d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of OpenSSH 5.3p1

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2009-10-01 15:19:37 +00:00
parent 9ab1052dcd
commit e5e752b5a7
91 changed files with 8944 additions and 6328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

279
ChangeLog
View File

@ -1,3 +1,282 @@
20090926
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update for release
- (djm) [README] update relnotes URL
- (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere
- (djm) Release 5.3p1
20090911
- (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch
from jbasney at ncsa uiuc edu.
20090908
- (djm) [serverloop.c] Fix test for server-assigned remote forwarding port
(-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@
20090901
- (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for
krb5-config if it's not in the location specified by --with-kerberos5.
Patch from jchadima at redhat.
20090829
- (dtucker) [README.platform] Add text about development packages, based on
text from Chris Pepper in bug #1631.
20090828
- dtucker [auth-sia.c] Roll back the change for bug #1241 as it apparently
causes problems in some Tru64 configurations.
- (djm) [sshd_config.5] downgrade mention of login.conf to be an example
and mention PAM as another provider for ChallengeResponseAuthentication;
bz#1408; ok dtucker@
- (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when
attempting atomic rename(); ok dtucker@
- (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables
in argv, so pass them in the environment; ok dtucker@
- (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on
the pty master on Solaris, since it never succeeds and can hang if large
amounts of data is sent to the slave (eg a copy-paste). Based on a patch
originally from Doke Scott, ok djm@
- (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer
size a compile-time option and set it to 64k on Cygwin, since Corinna
reports that it makes a significant difference to performance. ok djm@
- (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry.
20090820
- (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not
using it since the type conflicts can cause problems on FreeBSD. Patch
from Jonathan Chen.
- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
20090817
- (dtucker) [configure.ac] Check for headers before libraries for openssl an
zlib, which should make the errors slightly more meaningful on platforms
where there's separate "-devel" packages for those.
- (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make
PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
20090729
- (tim) [contrib/cygwin/ssh-user-config] Change script to call correct error
function. Patch from Corinna Vinschen.
20090713
- (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it
fits into 16 bits to work around a bug in glibc's resolver where it masks
off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
20090712
- (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test,
prevents configure complaining on older BSDs.
- (dtucker [contrib/cygwin/ssh-{host,user}-config] Add license text. Patch
from Corinna Vinschen.
- (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on
logout to after the session close. Patch from Anicka Bernathova,
originally from Andreas Schwab via Novelll ok djm.
20090707
- (dtucker) [contrib/cygwin/ssh-host-config] better support for automated
scripts and fix usage of eval. Patch from Corinna Vinschen.
20090705
- (dtucker) OpenBSD CVS Sync
- andreas@cvs.openbsd.org 2009/06/27 09:29:06
[packet.h packet.c]
packet_bacup_state() and packet_restore_state() will be used to
temporarily save the current state ren resuming a suspended connection.
ok markus@
- andreas@cvs.openbsd.org 2009/06/27 09:32:43
[roaming_common.c roaming.h]
It may be necessary to retransmit some data when resuming, so add it
to a buffer when roaming is enabled.
Most of this code was written by Martin Forssen, maf at appgate dot com.
ok markus@
- andreas@cvs.openbsd.org 2009/06/27 09:35:06
[readconf.h readconf.c]
Add client option UseRoaming. It doesn't do anything yet but will
control whether the client tries to use roaming if enabled on the
server. From Martin Forssen.
ok markus@
- markus@cvs.openbsd.org 2009/06/30 14:54:40
[version.h]
crank version; ok deraadt
- dtucker@cvs.openbsd.org 2009/07/02 02:11:47
[ssh.c]
allow for long home dir paths (bz #1615). ok deraadt
(based in part on a patch from jchadima at redhat)
- stevesk@cvs.openbsd.org 2009/07/05 19:28:33
[clientloop.c]
only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@
ok deraadt@ markus@
20090622
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2009/06/22 05:39:28
[monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
alphabetize includes; reduces diff vs portable and style(9).
ok stevesk djm
(Id sync only; these were already in order in -portable)
20090621
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2009/03/17 21:37:00
[ssh.c]
pass correct argv[0] to openlog(); ok djm@
- jmc@cvs.openbsd.org 2009/03/19 15:15:09
[ssh.1]
for "Ciphers", just point the reader to the keyword in ssh_config(5), just
as we do for "MACs": this stops us getting out of sync when the lists
change;
fixes documentation/6102, submitted by Peter J. Philipp
alternative fix proposed by djm
ok markus
- tobias@cvs.openbsd.org 2009/03/23 08:31:19
[ssh-agent.c]
Fixed a possible out-of-bounds memory access if the environment variable
SHELL is shorter than 3 characters.
with input by and ok dtucker
- tobias@cvs.openbsd.org 2009/03/23 19:38:04
[ssh-agent.c]
My previous commit didn't fix the problem at all, so stick at my first
version of the fix presented to dtucker.
Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
ok dtucker
- sobrado@cvs.openbsd.org 2009/03/26 08:38:39
[sftp-server.8 sshd.8 ssh-agent.1]
fix a few typographical errors found by spell(1).
ok dtucker@, jmc@
- stevesk@cvs.openbsd.org 2009/04/13 19:07:44
[sshd_config.5]
fix possessive; ok djm@
- stevesk@cvs.openbsd.org 2009/04/14 16:33:42
[sftp-server.c]
remove unused option character from getopt() optstring; ok markus@
- jj@cvs.openbsd.org 2009/04/14 21:10:54
[servconf.c]
Fixed a few the-the misspellings in comments. Skipped a bunch in
binutils,gcc and so on. ok jmc@
- stevesk@cvs.openbsd.org 2009/04/17 19:23:06
[session.c]
use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
ok djm@ markus@
- stevesk@cvs.openbsd.org 2009/04/17 19:40:17
[sshd_config.5]
clarify that even internal-sftp needs /dev/log for logging to work; ok
markus@
- jmc@cvs.openbsd.org 2009/04/18 18:39:10
[sshd_config.5]
tweak previous; ok stevesk
- stevesk@cvs.openbsd.org 2009/04/21 15:13:17
[sshd_config.5]
clarify we cd to user's home after chroot; ok markus@ on
earlier version; tweaks and ok jmc@
- andreas@cvs.openbsd.org 2009/05/25 06:48:01
[channels.c packet.c clientloop.c packet.h serverloop.c monitor_wrap.c
monitor.c]
Put the globals in packet.c into a struct and don't access it directly
from other files. No functional changes.
ok markus@ djm@
- andreas@cvs.openbsd.org 2009/05/27 06:31:25
[canohost.h canohost.c]
Add clear_cached_addr(), needed for upcoming changes allowing the peer
address to change.
ok markus@
- andreas@cvs.openbsd.org 2009/05/27 06:33:39
[clientloop.c]
Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger
change from Martin Forssen, maf at appgate dot com.
ok markus@
- andreas@cvs.openbsd.org 2009/05/27 06:34:36
[kex.c kex.h]
Move the KEX_COOKIE_LEN define to kex.h
ok markus@
- andreas@cvs.openbsd.org 2009/05/27 06:36:07
[packet.h packet.c]
Add packet_put_int64() and packet_get_int64(), part of a larger change
from Martin Forssen.
ok markus@
- andreas@cvs.openbsd.org 2009/05/27 06:38:16
[sshconnect.h sshconnect.c]
Un-static ssh_exchange_identification(), part of a larger change from
Martin Forssen and needed for upcoming changes.
ok markus@
- andreas@cvs.openbsd.org 2009/05/28 16:50:16
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
Also, applied appropriate changes to Makefile.in
- andreas@cvs.openbsd.org 2009/06/12 20:43:22
[monitor.c packet.c]
Fix warnings found by chl@ and djm@ and change roaming_atomicio's
return type to match atomicio's
Diff from djm@, ok markus@
- andreas@cvs.openbsd.org 2009/06/12 20:58:32
[packet.c]
Move some more statics into session_state
ok markus@ djm@
- dtucker@cvs.openbsd.org 2009/06/21 07:37:15
[kexdhs.c kexgexs.c]
abort if key_sign fails, preventing possible null deref. Based on report
from Paolo Ganci, ok markus@ djm@
- dtucker@cvs.openbsd.org 2009/06/21 09:04:03
[roaming.h roaming_common.c roaming_dummy.c]
Add tags for the benefit of the sync scripts
Also: pull in the changes for 1.1->1.2 missed in the previous sync.
- (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and
header-order changes to reduce diff vs OpenBSD.
- (dtucker) [servconf.c sshd.c] More whitespace sync.
- (dtucker) [roaming_common.c roaming_dummy.c] Wrap #include <inttypes.h> in
ifdef.
20090616
- (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
is a struct with a __val member. Fixes build on, eg, Redhat 6.2.
20090504
- (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include
variable declarations. Should prevent unused warnings anywhere it's set
(only Crays as far as I can tell) and be a no-op everywhere else.
20090318
- (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
Based on patch from vinschen at redhat com.
20090308
- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
20090307
- (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
has a /dev/random).
- (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
to use them. Allows building with older OpenSSL versions.
- (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed.
- (dtucker) [configure.ac] Missing comma in type list.
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
in openssl 0.9.6) so add an explicit test for it.
20090306
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2009/03/05 07:18:19
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
- djm@cvs.openbsd.org 2009/03/05 11:30:50
[uuencode.c]
document what these functions do so I don't ever have to recuse into
b64_pton/ntop to remember their return values
20090223
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2009/02/22 23:50:57

18
Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.298 2008/11/05 05:20:46 djm Exp $
# $Id: Makefile.in,v 1.300 2009/08/28 00:47:38 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -74,7 +74,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
entropy.o scard-opensc.o gss-genr.o umac.o jpake.o schnorr.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
roaming_common.o
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
sshpty.o sshlogin.o servconf.o serverloop.o \
@ -86,7 +87,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o
audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
roaming_common.o
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@ -151,11 +153,11 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o
$(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o
$(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -240,7 +242,7 @@ check-config:
-$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
scard-install:
(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
(cd scard && env DESTDIR=$(DESTDIR) $(MAKE) DESTDIR=$(DESTDIR) install)
install-files: scard-install
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)

4
README
View File

@ -1,4 +1,4 @@
See http://www.openssh.com/txt/release-5.2 for the release notes.
See http://www.openssh.com/txt/release-5.3 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@ -62,4 +62,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.70 2009/02/23 00:11:57 djm Exp $
$Id: README,v 1.70.4.1 2009/09/26 04:11:47 djm Exp $

14
README.platform
View File

@ -56,6 +56,18 @@ using a third party driver. More information is available at:
http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
Linux
-----
Some Linux distributions (including Red Hat/Fedora/CentOS) include
headers and library links in the -devel RPMs rather than the main
binary RPMs. If you get an error about headers, or complaining about a
missing prerequisite then you may need to install the equivalent
development packages. On Redhat based distros these may be openssl-devel,
zlib-devel and pam-devel, on Debian based distros these may be
libssl-dev, libz-dev and libpam-dev.
Solaris
-------
If you enable BSM auditing on Solaris, you need to update audit_event(4)
@ -81,4 +93,4 @@ account stacks which will prevent authentication entirely, but will still
return the output from pam_nologin to the client.
$Id: README.platform,v 1.9 2007/08/09 04:31:53 dtucker Exp $
$Id: README.platform,v 1.10 2009/08/28 23:14:48 dtucker Exp $

10
auth-pam.c
View File

@ -602,16 +602,16 @@ sshpam_cleanup(void)
return;
debug("PAM: cleanup");
pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
if (sshpam_cred_established) {
debug("PAM: deleting credentials");
pam_setcred(sshpam_handle, PAM_DELETE_CRED);
sshpam_cred_established = 0;
}
if (sshpam_session_open) {
debug("PAM: closing session");
pam_close_session(sshpam_handle, PAM_SILENT);
sshpam_session_open = 0;
}
if (sshpam_cred_established) {
debug("PAM: deleting credentials");
pam_setcred(sshpam_handle, PAM_DELETE_CRED);
sshpam_cred_established = 0;
}
sshpam_authenticated = 0;
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;

2
auth-passwd.c
View File

@ -102,7 +102,7 @@ auth_password(Authctxt *authctxt, const char *password)
}
#endif
#ifdef HAVE_CYGWIN
if (is_winnt) {
{
HANDLE hToken = cygwin_logon_user(pw, password);
if (hToken == INVALID_HANDLE_VALUE)

53
auth-sia.c
View File

@ -34,10 +34,6 @@
#include <unistd.h>
#include <stdarg.h>
#include <string.h>
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
#include <time.h>
#include "ssh.h"
#include "key.h"
@ -53,52 +49,6 @@ extern ServerOptions options;
extern int saved_argc;
extern char **saved_argv;
static int
sia_password_change_required(const char *user)
{
struct es_passwd *acct;
time_t pw_life;
time_t pw_date;
set_auth_parameters(saved_argc, saved_argv);
if ((acct = getespwnam(user)) == NULL) {
error("Couldn't access protected database entry for %s", user);
endprpwent();
return (0);
}
/* If forced password change flag is set, honor it */
if (acct->uflg->fg_psw_chg_reqd && acct->ufld->fd_psw_chg_reqd) {
endprpwent();
return (1);
}
/* Obtain password lifetime; if none, it can't have expired */
if (acct->uflg->fg_expire)
pw_life = acct->ufld->fd_expire;
else if (acct->sflg->fg_expire)
pw_life = acct->sfld->fd_expire;
else {
endprpwent();
return (0);
}
/* Offset from last change; if none, it must be expired */
if (acct->uflg->fg_schange)
pw_date = acct->ufld->fd_schange + pw_life;
else {
endprpwent();
return (1);
}
endprpwent();
/* If expiration date is prior to now, change password */
return (pw_date <= time((time_t *) NULL));
}
int
sys_auth_passwd(Authctxt *authctxt, const char *pass)
{
@ -126,9 +76,6 @@ sys_auth_passwd(Authctxt *authctxt, const char *pass)
sia_ses_release(&ent);
authctxt->force_pwchange = sia_password_change_required(
authctxt->user);
return (1);
}

10
auth1.c
View File

@ -318,15 +318,7 @@ do_authloop(Authctxt *authctxt)
}
#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
authctxt->pw)) {
packet_disconnect("Authentication rejected for uid %d.",
authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
authenticated = 0;
}
#else
#ifndef HAVE_CYGWIN
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(meth->name)) {

7
auth2-jpake.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-jpake.c,v 1.2 2008/11/07 23:34:48 dtucker Exp $ */
/* $OpenBSD: auth2-jpake.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@ -42,8 +42,8 @@
#include "ssh2.h"
#include "key.h"
#include "hostfile.h"
#include "buffer.h"
#include "auth.h"
#include "buffer.h"
#include "packet.h"
#include "dispatch.h"
#include "log.h"
@ -55,6 +55,7 @@
#endif
#include "monitor_wrap.h"
#include "schnorr.h"
#include "jpake.h"
/*
@ -359,7 +360,7 @@ auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
}
/*
* Being authentication attempt.
* Begin authentication attempt.
* Note, sets authctxt->postponed while in subprotocol
*/
static int

4
auth2-kbdint.c
View File

@ -58,10 +58,6 @@ userauth_kbdint(Authctxt *authctxt)
xfree(devs);
xfree(lang);
#ifdef HAVE_CYGWIN
if (check_nt_auth(0, authctxt->pw) == 0)
authenticated = 0;
#endif
return authenticated;
}

4
auth2-none.c
View File

@ -61,10 +61,6 @@ userauth_none(Authctxt *authctxt)
{
none_enabled = 0;
packet_check_eom();
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return (0);
#endif
if (options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);

4
auth2-passwd.c
View File

@ -68,10 +68,6 @@ userauth_passwd(Authctxt *authctxt)
logit("password change not supported");
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
authenticated = 0;
#endif
memset(password, 0, len);
xfree(password);
return authenticated;

4
auth2-pubkey.c
View File

@ -170,10 +170,6 @@ userauth_pubkey(Authctxt *authctxt)
key_free(key);
xfree(pkalg);
xfree(pkblob);
#ifdef HAVE_CYGWIN
if (check_nt_auth(0, authctxt->pw) == 0)
authenticated = 0;
#endif
return authenticated;
}

4
auth2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.120 2008/11/04 08:22:12 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.121 2009/06/22 05:39:28 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -35,8 +35,8 @@
#include <string.h>
#include <unistd.h>
#include "xmalloc.h"
#include "atomicio.h"
#include "xmalloc.h"
#include "ssh2.h"
#include "packet.h"
#include "log.h"

24
canohost.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: canohost.c,v 1.64 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: canohost.c,v 1.65 2009/05/27 06:31:25 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,6 +35,8 @@
#include "misc.h"
static void check_ip_options(int, char *);
static char *canonical_host_ip = NULL;
static int cached_port = -1;
/*
* Return the canonical name of the host at the other end of the socket. The
@ -304,6 +306,16 @@ get_local_name(int sock)
return get_socket_address(sock, 0, NI_NAMEREQD);
}
void
clear_cached_addr(void)
{
if (canonical_host_ip != NULL) {
xfree(canonical_host_ip);
canonical_host_ip = NULL;
}
cached_port = -1;
}
/*
* Returns the IP-address of the remote host as a string. The returned
* string must not be freed.
@ -312,8 +324,6 @@ get_local_name(int sock)
const char *
get_remote_ipaddr(void)
{
static char *canonical_host_ip = NULL;
/* Check whether we have cached the ipaddr. */
if (canonical_host_ip == NULL) {
if (packet_connection_is_on_socket()) {
@ -402,13 +412,11 @@ get_peer_port(int sock)
int
get_remote_port(void)
{
static int port = -1;
/* Cache to avoid getpeername() on a dead connection */
if (port == -1)
port = get_port(0);
if (cached_port == -1)
cached_port = get_port(0);
return port;
return cached_port;
}
int

4
canohost.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: canohost.h,v 1.10 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: canohost.h,v 1.11 2009/05/27 06:31:25 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -24,6 +24,6 @@ char *get_local_name(int);
int get_remote_port(void);
int get_local_port(void);
int get_sock_port(int, int);
void clear_cached_addr(void);
void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);

6
channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.295 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: channels.c,v 1.296 2009/05/25 06:48:00 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1653,6 +1653,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
}
return -1;
}
#ifndef BROKEN_TCGETATTR_ICANON
if (compat20 && c->isatty && dlen >= 1 && buf[0] != '\r') {
if (tcgetattr(c->wfd, &tio) == 0 &&
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
@ -1666,6 +1667,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
packet_send();
}
}
#endif
buffer_consume(&c->output, len);
if (compat20 && len > 0) {
c->local_consumed += len;
@ -2431,7 +2433,7 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
int id;
/* Reset keepalive timeout */
keep_alive_timeouts = 0;
packet_set_alive_timeouts(0);
id = packet_get_int();
packet_check_eom();

25
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.209 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.213 2009/07/05 19:28:33 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -109,6 +109,7 @@
#include "misc.h"
#include "match.h"
#include "msg.h"
#include "roaming.h"
/* import options */
extern Options options;
@ -491,13 +492,13 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
xfree(gc);
}
keep_alive_timeouts = 0;
packet_set_alive_timeouts(0);
}
static void
server_alive_check(void)
{
if (++keep_alive_timeouts > options.server_alive_count_max) {
if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
logit("Timeout, server not responding.");
cleanup_exit(255);
}
@ -634,8 +635,8 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
static void
client_process_net_input(fd_set *readset)
{
int len;
char buf[8192];
int len, cont = 0;
char buf[SSH_IOBUFSZ];
/*
* Read input from the server, and add any such data to the buffer of
@ -643,8 +644,8 @@ client_process_net_input(fd_set *readset)
*/
if (FD_ISSET(connection_in, readset)) {
/* Read as much as possible. */
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
len = roaming_read(connection_in, buf, sizeof(buf), &cont);
if (len == 0 && cont == 0) {
/*
* Received EOF. The remote host has closed the
* connection.
@ -1128,7 +1129,7 @@ static void
client_process_input(fd_set *readset)
{
int len;
char buf[8192];
char buf[SSH_IOBUFSZ];
/* Read input from stdin. */
if (FD_ISSET(fileno(stdin), readset)) {
@ -1476,6 +1477,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
/* Stop watching for window change. */
signal(SIGWINCH, SIG_DFL);
if (compat20) {
packet_start(SSH2_MSG_DISCONNECT);
packet_put_int(SSH2_DISCONNECT_BY_APPLICATION);
packet_put_cstring("disconnected by user");
packet_send();
packet_write_wait();
}
channel_free_all();
if (have_pty)

34
config.h.in
View File

@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
*/
#undef AIX_GETNAMEINFO_HACK
@ -68,6 +71,9 @@
/* Define if your snprintf is busted */
#undef BROKEN_SNPRINTF
/* tcgetattr with ICANON may hang */
#undef BROKEN_TCGETATTR_ICANON
/* updwtmpx is broken (if present) */
#undef BROKEN_UPDWTMPX
@ -122,9 +128,12 @@
/* Builtin PRNG command timeout */
#undef ENTROPY_TIMEOUT_MSEC
/* f_fsid has members */
/* fsid_t has member val */
#undef FSID_HAS_VAL
/* fsid_t has member __val */
#undef FSID_HAS___VAL
/* Define to 1 if the `getpgrp' function requires zero arguments. */
#undef GETPGRP_VOID
@ -518,6 +527,9 @@
/* Define to 1 if the system has the type `in_addr_t'. */
#undef HAVE_IN_ADDR_T
/* Define to 1 if the system has the type `in_port_t'. */
#undef HAVE_IN_PORT_T
/* Define to 1 if you have the <lastlog.h> header file. */
#undef HAVE_LASTLOG_H
@ -1226,6 +1238,9 @@
/* Define if X11 doesn't support AF_UNIX sockets on that system */
#undef NO_X11_UNIX_SOCKETS
/* Define if EVP_DigestUpdate returns void */
#undef OPENSSL_EVP_DIGESTUPDATE_VOID
/* libcrypto is missing AES 192 and 256 bit functions */
#undef OPENSSL_LOBOTOMISED_AES
@ -1309,6 +1324,9 @@
/* Use audit debugging module */
#undef SSH_AUDIT_EVENTS
/* Windows is sensitive to read buffer size */
#undef SSH_IOBUFSZ
/* non-privileged user for privilege separation */
#undef SSH_PRIVSEP_USER
@ -1397,9 +1415,17 @@
/* Define if you want SELinux support. */
#undef WITH_SELINUX
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
# undef WORDS_BIGENDIAN
# endif
#endif
/* Define if xauth is found in your path */
#undef XAUTH_PATH

12016
configure vendored
View File

File diff suppressed because it is too large Load Diff

108
configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.415 2009/02/16 04:37:03 djm Exp $
# $Id: configure.ac,v 1.427 2009/09/11 04:56:08 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
AC_REVISION($Revision: 1.415 $)
AC_REVISION($Revision: 1.427 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
@ -279,7 +279,6 @@ AC_CHECK_HEADERS( \
sys/cdefs.h \
sys/dir.h \
sys/mman.h \
sys/mount.h \
sys/ndir.h \
sys/poll.h \
sys/prctl.h \
@ -326,6 +325,11 @@ AC_CHECK_HEADERS(login_cap.h, [], [], [
#include <sys/types.h>
])
# older BSDs need sys/param.h before sys/mount.h
AC_CHECK_HEADERS(sys/mount.h, [], [], [
#include <sys/param.h>
])
# Messages for features tested for in target-specific section
SIA_MSG="no"
SPC_MSG="no"
@ -434,8 +438,6 @@ int main(void) { exit(0); }
AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
AC_DEFINE(DISABLE_SHADOW, 1,
[Define if you want to disable shadow passwords])
AC_DEFINE(IP_TOS_IS_BROKEN, 1,
[Define if your system choked on IP TOS setting])
AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
[Define if X11 doesn't support AF_UNIX sockets on that system])
AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
@ -444,9 +446,11 @@ int main(void) { exit(0); }
AC_DEFINE(DISABLE_FD_PASSING, 1,
[Define if your platform needs to skip post auth
file descriptor passing])
AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
;;
*-*-dgux*)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(IP_TOS_IS_BROKEN, 1,
[Define if your system choked on IP TOS setting])
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
@ -668,6 +672,7 @@ mips-sony-bsd|mips-sony-newsos4)
after setsid()])
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
in case the name is longer than 8 chars])
AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
@ -979,6 +984,7 @@ AC_ARG_WITH(zlib,
fi ]
)
AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
AC_CHECK_LIB(z, deflate, ,
[
saved_CPPFLAGS="$CPPFLAGS"
@ -999,7 +1005,6 @@ AC_CHECK_LIB(z, deflate, ,
)
]
)
AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
AC_ARG_WITH(zlib-version-check,
[ --without-zlib-version-check Disable zlib version check],
@ -1892,6 +1897,8 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
fi
CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
AC_CHECK_HEADER([openssl/opensslv.h], ,
AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
@ -2076,6 +2083,23 @@ int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
]
)
AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
AC_LINK_IFELSE(
[AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/evp.h>
int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
]])],
[
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
[Define if EVP_DigestUpdate returns void])
]
)
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
# because the system crypt() is more featureful.
if test "x$check_for_libcrypt_before" = "x1"; then
@ -2694,7 +2718,7 @@ AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
#endif
])
AC_CHECK_TYPES(in_addr_t,,,
AC_CHECK_TYPES([in_addr_t, in_port_t],,,
[#include <sys/types.h>
#include <netinet/in.h>])
@ -3064,15 +3088,41 @@ if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
file descriptor passing])
fi
AC_MSG_CHECKING(if f_fsid has val members)
AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
AC_TRY_COMPILE([
#include <sys/types.h>
#include <sys/stat.h>
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
#ifdef HAVE_SYS_MOUNT_H
#include <sys/mount.h>
#endif
#ifdef HAVE_SYS_STATVFS_H
#include <sys/statvfs.h>
#endif
], [struct statvfs s; s.f_fsid = 0;],
[ AC_MSG_RESULT(yes) ],
[ AC_MSG_RESULT(no)
AC_MSG_CHECKING(if fsid_t has member val)
AC_TRY_COMPILE([
#include <sys/types.h>
#include <sys/statvfs.h>],
[struct fsid_t t; t.val[0] = 0;],
[fsid_t t; t.val[0] = 0;],
[ AC_MSG_RESULT(yes)
AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
[ AC_MSG_RESULT(no) ]
)
AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
[ AC_MSG_RESULT(no) ])
AC_MSG_CHECKING(if f_fsid has member __val)
AC_TRY_COMPILE([
#include <sys/types.h>
#include <sys/statvfs.h>],
[fsid_t t; t.__val[0] = 0;],
[ AC_MSG_RESULT(yes)
AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
[ AC_MSG_RESULT(no) ])
])
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
@ -3274,12 +3324,30 @@ AC_SEARCH_LIBS(getrrsetbyname, resolv,
AC_SEARCH_LIBS(res_query, resolv)
AC_SEARCH_LIBS(dn_expand, resolv)
AC_MSG_CHECKING(if res_query will link)
AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
AC_LINK_IFELSE([
#include "confdefs.h"
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <netdb.h>
#include <resolv.h>
int main()
{
res_query (0, 0, 0, 0, 0);
return 0;
}
],
AC_MSG_RESULT(yes),
[AC_MSG_RESULT(no)
saved_LIBS="$LIBS"
LIBS="$LIBS -lresolv"
AC_MSG_CHECKING(for res_query in -lresolv)
AC_LINK_IFELSE([
#include "confdefs.h"
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <netdb.h>
#include <resolv.h>
int main()
{
@ -3287,8 +3355,7 @@ int main()
return 0;
}
],
[LIBS="$LIBS -lresolv"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(yes)],
[LIBS="$saved_LIBS"
AC_MSG_RESULT(no)])
])
@ -3354,10 +3421,10 @@ AC_ARG_WITH(kerberos5,
AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
KRB5_MSG="yes"
AC_MSG_CHECKING(for krb5-config)
if test -x $KRB5ROOT/bin/krb5-config ; then
KRB5CONF=$KRB5ROOT/bin/krb5-config
AC_MSG_RESULT($KRB5CONF)
AC_PATH_PROG([KRB5CONF],[krb5-config],
[$KRB5ROOT/bin/krb5-config],
[$KRB5ROOT/bin:$PATH])
if test -x $KRB5CONF ; then
AC_MSG_CHECKING(for gssapi support)
if $KRB5CONF | grep gssapi >/dev/null ; then
@ -3383,7 +3450,6 @@ AC_ARG_WITH(kerberos5,
AC_MSG_RESULT(no)
)
else
AC_MSG_RESULT(no)
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
AC_MSG_CHECKING(whether we are using Heimdal)

11
contrib/aix/buildbff.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
#
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
# $Id: buildbff.sh,v 1.10 2006/09/10 03:24:19 dtucker Exp $
# $Id: buildbff.sh,v 1.11 2009/03/06 23:22:10 dtucker Exp $
#
# Author: Darren Tucker (dtucker at zip dot com dot au)
# This file is placed in the public domain and comes with absolutely
@ -151,11 +151,18 @@ fi
# Rename config files; postinstall script will copy them if necessary
for cfgfile in ssh_config sshd_config ssh_prng_cmds
for cfgfile in ssh_config sshd_config
do
mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
done
# AIX 5.3 and newer have /dev/random and don't create ssh_prng_cmds
if [ -f $FAKE_ROOT/$sysconfdir/ssh_prng_cmds ]
then
mv FAKE_ROOT/$sysconfdir/ssh_prng_cmds \
$FAKE_ROOT/$sysconfdir/ssh_prng_cmds.default
fi
#
# Generate lpp control files.
# working dir is $FAKE_ROOT but files are generated in dir above

6
contrib/caldera/openssh.spec
View File

@ -17,11 +17,11 @@
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
%if %{use_stable}
%define version 5.2p1
%define version 5.3p1
%define cvs %{nil}
%define release 1
%else
%define version 5.2p1
%define version 5.3p1
%define cvs cvs20050315
%define release 0r1
%endif
@ -358,4 +358,4 @@ fi
* Mon Jan 01 1998 ...
Template Version: 1.31
$Id: openssh.spec,v 1.66 2009/02/21 07:03:05 djm Exp $
$Id: openssh.spec,v 1.66.4.1 2009/09/26 04:09:35 djm Exp $

43
contrib/cygwin/ssh-host-config
View File

@ -1,8 +1,20 @@
#!/bin/bash
#
# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc.
# ssh-host-config, Copyright 2000-2009 Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# ======================================================================
# Initialization
@ -26,7 +38,9 @@ port_number=22
privsep_configured=no
privsep_used=yes
cygwin_value=""
user_account=
password_value=
opt_force=no
# ======================================================================
# Routine: create_host_keys
@ -287,6 +301,11 @@ install_service() {
csih_inform "sshd requires. You need to have or to create a privileged"
csih_inform "account. This script will help you do so."
echo
[ "${opt_force}" = "yes" ] && opt_f=-f
[ -n "${user_account}" ] && opt_u="-u ""${user_account}"""
csih_select_privileged_username ${opt_f} ${opt_u} sshd
if ! csih_create_privileged_user "${password_value}"
then
csih_error_recoverable "There was a serious problem creating a privileged user."
@ -316,12 +335,12 @@ install_service() {
if [ -n "${csih_cygenv}" ]
then
cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
fi
if [ -z "${password}" ]
then
if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
-a "-D" -y tcpip ${cygwin_env}
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
-a "-D" -y tcpip "${cygwin_env[@]}"
then
echo
csih_inform "The sshd service has been installed under the LocalSystem"
@ -330,8 +349,8 @@ install_service() {
csih_inform "will start automatically after the next reboot."
fi
else
if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
-a "-D" -y tcpip ${cygwin_env} \
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
-a "-D" -y tcpip "${cygwin_env[@]}" \
-u "${run_service_as}" -w "${password}"
then
echo
@ -378,11 +397,13 @@ if [ "$PROGDIR" = "/etc/postinstall" ]
then
csih_auto_answer="no"
csih_disable_color
opt_force=yes
fi
if [ -n "${SSH_HOST_CONFIG_AUTO_ANSWER_NO}" ]
then
csih_auto_answer="no"
csih_disable_color
opt_force=yes
fi
# ======================================================================
@ -407,10 +428,12 @@ do
-y | --yes )
csih_auto_answer=yes
opt_force=yes
;;
-n | --no )
csih_auto_answer=no
opt_force=yes
;;
-c | --cygwin )
@ -423,6 +446,11 @@ do
shift
;;
-u | --user )
user_account="$1"
shift
;;
-w | --pwd )
password_value="$1"
shift
@ -443,6 +471,7 @@ do
echo " --no -n Answer all questions with \"no\" automatically."
echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
echo " --port -p <n> sshd listens on port n."
echo " --user -u <account> privileged user for service."
echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
echo " --privileged On Windows NT/2k/XP, require privileged user"
echo " instead of LocalSystem for sshd service."
@ -489,7 +518,7 @@ then
fi
# Create /var/empty file used as chroot jail for privilege separation
csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create log directory."
csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create ${LOCALSTATEDIR}/empty directory."
chmod 755 "${LOCALSTATEDIR}/empty"
setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty"

20
contrib/cygwin/ssh-user-config
View File

@ -1,8 +1,20 @@
#!/bin/bash
#
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# ======================================================================
# Initialization
@ -118,14 +130,14 @@ check_user_homedir() {
pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
if [ "X${pwdhome}" = "X" ]
then
csih_error_multiline \
csih_error_multi \
"There is no home directory set for you in ${SYSCONFDIR}/passwd." \
'Setting $HOME is not sufficient!'
fi
if [ ! -d "${pwdhome}" ]
then
csih_error_multiline \
csih_error_multi \
"${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
'but it is not a valid directory. Cannot create user identity files.'
fi
@ -291,7 +303,7 @@ done
# Check passwd file
if [ ! -f ${SYSCONFDIR}/passwd ]
then
csih_error_multiline \
csih_error_multi \
"${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
'first using mkpasswd. Check if it contains an entry for you and' \
'please care for the home directory in your entry as well.'

2
contrib/redhat/openssh.spec
View File

@ -1,4 +1,4 @@
%define ver 5.2p1
%define ver 5.3p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID

2
contrib/suse/openssh.spec
View File

@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 5.2p1
Version: 5.3p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz

13
defines.h
View File

@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.153 2009/02/01 11:19:54 dtucker Exp $ */
/* $Id: defines.h,v 1.156 2009/08/28 01:21:07 dtucker Exp $ */
/* Constants */
@ -300,6 +300,9 @@ struct sockaddr_un {
#ifndef HAVE_IN_ADDR_T
typedef u_int32_t in_addr_t;
#endif
#ifndef HAVE_IN_PORT_T
typedef u_int16_t in_port_t;
#endif
#if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
#define _STRUCT_WINSIZE
@ -591,6 +594,10 @@ struct winsize {
#define FSID_TO_ULONG(f) \
((((u_int64_t)(f).val[0] & 0xffffffffUL) << 32) | \
((f).val[1] & 0xffffffffUL))
#elif defined(FSID_HAS___VAL)
#define FSID_TO_ULONG(f) \
((((u_int64_t)(f).__val[0] & 0xffffffffUL) << 32) | \
((f).__val[1] & 0xffffffffUL))
#else
# define FSID_TO_ULONG(f) ((f))
#endif
@ -742,4 +749,8 @@ struct winsize {
#define INET6_ADDRSTRLEN 46
#endif
#ifndef SSH_IOBUFSZ
# define SSH_IOBUFSZ 8192
#endif
#endif /* _DEFINES_H */

2
gss-genr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-genr.c,v 1.19 2007/06/12 11:56:15 dtucker Exp $ */
/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */
/*
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.

3
includes.h
View File

@ -31,7 +31,8 @@
#endif
#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \
defined(GLOB_HAS_GL_MATCHC) && \
defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0
defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \
!defined(BROKEN_GLOB)
# include <glob.h>
#endif
#ifdef HAVE_ENDIAN_H

181
jpake.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: jpake.c,v 1.1 2008/11/04 08:22:12 djm Exp $ */
/* $OpenBSD: jpake.c,v 1.2 2009/03/05 07:18:19 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@ -47,6 +47,7 @@
#include "log.h"
#include "jpake.h"
#include "schnorr.h"
#ifdef JPAKE
@ -60,165 +61,10 @@
"98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" \
"9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
struct jpake_group *
struct modp_group *
jpake_default_group(void)
{
struct jpake_group *ret;
ret = xmalloc(sizeof(*ret));
ret->p = ret->q = ret->g = NULL;
if (BN_hex2bn(&ret->p, JPAKE_GROUP_P) == 0 ||
BN_hex2bn(&ret->g, JPAKE_GROUP_G) == 0)
fatal("%s: BN_hex2bn", __func__);
/* Subgroup order is p/2 (p is a safe prime) */
if ((ret->q = BN_new()) == NULL)
fatal("%s: BN_new", __func__);
if (BN_rshift1(ret->q, ret->p) != 1)
fatal("%s: BN_rshift1", __func__);
return ret;
}
/*
* Generate uniformly distributed random number in range (1, high).
* Return number on success, NULL on failure.
*/
BIGNUM *
bn_rand_range_gt_one(const BIGNUM *high)
{
BIGNUM *r, *tmp;
int success = -1;
if ((tmp = BN_new()) == NULL) {
error("%s: BN_new", __func__);
return NULL;
}
if ((r = BN_new()) == NULL) {
error("%s: BN_new failed", __func__);
goto out;
}
if (BN_set_word(tmp, 2) != 1) {
error("%s: BN_set_word(tmp, 2)", __func__);
goto out;
}
if (BN_sub(tmp, high, tmp) == -1) {
error("%s: BN_sub failed (tmp = high - 2)", __func__);
goto out;
}
if (BN_rand_range(r, tmp) == -1) {
error("%s: BN_rand_range failed", __func__);
goto out;
}
if (BN_set_word(tmp, 2) != 1) {
error("%s: BN_set_word(tmp, 2)", __func__);
goto out;
}
if (BN_add(r, r, tmp) == -1) {
error("%s: BN_add failed (r = r + 2)", __func__);
goto out;
}
success = 0;
out:
BN_clear_free(tmp);
if (success == 0)
return r;
BN_clear_free(r);
return NULL;
}
/*
* Hash contents of buffer 'b' with hash 'md'. Returns 0 on success,
* with digest via 'digestp' (caller to free) and length via 'lenp'.
* Returns -1 on failure.
*/
int
hash_buffer(const u_char *buf, u_int len, const EVP_MD *md,
u_char **digestp, u_int *lenp)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int digest_len;
EVP_MD_CTX evp_md_ctx;
int success = -1;
EVP_MD_CTX_init(&evp_md_ctx);
if (EVP_DigestInit_ex(&evp_md_ctx, md, NULL) != 1) {
error("%s: EVP_DigestInit_ex", __func__);
goto out;
}
if (EVP_DigestUpdate(&evp_md_ctx, buf, len) != 1) {
error("%s: EVP_DigestUpdate", __func__);
goto out;
}
if (EVP_DigestFinal_ex(&evp_md_ctx, digest, &digest_len) != 1) {
error("%s: EVP_DigestFinal_ex", __func__);
goto out;
}
*digestp = xmalloc(digest_len);
*lenp = digest_len;
memcpy(*digestp, digest, *lenp);
success = 0;
out:
EVP_MD_CTX_cleanup(&evp_md_ctx);
bzero(digest, sizeof(digest));
digest_len = 0;
return success;
}
/* print formatted string followed by bignum */
void
jpake_debug3_bn(const BIGNUM *n, const char *fmt, ...)
{
char *out, *h;
va_list args;
out = NULL;
va_start(args, fmt);
vasprintf(&out, fmt, args);
va_end(args);
if (out == NULL)
fatal("%s: vasprintf failed", __func__);
if (n == NULL)
debug3("%s(null)", out);
else {
h = BN_bn2hex(n);
debug3("%s0x%s", out, h);
free(h);
}
free(out);
}
/* print formatted string followed by buffer contents in hex */
void
jpake_debug3_buf(const u_char *buf, u_int len, const char *fmt, ...)
{
char *out, h[65];
u_int i, j;
va_list args;
out = NULL;
va_start(args, fmt);
vasprintf(&out, fmt, args);
va_end(args);
if (out == NULL)
fatal("%s: vasprintf failed", __func__);
debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
free(out);
if (buf == NULL)
return;
*h = '\0';
for (i = j = 0; i < len; i++) {
snprintf(h + j, sizeof(h) - j, "%02x", buf[i]);
j += 2;
if (j >= sizeof(h) - 1 || i == len - 1) {
debug3(" %s", h);
*h = '\0';
j = 0;
}
}
return modp_group_from_g_and_safe_p(JPAKE_GROUP_G, JPAKE_GROUP_P);
}
struct jpake_ctx *
@ -243,7 +89,6 @@ jpake_new(void)
return ret;
}
void
jpake_free(struct jpake_ctx *pctx)
{
@ -344,7 +189,7 @@ jpake_dump(struct jpake_ctx *pctx, const char *fmt, ...)
/* Shared parts of step 1 exchange calculation */
void
jpake_step1(struct jpake_group *grp,
jpake_step1(struct modp_group *grp,
u_char **id, u_int *id_len,
BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
u_char **priv1_proof, u_int *priv1_proof_len,
@ -383,11 +228,11 @@ jpake_step1(struct jpake_group *grp,
fatal("%s: BN_mod_exp", __func__);
/* Generate proofs for holding x1/x3 and x2/x4 */
if (schnorr_sign(grp->p, grp->q, grp->g,
if (schnorr_sign_buf(grp->p, grp->q, grp->g,
*priv1, *g_priv1, *id, *id_len,
priv1_proof, priv1_proof_len) != 0)
fatal("%s: schnorr_sign", __func__);
if (schnorr_sign(grp->p, grp->q, grp->g,
if (schnorr_sign_buf(grp->p, grp->q, grp->g,
*priv2, *g_priv2, *id, *id_len,
priv2_proof, priv2_proof_len) != 0)
fatal("%s: schnorr_sign", __func__);
@ -397,7 +242,7 @@ jpake_step1(struct jpake_group *grp,
/* Shared parts of step 2 exchange calculation */
void
jpake_step2(struct jpake_group *grp, BIGNUM *s,
jpake_step2(struct modp_group *grp, BIGNUM *s,
BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
const u_char *theirid, u_int theirid_len,
const u_char *myid, u_int myid_len,
@ -415,10 +260,10 @@ jpake_step2(struct jpake_group *grp, BIGNUM *s,
if (BN_cmp(theirpub2, BN_value_one()) <= 0)
fatal("%s: theirpub2 <= 1", __func__);
if (schnorr_verify(grp->p, grp->q, grp->g, theirpub1,
if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1,
theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1)
fatal("%s: schnorr_verify theirpub1 failed", __func__);
if (schnorr_verify(grp->p, grp->q, grp->g, theirpub2,
if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub2,
theirid, theirid_len, theirpub2_proof, theirpub2_proof_len) != 1)
fatal("%s: schnorr_verify theirpub2 failed", __func__);
@ -459,7 +304,7 @@ jpake_step2(struct jpake_group *grp, BIGNUM *s,
JPAKE_DEBUG_BN((exponent, "%s: exponent = ", __func__));
/* Note the generator here is 'tmp', not g */
if (schnorr_sign(grp->p, grp->q, tmp, exponent, *newpub,
if (schnorr_sign_buf(grp->p, grp->q, tmp, exponent, *newpub,
myid, myid_len,
newpub_exponent_proof, newpub_exponent_proof_len) != 0)
fatal("%s: schnorr_sign newpub", __func__);
@ -496,7 +341,7 @@ jpake_confirm_hash(const BIGNUM *k,
/* Shared parts of key derivation and confirmation calculation */
void
jpake_key_confirm(struct jpake_group *grp, BIGNUM *s, BIGNUM *step2_val,
jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
BIGNUM *theirpub1, BIGNUM *theirpub2,
const u_char *my_id, u_int my_id_len,
@ -531,7 +376,7 @@ jpake_key_confirm(struct jpake_group *grp, BIGNUM *s, BIGNUM *step2_val,
JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__));
if (schnorr_verify(grp->p, grp->q, tmp, step2_val,
if (schnorr_verify_buf(grp->p, grp->q, tmp, step2_val,
their_id, their_id_len,
theirpriv2_s_proof, theirpriv2_s_proof_len) != 1)
fatal("%s: schnorr_verify theirpriv2_s_proof failed", __func__);

38
jpake.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: jpake.h,v 1.1 2008/11/04 08:22:13 djm Exp $ */
/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@ -28,20 +28,16 @@
# define JPAKE_DEBUG_BUF(a)
# define JPAKE_DEBUG_CTX(a)
#else
# define JPAKE_DEBUG_BN(a) jpake_debug3_bn a
# define JPAKE_DEBUG_BUF(a) jpake_debug3_buf a
# define JPAKE_DEBUG_BN(a) debug3_bn a
# define JPAKE_DEBUG_BUF(a) debug3_buf a
# define JPAKE_DEBUG_CTX(a) jpake_dump a
#endif /* SCHNORR_DEBUG */
struct jpake_group {
BIGNUM *p, *q, *g;
};
#endif /* JPAKE_DEBUG */
#define KZP_ID_LEN 16 /* Length of client and server IDs */
struct jpake_ctx {
/* Parameters */
struct jpake_group *grp;
struct modp_group *grp;
/* Private values shared by client and server */
BIGNUM *s; /* Secret (salted, crypted password) */
@ -83,26 +79,18 @@ struct jpake_ctx {
};
/* jpake.c */
struct jpake_group *jpake_default_group(void);
BIGNUM *bn_rand_range_gt_one(const BIGNUM *high);
int hash_buffer(const u_char *, u_int, const EVP_MD *, u_char **, u_int *);
void jpake_debug3_bn(const BIGNUM *, const char *, ...)
__attribute__((__nonnull__ (2)))
__attribute__((format(printf, 2, 3)));
void jpake_debug3_buf(const u_char *, u_int, const char *, ...)
__attribute__((__nonnull__ (3)))
__attribute__((format(printf, 3, 4)));
struct modp_group *jpake_default_group(void);
void jpake_dump(struct jpake_ctx *, const char *, ...)
__attribute__((__nonnull__ (2)))
__attribute__((format(printf, 2, 3)));
struct jpake_ctx *jpake_new(void);
void jpake_free(struct jpake_ctx *);
void jpake_step1(struct jpake_group *, u_char **, u_int *,
void jpake_step1(struct modp_group *, u_char **, u_int *,
BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
u_char **, u_int *, u_char **, u_int *);
void jpake_step2(struct jpake_group *, BIGNUM *,
void jpake_step2(struct modp_group *, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
const u_char *, u_int, const u_char *, u_int,
const u_char *, u_int, const u_char *, u_int,
@ -113,7 +101,7 @@ void jpake_confirm_hash(const BIGNUM *,
const u_char *, u_int,
u_char **, u_int *);
void jpake_key_confirm(struct jpake_group *, BIGNUM *, BIGNUM *,
void jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
const u_char *, u_int, const u_char *, u_int,
const u_char *, u_int, const u_char *, u_int,
@ -122,13 +110,5 @@ void jpake_key_confirm(struct jpake_group *, BIGNUM *, BIGNUM *,
int jpake_check_confirm(const BIGNUM *, const u_char *, u_int,
const u_char *, u_int, const u_char *, u_int);
/* schnorr.c */
int schnorr_sign(const BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, const BIGNUM *, const u_char *, u_int ,
u_char **, u_int *);
int schnorr_verify(const BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, const u_char *, u_int,
const u_char *, u_int);
#endif /* JPAKE_H */

4
kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.80 2008/09/06 12:24:13 djm Exp $ */
/* $OpenBSD: kex.c,v 1.81 2009/05/27 06:34:36 andreas Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -49,8 +49,6 @@
#include "dispatch.h"
#include "monitor.h"
#define KEX_COOKIE_LEN 16
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256

4
kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.46 2007/06/07 19:37:34 pvalchev Exp $ */
/* $OpenBSD: kex.h,v 1.47 2009/05/27 06:34:36 andreas Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -30,6 +30,8 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#define KEX_COOKIE_LEN 16
#define KEX_DH1 "diffie-hellman-group1-sha1"
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"

6
kexdhs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */
/* $OpenBSD: kexdhs.c,v 1.10 2009/06/21 07:37:15 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -137,7 +137,9 @@ kexdh_server(Kex *kex)
}
/* sign H */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash,
hashlen)) < 0)
fatal("kexdh_server: key_sign failed");
/* destroy_sensitive_data(); */

6
kexgexs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */
/* $OpenBSD: kexgexs.c,v 1.12 2009/06/21 07:37:15 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -179,7 +179,9 @@ kexgex_server(Kex *kex)
}
/* sign H */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash,
hashlen)) < 0)
fatal("kexgex_server: key_sign failed");
/* destroy_sensitive_data(); */

2
moduli.0
View File

@ -69,4 +69,4 @@ SEE ALSO
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
Protocol, RFC 4419, 2006.
OpenBSD 4.5 June 26, 2008 2
OpenBSD 4.6 June 26, 2008 2

25
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.101 2009/02/12 03:26:22 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.104 2009/06/12 20:43:22 andreas Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -88,6 +88,7 @@
#include "compat.h"
#include "ssh2.h"
#include "jpake.h"
#include "roaming.h"
#ifdef GSSAPI
static Gssctxt *gsscontext = NULL;
@ -100,7 +101,6 @@ extern Newkeys *current_keys[];
extern z_stream incoming_stream;
extern z_stream outgoing_stream;
extern u_char session_id[];
extern Buffer input, output;
extern Buffer auth_debug;
extern int auth_debug_init;
extern Buffer loginmsg;
@ -126,6 +126,8 @@ struct {
u_int ilen;
u_char *output;
u_int olen;
u_int64_t sent_bytes;
u_int64_t recv_bytes;
} child_state;
/* Functions on the monitor that answer unprivileged requests */
@ -1670,15 +1672,20 @@ monitor_apply_keystate(struct monitor *pmonitor)
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
buffer_clear(&input);
buffer_append(&input, child_state.input, child_state.ilen);
buffer_clear(packet_get_input());
buffer_append(packet_get_input(), child_state.input, child_state.ilen);
memset(child_state.input, 0, child_state.ilen);
xfree(child_state.input);
buffer_clear(&output);
buffer_append(&output, child_state.output, child_state.olen);
buffer_clear(packet_get_output());
buffer_append(packet_get_output(), child_state.output,
child_state.olen);
memset(child_state.output, 0, child_state.olen);
xfree(child_state.output);
/* Roaming */
if (compat20)
roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes);
}
static Kex *
@ -1794,6 +1801,12 @@ mm_get_keystate(struct monitor *pmonitor)
child_state.input = buffer_get_string(&m, &child_state.ilen);
child_state.output = buffer_get_string(&m, &child_state.olen);
/* Roaming */
if (compat20) {
child_state.sent_bytes = buffer_get_int64(&m);
child_state.recv_bytes = buffer_get_int64(&m);
}
buffer_free(&m);
}

2
monitor_mm.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_mm.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
/* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.

31
monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.64 2008/11/04 08:22:13 djm Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.68 2009/06/22 05:39:28 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -71,19 +71,19 @@
#include "atomicio.h"
#include "monitor_fdpass.h"
#include "misc.h"
#include "schnorr.h"
#include "jpake.h"
#include "channels.h"
#include "session.h"
#include "servconf.h"
#include "roaming.h"
/* Imports */
extern int compat20;
extern Newkeys *newkeys[];
extern z_stream incoming_stream;
extern z_stream outgoing_stream;
extern struct monitor *pmonitor;
extern Buffer input, output;
extern Buffer loginmsg;
extern ServerOptions options;
@ -508,7 +508,7 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
Enc *enc;
Mac *mac;
Comp *comp;
Newkeys *newkey = newkeys[mode];
Newkeys *newkey = (Newkeys *)packet_get_newkeys(mode);
debug3("%s: converting %p", __func__, newkey);
@ -570,7 +570,7 @@ mm_send_kex(Buffer *m, Kex *kex)
void
mm_send_keystate(struct monitor *monitor)
{
Buffer m;
Buffer m, *input, *output;
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
@ -608,7 +608,8 @@ mm_send_keystate(struct monitor *monitor)
}
debug3("%s: Sending new keys: %p %p",
__func__, newkeys[MODE_OUT], newkeys[MODE_IN]);
__func__, packet_get_newkeys(MODE_OUT),
packet_get_newkeys(MODE_IN));
/* Keys from Kex */
if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
@ -655,8 +656,16 @@ mm_send_keystate(struct monitor *monitor)
buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
/* Network I/O buffers */
buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
input = (Buffer *)packet_get_input();
output = (Buffer *)packet_get_output();
buffer_put_string(&m, buffer_ptr(input), buffer_len(input));
buffer_put_string(&m, buffer_ptr(output), buffer_len(output));
/* Roaming */
if (compat20) {
buffer_put_int64(&m, get_sent_bytes());
buffer_put_int64(&m, get_recv_bytes());
}
mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
debug3("%s: Finished sending state", __func__);
@ -1282,7 +1291,7 @@ mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
}
void
mm_jpake_step1(struct jpake_group *grp,
mm_jpake_step1(struct modp_group *grp,
u_char **id, u_int *id_len,
BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
u_char **priv1_proof, u_int *priv1_proof_len,
@ -1317,7 +1326,7 @@ mm_jpake_step1(struct jpake_group *grp,
}
void
mm_jpake_step2(struct jpake_group *grp, BIGNUM *s,
mm_jpake_step2(struct modp_group *grp, BIGNUM *s,
BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
const u_char *theirid, u_int theirid_len,
const u_char *myid, u_int myid_len,
@ -1357,7 +1366,7 @@ mm_jpake_step2(struct jpake_group *grp, BIGNUM *s,
}
void
mm_jpake_key_confirm(struct jpake_group *grp, BIGNUM *s, BIGNUM *step2_val,
mm_jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
BIGNUM *theirpub1, BIGNUM *theirpub2,
const u_char *my_id, u_int my_id_len,

10
monitor_wrap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.h,v 1.21 2008/11/04 08:22:13 djm Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.22 2009/03/05 07:18:19 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -102,17 +102,17 @@ int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
int mm_skey_respond(void *, u_int, char **);
/* jpake */
struct jpake_group;
struct modp_group;
void mm_auth2_jpake_get_pwdata(struct Authctxt *, BIGNUM **, char **, char **);
void mm_jpake_step1(struct jpake_group *, u_char **, u_int *,
void mm_jpake_step1(struct modp_group *, u_char **, u_int *,
BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
u_char **, u_int *, u_char **, u_int *);
void mm_jpake_step2(struct jpake_group *, BIGNUM *,
void mm_jpake_step2(struct modp_group *, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
const u_char *, u_int, const u_char *, u_int,
const u_char *, u_int, const u_char *, u_int,
BIGNUM **, u_char **, u_int *);
void mm_jpake_key_confirm(struct jpake_group *, BIGNUM *, BIGNUM *,
void mm_jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
const u_char *, u_int, const u_char *, u_int,
const u_char *, u_int, const u_char *, u_int,

124
openbsd-compat/bsd-cygwin_util.c
View File

@ -39,9 +39,6 @@
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/utsname.h>
#include <sys/vfs.h>
#include <fcntl.h>
#include <stdlib.h>
@ -49,11 +46,6 @@
#include <windows.h>
#include "xmalloc.h"
#define is_winnt (GetVersion() < 0x80000000)
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
int
binary_open(const char *filename, int flags, ...)
@ -79,128 +71,12 @@ binary_pipe(int fd[2])
return (ret);
}
#define HAS_CREATE_TOKEN 1
#define HAS_NTSEC_BY_DEFAULT 2
#define HAS_CREATE_TOKEN_WO_NTSEC 3
static int
has_capability(int what)
{
static int inited;
static int has_create_token;
static int has_ntsec_by_default;
static int has_create_token_wo_ntsec;
/*
* has_capability() basically calls uname() and checks if
* specific capabilities of Cygwin can be evaluated from that.
* This simplifies the calling functions which only have to ask
* for a capability using has_capability() instead of having
* to figure that out by themselves.
*/
if (!inited) {
struct utsname uts;
if (!uname(&uts)) {
int major_high = 0, major_low = 0, minor = 0;
int api_major_version = 0, api_minor_version = 0;
char *c;
sscanf(uts.release, "%d.%d.%d", &major_high,
&major_low, &minor);
if ((c = strchr(uts.release, '(')) != NULL) {
sscanf(c + 1, "%d.%d", &api_major_version,
&api_minor_version);
}
if (major_high > 1 ||
(major_high == 1 && (major_low > 3 ||
(major_low == 3 && minor >= 2))))
has_create_token = 1;
if (api_major_version > 0 || api_minor_version >= 56)
has_ntsec_by_default = 1;
if (major_high > 1 ||
(major_high == 1 && major_low >= 5))
has_create_token_wo_ntsec = 1;
inited = 1;
}
}
switch (what) {
case HAS_CREATE_TOKEN:
return (has_create_token);
case HAS_NTSEC_BY_DEFAULT:
return (has_ntsec_by_default);
case HAS_CREATE_TOKEN_WO_NTSEC:
return (has_create_token_wo_ntsec);
}
return (0);
}
int
check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
/*
* The only authentication which is able to change the user
* context on NT systems is the password authentication. So
* we deny all requsts for changing the user context if another
* authentication method is used.
*
* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
* uses the undocumented NtCreateToken() call to create a user
* token if the process has the appropriate privileges and if
* CYGWIN ntsec setting is on.
*/
static int has_create_token = -1;
if (pw == NULL)
return 0;
if (is_winnt) {
if (has_create_token < 0) {
char *cygwin = getenv("CYGWIN");
has_create_token = 0;
if (has_capability(HAS_CREATE_TOKEN) &&
(ntsec_on(cygwin) ||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
!ntsec_off(cygwin)) ||
has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
has_create_token = 1;
}
if (has_create_token < 1 &&
!pwd_authenticated && geteuid() != pw->pw_uid)
return (0);
}
return (1);
}
int
check_ntsec(const char *filename)
{
return (pathconf(filename, _PC_POSIX_PERMISSIONS));
}
void
register_9x_service(void)
{
HINSTANCE kerneldll;
DWORD (*RegisterServiceProcess)(DWORD, DWORD);
/* The service register mechanism in 9x/Me is pretty different from
* NT/2K/XP. In NT/2K/XP we're using a special service starter
* application to register and control sshd as service. This method
* doesn't play nicely with 9x/Me. For that reason we register here
* as service when running under 9x/Me. This function is only called
* by the child sshd when it's going to daemonize.
*/
if (is_winnt)
return;
if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
return;
if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
GetProcAddress(kerneldll, "RegisterServiceProcess")))
return;
RegisterServiceProcess(0, 1);
}
#define NL(x) x, (sizeof (x) - 1)
#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))

5
openbsd-compat/bsd-cygwin_util.h
View File

@ -1,4 +1,4 @@
/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */
/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
/*
* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
@ -35,7 +35,6 @@
#ifdef HAVE_CYGWIN
#undef ERROR
#define is_winnt (GetVersion() < 0x80000000)
#include <windows.h>
#include <sys/cygwin.h>
@ -43,9 +42,7 @@
int binary_open(const char *, int , ...);
int binary_pipe(int fd[2]);
int check_nt_auth(int, struct passwd *);
int check_ntsec(const char *);
void register_9x_service(void);
char **fetch_windows_environment(void);
void free_windows_environment(char **);

10
openbsd-compat/daemon.c
View File

@ -57,18 +57,8 @@ daemon(int nochdir, int noclose)
case -1:
return (-1);
case 0:
#ifdef HAVE_CYGWIN
register_9x_service();
#endif
break;
default:
#ifdef HAVE_CYGWIN
/*
* This sleep avoids a race condition which kills the
* child process if parent is started by a NT/W2K service.
*/
sleep(1);
#endif
_exit(0);
}

2
openbsd-compat/getrrsetbyname.c
View File

@ -143,7 +143,7 @@ u_int32_t _getlong(register const u_char *);
/* ************** */
#define ANSWER_BUFFER_SIZE 1024*64
#define ANSWER_BUFFER_SIZE 0xffff
struct dns_query {
char *name;

11
openbsd-compat/openssl-compat.c
View File

@ -1,4 +1,4 @@
/* $Id: openssl-compat.c,v 1.6 2008/02/28 08:13:52 dtucker Exp $ */
/* $Id: openssl-compat.c,v 1.8 2009/03/07 11:22:35 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -49,6 +49,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
}
#endif
#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
int
ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
{
EVP_DigestUpdate(ctx, d, cnt);
return 1;
}
#endif
#ifdef USE_OPENSSL_ENGINE
void
ssh_SSLeay_add_all_algorithms(void)

6
openbsd-compat/openssl-compat.h
View File

@ -1,4 +1,4 @@
/* $Id: openssl-compat.h,v 1.12 2008/02/28 08:22:04 dtucker Exp $ */
/* $Id: openssl-compat.h,v 1.14 2009/03/07 11:22:35 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -80,6 +80,10 @@ extern const EVP_CIPHER *evp_acss(void);
# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
# endif /* SSH_OLD_EVP */
# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
# define EVP_DigestUpdate(a,b,c) ssh_EVP_DigestUpdate((a),(b),(c))
# endif
# ifdef USE_OPENSSL_ENGINE
# ifdef SSLeay_add_all_algorithms
# undef SSLeay_add_all_algorithms

19
openbsd-compat/port-aix.c
View File

@ -57,6 +57,8 @@
#include "port-aix.h"
static char *lastlogin_msg = NULL;
# ifdef HAVE_SETAUTHDB
static char old_registry[REGISTRY_SIZE] = "";
# endif
@ -276,23 +278,30 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm,
Buffer *loginmsg)
{
char *msg = NULL;
static int msg_done = 0;
int success = 0;
aix_setauthdb(user);
if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
success = 1;
if (msg != NULL && loginmsg != NULL && !msg_done) {
if (msg != NULL) {
debug("AIX/loginsuccess: msg %s", msg);
buffer_append(loginmsg, msg, strlen(msg));
xfree(msg);
msg_done = 1;
if (lastlogin_msg == NULL)
lastlogin_msg = msg;
}
}
aix_restoreauthdb();
return (success);
}
char *
sys_auth_get_lastlogin_msg(const char *user, uid_t uid)
{
char *msg = lastlogin_msg;
lastlogin_msg = NULL;
return msg;
}
# ifdef CUSTOM_FAILED_LOGIN
/*
* record_failed_login: generic "login failed" interface function

9
openbsd-compat/port-aix.h
View File

@ -1,4 +1,4 @@
/* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */
/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */
/*
*
@ -71,6 +71,11 @@ int passwdexpired(char *, char **);
# include <sys/timers.h>
#endif
/* for setpcred and friends */
#ifdef HAVE_USERSEC_H
# include <usersec.h>
#endif
/*
* According to the setauthdb man page, AIX password registries must be 15
* chars or less plus terminating NUL.
@ -87,6 +92,8 @@ void aix_usrinfo(struct passwd *);
int sys_auth_allowed_user(struct passwd *, Buffer *);
# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
int sys_auth_record_login(const char *, const char *, const char *, Buffer *);
# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
char *sys_auth_get_lastlogin_msg(const char *, uid_t);
# define CUSTOM_FAILED_LOGIN 1
#endif

997
packet.c
View File

File diff suppressed because it is too large Load Diff

17
packet.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.h,v 1.49 2008/07/10 18:08:11 markus Exp $ */
/* $OpenBSD: packet.h,v 1.52 2009/06/27 09:29:06 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -39,6 +39,7 @@ void packet_set_authenticated(void);
void packet_start(u_char);
void packet_put_char(int ch);
void packet_put_int(u_int value);
void packet_put_int64(u_int64_t value);
void packet_put_bignum(BIGNUM * value);
void packet_put_bignum2(BIGNUM * value);
void packet_put_string(const void *buf, u_int len);
@ -55,6 +56,7 @@ int packet_read_poll_seqnr(u_int32_t *seqnr_p);
u_int packet_get_char(void);
u_int packet_get_int(void);
u_int64_t packet_get_int64(void);
void packet_get_bignum(BIGNUM * value);
void packet_get_bignum2(BIGNUM * value);
void *packet_get_raw(u_int *length_ptr);
@ -72,6 +74,7 @@ void packet_get_state(int, u_int32_t *, u_int64_t *, u_int32_t *, u_int64_t *);
void packet_set_state(int, u_int32_t, u_int64_t, u_int32_t, u_int64_t);
int packet_get_ssh1_cipher(void);
void packet_set_iv(int, u_char *);
void *packet_get_newkeys(int);
void packet_write_poll(void);
void packet_write_wait(void);
@ -87,10 +90,10 @@ void packet_add_padding(u_char);
void tty_make_modes(int, struct termios *);
void tty_parse_modes(int, int *);
extern u_int max_packet_size;
extern int keep_alive_timeouts;
void packet_set_alive_timeouts(int);
int packet_inc_alive_timeouts(void);
int packet_set_maxsize(u_int);
#define packet_get_maxsize() max_packet_size
u_int packet_get_maxsize(void);
/* don't allow remaining bytes after the end of the message */
#define packet_check_eom() \
@ -106,4 +109,10 @@ do { \
int packet_need_rekeying(void);
void packet_set_rekey_limit(u_int32_t);
void packet_backup_state(void);
void packet_restore_state(void);
void *packet_get_input(void);
void *packet_get_output(void);
#endif /* PACKET_H */

12
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -130,7 +130,7 @@ typedef enum {
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oZeroKnowledgePasswordAuthentication,
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oDeprecated, oUnsupported
} OpCodes;
@ -228,6 +228,7 @@ static struct {
{ "localcommand", oLocalCommand },
{ "permitlocalcommand", oPermitLocalCommand },
{ "visualhostkey", oVisualHostKey },
{ "useroaming", oUseRoaming },
#ifdef JPAKE
{ "zeroknowledgepasswordauthentication",
oZeroKnowledgePasswordAuthentication },
@ -914,6 +915,10 @@ process_config_line(Options *options, const char *host,
intptr = &options->visual_host_key;
goto parse_flag;
case oUseRoaming:
intptr = &options->use_roaming;
goto parse_flag;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@ -1063,6 +1068,7 @@ initialize_options(Options * options)
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
options->use_roaming = -1;
options->visual_host_key = -1;
options->zero_knowledge_password_authentication = -1;
}
@ -1199,6 +1205,8 @@ fill_default_options(Options * options)
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
if (options->use_roaming == -1)
options->use_roaming = 1;
if (options->visual_host_key == -1)
options->visual_host_key = 0;
if (options->zero_knowledge_password_authentication == -1)

4
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.78 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: readconf.h,v 1.79 2009/06/27 09:35:06 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -123,6 +123,8 @@ typedef struct {
int permit_local_command;
int visual_host_key;
int use_roaming;
} Options;
#define SSHCTL_MASTER_NO 0

38
roaming.h Normal file
View File

@ -0,0 +1,38 @@
/* $OpenBSD: roaming.h,v 1.4 2009/06/27 09:32:43 andreas Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef ROAMING_H
#define ROAMING_H
#define DEFAULT_ROAMBUF 65536
extern int resume_in_progress;
int get_snd_buf_size(void);
int get_recv_buf_size(void);
void add_recv_bytes(u_int64_t);
void set_out_buffer_size(size_t);
ssize_t roaming_write(int, const void *, size_t, int *);
ssize_t roaming_read(int, void *, size_t, int *);
size_t roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
u_int64_t get_recv_bytes(void);
u_int64_t get_sent_bytes(void);
void roam_set_bytes(u_int64_t, u_int64_t);
void resend_bytes(int, u_int64_t *);
int resume_kex(void);
#endif /* ROAMING */

201
roaming_common.c Normal file
View File

@ -0,0 +1,201 @@
/* $OpenBSD: roaming_common.c,v 1.5 2009/06/27 09:32:43 andreas Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include <errno.h>
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#endif
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include "atomicio.h"
#include "log.h"
#include "packet.h"
#include "xmalloc.h"
#include "cipher.h"
#include "buffer.h"
#include "roaming.h"
static size_t out_buf_size = 0;
static char *out_buf = NULL;
static size_t out_start;
static size_t out_last;
static u_int64_t write_bytes = 0;
static u_int64_t read_bytes = 0;
int roaming_enabled = 0;
int resume_in_progress = 0;
int
get_snd_buf_size()
{
int fd = packet_get_connection_out();
int optval, optvallen;
optvallen = sizeof(optval);
if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen) != 0)
optval = DEFAULT_ROAMBUF;
return optval;
}
int
get_recv_buf_size()
{
int fd = packet_get_connection_in();
int optval, optvallen;
optvallen = sizeof(optval);
if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &optval, &optvallen) != 0)
optval = DEFAULT_ROAMBUF;
return optval;
}
void
set_out_buffer_size(size_t size)
{
/*
* The buffer size can only be set once and the buffer will live
* as long as the session lives.
*/
if (out_buf == NULL) {
out_buf_size = size;
out_buf = xmalloc(size);
out_start = 0;
out_last = 0;
}
}
u_int64_t
get_recv_bytes(void)
{
return read_bytes;
}
void
add_recv_bytes(u_int64_t num)
{
read_bytes += num;
}
u_int64_t
get_sent_bytes(void)
{
return write_bytes;
}
void
roam_set_bytes(u_int64_t sent, u_int64_t recvd)
{
read_bytes = recvd;
write_bytes = sent;
}
static void
buf_append(const char *buf, size_t count)
{
if (count > out_buf_size) {
buf += count - out_buf_size;
count = out_buf_size;
}
if (count < out_buf_size - out_last) {
memcpy(out_buf + out_last, buf, count);
if (out_start > out_last)
out_start += count;
out_last += count;
} else {
/* data will wrap */
size_t chunk = out_buf_size - out_last;
memcpy(out_buf + out_last, buf, chunk);
memcpy(out_buf, buf + chunk, count - chunk);
out_last = count - chunk;
out_start = out_last + 1;
}
}
ssize_t
roaming_write(int fd, const void *buf, size_t count, int *cont)
{
ssize_t ret;
ret = write(fd, buf, count);
if (ret > 0 && !resume_in_progress) {
write_bytes += ret;
if (out_buf_size > 0)
buf_append(buf, ret);
}
debug3("Wrote %ld bytes for a total of %llu", (long)ret,
(unsigned long long)write_bytes);
return ret;
}
ssize_t
roaming_read(int fd, void *buf, size_t count, int *cont)
{
ssize_t ret = read(fd, buf, count);
if (ret > 0) {
if (!resume_in_progress) {
read_bytes += ret;
}
}
return ret;
}
size_t
roaming_atomicio(ssize_t(*f)(int, void*, size_t), int fd, void *buf,
size_t count)
{
size_t ret = atomicio(f, fd, buf, count);
if (f == vwrite && ret > 0 && !resume_in_progress) {
write_bytes += ret;
} else if (f == read && ret > 0 && !resume_in_progress) {
read_bytes += ret;
}
return ret;
}
void
resend_bytes(int fd, u_int64_t *offset)
{
size_t available, needed;
if (out_start < out_last)
available = out_last - out_start;
else
available = out_buf_size;
needed = write_bytes - *offset;
debug3("resend_bytes: resend %lu bytes from %llu",
(unsigned long)needed, (unsigned long long)*offset);
if (needed > available)
fatal("Needed to resend more data than in the cache");
if (out_last < needed) {
int chunkend = needed - out_last;
atomicio(vwrite, fd, out_buf + out_buf_size - chunkend,
chunkend);
atomicio(vwrite, fd, out_buf, out_last);
} else {
atomicio(vwrite, fd, out_buf + (out_last - needed), needed);
}
}

61
roaming_dummy.c Normal file
View File

@ -0,0 +1,61 @@
/* $OpenBSD: roaming_dummy.c,v 1.3 2009/06/21 09:04:03 dtucker Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This file is included in the client programs which should not
* support roaming.
*/
#include "includes.h"
#include <sys/types.h>
#include <unistd.h>
#include "roaming.h"
int resume_in_progress = 0;
u_int64_t
get_recv_bytes(void)
{
return 0;
}
ssize_t
roaming_write(int fd, const void *buf, size_t count, int *cont)
{
return write(fd, buf, count);
}
ssize_t
roaming_read(int fd, void *buf, size_t count, int *cont)
{
if (cont)
*cont = 0;
return read(fd, buf, count);
}
void
add_recv_bytes(u_int64_t num)
{
}
int
resume_kex(void)
{
return 1;
}

378
schnorr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: schnorr.c,v 1.2 2009/02/18 04:31:21 djm Exp $ */
/* $OpenBSD: schnorr.c,v 1.3 2009/03/05 07:18:19 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@ -40,36 +40,34 @@
#include "buffer.h"
#include "log.h"
#include "jpake.h"
#include "schnorr.h"
#include "openbsd-compat/openssl-compat.h"
/* #define SCHNORR_DEBUG */ /* Privacy-violating debugging */
/* #define SCHNORR_MAIN */ /* Include main() selftest */
/* XXX */
/* Parametise signature hash? (sha256, sha1, etc.) */
/* Signature format - include type name, hash type, group params? */
#ifndef SCHNORR_DEBUG
# define SCHNORR_DEBUG_BN(a)
# define SCHNORR_DEBUG_BUF(a)
#else
# define SCHNORR_DEBUG_BN(a) jpake_debug3_bn a
# define SCHNORR_DEBUG_BUF(a) jpake_debug3_buf a
# define SCHNORR_DEBUG_BN(a) debug3_bn a
# define SCHNORR_DEBUG_BUF(a) debug3_buf a
#endif /* SCHNORR_DEBUG */
/*
* Calculate hash component of Schnorr signature H(g || g^v || g^x || id)
* using SHA1. Returns signature as bignum or NULL on error.
* using the hash function defined by "evp_md". Returns signature as
* bignum or NULL on error.
*/
static BIGNUM *
schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
const BIGNUM *g_v, const BIGNUM *g_x,
const EVP_MD *evp_md, const BIGNUM *g_v, const BIGNUM *g_x,
const u_char *id, u_int idlen)
{
u_char *digest;
u_int digest_len;
BIGNUM *h;
EVP_MD_CTX evp_md_ctx;
Buffer b;
int success = -1;
@ -79,7 +77,6 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
}
buffer_init(&b);
EVP_MD_CTX_init(&evp_md_ctx);
/* h = H(g || p || q || g^v || g^x || id) */
buffer_put_bignum2(&b, g);
@ -91,7 +88,7 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: hashblob", __func__));
if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_md,
&digest, &digest_len) != 0) {
error("%s: hash_buffer", __func__);
goto out;
@ -104,7 +101,6 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
SCHNORR_DEBUG_BN((h, "%s: h = ", __func__));
out:
buffer_free(&b);
EVP_MD_CTX_cleanup(&evp_md_ctx);
bzero(digest, digest_len);
xfree(digest);
digest_len = 0;
@ -117,18 +113,20 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
/*
* Generate Schnorr signature to prove knowledge of private value 'x' used
* in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
* using the hash function "evp_md".
* 'idlen' bytes from 'id' will be included in the signature hash as an anti-
* replay salt.
* On success, 0 is returned and *siglen bytes of signature are returned in
* *sig (caller to free). Returns -1 on failure.
*
* On success, 0 is returned. The signature values are returned as *e_p
* (g^v mod p) and *r_p (v - xh mod q). The caller must free these values.
* On failure, -1 is returned.
*/
int
schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
u_char **sig, u_int *siglen)
const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x,
const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p)
{
int success = -1;
Buffer b;
BIGNUM *h, *tmp, *v, *g_v, *r;
BN_CTX *bn_ctx;
@ -171,7 +169,7 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__));
/* h = H(g || g^v || g^x || id) */
if ((h = schnorr_hash(grp_p, grp_q, grp_g, g_v, g_x,
if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, g_v, g_x,
id, idlen)) == NULL) {
error("%s: schnorr_hash failed", __func__);
goto out;
@ -186,19 +184,12 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
error("%s: BN_mod_mul (r = v - tmp)", __func__);
goto out;
}
SCHNORR_DEBUG_BN((g_v, "%s: e = ", __func__));
SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
/* Signature is (g_v, r) */
buffer_init(&b);
/* XXX sigtype-hash as string? */
buffer_put_bignum2(&b, g_v);
buffer_put_bignum2(&b, r);
*siglen = buffer_len(&b);
*sig = xmalloc(*siglen);
memcpy(*sig, buffer_ptr(&b), *siglen);
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: sigblob", __func__));
buffer_free(&b);
*e_p = g_v;
*r_p = r;
success = 0;
out:
BN_CTX_free(bn_ctx);
@ -206,29 +197,65 @@ schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
BN_clear_free(h);
if (v != NULL)
BN_clear_free(v);
BN_clear_free(r);
BN_clear_free(g_v);
BN_clear_free(tmp);
return success;
}
/*
* Verify Schnorr signature 'sig' of length 'siglen' against public exponent
* g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g'.
* Generate Schnorr signature to prove knowledge of private value 'x' used
* in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
* using a SHA256 hash.
* 'idlen' bytes from 'id' will be included in the signature hash as an anti-
* replay salt.
* On success, 0 is returned and *siglen bytes of signature are returned in
* *sig (caller to free). Returns -1 on failure.
*/
int
schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
u_char **sig, u_int *siglen)
{
Buffer b;
BIGNUM *r, *e;
if (schnorr_sign(grp_p, grp_q, grp_g, EVP_sha256(),
x, g_x, id, idlen, &r, &e) != 0)
return -1;
/* Signature is (e, r) */
buffer_init(&b);
/* XXX sigtype-hash as string? */
buffer_put_bignum2(&b, e);
buffer_put_bignum2(&b, r);
*siglen = buffer_len(&b);
*sig = xmalloc(*siglen);
memcpy(*sig, buffer_ptr(&b), *siglen);
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: sigblob", __func__));
buffer_free(&b);
BN_clear_free(r);
BN_clear_free(e);
return 0;
}
/*
* Verify Schnorr signature { r (v - xh mod q), e (g^v mod p) } against
* public exponent g_x (g^x) under group defined by 'grp_p', 'grp_q' and
* 'grp_g' using hash "evp_md".
* Signature hash will be salted with 'idlen' bytes from 'id'.
* Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
*/
int
schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
const BIGNUM *g_x, const u_char *id, u_int idlen,
const u_char *sig, u_int siglen)
const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen,
const BIGNUM *r, const BIGNUM *e)
{
int success = -1;
Buffer b;
BIGNUM *g_v, *h, *r, *g_xh, *g_r, *expected;
BIGNUM *h, *g_xh, *g_r, *expected;
BN_CTX *bn_ctx;
u_int rlen;
SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
@ -238,39 +265,23 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
return -1;
}
g_v = h = r = g_xh = g_r = expected = NULL;
h = g_xh = g_r = expected = NULL;
if ((bn_ctx = BN_CTX_new()) == NULL) {
error("%s: BN_CTX_new", __func__);
goto out;
}
if ((g_v = BN_new()) == NULL ||
(r = BN_new()) == NULL ||
(g_xh = BN_new()) == NULL ||
if ((g_xh = BN_new()) == NULL ||
(g_r = BN_new()) == NULL ||
(expected = BN_new()) == NULL) {
error("%s: BN_new", __func__);
goto out;
}
/* Extract g^v and r from signature blob */
buffer_init(&b);
buffer_append(&b, sig, siglen);
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: sigblob", __func__));
buffer_get_bignum2(&b, g_v);
buffer_get_bignum2(&b, r);
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
error("%s: remaining bytes in signature %d", __func__, rlen);
goto out;
}
buffer_free(&b);
SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__));
SCHNORR_DEBUG_BN((e, "%s: e = ", __func__));
SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
/* h = H(g || g^v || g^x || id) */
if ((h = schnorr_hash(grp_p, grp_q, grp_g, g_v, g_x,
if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, e, g_x,
id, idlen)) == NULL) {
error("%s: schnorr_hash failed", __func__);
goto out;
@ -297,20 +308,248 @@ schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
}
SCHNORR_DEBUG_BN((expected, "%s: expected = ", __func__));
/* Check g_v == expected */
success = BN_cmp(expected, g_v) == 0;
/* Check e == expected */
success = BN_cmp(expected, e) == 0;
out:
BN_CTX_free(bn_ctx);
if (h != NULL)
BN_clear_free(h);
BN_clear_free(g_v);
BN_clear_free(r);
BN_clear_free(g_xh);
BN_clear_free(g_r);
BN_clear_free(expected);
return success;
}
/*
* Verify Schnorr signature 'sig' of length 'siglen' against public exponent
* g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g' using a
* SHA256 hash.
* Signature hash will be salted with 'idlen' bytes from 'id'.
* Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
*/
int
schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q,
const BIGNUM *grp_g,
const BIGNUM *g_x, const u_char *id, u_int idlen,
const u_char *sig, u_int siglen)
{
Buffer b;
int ret = -1;
u_int rlen;
BIGNUM *r, *e;
e = r = NULL;
if ((e = BN_new()) == NULL ||
(r = BN_new()) == NULL) {
error("%s: BN_new", __func__);
goto out;
}
/* Extract g^v and r from signature blob */
buffer_init(&b);
buffer_append(&b, sig, siglen);
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: sigblob", __func__));
buffer_get_bignum2(&b, e);
buffer_get_bignum2(&b, r);
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
error("%s: remaining bytes in signature %d", __func__, rlen);
goto out;
}
ret = schnorr_verify(grp_p, grp_q, grp_g, EVP_sha256(),
g_x, id, idlen, r, e);
out:
BN_clear_free(e);
BN_clear_free(r);
return ret;
}
/* Helper functions */
/*
* Generate uniformly distributed random number in range (1, high).
* Return number on success, NULL on failure.
*/
BIGNUM *
bn_rand_range_gt_one(const BIGNUM *high)
{
BIGNUM *r, *tmp;
int success = -1;
if ((tmp = BN_new()) == NULL) {
error("%s: BN_new", __func__);
return NULL;
}
if ((r = BN_new()) == NULL) {
error("%s: BN_new failed", __func__);
goto out;
}
if (BN_set_word(tmp, 2) != 1) {
error("%s: BN_set_word(tmp, 2)", __func__);
goto out;
}
if (BN_sub(tmp, high, tmp) == -1) {
error("%s: BN_sub failed (tmp = high - 2)", __func__);
goto out;
}
if (BN_rand_range(r, tmp) == -1) {
error("%s: BN_rand_range failed", __func__);
goto out;
}
if (BN_set_word(tmp, 2) != 1) {
error("%s: BN_set_word(tmp, 2)", __func__);
goto out;
}
if (BN_add(r, r, tmp) == -1) {
error("%s: BN_add failed (r = r + 2)", __func__);
goto out;
}
success = 0;
out:
BN_clear_free(tmp);
if (success == 0)
return r;
BN_clear_free(r);
return NULL;
}
/*
* Hash contents of buffer 'b' with hash 'md'. Returns 0 on success,
* with digest via 'digestp' (caller to free) and length via 'lenp'.
* Returns -1 on failure.
*/
int
hash_buffer(const u_char *buf, u_int len, const EVP_MD *md,
u_char **digestp, u_int *lenp)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int digest_len;
EVP_MD_CTX evp_md_ctx;
int success = -1;
EVP_MD_CTX_init(&evp_md_ctx);
if (EVP_DigestInit_ex(&evp_md_ctx, md, NULL) != 1) {
error("%s: EVP_DigestInit_ex", __func__);
goto out;
}
if (EVP_DigestUpdate(&evp_md_ctx, buf, len) != 1) {
error("%s: EVP_DigestUpdate", __func__);
goto out;
}
if (EVP_DigestFinal_ex(&evp_md_ctx, digest, &digest_len) != 1) {
error("%s: EVP_DigestFinal_ex", __func__);
goto out;
}
*digestp = xmalloc(digest_len);
*lenp = digest_len;
memcpy(*digestp, digest, *lenp);
success = 0;
out:
EVP_MD_CTX_cleanup(&evp_md_ctx);
bzero(digest, sizeof(digest));
digest_len = 0;
return success;
}
/* print formatted string followed by bignum */
void
debug3_bn(const BIGNUM *n, const char *fmt, ...)
{
char *out, *h;
va_list args;
out = NULL;
va_start(args, fmt);
vasprintf(&out, fmt, args);
va_end(args);
if (out == NULL)
fatal("%s: vasprintf failed", __func__);
if (n == NULL)
debug3("%s(null)", out);
else {
h = BN_bn2hex(n);
debug3("%s0x%s", out, h);
free(h);
}
free(out);
}
/* print formatted string followed by buffer contents in hex */
void
debug3_buf(const u_char *buf, u_int len, const char *fmt, ...)
{
char *out, h[65];
u_int i, j;
va_list args;
out = NULL;
va_start(args, fmt);
vasprintf(&out, fmt, args);
va_end(args);
if (out == NULL)
fatal("%s: vasprintf failed", __func__);
debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
free(out);
if (buf == NULL)
return;
*h = '\0';
for (i = j = 0; i < len; i++) {
snprintf(h + j, sizeof(h) - j, "%02x", buf[i]);
j += 2;
if (j >= sizeof(h) - 1 || i == len - 1) {
debug3(" %s", h);
*h = '\0';
j = 0;
}
}
}
/*
* Construct a MODP group from hex strings p (which must be a safe
* prime) and g, automatically calculating subgroup q as (p / 2)
*/
struct modp_group *
modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p)
{
struct modp_group *ret;
ret = xmalloc(sizeof(*ret));
ret->p = ret->q = ret->g = NULL;
if (BN_hex2bn(&ret->p, grp_p) == 0 ||
BN_hex2bn(&ret->g, grp_g) == 0)
fatal("%s: BN_hex2bn", __func__);
/* Subgroup order is p/2 (p is a safe prime) */
if ((ret->q = BN_new()) == NULL)
fatal("%s: BN_new", __func__);
if (BN_rshift1(ret->q, ret->p) != 1)
fatal("%s: BN_rshift1", __func__);
return ret;
}
void
modp_group_free(struct modp_group *grp)
{
if (grp->g != NULL)
BN_clear_free(grp->g);
if (grp->p != NULL)
BN_clear_free(grp->p);
if (grp->q != NULL)
BN_clear_free(grp->q);
bzero(grp, sizeof(*grp));
xfree(grp);
}
/* main() function for self-test */
#ifdef SCHNORR_MAIN
static void
schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
@ -328,16 +567,17 @@ schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
if (BN_mod_exp(g_x, grp_g, x, grp_p, bn_ctx) == -1)
fatal("%s: g_x", __func__);
if (schnorr_sign(grp_p, grp_q, grp_g, x, g_x, "junk", 4, &sig, &siglen))
if (schnorr_sign_buf(grp_p, grp_q, grp_g, x, g_x, "junk", 4,
&sig, &siglen))
fatal("%s: schnorr_sign", __func__);
if (schnorr_verify(grp_p, grp_q, grp_g, g_x, "junk", 4,
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
sig, siglen) != 1)
fatal("%s: verify fail", __func__);
if (schnorr_verify(grp_p, grp_q, grp_g, g_x, "JUNK", 4,
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "JUNK", 4,
sig, siglen) != 0)
fatal("%s: verify should have failed (bad ID)", __func__);
sig[4] ^= 1;
if (schnorr_verify(grp_p, grp_q, grp_g, g_x, "junk", 4,
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
sig, siglen) != 0)
fatal("%s: verify should have failed (bit error)", __func__);
xfree(sig);
@ -349,7 +589,7 @@ static void
schnorr_selftest(void)
{
BIGNUM *x;
struct jpake_group *grp;
struct modp_group *grp;
u_int i;
char *hh;

60
schnorr.h Normal file
View File

@ -0,0 +1,60 @@
/* $OpenBSD: schnorr.h,v 1.1 2009/03/05 07:18:19 djm Exp $ */
/*
* Copyright (c) 2009 Damien Miller. All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef SCHNORR_H
#define SCHNORR_H
#include <sys/types.h>
#include <openssl/bn.h>
struct modp_group {
BIGNUM *p, *q, *g;
};
BIGNUM *bn_rand_range_gt_one(const BIGNUM *high);
int hash_buffer(const u_char *, u_int, const EVP_MD *, u_char **, u_int *);
void debug3_bn(const BIGNUM *, const char *, ...)
__attribute__((__nonnull__ (2)))
__attribute__((format(printf, 2, 3)));
void debug3_buf(const u_char *, u_int, const char *, ...)
__attribute__((__nonnull__ (3)))
__attribute__((format(printf, 3, 4)));
struct modp_group *modp_group_from_g_and_safe_p(const char *, const char *);
void modp_group_free(struct modp_group *);
/* Signature and verification functions */
int
schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x,
const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p);
int
schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
u_char **sig, u_int *siglen);
int
schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen,
const BIGNUM *r, const BIGNUM *e);
int
schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q,
const BIGNUM *grp_g,
const BIGNUM *g_x, const u_char *id, u_int idlen,
const u_char *sig, u_int siglen);
#endif /* JPAKE_H */

2
scp.0
View File

@ -145,4 +145,4 @@ AUTHORS
Timo Rinne <tri@iki.fi>
Tatu Ylonen <ylo@cs.hut.fi>
OpenBSD 4.5 July 12, 2008 3
OpenBSD 4.6 July 12, 2008 3

10
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.194 2009/01/22 10:02:34 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -343,7 +343,7 @@ static struct {
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
#ifdef KRB5
{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
@ -417,10 +417,10 @@ static struct {
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
{ "match", sMatch, SSHCFG_ALL },
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
@ -1376,7 +1376,7 @@ parse_server_match_config(ServerOptions *options, const char *user,
/*
* Copy any supported values that are set.
*
* If the preauth flag is set, we do not bother copying the the string or
* If the preauth flag is set, we do not bother copying the string or
* array values that are not used pre-authentication, because any that we
* do use must be explictly sent in mm_getpwnamallow().
*/

15
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.157 2009/02/12 03:16:01 djm Exp $ */
/* $OpenBSD: serverloop.c,v 1.159 2009/05/28 16:50:16 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -78,6 +78,7 @@
#include "auth-options.h"
#include "serverloop.h"
#include "misc.h"
#include "roaming.h"
extern ServerOptions options;
@ -249,7 +250,7 @@ client_alive_check(void)
int channel_id;
/* timeout, check to see how many we have had */
if (++keep_alive_timeouts > options.client_alive_count_max) {
if (packet_inc_alive_timeouts() > options.client_alive_count_max) {
logit("Timeout, client not responding.");
cleanup_exit(255);
}
@ -391,8 +392,11 @@ process_input(fd_set *readset)
/* Read and buffer any input data from the client. */
if (FD_ISSET(connection_in, readset)) {
len = read(connection_in, buf, sizeof(buf));
int cont = 0;
len = roaming_read(connection_in, buf, sizeof(buf), &cont);
if (len == 0) {
if (cont)
return;
verbose("Connection closed by %.100s",
get_remote_ipaddr());
connection_closed = 1;
@ -890,7 +894,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
* even if this was generated by something other than
* the bogus CHANNEL_REQUEST we send for keepalives.
*/
keep_alive_timeouts = 0;
packet_set_alive_timeouts(0);
}
static void
@ -1120,7 +1124,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
|| (listen_port != 0 && listen_port < IPPORT_RESERVED &&
pw->pw_uid != 0)
#endif
) {
success = 0;

30
session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.245 2009/01/22 09:46:01 djm Exp $ */
/* $OpenBSD: session.c,v 1.246 2009/04/17 19:23:06 stevesk Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -571,8 +571,7 @@ do_exec_no_pty(Session *s, const char *command)
signal(WJSIGNAL, cray_job_termination_handler);
#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
s->pid = pid;
@ -716,8 +715,8 @@ do_exec_pty(Session *s, const char *command)
* Do common processing for the child, such as execing
* the command.
*/
do_child(s, command);
/* NOTREACHED */
do_child(s, command);
/* NOTREACHED */
default:
break;
}
@ -726,8 +725,7 @@ do_exec_pty(Session *s, const char *command)
signal(WJSIGNAL, cray_job_termination_handler);
#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
s->pid = pid;
@ -847,7 +845,7 @@ do_login(Session *s, const char *command)
fromlen = sizeof(from);
if (packet_connection_is_on_socket()) {
if (getpeername(packet_get_connection_in(),
(struct sockaddr *) & from, &fromlen) < 0) {
(struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername: %.100s", strerror(errno));
cleanup_exit(255);
}
@ -1116,7 +1114,7 @@ do_setup_env(Session *s, const char *shell)
u_int i, envsize;
char **env, *laddr;
struct passwd *pw = s->pw;
#ifndef HAVE_LOGIN_CAP
#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
char *path = NULL;
#endif
@ -1468,11 +1466,6 @@ do_setusercontext(struct passwd *pw)
if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
{
#ifdef HAVE_SETPCRED
if (setpcred(pw->pw_name, (char **)NULL) == -1)
fatal("Failed to set process credentials");
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
# ifdef __bsdi__
setpgid(0, 0);
@ -1540,6 +1533,10 @@ do_setusercontext(struct passwd *pw)
free(chroot_path);
}
#ifdef HAVE_SETPCRED
if (setpcred(pw->pw_name, (char **)NULL) == -1)
fatal("Failed to set process credentials");
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
perror("unable to set user context (setuser)");
@ -1551,9 +1548,6 @@ do_setusercontext(struct passwd *pw)
#endif
}
#ifdef HAVE_CYGWIN
if (is_winnt)
#endif
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
@ -1794,7 +1788,7 @@ do_child(Session *s, const char *command)
int i;
char *p, *args;
setproctitle("%s@internal-sftp-server", s->pw->pw_name);
setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);
args = xstrdup(command ? command : "sftp-server");
for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
if (i < ARGV_MAX - 1)

2
sftp-client.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.c,v 1.86 2008/06/26 06:10:09 djm Exp $ */
/* $OpenBSD: sftp-client.c,v 1.87 2009/06/22 05:39:28 dtucker Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*

4
sftp-server.0
View File

@ -32,7 +32,7 @@ DESCRIPTION
debugging output. The default is ERROR.
For logging to work, sftp-server must be able to access /dev/log. Use of
sftp-server in a chroot configuation therefore requires that syslogd(8)
sftp-server in a chroot configuration therefore requires that syslogd(8)
establish a logging socket inside the chroot directory.
SEE ALSO
@ -47,4 +47,4 @@ HISTORY
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 4.5 July 18, 2008 1
OpenBSD 4.6 March 26, 2009 1

6
sftp-server.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp-server.8,v 1.14 2008/07/18 22:51:01 jmc Exp $
.\" $OpenBSD: sftp-server.8,v 1.15 2009/03/26 08:38:39 sobrado Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 18 2008 $
.Dd $Mdocdate: March 26 2009 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
@ -79,7 +79,7 @@ must be able to access
.Pa /dev/log .
Use of
.Nm
in a chroot configuation therefore requires that
in a chroot configuration therefore requires that
.Xr syslogd 8
establish a logging socket inside the chroot directory.
.Sh SEE ALSO

6
sftp-server.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-server.c,v 1.84 2008/06/26 06:10:09 djm Exp $ */
/* $OpenBSD: sftp-server.c,v 1.85 2009/04/14 16:33:42 stevesk Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@ -1041,7 +1041,7 @@ process_rename(void)
else if (S_ISREG(sb.st_mode)) {
/* Race-free rename of regular files */
if (link(oldpath, newpath) == -1) {
if (errno == EOPNOTSUPP
if (errno == EOPNOTSUPP || errno == ENOSYS
#ifdef EXDEV
|| errno == EXDEV
#endif
@ -1341,7 +1341,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
__progname = ssh_get_progname(argv[0]);
log_init(__progname, log_level, log_facility, log_stderr);
while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
while (!skipargs && (ch = getopt(argc, argv, "f:l:che")) != -1) {
switch (ch) {
case 'c':
/*

2
sftp.0
View File

@ -271,4 +271,4 @@ SEE ALSO
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-00.txt, January 2001, work in progress material.
OpenBSD 4.5 December 9, 2008 5
OpenBSD 4.6 December 9, 2008 5

2
ssh-add.0
View File

@ -103,4 +103,4 @@ AUTHORS
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.5 June 12, 2007 2
OpenBSD 4.6 June 12, 2007 2

4
ssh-agent.0
View File

@ -63,7 +63,7 @@ DESCRIPTION
agent starts a new subcommand into which some environment variables are
exported, eg ssh-agent xterm &. The second is that the agent prints the
needed shell commands (either sh(1) or csh(1) syntax can be generated)
which can be evalled in the calling shell, eg eval `ssh-agent -s` for
which can be evaluated in the calling shell, eg eval `ssh-agent -s` for
Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for
csh(1) and derivatives.
@ -114,4 +114,4 @@ AUTHORS
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.5 June 5, 2007 2
OpenBSD 4.6 March 26, 2009 2

6
ssh-agent.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.46 2007/09/09 11:38:01 sobrado Exp $
.\" $OpenBSD: ssh-agent.1,v 1.47 2009/03/26 08:38:39 sobrado Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 5 2007 $
.Dd $Mdocdate: March 26 2009 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
@ -141,7 +141,7 @@ The second is that the agent prints the needed shell commands (either
.Xr sh 1
or
.Xr csh 1
syntax can be generated) which can be evalled in the calling shell, eg
syntax can be generated) which can be evaluated in the calling shell, eg
.Cm eval `ssh-agent -s`
for Bourne-type shells such as
.Xr sh 1

7
ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */
/* $OpenBSD: ssh-agent.c,v 1.161 2009/03/23 19:38:04 tobias Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1061,6 +1061,7 @@ main(int ac, char **av)
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
struct timeval *tvp = NULL;
size_t len;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
@ -1121,8 +1122,8 @@ main(int ac, char **av)
if (ac == 0 && !c_flag && !s_flag) {
shell = getenv("SHELL");
if (shell != NULL &&
strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
if (shell != NULL && (len = strlen(shell)) > 2 &&
strncmp(shell + len - 3, "csh", 3) == 0)
c_flag = 1;
}
if (k_flag) {

2
ssh-keygen.0
View File

@ -286,4 +286,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.5 July 24, 2008 5
OpenBSD 4.6 July 24, 2008 5

2
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.173 2009/02/21 19:32:04 tobias Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.174 2009/06/22 05:39:28 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

2
ssh-keyscan.0
View File

@ -104,4 +104,4 @@ BUGS
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
OpenBSD 4.5 December 29, 2008 2
OpenBSD 4.6 December 29, 2008 2

2
ssh-keysign.0
View File

@ -39,4 +39,4 @@ HISTORY
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 4.5 May 31, 2007 1
OpenBSD 4.6 May 31, 2007 1

2
ssh-rand-helper.0
View File

@ -48,4 +48,4 @@ AUTHORS
SEE ALSO
ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
OpenBSD 4.5 April 14, 2002 1
OpenBSD 4.6 April 14, 2002 1

12
ssh.0
View File

@ -78,14 +78,8 @@ DESCRIPTION
graphic weaknesses. The default is ``3des''.
For protocol version 2, cipher_spec is a comma-separated list of
ciphers listed in order of preference. The supported ciphers
are: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr,
aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour, blow-
fish-cbc, and cast128-cbc. The default is:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
aes192-ctr,aes256-ctr
ciphers listed in order of preference. See the Ciphers keyword
for more information.
-D [bind_address:]port
Specifies a local ``dynamic'' application-level port forwarding.
@ -870,4 +864,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.5 February 12, 2009 14
OpenBSD 4.6 March 19, 2009 14

27
ssh.1
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.282 2009/02/12 03:44:25 djm Exp $
.Dd $Mdocdate: February 12 2009 $
.\" $OpenBSD: ssh.1,v 1.283 2009/03/19 15:15:09 jmc Exp $
.Dd $Mdocdate: March 19 2009 $
.Dt SSH 1
.Os
.Sh NAME
@ -191,26 +191,9 @@ For protocol version 2,
.Ar cipher_spec
is a comma-separated list of ciphers
listed in order of preference.
The supported ciphers are:
3des-cbc,
aes128-cbc,
aes192-cbc,
aes256-cbc,
aes128-ctr,
aes192-ctr,
aes256-ctr,
arcfour128,
arcfour256,
arcfour,
blowfish-cbc,
and
cast128-cbc.
The default is:
.Bd -literal -offset indent
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
aes192-ctr,aes256-ctr
.Ed
See the
.Cm Ciphers
keyword for more information.
.It Fl D Xo
.Sm off
.Oo Ar bind_address : Oc

21
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.324 2009/02/12 03:00:56 djm Exp $ */
/* $OpenBSD: ssh.c,v 1.326 2009/07/02 02:11:47 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -48,6 +48,7 @@
#endif
#include <sys/resource.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <ctype.h>
@ -203,8 +204,8 @@ void muxserver_listen(void);
int
main(int ac, char **av)
{
int i, opt, exit_status, use_syslog;
char *p, *cp, *line, buf[256];
int i, r, opt, exit_status, use_syslog;
char *p, *cp, *line, *argv0, buf[MAXPATHLEN];
struct stat st;
struct passwd *pw;
int dummy, timeout_ms;
@ -270,6 +271,7 @@ main(int ac, char **av)
/* Parse command-line arguments. */
host = NULL;
use_syslog = 0;
argv0 = av[0];
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
@ -600,7 +602,7 @@ main(int ac, char **av)
* Initialize "log" output. Since we are the client all output
* actually goes to stderr.
*/
log_init(av[0],
log_init(argv0,
options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
SYSLOG_FACILITY_USER, !use_syslog);
@ -613,9 +615,10 @@ main(int ac, char **av)
fatal("Can't open user config file %.100s: "
"%.100s", config, strerror(errno));
} else {
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
(void)read_config_file(buf, host, &options, 1);
if (r > 0 && (size_t)r < sizeof(buf))
(void)read_config_file(buf, host, &options, 1);
/* Read systemwide configuration file after use config. */
(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
@ -628,7 +631,7 @@ main(int ac, char **av)
channel_set_af(options.address_family);
/* reinit */
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
seed_rng();
@ -766,9 +769,9 @@ main(int ac, char **av)
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn't already exist.
*/
snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (stat(buf, &st) < 0)
if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);

2
ssh_config.0
View File

@ -667,4 +667,4 @@ AUTHORS
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 4.5 February 22, 2009 11
OpenBSD 4.6 February 22, 2009 11

10
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.212 2008/10/14 18:11:33 stevesk Exp $ */
/* $OpenBSD: sshconnect.c,v 1.214 2009/05/28 16:50:16 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -56,6 +56,7 @@
#include "atomicio.h"
#include "misc.h"
#include "dns.h"
#include "roaming.h"
#include "version.h"
char *client_version_string = NULL;
@ -413,7 +414,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
* Waits for the server identification string, and sends our own
* identification string.
*/
static void
void
ssh_exchange_identification(int timeout_ms)
{
char buf[256], remote_version[256]; /* must be same size! */
@ -452,7 +453,7 @@ ssh_exchange_identification(int timeout_ms)
}
}
len = atomicio(read, connection_in, &buf[i], 1);
len = roaming_atomicio(read, connection_in, &buf[i], 1);
if (len != 1 && errno == EPIPE)
fatal("ssh_exchange_identification: "
@ -537,7 +538,8 @@ ssh_exchange_identification(int timeout_ms)
compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
compat20 ? PROTOCOL_MINOR_2 : minor1,
SSH_VERSION, compat20 ? "\r\n" : "\n");
if (atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf))
if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
!= strlen(buf))
fatal("write: %.100s", strerror(errno));
client_version_string = xstrdup(buf);
chop(client_version_string);

4
sshconnect.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.h,v 1.24 2007/09/04 11:15:56 djm Exp $ */
/* $OpenBSD: sshconnect.h,v 1.25 2009/05/27 06:38:16 andreas Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -38,6 +38,8 @@ ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int,
void
ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *, int);
void ssh_exchange_identification(int);
int verify_host_key(char *, struct sockaddr *, Key *);
void ssh_kex(char *, struct sockaddr *);

3
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.170 2008/11/04 08:22:13 djm Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.171 2009/03/05 07:18:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -68,6 +68,7 @@
#include "msg.h"
#include "pathnames.h"
#include "uidswap.h"
#include "schnorr.h"
#include "jpake.h"
#ifdef GSSAPI

4
sshd.0
View File

@ -311,7 +311,7 @@ AUTHORIZED_KEYS FILE FORMAT
ssh_config(5) for more information on patterns.
In addition to the wildcard matching that may be applied to host-
names or addresses, a from stanza may match IP addressess using
names or addresses, a from stanza may match IP addresses using
CIDR address/masklen notation.
The purpose of this option is to optionally increase security:
@ -571,4 +571,4 @@ CAVEATS
System security is not improved unless rshd, rlogind, and rexecd are dis-
abled (thus completely disabling rlogin and rsh into the machine).
OpenBSD 4.5 October 3, 2008 9
OpenBSD 4.6 March 26, 2009 9

6
sshd.8
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.247 2008/10/03 13:08:12 jmc Exp $
.Dd $Mdocdate: October 3 2008 $
.\" $OpenBSD: sshd.8,v 1.248 2009/03/26 08:38:39 sobrado Exp $
.Dd $Mdocdate: March 26 2009 $
.Dt SSHD 8
.Os
.Sh NAME
@ -543,7 +543,7 @@ for more information on patterns.
In addition to the wildcard matching that may be applied to hostnames or
addresses, a
.Cm from
stanza may match IP addressess using CIDR address/masklen notation.
stanza may match IP addresses using CIDR address/masklen notation.
.Pp
The purpose of this option is to optionally increase security: public key
authentication by itself does not trust the network or name servers or

9
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.366 2009/01/22 10:02:34 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.367 2009/05/28 16:50:16 andreas Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -117,6 +117,7 @@
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "roaming.h"
#include "version.h"
#ifdef LIBWRAP
@ -419,7 +420,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
server_version_string = xstrdup(buf);
/* Send our protocol version identification. */
if (atomicio(vwrite, sock_out, server_version_string,
if (roaming_atomicio(vwrite, sock_out, server_version_string,
strlen(server_version_string))
!= strlen(server_version_string)) {
logit("Could not write ident string to %s", get_remote_ipaddr());
@ -429,7 +430,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
/* Read other sides version identification. */
memset(buf, 0, sizeof(buf));
for (i = 0; i < sizeof(buf) - 1; i++) {
if (atomicio(read, sock_in, &buf[i], 1) != 1) {
if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
logit("Did not receive identification string from %s",
get_remote_ipaddr());
cleanup_exit(255);
@ -577,7 +578,7 @@ demote_sensitive_data(void)
static void
privsep_preauth_child(void)
{
u_int32_t rnd[256];
u_int32_t rnd[256];
gid_t gidset[1];
/* Enable challenge-response authentication for privilege separation */

19
sshd_config.0
View File

@ -88,14 +88,16 @@ DESCRIPTION
protocol version 2. By default, no banner is displayed.
ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed.
All authentication styles from login.conf(5) are supported. The
default is ``yes''.
Specifies whether challenge-response authentication is allowed
(e.g. via PAM or though authentication styles supported in
login.conf(5)) The default is ``yes''.
ChrootDirectory
Specifies a path to chroot(2) to after authentication. This
path, and all its components, must be root-owned directories that
are not writable by any other user or group.
are not writable by any other user or group. After the chroot,
sshd(8) changes the working directory to the user's home directo-
ry.
The path may contain the following tokens that are expanded at
runtime once the connecting user has been authenticated: %% is
@ -104,13 +106,14 @@ DESCRIPTION
name of that user.
The ChrootDirectory must contain the necessary files and directo-
ries to support the users' session. For an interactive session
ries to support the user's session. For an interactive session
this requires at least a shell, typically sh(1), and basic /dev
nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
arandom(4) and tty(4) devices. For file transfer sessions using
``sftp'', no additional configuration of the environment is nec-
essary if the in-process sftp server is used (see Subsystem for
details).
essary if the in-process sftp server is used, though sessions
which use logging do require /dev/log inside the chroot directory
(see sftp-server(8) for details).
The default is not to chroot(2).
@ -628,4 +631,4 @@ AUTHORS
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
OpenBSD 4.5 February 22, 2009 10
OpenBSD 4.6 April 21, 2009 10

23
sshd_config.5
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $
.Dd $Mdocdate: February 22 2009 $
.\" $OpenBSD: sshd_config.5,v 1.106 2009/04/21 15:13:17 stevesk Exp $
.Dd $Mdocdate: April 21 2009 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -176,10 +176,9 @@ then no banner is displayed.
This option is only available for protocol version 2.
By default, no banner is displayed.
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed.
All authentication styles from
.Xr login.conf 5
are supported.
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
.Xr login.conf 5 )
The default is
.Dq yes .
.It Cm ChrootDirectory
@ -188,6 +187,9 @@ Specifies a path to
to after authentication.
This path, and all its components, must be root-owned directories that are
not writable by any other user or group.
After the chroot,
.Xr sshd 8
changes the working directory to the user's home directory.
.Pp
The path may contain the following tokens that are expanded at runtime once
the connecting user has been authenticated: %% is replaced by a literal '%',
@ -197,7 +199,7 @@ the connecting user has been authenticated: %% is replaced by a literal '%',
The
.Cm ChrootDirectory
must contain the necessary files and directories to support the
users' session.
user's session.
For an interactive session this requires at least a shell, typically
.Xr sh 1 ,
and basic
@ -215,8 +217,11 @@ devices.
For file transfer sessions using
.Dq sftp ,
no additional configuration of the environment is necessary if the
in-process sftp server is used (see
.Cm Subsystem
in-process sftp server is used,
though sessions which use logging do require
.Pa /dev/log
inside the chroot directory (see
.Xr sftp-server 8
for details).
.Pp
The default is not to

10
sshlogin.c
View File

@ -86,13 +86,20 @@ get_last_login_time(uid_t uid, const char *logname,
static void
store_lastlog_message(const char *user, uid_t uid)
{
#ifndef NO_SSH_LASTLOG
char *time_string, hostname[MAXHOSTNAMELEN] = "", buf[512];
time_t last_login_time;
#ifndef NO_SSH_LASTLOG
if (!options.print_lastlog)
return;
# ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
time_string = sys_auth_get_lastlogin_msg(user, uid);
if (time_string != NULL) {
buffer_append(&loginmsg, time_string, strlen(time_string));
xfree(time_string);
}
# else
last_login_time = get_last_login_time(uid, user, hostname,
sizeof(hostname));
@ -107,6 +114,7 @@ store_lastlog_message(const char *user, uid_t uid)
time_string, hostname);
buffer_append(&loginmsg, buf, strlen(buf));
}
# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
#endif /* NO_SSH_LASTLOG */
}

13
uuencode.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uuencode.c,v 1.24 2006/08/03 03:34:42 deraadt Exp $ */
/* $OpenBSD: uuencode.c,v 1.25 2009/03/05 11:30:50 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -33,6 +33,12 @@
#include "xmalloc.h"
#include "uuencode.h"
/*
* Encode binary 'src' of length 'srclength', writing base64-encoded text
* to 'target' of size 'targsize'. Will always nul-terminate 'target'.
* Returns the number of bytes stored in 'target' or -1 on error (inc.
* 'targsize' too small).
*/
int
uuencode(const u_char *src, u_int srclength,
char *target, size_t targsize)
@ -40,6 +46,11 @@ uuencode(const u_char *src, u_int srclength,
return __b64_ntop(src, srclength, target, targsize);
}
/*
* Decode base64-encoded 'src' into buffer 'target' of 'targsize' bytes.
* Will skip leading and trailing whitespace. Returns the number of bytes
* stored in 'target' or -1 on error (inc. targsize too small).
*/
int
uudecode(const char *src, u_char *target, size_t targsize)
{

4
version.h
View File

@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.55 2009/02/23 00:06:15 djm Exp $ */
/* $OpenBSD: version.h,v 1.56 2009/06/30 14:54:40 markus Exp $ */
#define SSH_VERSION "OpenSSH_5.2"
#define SSH_VERSION "OpenSSH_5.3"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE