d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade to OpenSSH 6.9p1.

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2016-01-19 18:55:44 +00:00
commit 557f75e54a
115 changed files with 3880 additions and 2313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2713
crypto/openssh/ChangeLog
View File

File diff suppressed because it is too large Load Diff

4
crypto/openssh/PROTOCOL
View File

@ -175,7 +175,7 @@ whitelisted to receive this message upon request.
OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
channel type. This channel type supports forwarding of network packets
with datagram boundaries intact between endpoints equipped with
with datagram boundaries intact between endpoints equipped with
interfaces like the BSD tun(4) device. Tunnel forwarding channels are
requested by the client with the following packet:
@ -453,4 +453,4 @@ respond with a SSH_FXP_STATUS message.
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $
$OpenBSD: PROTOCOL,v 1.28 2015/05/08 03:56:51 djm Exp $

4
crypto/openssh/PROTOCOL.agent
View File

@ -413,7 +413,7 @@ It may be requested using this message:
"rsa_e" and "rsa_n" are used to identify which private key to use.
"encrypted_challenge" is a challenge blob that has (presumably)
been encrypted with the public key and must be in the range
been encrypted with the public key and must be in the range
1 <= encrypted_challenge < 2^256. "session_id" is the SSH protocol 1
session ID (computed from the server host key, the server semi-ephemeral
key and the session cookie).
@ -557,4 +557,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys.
SSH_AGENT_CONSTRAIN_LIFETIME 1
SSH_AGENT_CONSTRAIN_CONFIRM 2
$OpenBSD: PROTOCOL.agent,v 1.7 2013/01/02 00:33:49 djm Exp $
$OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $

2
crypto/openssh/README
View File

@ -1,4 +1,4 @@
See http://www.openssh.com/txt/release-6.8 for the release notes.
See http://www.openssh.com/txt/release-6.9 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html

2
crypto/openssh/auth-chall.c
View File

@ -30,8 +30,6 @@
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"

25
crypto/openssh/auth-options.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.65 2015/01/14 10:30:34 markus Exp $ */
/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -209,8 +209,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
goto next_option;
}
cp = "environment=\"";
if (options.permit_user_env &&
strncasecmp(opts, cp, strlen(cp)) == 0) {
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
char *s;
struct envstring *new_envstring;
@ -236,13 +235,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
goto bad_option;
}
s[i] = '\0';
auth_debug_add("Adding to environment: %.900s", s);
debug("Adding to environment: %.900s", s);
opts++;
new_envstring = xcalloc(1, sizeof(struct envstring));
new_envstring->s = s;
new_envstring->next = custom_environment;
custom_environment = new_envstring;
if (options.permit_user_env) {
auth_debug_add("Adding to environment: "
"%.900s", s);
debug("Adding to environment: %.900s", s);
new_envstring = xcalloc(1,
sizeof(*new_envstring));
new_envstring->s = s;
new_envstring->next = custom_environment;
custom_environment = new_envstring;
s = NULL;
}
free(s);
goto next_option;
}
cp = "from=\"";
@ -603,7 +608,7 @@ auth_cert_options(struct sshkey *k, struct passwd *pw)
&cert_source_address_done) == -1)
return -1;
if (parse_option_list(k->cert->extensions, pw,
OPTIONS_EXTENSIONS, 1,
OPTIONS_EXTENSIONS, 0,
&cert_no_port_forwarding_flag,
&cert_no_agent_forwarding_flag,
&cert_no_x11_forwarding_flag,

4
crypto/openssh/auth-pam.c
View File

@ -738,7 +738,7 @@ sshpam_query(void *ctx, char **name, char **info,
case PAM_PROMPT_ECHO_OFF:
*num = 1;
len = plen + mlen + 1;
**prompts = xrealloc(**prompts, 1, len);
**prompts = xreallocarray(**prompts, 1, len);
strlcpy(**prompts + plen, msg, len - plen);
plen += mlen;
**echo_on = (type == PAM_PROMPT_ECHO_ON);
@ -748,7 +748,7 @@ sshpam_query(void *ctx, char **name, char **info,
case PAM_TEXT_INFO:
/* accumulate messages */
len = plen + mlen + 2;
**prompts = xrealloc(**prompts, 1, len);
**prompts = xreallocarray(**prompts, 1, len);
strlcpy(**prompts + plen, msg, len - plen);
plen += mlen;
strlcat(**prompts + plen, "\n", len - plen);

5
crypto/openssh/auth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.c,v 1.110 2015/02/25 17:29:38 djm Exp $ */
/* $OpenBSD: auth.c,v 1.111 2015/05/01 04:17:51 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -401,8 +401,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
char *
authorized_principals_file(struct passwd *pw)
{
if (options.authorized_principals_file == NULL ||
strcasecmp(options.authorized_principals_file, "none") == 0)
if (options.authorized_principals_file == NULL)
return NULL;
return expand_authorized_keys(options.authorized_principals_file, pw);
}

6
crypto/openssh/auth.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.82 2015/02/16 22:13:32 djm Exp $ */
/* $OpenBSD: auth.h,v 1.84 2015/05/08 06:41:56 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -56,7 +56,7 @@ struct Authctxt {
int valid; /* user exists and is allowed to login */
int attempt;
int failures;
int server_caused_failure;
int server_caused_failure;
int force_pwchange;
char *user; /* username sent by the client */
char *service;
@ -126,7 +126,7 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
int user_key_allowed(struct passwd *, Key *, int);
void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
__attribute__((__format__ (printf, 3, 4)));
void auth2_record_userkey(Authctxt *, struct sshkey *);

5
crypto/openssh/auth2-hostbased.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -109,8 +109,7 @@ userauth_hostbased(Authctxt *authctxt)
goto done;
}
if (match_pattern_list(sshkey_ssh_name(key),
options.hostbased_key_types,
strlen(options.hostbased_key_types), 0) != 1) {
options.hostbased_key_types, 0) != 1) {
logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
__func__, sshkey_type(key));
goto done;

633
crypto/openssh/auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -65,6 +65,9 @@
#include "monitor_wrap.h"
#include "authfile.h"
#include "match.h"
#include "ssherr.h"
#include "channels.h" /* XXX for session.h */
#include "session.h" /* XXX for child_set_env(); refactor? */
/* import */
extern ServerOptions options;
@ -127,8 +130,8 @@ userauth_pubkey(Authctxt *authctxt)
logit("refusing previously-used %s key", key_type(key));
goto done;
}
if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,
strlen(options.pubkey_key_types), 0) != 1) {
if (match_pattern_list(sshkey_ssh_name(key),
options.pubkey_key_types, 0) != 1) {
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
__func__, sshkey_ssh_name(key));
goto done;
@ -169,7 +172,7 @@ userauth_pubkey(Authctxt *authctxt)
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1) {
authenticated = 1;
@ -191,7 +194,7 @@ userauth_pubkey(Authctxt *authctxt)
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
@ -248,6 +251,288 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
free(extra);
}
/*
* Splits 's' into an argument vector. Handles quoted string and basic
* escape characters (\\, \", \'). Caller must free the argument vector
* and its members.
*/
static int
split_argv(const char *s, int *argcp, char ***argvp)
{
int r = SSH_ERR_INTERNAL_ERROR;
int argc = 0, quote, i, j;
char *arg, **argv = xcalloc(1, sizeof(*argv));
*argvp = NULL;
*argcp = 0;
for (i = 0; s[i] != '\0'; i++) {
/* Skip leading whitespace */
if (s[i] == ' ' || s[i] == '\t')
continue;
/* Start of a token */
quote = 0;
if (s[i] == '\\' &&
(s[i + 1] == '\'' || s[i + 1] == '\"' || s[i + 1] == '\\'))
i++;
else if (s[i] == '\'' || s[i] == '"')
quote = s[i++];
argv = xreallocarray(argv, (argc + 2), sizeof(*argv));
arg = argv[argc++] = xcalloc(1, strlen(s + i) + 1);
argv[argc] = NULL;
/* Copy the token in, removing escapes */
for (j = 0; s[i] != '\0'; i++) {
if (s[i] == '\\') {
if (s[i + 1] == '\'' ||
s[i + 1] == '\"' ||
s[i + 1] == '\\') {
i++; /* Skip '\' */
arg[j++] = s[i];
} else {
/* Unrecognised escape */
arg[j++] = s[i];
}
} else if (quote == 0 && (s[i] == ' ' || s[i] == '\t'))
break; /* done */
else if (quote != 0 && s[i] == quote)
break; /* done */
else
arg[j++] = s[i];
}
if (s[i] == '\0') {
if (quote != 0) {
/* Ran out of string looking for close quote */
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
break;
}
}
/* Success */
*argcp = argc;
*argvp = argv;
argc = 0;
argv = NULL;
r = 0;
out:
if (argc != 0 && argv != NULL) {
for (i = 0; i < argc; i++)
free(argv[i]);
free(argv);
}
return r;
}
/*
* Reassemble an argument vector into a string, quoting and escaping as
* necessary. Caller must free returned string.
*/
static char *
assemble_argv(int argc, char **argv)
{
int i, j, ws, r;
char c, *ret;
struct sshbuf *buf, *arg;
if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
for (i = 0; i < argc; i++) {
ws = 0;
sshbuf_reset(arg);
for (j = 0; argv[i][j] != '\0'; j++) {
r = 0;
c = argv[i][j];
switch (c) {
case ' ':
case '\t':
ws = 1;
r = sshbuf_put_u8(arg, c);
break;
case '\\':
case '\'':
case '"':
if ((r = sshbuf_put_u8(arg, '\\')) != 0)
break;
/* FALLTHROUGH */
default:
r = sshbuf_put_u8(arg, c);
break;
}
if (r != 0)
fatal("%s: sshbuf_put_u8: %s",
__func__, ssh_err(r));
}
if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) ||
(ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) ||
(r = sshbuf_putb(buf, arg)) != 0 ||
(ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0))
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
fatal("%s: malloc failed", __func__);
memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
ret[sshbuf_len(buf)] = '\0';
sshbuf_free(buf);
sshbuf_free(arg);
return ret;
}
/*
* Runs command in a subprocess. Returns pid on success and a FILE* to the
* subprocess' stdout or 0 on failure.
* NB. "command" is only used for logging.
*/
static pid_t
subprocess(const char *tag, struct passwd *pw, const char *command,
int ac, char **av, FILE **child)
{
FILE *f;
struct stat st;
int devnull, p[2], i;
pid_t pid;
char *cp, errmsg[512];
u_int envsize;
char **child_env;
*child = NULL;
debug3("%s: %s command \"%s\" running as %s", __func__,
tag, command, pw->pw_name);
/* Verify the path exists and is safe-ish to execute */
if (*av[0] != '/') {
error("%s path is not absolute", tag);
return 0;
}
temporarily_use_uid(pw);
if (stat(av[0], &st) < 0) {
error("Could not stat %s \"%s\": %s", tag,
av[0], strerror(errno));
restore_uid();
return 0;
}
if (auth_secure_path(av[0], &st, NULL, 0,
errmsg, sizeof(errmsg)) != 0) {
error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
restore_uid();
return 0;
}
/*
* Run the command; stderr is left in place, stdout is the
* authorized_keys output.
*/
if (pipe(p) != 0) {
error("%s: pipe: %s", tag, strerror(errno));
restore_uid();
return 0;
}
/*
* Don't want to call this in the child, where it can fatal() and
* run cleanup_exit() code.
*/
restore_uid();
switch ((pid = fork())) {
case -1: /* error */
error("%s: fork: %s", tag, strerror(errno));
close(p[0]);
close(p[1]);
return 0;
case 0: /* child */
/* Prepare a minimal environment for the child. */
envsize = 5;
child_env = xcalloc(sizeof(*child_env), envsize);
child_set_env(&child_env, &envsize, "PATH", _PATH_STDPATH);
child_set_env(&child_env, &envsize, "USER", pw->pw_name);
child_set_env(&child_env, &envsize, "LOGNAME", pw->pw_name);
child_set_env(&child_env, &envsize, "HOME", pw->pw_dir);
if ((cp = getenv("LANG")) != NULL)
child_set_env(&child_env, &envsize, "LANG", cp);
for (i = 0; i < NSIG; i++)
signal(i, SIG_DFL);
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
error("%s: open %s: %s", tag, _PATH_DEVNULL,
strerror(errno));
_exit(1);
}
/* Keep stderr around a while longer to catch errors */
if (dup2(devnull, STDIN_FILENO) == -1 ||
dup2(p[1], STDOUT_FILENO) == -1) {
error("%s: dup2: %s", tag, strerror(errno));
_exit(1);
}
closefrom(STDERR_FILENO + 1);
/* Don't use permanently_set_uid() here to avoid fatal() */
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
strerror(errno));
_exit(1);
}
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
strerror(errno));
_exit(1);
}
/* stdin is pointed to /dev/null at this point */
if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
error("%s: dup2: %s", tag, strerror(errno));
_exit(1);
}
execve(av[0], av, child_env);
error("%s exec \"%s\": %s", tag, command, strerror(errno));
_exit(127);
default: /* parent */
break;
}
close(p[1]);
if ((f = fdopen(p[0], "r")) == NULL) {
error("%s: fdopen: %s", tag, strerror(errno));
close(p[0]);
/* Don't leave zombie child */
kill(pid, SIGTERM);
while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
;
return 0;
}
/* Success */
debug3("%s: %s pid %ld", __func__, tag, (long)pid);
*child = f;
return pid;
}
/* Returns 0 if pid exited cleanly, non-zero otherwise */
static int
exited_cleanly(pid_t pid, const char *tag, const char *cmd)
{
int status;
while (waitpid(pid, &status, 0) == -1) {
if (errno != EINTR) {
error("%s: waitpid: %s", tag, strerror(errno));
return -1;
}
}
if (WIFSIGNALED(status)) {
error("%s %s exited on signal %d", tag, cmd, WTERMSIG(status));
return -1;
} else if (WEXITSTATUS(status) != 0) {
error("%s %s failed, status %d", tag, cmd, WEXITSTATUS(status));
return -1;
}
return 0;
}
static int
match_principals_option(const char *principal_list, struct sshkey_cert *cert)
{
@ -269,19 +554,13 @@ match_principals_option(const char *principal_list, struct sshkey_cert *cert)
}
static int
match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert)
process_principals(FILE *f, char *file, struct passwd *pw,
struct sshkey_cert *cert)
{
FILE *f;
char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
u_long linenum = 0;
u_int i;
temporarily_use_uid(pw);
debug("trying authorized principals file %s", file);
if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) {
restore_uid();
return 0;
}
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
/* Skip leading whitespace. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@ -309,23 +588,127 @@ match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert)
}
for (i = 0; i < cert->nprincipals; i++) {
if (strcmp(cp, cert->principals[i]) == 0) {
debug3("matched principal \"%.100s\" "
"from file \"%s\" on line %lu",
cert->principals[i], file, linenum);
debug3("%s:%lu: matched principal \"%.100s\"",
file == NULL ? "(command)" : file,
linenum, cert->principals[i]);
if (auth_parse_options(pw, line_opts,
file, linenum) != 1)
continue;
fclose(f);
restore_uid();
return 1;
}
}
}
fclose(f);
restore_uid();
return 0;
}
static int
match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert)
{
FILE *f;
int success;
temporarily_use_uid(pw);
debug("trying authorized principals file %s", file);
if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) {
restore_uid();
return 0;
}
success = process_principals(f, file, pw, cert);
fclose(f);
restore_uid();
return success;
}
/*
* Checks whether principal is allowed in output of command.
* returns 1 if the principal is allowed or 0 otherwise.
*/
static int
match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert)
{
FILE *f = NULL;
int ok, found_principal = 0;
struct passwd *pw;
int i, ac = 0, uid_swapped = 0;
pid_t pid;
char *tmp, *username = NULL, *command = NULL, **av = NULL;
void (*osigchld)(int);
if (options.authorized_principals_command == NULL)
return 0;
if (options.authorized_principals_command_user == NULL) {
error("No user for AuthorizedPrincipalsCommand specified, "
"skipping");
return 0;
}
/*
* NB. all returns later this function should go via "out" to
* ensure the original SIGCHLD handler is restored properly.
*/
osigchld = signal(SIGCHLD, SIG_DFL);
/* Prepare and verify the user for the command */
username = percent_expand(options.authorized_principals_command_user,
"u", user_pw->pw_name, (char *)NULL);
pw = getpwnam(username);
if (pw == NULL) {
error("AuthorizedPrincipalsCommandUser \"%s\" not found: %s",
username, strerror(errno));
goto out;
}
/* Turn the command into an argument vector */
if (split_argv(options.authorized_principals_command, &ac, &av) != 0) {
error("AuthorizedPrincipalsCommand \"%s\" contains "
"invalid quotes", command);
goto out;
}
if (ac == 0) {
error("AuthorizedPrincipalsCommand \"%s\" yielded no arguments",
command);
goto out;
}
for (i = 1; i < ac; i++) {
tmp = percent_expand(av[i],
"u", user_pw->pw_name,
"h", user_pw->pw_dir,
(char *)NULL);
if (tmp == NULL)
fatal("%s: percent_expand failed", __func__);
free(av[i]);
av[i] = tmp;
}
/* Prepare a printable command for logs, etc. */
command = assemble_argv(ac, av);
if ((pid = subprocess("AuthorizedPrincipalsCommand", pw, command,
ac, av, &f)) == 0)
goto out;
uid_swapped = 1;
temporarily_use_uid(pw);
ok = process_principals(f, NULL, pw, cert);
if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
goto out;
/* Read completed successfully */
found_principal = ok;
out:
if (f != NULL)
fclose(f);
signal(SIGCHLD, osigchld);
for (i = 0; i < ac; i++)
free(av[i]);
free(av);
if (uid_swapped)
restore_uid();
free(command);
free(username);
return found_principal;
}
/*
* Checks whether key is allowed in authorized_keys-format file,
* returns 1 if the key is allowed or 0 otherwise.
@ -448,7 +831,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
{
char *ca_fp, *principals_file = NULL;
const char *reason;
int ret = 0;
int ret = 0, found_principal = 0, use_authorized_principals;
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
return 0;
@ -470,17 +853,24 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
* against the username.
*/
if ((principals_file = authorized_principals_file(pw)) != NULL) {
if (!match_principals_file(principals_file, pw, key->cert)) {
reason = "Certificate does not contain an "
"authorized principal";
if (match_principals_file(principals_file, pw, key->cert))
found_principal = 1;
}
/* Try querying command if specified */
if (!found_principal && match_principals_command(pw, key->cert))
found_principal = 1;
/* If principals file or command is specified, then require a match */
use_authorized_principals = principals_file != NULL ||
options.authorized_principals_command != NULL;
if (!found_principal && use_authorized_principals) {
reason = "Certificate does not contain an authorized principal";
fail_reason:
error("%s", reason);
auth_debug_add("%s", reason);
goto out;
}
error("%s", reason);
auth_debug_add("%s", reason);
goto out;
}
if (key_cert_check_authority(key, 0, 1,
principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
goto fail_reason;
if (auth_cert_options(key, pw) != 0)
goto out;
@ -526,144 +916,117 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
static int
user_key_command_allowed2(struct passwd *user_pw, Key *key)
{
FILE *f;
int ok, found_key = 0;
FILE *f = NULL;
int r, ok, found_key = 0;
struct passwd *pw;
struct stat st;
int status, devnull, p[2], i;
int i, uid_swapped = 0, ac = 0;
pid_t pid;
char *username, errmsg[512];
char *username = NULL, *key_fp = NULL, *keytext = NULL;
char *tmp, *command = NULL, **av = NULL;
void (*osigchld)(int);
if (options.authorized_keys_command == NULL ||
options.authorized_keys_command[0] != '/')
if (options.authorized_keys_command == NULL)
return 0;
if (options.authorized_keys_command_user == NULL) {
error("No user for AuthorizedKeysCommand specified, skipping");
return 0;
}
/*
* NB. all returns later this function should go via "out" to
* ensure the original SIGCHLD handler is restored properly.
*/
osigchld = signal(SIGCHLD, SIG_DFL);
/* Prepare and verify the user for the command */
username = percent_expand(options.authorized_keys_command_user,
"u", user_pw->pw_name, (char *)NULL);
pw = getpwnam(username);
if (pw == NULL) {
error("AuthorizedKeysCommandUser \"%s\" not found: %s",
username, strerror(errno));
free(username);
return 0;
}
free(username);
temporarily_use_uid(pw);
if (stat(options.authorized_keys_command, &st) < 0) {
error("Could not stat AuthorizedKeysCommand \"%s\": %s",
options.authorized_keys_command, strerror(errno));
goto out;
}
if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,
errmsg, sizeof(errmsg)) != 0) {
error("Unsafe AuthorizedKeysCommand: %s", errmsg);
goto out;
}
if (pipe(p) != 0) {
error("%s: pipe: %s", __func__, strerror(errno));
/* Prepare AuthorizedKeysCommand */
if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
SSH_FP_DEFAULT)) == NULL) {
error("%s: sshkey_fingerprint failed", __func__);
goto out;
}
if ((r = sshkey_to_base64(key, &keytext)) != 0) {
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
goto out;
}
debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"",
options.authorized_keys_command, user_pw->pw_name, pw->pw_name);
/* Turn the command into an argument vector */
if (split_argv(options.authorized_keys_command, &ac, &av) != 0) {
error("AuthorizedKeysCommand \"%s\" contains invalid quotes",
command);
goto out;
}
if (ac == 0) {
error("AuthorizedKeysCommand \"%s\" yielded no arguments",
command);
goto out;
}
for (i = 1; i < ac; i++) {
tmp = percent_expand(av[i],
"u", user_pw->pw_name,
"h", user_pw->pw_dir,
"t", sshkey_ssh_name(key),
"f", key_fp,
"k", keytext,
(char *)NULL);
if (tmp == NULL)
fatal("%s: percent_expand failed", __func__);
free(av[i]);
av[i] = tmp;
}
/* Prepare a printable command for logs, etc. */
command = assemble_argv(ac, av);
/*
* Don't want to call this in the child, where it can fatal() and
* run cleanup_exit() code.
* If AuthorizedKeysCommand was run without arguments
* then fall back to the old behaviour of passing the
* target username as a single argument.
*/
restore_uid();
switch ((pid = fork())) {
case -1: /* error */
error("%s: fork: %s", __func__, strerror(errno));
close(p[0]);
close(p[1]);
return 0;
case 0: /* child */
for (i = 0; i < NSIG; i++)
signal(i, SIG_DFL);
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
error("%s: open %s: %s", __func__, _PATH_DEVNULL,
strerror(errno));
_exit(1);
}
/* Keep stderr around a while longer to catch errors */
if (dup2(devnull, STDIN_FILENO) == -1 ||
dup2(p[1], STDOUT_FILENO) == -1) {
error("%s: dup2: %s", __func__, strerror(errno));
_exit(1);
}
closefrom(STDERR_FILENO + 1);
/* Don't use permanently_set_uid() here to avoid fatal() */
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
error("setresgid %u: %s", (u_int)pw->pw_gid,
strerror(errno));
_exit(1);
}
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
error("setresuid %u: %s", (u_int)pw->pw_uid,
strerror(errno));
_exit(1);
}
/* stdin is pointed to /dev/null at this point */
if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
error("%s: dup2: %s", __func__, strerror(errno));
_exit(1);
}
execl(options.authorized_keys_command,
options.authorized_keys_command, user_pw->pw_name, NULL);
error("AuthorizedKeysCommand %s exec failed: %s",
options.authorized_keys_command, strerror(errno));
_exit(127);
default: /* parent */
break;
if (ac == 1) {
av = xreallocarray(av, ac + 2, sizeof(*av));
av[1] = xstrdup(user_pw->pw_name);
av[2] = NULL;
/* Fix up command too, since it is used in log messages */
free(command);
xasprintf(&command, "%s %s", av[0], av[1]);
}
if ((pid = subprocess("AuthorizedKeysCommand", pw, command,
ac, av, &f)) == 0)
goto out;
uid_swapped = 1;
temporarily_use_uid(pw);
close(p[1]);
if ((f = fdopen(p[0], "r")) == NULL) {
error("%s: fdopen: %s", __func__, strerror(errno));
close(p[0]);
/* Don't leave zombie child */
kill(pid, SIGTERM);
while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
;
goto out;
}
ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
fclose(f);
while (waitpid(pid, &status, 0) == -1) {
if (errno != EINTR) {
error("%s: waitpid: %s", __func__, strerror(errno));
goto out;
}
}
if (WIFSIGNALED(status)) {
error("AuthorizedKeysCommand %s exited on signal %d",
options.authorized_keys_command, WTERMSIG(status));
if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
goto out;
} else if (WEXITSTATUS(status) != 0) {
error("AuthorizedKeysCommand %s returned status %d",
options.authorized_keys_command, WEXITSTATUS(status));
goto out;
}
/* Read completed successfully */
found_key = ok;
out:
restore_uid();
if (f != NULL)
fclose(f);
signal(SIGCHLD, osigchld);
for (i = 0; i < ac; i++)
free(av[i]);
free(av);
if (uid_swapped)
restore_uid();
free(command);
free(username);
free(key_fp);
free(keytext);
return found_key;
}
@ -671,7 +1034,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
* Check whether key authenticates and authorises the user.
*/
int
user_key_allowed(struct passwd *pw, Key *key)
user_key_allowed(struct passwd *pw, Key *key, int auth_attempt)
{
u_int success, i;
char *file;

8
crypto/openssh/authfd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.c,v 1.94 2015/01/14 20:05:27 djm Exp $ */
/* $OpenBSD: authfd.c,v 1.97 2015/03/26 19:32:19 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -438,10 +438,8 @@ ssh_agent_sign(int sock, struct sshkey *key,
u_int flags = 0;
int r = SSH_ERR_INTERNAL_ERROR;
if (sigp != NULL)
*sigp = NULL;
if (lenp != NULL)
*lenp = 0;
*sigp = NULL;
*lenp = 0;
if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
return SSH_ERR_INVALID_ARGUMENT;

6
crypto/openssh/authfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfile.c,v 1.111 2015/02/23 16:55:51 djm Exp $ */
/* $OpenBSD: authfile.c,v 1.114 2015/04/17 13:32:09 djm Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
@ -186,7 +186,7 @@ sshkey_perm_ok(int fd, const char *filename)
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
error("It is recommended that your private key files are NOT accessible by others.");
error("It is required that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return SSH_ERR_KEY_BAD_PERMISSIONS;
}
@ -359,6 +359,8 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
case 0:
return r;
}
#else /* WITH_SSH1 */
close(fd);
#endif /* WITH_SSH1 */
/* try ssh2 public key */

63
crypto/openssh/channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */
/* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -162,6 +162,9 @@ static char *x11_saved_proto = NULL;
static char *x11_saved_data = NULL;
static u_int x11_saved_data_len = 0;
/* Deadline after which all X11 connections are refused */
static u_int x11_refuse_time;
/*
* Fake X11 authentication data. This is what the server will be sending us;
* we should replace any occurrences of this by the real data.
@ -307,7 +310,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
if (channels_alloc > 10000)
fatal("channel_new: internal error: channels_alloc %d "
"too big.", channels_alloc);
channels = xrealloc(channels, channels_alloc + 10,
channels = xreallocarray(channels, channels_alloc + 10,
sizeof(Channel *));
channels_alloc += 10;
debug2("channel: expanding %d", channels_alloc);
@ -913,6 +916,13 @@ x11_open_helper(Buffer *b)
u_char *ucp;
u_int proto_len, data_len;
/* Is this being called after the refusal deadline? */
if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
verbose("Rejected X11 connection after ForwardX11Timeout "
"expired");
return -1;
}
/* Check if the fixed size part of the packet is in buffer. */
if (buffer_len(b) < 12)
return 0;
@ -1484,6 +1494,12 @@ channel_set_reuseaddr(int fd)
error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
}
void
channel_set_x11_refuse_time(u_int refuse_time)
{
x11_refuse_time = refuse_time;
}
/*
* This socket is listening for connections to a forwarded TCP/IP port.
*/
@ -2193,8 +2209,8 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
/* perhaps check sz < nalloc/2 and shrink? */
if (*readsetp == NULL || sz > *nallocp) {
*readsetp = xrealloc(*readsetp, nfdset, sizeof(fd_mask));
*writesetp = xrealloc(*writesetp, nfdset, sizeof(fd_mask));
*readsetp = xreallocarray(*readsetp, nfdset, sizeof(fd_mask));
*writesetp = xreallocarray(*writesetp, nfdset, sizeof(fd_mask));
*nallocp = sz;
}
*maxfdp = n;
@ -2271,7 +2287,7 @@ channel_output_poll(void)
packet_put_int(c->remote_id);
packet_put_string(data, dlen);
packet_send();
c->remote_window -= dlen + 4;
c->remote_window -= dlen;
free(data);
}
continue;
@ -2642,7 +2658,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
{
Channel *c;
int id;
u_int adjust;
u_int adjust, tmp;
if (!compat20)
return 0;
@ -2658,7 +2674,10 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
adjust = packet_get_int();
packet_check_eom();
debug2("channel %d: rcvd adjust %u", id, adjust);
c->remote_window += adjust;
if ((tmp = c->remote_window + adjust) < c->remote_window)
fatal("channel %d: adjust %u overflows remote window %u",
id, adjust, c->remote_window);
c->remote_window = tmp;
return 0;
}
@ -2806,17 +2825,21 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
in_port_t *lport_p;
host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
fwd->listen_host : fwd->connect_host;
is_client = (type == SSH_CHANNEL_PORT_LISTENER);
if (host == NULL) {
error("No forward host name.");
return 0;
}
if (strlen(host) >= NI_MAXHOST) {
error("Forward host name too long.");
return 0;
if (is_client && fwd->connect_path != NULL) {
host = fwd->connect_path;
} else {
host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
fwd->listen_host : fwd->connect_host;
if (host == NULL) {
error("No forward host name.");
return 0;
}
if (strlen(host) >= NI_MAXHOST) {
error("Forward host name too long.");
return 0;
}
}
/* Determine the bind address, cf. channel_fwd_bind_addr() comment */
@ -3238,7 +3261,7 @@ channel_request_remote_forwarding(struct Forward *fwd)
}
if (success) {
/* Record that connection to this host/port is permitted. */
permitted_opens = xrealloc(permitted_opens,
permitted_opens = xreallocarray(permitted_opens,
num_permitted_opens + 1, sizeof(*permitted_opens));
idx = num_permitted_opens++;
if (fwd->connect_path != NULL) {
@ -3469,7 +3492,7 @@ channel_add_permitted_opens(char *host, int port)
{
debug("allow port forwarding to host %s port %d", host, port);
permitted_opens = xrealloc(permitted_opens,
permitted_opens = xreallocarray(permitted_opens,
num_permitted_opens + 1, sizeof(*permitted_opens));
permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
permitted_opens[num_permitted_opens].port_to_connect = port;
@ -3519,7 +3542,7 @@ channel_add_adm_permitted_opens(char *host, int port)
{
debug("config allows port forwarding to host %s port %d", host, port);
permitted_adm_opens = xrealloc(permitted_adm_opens,
permitted_adm_opens = xreallocarray(permitted_adm_opens,
num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens));
permitted_adm_opens[num_adm_permitted_opens].host_to_connect
= xstrdup(host);
@ -3534,7 +3557,7 @@ void
channel_disable_adm_local_opens(void)
{
channel_clear_adm_permitted_opens();
permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens));
permitted_adm_opens = xcalloc(sizeof(*permitted_adm_opens), 1);
permitted_adm_opens[num_adm_permitted_opens].host_to_connect = NULL;
num_adm_permitted_opens = 1;
}

5
crypto/openssh/channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.116 2015/01/19 20:07:45 markus Exp $ */
/* $OpenBSD: channels.h,v 1.118 2015/07/01 02:26:31 djm Exp $ */
/* $FreeBSD$ */
/*
@ -114,7 +114,7 @@ struct Channel {
time_t notbefore; /* Pause IO until deadline (time_t) */
int delayed; /* post-select handlers for newly created
* channels are delayed until the first call
* to a matching pre-select handler.
* to a matching pre-select handler.
* this way post-select handlers are not
* accidentally called if a FD gets reused */
Buffer input; /* data read from socket, to be sent over
@ -285,6 +285,7 @@ int permitopen_port(const char *);
/* x11 forwarding */
void channel_set_x11_refuse_time(u_int);
int x11_connect_display(void);
int x11_create_display_inet(int, int, int, u_int *, int **);
int x11_input_open(int, u_int32_t, void *);

32
crypto/openssh/clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.274 2015/07/01 02:26:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -164,7 +164,7 @@ static int connection_in; /* Connection to server (input). */
static int connection_out; /* Connection to server (output). */
static int need_rekeying; /* Set to non-zero if rekeying is requested. */
static int session_closed; /* In SSH2: login session closed. */
static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */
static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */
static void client_init_dispatch(void);
int session_ident = -1;
@ -299,7 +299,8 @@ client_x11_display_valid(const char *display)
return 1;
}
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
#define X11_TIMEOUT_SLACK 60
void
client_x11_get_proto(const char *display, const char *xauth_path,
u_int trusted, u_int timeout, char **_proto, char **_data)
@ -312,7 +313,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
int got_data = 0, generated = 0, do_unlink = 0, i;
char *xauthdir, *xauthfile;
struct stat st;
u_int now;
u_int now, x11_timeout_real;
xauthdir = xauthfile = NULL;
*_proto = proto;
@ -345,6 +346,15 @@ client_x11_get_proto(const char *display, const char *xauth_path,
xauthdir = xmalloc(PATH_MAX);
xauthfile = xmalloc(PATH_MAX);
mktemp_proto(xauthdir, PATH_MAX);
/*
* The authentication cookie should briefly outlive
* ssh's willingness to forward X11 connections to
* avoid nasty fail-open behaviour in the X server.
*/
if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
x11_timeout_real = UINT_MAX;
else
x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
if (mkdtemp(xauthdir) != NULL) {
do_unlink = 1;
snprintf(xauthfile, PATH_MAX, "%s/xauthfile",
@ -352,17 +362,20 @@ client_x11_get_proto(const char *display, const char *xauth_path,
snprintf(cmd, sizeof(cmd),
"%s -f %s generate %s " SSH_X11_PROTO
" untrusted timeout %u 2>" _PATH_DEVNULL,
xauth_path, xauthfile, display, timeout);
xauth_path, xauthfile, display,
x11_timeout_real);
debug2("x11_get_proto: %s", cmd);
if (system(cmd) == 0)
generated = 1;
if (x11_refuse_time == 0) {
now = monotime() + 1;
if (UINT_MAX - timeout < now)
x11_refuse_time = UINT_MAX;
else
x11_refuse_time = now + timeout;
channel_set_x11_refuse_time(
x11_refuse_time);
}
if (system(cmd) == 0)
generated = 1;
}
}
@ -1890,7 +1903,7 @@ client_request_x11(const char *request_type, int rchan)
"malicious server.");
return NULL;
}
if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
verbose("Rejected X11 connection after ForwardX11Timeout "
"expired");
return NULL;
@ -2353,8 +2366,7 @@ client_input_hostkeys(void)
/* Check that the key is accepted in HostkeyAlgorithms */
if (options.hostkeyalgorithms != NULL &&
match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms,
strlen(options.hostkeyalgorithms), 0) != 1) {
options.hostkeyalgorithms, 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;

51
crypto/openssh/compat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.c,v 1.87 2015/01/19 20:20:20 markus Exp $ */
/* $OpenBSD: compat.c,v 1.94 2015/05/26 23:23:40 dtucker Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@ -153,6 +153,7 @@ compat_datafellows(const char *version)
"1.2.22*", SSH_BUG_IGNOREMSG },
{ "1.3.2*", /* F-Secure */
SSH_BUG_IGNOREMSG },
{ "Cisco-1.*", SSH_BUG_DHGEX_LARGE },
{ "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
{ "*OSU_0*,"
@ -166,15 +167,34 @@ compat_datafellows(const char *version)
"OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
{ "*SSH_Version_Mapper*",
SSH_BUG_SCANNER },
{ "PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */
"PuTTY_Release_0.5*," /* 0.58-0.59 */
"PuTTY_Release_0.60*,"
"PuTTY_Release_0.61*,"
"PuTTY_Release_0.62*,"
"PuTTY_Release_0.63*,"
"PuTTY_Release_0.64*",
SSH_OLD_DHGEX },
{ "Probe-*",
SSH_BUG_PROBE },
{ "TeraTerm SSH*,"
"TTSSH/1.5.*,"
"TTSSH/2.1*,"
"TTSSH/2.2*,"
"TTSSH/2.3*,"
"TTSSH/2.4*,"
"TTSSH/2.5*,"
"TTSSH/2.6*,"
"TTSSH/2.70*,"
"TTSSH/2.71*,"
"TTSSH/2.72*", SSH_BUG_HOSTKEYS },
{ "WinSCP*", SSH_OLD_DHGEX },
{ NULL, 0 }
};
/* process table, return first match */
for (i = 0; check[i].pat; i++) {
if (match_pattern_list(version, check[i].pat,
strlen(check[i].pat), 0) == 1) {
if (match_pattern_list(version, check[i].pat, 0) == 1) {
debug("match: %s pat %s compat 0x%08x",
version, check[i].pat, check[i].bugs);
datafellows = check[i].bugs; /* XXX for now */
@ -200,9 +220,11 @@ proto_spec(const char *spec)
for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
switch (atoi(p)) {
case 1:
#ifdef WITH_SSH1
if (ret == SSH_PROTO_UNKNOWN)
ret |= SSH_PROTO_1_PREFERRED;
ret |= SSH_PROTO_1;
#endif
break;
case 2:
ret |= SSH_PROTO_2;
@ -230,7 +252,7 @@ filter_proposal(char *proposal, const char *filter)
buffer_init(&b);
tmp = orig_prop = xstrdup(proposal);
while ((cp = strsep(&tmp, ",")) != NULL) {
if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
if (match_pattern_list(cp, filter, 0) != 1) {
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
buffer_append(&b, cp, strlen(cp));
@ -272,15 +294,20 @@ compat_pkalg_proposal(char *pkalg_prop)
}
char *
compat_kex_proposal(char *kex_prop)
compat_kex_proposal(char *p)
{
if (!(datafellows & SSH_BUG_CURVE25519PAD))
return kex_prop;
debug2("%s: original KEX proposal: %s", __func__, kex_prop);
kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
if (*kex_prop == '\0')
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
return p;
debug2("%s: original KEX proposal: %s", __func__, p);
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
p = filter_proposal(p, "curve25519-sha256@libssh.org");
if ((datafellows & SSH_OLD_DHGEX) != 0) {
p = filter_proposal(p, "diffie-hellman-group-exchange-sha256");
p = filter_proposal(p, "diffie-hellman-group-exchange-sha1");
}
debug2("%s: compat KEX proposal: %s", __func__, p);
if (*p == '\0')
fatal("No supported key exchange algorithms found");
return kex_prop;
return p;
}

4
crypto/openssh/compat.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.h,v 1.46 2015/01/19 20:20:20 markus Exp $ */
/* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */
/* $FreeBSD$ */
/*
@ -61,6 +61,8 @@
#define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
#define SSH_BUG_CURVE25519PAD 0x10000000
#define SSH_BUG_HOSTKEYS 0x20000000
#define SSH_BUG_DHGEX_LARGE 0x40000000
void enable_compat13(void);
void enable_compat20(void);

6
crypto/openssh/config.guess vendored
View File

@ -982,6 +982,12 @@ EOF
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
exit ;;
ppc64le:Linux:*:*)
echo powerpc64le-unknown-linux-gnu
exit ;;
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-gnu
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
exit ;;

111
crypto/openssh/configure vendored
View File

@ -665,6 +665,7 @@ SED
PERL
KILL
CAT
ac_ct_AR
AR
INSTALL_DATA
INSTALL_SCRIPT
@ -1424,7 +1425,7 @@ Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL**
--without-ssh1 Disable support for SSH protocol 1
--without-ssh1 Enable support for SSH protocol 1
--without-stackprotect Don't use compiler's stack protection
--without-hardening Don't use toolchain hardening flags
--without-rpath Disable auto-added -R linker paths
@ -1460,8 +1461,8 @@ Optional Packages:
--with-mantype=man|cat|doc Set man page type
--with-md5-passwords Enable use of MD5 passwords
--without-shadow Disable shadow password support
--with-ipaddr-display Use ip address instead of hostname in \$DISPLAY
--with-default-path= Specify default \$PATH environment for server
--with-ipaddr-display Use ip address instead of hostname in $DISPLAY
--with-default-path= Specify default $PATH environment for server
--with-superuser-path= Specify different path for super-user
--with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
--with-bsd-auth Enable BSD auth support
@ -4556,26 +4557,27 @@ $as_echo "$ac_cv_path_EGREP" >&6; }
EGREP="$ac_cv_path_EGREP"
# Extract the first word of "ar", so it can be a program name with args.
set dummy ar; ac_word=$2
if test -n "$ac_tool_prefix"; then
for ac_prog in ar
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_AR+:} false; then :
if ${ac_cv_prog_AR+:} false; then :
$as_echo_n "(cached) " >&6
else
case $AR in
[\\/]* | ?:[\\/]*)
ac_cv_path_AR="$AR" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
if test -n "$AR"; then
ac_cv_prog_AR="$AR" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_AR="$as_dir/$ac_word$ac_exec_ext"
ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
@ -4583,10 +4585,9 @@ done
done
IFS=$as_save_IFS
;;
esac
fi
AR=$ac_cv_path_AR
fi
AR=$ac_cv_prog_AR
if test -n "$AR"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
$as_echo "$AR" >&6; }
@ -4596,6 +4597,66 @@ $as_echo "no" >&6; }
fi
test -n "$AR" && break
done
fi
if test -z "$AR"; then
ac_ct_AR=$AR
for ac_prog in ar
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_prog_ac_ct_AR+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_AR"; then
ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_AR="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
fi
fi
ac_ct_AR=$ac_cv_prog_ac_ct_AR
if test -n "$ac_ct_AR"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
$as_echo "$ac_ct_AR" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
test -n "$ac_ct_AR" && break
done
if test "x$ac_ct_AR" = x; then
AR=""
else
case $cross_compiling:$ac_tool_warned in
yes:)
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
AR=$ac_ct_AR
fi
fi
# Extract the first word of "cat", so it can be a program name with args.
set dummy cat; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@ -5655,10 +5716,15 @@ fi
# Check whether --with-ssh1 was given.
if test "${with_ssh1+set}" = set; then :
withval=$with_ssh1;
if test "x$withval" = "xno" ; then
if test "x$withval" = "xyes" ; then
if test "x$openssl" = "xno" ; then
as_fn_error $? "Cannot enable SSH protocol 1 with OpenSSL disabled" "$LINENO" 5
fi
ssh1=yes
elif test "x$withval" = "xno" ; then
ssh1=no
elif test "x$openssl" = "xno" ; then
as_fn_error $? "Cannot enable SSH protocol 1 with OpenSSL disabled" "$LINENO" 5
else
as_fn_error $? "unknown --with-ssh1 argument" "$LINENO" 5
fi
@ -7628,9 +7694,12 @@ $as_echo_n "checking for seccomp architecture... " >&6; }
i*86-*)
seccomp_audit_arch=AUDIT_ARCH_I386
;;
arm*-*)
arm*-*)
seccomp_audit_arch=AUDIT_ARCH_ARM
;;
;;
aarch64*-*)
seccomp_audit_arch=AUDIT_ARCH_AARCH64
;;
esac
if test "x$seccomp_audit_arch" != "x" ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5

30
crypto/openssh/configure.ac
View File

@ -30,7 +30,7 @@ AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PROG_EGREP
AC_PATH_PROG([AR], [ar])
AC_CHECK_TOOLS([AR], [ar])
AC_PATH_PROG([CAT], [cat])
AC_PATH_PROG([KILL], [kill])
AC_PATH_PROGS([PERL], [perl5 perl])
@ -140,12 +140,17 @@ else
fi
AC_ARG_WITH([ssh1],
[ --without-ssh1 Disable support for SSH protocol 1],
[ --without-ssh1 Enable support for SSH protocol 1],
[
if test "x$withval" = "xno" ; then
if test "x$withval" = "xyes" ; then
if test "x$openssl" = "xno" ; then
AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
fi
ssh1=yes
elif test "x$withval" = "xno" ; then
ssh1=no
elif test "x$openssl" = "xno" ; then
AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
else
AC_MSG_ERROR([unknown --with-ssh1 argument])
fi
]
)
@ -782,14 +787,17 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
i*86-*)
seccomp_audit_arch=AUDIT_ARCH_I386
;;
arm*-*)
arm*-*)
seccomp_audit_arch=AUDIT_ARCH_ARM
;;
;;
aarch64*-*)
seccomp_audit_arch=AUDIT_ARCH_AARCH64
;;
esac
if test "x$seccomp_audit_arch" != "x" ; then
AC_MSG_RESULT(["$seccomp_audit_arch"])
AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
[Specify the system call convention in use])
AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
[Specify the system call convention in use])
else
AC_MSG_RESULT([architecture not supported])
fi
@ -4413,7 +4421,7 @@ if test ! -z "$IPADDR_IN_DISPLAY" ; then
else
DISPLAY_HACK_MSG="no"
AC_ARG_WITH([ipaddr-display],
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
[
if test "x$withval" != "xno" ; then
AC_DEFINE([IPADDR_IN_DISPLAY])
@ -4459,7 +4467,7 @@ fi
# Whether to mess with the default path
SERVER_PATH_MSG="(default)"
AC_ARG_WITH([default-path],
[ --with-default-path= Specify default \$PATH environment for server],
[ --with-default-path= Specify default $PATH environment for server],
[
if test "x$external_path_file" = "x/etc/login.conf" ; then
AC_MSG_WARN([

2
crypto/openssh/contrib/redhat/openssh.spec
View File

@ -1,4 +1,4 @@
%define ver 6.8p1
%define ver 6.9p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID

2
crypto/openssh/contrib/suse/openssh.spec
View File

@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 6.8p1
Version: 6.9p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz

49
crypto/openssh/dh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dh.c,v 1.55 2015/01/20 23:14:00 deraadt Exp $ */
/* $OpenBSD: dh.c,v 1.57 2015/05/27 23:39:18 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@ -155,7 +155,7 @@ choose_dh(int min, int wantbits, int max)
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
logit("WARNING: %s does not exist, using fixed modulus",
_PATH_DH_MODULI);
return (dh_new_group14());
return (dh_new_group_fallback(max));
}
linenum = 0;
@ -183,7 +183,7 @@ choose_dh(int min, int wantbits, int max)
if (bestcount == 0) {
fclose(f);
logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
return (dh_new_group14());
return (dh_new_group_fallback(max));
}
linenum = 0;
@ -204,7 +204,7 @@ choose_dh(int min, int wantbits, int max)
if (linenum != which+1) {
logit("WARNING: line %d disappeared in %s, giving up",
which, _PATH_DH_PRIMES);
return (dh_new_group14());
return (dh_new_group_fallback(max));
}
return (dh_new_group(dhg.g, dhg.p));
@ -261,7 +261,7 @@ dh_gen_key(DH *dh, int need)
if (need < 0 || dh->p == NULL ||
(pbits = BN_num_bits(dh->p)) <= 0 ||
need > INT_MAX / 2 || 2 * need >= pbits)
need > INT_MAX / 2 || 2 * need > pbits)
return SSH_ERR_INVALID_ARGUMENT;
dh->length = MIN(need * 2, pbits - 1);
if (DH_generate_key(dh) == 0 ||
@ -338,6 +338,45 @@ dh_new_group14(void)
return (dh_new_group_asc(gen, group14));
}
/*
* 4k bit fallback group used by DH-GEX if moduli file cannot be read.
* Source: MODP group 16 from RFC3526.
*/
DH *
dh_new_group_fallback(int max)
{
static char *gen = "2", *group16 =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
"15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
"ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
"ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
"F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
"BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
"43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
"88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
"2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
"287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
"1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
"FFFFFFFF" "FFFFFFFF";
if (max < 4096) {
debug3("requested max size %d, using 2k bit group 14", max);
return dh_new_group14();
}
debug3("using 4k bit group 16");
return (dh_new_group_asc(gen, group16));
}
/*
* Estimates the group order for a Diffie-Hellman group that has an
* attack complexity approximately the same as O(2**bits).

3
crypto/openssh/dh.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dh.h,v 1.12 2015/01/19 20:16:15 markus Exp $ */
/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@ -37,6 +37,7 @@ DH *dh_new_group_asc(const char *, const char *);
DH *dh_new_group(BIGNUM *, BIGNUM *);
DH *dh_new_group1(void);
DH *dh_new_group14(void);
DH *dh_new_group_fallback(int);
int dh_gen_key(DH *, int);
int dh_pub_is_valid(DH *, BIGNUM *);

2
crypto/openssh/digest-libc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: digest-libc.c,v 1.4 2014/12/21 22:27:56 djm Exp $ */
/* $OpenBSD: digest-libc.c,v 1.5 2015/05/05 02:48:17 jsg Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
* Copyright (c) 2014 Markus Friedl. All rights reserved.

22
crypto/openssh/dispatch.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dispatch.c,v 1.26 2015/02/12 20:34:19 dtucker Exp $ */
/* $OpenBSD: dispatch.c,v 1.27 2015/05/01 07:10:01 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -137,22 +137,6 @@ ssh_dispatch_run_fatal(struct ssh *ssh, int mode, volatile sig_atomic_t *done,
{
int r;
if ((r = ssh_dispatch_run(ssh, mode, done, ctxt)) != 0) {
switch (r) {
case SSH_ERR_CONN_CLOSED:
logit("Connection closed by %.200s",
ssh_remote_ipaddr(ssh));
cleanup_exit(255);
case SSH_ERR_CONN_TIMEOUT:
logit("Connection to %.200s timed out while "
"waiting to read", ssh_remote_ipaddr(ssh));
cleanup_exit(255);
case SSH_ERR_DISCONNECTED:
logit("Disconnected from %.200s",
ssh_remote_ipaddr(ssh));
cleanup_exit(255);
default:
fatal("%s: %s", __func__, ssh_err(r));
}
}
if ((r = ssh_dispatch_run(ssh, mode, done, ctxt)) != 0)
sshpkt_fatal(ssh, __func__, r);
}

4
crypto/openssh/dns.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.h,v 1.14 2015/01/15 09:40:00 djm Exp $ */
/* $OpenBSD: dns.h,v 1.15 2015/05/08 06:45:13 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -33,7 +33,7 @@ enum sshfp_types {
SSHFP_KEY_RSA = 1,
SSHFP_KEY_DSA = 2,
SSHFP_KEY_ECDSA = 3,
SSHFP_KEY_ED25519 = 4
SSHFP_KEY_ED25519 = 4
};
enum sshfp_hashes {

6
crypto/openssh/groupaccess.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: groupaccess.c,v 1.15 2015/01/20 23:14:00 deraadt Exp $ */
/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
*
@ -97,11 +97,9 @@ int
ga_match_pattern_list(const char *group_pattern)
{
int i, found = 0;
size_t len = strlen(group_pattern);
for (i = 0; i < ngroups; i++) {
switch (match_pattern_list(groups_byname[i],
group_pattern, len, 0)) {
switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
case -1:
return 0; /* Negated match wins */
case 0:

1
crypto/openssh/gss-genr.c
View File

@ -34,6 +34,7 @@
#include <limits.h>
#include <stdarg.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include "xmalloc.h"

40
crypto/openssh/gss-serv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv.c,v 1.28 2015/01/20 23:14:00 deraadt Exp $ */
/* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -44,9 +44,12 @@
#include "channels.h"
#include "session.h"
#include "misc.h"
#include "servconf.h"
#include "ssh-gss.h"
extern ServerOptions options;
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
@ -99,25 +102,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
char lname[NI_MAXHOST];
gss_OID_set oidset;
gss_create_empty_oid_set(&status, &oidset);
gss_add_oid_set_member(&status, ctx->oid, &oidset);
if (options.gss_strict_acceptor) {
gss_create_empty_oid_set(&status, &oidset);
gss_add_oid_set_member(&status, ctx->oid, &oidset);
if (gethostname(lname, sizeof(lname))) {
gss_release_oid_set(&status, &oidset);
return (-1);
}
if (gethostname(lname, MAXHOSTNAMELEN)) {
gss_release_oid_set(&status, &oidset);
return (-1);
}
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
gss_release_oid_set(&status, &oidset);
return (ctx->major);
}
if ((ctx->major = gss_acquire_cred(&ctx->minor,
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
NULL, NULL)))
ssh_gssapi_error(ctx);
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
gss_release_oid_set(&status, &oidset);
return (ctx->major);
} else {
ctx->name = GSS_C_NO_NAME;
ctx->creds = GSS_C_NO_CREDENTIAL;
}
if ((ctx->major = gss_acquire_cred(&ctx->minor,
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
ssh_gssapi_error(ctx);
gss_release_oid_set(&status, &oidset);
return (ctx->major);
return GSS_S_COMPLETE;
}
/* Privileged */

4
crypto/openssh/hmac.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hmac.c,v 1.11 2015/01/15 21:37:14 markus Exp $ */
/* $OpenBSD: hmac.c,v 1.12 2015/03/24 20:03:44 markus Exp $ */
/*
* Copyright (c) 2014 Markus Friedl. All rights reserved.
*
@ -154,7 +154,7 @@ hmac_test(void *key, size_t klen, void *m, size_t mlen, u_char *e, size_t elen)
if (memcmp(e, digest, elen)) {
for (i = 0; i < elen; i++)
printf("[%zd] %2.2x %2.2x\n", i, e[i], digest[i]);
printf("[%zu] %2.2x %2.2x\n", i, e[i], digest[i]);
printf("mismatch\n");
} else
printf("ok\n");

11
crypto/openssh/hostfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hostfile.c,v 1.64 2015/02/16 22:08:57 djm Exp $ */
/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -242,7 +242,8 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx)
struct hostkey_entry *tmp;
if (l->status == HKF_STATUS_INVALID) {
error("%s:%ld: parse error in hostkeys file",
/* XXX make this verbose() in the future */
debug("%s:%ld: parse error in hostkeys file",
l->path, l->linenum);
return 0;
}
@ -662,7 +663,7 @@ match_maybe_hashed(const char *host, const char *names, int *was_hashed)
return nlen == strlen(hashed_host) &&
strncmp(hashed_host, names, nlen) == 0;
}
return match_hostname(host, names, nlen) == 1;
return match_hostname(host, names) == 1;
}
int
@ -810,7 +811,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
memcpy(ktype, lineinfo.rawkey, l);
ktype[l] = '\0';
lineinfo.keytype = sshkey_type_from_name(ktype);
#ifdef WITH_SSH1
/*
* Assume RSA1 if the first component is a short
* decimal number.
@ -818,7 +819,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
if (lineinfo.keytype == KEY_UNSPEC && l < 8 &&
strspn(ktype, "0123456789") == l)
lineinfo.keytype = KEY_RSA1;
#endif
/*
* Check that something other than whitespace follows
* the key type. This won't catch all corruption, but

4
crypto/openssh/kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.105 2015/01/30 00:22:25 djm Exp $ */
/* $OpenBSD: kex.c,v 1.106 2015/04/17 13:25:52 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -229,6 +229,8 @@ kex_prop_free(char **proposal)
{
u_int i;
if (proposal == NULL)
return;
for (i = 0; i < PROPOSAL_MAX; i++)
free(proposal[i]);
free(proposal);

7
crypto/openssh/kexc25519.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexc25519.c,v 1.8 2015/01/19 20:16:15 markus Exp $ */
/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */
/*
* Copyright (c) 2001, 2013 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -66,6 +66,11 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
u_char shared_key[CURVE25519_SIZE];
int r;
/* Check for all-zero public key */
explicit_bzero(shared_key, CURVE25519_SIZE);
if (timingsafe_bcmp(pub, shared_key, CURVE25519_SIZE) == 0)
return SSH_ERR_KEY_INVALID_EC_VALUE;
crypto_scalarmult_curve25519(shared_key, key, pub);
#ifdef DEBUG_KEXECDH
dump_digest("shared secret", shared_key, CURVE25519_SIZE);

3
crypto/openssh/kexc25519s.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexc25519s.c,v 1.8 2015/01/26 06:10:03 djm Exp $ */
/* $OpenBSD: kexc25519s.c,v 1.9 2015/04/27 00:37:53 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -27,6 +27,7 @@
#include "includes.h"
#include <sys/types.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>

33
crypto/openssh/kexgexc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexc.c,v 1.20 2015/01/26 06:10:03 djm Exp $ */
/* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -28,6 +28,7 @@
#ifdef WITH_OPENSSL
#include <sys/param.h>
#include <sys/types.h>
#include <openssl/dh.h>
@ -65,25 +66,17 @@ kexgex_client(struct ssh *ssh)
kex->min = DH_GRP_MIN;
kex->max = DH_GRP_MAX;
kex->nbits = nbits;
if (ssh->compat & SSH_OLD_DHGEX) {
/* Old GEX request */
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST_OLD))
!= 0 ||
(r = sshpkt_put_u32(ssh, kex->nbits)) != 0 ||
(r = sshpkt_send(ssh)) != 0)
goto out;
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", kex->nbits);
} else {
/* New GEX request */
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->min)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->nbits)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->max)) != 0 ||
(r = sshpkt_send(ssh)) != 0)
goto out;
debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent",
kex->min, kex->nbits, kex->max);
}
if (datafellows & SSH_BUG_DHGEX_LARGE)
kex->nbits = MIN(kex->nbits, 4096);
/* New GEX request */
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->min)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->nbits)) != 0 ||
(r = sshpkt_put_u32(ssh, kex->max)) != 0 ||
(r = sshpkt_send(ssh)) != 0)
goto out;
debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent",
kex->min, kex->nbits, kex->max);
#ifdef DEBUG_KEXDH
fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
kex->min, kex->nbits, kex->max);

49
crypto/openssh/kexgexs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.24 2015/01/26 06:10:03 djm Exp $ */
/* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -60,8 +60,6 @@ static int input_kex_dh_gex_init(int, u_int32_t, void *);
int
kexgex_server(struct ssh *ssh)
{
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST_OLD,
&input_kex_dh_gex_request);
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST,
&input_kex_dh_gex_request);
debug("expecting SSH2_MSG_KEX_DH_GEX_REQUEST");
@ -76,36 +74,19 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
int r;
u_int min = 0, max = 0, nbits = 0;
switch (type) {
case SSH2_MSG_KEX_DH_GEX_REQUEST:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
(r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
(r = sshpkt_get_u32(ssh, &max)) != 0 ||
(r = sshpkt_get_end(ssh)) != 0)
goto out;
kex->nbits = nbits;
kex->min = min;
kex->max = max;
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
nbits = MAX(DH_GRP_MIN, nbits);
nbits = MIN(DH_GRP_MAX, nbits);
break;
case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
if ((r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
(r = sshpkt_get_end(ssh)) != 0)
goto out;
kex->nbits = nbits;
/* unused for old GEX */
kex->min = min = DH_GRP_MIN;
kex->max = max = DH_GRP_MAX;
break;
default:
r = SSH_ERR_INVALID_ARGUMENT;
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
(r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
(r = sshpkt_get_u32(ssh, &max)) != 0 ||
(r = sshpkt_get_end(ssh)) != 0)
goto out;
}
kex->nbits = nbits;
kex->min = min;
kex->max = max;
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
nbits = MAX(DH_GRP_MIN, nbits);
nbits = MIN(DH_GRP_MAX, nbits);
if (kex->max < kex->min || kex->nbits < kex->min ||
kex->max < kex->nbits) {
@ -131,10 +112,6 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
goto out;
/* old KEX does not use min/max in kexgex_hash() */
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
kex->min = kex->max = -1;
debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init);
r = 0;

4
crypto/openssh/krl.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $OpenBSD: krl.c,v 1.31 2015/01/30 01:10:33 djm Exp $ */
/* $OpenBSD: krl.c,v 1.32 2015/06/24 23:47:23 djm Exp $ */
#include "includes.h"
@ -772,7 +772,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
goto out;
if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
sshbuf_ptr(buf), sshbuf_len(buf), 0)) == -1)
sshbuf_ptr(buf), sshbuf_len(buf), 0)) != 0)
goto out;
KRL_DBG(("%s: signature sig len %zu", __func__, slen));
if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)

14
crypto/openssh/match.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */
/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -115,15 +115,13 @@ match_pattern(const char *s, const char *pattern)
* indicate negation). Returns -1 if negation matches, 1 if there is
* a positive match, 0 if there is no match at all.
*/
int
match_pattern_list(const char *string, const char *pattern, u_int len,
int dolower)
match_pattern_list(const char *string, const char *pattern, int dolower)
{
char sub[1024];
int negated;
int got_positive;
u_int i, subi;
u_int i, subi, len = strlen(pattern);
got_positive = 0;
for (i = 0; i < len;) {
@ -177,9 +175,9 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
* a positive match, 0 if there is no match at all.
*/
int
match_hostname(const char *host, const char *pattern, u_int len)
match_hostname(const char *host, const char *pattern)
{
return match_pattern_list(host, pattern, len, 1);
return match_pattern_list(host, pattern, 1);
}
/*
@ -200,7 +198,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
return 0;
/* negative hostname match */
if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
if ((mhost = match_hostname(host, patterns)) == -1)
return 0;
/* no match at all */
if (mhost == 0 && mip == 0)

6
crypto/openssh/match.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: match.h,v 1.15 2010/02/26 20:29:54 djm Exp $ */
/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -15,8 +15,8 @@
#define MATCH_H
int match_pattern(const char *, const char *);
int match_pattern_list(const char *, const char *, u_int, int);
int match_hostname(const char *, const char *, u_int);
int match_pattern_list(const char *, const char *, int);
int match_hostname(const char *, const char *);
int match_host_and_ip(const char *, const char *, const char *);
int match_user(const char *, const char *, const char *, const char *);
char *match_list(const char *, const char *, u_int *);

4
crypto/openssh/misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.96 2015/01/16 06:40:12 deraadt Exp $ */
/* $OpenBSD: misc.c,v 1.97 2015/04/24 01:36:00 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -473,7 +473,7 @@ addargs(arglist *args, char *fmt, ...)
} else if (args->num+2 >= nalloc)
nalloc *= 2;
args->list = xrealloc(args->list, nalloc, sizeof(char *));
args->list = xreallocarray(args->list, nalloc, sizeof(char *));
args->nalloc = nalloc;
args->list[args->num++] = cp;
args->list[args->num] = NULL;

31
crypto/openssh/moduli
View File

@ -1,34 +1,5 @@
# $OpenBSD: moduli,v 1.12 2015/05/22 02:45:42 dtucker Exp $
# $OpenBSD: moduli,v 1.13 2015/05/28 00:03:06 dtucker Exp $
# Time Type Tests Tries Size Generator Modulus
20150520233853 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA2AC62AF
20150520233854 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA2BCC50F
20150520233854 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA2C241F3
20150520233855 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA2DDF347
20150520233856 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA2E3FDBB
20150520233857 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3006603
20150520233858 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA31D9C37
20150520233859 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA333355B
20150520233900 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3428B23
20150520233902 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA37C9A43
20150520233903 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA384B367
20150520233903 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3903453
20150520233904 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3946C77
20150520233904 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA39F6A9B
20150520233904 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3A0E88B
20150520233905 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3A37763
20150520233906 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3BBDD57
20150520233906 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3BDCDD7
20150520233906 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3BF5D73
20150520233907 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3C9BB83
20150520233908 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3E5ADCF
20150520233909 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA3F82077
20150520233910 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA406944F
20150520233910 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA40F7457
20150520233912 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA438733B
20150520233913 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA44707FB
20150520233914 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA4588A2B
20150520233916 2 6 100 1023 2 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA48CC01B
20150520233917 2 6 100 1023 5 DB662973FB21C0B7BF21AB46AFD3E2002AE70C92DE6B9AEAFECF7B0A96D7ACB024B7C29DB18E70CB945FA54C7773519BC7161648AFE4939058AC40ECDBBD3636F5BF45863117E955007C9D0F9333BB4EF62F7C9F6298AB79A309C734F3CF201C61EBC3926ADD4E80968A65D9F60535164ACE7A7BFEDC1022002BB2BBA4960077
20150520234251 2 6 100 1535 2 F8F4A446A6C7196643612A6C5CC26A47E491FB737740D68BBEBF0130F7AAADC59075781FB1723B644C0ADCE548C02E726DE5233C484FB4481F3EF3ED0585A0D687B2E0A6987AD2BC910754FC1A1E06B87710CFF0BC2E9868BA15BA20C103D3DCA6B65D8D0182B277F7CAE61D83A785BDD0B3CE471B4B8FAB224438D7A6772130167110AFD1FF584861996117F67B41CF3D2D5FAB020F2EB7F53E299AACF98797AEB6BAC3F0BB892DB4E4F8CDDE28C112C73EB556D0C381C6B9CC78A740BE2123
20150520234255 2 6 100 1535 5 F8F4A446A6C7196643612A6C5CC26A47E491FB737740D68BBEBF0130F7AAADC59075781FB1723B644C0ADCE548C02E726DE5233C484FB4481F3EF3ED0585A0D687B2E0A6987AD2BC910754FC1A1E06B87710CFF0BC2E9868BA15BA20C103D3DCA6B65D8D0182B277F7CAE61D83A785BDD0B3CE471B4B8FAB224438D7A6772130167110AFD1FF584861996117F67B41CF3D2D5FAB020F2EB7F53E299AACF98797AEB6BAC3F0BB892DB4E4F8CDDE28C112C73EB556D0C381C6B9CC78A740D85877
20150520234257 2 6 100 1535 2 F8F4A446A6C7196643612A6C5CC26A47E491FB737740D68BBEBF0130F7AAADC59075781FB1723B644C0ADCE548C02E726DE5233C484FB4481F3EF3ED0585A0D687B2E0A6987AD2BC910754FC1A1E06B87710CFF0BC2E9868BA15BA20C103D3DCA6B65D8D0182B277F7CAE61D83A785BDD0B3CE471B4B8FAB224438D7A6772130167110AFD1FF584861996117F67B41CF3D2D5FAB020F2EB7F53E299AACF98797AEB6BAC3F0BB892DB4E4F8CDDE28C112C73EB556D0C381C6B9CC78A740E6494B

22
crypto/openssh/monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -404,7 +404,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(authctxt, authenticated, partial,
auth_method, auth_submethod);
if (!authenticated)
if (!partial && !authenticated)
authctxt->failures++;
}
}
@ -1185,7 +1185,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
Key *key;
char *cuser, *chost;
u_char *blob;
u_int bloblen;
u_int bloblen, pubkey_auth_attempt;
enum mm_keytype type = 0;
int allowed = 0;
@ -1195,6 +1195,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
cuser = buffer_get_string(m, NULL);
chost = buffer_get_string(m, NULL);
blob = buffer_get_string(m, &bloblen);
pubkey_auth_attempt = buffer_get_int(m);
key = key_from_blob(blob, bloblen);
@ -1215,19 +1216,19 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.pubkey_authentication &&
!auth2_userkey_already_used(authctxt, key) &&
match_pattern_list(sshkey_ssh_name(key),
options.pubkey_key_types,
strlen(options.pubkey_key_types), 0) == 1 &&
user_key_allowed(authctxt->pw, key);
options.pubkey_key_types, 0) == 1 &&
user_key_allowed(authctxt->pw, key,
pubkey_auth_attempt);
pubkey_auth_info(authctxt, key, NULL);
auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1)
if (options.pubkey_authentication &&
(!pubkey_auth_attempt || allowed != 1))
auth_clear_options();
break;
case MM_HOSTKEY:
allowed = options.hostbased_authentication &&
match_pattern_list(sshkey_ssh_name(key),
options.hostbased_key_types,
strlen(options.hostbased_key_types), 0) == 1 &&
options.hostbased_key_types, 0) == 1 &&
hostbased_key_allowed(authctxt->pw,
cuser, chost, key);
pubkey_auth_info(authctxt, key,
@ -1474,6 +1475,9 @@ mm_record_login(Session *s, struct passwd *pw)
socklen_t fromlen;
struct sockaddr_storage from;
if (options.use_login)
return;
/*
* Get IP address of client. If the connection is not a socket, let
* the address be 0.0.0.0.

19
crypto/openssh/monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.84 2015/02/16 22:13:32 djm Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -153,10 +153,8 @@ mm_request_receive(int sock, Buffer *m)
debug3("%s entering", __func__);
if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
if (errno == EPIPE) {
error("%s: socket closed", __func__);
if (errno == EPIPE)
cleanup_exit(255);
}
fatal("%s: read: %s", __func__, strerror(errno));
}
msg_len = get_u32(buf);
@ -373,16 +371,17 @@ mm_auth_password(Authctxt *authctxt, char *password)
}
int
mm_user_key_allowed(struct passwd *pw, Key *key)
mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
{
return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
pubkey_auth_attempt));
}
int
mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host,
Key *key)
{
return (mm_key_allowed(MM_HOSTKEY, user, host, key));
return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
}
int
@ -392,13 +391,14 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
int ret;
key->type = KEY_RSA; /* XXX hack for key_to_blob */
ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key);
ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0);
key->type = KEY_RSA1;
return (ret);
}
int
mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key,
int pubkey_auth_attempt)
{
Buffer m;
u_char *blob;
@ -416,6 +416,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
buffer_put_cstring(&m, user ? user : "");
buffer_put_cstring(&m, host ? host : "");
buffer_put_string(&m, blob, len);
buffer_put_int(&m, pubkey_auth_attempt);
free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);

6
crypto/openssh/monitor_wrap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.h,v 1.26 2015/02/16 22:13:32 djm Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.27 2015/05/01 03:23:51 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -45,8 +45,8 @@ void mm_inform_authserv(char *, char *);
struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct Authctxt *, char *);
int mm_key_allowed(enum mm_keytype, char *, char *, Key *);
int mm_user_key_allowed(struct passwd *, Key *);
int mm_key_allowed(enum mm_keytype, char *, char *, Key *, int);
int mm_user_key_allowed(struct passwd *, Key *, int);
int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);

23
crypto/openssh/mux.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mux.c,v 1.50 2015/01/20 23:14:00 deraadt Exp $ */
/* $OpenBSD: mux.c,v 1.53 2015/05/01 04:03:20 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@ -351,7 +351,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
free(cp);
continue;
}
cctx->env = xrealloc(cctx->env, env_len + 2,
cctx->env = xreallocarray(cctx->env, env_len + 2,
sizeof(*cctx->env));
cctx->env[env_len++] = cp;
cctx->env[env_len] = NULL;
@ -594,7 +594,9 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
return;
}
buffer_init(&out);
if (fctx->fid >= options.num_remote_forwards) {
if (fctx->fid >= options.num_remote_forwards ||
(options.remote_forwards[fctx->fid].connect_path == NULL &&
options.remote_forwards[fctx->fid].connect_host == NULL)) {
xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
goto fail;
}
@ -606,7 +608,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
if (type == SSH2_MSG_REQUEST_SUCCESS) {
if (rfwd->listen_port == 0) {
rfwd->allocated_port = packet_get_int();
logit("Allocated port %u for mux remote forward"
debug("Allocated port %u for mux remote forward"
" to %s:%d", rfwd->allocated_port,
rfwd->connect_host, rfwd->connect_port);
buffer_put_int(&out, MUX_S_REMOTE_PORT);
@ -628,6 +630,17 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
else
xasprintf(&failmsg, "remote port forwarding failed for "
"listen port %d", rfwd->listen_port);
debug2("%s: clearing registered forwarding for listen %d, "
"connect %s:%d", __func__, rfwd->listen_port,
rfwd->connect_path ? rfwd->connect_path :
rfwd->connect_host, rfwd->connect_port);
free(rfwd->listen_host);
free(rfwd->listen_path);
free(rfwd->connect_host);
free(rfwd->connect_path);
memset(rfwd, 0, sizeof(*rfwd));
}
fail:
error("%s: %s", __func__, failmsg);
@ -1723,7 +1736,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd)
if (cancel_flag)
fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__);
fwd->allocated_port = buffer_get_int(&m);
logit("Allocated port %u for remote forward to %s:%d",
verbose("Allocated port %u for remote forward to %s:%d",
fwd->allocated_port,
fwd->connect_host ? fwd->connect_host : "",
fwd->connect_port);

25
crypto/openssh/myproposal.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: myproposal.h,v 1.41 2014/07/11 13:54:34 tedu Exp $ */
/* $OpenBSD: myproposal.h,v 1.44 2015/05/27 23:51:10 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -61,7 +61,7 @@
#ifdef OPENSSL_HAVE_EVPGCM
# define AESGCM_CIPHER_MODES \
"aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
",aes128-gcm@openssh.com,aes256-gcm@openssh.com"
#else
# define AESGCM_CIPHER_MODES
#endif
@ -83,14 +83,17 @@
# else
# define KEX_CURVE25519_METHODS ""
# endif
#define KEX_SERVER_KEX \
#define KEX_COMMON_KEX \
KEX_CURVE25519_METHODS \
KEX_ECDH_METHODS \
KEX_SHA256_METHODS \
"diffie-hellman-group14-sha1"
KEX_SHA256_METHODS
#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \
#define KEX_SERVER_KEX KEX_COMMON_KEX \
"diffie-hellman-group14-sha1" \
#define KEX_CLIENT_KEX KEX_COMMON_KEX \
"diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1," \
"diffie-hellman-group1-sha1"
#define KEX_DEFAULT_PK_ALG \
@ -108,9 +111,9 @@
/* the actual algorithms */
#define KEX_SERVER_ENCRYPT \
"aes128-ctr,aes192-ctr,aes256-ctr," \
AESGCM_CIPHER_MODES \
"chacha20-poly1305@openssh.com"
"chacha20-poly1305@openssh.com," \
"aes128-ctr,aes192-ctr,aes256-ctr" \
AESGCM_CIPHER_MODES
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
"arcfour256,arcfour128," \
@ -148,8 +151,8 @@
"ssh-ed25519-cert-v01@openssh.com," \
"ssh-ed25519"
#define KEX_SERVER_ENCRYPT \
"aes128-ctr,aes192-ctr,aes256-ctr," \
"chacha20-poly1305@openssh.com"
"chacha20-poly1305@openssh.com," \
"aes128-ctr,aes192-ctr,aes256-ctr"
#define KEX_SERVER_MAC \
"umac-64-etm@openssh.com," \
"umac-128-etm@openssh.com," \

18
crypto/openssh/openbsd-compat/bcrypt_pbkdf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bcrypt_pbkdf.c,v 1.9 2014/07/13 21:21:25 tedu Exp $ */
/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */
/*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
*
@ -37,6 +37,8 @@
#endif
#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
#define MINIMUM(a,b) (((a) < (b)) ? (a) : (b))
/*
* pkcs #5 pbkdf2 implementation using the "bcrypt" hash
*
@ -61,8 +63,8 @@
* wise caller could do; we just do it for you.
*/
#define BCRYPT_BLOCKS 8
#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
#define BCRYPT_WORDS 8
#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4)
static void
bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
@ -70,7 +72,7 @@ bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
blf_ctx state;
u_int8_t ciphertext[BCRYPT_HASHSIZE] =
"OxychromaticBlowfishSwatDynamite";
uint32_t cdata[BCRYPT_BLOCKS];
uint32_t cdata[BCRYPT_WORDS];
int i;
uint16_t j;
size_t shalen = SHA512_DIGEST_LENGTH;
@ -85,14 +87,14 @@ bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
/* encryption */
j = 0;
for (i = 0; i < BCRYPT_BLOCKS; i++)
for (i = 0; i < BCRYPT_WORDS; i++)
cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
&j);
for (i = 0; i < 64; i++)
blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));
/* copy out */
for (i = 0; i < BCRYPT_BLOCKS; i++) {
for (i = 0; i < BCRYPT_WORDS; i++) {
out[4 * i + 3] = (cdata[i] >> 24) & 0xff;
out[4 * i + 2] = (cdata[i] >> 16) & 0xff;
out[4 * i + 1] = (cdata[i] >> 8) & 0xff;
@ -156,9 +158,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
}
/*
* pbkdf2 deviation: ouput the key material non-linearly.
* pbkdf2 deviation: output the key material non-linearly.
*/
amt = MIN(amt, keylen);
amt = MINIMUM(amt, keylen);
for (i = 0; i < amt; i++) {
size_t dest = i * stride + (count - 1);
if (dest >= origkeylen)

2
crypto/openssh/openbsd-compat/bsd-cygwin_util.c
View File

@ -68,7 +68,7 @@ cygwin_ssh_privsep_user()
if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user,
sizeof cyg_privsep_user) != 0)
#endif
strcpy (cyg_privsep_user, "sshd");
strlcpy(cyg_privsep_user, "sshd", sizeof(cyg_privsep_user));
}
return cyg_privsep_user;
}

2
crypto/openssh/openbsd-compat/bsd-misc.h
View File

@ -111,7 +111,7 @@ pid_t getpgid(pid_t);
#endif
#ifndef HAVE_ENDGRENT
# define endgrent() do { } while (0)
# define endgrent() do { } while(0)
#endif
#ifndef HAVE_KRB5_GET_ERROR_MESSAGE

2
crypto/openssh/openbsd-compat/openbsd-compat.h
View File

@ -221,7 +221,7 @@ long long strtonum(const char *, long long, long long, const char **);
/* multibyte character support */
#ifndef HAVE_MBLEN
# define mblen(x, y) 1
# define mblen(x, y) (1)
#endif
#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF)

2
crypto/openssh/openbsd-compat/rmd160.c
View File

@ -32,7 +32,9 @@
#ifndef WITH_OPENSSL
#include <sys/types.h>
#ifdef HAVE_ENDIAN_H
#include <endian.h>
#endif
#include <string.h>
#include <rmd160.h>

50
crypto/openssh/packet.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */
/* $OpenBSD: packet.c,v 1.212 2015/05/01 07:10:01 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -291,6 +291,7 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
(r = cipher_init(&state->receive_context, none,
(const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
error("%s: cipher_init failed: %s", __func__, ssh_err(r));
free(ssh);
return NULL;
}
state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
@ -792,7 +793,9 @@ ssh_packet_set_compress_hooks(struct ssh *ssh, void *ctx,
void
ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, int number)
{
#ifdef WITH_SSH1
#ifndef WITH_SSH1
fatal("no SSH protocol 1 support");
#else /* WITH_SSH1 */
struct session_state *state = ssh->state;
const struct sshcipher *cipher = cipher_by_number(number);
int r;
@ -1280,7 +1283,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
* been sent.
*/
if ((r = ssh_packet_write_wait(ssh)) != 0)
return r;
goto out;
/* Stay in the loop until we have received a complete packet. */
for (;;) {
@ -1338,15 +1341,20 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
len = roaming_read(state->connection_in, buf,
sizeof(buf), &cont);
} while (len == 0 && cont);
if (len == 0)
return SSH_ERR_CONN_CLOSED;
if (len < 0)
return SSH_ERR_SYSTEM_ERROR;
if (len == 0) {
r = SSH_ERR_CONN_CLOSED;
goto out;
}
if (len < 0) {
r = SSH_ERR_SYSTEM_ERROR;
goto out;
}
/* Append it to the buffer. */
if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0)
return r;
goto out;
}
out:
free(setp);
return r;
}
@ -1913,9 +1921,19 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
logit("Connection closed by %.200s", ssh_remote_ipaddr(ssh));
cleanup_exit(255);
case SSH_ERR_CONN_TIMEOUT:
logit("Connection to %.200s timed out while "
"waiting to write", ssh_remote_ipaddr(ssh));
logit("Connection to %.200s timed out", ssh_remote_ipaddr(ssh));
cleanup_exit(255);
case SSH_ERR_DISCONNECTED:
logit("Disconnected from %.200s",
ssh_remote_ipaddr(ssh));
cleanup_exit(255);
case SSH_ERR_SYSTEM_ERROR:
if (errno == ECONNRESET) {
logit("Connection reset by %.200s",
ssh_remote_ipaddr(ssh));
cleanup_exit(255);
}
/* FALLTHROUGH */
default:
fatal("%s%sConnection to %.200s: %s",
tag != NULL ? tag : "", tag != NULL ? ": " : "",
@ -2728,13 +2746,14 @@ sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v)
return sshbuf_put_stringb(ssh->state->outgoing_packet, v);
}
#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
#ifdef WITH_OPENSSL
#ifdef OPENSSL_HAS_ECC
int
sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g)
{
return sshbuf_put_ec(ssh->state->outgoing_packet, v, g);
}
#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
#endif /* OPENSSL_HAS_ECC */
#ifdef WITH_SSH1
int
@ -2744,7 +2763,6 @@ sshpkt_put_bignum1(struct ssh *ssh, const BIGNUM *v)
}
#endif /* WITH_SSH1 */
#ifdef WITH_OPENSSL
int
sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v)
{
@ -2796,13 +2814,14 @@ sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp)
return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp);
}
#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
#ifdef WITH_OPENSSL
#ifdef OPENSSL_HAS_ECC
int
sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g)
{
return sshbuf_get_ec(ssh->state->incoming_packet, v, g);
}
#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
#endif /* OPENSSL_HAS_ECC */
#ifdef WITH_SSH1
int
@ -2812,7 +2831,6 @@ sshpkt_get_bignum1(struct ssh *ssh, BIGNUM *v)
}
#endif /* WITH_SSH1 */
#ifdef WITH_OPENSSL
int
sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v)
{

37
crypto/openssh/readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.232 2015/02/16 22:13:32 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -317,7 +317,7 @@ add_local_forward(Options *options, const struct Forward *newfwd)
newfwd->listen_path == NULL)
fatal("Privileged ports can only be forwarded by root.");
#endif
options->local_forwards = xrealloc(options->local_forwards,
options->local_forwards = xreallocarray(options->local_forwards,
options->num_local_forwards + 1,
sizeof(*options->local_forwards));
fwd = &options->local_forwards[options->num_local_forwards++];
@ -340,7 +340,7 @@ add_remote_forward(Options *options, const struct Forward *newfwd)
{
struct Forward *fwd;
options->remote_forwards = xrealloc(options->remote_forwards,
options->remote_forwards = xreallocarray(options->remote_forwards,
options->num_remote_forwards + 1,
sizeof(*options->remote_forwards));
fwd = &options->remote_forwards[options->num_remote_forwards++];
@ -514,7 +514,6 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
const char *ruser;
int r, port, this_result, result = 1, attributes = 0, negate;
size_t len;
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
/*
@ -567,25 +566,24 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
result = -1;
goto out;
}
len = strlen(arg);
if (strcasecmp(attrib, "host") == 0) {
criteria = xstrdup(host);
r = match_hostname(host, arg, len) == 1;
r = match_hostname(host, arg) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "originalhost") == 0) {
criteria = xstrdup(original_host);
r = match_hostname(original_host, arg, len) == 1;
r = match_hostname(original_host, arg) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "user") == 0) {
criteria = xstrdup(ruser);
r = match_pattern_list(ruser, arg, len, 0) == 1;
r = match_pattern_list(ruser, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "localuser") == 0) {
criteria = xstrdup(pw->pw_name);
r = match_pattern_list(pw->pw_name, arg, len, 0) == 1;
r = match_pattern_list(pw->pw_name, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) {
@ -687,8 +685,8 @@ parse_token(const char *cp, const char *filename, int linenum,
for (i = 0; keywords[i].name; i++)
if (strcmp(cp, keywords[i].name) == 0)
return keywords[i].opcode;
if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
strlen(ignored_unknown), 1) == 1)
if (ignored_unknown != NULL &&
match_pattern_list(cp, ignored_unknown, 1) == 1)
return oIgnoredUnknownOption;
error("%s: line %d: Bad configuration option: %s",
filename, linenum, cp);
@ -785,7 +783,9 @@ process_config_line(Options *options, struct passwd *pw, const char *host,
}
/* Strip trailing whitespace */
for (len = strlen(line) - 1; len > 0; len--) {
if ((len = strlen(line)) == 0)
return 0;
for (len--; len > 0; len--) {
if (strchr(WHITESPACE, line[len]) == NULL)
break;
line[len] = '\0';
@ -1258,13 +1258,13 @@ process_config_line(Options *options, struct passwd *pw, const char *host,
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
if (arg[0] == '^' && arg[2] == 0 &&
if (strcmp(arg, "none") == 0)
value = SSH_ESCAPECHAR_NONE;
else if (arg[1] == '\0')
value = (u_char) arg[0];
else if (arg[0] == '^' && arg[2] == 0 &&
(u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
value = (u_char) arg[1] & 31;
else if (strlen(arg) == 1)
value = (u_char) arg[0];
else if (strcmp(arg, "none") == 0)
value = SSH_ESCAPECHAR_NONE;
else {
fatal("%.200s line %d: Bad escape character.",
filename, linenum);
@ -1973,7 +1973,8 @@ parse_fwd_field(char **p, struct fwdarg *fwd)
switch (*cp) {
case '\\':
memmove(cp, cp + 1, strlen(cp + 1) + 1);
cp++;
if (*cp == '\0')
return -1;
break;
case '/':
ispath = 1;

12
crypto/openssh/regress/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.78 2015/01/26 06:12:18 djm Exp $
# $OpenBSD: Makefile,v 1.81 2015/05/21 06:44:25 djm Exp $
REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec
tests: prep $(REGRESS_TARGETS)
@ -54,6 +54,7 @@ LTESTS= connect \
multiplex \
reexec \
brokenkeys \
cfgparse \
cfgmatch \
addrmatch \
localcommand \
@ -72,7 +73,8 @@ LTESTS= connect \
limit-keytype \
hostkey-agent \
keygen-knownhosts \
hostkey-rotate
hostkey-rotate \
principals-command
# dhgex \
@ -180,10 +182,10 @@ t11:
${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\
awk '{print $$2}' | diff - ${.CURDIR}/t11.ok
t12.out:
${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $(OBJ)/$@
$(OBJ)/t12.out:
${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@
t12: t12.out
t12: $(OBJ)/t12.out
${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t12.out.pub | grep test-comment-1234 >/dev/null
t-exec: ${LTESTS:=.sh}

2
crypto/openssh/regress/README.regress
View File

@ -31,7 +31,7 @@ TEST_SHELL: shell used for running the test scripts.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to ssh_config
before running each test.
TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
before running each test.

75
crypto/openssh/regress/cfgparse.sh Executable file
View File

@ -0,0 +1,75 @@
# $OpenBSD: cfgparse.sh,v 1.5 2015/05/29 03:05:13 djm Exp $
# Placed in the Public Domain.
tid="config parse"
# This is a reasonable proxy for IPv6 support.
if ! config_defined HAVE_STRUCT_IN6_ADDR ; then
SKIP_IPV6=yes
fi
# We need to use the keys generated for the regression test because sshd -T
# will fail if we're not running with SUDO (no permissions for real keys) or
# if we are # running tests on a system that has never had sshd installed
# (keys won't exist).
grep "HostKey " $OBJ/sshd_config > $OBJ/sshd_config_minimal
SSHD_KEYS="`cat $OBJ/sshd_config_minimal`"
verbose "reparse minimal config"
($SUDO ${SSHD} -T -f $OBJ/sshd_config_minimal >$OBJ/sshd_config.1 &&
$SUDO ${SSHD} -T -f $OBJ/sshd_config.1 >$OBJ/sshd_config.2 &&
diff $OBJ/sshd_config.1 $OBJ/sshd_config.2) || fail "reparse minimal config"
verbose "reparse regress config"
($SUDO ${SSHD} -T -f $OBJ/sshd_config >$OBJ/sshd_config.1 &&
$SUDO ${SSHD} -T -f $OBJ/sshd_config.1 >$OBJ/sshd_config.2 &&
diff $OBJ/sshd_config.1 $OBJ/sshd_config.2) || fail "reparse regress config"
verbose "listenaddress order"
# expected output
cat > $OBJ/sshd_config.0 <<EOD
listenaddress 1.2.3.4:1234
listenaddress 1.2.3.4:5678
EOD
[ X${SKIP_IPV6} = Xyes ] || cat >> $OBJ/sshd_config.0 <<EOD
listenaddress [::1]:1234
listenaddress [::1]:5678
EOD
# test input sets. should all result in the output above.
# test 1: addressfamily and port first
cat > $OBJ/sshd_config.1 <<EOD
${SSHD_KEYS}
addressfamily any
port 1234
port 5678
listenaddress 1.2.3.4
EOD
[ X${SKIP_IPV6} = Xyes ] || cat >> $OBJ/sshd_config.1 <<EOD
listenaddress ::1
EOD
($SUDO ${SSHD} -T -f $OBJ/sshd_config.1 | \
grep 'listenaddress ' >$OBJ/sshd_config.2 &&
diff $OBJ/sshd_config.0 $OBJ/sshd_config.2) || \
fail "listenaddress order 1"
# test 2: listenaddress first
cat > $OBJ/sshd_config.1 <<EOD
${SSHD_KEYS}
listenaddress 1.2.3.4
port 1234
port 5678
addressfamily any
EOD
[ X${SKIP_IPV6} = Xyes ] || cat >> $OBJ/sshd_config.1 <<EOD
listenaddress ::1
EOD
($SUDO ${SSHD} -T -f $OBJ/sshd_config.1 | \
grep 'listenaddress ' >$OBJ/sshd_config.2 &&
diff $OBJ/sshd_config.0 $OBJ/sshd_config.2) || \
fail "listenaddress order 2"
# cleanup
rm -f $OBJ/sshd_config.[012]

4
crypto/openssh/regress/cipher-speed.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cipher-speed.sh,v 1.12 2015/03/03 22:35:19 markus Exp $
# $OpenBSD: cipher-speed.sh,v 1.13 2015/03/24 20:22:17 markus Exp $
# Placed in the Public Domain.
tid="cipher speed"
@ -25,7 +25,7 @@ for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do
fi
done
# No point trying all MACs for AEAD ciphers since they are ignored.
if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
if ${SSH} -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
break
fi
n=`expr $n + 1`

8
crypto/openssh/regress/hostkey-rotate.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: hostkey-rotate.sh,v 1.2 2015/03/03 17:53:40 djm Exp $
# $OpenBSD: hostkey-rotate.sh,v 1.3 2015/03/24 20:22:17 markus Exp $
# Placed in the Public Domain.
tid="hostkey rotate"
@ -15,7 +15,7 @@ rm $OBJ/known_hosts
trace "prepare hostkeys"
nkeys=0
all_algs=""
for k in `ssh -Q key-plain` ; do
for k in `${SSH} -Q key-plain` ; do
${SSHKEYGEN} -qt $k -f $OBJ/hkr.$k -N '' || fatal "ssh-keygen $k"
echo "Hostkey $OBJ/hkr.${k}" >> $OBJ/sshd_proxy.orig
nkeys=`expr $nkeys + 1`
@ -62,7 +62,7 @@ expect_nkeys $nkeys "learn hostkeys"
check_key_present ssh-rsa || fail "didn't learn keys"
# Check each key type
for k in `ssh -Q key-plain` ; do
for k in `${SSH} -Q key-plain` ; do
verbose "learn additional hostkeys, type=$k"
dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$k,$all_algs
expect_nkeys $nkeys "learn hostkeys $k"
@ -109,7 +109,7 @@ dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=ssh-rsa
expect_nkeys 1 "learn hostkeys"
check_key_present ssh-rsa || fail "didn't learn changed key"
# $OpenBSD: hostkey-rotate.sh,v 1.2 2015/03/03 17:53:40 djm Exp $
# $OpenBSD: hostkey-rotate.sh,v 1.3 2015/03/24 20:22:17 markus Exp $
# Placed in the Public Domain.
tid="hostkey rotate"

4
crypto/openssh/regress/integrity.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: integrity.sh,v 1.15 2015/01/19 20:42:31 markus Exp $
# $OpenBSD: integrity.sh,v 1.16 2015/03/24 20:22:17 markus Exp $
# Placed in the Public Domain.
tid="integrity"
@ -38,7 +38,7 @@ for m in $macs; do
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
# modify output from sshd at offset $off
pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
if ${SSH} -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
echo "Ciphers=$m" >> $OBJ/sshd_proxy
macopt="-c $m"
else

4
crypto/openssh/regress/kextype.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: kextype.sh,v 1.5 2014/04/21 22:15:37 djm Exp $
# $OpenBSD: kextype.sh,v 1.6 2015/03/24 20:19:15 markus Exp $
# Placed in the Public Domain.
tid="login with different key exchange algorithms"
@ -8,7 +8,7 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
# Make server accept all key exchanges.
ALLKEX=`ssh -Q kex`
ALLKEX=`${SSH} -Q kex`
KEXOPT=`echo $ALLKEX | tr ' ' ,`
echo "KexAlgorithms=$KEXOPT" >> $OBJ/sshd_proxy

59
crypto/openssh/regress/keys-command.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
# $OpenBSD: keys-command.sh,v 1.3 2015/05/21 06:40:02 djm Exp $
# Placed in the Public Domain.
tid="authorized keys from command"
@ -9,26 +9,63 @@ if test -z "$SUDO" ; then
exit 0
fi
rm -f $OBJ/keys-command-args
touch $OBJ/keys-command-args
chmod a+rw $OBJ/keys-command-args
expected_key_text=`awk '{ print $2 }' < $OBJ/rsa.pub`
expected_key_fp=`$SSHKEYGEN -lf $OBJ/rsa.pub | awk '{ print $2 }'`
# Establish a AuthorizedKeysCommand in /var/run where it will have
# acceptable directory permissions.
KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
cat << _EOF | $SUDO sh -c "rm -f '$KEY_COMMAND' ; cat > '$KEY_COMMAND'"
#!/bin/sh
echo args: "\$@" >> $OBJ/keys-command-args
echo "$PATH" | grep -q mekmitasdigoat && exit 7
test "x\$1" != "x${LOGNAME}" && exit 1
if test $# -eq 6 ; then
test "x\$2" != "xblah" && exit 2
test "x\$3" != "x${expected_key_text}" && exit 3
test "x\$4" != "xssh-rsa" && exit 4
test "x\$5" != "x${expected_key_fp}" && exit 5
test "x\$6" != "xblah" && exit 6
fi
exec cat "$OBJ/authorized_keys_${LOGNAME}"
_EOF
$SUDO chmod 0755 "$KEY_COMMAND"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
(
grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
echo AuthorizedKeysFile none
echo AuthorizedKeysCommand $KEY_COMMAND
echo AuthorizedKeysCommandUser ${LOGNAME}
) > $OBJ/sshd_proxy
if [ -x $KEY_COMMAND ]; then
${SSH} -F $OBJ/ssh_proxy somehost true
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
verbose "AuthorizedKeysCommand with arguments"
(
grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
echo AuthorizedKeysFile none
echo AuthorizedKeysCommand $KEY_COMMAND %u blah %k %t %f blah
echo AuthorizedKeysCommandUser ${LOGNAME}
) > $OBJ/sshd_proxy
# Ensure that $PATH is sanitised in sshd
env PATH=$PATH:/sbin/mekmitasdigoat \
${SSH} -F $OBJ/ssh_proxy somehost true
if [ $? -ne 0 ]; then
fail "connect failed"
fi
verbose "AuthorizedKeysCommand without arguments"
# Check legacy behavior of no-args resulting in username being passed.
(
grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
echo AuthorizedKeysFile none
echo AuthorizedKeysCommand $KEY_COMMAND
echo AuthorizedKeysCommandUser ${LOGNAME}
) > $OBJ/sshd_proxy
# Ensure that $PATH is sanitised in sshd
env PATH=$PATH:/sbin/mekmitasdigoat \
${SSH} -F $OBJ/ssh_proxy somehost true
if [ $? -ne 0 ]; then
fail "connect failed"
fi

8
crypto/openssh/regress/netcat.c
View File

@ -42,7 +42,6 @@
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <arpa/telnet.h>
#include <errno.h>
#include <netdb.h>
@ -63,6 +62,13 @@
# endif
#endif
/* Telnet options from arpa/telnet.h */
#define IAC 255
#define DONT 254
#define DO 253
#define WONT 252
#define WILL 251
#ifndef SUN_LEN
#define SUN_LEN(su) \
(sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))

141
crypto/openssh/regress/principals-command.sh Executable file
View File

@ -0,0 +1,141 @@
# $OpenBSD: principals-command.sh,v 1.1 2015/05/21 06:44:25 djm Exp $
# Placed in the Public Domain.
tid="authorized principals command"
rm -f $OBJ/user_ca_key* $OBJ/cert_user_key*
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
if test -z "$SUDO" ; then
echo "skipped (SUDO not set)"
echo "need SUDO to create file in /var/run, test won't work without"
exit 0
fi
# Establish a AuthorizedPrincipalsCommand in /var/run where it will have
# acceptable directory permissions.
PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}"
cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'"
#!/bin/sh
test "x\$1" != "x${LOGNAME}" && exit 1
test -f "$OBJ/authorized_principals_${LOGNAME}" &&
exec cat "$OBJ/authorized_principals_${LOGNAME}"
_EOF
test $? -eq 0 || fatal "couldn't prepare principals command"
$SUDO chmod 0755 "$PRINCIPALS_COMMAND"
# Create a CA key and a user certificate.
${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \
fatal "ssh-keygen of user_ca_key failed"
${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/cert_user_key || \
fatal "ssh-keygen of cert_user_key failed"
${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
-z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \
fatal "couldn't sign cert_user_key"
# Test explicitly-specified principals
for privsep in yes no ; do
_prefix="privsep $privsep"
# Setup for AuthorizedPrincipalsCommand
rm -f $OBJ/authorized_keys_$USER
(
cat $OBJ/sshd_proxy_bak
echo "UsePrivilegeSeparation $privsep"
echo "AuthorizedKeysFile none"
echo "AuthorizedPrincipalsCommand $PRINCIPALS_COMMAND %u"
echo "AuthorizedPrincipalsCommandUser ${LOGNAME}"
echo "TrustedUserCAKeys $OBJ/user_ca_key.pub"
) > $OBJ/sshd_proxy
# XXX test missing command
# XXX test failing command
# Empty authorized_principals
verbose "$tid: ${_prefix} empty authorized_principals"
echo > $OBJ/authorized_principals_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
fi
# Wrong authorized_principals
verbose "$tid: ${_prefix} wrong authorized_principals"
echo gregorsamsa > $OBJ/authorized_principals_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
fi
# Correct authorized_principals
verbose "$tid: ${_prefix} correct authorized_principals"
echo mekmitasdigoat > $OBJ/authorized_principals_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
fi
# authorized_principals with bad key option
verbose "$tid: ${_prefix} authorized_principals bad key opt"
echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
fi
# authorized_principals with command=false
verbose "$tid: ${_prefix} authorized_principals command=false"
echo 'command="false" mekmitasdigoat' > \
$OBJ/authorized_principals_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
fi
# authorized_principals with command=true
verbose "$tid: ${_prefix} authorized_principals command=true"
echo 'command="true" mekmitasdigoat' > \
$OBJ/authorized_principals_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
fi
# Setup for principals= key option
rm -f $OBJ/authorized_principals_$USER
(
cat $OBJ/sshd_proxy_bak
echo "UsePrivilegeSeparation $privsep"
) > $OBJ/sshd_proxy
# Wrong principals list
verbose "$tid: ${_prefix} wrong principals key option"
(
printf 'cert-authority,principals="gregorsamsa" '
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
fi
# Correct principals list
verbose "$tid: ${_prefix} correct principals key option"
(
printf 'cert-authority,principals="mekmitasdigoat" '
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
${SSH} -2i $OBJ/cert_user_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
fi
done

6
crypto/openssh/regress/ssh-com.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: ssh-com.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
# $OpenBSD: ssh-com.sh,v 1.9 2015/05/08 07:29:00 djm Exp $
# Placed in the Public Domain.
tid="connect to ssh.com server"
@ -44,14 +44,14 @@ cat << EOF > $OBJ/sshd2_config
HostKeyFile ${SRC}/dsa_ssh2.prv
PublicHostKeyFile ${SRC}/dsa_ssh2.pub
RandomSeedFile ${OBJ}/random_seed
MaxConnections 0
MaxConnections 0
PermitRootLogin yes
VerboseMode no
CheckMail no
Ssh1Compatibility no
EOF
# create client config
# create client config
sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \
< $OBJ/ssh_config > $OBJ/ssh_config_com

6
crypto/openssh/regress/ssh2putty.sh
View File

@ -1,5 +1,5 @@
#!/bin/sh
# $OpenBSD: ssh2putty.sh,v 1.2 2009/10/06 23:51:49 dtucker Exp $
# $OpenBSD: ssh2putty.sh,v 1.3 2015/05/08 07:26:13 djm Exp $
if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
echo "Usage: ssh2putty hostname port ssh-private-key"
@ -19,13 +19,13 @@ else
fi
public_exponent=`
openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent |
openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent |
sed 's/.*(//;s/).*//'
`
test $? -ne 0 && exit 1
modulus=`
openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= |
openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= |
sed 's/^Modulus=/0x/' | tr A-Z a-z
`
test $? -ne 0 && exit 1

2
crypto/openssh/regress/test-exec.sh
View File

@ -444,7 +444,7 @@ Host *
EOF
if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
trace "adding ssh_config option $TEST_SSH_SSH_CONFOPTS"
echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
fi

4
crypto/openssh/regress/try-ciphers.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: try-ciphers.sh,v 1.24 2015/03/03 22:35:19 markus Exp $
# $OpenBSD: try-ciphers.sh,v 1.25 2015/03/24 20:22:17 markus Exp $
# Placed in the Public Domain.
tid="try ciphers"
@ -19,7 +19,7 @@ for c in `${SSH} -Q cipher`; do
fi
# No point trying all MACs for AEAD ciphers since they
# are ignored.
if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
if ${SSH} -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
break
fi
n=`expr $n + 1`

6
crypto/openssh/regress/unittests/hostkeys/test_iterate.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_iterate.c,v 1.3 2015/03/07 04:41:48 djm Exp $ */
/* $OpenBSD: test_iterate.c,v 1.4 2015/03/31 22:59:01 djm Exp $ */
/*
* Regress test for hostfile.h hostkeys_foreach()
*
@ -91,8 +91,8 @@ check(struct hostkey_foreach_line *l, void *_ctx)
expected->l.keytype : expected->no_parse_keytype;
#ifndef WITH_SSH1
if (expected->l.keytype == KEY_RSA1 ||
expected->no_parse_keytype == KEY_RSA1) {
if (parse_key && (expected->l.keytype == KEY_RSA1 ||
expected->no_parse_keytype == KEY_RSA1)) {
expected_status = HKF_STATUS_INVALID;
expected_keytype = KEY_UNSPEC;
parse_key = 0;

4
crypto/openssh/regress/unittests/sshkey/test_sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_sshkey.c,v 1.3 2015/01/26 06:11:28 djm Exp $ */
/* $OpenBSD: test_sshkey.c,v 1.4 2015/04/22 01:38:36 djm Exp $ */
/*
* Regress test for sshkey.h key management API
*
@ -505,7 +505,7 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
NULL), 0);
k3 = get_private("ed25519_2");
k3 = get_private("rsa_1");
build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1);
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4),
SSH_ERR_KEY_CERT_INVALID_SIGN_KEY);

2
crypto/openssh/rijndael.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rijndael.c,v 1.19 2014/11/18 22:38:48 mikeb Exp $ */
/* $OpenBSD: rijndael.c,v 1.20 2015/03/16 11:09:52 djm Exp $ */
/**
* rijndael-alg-fst.c

115
crypto/openssh/sandbox-seccomp-filter.c
View File

@ -43,6 +43,7 @@
#include <sys/resource.h>
#include <sys/prctl.h>
#include <linux/net.h>
#include <linux/audit.h>
#include <linux/filter.h>
#include <linux/seccomp.h>
@ -79,6 +80,16 @@
#define SC_ALLOW(_nr) \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \
/* load first syscall argument */ \
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
offsetof(struct seccomp_data, args[(_arg_nr)])), \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_arg_val), 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \
/* reload syscall number; all rules expect it in accumulator */ \
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
offsetof(struct seccomp_data, nr))
/* Syscall filtering set for preauth. */
static const struct sock_filter preauth_insns[] = {
@ -90,45 +101,105 @@ static const struct sock_filter preauth_insns[] = {
/* Load the syscall number for checking. */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
offsetof(struct seccomp_data, nr)),
/* Syscalls to non-fatally deny */
#ifdef __NR_fstat
SC_DENY(fstat, EACCES),
#endif
#ifdef __NR_fstat64
SC_DENY(fstat64, EACCES),
#endif
#ifdef __NR_open
SC_DENY(open, EACCES),
#endif
#ifdef __NR_openat
SC_DENY(openat, EACCES),
#endif
#ifdef __NR_newfstatat
SC_DENY(newfstatat, EACCES),
#endif
#ifdef __NR_stat
SC_DENY(stat, EACCES),
SC_ALLOW(getpid),
SC_ALLOW(gettimeofday),
SC_ALLOW(clock_gettime),
#ifdef __NR_time /* not defined on EABI ARM */
SC_ALLOW(time),
#endif
SC_ALLOW(read),
SC_ALLOW(write),
SC_ALLOW(close),
#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
SC_ALLOW(shutdown),
#ifdef __NR_stat64
SC_DENY(stat64, EACCES),
#endif
/* Syscalls to permit */
#ifdef __NR_brk
SC_ALLOW(brk),
SC_ALLOW(poll),
#ifdef __NR__newselect
SC_ALLOW(_newselect),
#else
SC_ALLOW(select),
#endif
#ifdef __NR_clock_gettime
SC_ALLOW(clock_gettime),
#endif
#ifdef __NR_close
SC_ALLOW(close),
#endif
#ifdef __NR_exit
SC_ALLOW(exit),
#endif
#ifdef __NR_exit_group
SC_ALLOW(exit_group),
#endif
#ifdef __NR_getpgid
SC_ALLOW(getpgid),
#endif
#ifdef __NR_getpid
SC_ALLOW(getpid),
#endif
#ifdef __NR_gettimeofday
SC_ALLOW(gettimeofday),
#endif
#ifdef __NR_madvise
SC_ALLOW(madvise),
#ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
SC_ALLOW(mmap2),
#endif
#ifdef __NR_mmap
SC_ALLOW(mmap),
#endif
#ifdef __dietlibc__
SC_ALLOW(mremap),
SC_ALLOW(exit),
#ifdef __NR_mmap2
SC_ALLOW(mmap2),
#endif
#ifdef __NR_mremap
SC_ALLOW(mremap),
#endif
#ifdef __NR_munmap
SC_ALLOW(munmap),
SC_ALLOW(exit_group),
#endif
#ifdef __NR__newselect
SC_ALLOW(_newselect),
#endif
#ifdef __NR_poll
SC_ALLOW(poll),
#endif
#ifdef __NR_pselect6
SC_ALLOW(pselect6),
#endif
#ifdef __NR_read
SC_ALLOW(read),
#endif
#ifdef __NR_rt_sigprocmask
SC_ALLOW(rt_sigprocmask),
#else
#endif
#ifdef __NR_select
SC_ALLOW(select),
#endif
#ifdef __NR_shutdown
SC_ALLOW(shutdown),
#endif
#ifdef __NR_sigprocmask
SC_ALLOW(sigprocmask),
#endif
#ifdef __NR_time
SC_ALLOW(time),
#endif
#ifdef __NR_write
SC_ALLOW(write),
#endif
#ifdef __NR_socketcall
SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
#endif
/* Default deny */
BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
};

21
crypto/openssh/sandbox-systrace.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sandbox-systrace.c,v 1.14 2015/01/20 23:14:00 deraadt Exp $ */
/* $OpenBSD: sandbox-systrace.c,v 1.16 2015/06/29 22:35:12 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
@ -50,8 +50,9 @@ struct sandbox_policy {
/* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */
static const struct sandbox_policy preauth_policy[] = {
{ SYS_open, SYSTR_POLICY_NEVER },
{ SYS_clock_gettime, SYSTR_POLICY_PERMIT },
{ SYS_close, SYSTR_POLICY_PERMIT },
{ SYS_exit, SYSTR_POLICY_PERMIT },
#ifdef SYS_getentropy
/* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */
{ SYS_getentropy, SYSTR_POLICY_PERMIT },
@ -59,23 +60,21 @@ static const struct sandbox_policy preauth_policy[] = {
/* Previous releases used sysctl(3)'s kern.arnd variable. */
{ SYS___sysctl, SYSTR_POLICY_PERMIT },
#endif
#ifdef SYS_sendsyslog
{ SYS_sendsyslog, SYSTR_POLICY_PERMIT },
#endif
{ SYS_close, SYSTR_POLICY_PERMIT },
{ SYS_exit, SYSTR_POLICY_PERMIT },
{ SYS_getpid, SYSTR_POLICY_PERMIT },
{ SYS_getpgid, SYSTR_POLICY_PERMIT },
{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
{ SYS_clock_gettime, SYSTR_POLICY_PERMIT },
{ SYS_madvise, SYSTR_POLICY_PERMIT },
{ SYS_mmap, SYSTR_POLICY_PERMIT },
{ SYS_mprotect, SYSTR_POLICY_PERMIT },
{ SYS_mquery, SYSTR_POLICY_PERMIT },
{ SYS_poll, SYSTR_POLICY_PERMIT },
{ SYS_munmap, SYSTR_POLICY_PERMIT },
{ SYS_open, SYSTR_POLICY_NEVER },
{ SYS_poll, SYSTR_POLICY_PERMIT },
{ SYS_read, SYSTR_POLICY_PERMIT },
{ SYS_select, SYSTR_POLICY_PERMIT },
#ifdef SYS_sendsyslog
{ SYS_sendsyslog, SYSTR_POLICY_PERMIT },
#endif
{ SYS_shutdown, SYSTR_POLICY_PERMIT },
{ SYS_sigprocmask, SYSTR_POLICY_PERMIT },
{ SYS_write, SYSTR_POLICY_PERMIT },

4
crypto/openssh/scp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: scp.c,v 1.181 2015/01/16 06:40:12 deraadt Exp $ */
/* $OpenBSD: scp.c,v 1.182 2015/04/24 01:36:00 deraadt Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@ -1333,7 +1333,7 @@ allocbuf(BUF *bp, int fd, int blksize)
if (bp->buf == NULL)
bp->buf = xmalloc(size);
else
bp->buf = xrealloc(bp->buf, 1, size);
bp->buf = xreallocarray(bp->buf, 1, size);
memset(bp->buf, 0, size);
bp->cnt = size;
return (bp);

176
crypto/openssh/servconf.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: servconf.c,v 1.260 2015/02/02 01:57:44 deraadt Exp $ */
/* $OpenBSD: servconf.c,v 1.274 2015/07/01 02:32:17 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -80,6 +79,8 @@ initialize_server_options(ServerOptions *options)
/* Standard Options */
options->num_ports = 0;
options->ports_from_cmdline = 0;
options->queued_listen_addrs = NULL;
options->num_queued_listens = 0;
options->listen_addrs = NULL;
options->address_family = -1;
options->num_host_key_files = 0;
@ -117,6 +118,7 @@ initialize_server_options(ServerOptions *options)
options->kerberos_get_afs_token = -1;
options->gss_authentication=-1;
options->gss_cleanup_creds = -1;
options->gss_strict_acceptor = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
@ -161,6 +163,8 @@ initialize_server_options(ServerOptions *options)
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL;
options->authorized_principals_command = NULL;
options->authorized_principals_command_user = NULL;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
@ -207,6 +211,8 @@ fill_default_server_options(ServerOptions *options)
/* No certificates by default */
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
if (options->address_family == -1)
options->address_family = AF_UNSPEC;
if (options->listen_addrs == NULL)
add_listen_addr(options, NULL, 0);
if (options->pid_file == NULL)
@ -273,6 +279,8 @@ fill_default_server_options(ServerOptions *options)
options->gss_authentication = 0;
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
if (options->gss_strict_acceptor == -1)
options->gss_strict_acceptor = 0;
if (options->password_authentication == -1)
options->password_authentication = 0;
if (options->kbd_interactive_authentication == -1)
@ -351,6 +359,7 @@ fill_default_server_options(ServerOptions *options)
CLEAR_ON_NONE(options->banner);
CLEAR_ON_NONE(options->trusted_user_ca_keys);
CLEAR_ON_NONE(options->revoked_keys_file);
CLEAR_ON_NONE(options->authorized_principals_file);
for (i = 0; i < options->num_host_key_files; i++)
CLEAR_ON_NONE(options->host_key_files[i]);
for (i = 0; i < options->num_host_cert_files; i++)
@ -393,11 +402,13 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
@ -464,9 +475,11 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
@ -530,6 +543,8 @@ static struct {
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
{ "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
{ "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
@ -596,10 +611,6 @@ add_listen_addr(ServerOptions *options, char *addr, int port)
{
u_int i;
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
if (options->address_family == -1)
options->address_family = AF_UNSPEC;
if (port == 0)
for (i = 0; i < options->num_ports; i++)
add_one_listen_addr(options, addr, options->ports[i]);
@ -629,6 +640,51 @@ add_one_listen_addr(ServerOptions *options, char *addr, int port)
options->listen_addrs = aitop;
}
/*
* Queue a ListenAddress to be processed once we have all of the Ports
* and AddressFamily options.
*/
static void
queue_listen_addr(ServerOptions *options, char *addr, int port)
{
options->queued_listen_addrs = xreallocarray(
options->queued_listen_addrs, options->num_queued_listens + 1,
sizeof(addr));
options->queued_listen_ports = xreallocarray(
options->queued_listen_ports, options->num_queued_listens + 1,
sizeof(port));
options->queued_listen_addrs[options->num_queued_listens] =
xstrdup(addr);
options->queued_listen_ports[options->num_queued_listens] = port;
options->num_queued_listens++;
}
/*
* Process queued (text) ListenAddress entries.
*/
static void
process_queued_listen_addrs(ServerOptions *options)
{
u_int i;
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
if (options->address_family == -1)
options->address_family = AF_UNSPEC;
for (i = 0; i < options->num_queued_listens; i++) {
add_listen_addr(options, options->queued_listen_addrs[i],
options->queued_listen_ports[i]);
free(options->queued_listen_addrs[i]);
options->queued_listen_addrs[i] = NULL;
}
free(options->queued_listen_addrs);
options->queued_listen_addrs = NULL;
free(options->queued_listen_ports);
options->queued_listen_ports = NULL;
options->num_queued_listens = 0;
}
struct connection_info *
get_connection_info(int populate, int use_dns)
{
@ -714,7 +770,6 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
{
int result = 1, attributes = 0, port;
char *arg, *attrib, *cp = *condition;
size_t len;
if (ci == NULL)
debug3("checking syntax for 'Match %s'", cp);
@ -741,13 +796,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
error("Missing Match criteria for %s", attrib);
return -1;
}
len = strlen(arg);
if (strcasecmp(attrib, "user") == 0) {
if (ci == NULL || ci->user == NULL) {
result = 0;
continue;
}
if (match_pattern_list(ci->user, arg, len, 0) != 1)
if (match_pattern_list(ci->user, arg, 0) != 1)
result = 0;
else
debug("user %.100s matched 'User %.100s' at "
@ -768,7 +822,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
result = 0;
continue;
}
if (match_hostname(ci->host, arg, len) != 1)
if (match_hostname(ci->host, arg) != 1)
result = 0;
else
debug("connection from %.100s matched 'Host "
@ -945,9 +999,6 @@ process_server_config_line(ServerOptions *options, char *line,
/* ignore ports from configfile if cmdline specifies ports */
if (options->ports_from_cmdline)
return 0;
if (options->listen_addrs != NULL)
fatal("%s line %d: ports must be specified before "
"ListenAddress.", filename, linenum);
if (options->num_ports >= MAX_PORTS)
fatal("%s line %d: too many ports.",
filename, linenum);
@ -983,7 +1034,7 @@ process_server_config_line(ServerOptions *options, char *line,
if ((value = convtime(arg)) == -1)
fatal("%s line %d: invalid time value.",
filename, linenum);
if (*intptr == -1)
if (*activep && *intptr == -1)
*intptr = value;
break;
@ -999,7 +1050,7 @@ process_server_config_line(ServerOptions *options, char *line,
/* check for bare IPv6 address: no "[]" and 2 or more ":" */
if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
&& strchr(p+1, ':') != NULL) {
add_listen_addr(options, arg, 0);
queue_listen_addr(options, arg, 0);
break;
}
p = hpdelim(&arg);
@ -1012,16 +1063,13 @@ process_server_config_line(ServerOptions *options, char *line,
else if ((port = a2port(arg)) <= 0)
fatal("%s line %d: bad port number", filename, linenum);
add_listen_addr(options, p, port);
queue_listen_addr(options, p, port);
break;
case sAddressFamily:
intptr = &options->address_family;
multistate_ptr = multistate_addressfamily;
if (options->listen_addrs != NULL)
fatal("%s line %d: address family must be specified "
"before ListenAddress.", filename, linenum);
parse_multistate:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
@ -1175,6 +1223,10 @@ process_server_config_line(ServerOptions *options, char *line,
intptr = &options->gss_cleanup_creds;
goto parse_flag;
case sGssStrictAcceptor:
intptr = &options->gss_strict_acceptor;
goto parse_flag;
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
@ -1449,7 +1501,7 @@ process_server_config_line(ServerOptions *options, char *line,
len = strlen(p) + 1;
while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
len += 1 + strlen(arg);
p = xrealloc(p, 1, len);
p = xreallocarray(p, 1, len);
strlcat(p, " ", len);
strlcat(p, arg, len);
}
@ -1564,7 +1616,7 @@ process_server_config_line(ServerOptions *options, char *line,
if (value == -1)
fatal("%s line %d: Bad yes/point-to-point/ethernet/"
"no argument: %s", filename, linenum, arg);
if (*intptr == -1)
if (*activep && *intptr == -1)
*intptr = value;
break;
@ -1617,7 +1669,7 @@ process_server_config_line(ServerOptions *options, char *line,
break;
case sForceCommand:
if (cp == NULL)
if (cp == NULL || *cp == '\0')
fatal("%.200s line %d: Missing argument.", filename,
linenum);
len = strspn(cp, WHITESPACE);
@ -1662,7 +1714,7 @@ process_server_config_line(ServerOptions *options, char *line,
break;
case sVersionAddendum:
if (cp == NULL)
if (cp == NULL || *cp == '\0')
fatal("%.200s line %d: Missing argument.", filename,
linenum);
len = strspn(cp, WHITESPACE);
@ -1702,8 +1754,36 @@ process_server_config_line(ServerOptions *options, char *line,
*charptr = xstrdup(arg);
break;
case sAuthorizedPrincipalsCommand:
if (cp == NULL)
fatal("%.200s line %d: Missing argument.", filename,
linenum);
len = strspn(cp, WHITESPACE);
if (*activep &&
options->authorized_principals_command == NULL) {
if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
fatal("%.200s line %d: "
"AuthorizedPrincipalsCommand must be "
"an absolute path", filename, linenum);
options->authorized_principals_command =
xstrdup(cp + len);
}
return 0;
case sAuthorizedPrincipalsCommandUser:
charptr = &options->authorized_principals_command_user;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing "
"AuthorizedPrincipalsCommandUser argument.",
filename, linenum);
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
case sAuthenticationMethods:
if (*activep && options->num_auth_methods == 0) {
if (options->num_auth_methods == 0) {
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_auth_methods >=
MAX_AUTH_METHODS)
@ -1714,6 +1794,8 @@ process_server_config_line(ServerOptions *options, char *line,
fatal("%s line %d: invalid "
"authentication method list.",
filename, linenum);
if (!*activep)
continue;
options->auth_methods[
options->num_auth_methods++] = xstrdup(arg);
}
@ -1723,13 +1805,14 @@ process_server_config_line(ServerOptions *options, char *line,
case sStreamLocalBindMask:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing StreamLocalBindMask argument.",
filename, linenum);
fatal("%s line %d: missing StreamLocalBindMask "
"argument.", filename, linenum);
/* Parse mode in octal format */
value = strtol(arg, &p, 8);
if (arg == p || value < 0 || value > 0777)
fatal("%s line %d: Bad mask.", filename, linenum);
options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
if (*activep)
options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
break;
case sStreamLocalBindUnlink:
@ -1956,6 +2039,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
process_queued_listen_addrs(options);
}
static const char *
@ -2032,6 +2116,12 @@ dump_cfg_int(ServerOpCodes code, int val)
printf("%s %d\n", lookup_opcode_name(code), val);
}
static void
dump_cfg_oct(ServerOpCodes code, int val)
{
printf("%s 0%o\n", lookup_opcode_name(code), val);
}
static void
dump_cfg_fmtint(ServerOpCodes code, int val)
{
@ -2061,6 +2151,8 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
{
u_int i;
if (count <= 0)
return;
printf("%s", lookup_opcode_name(code));
for (i = 0; i < count; i++)
printf(" %s", vals[i]);
@ -2074,6 +2166,7 @@ dump_config(ServerOptions *o)
int ret;
struct addrinfo *ai;
char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;
char *laddr1 = xstrdup(""), *laddr2 = NULL;
/* these are usually at the top of the config */
for (i = 0; i < o->num_ports; i++)
@ -2081,7 +2174,11 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sProtocol, o->protocol);
dump_cfg_fmtint(sAddressFamily, o->address_family);
/* ListenAddress must be after Port */
/*
* ListenAddress must be after Port. add_one_listen_addr pushes
* addresses onto a stack, so to maintain ordering we need to
* print these in reverse order.
*/
for (ai = o->listen_addrs; ai; ai = ai->ai_next) {
if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
sizeof(addr), port, sizeof(port),
@ -2090,16 +2187,22 @@ dump_config(ServerOptions *o)
(ret != EAI_SYSTEM) ? gai_strerror(ret) :
strerror(errno));
} else {
laddr2 = laddr1;
if (ai->ai_family == AF_INET6)
printf("listenaddress [%s]:%s\n", addr, port);
xasprintf(&laddr1, "listenaddress [%s]:%s\n%s",
addr, port, laddr2);
else
printf("listenaddress %s:%s\n", addr, port);
xasprintf(&laddr1, "listenaddress %s:%s\n%s",
addr, port, laddr2);
free(laddr2);
}
}
printf("%s", laddr1);
free(laddr1);
/* integer arguments */
#ifdef USE_PAM
dump_cfg_int(sUsePAM, o->use_pam);
dump_cfg_fmtint(sUsePAM, o->use_pam);
#endif
dump_cfg_int(sServerKeyBits, o->server_key_bits);
dump_cfg_int(sLoginGraceTime, o->login_grace_time);
@ -2109,6 +2212,7 @@ dump_config(ServerOptions *o)
dump_cfg_int(sMaxSessions, o->max_sessions);
dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
/* formatted integer arguments */
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
@ -2152,6 +2256,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
@ -2168,9 +2273,12 @@ dump_config(ServerOptions *o)
dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
dump_cfg_string(sAuthorizedPrincipalsFile,
o->authorized_principals_file);
dump_cfg_string(sVersionAddendum, o->version_addendum);
dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
? "none" : o->version_addendum);
dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
dump_cfg_string(sHostKeyAgent, o->host_key_agent);
dump_cfg_string(sKexAlgorithms,
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
@ -2188,7 +2296,7 @@ dump_config(ServerOptions *o)
o->authorized_keys_files);
dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
o->host_key_files);
dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
o->host_cert_files);
dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);

15
crypto/openssh/servconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.116 2015/01/13 07:39:19 djm Exp $ */
/* $OpenBSD: servconf.h,v 1.119 2015/05/22 03:50:02 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -58,7 +58,9 @@ typedef struct {
u_int num_ports;
u_int ports_from_cmdline;
int ports[MAX_PORTS]; /* Port number to listen on. */
char *listen_addr; /* Address on which the server listens. */
u_int num_queued_listens;
char **queued_listen_addrs;
int *queued_listen_ports;
struct addrinfo *listen_addrs; /* Addresses on which the server listens. */
int address_family; /* Address family used by the server. */
char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */
@ -116,6 +118,7 @@ typedef struct {
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
int gss_cleanup_creds; /* If true, destroy cred cache on logout */
int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
@ -176,9 +179,11 @@ typedef struct {
char *chroot_directory;
char *revoked_keys_file;
char *trusted_user_ca_keys;
char *authorized_principals_file;
char *authorized_keys_command;
char *authorized_keys_command_user;
char *authorized_principals_file;
char *authorized_principals_command;
char *authorized_principals_command_user;
int64_t rekey_limit;
int rekey_interval;
@ -214,9 +219,11 @@ struct connection_info {
M_CP_STROPT(banner); \
M_CP_STROPT(trusted_user_ca_keys); \
M_CP_STROPT(revoked_keys_file); \
M_CP_STROPT(authorized_principals_file); \
M_CP_STROPT(authorized_keys_command); \
M_CP_STROPT(authorized_keys_command_user); \
M_CP_STROPT(authorized_principals_file); \
M_CP_STROPT(authorized_principals_command); \
M_CP_STROPT(authorized_principals_command_user); \
M_CP_STROPT(hostbased_key_types); \
M_CP_STROPT(pubkey_key_types); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \

8
crypto/openssh/session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.277 2015/01/16 06:40:12 deraadt Exp $ */
/* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -998,7 +998,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
if (envsize >= 1000)
fatal("child_set_env: too many env vars");
envsize += 50;
env = (*envp) = xrealloc(env, envsize, sizeof(char *));
env = (*envp) = xreallocarray(env, envsize, sizeof(char *));
*envsizep = envsize;
}
/* Need to set the NULL pointer at end of array beyond the new slot. */
@ -1926,7 +1926,7 @@ session_new(void)
return NULL;
debug2("%s: allocate (allocated %d max %d)",
__func__, sessions_nalloc, options.max_sessions);
tmp = xrealloc(sessions, sessions_nalloc + 1,
tmp = xreallocarray(sessions, sessions_nalloc + 1,
sizeof(*sessions));
if (tmp == NULL) {
error("%s: cannot allocate %d sessions",
@ -2253,7 +2253,7 @@ session_env_req(Session *s)
for (i = 0; i < options.num_accept_env; i++) {
if (match_pattern(name, options.accept_env[i])) {
debug2("Setting env %d: %s=%s", s->num_env, name, val);
s->env = xrealloc(s->env, s->num_env + 1,
s->env = xreallocarray(s->env, s->num_env + 1,
sizeof(*s->env));
s->env[s->num_env].name = name;
s->env[s->num_env].val = val;

9
crypto/openssh/sftp-client.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.c,v 1.117 2015/01/20 23:14:00 deraadt Exp $ */
/* $OpenBSD: sftp-client.c,v 1.120 2015/05/28 04:50:53 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -408,6 +408,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
error("Invalid packet back from SSH2_FXP_INIT (type %u)",
type);
sshbuf_free(msg);
free(ret);
return(NULL);
}
if ((r = sshbuf_get_u32(msg, &ret->version)) != 0)
@ -621,7 +622,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
error("Server sent suspect path \"%s\" "
"during readdir of \"%s\"", filename, path);
} else if (dir) {
*dir = xrealloc(*dir, ents + 2, sizeof(**dir));
*dir = xreallocarray(*dir, ents + 2, sizeof(**dir));
(*dir)[ents] = xcalloc(1, sizeof(***dir));
(*dir)[ents]->filename = xstrdup(filename);
(*dir)[ents]->longname = xstrdup(longname);
@ -1384,7 +1385,9 @@ do_download(struct sftp_conn *conn, const char *remote_path,
"server reordered requests", local_path);
}
debug("truncating at %llu", (unsigned long long)highwater);
ftruncate(local_fd, highwater);
if (ftruncate(local_fd, highwater) == -1)
error("ftruncate \"%s\": %s", local_path,
strerror(errno));
}
if (read_error) {
error("Couldn't read from remote file \"%s\" : %s",

6
crypto/openssh/sftp-client.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.h,v 1.26 2015/01/14 13:54:13 djm Exp $ */
/* $OpenBSD: sftp-client.h,v 1.27 2015/05/08 06:45:13 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@ -111,7 +111,7 @@ int do_download(struct sftp_conn *, const char *, const char *,
Attrib *, int, int, int);
/*
* Recursively download 'remote_directory' to 'local_directory'. Preserve
* Recursively download 'remote_directory' to 'local_directory'. Preserve
* times if 'pflag' is set
*/
int download_dir(struct sftp_conn *, const char *, const char *,
@ -124,7 +124,7 @@ int download_dir(struct sftp_conn *, const char *, const char *,
int do_upload(struct sftp_conn *, const char *, const char *, int, int, int);
/*
* Recursively upload 'local_directory' to 'remote_directory'. Preserve
* Recursively upload 'local_directory' to 'remote_directory'. Preserve
* times if 'pflag' is set
*/
int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int,

7
crypto/openssh/sftp-server.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-server.c,v 1.105 2015/01/20 23:14:00 deraadt Exp $ */
/* $OpenBSD: sftp-server.c,v 1.106 2015/04/24 01:36:01 deraadt Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@ -40,7 +40,6 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <time.h>
#include <unistd.h>
#include <stdarg.h>
@ -310,7 +309,7 @@ handle_new(int use, const char *name, int fd, int flags, DIR *dirp)
if (num_handles + 1 <= num_handles)
return -1;
num_handles++;
handles = xrealloc(handles, num_handles, sizeof(Handle));
handles = xreallocarray(handles, num_handles, sizeof(Handle));
handle_unused(num_handles - 1);
}
@ -1063,7 +1062,7 @@ process_readdir(u_int32_t id)
while ((dp = readdir(dirp)) != NULL) {
if (count >= nstats) {
nstats *= 2;
stats = xrealloc(stats, nstats, sizeof(Stat));
stats = xreallocarray(stats, nstats, sizeof(Stat));
}
/* XXX OVERFLOW ? */
snprintf(pathname, sizeof pathname, "%s%s%s", path,

19
crypto/openssh/ssh-add.0
View File

@ -29,9 +29,9 @@ DESCRIPTION
-c Indicates that added identities should be subject to confirmation
before being used for authentication. Confirmation is performed
by the SSH_ASKPASS program mentioned below. Successful
confirmation is signaled by a zero exit status from the
SSH_ASKPASS program, rather than text entered into the requester.
by ssh-askpass(1). Successful confirmation is signaled by a zero
exit status from ssh-askpass(1), rather than text entered into
the requester.
-D Deletes all identities from the agent.
@ -78,10 +78,11 @@ ENVIRONMENT
the current terminal if it was run from a terminal. If ssh-add
does not have a terminal associated with it but DISPLAY and
SSH_ASKPASS are set, it will execute the program specified by
SSH_ASKPASS and open an X11 window to read the passphrase. This
is particularly useful when calling ssh-add from a .xsession or
related script. (Note that on some machines it may be necessary
to redirect the input from /dev/null to make this work.)
SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to
read the passphrase. This is particularly useful when calling
ssh-add from a .xsession or related script. (Note that on some
machines it may be necessary to redirect the input from /dev/null
to make this work.)
SSH_AUTH_SOCK
Identifies the path of a UNIX-domain socket used to communicate
@ -116,7 +117,7 @@ EXIT STATUS
ssh-add is unable to contact the authentication agent.
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
@ -125,4 +126,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 5.7 December 21, 2014 OpenBSD 5.7
OpenBSD 5.7 March 30, 2015 OpenBSD 5.7

18
crypto/openssh/ssh-add.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.61 2014/12/21 22:27:56 djm Exp $
.\" $OpenBSD: ssh-add.1,v 1.62 2015/03/30 18:28:37 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 21 2014 $
.Dd $Mdocdate: March 30 2015 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@ -88,12 +88,11 @@ The options are as follows:
.It Fl c
Indicates that added identities should be subject to confirmation before
being used for authentication.
Confirmation is performed by the
.Ev SSH_ASKPASS
program mentioned below.
Successful confirmation is signaled by a zero exit status from the
.Ev SSH_ASKPASS
program, rather than text entered into the requester.
Confirmation is performed by
.Xr ssh-askpass 1 .
Successful confirmation is signaled by a zero exit status from
.Xr ssh-askpass 1 ,
rather than text entered into the requester.
.It Fl D
Deletes all identities from the agent.
.It Fl d
@ -156,6 +155,8 @@ and
.Ev SSH_ASKPASS
are set, it will execute the program specified by
.Ev SSH_ASKPASS
(by default
.Dq ssh-askpass )
and open an X11 window to read the passphrase.
This is particularly useful when calling
.Nm
@ -197,6 +198,7 @@ is unable to contact the authentication agent.
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-askpass 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8
.Sh AUTHORS

20
crypto/openssh/ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.120 2015/02/21 21:46:57 halex Exp $ */
/* $OpenBSD: ssh-add.c,v 1.122 2015/03/26 12:32:38 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -79,7 +79,9 @@ static char *default_files[] = {
#endif
#endif /* WITH_OPENSSL */
_PATH_SSH_CLIENT_ID_ED25519,
#ifdef WITH_SSH1
_PATH_SSH_CLIENT_IDENTITY,
#endif
NULL
};
@ -164,11 +166,10 @@ delete_all(int agent_fd)
{
int ret = -1;
if (ssh_remove_all_identities(agent_fd, 1) == 0)
if (ssh_remove_all_identities(agent_fd, 2) == 0)
ret = 0;
/* ignore error-code for ssh2 */
/* XXX revisit */
ssh_remove_all_identities(agent_fd, 2);
/* ignore error-code for ssh1 */
ssh_remove_all_identities(agent_fd, 1);
if (ret == 0)
fprintf(stderr, "All identities removed.\n");
@ -364,11 +365,16 @@ static int
list_identities(int agent_fd, int do_fp)
{
char *fp;
int version, r, had_identities = 0;
int r, had_identities = 0;
struct ssh_identitylist *idlist;
size_t i;
#ifdef WITH_SSH1
int version = 1;
#else
int version = 2;
#endif
for (version = 1; version <= 2; version++) {
for (; version <= 2; version++) {
if ((r = ssh_fetch_identitylist(agent_fd, version,
&idlist)) != 0) {
if (r != SSH_ERR_AGENT_NO_IDENTITIES)

9
crypto/openssh/ssh-agent.0
View File

@ -4,7 +4,7 @@ NAME
ssh-agent M-bM-^@M-^S authentication agent
SYNOPSIS
ssh-agent [-c | -s] [-d] [-a bind_address] [-E fingerprint_hash]
ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
[-t life] [command [arg ...]]
ssh-agent [-c | -s] -k
@ -32,8 +32,11 @@ DESCRIPTION
-c Generate C-shell commands on stdout. This is the default if
SHELL looks like it's a csh style of shell.
-D Foreground mode. When this option is specified ssh-agent will
not fork.
-d Debug mode. When this option is specified ssh-agent will not
fork.
fork and will write debug information to standard error.
-E fingerprint_hash
Specifies the hash algorithm used when displaying key
@ -106,4 +109,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 5.7 December 21, 2014 OpenBSD 5.7
OpenBSD 5.7 April 24, 2015 OpenBSD 5.7

13
crypto/openssh/ssh-agent.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.57 2014/12/21 22:27:56 djm Exp $
.\" $OpenBSD: ssh-agent.1,v 1.59 2015/04/24 06:26:49 jmc Exp $
.\" $FreeBSD$
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 21 2014 $
.Dd $Mdocdate: April 24 2015 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
@ -44,7 +44,7 @@
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c | s
.Op Fl dx
.Op Fl Ddx
.Op Fl a Ar bind_address
.Op Fl E Ar fingerprint_hash
.Op Fl t Ar life
@ -93,11 +93,16 @@ Generate C-shell commands on
This is the default if
.Ev SHELL
looks like it's a csh style of shell.
.It Fl D
Foreground mode.
When this option is specified
.Nm
will not fork.
.It Fl d
Debug mode.
When this option is specified
.Nm
will not fork.
will not fork and will write debug information to standard error.
.It Fl E Ar fingerprint_hash
Specifies the hash algorithm used when displaying key fingerprints.
Valid options are:

80
crypto/openssh/ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.199 2015/03/04 21:12:59 djm Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.203 2015/05/15 05:44:21 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -69,6 +69,9 @@ __RCSID("$FreeBSD$");
#include <time.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_UTIL_H
# include <util.h>
#endif
#include "key.h" /* XXX for typedef */
#include "buffer.h" /* XXX for typedef */
@ -141,8 +144,12 @@ char socket_name[PATH_MAX];
char socket_dir[PATH_MAX];
/* locking */
#define LOCK_SIZE 32
#define LOCK_SALT_SIZE 16
#define LOCK_ROUNDS 1
int locked = 0;
char *lock_passwd = NULL;
char lock_passwd[LOCK_SIZE];
char lock_salt[LOCK_SALT_SIZE];
extern char *__progname;
@ -680,23 +687,45 @@ process_add_identity(SocketEntry *e, int version)
static void
process_lock_agent(SocketEntry *e, int lock)
{
int r, success = 0;
char *passwd;
int r, success = 0, delay;
char *passwd, passwdhash[LOCK_SIZE];
static u_int fail_count = 0;
size_t pwlen;
if ((r = sshbuf_get_cstring(e->request, &passwd, NULL)) != 0)
if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
locked = 0;
explicit_bzero(lock_passwd, strlen(lock_passwd));
free(lock_passwd);
lock_passwd = NULL;
success = 1;
if (pwlen == 0) {
debug("empty password not supported");
} else if (locked && !lock) {
if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0)
fatal("bcrypt_pbkdf");
if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) {
debug("agent unlocked");
locked = 0;
fail_count = 0;
explicit_bzero(lock_passwd, sizeof(lock_passwd));
success = 1;
} else {
/* delay in 0.1s increments up to 10s */
if (fail_count < 100)
fail_count++;
delay = 100000 * fail_count;
debug("unlock failed, delaying %0.1lf seconds",
(double)delay/1000000);
usleep(delay);
}
explicit_bzero(passwdhash, sizeof(passwdhash));
} else if (!locked && lock) {
debug("agent locked");
locked = 1;
lock_passwd = xstrdup(passwd);
arc4random_buf(lock_salt, sizeof(lock_salt));
if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0)
fatal("bcrypt_pbkdf");
success = 1;
}
explicit_bzero(passwd, strlen(passwd));
explicit_bzero(passwd, pwlen);
free(passwd);
send_status(e, success);
}
@ -953,7 +982,7 @@ new_socket(sock_type type, int fd)
}
old_alloc = sockets_alloc;
new_alloc = sockets_alloc + 10;
sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0]));
sockets = xreallocarray(sockets, new_alloc, sizeof(sockets[0]));
for (i = old_alloc; i < new_alloc; i++)
sockets[i].type = AUTH_UNUSED;
sockets_alloc = new_alloc;
@ -1161,7 +1190,7 @@ static void
usage(void)
{
fprintf(stderr,
"usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-E fingerprint_hash]\n"
"usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
" [-t life] [command [arg ...]]\n"
" ssh-agent [-c | -s] -k\n");
fprintf(stderr, " -x Exit when the last client disconnects.\n");
@ -1171,7 +1200,7 @@ usage(void)
int
main(int ac, char **av)
{
int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
int sock, fd, ch, result, saved_errno;
u_int nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
@ -1207,7 +1236,7 @@ main(int ac, char **av)
__progname = ssh_get_progname(av[0]);
seed_rng();
while ((ch = getopt(ac, av, "cdksE:a:t:x")) != -1) {
while ((ch = getopt(ac, av, "cDdksE:a:t:x")) != -1) {
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
@ -1228,10 +1257,15 @@ main(int ac, char **av)
s_flag++;
break;
case 'd':
if (d_flag)
if (d_flag || D_flag)
usage();
d_flag++;
break;
case 'D':
if (d_flag || D_flag)
usage();
D_flag++;
break;
case 'a':
agentsocket = optarg;
break;
@ -1251,7 +1285,7 @@ main(int ac, char **av)
ac -= optind;
av += optind;
if (ac > 0 && (c_flag || k_flag || s_flag || d_flag))
if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag))
usage();
if (ac == 0 && !c_flag && !s_flag) {
@ -1320,8 +1354,10 @@ main(int ac, char **av)
* Fork, and have the parent execute the command, if any, or present
* the socket data. The child continues as the authentication agent.
*/
if (d_flag) {
log_init(__progname, SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 1);
if (D_flag || d_flag) {
log_init(__progname,
d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO,
SYSLOG_FACILITY_AUTH, 1);
format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
SSH_AUTHSOCKET_ENV_NAME);
@ -1393,7 +1429,7 @@ main(int ac, char **av)
parent_alive_interval = 10;
idtab_init();
signal(SIGPIPE, SIG_IGN);
signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN);
signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
signal(SIGHUP, cleanup_handler);
signal(SIGTERM, cleanup_handler);
nalloc = 0;

351
crypto/openssh/ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.266 2015/02/26 20:45:47 djm Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.274 2015/05/28 07:37:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -58,6 +58,12 @@
#include "krl.h"
#include "digest.h"
#ifdef WITH_OPENSSL
# define DEFAULT_KEY_TYPE_NAME "rsa"
#else
# define DEFAULT_KEY_TYPE_NAME "ed25519"
#endif
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
#define DEFAULT_BITS 2048
#define DEFAULT_BITS_DSA 1024
@ -174,23 +180,22 @@ extern char *__progname;
char hostname[NI_MAXHOST];
#ifdef WITH_OPENSSL
/* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
#endif
static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{
#ifdef WITH_OPENSSL
u_int maxbits;
int nid;
u_int maxbits, nid;
#endif
if (type == KEY_UNSPEC) {
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
if (type == KEY_UNSPEC)
fatal("unknown key type %s", key_type_name);
if (*bitsp == 0) {
#ifdef WITH_OPENSSL
if (type == KEY_DSA)
@ -208,10 +213,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
#ifdef WITH_OPENSSL
maxbits = (type == KEY_DSA) ?
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
if (*bitsp > maxbits) {
fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
exit(1);
}
if (*bitsp > maxbits)
fatal("key bits exceeds maximum %d", maxbits);
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@ -256,13 +259,13 @@ ask_filename(struct passwd *pw, const char *prompt)
name = _PATH_SSH_CLIENT_ID_ED25519;
break;
default:
fprintf(stderr, "bad key type\n");
exit(1);
break;
fatal("bad key type");
}
}
snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
fprintf(stderr, "%s (%s): ", prompt, identity_file);
snprintf(identity_file, sizeof(identity_file),
"%s/%s", pw->pw_dir, name);
printf("%s (%s): ", prompt, identity_file);
fflush(stdout);
if (fgets(buf, sizeof(buf), stdin) == NULL)
exit(1);
buf[strcspn(buf, "\n")] = '\0';
@ -308,14 +311,10 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
char comment[61];
int r;
if (k->type == KEY_RSA1) {
fprintf(stderr, "version 1 keys are not supported\n");
exit(1);
}
if ((r = sshkey_to_blob(k, &blob, &len)) != 0) {
fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r));
exit(1);
}
if (k->type == KEY_RSA1)
fatal("version 1 keys are not supported");
if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
fatal("key_to_blob failed: %s", ssh_err(r));
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
snprintf(comment, sizeof(comment),
"%u-bit %s, converted by %s@%s from OpenSSH",
@ -544,17 +543,13 @@ get_line(FILE *fp, char *line, size_t len)
line[0] = '\0';
while ((c = fgetc(fp)) != EOF) {
if (pos >= len - 1) {
fprintf(stderr, "input line too long.\n");
exit(1);
}
if (pos >= len - 1)
fatal("input line too long.");
switch (c) {
case '\r':
c = fgetc(fp);
if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
fprintf(stderr, "unget: %s\n", strerror(errno));
exit(1);
}
if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
fatal("unget: %s", strerror(errno));
return pos;
case '\n':
return pos;
@ -606,16 +601,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
(encoded[len-3] == '='))
encoded[len-3] = '\0';
blen = uudecode(encoded, blob, sizeof(blob));
if (blen < 0) {
fprintf(stderr, "uudecode failed.\n");
exit(1);
}
if (blen < 0)
fatal("uudecode failed.");
if (*private)
*k = do_convert_private_ssh2_from_blob(blob, blen);
else if ((r = sshkey_from_blob(blob, blen, k)) != 0) {
fprintf(stderr, "decode blob failed: %s\n", ssh_err(r));
exit(1);
}
else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
fatal("decode blob failed: %s", ssh_err(r));
fclose(fp);
}
@ -749,10 +740,8 @@ do_convert_from(struct passwd *pw)
}
}
if (!ok) {
fprintf(stderr, "key write failed\n");
exit(1);
}
if (!ok)
fatal("key write failed");
sshkey_free(k);
exit(0);
}
@ -767,13 +756,11 @@ do_print_public(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
if (stat(identity_file, &st) < 0) {
perror(identity_file);
exit(1);
}
if (stat(identity_file, &st) < 0)
fatal("%s: %s", identity_file, strerror(errno));
prv = load_identity(identity_file);
if ((r = sshkey_write(prv, stdout)) != 0)
fprintf(stderr, "key_write failed: %s", ssh_err(r));
error("key_write failed: %s", ssh_err(r));
sshkey_free(prv);
fprintf(stdout, "\n");
exit(0);
@ -838,10 +825,8 @@ do_fingerprint(struct passwd *pw)
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
if (stat(identity_file, &st) < 0) {
perror(identity_file);
exit(1);
}
if (stat(identity_file, &st) < 0)
fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0)
debug2("Error loading public key \"%s\": %s",
identity_file, ssh_err(r));
@ -933,10 +918,8 @@ do_fingerprint(struct passwd *pw)
}
fclose(f);
if (invalid) {
printf("%s is not a public key file.\n", identity_file);
exit(1);
}
if (invalid)
fatal("%s is not a public key file.", identity_file);
exit(0);
}
@ -948,12 +931,16 @@ do_gen_all_hostkeys(struct passwd *pw)
char *key_type_display;
char *path;
} key_types[] = {
#ifdef WITH_OPENSSL
#ifdef WITH_SSH1
{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
#endif /* WITH_SSH1 */
{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
#ifdef OPENSSL_HAS_ECC
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
#endif
#endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
{ NULL, NULL, NULL }
};
@ -969,7 +956,7 @@ do_gen_all_hostkeys(struct passwd *pw)
if (stat(key_types[i].path, &st) == 0)
continue;
if (errno != ENOENT) {
printf("Could not stat %s: %s", key_types[i].path,
error("Could not stat %s: %s", key_types[i].path,
strerror(errno));
first = 0;
continue;
@ -986,8 +973,7 @@ do_gen_all_hostkeys(struct passwd *pw)
bits = 0;
type_bits_valid(type, NULL, &bits);
if ((r = sshkey_generate(type, bits, &private)) != 0) {
fprintf(stderr, "key_generate failed: %s\n",
ssh_err(r));
error("key_generate failed: %s", ssh_err(r));
first = 0;
continue;
}
@ -997,8 +983,8 @@ do_gen_all_hostkeys(struct passwd *pw)
hostname);
if ((r = sshkey_save_private(private, identity_file, "",
comment, use_new_format, new_format_cipher, rounds)) != 0) {
printf("Saving key \"%s\" failed: %s\n", identity_file,
ssh_err(r));
error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
sshkey_free(private);
sshkey_free(public);
first = 0;
@ -1008,7 +994,7 @@ do_gen_all_hostkeys(struct passwd *pw)
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
printf("Could not save your public key in %s\n",
error("Could not save your public key in %s",
identity_file);
sshkey_free(public);
first = 0;
@ -1016,14 +1002,14 @@ do_gen_all_hostkeys(struct passwd *pw)
}
f = fdopen(fd, "w");
if (f == NULL) {
printf("fdopen %s failed\n", identity_file);
error("fdopen %s failed", identity_file);
close(fd);
sshkey_free(public);
first = 0;
continue;
}
if ((r = sshkey_write(public, f)) != 0) {
fprintf(stderr, "write key failed: %s\n", ssh_err(r));
error("write key failed: %s", ssh_err(r));
fclose(f);
sshkey_free(public);
first = 0;
@ -1064,8 +1050,8 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
has_wild || l->marker != MRK_NONE) {
fprintf(ctx->out, "%s\n", l->line);
if (has_wild && !find_host) {
fprintf(stderr, "%s:%ld: ignoring host name "
"with wildcard: %.64s\n", l->path,
logit("%s:%ld: ignoring host name "
"with wildcard: %.64s", l->path,
l->linenum, l->hosts);
}
return 0;
@ -1086,7 +1072,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
case HKF_STATUS_INVALID:
/* Retain invalid lines, but mark file as invalid. */
ctx->invalid = 1;
fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum);
logit("%s:%ld: invalid line", l->path, l->linenum);
/* FALLTHROUGH */
default:
fprintf(ctx->out, "%s\n", l->line);
@ -1100,6 +1086,12 @@ static int
known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
{
struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
enum sshkey_fp_rep rep;
int fptype;
char *fp;
fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
if (l->status == HKF_STATUS_MATCHED) {
if (delete_host) {
@ -1128,7 +1120,12 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
}
if (hash_hosts)
known_hosts_hash(l, ctx);
else
else if (print_fingerprint) {
fp = sshkey_fingerprint(l->key, fptype, rep);
printf("%s %s %s %s\n", ctx->host,
sshkey_type(l->key), fp, l->comment);
free(fp);
} else
fprintf(ctx->out, "%s\n", l->line);
return 0;
}
@ -1136,8 +1133,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
/* Retain non-matching hosts when deleting */
if (l->status == HKF_STATUS_INVALID) {
ctx->invalid = 1;
fprintf(stderr, "%s:%ld: invalid line\n",
l->path, l->linenum);
logit("%s:%ld: invalid line", l->path, l->linenum);
}
fprintf(ctx->out, "%s\n", l->line);
}
@ -1150,6 +1146,7 @@ do_known_hosts(struct passwd *pw, const char *name)
char *cp, tmp[PATH_MAX], old[PATH_MAX];
int r, fd, oerrno, inplace = 0;
struct known_hosts_ctx ctx;
u_int foreach_options;
if (!have_identity) {
cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@ -1186,26 +1183,26 @@ do_known_hosts(struct passwd *pw, const char *name)
}
/* XXX support identity_file == "-" for stdin */
foreach_options = find_host ? HKF_WANT_MATCH : 0;
foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
if ((r = hostkeys_foreach(identity_file,
hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,
name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0)
name, NULL, foreach_options)) != 0)
fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
if (inplace)
fclose(ctx.out);
if (ctx.invalid) {
fprintf(stderr, "%s is not a valid known_hosts file.\n",
identity_file);
error("%s is not a valid known_hosts file.", identity_file);
if (inplace) {
fprintf(stderr, "Not replacing existing known_hosts "
"file because of errors\n");
error("Not replacing existing known_hosts "
"file because of errors");
unlink(tmp);
}
exit(1);
} else if (delete_host && !ctx.found_key) {
fprintf(stderr, "Host %s not found in %s\n",
name, identity_file);
logit("Host %s not found in %s", name, identity_file);
unlink(tmp);
} else if (inplace) {
/* Backup existing file */
@ -1223,13 +1220,12 @@ do_known_hosts(struct passwd *pw, const char *name)
exit(1);
}
fprintf(stderr, "%s updated.\n", identity_file);
fprintf(stderr, "Original contents retained as %s\n", old);
printf("%s updated.\n", identity_file);
printf("Original contents retained as %s\n", old);
if (ctx.has_unhashed) {
fprintf(stderr, "WARNING: %s contains unhashed "
"entries\n", old);
fprintf(stderr, "Delete this file to ensure privacy "
"of hostnames\n");
logit("WARNING: %s contains unhashed entries", old);
logit("Delete this file to ensure privacy "
"of hostnames");
}
}
@ -1251,10 +1247,8 @@ do_change_passphrase(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
if (stat(identity_file, &st) < 0) {
perror(identity_file);
exit(1);
}
if (stat(identity_file, &st) < 0)
fatal("%s: %s", identity_file, strerror(errno));
/* Try to load the file with empty passphrase. */
r = sshkey_load_private(identity_file, "", &private, &comment);
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
@ -1272,9 +1266,7 @@ do_change_passphrase(struct passwd *pw)
goto badkey;
} else if (r != 0) {
badkey:
fprintf(stderr, "Failed to load key \"%s\": %s\n",
identity_file, ssh_err(r));
exit(1);
fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
}
if (comment)
printf("Key has comment '%s'\n", comment);
@ -1307,7 +1299,7 @@ do_change_passphrase(struct passwd *pw)
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
printf("Saving key \"%s\" failed: %s.\n",
error("Saving key \"%s\" failed: %s.",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
@ -1341,14 +1333,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
if (stat(fname, &st) < 0) {
if (errno == ENOENT)
return 0;
perror(fname);
exit(1);
fatal("%s: %s", fname, strerror(errno));
}
if ((r = sshkey_load_public(fname, &public, &comment)) != 0) {
printf("Failed to read v2 public key from \"%s\": %s.\n",
if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
fatal("Failed to read v2 public key from \"%s\": %s.",
fname, ssh_err(r));
exit(1);
}
export_dns_rr(hname, public, stdout, print_generic);
sshkey_free(public);
free(comment);
@ -1370,18 +1359,15 @@ do_change_comment(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
if (stat(identity_file, &st) < 0) {
perror(identity_file);
exit(1);
}
if (stat(identity_file, &st) < 0)
fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_private(identity_file, "",
&private, &comment)) == 0)
passphrase = xstrdup("");
else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
printf("Cannot load private key \"%s\": %s.\n",
else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
exit(1);
} else {
else {
if (identity_passphrase)
passphrase = xstrdup(identity_passphrase);
else if (identity_new_passphrase)
@ -1394,13 +1380,14 @@ do_change_comment(struct passwd *pw)
&private, &comment)) != 0) {
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
printf("Cannot load private key \"%s\": %s.\n",
fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
exit(1);
}
}
/* XXX what about new-format keys? */
if (private->type != KEY_RSA1) {
fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
error("Comments are only supported for RSA1 keys.");
explicit_bzero(passphrase, strlen(passphrase));
sshkey_free(private);
exit(1);
}
@ -1422,7 +1409,7 @@ do_change_comment(struct passwd *pw)
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase,
new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
printf("Saving key \"%s\" failed: %s\n",
error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
@ -1438,17 +1425,13 @@ do_change_comment(struct passwd *pw)
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
printf("Could not save your public key in %s\n", identity_file);
exit(1);
}
if (fd == -1)
fatal("Could not save your public key in %s", identity_file);
f = fdopen(fd, "w");
if (f == NULL) {
printf("fdopen %s failed\n", identity_file);
exit(1);
}
if (f == NULL)
fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
fprintf(stderr, "write key failed: %s\n", ssh_err(r));
fatal("write key failed: %s", ssh_err(r));
sshkey_free(public);
fprintf(f, " %s\n", new_comment);
fclose(f);
@ -1608,8 +1591,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
break;
/* FALLTHROUGH */
default:
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
fatal("unknown key type %s", key_type_name);
}
}
@ -1631,7 +1613,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
otmp = tmp = xstrdup(cert_principals);
plist = NULL;
for (; (cp = strsep(&tmp, ",")) != NULL; n++) {
plist = xrealloc(plist, n + 1, sizeof(*plist));
plist = xreallocarray(plist, n + 1, sizeof(*plist));
if (*(plist[n] = xstrdup(cp)) == '\0')
fatal("Empty principal name");
}
@ -2216,9 +2198,11 @@ usage(void)
" ssh-keygen -H [-f known_hosts_file]\n"
" ssh-keygen -R hostname [-f known_hosts_file]\n"
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
#ifdef WITH_OPENSSL
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
" [-j start_line] [-K checkpt] [-W generator]\n"
#endif
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
" [-O option] [-V validity_interval] [-z serial_number] file ...\n"
" ssh-keygen -L [-f input_keyfile]\n"
@ -2236,19 +2220,22 @@ int
main(int argc, char **argv)
{
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
char *checkpoint = NULL;
char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
char *rr_hostname = NULL, *ep, *fp, *ra;
struct sshkey *private, *public;
struct passwd *pw;
struct stat st;
int r, opt, type, fd;
u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
FILE *f;
const char *errstr;
#ifdef WITH_OPENSSL
/* Moduli generation/screening */
char out_file[PATH_MAX], *checkpoint = NULL;
u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
#endif
extern int optind;
extern char *optarg;
@ -2267,14 +2254,10 @@ main(int argc, char **argv)
/* we need this for the home * directory. */
pw = getpwuid(getuid());
if (!pw) {
printf("No user exists for uid %lu\n", (u_long)getuid());
exit(1);
}
if (gethostname(hostname, sizeof(hostname)) < 0) {
perror("gethostname");
exit(1);
}
if (!pw)
fatal("No user exists for uid %lu", (u_long)getuid());
if (gethostname(hostname, sizeof(hostname)) < 0)
fatal("gethostname: %s", strerror(errno));
/* Remaining characters: UYdw */
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"
@ -2305,12 +2288,6 @@ main(int argc, char **argv)
case 'I':
cert_key_id = optarg;
break;
case 'J':
lines_to_process = strtoul(optarg, NULL, 10);
break;
case 'j':
start_lineno = strtoul(optarg, NULL, 10);
break;
case 'R':
delete_host = 1;
rr_hostname = optarg;
@ -2352,8 +2329,8 @@ main(int argc, char **argv)
change_comment = 1;
break;
case 'f':
if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
sizeof(identity_file))
if (strlcpy(identity_file, optarg,
sizeof(identity_file)) >= sizeof(identity_file))
fatal("Identity filename too long");
have_identity = 1;
break;
@ -2425,6 +2402,24 @@ main(int argc, char **argv)
case 'r':
rr_hostname = optarg;
break;
case 'a':
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
fatal("Invalid number: %s (%s)",
optarg, errstr);
break;
case 'V':
parse_cert_times(optarg);
break;
case 'z':
errno = 0;
cert_serial = strtoull(optarg, &ep, 10);
if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
(errno == ERANGE && cert_serial == ULLONG_MAX))
fatal("Invalid serial number \"%s\"", optarg);
break;
#ifdef WITH_OPENSSL
/* Moduli generation/screening */
case 'W':
generator_wanted = (u_int32_t)strtonum(optarg, 1,
UINT_MAX, &errstr);
@ -2432,13 +2427,6 @@ main(int argc, char **argv)
fatal("Desired generator has bad value: %s (%s)",
optarg, errstr);
break;
case 'a':
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
fatal("Invalid number: %s (%s)",
optarg, errstr);
break;
#ifdef WITH_OPENSSL
case 'M':
memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
if (errstr)
@ -2467,16 +2455,6 @@ main(int argc, char **argv)
fatal("Invalid start point.");
break;
#endif /* WITH_OPENSSL */
case 'V':
parse_cert_times(optarg);
break;
case 'z':
errno = 0;
cert_serial = strtoull(optarg, &ep, 10);
if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
(errno == ERANGE && cert_serial == ULLONG_MAX))
fatal("Invalid serial number \"%s\"", optarg);
break;
case '?':
default:
usage();
@ -2491,19 +2469,19 @@ main(int argc, char **argv)
if (ca_key_path != NULL) {
if (argc < 1 && !gen_krl) {
printf("Too few arguments.\n");
error("Too few arguments.");
usage();
}
} else if (argc > 0 && !gen_krl && !check_krl) {
printf("Too many arguments.\n");
error("Too many arguments.");
usage();
}
if (change_passphrase && change_comment) {
printf("Can only have one of -p and -c.\n");
error("Can only have one of -p and -c.");
usage();
}
if (print_fingerprint && (delete_host || hash_hosts)) {
printf("Cannot use -l with -H or -R.\n");
error("Cannot use -l with -H or -R.");
usage();
}
if (gen_krl) {
@ -2545,10 +2523,8 @@ main(int argc, char **argv)
if (have_identity) {
n = do_print_resource_record(pw,
identity_file, rr_hostname);
if (n == 0) {
perror(identity_file);
exit(1);
}
if (n == 0)
fatal("%s: %s", identity_file, strerror(errno));
exit(0);
} else {
@ -2566,6 +2542,7 @@ main(int argc, char **argv)
}
}
#ifdef WITH_OPENSSL
if (do_gen_candidates) {
FILE *out = fopen(out_file, "w");
@ -2605,6 +2582,7 @@ main(int argc, char **argv)
fatal("modulus screening failed");
return (0);
}
#endif
if (gen_all_hostkeys) {
do_gen_all_hostkeys(pw);
@ -2612,7 +2590,7 @@ main(int argc, char **argv)
}
if (key_type_name == NULL)
key_type_name = "rsa";
key_type_name = DEFAULT_KEY_TYPE_NAME;
type = sshkey_type_from_name(key_type_name);
type_bits_valid(type, key_type_name, &bits);
@ -2620,14 +2598,10 @@ main(int argc, char **argv)
if (!quiet)
printf("Generating public/private %s key pair.\n",
key_type_name);
if ((r = sshkey_generate(type, bits, &private)) != 0) {
fprintf(stderr, "key_generate failed\n");
exit(1);
}
if ((r = sshkey_from_private(private, &public)) != 0) {
fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r));
exit(1);
}
if ((r = sshkey_generate(type, bits, &private)) != 0)
fatal("key_generate failed");
if ((r = sshkey_from_private(private, &public)) != 0)
fatal("key_from_private failed: %s\n", ssh_err(r));
if (!have_identity)
ask_filename(pw, "Enter file in which to save the key");
@ -2697,7 +2671,7 @@ main(int argc, char **argv)
/* Save the key with the given passphrase and comment. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
printf("Saving key \"%s\" failed: %s\n",
error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
@ -2714,18 +2688,13 @@ main(int argc, char **argv)
printf("Your identification has been saved in %s.\n", identity_file);
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
printf("Could not save your public key in %s\n", identity_file);
exit(1);
}
f = fdopen(fd, "w");
if (f == NULL) {
printf("fdopen %s failed\n", identity_file);
exit(1);
}
if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
fatal("Unable to save public key to %s: %s",
identity_file, strerror(errno));
if ((f = fdopen(fd, "w")) == NULL)
fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
fprintf(stderr, "write key failed: %s\n", ssh_err(r));
error("write key failed: %s", ssh_err(r));
fprintf(f, " %s\n", comment);
fclose(f);

11
crypto/openssh/ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.99 2015/01/30 10:44:49 djm Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.101 2015/04/10 00:08:55 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -94,7 +94,7 @@ typedef struct Connection {
int c_len; /* Total bytes which must be read. */
int c_off; /* Length of data read so far. */
int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */
int c_done; /* SSH2 done */
sig_atomic_t c_done; /* SSH2 done */
char *c_namebase; /* Address to free for c_name and c_namelist */
char *c_name; /* Hostname of connection for errors */
char *c_namelist; /* Pointer to other possible addresses */
@ -299,15 +299,18 @@ static void
keyprint(con *c, struct sshkey *key)
{
char *host = c->c_output_name ? c->c_output_name : c->c_name;
char *hostport = NULL;
if (!key)
return;
if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
fatal("host_hash failed");
fprintf(stdout, "%s ", host);
hostport = put_host_port(host, ssh_port);
fprintf(stdout, "%s ", hostport);
sshkey_write(key, stdout);
fputs("\n", stdout);
free(hostport);
}
static int
@ -488,7 +491,7 @@ congreet(int s)
confree(s);
return;
}
fprintf(stderr, "# %s %s\n", c->c_name, chop(buf));
fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf));
n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);

4
crypto/openssh/ssh-keysign.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keysign.c,v 1.47 2015/01/28 22:36:00 djm Exp $ */
/* $OpenBSD: ssh-keysign.c,v 1.48 2015/03/24 20:09:11 markus Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@ -157,7 +157,7 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret,
if (fail && key != NULL)
sshkey_free(key);
else
else if (ret != NULL)
*ret = key;
return (fail ? -1 : 0);

34
crypto/openssh/ssh-pkcs11.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-pkcs11.c,v 1.17 2015/02/03 08:07:20 deraadt Exp $ */
/* $OpenBSD: ssh-pkcs11.c,v 1.19 2015/05/27 05:15:02 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@ -237,7 +237,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
{CKA_ID, NULL, 0},
{CKA_SIGN, NULL, sizeof(true_val) }
};
char *pin, prompt[1024];
char *pin = NULL, prompt[1024];
int rval = -1;
key_filter[0].pValue = &private_key_class;
@ -255,22 +255,30 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
si = &k11->provider->slotinfo[k11->slotidx];
if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
if (!pkcs11_interactive) {
error("need pin");
error("need pin entry%s", (si->token.flags &
CKF_PROTECTED_AUTHENTICATION_PATH) ?
" on reader keypad" : "");
return (-1);
}
snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
si->token.label);
pin = read_passphrase(prompt, RP_ALLOW_EOF);
if (pin == NULL)
return (-1); /* bail out */
rv = f->C_Login(si->session, CKU_USER,
(u_char *)pin, strlen(pin));
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
verbose("Deferring PIN entry to reader keypad.");
else {
snprintf(prompt, sizeof(prompt),
"Enter PIN for '%s': ", si->token.label);
pin = read_passphrase(prompt, RP_ALLOW_EOF);
if (pin == NULL)
return (-1); /* bail out */
}
rv = f->C_Login(si->session, CKU_USER, (u_char *)pin,
(pin != NULL) ? strlen(pin) : 0);
if (pin != NULL) {
explicit_bzero(pin, strlen(pin));
free(pin);
}
if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
error("C_Login failed: %lu", rv);
return (-1);
}
free(pin);
si->logged_in = 1;
}
key_filter[1].pValue = k11->keyid;
@ -527,7 +535,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
sshkey_free(key);
} else {
/* expand key array and add key */
*keysp = xrealloc(*keysp, *nkeys + 1,
*keysp = xreallocarray(*keysp, *nkeys + 1,
sizeof(struct sshkey *));
(*keysp)[*nkeys] = key;
*nkeys = *nkeys + 1;

4
crypto/openssh/ssh-rsa.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-rsa.c,v 1.52 2014/06/24 01:13:21 djm Exp $ */
/* $OpenBSD: ssh-rsa.c,v 1.53 2015/06/15 01:32:50 djm Exp $ */
/*
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
*
@ -113,7 +113,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
}
if (b != NULL)
sshbuf_free(b);
return 0;
return ret;
}
int

51
crypto/openssh/ssh.0
View File

@ -354,9 +354,9 @@ DESCRIPTION
applications (eg. sftp(1)). The subsystem is specified as the
remote command.
-T Disable pseudo-tty allocation.
-T Disable pseudo-terminal allocation.
-t Force pseudo-tty allocation. This can be used to execute
-t Force pseudo-terminal allocation. This can be used to execute
arbitrary screen-based programs on a remote machine, which can be
very useful, e.g. when implementing menu services. Multiple -t
options force tty allocation, even if ssh has no local tty.
@ -510,17 +510,22 @@ AUTHENTICATION
whose host key is not known or has changed.
When the user's identity has been accepted by the server, the server
either executes the given command, or logs into the machine and gives the
user a normal shell on the remote machine. All communication with the
either executes the given command in a non-interactive session or, if no
command has been specified, logs into the machine and gives the user a
normal shell as an interactive session. All communication with the
remote command or shell will be automatically encrypted.
If a pseudo-terminal has been allocated (normal login session), the user
may use the escape characters noted below.
If an interactive session is requested ssh by default will only request a
pseudo-terminal (pty) for interactive sessions when the client has one.
The flags -T and -t can be used to override this behaviour.
If no pseudo-tty has been allocated, the session is transparent and can
be used to reliably transfer binary data. On most systems, setting the
escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent even if
a tty is used.
If a pseudo-terminal has been allocated the user may use the escape
characters noted below.
If no pseudo-terminal has been allocated, the session is transparent and
can be used to reliably transfer binary data. On most systems, setting
the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent
even if a tty is used.
The session terminates when the command or shell on the remote machine
exits and all X11 and TCP connections have been closed.
@ -638,16 +643,20 @@ VERIFYING HOST KEYS
$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
If the fingerprint is already known, it can be matched and the key can be
accepted or rejected. Because of the difficulty of comparing host keys
just by looking at fingerprint strings, there is also support to compare
host keys visually, using random art. By setting the VisualHostKey
option to M-bM-^@M-^\yesM-bM-^@M-^], a small ASCII graphic gets displayed on every login to a
server, no matter if the session itself is interactive or not. By
learning the pattern a known server produces, a user can easily find out
that the host key has changed when a completely different pattern is
displayed. Because these patterns are not unambiguous however, a pattern
that looks similar to the pattern remembered only gives a good
probability that the host key is the same, not guaranteed proof.
accepted or rejected. If only legacy (MD5) fingerprints for the server
are available, the ssh-keygen(1) -E option may be used to downgrade the
fingerprint algorithm to match.
Because of the difficulty of comparing host keys just by looking at
fingerprint strings, there is also support to compare host keys visually,
using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small
ASCII graphic gets displayed on every login to a server, no matter if the
session itself is interactive or not. By learning the pattern a known
server produces, a user can easily find out that the host key has changed
when a completely different pattern is displayed. Because these patterns
are not unambiguous however, a pattern that looks similar to the pattern
remembered only gives a good probability that the host key is the same,
not guaranteed proof.
To get a listing of the fingerprints along with their random art for all
known hosts, the following command line can be used:
@ -948,4 +957,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 5.7 March 3, 2015 OpenBSD 5.7
OpenBSD 5.7 May 22, 2015 OpenBSD 5.7

32
crypto/openssh/ssh.1
View File

@ -33,9 +33,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.356 2015/03/03 06:48:58 djm Exp $
.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
.\" $FreeBSD$
.Dd $Mdocdate: March 3 2015 $
.Dd $Mdocdate: May 22 2015 $
.Dt SSH 1
.Os
.Sh NAME
@ -586,9 +586,9 @@ of SSH as a secure transport for other applications (eg.\&
.Xr sftp 1 ) .
The subsystem is specified as the remote command.
.It Fl T
Disable pseudo-tty allocation.
Disable pseudo-terminal allocation.
.It Fl t
Force pseudo-tty allocation.
Force pseudo-terminal allocation.
This can be used to execute arbitrary
screen-based programs on a remote machine, which can be very useful,
e.g. when implementing menu services.
@ -878,15 +878,26 @@ option can be used to control logins to machines whose
host key is not known or has changed.
.Pp
When the user's identity has been accepted by the server, the server
either executes the given command, or logs into the machine and gives
the user a normal shell on the remote machine.
either executes the given command in a non-interactive session or,
if no command has been specified, logs into the machine and gives
the user a normal shell as an interactive session.
All communication with
the remote command or shell will be automatically encrypted.
.Pp
If a pseudo-terminal has been allocated (normal login session), the
If an interactive session is requested
.Nm
by default will only request a pseudo-terminal (pty) for interactive
sessions when the client has one.
The flags
.Fl T
and
.Fl t
can be used to override this behaviour.
.Pp
If a pseudo-terminal has been allocated the
user may use the escape characters noted below.
.Pp
If no pseudo-tty has been allocated,
If no pseudo-terminal has been allocated,
the session is transparent and can be used to reliably transfer binary data.
On most systems, setting the escape character to
.Dq none
@ -1097,6 +1108,11 @@ Fingerprints can be determined using
.Pp
If the fingerprint is already known, it can be matched
and the key can be accepted or rejected.
If only legacy (MD5) fingerprints for the server are available, the
.Xr ssh-keygen 1
.Fl E
option may be used to downgrade the fingerprint algorithm to match.
.Pp
Because of the difficulty of comparing host keys
just by looking at fingerprint strings,
there is also support to compare host keys visually,

12
crypto/openssh/ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.416 2015/03/03 06:48:58 djm Exp $ */
/* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -357,10 +357,8 @@ check_follow_cname(char **namep, const char *cname)
debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
for (i = 0; i < options.num_permitted_cnames; i++) {
rule = options.permitted_cnames + i;
if (match_pattern_list(*namep, rule->source_list,
strlen(rule->source_list), 1) != 1 ||
match_pattern_list(cname, rule->target_list,
strlen(rule->target_list), 1) != 1)
if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
match_pattern_list(cname, rule->target_list, 1) != 1)
continue;
verbose("Canonicalized DNS aliased hostname "
"\"%s\" => \"%s\"", *namep, cname);
@ -1685,6 +1683,8 @@ ssh_session(void)
}
/* Request X11 forwarding if enabled and DISPLAY is set. */
display = getenv("DISPLAY");
if (display == NULL && options.forward_x11)
debug("X11 forwarding requested but DISPLAY not set");
if (options.forward_x11 && display != NULL) {
char *proto, *data;
/* Get reasonable local authentication information. */
@ -1786,6 +1786,8 @@ ssh_session2_setup(int id, int success, void *arg)
return; /* No need for error message, channels code sens one */
display = getenv("DISPLAY");
if (display == NULL && options.forward_x11)
debug("X11 forwarding requested but DISPLAY not set");
if (options.forward_x11 && display != NULL) {
char *proto, *data;
/* Get reasonable local authentication information. */

34
crypto/openssh/ssh_config.0
View File

@ -67,7 +67,7 @@ DESCRIPTION
require an argument. Criteria may be negated by prepending an
exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y).
The canonical keywork matches only when the configuration file is
The canonical keyword matches only when the configuration file is
being re-parsed after hostname canonicalization (see the
CanonicalizeHostname option.) This may be useful to specify
conditions that work with canonical host names only. The exec
@ -165,9 +165,11 @@ DESCRIPTION
CheckHostIP
If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh(1) will additionally check the
host IP address in the known_hosts file. This allows ssh to
detect if a host key changed due to DNS spoofing. If the option
is set to M-bM-^@M-^\noM-bM-^@M-^], the check will not be executed. The default is
M-bM-^@M-^\yesM-bM-^@M-^].
detect if a host key changed due to DNS spoofing and will add
addresses of destination hosts to ~/.ssh/known_hosts in the
process, regardless of the setting of StrictHostKeyChecking. If
the option is set to M-bM-^@M-^\noM-bM-^@M-^], the check will not be executed. The
default is M-bM-^@M-^\yesM-bM-^@M-^].
Cipher Specifies the cipher to use for encrypting the session in
protocol version 1. Currently, M-bM-^@M-^\blowfishM-bM-^@M-^], M-bM-^@M-^\3desM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^] are
@ -252,9 +254,8 @@ DESCRIPTION
or is not listening.
Setting this to M-bM-^@M-^\askM-bM-^@M-^] will cause ssh to listen for control
connections, but require confirmation using the SSH_ASKPASS
program before they are accepted (see ssh-add(1) for details).
If the ControlPath cannot be opened, ssh will continue without
connections, but require confirmation using ssh-askpass(1). If
the ControlPath cannot be opened, ssh will continue without
connecting to a master instance.
X11 and ssh-agent(1) forwarding is supported over these
@ -552,8 +553,8 @@ DESCRIPTION
curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1,
diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1,
diffie-hellman-group1-sha1
The list of available key exchange algorithms may also be
@ -768,12 +769,15 @@ DESCRIPTION
Specifies what variables from the local environ(7) should be sent
to the server. Note that environment passing is only supported
for protocol 2. The server must also support it, and the server
must be configured to accept these environment variables. Refer
to AcceptEnv in sshd_config(5) for how to configure the server.
Variables are specified by name, which may contain wildcard
characters. Multiple environment variables may be separated by
whitespace or spread across multiple SendEnv directives. The
default is not to send any environment variables.
must be configured to accept these environment variables. Note
that the TERM environment variable is always sent whenever a
pseudo-terminal is requested as it is required by the protocol.
Refer to AcceptEnv in sshd_config(5) for how to configure the
server. Variables are specified by name, which may contain
wildcard characters. Multiple environment variables may be
separated by whitespace or spread across multiple SendEnv
directives. The default is not to send any environment
variables.
See PATTERNS for more information on patterns.
@ -978,4 +982,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 5.7 February 20, 2015 OpenBSD 5.7
OpenBSD 5.7 June 2, 2015 OpenBSD 5.7

25
crypto/openssh/ssh_config.5
View File

@ -33,9 +33,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $
.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
.\" $FreeBSD$
.Dd $Mdocdate: February 20 2015 $
.Dd $Mdocdate: June 2 2015 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -167,7 +167,7 @@ Criteria may be negated by prepending an exclamation mark
.Pp
The
.Cm canonical
keywork matches only when the configuration file is being re-parsed
keyword matches only when the configuration file is being re-parsed
after hostname canonicalization (see the
.Cm CanonicalizeHostname
option.)
@ -341,7 +341,11 @@ If this flag is set to
will additionally check the host IP address in the
.Pa known_hosts
file.
This allows ssh to detect if a host key changed due to DNS spoofing.
This allows ssh to detect if a host key changed due to DNS spoofing
and will add addresses of destination hosts to
.Pa ~/.ssh/known_hosts
in the process, regardless of the setting of
.Cm StrictHostKeyChecking .
If the option is set to
.Dq no ,
the check will not be executed.
@ -485,11 +489,8 @@ if the control socket does not exist, or is not listening.
Setting this to
.Dq ask
will cause ssh
to listen for control connections, but require confirmation using the
.Ev SSH_ASKPASS
program before they are accepted (see
.Xr ssh-add 1
for details).
to listen for control connections, but require confirmation using
.Xr ssh-askpass 1 .
If the
.Cm ControlPath
cannot be opened,
@ -979,8 +980,8 @@ The default is:
curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1,
diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1,
diffie-hellman-group1-sha1
.Ed
.Pp
@ -1337,6 +1338,10 @@ should be sent to the server.
Note that environment passing is only supported for protocol 2.
The server must also support it, and the server must be configured to
accept these environment variables.
Note that the
.Ev TERM
environment variable is always sent whenever a
pseudo-terminal is requested as it is required by the protocol.
Refer to
.Cm AcceptEnv
in

6
crypto/openssh/ssh_namespace.h
View File

@ -1,6 +1,6 @@
/*
* Namespace munging inspired by an equivalent hack in NetBSD's tree: add
* the "ssh_" prefix to every symbol in libssh which doesn't already have
* the "Fssh_" prefix to every symbol in libssh which doesn't already have
* it. This prevents collisions between symbols in libssh and symbols in
* other libraries or applications which link with libssh, either directly
* or indirectly (e.g. through PAM loading pam_ssh).
@ -205,6 +205,7 @@
#define channel_send_window_changes Fssh_channel_send_window_changes
#define channel_set_af Fssh_channel_set_af
#define channel_set_fds Fssh_channel_set_fds
#define channel_set_x11_refuse_time Fssh_channel_set_x11_refuse_time
#define channel_setup_fwd_listener_streamlocal Fssh_channel_setup_fwd_listener_streamlocal
#define channel_setup_fwd_listener_tcpip Fssh_channel_setup_fwd_listener_tcpip
#define channel_setup_local_fwd_listener Fssh_channel_setup_local_fwd_listener
@ -314,6 +315,7 @@
#define dh_new_group1 Fssh_dh_new_group1
#define dh_new_group14 Fssh_dh_new_group14
#define dh_new_group_asc Fssh_dh_new_group_asc
#define dh_new_group_fallback Fssh_dh_new_group_fallback
#define dh_pub_is_valid Fssh_dh_pub_is_valid
#define dispatch_protocol_error Fssh_dispatch_protocol_error
#define dispatch_protocol_ignore Fssh_dispatch_protocol_ignore
@ -846,6 +848,7 @@
#define sshkey_size Fssh_sshkey_size
#define sshkey_ssh_name Fssh_sshkey_ssh_name
#define sshkey_ssh_name_plain Fssh_sshkey_ssh_name_plain
#define sshkey_to_base64 Fssh_sshkey_to_base64
#define sshkey_to_blob Fssh_sshkey_to_blob
#define sshkey_to_certified Fssh_sshkey_to_certified
#define sshkey_try_load_public Fssh_sshkey_try_load_public
@ -928,4 +931,5 @@
#define xmalloc Fssh_xmalloc
#define xmmap Fssh_xmmap
#define xrealloc Fssh_xrealloc
#define xreallocarray Fssh_xreallocarray
#define xstrdup Fssh_xstrdup

4
crypto/openssh/sshbuf-misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshbuf-misc.c,v 1.3 2015/02/05 12:59:57 millert Exp $ */
/* $OpenBSD: sshbuf-misc.c,v 1.4 2015/03/24 20:03:44 markus Exp $ */
/*
* Copyright (c) 2011 Damien Miller
*
@ -42,7 +42,7 @@ sshbuf_dump_data(const void *s, size_t len, FILE *f)
const u_char *p = (const u_char *)s;
for (i = 0; i < len; i += 16) {
fprintf(f, "%.4zd: ", i);
fprintf(f, "%.4zu: ", i);
for (j = i; j < i + 16; j++) {
if (j < len)
fprintf(f, "%02x ", p[j]);

7
crypto/openssh/sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.259 2015/01/28 22:36:00 djm Exp $ */
/* $OpenBSD: sshconnect.c,v 1.262 2015/05/28 05:41:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -913,7 +913,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
host_key, options.hash_known_hosts))
logit("Failed to add the %s host key for IP "
"address '%.128s' to the list of known "
"hosts (%.30s).", type, ip,
"hosts (%.500s).", type, ip,
user_hostfiles[0]);
else
logit("Warning: Permanently added the %s host "
@ -1351,6 +1351,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
/* key exchange */
/* authenticate user */
debug("Authenticating to %s:%d as '%s'", host, port, server_user);
if (compat20) {
ssh_kex2(host, hostaddr, port);
ssh_userauth2(local_user, server_user, host, sensitive);
@ -1359,7 +1360,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
ssh_kex(host, hostaddr);
ssh_userauth1(local_user, server_user, host, sensitive);
#else
fatal("ssh1 is not unsupported");
fatal("ssh1 is not supported");
#endif
}
free(local_user);

Some files were not shown because too many files have changed in this diff Show More