
mon->m_sendfd = pair[1];
if (do_logfds) {
if (pipe(pair) == -1)
fatal("%s: pipe: %s", __func__, strerror(errno));
FD_CLOSEONEXEC(pair[0]);
FD_CLOSEONEXEC(pair[1]);
mon->m_log_recvfd = pair[0];
mon->m_log_sendfd = pair[1];
} else
mon->m_log_recvfd = mon->m_log_sendfd = -1;
}
#define MM_MEMSIZE 65536
@ -1858,14 +1977,10 @@ struct monitor *
monitor_init(void)
{
struct monitor *mon;
int pair[2];
mon = xcalloc(1, sizeof(*mon));
monitor_socketpair(pair);
mon->m_recvfd = pair[0];
mon->m_sendfd = pair[1];
monitor_openfds(mon, 1);
/* Used to share zlib space across processes */
if (options.compression) {
@ -1882,12 +1997,7 @@ monitor_init(void)
void
monitor_reinit(struct monitor *mon)
{
int pair[2];
monitor_socketpair(pair);
mon->m_recvfd = pair[0];
mon->m_sendfd = pair[1];
monitor_openfds(mon, 0);
}
#ifdef GSSAPI

4
monitor.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.h,v 1.15 2008/11/04 08:22:13 djm Exp $ */
/* $OpenBSD: monitor.h,v 1.16 2011/06/17 21:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -72,6 +72,8 @@ struct mm_master;
struct monitor {
int m_recvfd;
int m_sendfd;
int m_log_recvfd;
int m_log_sendfd;
struct mm_master *m_zback;
struct mm_master *m_zlib;
struct Kex **m_pkex;

46
monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.70 2010/08/31 11:54:45 djm Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.73 2011/06/17 21:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -88,6 +88,32 @@ extern struct monitor *pmonitor;
extern Buffer loginmsg;
extern ServerOptions options;
void
mm_log_handler(LogLevel level, const char *msg, void *ctx)
{
Buffer log_msg;
struct monitor *mon = (struct monitor *)ctx;
if (mon->m_log_sendfd == -1)
fatal("%s: no log channel", __func__);
buffer_init(&log_msg);
/*
* Placeholder for packet length. Will be filled in with the actual
* packet length once the packet has been constucted. This saves
* fragile math.
*/
buffer_put_int(&log_msg, 0);
buffer_put_int(&log_msg, level);
buffer_put_cstring(&log_msg, msg);
put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4);
if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg),
buffer_len(&log_msg)) != buffer_len(&log_msg))
fatal("%s: write: %s", __func__, strerror(errno));
buffer_free(&log_msg);
}
int
mm_is_monitor(void)
{
@ -211,7 +237,7 @@ mm_getpwnamallow(const char *username)
{
Buffer m;
struct passwd *pw;
u_int len;
u_int len, i;
ServerOptions *newopts;
debug3("%s entering", __func__);
@ -245,8 +271,20 @@ mm_getpwnamallow(const char *username)
newopts = buffer_get_string(&m, &len);
if (len != sizeof(*newopts))
fatal("%s: option block size mismatch", __func__);
if (newopts->banner != NULL)
newopts->banner = buffer_get_string(&m, NULL);
#define M_CP_STROPT(x) do { \
if (newopts->x != NULL) \
newopts->x = buffer_get_string(&m, NULL); \
} while (0)
#define M_CP_STRARRAYOPT(x, nx) do { \
for (i = 0; i < newopts->nx; i++) \
newopts->x[i] = buffer_get_string(&m, NULL); \
} while (0)
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
#undef M_CP_STROPT
#undef M_CP_STRARRAYOPT
copy_set_server_options(&options, newopts, 1);
xfree(newopts);

3
monitor_wrap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.h,v 1.22 2009/03/05 07:18:19 djm Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.23 2011/06/17 21:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -37,6 +37,7 @@ struct monitor;
struct mm_master;
struct Authctxt;
void mm_log_handler(LogLevel, const char *, void *);
int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);

167
mux.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mux.c,v 1.24 2011/01/13 21:54:53 djm Exp $ */
/* $OpenBSD: mux.c,v 1.29 2011/06/22 22:08:42 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@ -87,7 +87,6 @@
/* from ssh.c */
extern int tty_flag;
extern int force_tty_flag;
extern Options options;
extern int stdin_null_flag;
extern char *host;
@ -146,6 +145,7 @@ struct mux_master_state {
#define MUX_C_OPEN_FWD 0x10000006
#define MUX_C_CLOSE_FWD 0x10000007
#define MUX_C_NEW_STDIO_FWD 0x10000008
#define MUX_C_STOP_LISTENING 0x10000009
#define MUX_S_OK 0x80000001
#define MUX_S_PERMISSION_DENIED 0x80000002
#define MUX_S_FAILURE 0x80000003
@ -153,6 +153,7 @@ struct mux_master_state {
#define MUX_S_ALIVE 0x80000005
#define MUX_S_SESSION_OPENED 0x80000006
#define MUX_S_REMOTE_PORT 0x80000007
#define MUX_S_TTY_ALLOC_FAIL 0x80000008
/* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
#define MUX_FWD_LOCAL 1
@ -168,6 +169,7 @@ static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *);
static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
static int process_mux_stop_listening(u_int, Channel *, Buffer *, Buffer *);
static const struct {
u_int type;
@ -180,6 +182,7 @@ static const struct {
{ MUX_C_OPEN_FWD, process_mux_open_fwd },
{ MUX_C_CLOSE_FWD, process_mux_close_fwd },
{ MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
{ MUX_C_STOP_LISTENING, process_mux_stop_listening },
{ 0, NULL }
};
@ -915,6 +918,39 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
return 0;
}
static int
process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r)
{
debug("%s: channel %d: stop listening", __func__, c->self);
if (options.control_master == SSHCTL_MASTER_ASK ||
options.control_master == SSHCTL_MASTER_AUTO_ASK) {
if (!ask_permission("Disable further multiplexing on shared "
"connection to %s? ", host)) {
debug2("%s: stop listen refused by user", __func__);
buffer_put_int(r, MUX_S_PERMISSION_DENIED);
buffer_put_int(r, rid);
buffer_put_cstring(r, "Permission denied");
return 0;
}
}
if (mux_listener_channel != NULL) {
channel_free(mux_listener_channel);
client_stop_mux();
xfree(options.control_path);
options.control_path = NULL;
mux_listener_channel = NULL;
muxserver_sock = -1;
}
/* prepare reply */
buffer_put_int(r, MUX_S_OK);
buffer_put_int(r, rid);
return 0;
}
/* Channel callbacks fired on read/write from mux slave fd */
static int
mux_master_read_cb(Channel *c)
@ -1019,6 +1055,27 @@ mux_exit_message(Channel *c, int exitval)
buffer_free(&m);
}
void
mux_tty_alloc_failed(Channel *c)
{
Buffer m;
Channel *mux_chan;
debug3("%s: channel %d: TTY alloc failed", __func__, c->self);
if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
fatal("%s: channel %d missing mux channel %d",
__func__, c->self, c->ctl_chan);
/* Append exit message packet to control socket output queue */
buffer_init(&m);
buffer_put_int(&m, MUX_S_TTY_ALLOC_FAIL);
buffer_put_int(&m, c->self);
buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
buffer_free(&m);
}
/* Prepare a mux master to listen on a Unix domain socket. */
void
muxserver_listen(void)
@ -1059,21 +1116,25 @@ muxserver_listen(void)
strlen(options.control_path) + 1;
if (strlcpy(addr.sun_path, options.control_path,
sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
fatal("ControlPath too long");
sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) {
error("ControlPath \"%s\" too long for Unix domain socket",
options.control_path);
goto disable_mux_master;
}
if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
fatal("%s socket(): %s", __func__, strerror(errno));
old_umask = umask(0177);
if (bind(muxserver_sock, (struct sockaddr *)&addr, sun_len) == -1) {
muxserver_sock = -1;
if (errno == EINVAL || errno == EADDRINUSE) {
error("ControlSocket %s already exists, "
"disabling multiplexing", options.control_path);
disable_mux_master:
close(muxserver_sock);
muxserver_sock = -1;
if (muxserver_sock != -1) {
close(muxserver_sock);
muxserver_sock = -1;
}
xfree(options.control_path);
options.control_path = NULL;
options.control_master = SSHCTL_MASTER_NO;
@ -1153,8 +1214,10 @@ mux_session_confirm(int id, int success, void *arg)
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
x11_request_forwarding_with_spoofing(id, display, proto, data);
/* XXX wait for reply */
x11_request_forwarding_with_spoofing(id, display, proto,
data, 1);
client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
/* XXX exit_on_forward_failure */
}
if (cctx->want_agent_fwd && options.forward_agent) {
@ -1573,7 +1636,7 @@ mux_client_request_session(int fd)
char *e, *term;
u_int i, rid, sid, esid, exitval, type, exitval_seen;
extern char **environ;
int devnull;
int devnull, rawmode;
debug3("%s: entering", __func__);
@ -1669,8 +1732,9 @@ mux_client_request_session(int fd)
signal(SIGTERM, control_client_sighandler);
signal(SIGWINCH, control_client_sigrelay);
rawmode = tty_flag;
if (tty_flag)
enter_raw_mode(force_tty_flag);
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
/*
* Stick around until the controlee closes the client_fd.
@ -1684,22 +1748,35 @@ mux_client_request_session(int fd)
if (mux_client_read_packet(fd, &m) != 0)
break;
type = buffer_get_int(&m);
if (type != MUX_S_EXIT_MESSAGE) {
switch (type) {
case MUX_S_TTY_ALLOC_FAIL:
if ((esid = buffer_get_int(&m)) != sid)
fatal("%s: tty alloc fail on unknown session: "
"my id %u theirs %u",
__func__, sid, esid);
leave_raw_mode(options.request_tty ==
REQUEST_TTY_FORCE);
rawmode = 0;
continue;
case MUX_S_EXIT_MESSAGE:
if ((esid = buffer_get_int(&m)) != sid)
fatal("%s: exit on unknown session: "
"my id %u theirs %u",
__func__, sid, esid);
if (exitval_seen)
fatal("%s: exitval sent twice", __func__);
exitval = buffer_get_int(&m);
exitval_seen = 1;
continue;
default:
e = buffer_get_string(&m, NULL);
fatal("%s: master returned error: %s", __func__, e);
}
if ((esid = buffer_get_int(&m)) != sid)
fatal("%s: exit on unknown session: my id %u theirs %u",
__func__, sid, esid);
debug("%s: master session id: %u", __func__, sid);
if (exitval_seen)
fatal("%s: exitval sent twice", __func__);
exitval = buffer_get_int(&m);
exitval_seen = 1;
}
close(fd);
leave_raw_mode(force_tty_flag);
if (rawmode)
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
if (muxclient_terminate) {
debug2("Exiting on signal %d", muxclient_terminate);
@ -1813,6 +1890,50 @@ mux_client_request_stdio_fwd(int fd)
fatal("%s: master returned unexpected message %u", __func__, type);
}
static void
mux_client_request_stop_listening(int fd)
{
Buffer m;
char *e;
u_int type, rid;
debug3("%s: entering", __func__);
buffer_init(&m);
buffer_put_int(&m, MUX_C_STOP_LISTENING);
buffer_put_int(&m, muxclient_request_id);
if (mux_client_write_packet(fd, &m) != 0)
fatal("%s: write packet: %s", __func__, strerror(errno));
buffer_clear(&m);
/* Read their reply */
if (mux_client_read_packet(fd, &m) != 0)
fatal("%s: read from master failed: %s",
__func__, strerror(errno));
type = buffer_get_int(&m);
if ((rid = buffer_get_int(&m)) != muxclient_request_id)
fatal("%s: out of sequence reply: my id %u theirs %u",
__func__, muxclient_request_id, rid);
switch (type) {
case MUX_S_OK:
break;
case MUX_S_PERMISSION_DENIED:
e = buffer_get_string(&m, NULL);
fatal("Master refused stop listening request: %s", e);
case MUX_S_FAILURE:
e = buffer_get_string(&m, NULL);
fatal("%s: stop listening request failed: %s", __func__, e);
default:
fatal("%s: unexpected response from master 0x%08x",
__func__, type);
}
buffer_free(&m);
muxclient_request_id++;
}
/* Multiplex client main loop. */
void
muxclient(const char *path)
@ -1906,6 +2027,10 @@ muxclient(const char *path)
case SSHMUX_COMMAND_STDIO_FWD:
mux_client_request_stdio_fwd(sock);
exit(0);
case SSHMUX_COMMAND_STOP:
mux_client_request_stop_listening(sock);
fprintf(stderr, "Stop listening request sent.\r\n");
exit(0);
default:
fatal("unrecognised muxclient_command %d", muxclient_command);
}

21
myproposal.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: myproposal.h,v 1.27 2010/09/01 22:42:13 djm Exp $ */
/* $OpenBSD: myproposal.h,v 1.28 2011/08/02 01:22:11 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -75,10 +75,25 @@
"arcfour256,arcfour128," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
#ifdef HAVE_EVP_SHA256
#define SHA2_HMAC_MODES \
"hmac-sha2-256," \
"hmac-sha2-256-96," \
"hmac-sha2-512," \
"hmac-sha2-512-96,"
#else
# define SHA2_HMAC_MODES
#endif
#define KEX_DEFAULT_MAC \
"hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
"hmac-md5," \
"hmac-sha1," \
"umac-64@openssh.com," \
SHA2_HMAC_MODES \
"hmac-ripemd160," \
"hmac-ripemd160@openssh.com," \
"hmac-sha1-96,hmac-md5-96"
"hmac-sha1-96," \
"hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
#define KEX_DEFAULT_LANG ""

17
openbsd-compat/bsd-cygwin_util.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
* Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen@redhat.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -34,9 +34,6 @@
#if defined(open) && open == binary_open
# undef open
#endif
#if defined(pipe) && open == binary_pipe
# undef pipe
#endif
#include <sys/types.h>
@ -59,18 +56,6 @@ binary_open(const char *filename, int flags, ...)
return (open(filename, flags | O_BINARY, mode));
}
int
binary_pipe(int fd[2])
{
int ret = pipe(fd);
if (!ret) {
setmode(fd[0], O_BINARY);
setmode(fd[1], O_BINARY);
}
return (ret);
}
int
check_ntsec(const char *filename)
{

6
openbsd-compat/bsd-cygwin_util.h
View File

@ -1,7 +1,7 @@
/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
/* $Id: bsd-cygwin_util.h,v 1.13 2011/08/17 01:31:09 djm Exp $ */
/*
* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
* Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen@redhat.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -41,13 +41,11 @@
#include <io.h>
int binary_open(const char *, int , ...);
int binary_pipe(int fd[2]);
int check_ntsec(const char *);
char **fetch_windows_environment(void);
void free_windows_environment(char **);
#define open binary_open
#define pipe binary_pipe
#endif /* HAVE_CYGWIN */

6
openbsd-compat/openssl-compat.c
View File

@ -1,4 +1,4 @@
/* $Id: openssl-compat.c,v 1.13 2011/01/21 22:37:06 dtucker Exp $ */
/* $Id: openssl-compat.c,v 1.14 2011/05/10 01:13:38 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -134,9 +134,9 @@ RSA_get_default_method(void)
#ifdef USE_OPENSSL_ENGINE
void
ssh_SSLeay_add_all_algorithms(void)
ssh_OpenSSL_add_all_algorithms(void)
{
SSLeay_add_all_algorithms();
OpenSSL_add_all_algorithms();
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();

10
openbsd-compat/openssl-compat.h
View File

@ -1,4 +1,4 @@
/* $Id: openssl-compat.h,v 1.18 2011/01/21 22:37:06 dtucker Exp $ */
/* $Id: openssl-compat.h,v 1.19 2011/05/10 01:13:38 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -106,10 +106,10 @@ RSA_METHOD *RSA_get_default_method(void);
# endif
# ifdef USE_OPENSSL_ENGINE
# ifdef SSLeay_add_all_algorithms
# undef SSLeay_add_all_algorithms
# ifdef OpenSSL_add_all_algorithms
# undef OpenSSL_add_all_algorithms
# endif
# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms()
# endif
# ifndef HAVE_BN_IS_PRIME_EX
@ -129,6 +129,6 @@ int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
unsigned char *, int);
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
void ssh_SSLeay_add_all_algorithms(void);
void ssh_OpenSSL_add_all_algorithms(void);
#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */

24
openbsd-compat/port-linux.c
View File

@ -1,4 +1,4 @@
/* $Id: port-linux.c,v 1.11.4.3 2011/02/06 02:24:17 dtucker Exp $ */
/* $Id: port-linux.c,v 1.16 2011/08/29 06:09:57 djm Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@ -38,6 +38,10 @@
#include <selinux/flask.h>
#include <selinux/get_context_list.h>
#ifndef SSH_SELINUX_UNCONFINED_TYPE
# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:"
#endif
/* Wrapper around is_selinux_enabled() to log its return value once only */
int
ssh_selinux_enabled(void)
@ -177,12 +181,13 @@ ssh_selinux_change_context(const char *newname)
{
int len, newlen;
char *oldctx, *newctx, *cx;
void (*switchlog) (const char *fmt,...) = logit;
if (!ssh_selinux_enabled())
return;
if (getcon((security_context_t *)&oldctx) < 0) {
logit("%s: getcon failed with %s", __func__, strerror (errno));
logit("%s: getcon failed with %s", __func__, strerror(errno));
return;
}
if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
@ -191,6 +196,14 @@ ssh_selinux_change_context(const char *newname)
return;
}
/*
* Check whether we are attempting to switch away from an unconfined
* security context.
*/
if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
switchlog = debug3;
newlen = strlen(oldctx) + strlen(newname) + 1;
newctx = xmalloc(newlen);
len = cx - oldctx + 1;
@ -198,10 +211,11 @@ ssh_selinux_change_context(const char *newname)
strlcpy(newctx + len, newname, newlen - len);
if ((cx = index(cx + 1, ':')))
strlcat(newctx, cx, newlen);
debug3("%s: setting context from '%s' to '%s'", __func__, oldctx,
newctx);
debug3("%s: setting context from '%s' to '%s'", __func__,
oldctx, newctx);
if (setcon(newctx) < 0)
logit("%s: setcon failed with %s", __func__, strerror (errno));
switchlog("%s: setcon %s from %s failed with %s", __func__,
newctx, oldctx, strerror(errno));
xfree(oldctx);
xfree(newctx);
}

2
openbsd-compat/port-linux.h
View File

@ -1,4 +1,4 @@
/* $Id: port-linux.h,v 1.4.10.1 2011/02/04 00:42:21 djm Exp $ */
/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>

2
openbsd-compat/regress/closefromtest.c
View File

@ -24,6 +24,8 @@
#define NUM_OPENS 10
int closefrom(int);
void
fail(char *msg)
{

44
packet.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.c,v 1.172 2010/11/13 23:27:50 djm Exp $ */
/* $OpenBSD: packet.c,v 1.173 2011/05/06 21:14:05 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -422,10 +422,8 @@ packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets,
state->bytes = bytes;
}
/* returns 1 if connection is via ipv4 */
int
packet_connection_is_ipv4(void)
static int
packet_connection_af(void)
{
struct sockaddr_storage to;
socklen_t tolen = sizeof(to);
@ -439,9 +437,9 @@ packet_connection_is_ipv4(void)
#ifdef IPV4_IN_IPV6
if (to.ss_family == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
return 1;
return AF_INET;
#endif
return 0;
return to.ss_family;
}
/* Sets the connection into non-blocking mode. */
@ -1752,16 +1750,30 @@ packet_not_very_much_data_to_write(void)
static void
packet_set_tos(int tos)
{
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
if (!packet_connection_is_on_socket() ||
!packet_connection_is_ipv4())
#ifndef IP_TOS_IS_BROKEN
if (!packet_connection_is_on_socket())
return;
debug3("%s: set IP_TOS 0x%02x", __func__, tos);
if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos,
sizeof(tos)) < 0)
error("setsockopt IP_TOS %d: %.100s:",
tos, strerror(errno));
#endif
switch (packet_connection_af()) {
# ifdef IP_TOS
case AF_INET:
debug3("%s: set IP_TOS 0x%02x", __func__, tos);
if (setsockopt(active_state->connection_in,
IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
error("setsockopt IP_TOS %d: %.100s:",
tos, strerror(errno));
break;
# endif /* IP_TOS */
# ifdef IPV6_TCLASS
case AF_INET6:
debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos);
if (setsockopt(active_state->connection_in,
IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0)
error("setsockopt IPV6_TCLASS %d: %.100s:",
tos, strerror(errno));
break;
# endif /* IPV6_TCLASS */
}
#endif /* IP_TOS_IS_BROKEN */
}
/* Informs that the current session is interactive. Sets IP flags for that. */

3
packet.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.h,v 1.55 2010/11/13 23:27:50 djm Exp $ */
/* $OpenBSD: packet.h,v 1.56 2011/05/06 21:14:05 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -92,7 +92,6 @@ int packet_have_data_to_write(void);
int packet_not_very_much_data_to_write(void);
int packet_connection_is_on_socket(void);
int packet_connection_is_ipv4(void);
int packet_remaining(void);
void packet_send_ignore(int);
void packet_add_padding(u_char);

2
pathnames.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */
/* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

119
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.193 2011/05/24 07:15:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -134,7 +134,7 @@ typedef enum {
oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oKexAlgorithms, oIPQoS,
oKexAlgorithms, oIPQoS, oRequestTTY,
oDeprecated, oUnsupported
} OpCodes;
@ -193,9 +193,9 @@ static struct {
{ "host", oHost },
{ "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile },
{ "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
{ "globalknownhostsfile2", oDeprecated },
{ "userknownhostsfile", oUserKnownHostsFile },
{ "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
{ "userknownhostsfile2", oDeprecated },
{ "connectionattempts", oConnectionAttempts },
{ "batchmode", oBatchMode },
{ "checkhostip", oCheckHostIP },
@ -245,6 +245,7 @@ static struct {
#endif
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
{ "requesttty", oRequestTTY },
{ NULL, oBadOption }
};
@ -353,8 +354,10 @@ process_config_line(Options *options, const char *host,
char *line, const char *filename, int linenum,
int *activep)
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
int opcode, *intptr, value, value2, scale;
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
char **cpptr, fwdarg[256];
u_int *uintptr, max_entries = 0;
int negated, opcode, *intptr, value, value2, scale;
LogLevel *log_level_ptr;
long long orig, val64;
size_t len;
@ -597,26 +600,33 @@ process_config_line(Options *options, const char *host,
parse_string:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
fatal("%.200s line %d: Missing argument.",
filename, linenum);
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
case oGlobalKnownHostsFile:
charptr = &options->system_hostfile;
goto parse_string;
cpptr = (char **)&options->system_hostfiles;
uintptr = &options->num_system_hostfiles;
max_entries = SSH_MAX_HOSTS_FILES;
parse_char_array:
if (*activep && *uintptr == 0) {
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
if ((*uintptr) >= max_entries)
fatal("%s line %d: "
"too many authorized keys files.",
filename, linenum);
cpptr[(*uintptr)++] = xstrdup(arg);
}
}
return 0;
case oUserKnownHostsFile:
charptr = &options->user_hostfile;
goto parse_string;
case oGlobalKnownHostsFile2:
charptr = &options->system_hostfile2;
goto parse_string;
case oUserKnownHostsFile2:
charptr = &options->user_hostfile2;
goto parse_string;
cpptr = (char **)&options->user_hostfiles;
uintptr = &options->num_user_hostfiles;
max_entries = SSH_MAX_HOSTS_FILES;
goto parse_char_array;
case oHostName:
charptr = &options->hostname;
@ -793,12 +803,28 @@ process_config_line(Options *options, const char *host,
case oHost:
*activep = 0;
while ((arg = strdelim(&s)) != NULL && *arg != '\0')
arg2 = NULL;
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
negated = *arg == '!';
if (negated)
arg++;
if (match_pattern(host, arg)) {
debug("Applying options for %.100s", arg);
if (negated) {
debug("%.200s line %d: Skipping Host "
"block because of negated match "
"for %.100s", filename, linenum,
arg);
*activep = 0;
break;
}
if (!*activep)
arg2 = arg; /* logged below */
*activep = 1;
break;
}
}
if (*activep)
debug("%.200s line %d: Applying options for %.100s",
filename, linenum, arg2);
/* Avoid garbage check below, as strdelim is done. */
return 0;
@ -997,6 +1023,26 @@ process_config_line(Options *options, const char *host,
intptr = &options->use_roaming;
goto parse_flag;
case oRequestTTY:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%s line %d: missing argument.",
filename, linenum);
intptr = &options->request_tty;
if (strcasecmp(arg, "yes") == 0)
value = REQUEST_TTY_YES;
else if (strcasecmp(arg, "no") == 0)
value = REQUEST_TTY_NO;
else if (strcasecmp(arg, "force") == 0)
value = REQUEST_TTY_FORCE;
else if (strcasecmp(arg, "auto") == 0)
value = REQUEST_TTY_AUTO;
else
fatal("Unsupported RequestTTY \"%s\"", arg);
if (*activep && *intptr == -1)
*intptr = value;
break;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@ -1121,10 +1167,8 @@ initialize_options(Options * options)
options->proxy_command = NULL;
options->user = NULL;
options->escape_char = -1;
options->system_hostfile = NULL;
options->user_hostfile = NULL;
options->system_hostfile2 = NULL;
options->user_hostfile2 = NULL;
options->num_system_hostfiles = 0;
options->num_user_hostfiles = 0;
options->local_forwards = NULL;
options->num_local_forwards = 0;
options->remote_forwards = NULL;
@ -1157,6 +1201,7 @@ initialize_options(Options * options)
options->zero_knowledge_password_authentication = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->request_tty = -1;
}
/*
@ -1263,14 +1308,18 @@ fill_default_options(Options * options)
}
if (options->escape_char == -1)
options->escape_char = '~';
if (options->system_hostfile == NULL)
options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
if (options->user_hostfile == NULL)
options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
if (options->system_hostfile2 == NULL)
options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
if (options->user_hostfile2 == NULL)
options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
if (options->num_system_hostfiles == 0) {
options->system_hostfiles[options->num_system_hostfiles++] =
xstrdup(_PATH_SSH_SYSTEM_HOSTFILE);
options->system_hostfiles[options->num_system_hostfiles++] =
xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
}
if (options->num_user_hostfiles == 0) {
options->user_hostfiles[options->num_user_hostfiles++] =
xstrdup(_PATH_SSH_USER_HOSTFILE);
options->user_hostfiles[options->num_user_hostfiles++] =
xstrdup(_PATH_SSH_USER_HOSTFILE2);
}
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
options->log_level = SYSLOG_LEVEL_INFO;
if (options->clear_forwardings == 1)
@ -1315,6 +1364,8 @@ fill_default_options(Options * options)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->request_tty == -1)
options->request_tty = REQUEST_TTY_AUTO;
/* options->local_command should not be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */

19
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.88 2010/11/13 23:27:50 djm Exp $ */
/* $OpenBSD: readconf.h,v 1.90 2011/05/24 07:15:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -27,7 +27,8 @@ typedef struct {
} Forward;
/* Data structure for representing option data. */
#define MAX_SEND_ENV 256
#define MAX_SEND_ENV 256
#define SSH_MAX_HOSTS_FILES 256
typedef struct {
int forward_agent; /* Forward authentication agent. */
@ -83,10 +84,10 @@ typedef struct {
char *user; /* User to log in as. */
int escape_char; /* Escape character; -2 = none */
char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */
char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */
char *system_hostfile2;
char *user_hostfile2;
u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */
char *system_hostfiles[SSH_MAX_HOSTS_FILES];
u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */
char *user_hostfiles[SSH_MAX_HOSTS_FILES];
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
char *pkcs11_provider; /* PKCS#11 provider */
@ -132,6 +133,7 @@ typedef struct {
int use_roaming;
int request_tty;
} Options;
#define SSHCTL_MASTER_NO 0
@ -140,6 +142,11 @@ typedef struct {
#define SSHCTL_MASTER_ASK 3
#define SSHCTL_MASTER_AUTO_ASK 4
#define REQUEST_TTY_AUTO 0
#define REQUEST_TTY_NO 1
#define REQUEST_TTY_YES 2
#define REQUEST_TTY_FORCE 3
void initialize_options(Options *);
void fill_default_options(Options *);
int read_config_file(const char *, const char *, Options *, int);

6
regress/README.regress
View File

@ -93,10 +93,6 @@ Failed tests can be difficult to diagnose. Suggestions:
Known Issues.
- If your build requires ssh-rand-helper regress tests will fail
unless ssh-rand-helper is in pre-installed (the path to
ssh-rand-helper is hard coded).
- Similarly, if you do not have "scp" in your system's $PATH then the
multiplex scp tests will fail (since the system's shell startup scripts
will determine where the shell started by sshd will look for scp).
@ -105,4 +101,4 @@ Known Issues.
test to fail. The old behaviour can be restored by setting (and
exporting) _POSIX2_VERSION=199209 before running the tests.
$Id: README.regress,v 1.11 2010/08/16 21:04:29 djm Exp $
$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $

2
regress/cert-hostkey.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cert-hostkey.sh,v 1.5 2010/08/31 12:24:09 djm Exp $
# $OpenBSD: cert-hostkey.sh,v 1.6 2011/05/20 02:43:36 djm Exp $
# Placed in the Public Domain.
tid="certified host keys"

4
regress/cert-userkey.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cert-userkey.sh,v 1.7 2010/08/31 12:24:09 djm Exp $
# $OpenBSD: cert-userkey.sh,v 1.8 2011/05/17 07:13:31 djm Exp $
# Placed in the Public Domain.
tid="certified user keys"
@ -27,7 +27,7 @@ for ktype in rsa dsa $ecdsa ; do
-n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
fail "couldn't sign cert_user_key_${ktype}"
# v00 ecdsa certs do not exist
test "{ktype}" = "ecdsa" && continue
test "${ktype}" = "ecdsa" && continue
cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00
cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub
${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \

66
regress/cfgmatch.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cfgmatch.sh,v 1.4 2006/12/13 08:36:36 dtucker Exp $
# $OpenBSD: cfgmatch.sh,v 1.6 2011/06/03 05:35:10 dtucker Exp $
# Placed in the Public Domain.
tid="sshd_config match"
@ -7,6 +7,28 @@ pidfile=$OBJ/remote_pid
fwdport=3301
fwd="-L $fwdport:127.0.0.1:$PORT"
echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_config
echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_proxy
start_client()
{
rm -f $pidfile
${SSH} -q -$p $fwd "$@" somehost \
exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \
>>$TEST_SSH_LOGFILE 2>&1 &
client_pid=$!
# Wait for remote end
n=0
while test ! -f $pidfile ; do
sleep 1
n=`expr $n + 1`
if test $n -gt 60; then
kill $client_pid
fatal "timeout waiting for background ssh"
fi
done
}
stop_client()
{
pid=`cat $pidfile`
@ -14,11 +36,15 @@ stop_client()
kill $pid
sleep 1
fi
wait
}
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy
echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config
echo "Match user $USER" >>$OBJ/sshd_proxy
echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
echo "Match Address 127.0.0.1" >>$OBJ/sshd_config
echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config
@ -32,12 +58,8 @@ start_sshd
# Test Match + PermitOpen in sshd_config. This should be permitted
for p in 1 2; do
rm -f $pidfile
trace "match permitopen localhost proto $p"
${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \
exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen proto $p sshd failed"
sleep 1;
start_client -F $OBJ/ssh_config
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
fail "match permitopen permit proto $p"
stop_client
@ -45,12 +67,8 @@ done
# Same but from different source. This should not be permitted
for p in 1 2; do
rm -f $pidfile
trace "match permitopen proxy proto $p"
${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen proxy proto $p sshd failed"
sleep 1;
start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
fail "match permitopen deny proto $p"
stop_client
@ -62,12 +80,8 @@ cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER
echon 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER
cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER
for p in 1 2; do
rm -f $pidfile
trace "match permitopen proxy w/key opts proto $p"
${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen w/key opt proto $p sshd failed"
sleep 1;
start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
fail "match permitopen deny w/key opt proto $p"
stop_client
@ -76,12 +90,8 @@ done
# Test both sshd_config and key options permitting the same dst/port pair.
# Should be permitted.
for p in 1 2; do
rm -f $pidfile
trace "match permitopen localhost proto $p"
${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \
exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen proto $p sshd failed"
sleep 1;
start_client -F $OBJ/ssh_config
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
fail "match permitopen permit proto $p"
stop_client
@ -94,12 +104,8 @@ echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy
# Test that a Match overrides a PermitOpen in the global section
for p in 1 2; do
rm -f $pidfile
trace "match permitopen proxy w/key opts proto $p"
${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match override permitopen proto $p sshd failed"
sleep 1;
start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
fail "match override permitopen proto $p"
stop_client
@ -113,12 +119,8 @@ echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy
# Test that a rule that doesn't match doesn't override, plus test a
# PermitOpen entry that's not at the start of the list
for p in 1 2; do
rm -f $pidfile
trace "nomatch permitopen proxy w/key opts proto $p"
${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "nomatch override permitopen proto $p sshd failed"
sleep 1;
start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
fail "nomatch override permitopen proto $p"
stop_client

10
regress/cipher-speed.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cipher-speed.sh,v 1.3 2007/06/07 19:41:46 pvalchev Exp $
# $OpenBSD: cipher-speed.sh,v 1.4 2011/08/02 01:23:41 djm Exp $
# Placed in the Public Domain.
tid="cipher speed"
@ -12,9 +12,13 @@ tries="1 2"
DATA=/bin/ls
DATA=/bsd
macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96"
ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr"
arcfour128 arcfour256 arcfour
aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
aes128-ctr aes192-ctr aes256-ctr"
macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96"
config_defined HAVE_EVP_SHA256 &&
macs="$macs hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96"
for c in $ciphers; do for m in $macs; do
trace "proto 2 cipher $c mac $m"

14
regress/connect-privsep.sh
View File

@ -1,8 +1,9 @@
# $OpenBSD: connect-privsep.sh,v 1.1 2002/03/21 21:45:07 markus Exp $
# $OpenBSD: connect-privsep.sh,v 1.2 2011/06/30 22:44:43 markus Exp $
# Placed in the Public Domain.
tid="proxy connect with privsep"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy
for p in 1 2; do
@ -11,3 +12,14 @@ for p in 1 2; do
fail "ssh privsep+proxyconnect protocol $p failed"
fi
done
cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy
for p in 1 2; do
${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
if [ $? -ne 0 ]; then
# XXX replace this with fail once sandbox has stabilised
warn "ssh privsep/sandbox+proxyconnect protocol $p failed"
fi
done

23
regress/dynamic-forward.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $
# $OpenBSD: dynamic-forward.sh,v 1.9 2011/06/03 00:29:52 dtucker Exp $
# Placed in the Public Domain.
tid="dynamic forwarding"
@ -20,9 +20,23 @@ trace "will use ProxyCommand $proxycmd"
start_sshd
for p in 1 2; do
n=0
error="1"
trace "start dynamic forwarding, fork to background"
${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q somehost \
exec sh -c \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
while [ "$error" -ne 0 -a "$n" -lt 3 ]; do
n=`expr $n + 1`
${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q \
-oExitOnForwardFailure=yes somehost exec sh -c \
\'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
error=$?
if [ "$error" -ne 0 ]; then
trace "forward failed proto $p attempt $n err $error"
sleep $n
fi
done
if [ "$error" -ne 0 ]; then
fatal "failed to start dynamic forwarding proto $p"
fi
for s in 4 5; do
for h in 127.0.0.1 localhost; do
@ -44,7 +58,4 @@ for p in 1 2; do
else
fail "no pid file: $OBJ/remote_pid"
fi
# Must allow time for connection tear-down
sleep 2
done

5
regress/test-exec.sh
View File

@ -204,6 +204,11 @@ verbose ()
fi
}
warn ()
{
echo "WARNING: $@" >>$TEST_SSH_LOGFILE
echo "WARNING: $@"
}
fail ()
{

4
regress/try-ciphers.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: try-ciphers.sh,v 1.11 2007/06/07 19:41:46 pvalchev Exp $
# $OpenBSD: try-ciphers.sh,v 1.12 2011/08/02 01:23:41 djm Exp $
# Placed in the Public Domain.
tid="try ciphers"
@ -8,6 +8,8 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
aes128-ctr aes192-ctr aes256-ctr"
macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96"
config_defined HAVE_EVP_SHA256 &&
macs="$macs hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96"
for c in $ciphers; do
for m in $macs; do

98
sandbox-darwin.c Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifdef SANDBOX_DARWIN
#include <sys/types.h>
#include <sandbox.h>
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "log.h"
#include "sandbox.h"
#include "xmalloc.h"
/* Darwin/OS X sandbox */
struct ssh_sandbox {
pid_t child_pid;
};
struct ssh_sandbox *
ssh_sandbox_init(void)
{
struct ssh_sandbox *box;
/*
* Strictly, we don't need to maintain any state here but we need
* to return non-NULL to satisfy the API.
*/
debug3("%s: preparing Darwin sandbox", __func__);
box = xcalloc(1, sizeof(*box));
box->child_pid = 0;
return box;
}
void
ssh_sandbox_child(struct ssh_sandbox *box)
{
char *errmsg;
struct rlimit rl_zero;
debug3("%s: starting Darwin sandbox", __func__);
if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
&errmsg) == -1)
fatal("%s: sandbox_init: %s", __func__, errmsg);
/*
* The kSBXProfilePureComputation still allows sockets, so
* we must disable these using rlimit.
*/
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
__func__, strerror(errno));
}
void
ssh_sandbox_parent_finish(struct ssh_sandbox *box)
{
free(box);
debug3("%s: finished", __func__);
}
void
ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
{
box->child_pid = child_pid;
}
#endif /* SANDBOX_DARWIN */

72
sandbox-null.c Normal file
View File

@ -0,0 +1,72 @@
/* $OpenBSD$ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifdef SANDBOX_NULL
#include <sys/types.h>
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "log.h"
#include "ssh-sandbox.h"
#include "xmalloc.h"
/* dummy sandbox */
struct ssh_sandbox {
int junk;
};
struct ssh_sandbox *
ssh_sandbox_init(void)
{
struct ssh_sandbox *box;
/*
* Strictly, we don't need to maintain any state here but we need
* to return non-NULL to satisfy the API.
*/
box = xcalloc(1, sizeof(*box));
return box;
}
void
ssh_sandbox_child(struct ssh_sandbox *box)
{
/* Nothing to do here */
}
void
ssh_sandbox_parent_finish(struct ssh_sandbox *box)
{
free(box);
}
void
ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
{
/* Nothing to do here */
}
#endif /* SANDBOX_NULL */

93
sandbox-rlimit.c Normal file
View File

@ -0,0 +1,93 @@
/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifdef SANDBOX_RLIMIT
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "log.h"
#include "ssh-sandbox.h"
#include "xmalloc.h"
/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
struct ssh_sandbox {
pid_t child_pid;
};
struct ssh_sandbox *
ssh_sandbox_init(void)
{
struct ssh_sandbox *box;
/*
* Strictly, we don't need to maintain any state here but we need
* to return non-NULL to satisfy the API.
*/
debug3("%s: preparing rlimit sandbox", __func__);
box = xcalloc(1, sizeof(*box));
box->child_pid = 0;
return box;
}
void
ssh_sandbox_child(struct ssh_sandbox *box)
{
struct rlimit rl_zero;
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
#ifdef HAVE_RLIMIT_NPROC
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
__func__, strerror(errno));
#endif
}
void
ssh_sandbox_parent_finish(struct ssh_sandbox *box)
{
free(box);
debug3("%s: finished", __func__);
}
void
ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
{
box->child_pid = child_pid;
}
#endif /* SANDBOX_RLIMIT */

198
sandbox-systrace.c Normal file
View File

@ -0,0 +1,198 @@
/* $OpenBSD: sandbox-systrace.c,v 1.4 2011/07/29 14:42:45 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifdef SANDBOX_SYSTRACE
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/syscall.h>
#include <sys/socket.h>
#include <dev/systrace.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "atomicio.h"
#include "log.h"
#include "ssh-sandbox.h"
#include "xmalloc.h"
struct sandbox_policy {
int syscall;
int action;
};
/* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */
static const struct sandbox_policy preauth_policy[] = {
{ SYS_open, SYSTR_POLICY_NEVER },
{ SYS___sysctl, SYSTR_POLICY_PERMIT },
{ SYS_close, SYSTR_POLICY_PERMIT },
{ SYS_exit, SYSTR_POLICY_PERMIT },
{ SYS_getpid, SYSTR_POLICY_PERMIT },
{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
{ SYS_madvise, SYSTR_POLICY_PERMIT },
{ SYS_mmap, SYSTR_POLICY_PERMIT },
{ SYS_mprotect, SYSTR_POLICY_PERMIT },
{ SYS_poll, SYSTR_POLICY_PERMIT },
{ SYS_munmap, SYSTR_POLICY_PERMIT },
{ SYS_read, SYSTR_POLICY_PERMIT },
{ SYS_select, SYSTR_POLICY_PERMIT },
{ SYS_sigprocmask, SYSTR_POLICY_PERMIT },
{ SYS_write, SYSTR_POLICY_PERMIT },
{ -1, -1 }
};
struct ssh_sandbox {
int child_sock;
int parent_sock;
int systrace_fd;
pid_t child_pid;
};
struct ssh_sandbox *
ssh_sandbox_init(void)
{
struct ssh_sandbox *box;
int s[2];
debug3("%s: preparing systrace sandbox", __func__);
box = xcalloc(1, sizeof(*box));
if (socketpair(AF_UNIX, SOCK_STREAM, 0, s) == -1)
fatal("%s: socketpair: %s", __func__, strerror(errno));
box->child_sock = s[0];
box->parent_sock = s[1];
box->systrace_fd = -1;
box->child_pid = 0;
return box;
}
void
ssh_sandbox_child(struct ssh_sandbox *box)
{
char whatever = 0;
close(box->parent_sock);
/* Signal parent that we are ready */
debug3("%s: ready", __func__);
if (atomicio(vwrite, box->child_sock, &whatever, 1) != 1)
fatal("%s: write: %s", __func__, strerror(errno));
/* Wait for parent to signal for us to go */
if (atomicio(read, box->child_sock, &whatever, 1) != 1)
fatal("%s: read: %s", __func__, strerror(errno));
debug3("%s: started", __func__);
close(box->child_sock);
}
static void
ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
const struct sandbox_policy *allowed_syscalls)
{
int dev_systrace, i, j, found;
char whatever = 0;
struct systrace_policy policy;
debug3("%s: wait for child %ld", __func__, (long)child_pid);
box->child_pid = child_pid;
close(box->child_sock);
/* Wait for child to signal that it is ready */
if (atomicio(read, box->parent_sock, &whatever, 1) != 1)
fatal("%s: read: %s", __func__, strerror(errno));
debug3("%s: child %ld ready", __func__, (long)child_pid);
/* Set up systracing of child */
if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1)
fatal("%s: open(\"/dev/systrace\"): %s", __func__,
strerror(errno));
if (ioctl(dev_systrace, STRIOCCLONE, &box->systrace_fd) == -1)
fatal("%s: ioctl(STRIOCCLONE, %d): %s", __func__,
dev_systrace, strerror(errno));
close(dev_systrace);
debug3("%s: systrace attach, fd=%d", __func__, box->systrace_fd);
if (ioctl(box->systrace_fd, STRIOCATTACH, &child_pid) == -1)
fatal("%s: ioctl(%d, STRIOCATTACH, %d): %s", __func__,
box->systrace_fd, child_pid, strerror(errno));
/* Allocate and assign policy */
bzero(&policy, sizeof(policy));
policy.strp_op = SYSTR_POLICY_NEW;
policy.strp_maxents = SYS_MAXSYSCALL;
if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
fatal("%s: ioctl(%d, STRIOCPOLICY (new)): %s", __func__,
box->systrace_fd, strerror(errno));
policy.strp_op = SYSTR_POLICY_ASSIGN;
policy.strp_pid = box->child_pid;
if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
fatal("%s: ioctl(%d, STRIOCPOLICY (assign)): %s",
__func__, box->systrace_fd, strerror(errno));
/* Set per-syscall policy */
for (i = 0; i < SYS_MAXSYSCALL; i++) {
found = 0;
for (j = 0; allowed_syscalls[j].syscall != -1; j++) {
if (allowed_syscalls[j].syscall == i) {
found = 1;
break;
}
}
policy.strp_op = SYSTR_POLICY_MODIFY;
policy.strp_code = i;
policy.strp_policy = found ?
allowed_syscalls[j].action : SYSTR_POLICY_KILL;
if (found)
debug3("%s: policy: enable syscall %d", __func__, i);
if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
fatal("%s: ioctl(%d, STRIOCPOLICY (modify)): %s",
__func__, box->systrace_fd, strerror(errno));
}
/* Signal the child to start running */
debug3("%s: start child %ld", __func__, (long)child_pid);
if (atomicio(vwrite, box->parent_sock, &whatever, 1) != 1)
fatal("%s: write: %s", __func__, strerror(errno));
close(box->parent_sock);
}
void
ssh_sandbox_parent_finish(struct ssh_sandbox *box)
{
/* Closing this before the child exits will terminate it */
close(box->systrace_fd);
free(box);
debug3("%s: finished", __func__);
}
void
ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
{
ssh_sandbox_parent(box, child_pid, preauth_policy);
}
#endif /* SANDBOX_SYSTRACE */

2
scp.0
View File

@ -153,4 +153,4 @@ AUTHORS
Timo Rinne <tri@iki.fi>
Tatu Ylonen <ylo@cs.hut.fi>
OpenBSD 4.9 December 9, 2010 OpenBSD 4.9
OpenBSD 5.0 December 9, 2010 OpenBSD 5.0

289
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.222 2011/06/22 21:57:01 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -126,8 +126,7 @@ initialize_server_options(ServerOptions *options)
options->use_dns = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
options->num_authkeys_files = 0;
options->num_accept_env = 0;
options->permit_tun = -1;
options->num_permitted_opens = -1;
@ -264,15 +263,12 @@ fill_default_server_options(ServerOptions *options)
options->client_alive_interval = 0;
if (options->client_alive_count_max == -1)
options->client_alive_count_max = 3;
if (options->authorized_keys_file2 == NULL) {
/* authorized_keys_file2 falls back to authorized_keys_file */
if (options->authorized_keys_file != NULL)
options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);
else
options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
if (options->num_authkeys_files == 0) {
options->authorized_keys_files[options->num_authkeys_files++] =
xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
options->authorized_keys_files[options->num_authkeys_files++] =
xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
if (options->zero_knowledge_password_authentication == -1)
@ -284,7 +280,7 @@ fill_default_server_options(ServerOptions *options)
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;
use_privsep = PRIVSEP_ON;
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
@ -321,7 +317,7 @@ typedef enum {
sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
@ -438,7 +434,7 @@ static struct {
{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL },
{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
@ -675,6 +671,43 @@ match_cfg_line(char **condition, int line, const char *user, const char *host,
#define WHITESPACE " \t\r\n"
/* Multistate option parsing */
struct multistate {
char *key;
int value;
};
static const struct multistate multistate_addressfamily[] = {
{ "inet", AF_INET },
{ "inet6", AF_INET6 },
{ "any", AF_UNSPEC },
{ NULL, -1 }
};
static const struct multistate multistate_permitrootlogin[] = {
{ "without-password", PERMIT_NO_PASSWD },
{ "forced-commands-only", PERMIT_FORCED_ONLY },
{ "yes", PERMIT_YES },
{ "no", PERMIT_NO },
{ NULL, -1 }
};
static const struct multistate multistate_compression[] = {
{ "delayed", COMP_DELAYED },
{ "yes", COMP_ZLIB },
{ "no", COMP_NONE },
{ NULL, -1 }
};
static const struct multistate multistate_gatewayports[] = {
{ "clientspecified", 2 },
{ "yes", 1 },
{ "no", 0 },
{ NULL, -1 }
};
static const struct multistate multistate_privsep[] = {
{ "sandbox", PRIVSEP_SANDBOX },
{ "yes", PRIVSEP_ON },
{ "no", PRIVSEP_OFF },
{ NULL, -1 }
};
int
process_server_config_line(ServerOptions *options, char *line,
const char *filename, int linenum, int *activep, const char *user,
@ -688,6 +721,7 @@ process_server_config_line(ServerOptions *options, char *line,
int port;
u_int i, flags = 0;
size_t len;
const struct multistate *multistate_ptr;
cp = line;
if ((arg = strdelim(&cp)) == NULL)
@ -803,24 +837,27 @@ process_server_config_line(ServerOptions *options, char *line,
break;
case sAddressFamily:
intptr = &options->address_family;
multistate_ptr = multistate_addressfamily;
if (options->listen_addrs != NULL)
fatal("%s line %d: address family must be specified "
"before ListenAddress.", filename, linenum);
parse_multistate:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing address family.",
fatal("%s line %d: missing argument.",
filename, linenum);
intptr = &options->address_family;
if (options->listen_addrs != NULL)
fatal("%s line %d: address family must be specified before "
"ListenAddress.", filename, linenum);
if (strcasecmp(arg, "inet") == 0)
value = AF_INET;
else if (strcasecmp(arg, "inet6") == 0)
value = AF_INET6;
else if (strcasecmp(arg, "any") == 0)
value = AF_UNSPEC;
else
fatal("%s line %d: unsupported address family \"%s\".",
value = -1;
for (i = 0; multistate_ptr[i].key != NULL; i++) {
if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
value = multistate_ptr[i].value;
break;
}
}
if (value == -1)
fatal("%s line %d: unsupported option \"%s\".",
filename, linenum, arg);
if (*intptr == -1)
if (*activep && *intptr == -1)
*intptr = value;
break;
@ -859,27 +896,8 @@ process_server_config_line(ServerOptions *options, char *line,
case sPermitRootLogin:
intptr = &options->permit_root_login;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing yes/"
"without-password/forced-commands-only/no "
"argument.", filename, linenum);
value = 0; /* silence compiler */
if (strcmp(arg, "without-password") == 0)
value = PERMIT_NO_PASSWD;
else if (strcmp(arg, "forced-commands-only") == 0)
value = PERMIT_FORCED_ONLY;
else if (strcmp(arg, "yes") == 0)
value = PERMIT_YES;
else if (strcmp(arg, "no") == 0)
value = PERMIT_NO;
else
fatal("%s line %d: Bad yes/"
"without-password/forced-commands-only/no "
"argument: %s", filename, linenum, arg);
if (*activep && *intptr == -1)
*intptr = value;
break;
multistate_ptr = multistate_permitrootlogin;
goto parse_multistate;
case sIgnoreRhosts:
intptr = &options->ignore_rhosts;
@ -1010,43 +1028,13 @@ process_server_config_line(ServerOptions *options, char *line,
case sCompression:
intptr = &options->compression;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing yes/no/delayed "
"argument.", filename, linenum);
value = 0; /* silence compiler */
if (strcmp(arg, "delayed") == 0)
value = COMP_DELAYED;
else if (strcmp(arg, "yes") == 0)
value = COMP_ZLIB;
else if (strcmp(arg, "no") == 0)
value = COMP_NONE;
else
fatal("%s line %d: Bad yes/no/delayed "
"argument: %s", filename, linenum, arg);
if (*intptr == -1)
*intptr = value;
break;
multistate_ptr = multistate_compression;
goto parse_multistate;
case sGatewayPorts:
intptr = &options->gateway_ports;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing yes/no/clientspecified "
"argument.", filename, linenum);
value = 0; /* silence compiler */
if (strcmp(arg, "clientspecified") == 0)
value = 2;
else if (strcmp(arg, "yes") == 0)
value = 1;
else if (strcmp(arg, "no") == 0)
value = 0;
else
fatal("%s line %d: Bad yes/no/clientspecified "
"argument: %s", filename, linenum, arg);
if (*activep && *intptr == -1)
*intptr = value;
break;
multistate_ptr = multistate_gatewayports;
goto parse_multistate;
case sUseDNS:
intptr = &options->use_dns;
@ -1084,7 +1072,8 @@ process_server_config_line(ServerOptions *options, char *line,
case sUsePrivilegeSeparation:
intptr = &use_privsep;
goto parse_flag;
multistate_ptr = multistate_privsep;
goto parse_multistate;
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
@ -1250,14 +1239,22 @@ process_server_config_line(ServerOptions *options, char *line,
* AuthorizedKeysFile /etc/ssh_keys/%u
*/
case sAuthorizedKeysFile:
charptr = &options->authorized_keys_file;
goto parse_tilde_filename;
case sAuthorizedKeysFile2:
charptr = &options->authorized_keys_file2;
goto parse_tilde_filename;
if (*activep && options->num_authkeys_files == 0) {
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_authkeys_files >=
MAX_AUTHKEYS_FILES)
fatal("%s line %d: "
"too many authorized keys files.",
filename, linenum);
options->authorized_keys_files[
options->num_authkeys_files++] =
tilde_expand_filename(arg, getuid());
}
}
return 0;
case sAuthorizedPrincipalsFile:
charptr = &options->authorized_principals_file;
parse_tilde_filename:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing file name.",
@ -1476,6 +1473,12 @@ parse_server_match_config(ServerOptions *options, const char *user,
dst->n = src->n; \
} \
} while(0)
#define M_CP_STRARRAYOPT(n, num_n) do {\
if (src->num_n != 0) { \
for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
} \
} while(0)
/*
* Copy any supported values that are set.
@ -1511,20 +1514,23 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk);
M_CP_STROPT(banner);
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
/*
* The only things that should be below this point are string options
* which are only used after authentication.
*/
if (preauth)
return;
M_CP_STROPT(adm_forced_command);
M_CP_STROPT(chroot_directory);
M_CP_STROPT(trusted_user_ca_keys);
M_CP_STROPT(revoked_keys_file);
M_CP_STROPT(authorized_keys_file);
M_CP_STROPT(authorized_keys_file2);
M_CP_STROPT(authorized_principals_file);
}
#undef M_CP_INTOPT
#undef M_CP_STROPT
#undef M_CP_STRARRAYOPT
void
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
@ -1549,32 +1555,35 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
filename, bad_options);
}
static const char *
fmt_multistate_int(int val, const struct multistate *m)
{
u_int i;
for (i = 0; m[i].key != NULL; i++) {
if (m[i].value == val)
return m[i].key;
}
return "UNKNOWN";
}
static const char *
fmt_intarg(ServerOpCodes code, int val)
{
if (code == sAddressFamily) {
switch (val) {
case AF_INET:
return "inet";
case AF_INET6:
return "inet6";
case AF_UNSPEC:
return "any";
default:
return "UNKNOWN";
}
}
if (code == sPermitRootLogin) {
switch (val) {
case PERMIT_NO_PASSWD:
return "without-password";
case PERMIT_FORCED_ONLY:
return "forced-commands-only";
case PERMIT_YES:
return "yes";
}
}
if (code == sProtocol) {
if (val == -1)
return "unset";
switch (code) {
case sAddressFamily:
return fmt_multistate_int(val, multistate_addressfamily);
case sPermitRootLogin:
return fmt_multistate_int(val, multistate_permitrootlogin);
case sGatewayPorts:
return fmt_multistate_int(val, multistate_gatewayports);
case sCompression:
return fmt_multistate_int(val, multistate_compression);
case sUsePrivilegeSeparation:
return fmt_multistate_int(val, multistate_privsep);
case sProtocol:
switch (val) {
case SSH_PROTO_1:
return "1";
@ -1585,20 +1594,16 @@ fmt_intarg(ServerOpCodes code, int val)
default:
return "UNKNOWN";
}
default:
switch (val) {
case 0:
return "no";
case 1:
return "yes";
default:
return "UNKNOWN";
}
}
if (code == sGatewayPorts && val == 2)
return "clientspecified";
if (code == sCompression && val == COMP_DELAYED)
return "delayed";
switch (val) {
case -1:
return "unset";
case 0:
return "no";
case 1:
return "yes";
}
return "UNKNOWN";
}
static const char *
@ -1638,7 +1643,18 @@ dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
u_int i;
for (i = 0; i < count; i++)
printf("%s %s\n", lookup_opcode_name(code), vals[i]);
printf("%s %s\n", lookup_opcode_name(code), vals[i]);
}
static void
dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
{
u_int i;
printf("%s", lookup_opcode_name(code));
for (i = 0; i < count; i++)
printf(" %s", vals[i]);
printf("\n");
}
void
@ -1736,8 +1752,6 @@ dump_config(ServerOptions *o)
dump_cfg_string(sCiphers, o->ciphers);
dump_cfg_string(sMacs, o->macs);
dump_cfg_string(sBanner, o->banner);
dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
dump_cfg_string(sForceCommand, o->adm_forced_command);
dump_cfg_string(sChrootDirectory, o->chroot_directory);
dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
@ -1750,6 +1764,8 @@ dump_config(ServerOptions *o)
dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
/* string array arguments */
dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
o->authorized_keys_files);
dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
o->host_key_files);
dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
@ -1775,7 +1791,8 @@ dump_config(ServerOptions *o)
}
dump_cfg_string(sPermitTunnel, s);
printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk);
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
printf("%s\n", iptos2str(o->ip_qos_bulk));
channel_print_adm_permitted_opens();
}

26
servconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */
/* $OpenBSD: servconf.h,v 1.99 2011/06/22 21:57:01 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -27,6 +27,7 @@
#define MAX_HOSTCERTS 256 /* Max # host certificates. */
#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */
#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */
#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */
/* permit_root_login */
#define PERMIT_NOT_SET -1
@ -35,6 +36,11 @@
#define PERMIT_NO_PASSWD 2
#define PERMIT_YES 3
/* use_privsep */
#define PRIVSEP_OFF 0
#define PRIVSEP_ON 1
#define PRIVSEP_SANDBOX 2
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
@ -145,8 +151,8 @@ typedef struct {
* disconnect the session
*/
char *authorized_keys_file; /* File containing public keys */
char *authorized_keys_file2;
u_int num_authkeys_files; /* Files containing public keys */
char *authorized_keys_files[MAX_AUTHKEYS_FILES];
char *adm_forced_command;
@ -162,6 +168,20 @@ typedef struct {
char *authorized_principals_file;
} ServerOptions;
/*
* These are string config options that must be copied between the
* Match sub-config and the main config, and must be sent from the
* privsep slave to the privsep master. We use a macro to ensure all
* the options are copied and the copies are done in the correct order.
*/
#define COPY_MATCH_STRING_OPTS() do { \
M_CP_STROPT(banner); \
M_CP_STROPT(trusted_user_ca_keys); \
M_CP_STROPT(revoked_keys_file); \
M_CP_STROPT(authorized_principals_file); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
} while (0)
void initialize_server_options(ServerOptions *);
void fill_default_server_options(ServerOptions *);
int process_server_config_line(ServerOptions *, char *, const char *, int,

6
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.159 2009/05/28 16:50:16 andreas Exp $ */
/* $OpenBSD: serverloop.c,v 1.160 2011/05/15 08:09:01 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -131,8 +131,8 @@ notify_setup(void)
{
if (pipe(notify_pipe) < 0) {
error("pipe(notify_pipe) failed %s", strerror(errno));
} else if ((fcntl(notify_pipe[0], F_SETFD, 1) == -1) ||
(fcntl(notify_pipe[1], F_SETFD, 1) == -1)) {
} else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) ||
(fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {
error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
close(notify_pipe[0]);
close(notify_pipe[1]);

7
session.c
View File

@ -96,6 +96,10 @@
#include <kafs.h>
#endif
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#endif
#define IS_INTERNAL_SFTP(c) \
(!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
(c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
@ -1531,6 +1535,9 @@ do_pwchange(Session *s)
if (s->ttyfd != -1) {
fprintf(stderr,
"You must change your password now and login again!\n");
#ifdef WITH_SELINUX
setexeccon(NULL);
#endif
#ifdef PASSWD_NEEDS_USERNAME
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
(char *)NULL);

2
sftp-server.0
View File

@ -61,4 +61,4 @@ HISTORY
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 4.9 January 9, 2010 OpenBSD 4.9
OpenBSD 5.0 January 9, 2010 OpenBSD 5.0

6
sftp-server.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-server.c,v 1.93 2010/12/04 00:18:01 djm Exp $ */
/* $OpenBSD: sftp-server.c,v 1.94 2011/06/17 21:46:16 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@ -68,7 +68,7 @@ Buffer iqueue;
Buffer oqueue;
/* Version of client */
int version;
u_int version;
/* Disable writes */
int readonly;
@ -522,7 +522,7 @@ process_init(void)
Buffer msg;
version = get_int();
verbose("received client version %d", version);
verbose("received client version %u", version);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_VERSION);
buffer_put_int(&msg, SSH2_FILEXFER_VERSION);

12
sftp.0
View File

@ -28,7 +28,13 @@ DESCRIPTION
The final usage format allows for automated sessions using the -b option.
In such cases, it is necessary to configure non-interactive
authentication to obviate the need to enter a password at connection time
(see sshd(8) and ssh-keygen(1) for details). The options are as follows:
(see sshd(8) and ssh-keygen(1) for details).
Since some usage formats use colon characters to delimit host names from
path names, IPv6 addresses must be enclosed in square brackets to avoid
ambiguity.
The options are as follows:
-1 Specify the use of protocol version 1.
@ -287,7 +293,7 @@ INTERACTIVE COMMANDS
remote-path is specified, then remote-path must specify a
directory.
If ether the -P or -p flag is specified, then full file
If either the -P or -p flag is specified, then full file
permissions and access times are copied too.
If the -r flag is specified then directories will be copied
@ -328,4 +334,4 @@ SEE ALSO
draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress
material.
OpenBSD 4.9 December 4, 2010 OpenBSD 4.9
OpenBSD 5.0 August 7, 2011 OpenBSD 5.0

10
sftp.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.88 2010/12/04 00:18:01 djm Exp $
.\" $OpenBSD: sftp.1,v 1.90 2011/08/07 12:55:30 dtucker Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 4 2010 $
.Dd $Mdocdate: August 7 2011 $
.Dt SFTP 1
.Os
.Sh NAME
@ -89,6 +89,10 @@ to obviate the need to enter a password at connection time (see
and
.Xr ssh-keygen 1
for details).
.Pp
Since some usage formats use colon characters to delimit host names from path
names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 1
@ -479,7 +483,7 @@ is specified, then
.Ar remote-path
must specify a directory.
.Pp
If ether the
If either the
.Fl P
or
.Fl p

2
ssh-add.0
View File

@ -112,4 +112,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
OpenBSD 5.0 October 28, 2010 OpenBSD 5.0

34
ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */
/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -145,8 +145,12 @@ add_file(AuthenticationConnection *ac, const char *filename)
char *comment = NULL;
char msg[1024], *certpath;
int fd, perms_ok, ret = -1;
Buffer keyblob;
if ((fd = open(filename, O_RDONLY)) < 0) {
if (strcmp(filename, "-") == 0) {
fd = STDIN_FILENO;
filename = "(stdin)";
} else if ((fd = open(filename, O_RDONLY)) < 0) {
perror(filename);
return -1;
}
@ -155,18 +159,28 @@ add_file(AuthenticationConnection *ac, const char *filename)
* Since we'll try to load a keyfile multiple times, permission errors
* will occur multiple times, so check perms first and bail if wrong.
*/
perms_ok = key_perm_ok(fd, filename);
close(fd);
if (!perms_ok)
if (fd != STDIN_FILENO) {
perms_ok = key_perm_ok(fd, filename);
if (!perms_ok) {
close(fd);
return -1;
}
}
buffer_init(&keyblob);
if (!key_load_file(fd, filename, &keyblob)) {
buffer_free(&keyblob);
close(fd);
return -1;
}
close(fd);
/* At first, try empty passphrase */
private = key_load_private(filename, "", &comment);
private = key_parse_private(&keyblob, filename, "", &comment);
if (comment == NULL)
comment = xstrdup(filename);
/* try last */
if (private == NULL && pass != NULL)
private = key_load_private(filename, pass, NULL);
private = key_parse_private(&keyblob, filename, pass, NULL);
if (private == NULL) {
/* clear passphrase since it did not work */
clear_pass();
@ -177,9 +191,11 @@ add_file(AuthenticationConnection *ac, const char *filename)
if (strcmp(pass, "") == 0) {
clear_pass();
xfree(comment);
buffer_free(&keyblob);
return -1;
}
private = key_load_private(filename, pass, &comment);
private = key_parse_private(&keyblob, filename, pass,
&comment);
if (private != NULL)
break;
clear_pass();
@ -187,6 +203,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
"Bad passphrase, try again for %.200s: ", comment);
}
}
buffer_free(&keyblob);
if (ssh_add_identity_constrained(ac, private, comment, lifetime,
confirm)) {
@ -372,7 +389,6 @@ main(int argc, char **argv)
sanitise_stdfd();
__progname = ssh_get_progname(argv[0]);
init_rng();
seed_rng();
OpenSSL_add_all_algorithms();

2
ssh-agent.0
View File

@ -120,4 +120,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.9 November 21, 2010 OpenBSD 4.9
OpenBSD 5.0 November 21, 2010 OpenBSD 5.0

9
ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1097,7 +1097,11 @@ cleanup_handler(int sig)
static void
check_parent_exists(void)
{
if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
/*
* If our parent has exited then getppid() will return (pid_t)1,
* so testing for that should be safe.
*/
if (parent_pid != -1 && getppid() != parent_pid) {
/* printf("Parent has died - Authentication agent exiting.\n"); */
cleanup_socket();
_exit(2);
@ -1154,7 +1158,6 @@ main(int ac, char **av)
OpenSSL_add_all_algorithms();
__progname = ssh_get_progname(av[0]);
init_rng();
seed_rng();
while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {

21
ssh-keygen.0
View File

@ -24,6 +24,7 @@ SYNOPSIS
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A
DESCRIPTION
ssh-keygen generates, manages and converts authentication keys for
@ -57,8 +58,8 @@ DESCRIPTION
the -p option.
There is no way to recover a lost passphrase. If the passphrase is lost
or forgotten, a new key must be generated and copied to the corresponding
public key to other machines.
or forgotten, a new key must be generated and the corresponding public
key copied to other machines.
For RSA1 keys, there is also a comment field in the key file that is only
for convenience to the user to help identify the key. The comment can
@ -71,6 +72,12 @@ DESCRIPTION
The options are as follows:
-A For each of the key types (rsa1, rsa, dsa and ecdsa) for which
host keys do not exist, generate the host keys with the default
key file path, an empty passphrase, default bits for the key
type, and default comment. This is used by /etc/rc to generate
new host keys.
-a trials
Specifies the number of primality tests to perform when screening
DH-GEX candidates using the -T command.
@ -82,7 +89,11 @@ DESCRIPTION
Specifies the number of bits in the key to create. For RSA keys,
the minimum size is 768 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2.
exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
the -b flag determines they key length by selecting from one of
three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
use bit lengths other than these three values for ECDSA keys will
fail.
-C comment
Provides a new comment.
@ -231,7 +242,7 @@ DESCRIPTION
containing the private key, for the old passphrase, and twice for
the new passphrase.
-q Silence ssh-keygen. Used by /etc/rc when creating a new key.
-q Silence ssh-keygen.
-R hostname
Removes all keys belonging to hostname from a known_hosts file.
@ -440,4 +451,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
OpenBSD 5.0 April 13, 2011 OpenBSD 5.0

27
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.106 2011/04/13 04:09:37 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: October 28 2010 $
.Dd $Mdocdate: April 13 2011 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@ -117,6 +117,8 @@
.Nm ssh-keygen
.Fl L
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl A
.Ek
.Sh DESCRIPTION
.Nm
@ -173,9 +175,8 @@ The passphrase can be changed later by using the
option.
.Pp
There is no way to recover a lost passphrase.
If the passphrase is
lost or forgotten, a new key must be generated and copied to the
corresponding public key to other machines.
If the passphrase is lost or forgotten, a new key must be generated
and the corresponding public key copied to other machines.
.Pp
For RSA1 keys,
there is also a comment field in the key file that is only for
@ -192,6 +193,13 @@ should be placed to be activated.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl A
For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
do not exist, generate the host keys with the default key file path,
an empty passphrase, default bits for the key type, and default comment.
This is used by
.Pa /etc/rc
to generate new host keys.
.It Fl a Ar trials
Specifies the number of primality tests to perform when screening DH-GEX
candidates using the
@ -204,6 +212,12 @@ Specifies the number of bits in the key to create.
For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
For ECDSA keys, the
.Fl b
flag determines they key length by selecting from one of three elliptic
curve sizes: 256, 384 or 521 bits.
Attempting to use bit lengths other than these three values for ECDSA keys
will fail.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
@ -393,9 +407,6 @@ new passphrase.
.It Fl q
Silence
.Nm ssh-keygen .
Used by
.Pa /etc/rc
when creating a new key.
.It Fl R Ar hostname
Removes all keys belonging to
.Ar hostname

181
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.205 2011/01/11 06:13:10 djm Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.210 2011/04/18 00:46:05 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -49,10 +49,7 @@
#include "hostfile.h"
#include "dns.h"
#include "ssh2.h"
#ifdef ENABLE_PKCS11
#include "ssh-pkcs11.h"
#endif
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
#define DEFAULT_BITS 2048
@ -159,6 +156,38 @@ char hostname[MAXHOSTNAMELEN];
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
static void
type_bits_valid(int type, u_int32_t *bitsp)
{
u_int maxbits;
if (type == KEY_UNSPEC) {
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
if (*bitsp == 0) {
if (type == KEY_DSA)
*bitsp = DEFAULT_BITS_DSA;
else if (type == KEY_ECDSA)
*bitsp = DEFAULT_BITS_ECDSA;
else
*bitsp = DEFAULT_BITS;
}
maxbits = (type == KEY_DSA) ?
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
if (*bitsp > maxbits) {
fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
exit(1);
}
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
else if (type != KEY_ECDSA && *bitsp < 768)
fatal("Key must at least be 768 bits");
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
fatal("Invalid ECDSA key length - valid lengths are "
"256, 384 or 521 bits");
}
static void
ask_filename(struct passwd *pw, const char *prompt)
{
@ -817,6 +846,98 @@ do_fingerprint(struct passwd *pw)
exit(0);
}
static void
do_gen_all_hostkeys(struct passwd *pw)
{
struct {
char *key_type;
char *key_type_display;
char *path;
} key_types[] = {
{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
{ NULL, NULL, NULL }
};
int first = 0;
struct stat st;
Key *private, *public;
char comment[1024];
int i, type, fd;
FILE *f;
for (i = 0; key_types[i].key_type; i++) {
if (stat(key_types[i].path, &st) == 0)
continue;
if (errno != ENOENT) {
printf("Could not stat %s: %s", key_types[i].path,
strerror(errno));
first = 0;
continue;
}
if (first == 0) {
first = 1;
printf("%s: generating new host keys: ", __progname);
}
printf("%s ", key_types[i].key_type_display);
fflush(stdout);
arc4random_stir();
type = key_type_from_name(key_types[i].key_type);
strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
bits = 0;
type_bits_valid(type, &bits);
private = key_generate(type, bits);
if (private == NULL) {
fprintf(stderr, "key_generate failed\n");
first = 0;
continue;
}
public = key_from_private(private);
snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
hostname);
if (!key_save_private(private, identity_file, "", comment)) {
printf("Saving the key failed: %s.\n", identity_file);
key_free(private);
key_free(public);
first = 0;
continue;
}
key_free(private);
arc4random_stir();
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
printf("Could not save your public key in %s\n",
identity_file);
key_free(public);
first = 0;
continue;
}
f = fdopen(fd, "w");
if (f == NULL) {
printf("fdopen %s failed\n", identity_file);
key_free(public);
first = 0;
continue;
}
if (!key_write(public, f)) {
fprintf(stderr, "write key failed\n");
key_free(public);
first = 0;
continue;
}
fprintf(f, " %s\n", comment);
fclose(f);
key_free(public);
}
if (first != 0)
printf("\n");
}
static void
printhost(FILE *f, const char *name, Key *public, int ca, int hash)
{
@ -1329,6 +1450,9 @@ prepare_options_buf(Buffer *c, int which)
if ((which & OPTIONS_CRITICAL) != 0 &&
certflags_command != NULL)
add_string_option(c, "force-command", certflags_command);
if ((which & OPTIONS_EXTENSIONS) != 0 &&
(certflags_flags & CERTOPT_X_FWD) != 0)
add_flag_option(c, "permit-X11-forwarding");
if ((which & OPTIONS_EXTENSIONS) != 0 &&
(certflags_flags & CERTOPT_AGENT_FWD) != 0)
add_flag_option(c, "permit-agent-forwarding");
@ -1341,9 +1465,6 @@ prepare_options_buf(Buffer *c, int which)
if ((which & OPTIONS_EXTENSIONS) != 0 &&
(certflags_flags & CERTOPT_USER_RC) != 0)
add_flag_option(c, "permit-user-rc");
if ((which & OPTIONS_EXTENSIONS) != 0 &&
(certflags_flags & CERTOPT_X_FWD) != 0)
add_flag_option(c, "permit-X11-forwarding");
if ((which & OPTIONS_CRITICAL) != 0 &&
certflags_src_addr != NULL)
add_string_option(c, "source-address", certflags_src_addr);
@ -1593,7 +1714,7 @@ add_cert_option(char *opt)
{
char *val;
if (strcmp(opt, "clear") == 0)
if (strcasecmp(opt, "clear") == 0)
certflags_flags = 0;
else if (strcasecmp(opt, "no-x11-forwarding") == 0)
certflags_flags &= ~CERTOPT_X_FWD;
@ -1745,6 +1866,7 @@ usage(void)
{
fprintf(stderr, "usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
fprintf(stderr, " -A Generate non-existent host keys for all key types.\n");
fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
fprintf(stderr, " -b bits Number of bits in the key to create.\n");
@ -1799,9 +1921,9 @@ main(int argc, char **argv)
struct passwd *pw;
struct stat st;
int opt, type, fd;
u_int maxbits;
u_int32_t memory = 0, generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0;
int gen_all_hostkeys = 0;
BIGNUM *start = NULL;
FILE *f;
const char *errstr;
@ -1817,7 +1939,6 @@ main(int argc, char **argv)
OpenSSL_add_all_algorithms();
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
init_rng();
seed_rng();
/* we need this for the home * directory. */
@ -1831,9 +1952,12 @@ main(int argc, char **argv)
exit(1);
}
while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
switch (opt) {
case 'A':
gen_all_hostkeys = 1;
break;
case 'b':
bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr);
if (errstr)
@ -1928,9 +2052,6 @@ main(int argc, char **argv)
case 'y':
print_public = 1;
break;
case 'd':
key_type_name = "dsa";
break;
case 's':
ca_key_path = optarg;
break;
@ -2109,37 +2230,19 @@ main(int argc, char **argv)
return (0);
}
if (gen_all_hostkeys) {
do_gen_all_hostkeys(pw);
return (0);
}
arc4random_stir();
if (key_type_name == NULL)
key_type_name = "rsa";
type = key_type_from_name(key_type_name);
if (type == KEY_UNSPEC) {
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
if (bits == 0) {
if (type == KEY_DSA)
bits = DEFAULT_BITS_DSA;
else if (type == KEY_ECDSA)
bits = DEFAULT_BITS_ECDSA;
else
bits = DEFAULT_BITS;
}
maxbits = (type == KEY_DSA) ?
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
if (bits > maxbits) {
fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
exit(1);
}
if (type == KEY_DSA && bits != 1024)
fatal("DSA keys must be 1024 bits");
else if (type != KEY_ECDSA && bits < 768)
fatal("Key must at least be 768 bits");
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1)
fatal("Invalid ECDSA key length - valid lengths are "
"256, 384 or 521 bits");
type_bits_valid(type, &bits);
if (!quiet)
printf("Generating public/private %s key pair.\n", key_type_name);
private = key_generate(type, bits);

2
ssh-keyscan.0
View File

@ -106,4 +106,4 @@ BUGS
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
OpenBSD 4.9 August 31, 2010 OpenBSD 4.9
OpenBSD 5.0 August 31, 2010 OpenBSD 5.0

5
ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.84 2011/01/04 20:44:13 otto Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.85 2011/03/15 10:36:02 okan Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -535,7 +535,7 @@ conloop(void)
seltime.tv_sec--;
}
} else
seltime.tv_sec = seltime.tv_usec = 0;
timerclear(&seltime);
r = xcalloc(read_wait_nfdset, sizeof(fd_mask));
e = xcalloc(read_wait_nfdset, sizeof(fd_mask));
@ -620,7 +620,6 @@ main(int argc, char **argv)
extern char *optarg;
__progname = ssh_get_progname(argv[0]);
init_rng();
seed_rng();
TAILQ_INIT(&tq);

2
ssh-keysign.0
View File

@ -48,4 +48,4 @@ HISTORY
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 4.9 August 31, 2010 OpenBSD 4.9
OpenBSD 5.0 August 31, 2010 OpenBSD 5.0

24
ssh-keysign.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keysign.c,v 1.35 2010/08/31 12:33:38 djm Exp $ */
/* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@ -150,9 +150,10 @@ main(int argc, char **argv)
{
Buffer b;
Options options;
Key *keys[2], *key = NULL;
#define NUM_KEYTYPES 3
Key *keys[NUM_KEYTYPES], *key = NULL;
struct passwd *pw;
int key_fd[2], i, found, version = 2, fd;
int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
u_char *signature, *data;
char *host;
u_int slen, dlen;
@ -165,8 +166,10 @@ main(int argc, char **argv)
if (fd > 2)
close(fd);
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
i = 0;
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
original_real_uid = getuid(); /* XXX readconf.c needs this */
if ((pw = getpwuid(original_real_uid)) == NULL)
@ -175,7 +178,6 @@ main(int argc, char **argv)
permanently_set_uid(pw);
init_rng();
seed_rng();
arc4random_stir();
@ -191,7 +193,11 @@ main(int argc, char **argv)
fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE);
if (key_fd[0] == -1 && key_fd[1] == -1)
for (i = found = 0; i < NUM_KEYTYPES; i++) {
if (key_fd[i] != -1)
found = 1;
}
if (found == 0)
fatal("could not open any host key");
OpenSSL_add_all_algorithms();
@ -200,7 +206,7 @@ main(int argc, char **argv)
RAND_seed(rnd, sizeof(rnd));
found = 0;
for (i = 0; i < 2; i++) {
for (i = 0; i < NUM_KEYTYPES; i++) {
keys[i] = NULL;
if (key_fd[i] == -1)
continue;
@ -230,7 +236,7 @@ main(int argc, char **argv)
xfree(host);
found = 0;
for (i = 0; i < 2; i++) {
for (i = 0; i < NUM_KEYTYPES; i++) {
if (keys[i] != NULL &&
key_equal_public(key, keys[i])) {
found = 1;

2
ssh-pkcs11-helper.0
View File

@ -22,4 +22,4 @@ HISTORY
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 4.9 February 10, 2010 OpenBSD 4.9
OpenBSD 5.0 February 10, 2010 OpenBSD 5.0

1
ssh-pkcs11-helper.c
View File

@ -280,7 +280,6 @@ main(int argc, char **argv)
TAILQ_INIT(&pkcs11_keylist);
pkcs11_init(0);
init_rng();
seed_rng();
__progname = ssh_get_progname(argv[0]);

14
ssh-pkcs11.c
View File

@ -590,4 +590,18 @@ pkcs11_add_provider(char *provider_id, char *pin, Key ***keyp)
return (-1);
}
#else
int
pkcs11_init(int interactive)
{
return (0);
}
void
pkcs11_terminate(void)
{
return;
}
#endif /* ENABLE_PKCS11 */

23
ssh-sandbox.h Normal file
View File

@ -0,0 +1,23 @@
/* $OpenBSD: ssh-sandbox.h,v 1.1 2011/06/23 09:34:13 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
struct ssh_sandbox;
struct ssh_sandbox *ssh_sandbox_init(void);
void ssh_sandbox_child(struct ssh_sandbox *);
void ssh_sandbox_parent_finish(struct ssh_sandbox *);
void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);

13
ssh.0
View File

@ -202,8 +202,9 @@ DESCRIPTION
the -O option is specified, the ctl_cmd argument is interpreted
and passed to the master process. Valid commands are: ``check''
(check that the master process is running), ``forward'' (request
forwardings without command execution) and ``exit'' (request the
master to exit).
forwardings without command execution), ``exit'' (request the
master to exit), and ``stop'' (request the master to stop
accepting further multiplexing requests).
-o option
Can be used to give options in the format used in the
@ -263,6 +264,7 @@ DESCRIPTION
PubkeyAuthentication
RekeyLimit
RemoteForward
RequestTTY
RhostsRSAAuthentication
RSAAuthentication
SendEnv
@ -389,8 +391,9 @@ AUTHENTICATION
support similar authentication methods, but protocol 2 is the default
since it provides additional mechanisms for confidentiality (the traffic
is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and
integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160). Protocol 1
lacks a strong mechanism for ensuring the integrity of the connection.
integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64,
hmac-ripemd160). Protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection.
The methods available for authentication are: GSSAPI-based
authentication, host-based authentication, public key authentication,
@ -895,4 +898,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.9 November 18, 2010 OpenBSD 4.9
OpenBSD 5.0 August 2, 2011 OpenBSD 5.0

Some files were not shown because too many files have changed in this diff Show More