From ee85abc4170216bcc479236cf33e956766cf9eb4 Mon Sep 17 00:00:00 2001 From: christos Date: Sun, 25 Dec 2016 00:07:46 +0000 Subject: [PATCH] merge conflicts --- crypto/external/bsd/openssh/bin/sshd/Makefile | 18 +- crypto/external/bsd/openssh/dist/LICENCE | 2 +- crypto/external/bsd/openssh/dist/OVERVIEW | 2 +- crypto/external/bsd/openssh/dist/PROTOCOL | 2 +- .../external/bsd/openssh/dist/PROTOCOL.agent | 2 +- .../bsd/openssh/dist/PROTOCOL.certkeys | 2 +- crypto/external/bsd/openssh/dist/PROTOCOL.mux | 2 +- crypto/external/bsd/openssh/dist/README | 2 +- crypto/external/bsd/openssh/dist/addrmatch.c | 10 +- crypto/external/bsd/openssh/dist/atomicio.c | 11 +- crypto/external/bsd/openssh/dist/atomicio.h | 2 +- .../external/bsd/openssh/dist/auth-bsdauth.c | 4 +- crypto/external/bsd/openssh/dist/auth-chall.c | 103 --- crypto/external/bsd/openssh/dist/auth-krb5.c | 4 +- .../external/bsd/openssh/dist/auth-options.c | 32 +- .../external/bsd/openssh/dist/auth-options.h | 6 +- crypto/external/bsd/openssh/dist/auth-pam.c | 2 +- crypto/external/bsd/openssh/dist/auth-pam.h | 2 +- .../external/bsd/openssh/dist/auth-passwd.c | 19 +- .../external/bsd/openssh/dist/auth-rh-rsa.c | 106 --- .../external/bsd/openssh/dist/auth-rhosts.c | 28 +- crypto/external/bsd/openssh/dist/auth-rsa.c | 431 ---------- crypto/external/bsd/openssh/dist/auth-skey.c | 4 +- crypto/external/bsd/openssh/dist/auth.c | 38 +- crypto/external/bsd/openssh/dist/auth.h | 21 +- crypto/external/bsd/openssh/dist/auth1.c | 474 ----------- .../external/bsd/openssh/dist/auth2-chall.c | 4 +- crypto/external/bsd/openssh/dist/auth2-gss.c | 4 +- .../bsd/openssh/dist/auth2-hostbased.c | 4 +- .../external/bsd/openssh/dist/auth2-kbdint.c | 4 +- crypto/external/bsd/openssh/dist/auth2-krb5.c | 4 +- crypto/external/bsd/openssh/dist/auth2-none.c | 4 +- .../external/bsd/openssh/dist/auth2-passwd.c | 4 +- .../external/bsd/openssh/dist/auth2-pubkey.c | 67 +- crypto/external/bsd/openssh/dist/auth2.c | 4 +- crypto/external/bsd/openssh/dist/authfd.c | 4 +- crypto/external/bsd/openssh/dist/authfd.h | 2 +- crypto/external/bsd/openssh/dist/authfile.c | 21 +- crypto/external/bsd/openssh/dist/authfile.h | 2 +- .../external/bsd/openssh/dist/bcrypt_pbkdf.c | 2 +- crypto/external/bsd/openssh/dist/bitmap.c | 4 +- crypto/external/bsd/openssh/dist/bitmap.h | 2 +- crypto/external/bsd/openssh/dist/blocks.c | 2 +- crypto/external/bsd/openssh/dist/blowfish.c | 2 +- crypto/external/bsd/openssh/dist/bufaux.c | 4 +- crypto/external/bsd/openssh/dist/bufbn.c | 4 +- crypto/external/bsd/openssh/dist/bufec.c | 4 +- crypto/external/bsd/openssh/dist/buffer.c | 4 +- crypto/external/bsd/openssh/dist/buffer.h | 2 +- crypto/external/bsd/openssh/dist/canohost.c | 4 +- crypto/external/bsd/openssh/dist/canohost.h | 2 +- crypto/external/bsd/openssh/dist/chacha.c | 2 +- crypto/external/bsd/openssh/dist/channels.c | 475 +++++++++-- crypto/external/bsd/openssh/dist/channels.h | 15 +- .../external/bsd/openssh/dist/cipher-3des1.c | 4 +- crypto/external/bsd/openssh/dist/cipher-bf1.c | 4 +- .../bsd/openssh/dist/cipher-chachapoly.c | 8 +- .../external/bsd/openssh/dist/cipher-ctr-mt.c | 2 +- crypto/external/bsd/openssh/dist/cipher.c | 169 ++-- crypto/external/bsd/openssh/dist/cipher.h | 25 +- crypto/external/bsd/openssh/dist/cleanup.c | 2 +- crypto/external/bsd/openssh/dist/clientloop.c | 78 +- crypto/external/bsd/openssh/dist/clientloop.h | 7 +- crypto/external/bsd/openssh/dist/compat.c | 4 +- crypto/external/bsd/openssh/dist/compat.h | 2 +- crypto/external/bsd/openssh/dist/crc32.c | 4 +- crypto/external/bsd/openssh/dist/crc32.h | 2 +- crypto/external/bsd/openssh/dist/deattack.c | 4 +- crypto/external/bsd/openssh/dist/deattack.h | 2 +- crypto/external/bsd/openssh/dist/dh.c | 14 +- crypto/external/bsd/openssh/dist/dh.h | 2 +- .../external/bsd/openssh/dist/digest-libc.c | 2 +- .../bsd/openssh/dist/digest-openssl.c | 2 +- crypto/external/bsd/openssh/dist/dispatch.c | 4 +- crypto/external/bsd/openssh/dist/dispatch.h | 2 +- crypto/external/bsd/openssh/dist/dns.c | 4 +- crypto/external/bsd/openssh/dist/dns.h | 2 +- crypto/external/bsd/openssh/dist/ed25519.c | 2 +- crypto/external/bsd/openssh/dist/fatal.c | 4 +- crypto/external/bsd/openssh/dist/fe25519.c | 2 +- crypto/external/bsd/openssh/dist/fmt_scaled.c | 2 +- crypto/external/bsd/openssh/dist/fmt_scaled.h | 2 +- crypto/external/bsd/openssh/dist/ge25519.c | 2 +- crypto/external/bsd/openssh/dist/getpeereid.c | 4 +- crypto/external/bsd/openssh/dist/getpeereid.h | 2 +- .../bsd/openssh/dist/getrrsetbyname.c | 4 +- .../bsd/openssh/dist/getrrsetbyname.h | 2 +- .../external/bsd/openssh/dist/groupaccess.c | 4 +- .../external/bsd/openssh/dist/groupaccess.h | 2 +- crypto/external/bsd/openssh/dist/gss-genr.c | 5 +- .../external/bsd/openssh/dist/gss-serv-krb5.c | 4 +- crypto/external/bsd/openssh/dist/gss-serv.c | 4 +- crypto/external/bsd/openssh/dist/hash.c | 2 +- crypto/external/bsd/openssh/dist/hmac.c | 2 +- crypto/external/bsd/openssh/dist/hostfile.c | 12 +- crypto/external/bsd/openssh/dist/hostfile.h | 2 +- crypto/external/bsd/openssh/dist/includes.h | 2 +- crypto/external/bsd/openssh/dist/kex.c | 50 +- crypto/external/bsd/openssh/dist/kex.h | 27 +- crypto/external/bsd/openssh/dist/kexc25519.c | 2 +- crypto/external/bsd/openssh/dist/kexc25519c.c | 2 +- crypto/external/bsd/openssh/dist/kexc25519s.c | 4 +- crypto/external/bsd/openssh/dist/kexdh.c | 4 +- crypto/external/bsd/openssh/dist/kexdhc.c | 4 +- crypto/external/bsd/openssh/dist/kexdhs.c | 4 +- crypto/external/bsd/openssh/dist/kexecdh.c | 4 +- crypto/external/bsd/openssh/dist/kexecdhc.c | 4 +- crypto/external/bsd/openssh/dist/kexecdhs.c | 4 +- crypto/external/bsd/openssh/dist/kexgex.c | 4 +- crypto/external/bsd/openssh/dist/kexgexc.c | 10 +- crypto/external/bsd/openssh/dist/kexgexs.c | 18 +- crypto/external/bsd/openssh/dist/key.c | 4 +- crypto/external/bsd/openssh/dist/key.h | 5 +- crypto/external/bsd/openssh/dist/krl.c | 18 +- crypto/external/bsd/openssh/dist/ldapauth.c | 6 +- crypto/external/bsd/openssh/dist/ldapauth.h | 4 +- crypto/external/bsd/openssh/dist/log.c | 4 +- crypto/external/bsd/openssh/dist/log.h | 2 +- crypto/external/bsd/openssh/dist/mac.c | 4 +- crypto/external/bsd/openssh/dist/mac.h | 2 +- crypto/external/bsd/openssh/dist/match.c | 26 +- crypto/external/bsd/openssh/dist/match.h | 2 +- crypto/external/bsd/openssh/dist/md-sha256.c | 4 +- crypto/external/bsd/openssh/dist/misc.c | 33 +- crypto/external/bsd/openssh/dist/misc.h | 12 +- crypto/external/bsd/openssh/dist/moduli | 2 +- crypto/external/bsd/openssh/dist/moduli.5 | 2 +- crypto/external/bsd/openssh/dist/moduli.c | 10 +- crypto/external/bsd/openssh/dist/monitor.c | 444 +--------- crypto/external/bsd/openssh/dist/monitor.h | 8 +- .../bsd/openssh/dist/monitor_fdpass.c | 4 +- .../bsd/openssh/dist/monitor_fdpass.h | 2 +- crypto/external/bsd/openssh/dist/monitor_mm.c | 350 -------- crypto/external/bsd/openssh/dist/monitor_mm.h | 63 -- .../external/bsd/openssh/dist/monitor_wrap.c | 194 +---- .../external/bsd/openssh/dist/monitor_wrap.h | 22 +- crypto/external/bsd/openssh/dist/msg.c | 4 +- crypto/external/bsd/openssh/dist/msg.h | 2 +- crypto/external/bsd/openssh/dist/mux.c | 83 +- crypto/external/bsd/openssh/dist/myproposal.h | 10 +- crypto/external/bsd/openssh/dist/namespace.h | 2 +- crypto/external/bsd/openssh/dist/nchan.c | 4 +- crypto/external/bsd/openssh/dist/nchan.ms | 2 +- crypto/external/bsd/openssh/dist/nchan2.ms | 2 +- crypto/external/bsd/openssh/dist/opacket.c | 4 +- crypto/external/bsd/openssh/dist/opacket.h | 9 +- crypto/external/bsd/openssh/dist/packet.c | 333 ++++---- crypto/external/bsd/openssh/dist/packet.h | 18 +- crypto/external/bsd/openssh/dist/pathnames.h | 2 +- crypto/external/bsd/openssh/dist/pkcs11.h | 2 +- crypto/external/bsd/openssh/dist/poly1305.c | 2 +- .../external/bsd/openssh/dist/progressmeter.c | 4 +- .../external/bsd/openssh/dist/progressmeter.h | 2 +- crypto/external/bsd/openssh/dist/random.h | 2 +- crypto/external/bsd/openssh/dist/readconf.c | 10 +- crypto/external/bsd/openssh/dist/readconf.h | 2 +- crypto/external/bsd/openssh/dist/readpass.c | 4 +- .../bsd/openssh/dist/readpassphrase.3 | 2 +- .../bsd/openssh/dist/readpassphrase.c | 2 +- .../bsd/openssh/dist/readpassphrase.h | 2 +- crypto/external/bsd/openssh/dist/rsa.c | 4 +- crypto/external/bsd/openssh/dist/rsa.h | 2 +- .../bsd/openssh/dist/sandbox-rlimit.c | 5 +- crypto/external/bsd/openssh/dist/sc25519.c | 2 +- crypto/external/bsd/openssh/dist/scp.1 | 2 +- crypto/external/bsd/openssh/dist/scp.c | 12 +- crypto/external/bsd/openssh/dist/servconf.c | 183 ++-- crypto/external/bsd/openssh/dist/servconf.h | 12 +- crypto/external/bsd/openssh/dist/serverloop.c | 597 +------------ crypto/external/bsd/openssh/dist/serverloop.h | 5 +- crypto/external/bsd/openssh/dist/session.c | 452 ++-------- crypto/external/bsd/openssh/dist/session.h | 5 +- .../external/bsd/openssh/dist/sftp-client.c | 12 +- .../external/bsd/openssh/dist/sftp-client.h | 2 +- .../external/bsd/openssh/dist/sftp-common.c | 13 +- .../external/bsd/openssh/dist/sftp-common.h | 2 +- crypto/external/bsd/openssh/dist/sftp-glob.c | 4 +- .../bsd/openssh/dist/sftp-server-main.c | 4 +- .../external/bsd/openssh/dist/sftp-server.8 | 2 +- .../external/bsd/openssh/dist/sftp-server.c | 9 +- crypto/external/bsd/openssh/dist/sftp.1 | 2 +- crypto/external/bsd/openssh/dist/sftp.c | 39 +- crypto/external/bsd/openssh/dist/sftp.h | 2 +- .../bsd/openssh/dist/smult_curve25519_ref.c | 2 +- crypto/external/bsd/openssh/dist/ssh-add.1 | 2 +- crypto/external/bsd/openssh/dist/ssh-add.c | 4 +- crypto/external/bsd/openssh/dist/ssh-agent.1 | 39 +- crypto/external/bsd/openssh/dist/ssh-agent.c | 55 +- crypto/external/bsd/openssh/dist/ssh-dss.c | 4 +- crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 4 +- .../external/bsd/openssh/dist/ssh-ed25519.c | 2 +- crypto/external/bsd/openssh/dist/ssh-gss.h | 2 +- crypto/external/bsd/openssh/dist/ssh-keygen.1 | 2 +- crypto/external/bsd/openssh/dist/ssh-keygen.c | 14 +- .../external/bsd/openssh/dist/ssh-keyscan.1 | 2 +- .../external/bsd/openssh/dist/ssh-keyscan.c | 4 +- .../external/bsd/openssh/dist/ssh-keysign.8 | 2 +- .../external/bsd/openssh/dist/ssh-keysign.c | 4 +- .../bsd/openssh/dist/ssh-pkcs11-client.c | 4 +- .../bsd/openssh/dist/ssh-pkcs11-helper.8 | 2 +- .../bsd/openssh/dist/ssh-pkcs11-helper.c | 4 +- crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 45 +- crypto/external/bsd/openssh/dist/ssh-pkcs11.h | 2 +- crypto/external/bsd/openssh/dist/ssh-rsa.c | 13 +- crypto/external/bsd/openssh/dist/ssh.1 | 2 +- crypto/external/bsd/openssh/dist/ssh.c | 41 +- crypto/external/bsd/openssh/dist/ssh.h | 2 +- crypto/external/bsd/openssh/dist/ssh1.h | 2 +- crypto/external/bsd/openssh/dist/ssh2.h | 2 +- crypto/external/bsd/openssh/dist/ssh_api.c | 4 +- crypto/external/bsd/openssh/dist/ssh_api.h | 2 +- crypto/external/bsd/openssh/dist/ssh_config | 2 +- crypto/external/bsd/openssh/dist/ssh_config.5 | 784 ++++++++---------- .../bsd/openssh/dist/sshbuf-getput-basic.c | 2 +- .../bsd/openssh/dist/sshbuf-getput-crypto.c | 2 +- .../external/bsd/openssh/dist/sshbuf-misc.c | 2 +- crypto/external/bsd/openssh/dist/sshbuf.c | 82 +- crypto/external/bsd/openssh/dist/sshbuf.h | 10 +- crypto/external/bsd/openssh/dist/sshconnect.c | 9 +- crypto/external/bsd/openssh/dist/sshconnect.h | 2 +- .../external/bsd/openssh/dist/sshconnect1.c | 14 +- .../external/bsd/openssh/dist/sshconnect2.c | 24 +- crypto/external/bsd/openssh/dist/sshd.8 | 127 +-- crypto/external/bsd/openssh/dist/sshd.c | 573 +------------ crypto/external/bsd/openssh/dist/sshd_config | 19 +- .../external/bsd/openssh/dist/sshd_config.5 | 750 ++++++++--------- crypto/external/bsd/openssh/dist/ssherr.c | 2 +- crypto/external/bsd/openssh/dist/sshkey.c | 73 +- crypto/external/bsd/openssh/dist/sshkey.h | 4 +- crypto/external/bsd/openssh/dist/sshlogin.c | 4 +- crypto/external/bsd/openssh/dist/sshlogin.h | 2 +- crypto/external/bsd/openssh/dist/sshpty.c | 19 +- crypto/external/bsd/openssh/dist/sshpty.h | 5 +- crypto/external/bsd/openssh/dist/sshtty.c | 4 +- crypto/external/bsd/openssh/dist/ttymodes.c | 4 +- crypto/external/bsd/openssh/dist/ttymodes.h | 2 +- crypto/external/bsd/openssh/dist/uidswap.c | 4 +- crypto/external/bsd/openssh/dist/uidswap.h | 2 +- crypto/external/bsd/openssh/dist/umac.c | 4 +- crypto/external/bsd/openssh/dist/umac.h | 2 +- crypto/external/bsd/openssh/dist/utf8.c | 4 +- crypto/external/bsd/openssh/dist/uuencode.c | 4 +- crypto/external/bsd/openssh/dist/uuencode.h | 2 +- crypto/external/bsd/openssh/dist/verify.c | 2 +- crypto/external/bsd/openssh/dist/version.h | 6 +- crypto/external/bsd/openssh/dist/xmalloc.c | 4 +- crypto/external/bsd/openssh/dist/xmalloc.h | 2 +- crypto/external/bsd/openssh/lib/shlib_version | 4 +- 248 files changed, 2726 insertions(+), 5750 deletions(-) delete mode 100644 crypto/external/bsd/openssh/dist/auth-chall.c delete mode 100644 crypto/external/bsd/openssh/dist/auth-rh-rsa.c delete mode 100644 crypto/external/bsd/openssh/dist/auth-rsa.c delete mode 100644 crypto/external/bsd/openssh/dist/auth1.c delete mode 100644 crypto/external/bsd/openssh/dist/monitor_mm.c delete mode 100644 crypto/external/bsd/openssh/dist/monitor_mm.h diff --git a/crypto/external/bsd/openssh/bin/sshd/Makefile b/crypto/external/bsd/openssh/bin/sshd/Makefile index d87ecd85d130..77096312fc40 100644 --- a/crypto/external/bsd/openssh/bin/sshd/Makefile +++ b/crypto/external/bsd/openssh/bin/sshd/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.13 2016/01/14 22:30:04 christos Exp $ +# $NetBSD: Makefile,v 1.14 2016/12/25 00:07:46 christos Exp $ .include @@ -7,18 +7,18 @@ MAN= sshd.8 sshd_config.5 moduli.5 BINDIR= /usr/sbin -SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ +SRCS= sshd.c auth-rhosts.c auth-passwd.c \ sshpty.c sshlogin.c servconf.c serverloop.c \ - auth.c auth1.c auth2.c auth-options.c session.c \ - auth-chall.c auth2-chall.c groupaccess.c \ - auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ + auth.c auth2.c auth-options.c session.c \ + auth-krb5.c auth2-chall.c groupaccess.c \ + auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ auth2-none.c auth2-passwd.c auth2-pubkey.c \ - monitor_mm.c monitor.c monitor_wrap.c \ + monitor.c monitor_wrap.c \ kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \ sandbox-rlimit.c pfilter.c -COPTS.auth-options.c= -Wno-pointer-sign -COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix +COPTS.auth-options.c+= -Wno-pointer-sign +COPTS.ldapauth.c+= -Wno-format-nonliteral # XXX: should fix .if (${USE_PAM} != "no") SRCS+= auth-pam.c @@ -47,7 +47,7 @@ DPADD+= ${LIBGSSAPI} ${LIBHEIMNTLM} LDADD+= -lkafs DPADD+= ${LIBKAFS} -SRCS+= auth-krb5.c auth2-krb5.c +SRCS+= auth2-krb5.c LDADD+= -lkrb5 -lasn1 DPADD+= ${LIBKRB5} ${LIBASN1} diff --git a/crypto/external/bsd/openssh/dist/LICENCE b/crypto/external/bsd/openssh/dist/LICENCE index c2b4bc1f0cd3..acc99bbb8c3c 100644 --- a/crypto/external/bsd/openssh/dist/LICENCE +++ b/crypto/external/bsd/openssh/dist/LICENCE @@ -204,4 +204,4 @@ OpenSSH contains no GPL code. ------ $OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ -$NetBSD: LICENCE,v 1.4 2015/04/03 23:58:19 christos Exp $ +$NetBSD: LICENCE,v 1.5 2016/12/25 00:07:46 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/OVERVIEW b/crypto/external/bsd/openssh/dist/OVERVIEW index 4d2bce523dd3..fe30f845fdd9 100644 --- a/crypto/external/bsd/openssh/dist/OVERVIEW +++ b/crypto/external/bsd/openssh/dist/OVERVIEW @@ -166,4 +166,4 @@ these programs. xmalloc.c "safe" malloc routines $OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $ -$NetBSD: OVERVIEW,v 1.5 2015/08/13 10:33:21 christos Exp $ +$NetBSD: OVERVIEW,v 1.6 2016/12/25 00:07:46 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL b/crypto/external/bsd/openssh/dist/PROTOCOL index 3f0615ddba68..c172a071c82c 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL +++ b/crypto/external/bsd/openssh/dist/PROTOCOL @@ -455,4 +455,4 @@ This extension is advertised in the SSH_FXP_VERSION hello with version "1". $OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $ -$NetBSD: PROTOCOL,v 1.8 2016/08/02 13:45:12 christos Exp $ +$NetBSD: PROTOCOL,v 1.9 2016/12/25 00:07:46 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL.agent b/crypto/external/bsd/openssh/dist/PROTOCOL.agent index a36238c7d739..651b431f7371 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL.agent +++ b/crypto/external/bsd/openssh/dist/PROTOCOL.agent @@ -580,4 +580,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys. SSH_AGENT_CONSTRAIN_CONFIRM 2 $OpenBSD: PROTOCOL.agent,v 1.11 2016/05/19 07:45:32 djm Exp $ -$NetBSD: PROTOCOL.agent,v 1.7 2016/08/02 13:45:12 christos Exp $ +$NetBSD: PROTOCOL.agent,v 1.8 2016/12/25 00:07:46 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys index 96785d2e9b19..20e5f1a7428d 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys +++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys @@ -285,4 +285,4 @@ permit-user-rc empty Flag indicating that execution of this option is not present. $OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $ -$NetBSD: PROTOCOL.certkeys,v 1.6 2016/08/02 13:45:12 christos Exp $ +$NetBSD: PROTOCOL.certkeys,v 1.7 2016/12/25 00:07:46 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/PROTOCOL.mux b/crypto/external/bsd/openssh/dist/PROTOCOL.mux index 67e61f7a9830..260aeaa31a61 100644 --- a/crypto/external/bsd/openssh/dist/PROTOCOL.mux +++ b/crypto/external/bsd/openssh/dist/PROTOCOL.mux @@ -226,4 +226,4 @@ XXX server->client error/warning notifications XXX send signals via mux $OpenBSD: PROTOCOL.mux,v 1.10 2015/07/17 03:04:27 djm Exp $ -$NetBSD: PROTOCOL.mux,v 1.8 2015/08/13 10:33:21 christos Exp $ +$NetBSD: PROTOCOL.mux,v 1.9 2016/12/25 00:07:46 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/README b/crypto/external/bsd/openssh/dist/README index 684400610dcb..080c1d02b212 100644 --- a/crypto/external/bsd/openssh/dist/README +++ b/crypto/external/bsd/openssh/dist/README @@ -25,4 +25,4 @@ for SSH protocol versions 1.5 and 2.0. See http://www.openssh.com/ for more information. $OpenBSD: README,v 1.7 2006/04/01 05:37:46 djm Exp $ -$NetBSD: README,v 1.4 2015/04/03 23:58:19 christos Exp $ +$NetBSD: README,v 1.5 2016/12/25 00:07:46 christos Exp $ diff --git a/crypto/external/bsd/openssh/dist/addrmatch.c b/crypto/external/bsd/openssh/dist/addrmatch.c index 5002b761547c..68b5539d01e3 100644 --- a/crypto/external/bsd/openssh/dist/addrmatch.c +++ b/crypto/external/bsd/openssh/dist/addrmatch.c @@ -1,5 +1,5 @@ -/* $NetBSD: addrmatch.c,v 1.9 2015/08/13 10:33:21 christos Exp $ */ -/* $OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */ +/* $NetBSD: addrmatch.c,v 1.10 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.13 2016/09/21 16:55:42 djm Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -18,7 +18,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: addrmatch.c,v 1.9 2015/08/13 10:33:21 christos Exp $"); +__RCSID("$NetBSD: addrmatch.c,v 1.10 2016/12/25 00:07:46 christos Exp $"); #include #include #include @@ -397,8 +397,8 @@ addr_match_list(const char *addr, const char *_list) /* Prefer CIDR address matching */ r = addr_pton_cidr(cp, &match_addr, &masklen); if (r == -2) { - error("Inconsistent mask length for " - "network \"%.100s\"", cp); + debug2("%s: inconsistent mask length for " + "match network \"%.100s\"", __func__, cp); ret = -2; break; } else if (r == 0) { diff --git a/crypto/external/bsd/openssh/dist/atomicio.c b/crypto/external/bsd/openssh/dist/atomicio.c index 070f5e218298..ab0130dce0da 100644 --- a/crypto/external/bsd/openssh/dist/atomicio.c +++ b/crypto/external/bsd/openssh/dist/atomicio.c @@ -1,5 +1,6 @@ -/* $NetBSD: atomicio.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: atomicio.c,v 1.27 2015/01/16 06:40:12 deraadt Exp $ */ +/* $NetBSD: atomicio.c,v 1.7 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ + /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -28,7 +29,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: atomicio.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: atomicio.c,v 1.7 2016/12/25 00:07:46 christos Exp $"); #include #include @@ -102,12 +103,12 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, struct iovec iov_array[IOV_MAX], *iov = iov_array; struct pollfd pfd; - if (iovcnt > IOV_MAX) { + if (iovcnt < 0 || iovcnt > IOV_MAX) { errno = EINVAL; return 0; } /* Make a copy of the iov array because we may modify it below */ - memcpy(iov, _iov, iovcnt * sizeof(*_iov)); + memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov)); pfd.fd = fd; pfd.events = f == readv ? POLLIN : POLLOUT; diff --git a/crypto/external/bsd/openssh/dist/atomicio.h b/crypto/external/bsd/openssh/dist/atomicio.h index 831a3519c48d..399671ddfa38 100644 --- a/crypto/external/bsd/openssh/dist/atomicio.h +++ b/crypto/external/bsd/openssh/dist/atomicio.h @@ -1,4 +1,4 @@ -/* $NetBSD: atomicio.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: atomicio.h,v 1.6 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/auth-bsdauth.c b/crypto/external/bsd/openssh/dist/auth-bsdauth.c index 5667e0b305a7..49fbcb6b6c84 100644 --- a/crypto/external/bsd/openssh/dist/auth-bsdauth.c +++ b/crypto/external/bsd/openssh/dist/auth-bsdauth.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bsdauth.c,v 1.5 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: auth-bsdauth.c,v 1.6 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-bsdauth.c,v 1.5 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: auth-bsdauth.c,v 1.6 2016/12/25 00:07:46 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/auth-chall.c b/crypto/external/bsd/openssh/dist/auth-chall.c deleted file mode 100644 index d4f3a91ff606..000000000000 --- a/crypto/external/bsd/openssh/dist/auth-chall.c +++ /dev/null @@ -1,103 +0,0 @@ -/* $NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: auth-chall.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */ -/* - * Copyright (c) 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -__RCSID("$NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); -#include -#include -#include -#include - -#include "xmalloc.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" -#include "log.h" -#ifdef USE_PAM -#include "misc.h" -#include "buffer.h" -#include "servconf.h" -extern ServerOptions options; -void remove_kbdint_device(const char *); -#endif - -/* limited protocol v1 interface to kbd-interactive authentication */ - -extern KbdintDevice *devices[]; -static KbdintDevice *device; - -char * -get_challenge(Authctxt *authctxt) -{ - char *challenge, *name, *info, **prompts; - u_int i, numprompts; - u_int *echo_on; - -#ifdef USE_PAM - if (!options.use_pam) - remove_kbdint_device("pam"); -#endif - - device = devices[0]; /* we always use the 1st device for protocol 1 */ - if (device == NULL) - return NULL; - if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) - return NULL; - if (device->query(authctxt->kbdintctxt, &name, &info, - &numprompts, &prompts, &echo_on)) { - device->free_ctx(authctxt->kbdintctxt); - authctxt->kbdintctxt = NULL; - return NULL; - } - if (numprompts < 1) - fatal("get_challenge: numprompts < 1"); - challenge = xstrdup(prompts[0]); - for (i = 0; i < numprompts; i++) - free(prompts[i]); - free(prompts); - free(name); - free(echo_on); - free(info); - - return (challenge); -} -int -verify_response(Authctxt *authctxt, const char *response) -{ - char *resp[1]; - int authenticated = 0; - - if (device == NULL) - return 0; - if (authctxt->kbdintctxt == NULL) - return 0; - resp[0] = __UNCONST(response); - if (device->respond(authctxt->kbdintctxt, 1, resp) == 0) - authenticated = 1; - device->free_ctx(authctxt->kbdintctxt); - authctxt->kbdintctxt = NULL; - return authenticated; -} diff --git a/crypto/external/bsd/openssh/dist/auth-krb5.c b/crypto/external/bsd/openssh/dist/auth-krb5.c index 80efcf91b748..f0c31113f604 100644 --- a/crypto/external/bsd/openssh/dist/auth-krb5.c +++ b/crypto/external/bsd/openssh/dist/auth-krb5.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth-krb5.c,v 1.9 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: auth-krb5.c,v 1.10 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */ /* @@ -31,7 +31,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-krb5.c,v 1.9 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth-krb5.c,v 1.10 2016/12/25 00:07:46 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/auth-options.c b/crypto/external/bsd/openssh/dist/auth-options.c index c0bac65919b7..5e237e2d8455 100644 --- a/crypto/external/bsd/openssh/dist/auth-options.c +++ b/crypto/external/bsd/openssh/dist/auth-options.c @@ -1,5 +1,6 @@ -/* $NetBSD: auth-options.c,v 1.13 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: auth-options.c,v 1.71 2016/03/07 19:02:43 djm Exp $ */ +/* $NetBSD: auth-options.c,v 1.14 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: auth-options.c,v 1.72 2016/11/30 02:57:40 djm Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -12,7 +13,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-options.c,v 1.13 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth-options.c,v 1.14 2016/12/25 00:07:46 christos Exp $"); #include #include @@ -603,7 +604,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, * options so this must be called after auth_parse_options(). */ int -auth_cert_options(struct sshkey *k, struct passwd *pw) +auth_cert_options(struct sshkey *k, struct passwd *pw, const char **reason) { int cert_no_port_forwarding_flag = 1; int cert_no_agent_forwarding_flag = 1; @@ -613,6 +614,8 @@ auth_cert_options(struct sshkey *k, struct passwd *pw) char *cert_forced_command = NULL; int cert_source_address_done = 0; + *reason = "invalid certificate options"; + /* Separate options and extensions for v01 certs */ if (parse_option_list(k->cert->critical, pw, OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, @@ -634,11 +637,24 @@ auth_cert_options(struct sshkey *k, struct passwd *pw) no_x11_forwarding_flag |= cert_no_x11_forwarding_flag; no_pty_flag |= cert_no_pty_flag; no_user_rc |= cert_no_user_rc; - /* CA-specified forced command supersedes key option */ - if (cert_forced_command != NULL) { - free(forced_command); + /* + * Only permit both CA and key option forced-command if they match. + * Otherwise refuse the certificate. + */ + if (cert_forced_command != NULL && forced_command != NULL) { + if (strcmp(forced_command, cert_forced_command) == 0) { + free(forced_command); + forced_command = cert_forced_command; + } else { + *reason = "certificate and key options forced command " + "do not match"; + free(cert_forced_command); + return -1; + } + } else if (cert_forced_command != NULL) forced_command = cert_forced_command; - } + /* success */ + *reason = NULL; return 0; } diff --git a/crypto/external/bsd/openssh/dist/auth-options.h b/crypto/external/bsd/openssh/dist/auth-options.h index aada04fb6e27..fd02ff7988f6 100644 --- a/crypto/external/bsd/openssh/dist/auth-options.h +++ b/crypto/external/bsd/openssh/dist/auth-options.h @@ -1,5 +1,5 @@ -/* $NetBSD: auth-options.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: auth-options.h,v 1.21 2015/01/14 10:30:34 markus Exp $ */ +/* $NetBSD: auth-options.h,v 1.7 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: auth-options.h,v 1.22 2016/11/30 02:57:40 djm Exp $ */ /* * Author: Tatu Ylonen @@ -36,6 +36,6 @@ extern char *authorized_principals; int auth_parse_options(struct passwd *, const char *, const char *, u_long); void auth_clear_options(void); -int auth_cert_options(struct sshkey *, struct passwd *); +int auth_cert_options(struct sshkey *, struct passwd *, const char **); #endif diff --git a/crypto/external/bsd/openssh/dist/auth-pam.c b/crypto/external/bsd/openssh/dist/auth-pam.c index 0e4736c56bf9..c081d63432c8 100644 --- a/crypto/external/bsd/openssh/dist/auth-pam.c +++ b/crypto/external/bsd/openssh/dist/auth-pam.c @@ -50,7 +50,7 @@ /* * NetBSD local changes */ -__RCSID("$NetBSD: auth-pam.c,v 1.9 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth-pam.c,v 1.10 2016/12/25 00:07:46 christos Exp $"); #undef USE_POSIX_THREADS /* Not yet */ #define HAVE_SECURITY_PAM_APPL_H #define HAVE_PAM_GETENVLIST diff --git a/crypto/external/bsd/openssh/dist/auth-pam.h b/crypto/external/bsd/openssh/dist/auth-pam.h index 0d7895ed5ac4..8299314d5caf 100644 --- a/crypto/external/bsd/openssh/dist/auth-pam.h +++ b/crypto/external/bsd/openssh/dist/auth-pam.h @@ -1,4 +1,4 @@ -/* $NetBSD: auth-pam.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth-pam.h,v 1.5 2016/12/25 00:07:46 christos Exp $ */ /* Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp */ /* diff --git a/crypto/external/bsd/openssh/dist/auth-passwd.c b/crypto/external/bsd/openssh/dist/auth-passwd.c index 34737ba35a9f..7b0d2e2922d4 100644 --- a/crypto/external/bsd/openssh/dist/auth-passwd.c +++ b/crypto/external/bsd/openssh/dist/auth-passwd.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth-passwd.c,v 1.5 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: auth-passwd.c,v 1.6 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth-passwd.c,v 1.45 2016/07/21 01:39:35 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -38,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-passwd.c,v 1.5 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth-passwd.c,v 1.6 2016/12/25 00:07:46 christos Exp $"); #include #include @@ -98,18 +98,19 @@ auth_password(Authctxt *authctxt, const char *password) ok = 0; if (*password == '\0' && options.permit_empty_passwd == 0) return 0; -#ifdef USE_PAM - if (options.use_pam) - return (sshpam_auth_passwd(authctxt, password) && ok); -#endif #ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); - if (ret == 1 || ret == 0) - return ret && ok; - /* Fall back to ordinary passwd authentication. */ + if (ret == 1 || ret == 0) + return ret && ok; + /* Fall back to ordinary passwd authentication. */ } #endif + +#ifdef USE_PAM + if (options.use_pam) + return (sshpam_auth_passwd(authctxt, password) && ok); +#endif return (sys_auth_passwd(authctxt, password) && ok); } diff --git a/crypto/external/bsd/openssh/dist/auth-rh-rsa.c b/crypto/external/bsd/openssh/dist/auth-rh-rsa.c deleted file mode 100644 index df11da71fdc1..000000000000 --- a/crypto/external/bsd/openssh/dist/auth-rh-rsa.c +++ /dev/null @@ -1,106 +0,0 @@ -/* $NetBSD: auth-rh-rsa.c,v 1.7 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: auth-rh-rsa.c,v 1.45 2016/03/07 19:02:43 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Rhosts or /etc/hosts.equiv authentication combined with RSA host - * authentication. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" -__RCSID("$NetBSD: auth-rh-rsa.c,v 1.7 2016/08/02 13:45:12 christos Exp $"); -#include - -#include -#include - -#include "packet.h" -#include "uidswap.h" -#include "log.h" -#include "buffer.h" -#include "misc.h" -#include "servconf.h" -#include "key.h" -#include "hostfile.h" -#include "pathnames.h" -#include "auth.h" -#include "canohost.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" - -/* import */ -extern ServerOptions options; - -int -auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *cuser, - const char *chost, Key *client_host_key) -{ - HostStatus host_status; - - if (auth_key_is_revoked(client_host_key)) - return 0; - - /* Check if we would accept it using rhosts authentication. */ - if (!auth_rhosts(pw, cuser)) - return 0; - - host_status = check_key_in_hostfiles(pw, client_host_key, - chost, _PATH_SSH_SYSTEM_HOSTFILE, - options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); - - return (host_status == HOST_OK); -} - -/* - * Tries to authenticate the user using the .rhosts file and the host using - * its host key. Returns true if authentication succeeds. - */ -int -auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) -{ - struct ssh *ssh = active_state; /* XXX */ - const char *chost; - struct passwd *pw = authctxt->pw; - - debug("Trying rhosts with RSA host authentication for client user %.100s", - cuser); - - if (!authctxt->valid || client_host_key == NULL || - client_host_key->rsa == NULL) - return 0; - - chost = auth_get_canonical_hostname(ssh, options.use_dns); - debug("Rhosts RSA authentication: canonical host %.900s", chost); - - if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) { - debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); - packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); - return 0; - } - /* A matching host key was found and is known. */ - - /* Perform the challenge-response dialog with the client for the host key. */ - if (!auth_rsa_challenge_dialog(client_host_key)) { - logit("Client on %.800s failed to respond correctly to host authentication.", - chost); - return 0; - } - /* - * We have authenticated the user using .rhosts or /etc/hosts.equiv, - * and the host using RSA. We accept the authentication. - */ - - verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", - pw->pw_name, cuser, chost); - packet_send_debug("Rhosts with RSA host authentication accepted."); - return 1; -} diff --git a/crypto/external/bsd/openssh/dist/auth-rhosts.c b/crypto/external/bsd/openssh/dist/auth-rhosts.c index 6806cb14b75b..7d885591cf16 100644 --- a/crypto/external/bsd/openssh/dist/auth-rhosts.c +++ b/crypto/external/bsd/openssh/dist/auth-rhosts.c @@ -1,5 +1,6 @@ -/* $NetBSD: auth-rhosts.c,v 1.6 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: auth-rhosts.c,v 1.47 2016/03/07 19:02:43 djm Exp $ */ +/* $NetBSD: auth-rhosts.c,v 1.7 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.48 2016/08/13 17:47:41 markus Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-rhosts.c,v 1.6 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth-rhosts.c,v 1.7 2016/12/25 00:07:46 christos Exp $"); #include #include @@ -185,20 +186,8 @@ check_rhosts_file(const char *filename, const char *hostname, * true if authentication succeeds. If ignore_rhosts is true, only * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored). */ - int -auth_rhosts(struct passwd *pw, const char *client_user) -{ - struct ssh *ssh = active_state; /* XXX */ - const char *hostname, *ipaddr; - - hostname = auth_get_canonical_hostname(ssh, options.use_dns); - ipaddr = ssh_remote_ipaddr(ssh); - return auth_rhosts2(pw, client_user, hostname, ipaddr); -} - -static int -auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostname, +auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, const char *ipaddr) { char buf[1024]; @@ -334,10 +323,3 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam restore_uid(); return 0; } - -int -auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, - const char *ipaddr) -{ - return auth_rhosts2_raw(pw, client_user, hostname, ipaddr); -} diff --git a/crypto/external/bsd/openssh/dist/auth-rsa.c b/crypto/external/bsd/openssh/dist/auth-rsa.c deleted file mode 100644 index e7378985f6dc..000000000000 --- a/crypto/external/bsd/openssh/dist/auth-rsa.c +++ /dev/null @@ -1,431 +0,0 @@ -/* $NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * RSA-based authentication. This code determines whether to admit a login - * based on RSA authentication. This file also contains functions to check - * validity of the host key. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" -__RCSID("$NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $"); -#include -#include - -#include - -#include -#include -#include - -#include "xmalloc.h" -#include "rsa.h" -#include "packet.h" -#include "ssh1.h" -#include "uidswap.h" -#include "match.h" -#include "buffer.h" -#include "pathnames.h" -#include "log.h" -#include "misc.h" -#include "servconf.h" -#include "key.h" -#include "auth-options.h" -#include "hostfile.h" -#include "auth.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" -#include "ssh.h" - -#include "digest.h" - -/* import */ -extern ServerOptions options; - -/* - * Session identifier that is used to bind key exchange and authentication - * responses to a particular session. - */ -extern u_char session_id[16]; - -/* - * The .ssh/authorized_keys file contains public keys, one per line, in the - * following format: - * options bits e n comment - * where bits, e and n are decimal numbers, - * and comment is any string of characters up to newline. The maximum - * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a - * description of the options. - */ - -BIGNUM * -auth_rsa_generate_challenge(Key *key) -{ - BIGNUM *challenge; - BN_CTX *ctx; - - if ((challenge = BN_new()) == NULL) - fatal("auth_rsa_generate_challenge: BN_new() failed"); - /* Generate a random challenge. */ - if (BN_rand(challenge, 256, 0, 0) == 0) - fatal("auth_rsa_generate_challenge: BN_rand failed"); - if ((ctx = BN_CTX_new()) == NULL) - fatal("auth_rsa_generate_challenge: BN_CTX_new failed"); - if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0) - fatal("auth_rsa_generate_challenge: BN_mod failed"); - BN_CTX_free(ctx); - - return challenge; -} - -int -auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) -{ - u_char buf[32], mdbuf[16]; - struct ssh_digest_ctx *md; - int len; - - /* don't allow short keys */ - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - error("%s: RSA modulus too small: %d < minimum %d bits", - __func__, - BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); - return (0); - } - - /* The response is MD5 of decrypted challenge plus session id. */ - len = BN_num_bytes(challenge); - if (len <= 0 || len > 32) - fatal("%s: bad challenge length %d", __func__, len); - memset(buf, 0, 32); - BN_bn2bin(challenge, buf + 32 - len); - if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || - ssh_digest_update(md, buf, 32) < 0 || - ssh_digest_update(md, session_id, 16) < 0 || - ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) - fatal("%s: md5 failed", __func__); - ssh_digest_free(md); - - /* Verify that the response is the original challenge. */ - if (timingsafe_bcmp(response, mdbuf, 16) != 0) { - /* Wrong answer. */ - return (0); - } - /* Correct answer. */ - return (1); -} - -/* - * Performs the RSA authentication challenge-response dialog with the client, - * and returns true (non-zero) if the client gave the correct answer to - * our challenge; returns zero if the client gives a wrong answer. - */ - -int -auth_rsa_challenge_dialog(Key *key) -{ - BIGNUM *challenge, *encrypted_challenge; - u_char response[16]; - int i, success; - - if ((encrypted_challenge = BN_new()) == NULL) - fatal("auth_rsa_challenge_dialog: BN_new() failed"); - - challenge = PRIVSEP(auth_rsa_generate_challenge(key)); - - /* Encrypt the challenge with the public key. */ - if (rsa_public_encrypt(encrypted_challenge, challenge, key->rsa) != 0) - fatal("%s: rsa_public_encrypt failed", __func__); - - /* Send the encrypted challenge to the client. */ - packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); - packet_put_bignum(encrypted_challenge); - packet_send(); - BN_clear_free(encrypted_challenge); - packet_write_wait(); - - /* Wait for a response. */ - packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE); - for (i = 0; i < 16; i++) - response[i] = (u_char)packet_get_char(); - packet_check_eom(); - - success = PRIVSEP(auth_rsa_verify_response(key, challenge, response)); - BN_clear_free(challenge); - return (success); -} - -static int -rsa_key_allowed_in_file(struct passwd *pw, char *file, - const BIGNUM *client_n, Key **rkey) -{ - char *fp, line[SSH_MAX_PUBKEY_BYTES]; - int allowed = 0; - u_int bits; - FILE *f; - u_long linenum = 0; - Key *key; - - debug("trying public RSA key file %s", file); - if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) - return 0; - - /* - * Go though the accepted keys, looking for the current key. If - * found, perform a challenge-response dialog to verify that the - * user really has the corresponding private key. - */ - key = key_new(KEY_RSA1); - while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { - char *cp; - char *key_options; - int keybits; - - /* Skip leading whitespace, empty and comment lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '\n' || *cp == '#') - continue; - - /* - * Check if there are options for this key, and if so, - * save their starting address and skip the option part - * for now. If there are no options, set the starting - * address to NULL. - */ - if (*cp < '0' || *cp > '9') { - int quoted = 0; - key_options = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - } else - key_options = NULL; - - /* Parse the key from the line. */ - if (hostfile_read_key(&cp, &bits, key) == 0) { - debug("%.100s, line %lu: non ssh1 key syntax", - file, linenum); - continue; - } - /* cp now points to the comment part. */ - - /* - * Check if the we have found the desired key (identified - * by its modulus). - */ - if (BN_cmp(key->rsa->n, client_n) != 0) - continue; - - /* check the real bits */ - keybits = BN_num_bits(key->rsa->n); - if (keybits < 0 || bits != (u_int)keybits) - logit("Warning: %s, line %lu: keysize mismatch: " - "actual %d vs. announced %d.", - file, linenum, BN_num_bits(key->rsa->n), bits); - - if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, - SSH_FP_DEFAULT)) == NULL) - continue; - debug("matching key found: file %s, line %lu %s %s", - file, linenum, key_type(key), fp); - free(fp); - - /* Never accept a revoked key */ - if (auth_key_is_revoked(key)) - break; - - /* We have found the desired key. */ - /* - * If our options do not allow this key to be used, - * do not send challenge. - */ - if (!auth_parse_options(pw, key_options, file, linenum)) - continue; - if (key_is_cert_authority) - continue; - /* break out, this key is allowed */ - allowed = 1; - break; - } - - /* Close the file. */ - fclose(f); - - /* return key if allowed */ - if (allowed && rkey != NULL) - *rkey = key; - else - key_free(key); - - return allowed; -} - -/* - * check if there's user key matching client_n, - * return key if login is allowed, NULL otherwise - */ - -int -auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) -{ - char *file; - u_int i, allowed = 0; - - temporarily_use_uid(pw); - -#ifdef WITH_LDAP_PUBKEY - if (options.lpk.on) { - u_int bits; - ldap_key_t *k; - /* here is the job */ - Key *key = key_new(KEY_RSA1); - - debug("[LDAP] trying LDAP first uid=%s", pw->pw_name); - if ( ldap_ismember(&options.lpk, pw->pw_name) > 0) { - if ( (k = ldap_getuserkey(&options.lpk, pw->pw_name)) != NULL) { - for (i = 0 ; i < k->num ; i++) { - char *cp, *xoptions = NULL; - - for (cp = k->keys[i]->bv_val; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '\n' || *cp == '#') - continue; - - /* - * Check if there are options for this key, and if so, - * save their starting address and skip the option part - * for now. If there are no options, set the starting - * address to NULL. - */ - if (*cp < '0' || *cp > '9') { - int quoted = 0; - xoptions = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - } else - xoptions = NULL; - - /* Parse the key from the line. */ - if (hostfile_read_key(&cp, &bits, key) == 0) { - debug("[LDAP] line %d: non ssh1 key syntax", i); - continue; - } - /* cp now points to the comment part. */ - - /* Check if the we have found the desired key (identified by its modulus). */ - if (BN_cmp(key->rsa->n, client_n) != 0) - continue; - - /* check the real bits */ - if (bits != (unsigned int)BN_num_bits(key->rsa->n)) - logit("[LDAP] Warning: ldap, line %lu: keysize mismatch: " - "actual %d vs. announced %d.", (unsigned long)i, BN_num_bits(key->rsa->n), bits); - - /* We have found the desired key. */ - /* - * If our options do not allow this key to be used, - * do not send challenge. - */ - if (!auth_parse_options(pw, xoptions, "[LDAP]", (unsigned long) i)) - continue; - - /* break out, this key is allowed */ - allowed = 1; - - /* add the return stuff etc... */ - /* Restore the privileged uid. */ - restore_uid(); - - /* return key if allowed */ - if (allowed && rkey != NULL) - *rkey = key; - else - key_free(key); - - ldap_keys_free(k); - return (allowed); - } - } else { - logit("[LDAP] no keys found for '%s'!", pw->pw_name); - } - } else { - logit("[LDAP] '%s' is not in '%s'", pw->pw_name, options.lpk.sgroup); - } - } -#endif - - for (i = 0; !allowed && i < options.num_authkeys_files; i++) { - if (strcasecmp(options.authorized_keys_files[i], "none") == 0) - continue; - file = expand_authorized_keys( - options.authorized_keys_files[i], pw); - allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); - free(file); - } - - restore_uid(); - - return allowed; -} - -/* - * Performs the RSA authentication dialog with the client. This returns - * 0 if the client could not be authenticated, and 1 if authentication was - * successful. This may exit if there is a serious protocol violation. - */ -int -auth_rsa(Authctxt *authctxt, BIGNUM *client_n) -{ - Key *key; - struct passwd *pw = authctxt->pw; - - /* no user given */ - if (!authctxt->valid) - return 0; - - if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { - auth_clear_options(); - return (0); - } - - /* Perform the challenge-response dialog for this key. */ - if (!auth_rsa_challenge_dialog(key)) { - /* Wrong response. */ - verbose("Wrong response to RSA authentication challenge."); - packet_send_debug("Wrong response to RSA authentication challenge."); - /* - * Break out of the loop. Otherwise we might send - * another challenge and break the protocol. - */ - key_free(key); - return (0); - } - /* - * Correct response. The client has been successfully - * authenticated. Note that we have not yet processed the - * options; this will be reset if the options cause the - * authentication to be rejected. - */ - pubkey_auth_info(authctxt, key, NULL); - - packet_send_debug("RSA authentication accepted."); - return (1); -} diff --git a/crypto/external/bsd/openssh/dist/auth-skey.c b/crypto/external/bsd/openssh/dist/auth-skey.c index c0394c31dc36..11fdf9749e46 100644 --- a/crypto/external/bsd/openssh/dist/auth-skey.c +++ b/crypto/external/bsd/openssh/dist/auth-skey.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth-skey.c,v 1.4 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -24,7 +24,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: auth-skey.c,v 1.4 2016/12/25 00:07:46 christos Exp $"); #ifdef SKEY diff --git a/crypto/external/bsd/openssh/dist/auth.c b/crypto/external/bsd/openssh/dist/auth.c index d36e9c6b9bc9..a4fb721c8874 100644 --- a/crypto/external/bsd/openssh/dist/auth.c +++ b/crypto/external/bsd/openssh/dist/auth.c @@ -1,5 +1,6 @@ -/* $NetBSD: auth.c,v 1.17 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: auth.c,v 1.115 2016/06/15 00:40:40 dtucker Exp $ */ +/* $NetBSD: auth.c,v 1.18 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: auth.c,v 1.119 2016/12/15 21:29:05 dtucker Exp $ */ + /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth.c,v 1.17 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth.c,v 1.18 2016/12/25 00:07:46 christos Exp $"); #include #include #include @@ -100,6 +101,7 @@ allowed_user(struct passwd * pw) struct ssh *ssh = active_state; /* XXX */ struct stat st; const char *hostname = NULL, *ipaddr = NULL; + int r; u_int i; /* Shouldn't be called if pw is NULL, but better safe than sorry... */ @@ -253,21 +255,31 @@ allowed_user(struct passwd * pw) /* Return false if user is listed in DenyUsers */ if (options.num_deny_users > 0) { - for (i = 0; i < options.num_deny_users; i++) - if (match_user(pw->pw_name, hostname, ipaddr, - options.deny_users[i])) { + for (i = 0; i < options.num_deny_users; i++) { + r = match_user(pw->pw_name, hostname, ipaddr, + options.deny_users[i]); + if (r < 0) { + fatal("Invalid DenyUsers pattern \"%.100s\"", + options.deny_users[i]); + } else if (r != 0) { logit("User %.100s from %.100s not allowed " "because listed in DenyUsers", pw->pw_name, hostname); return 0; } + } } /* Return false if AllowUsers isn't empty and user isn't listed there */ if (options.num_allow_users > 0) { - for (i = 0; i < options.num_allow_users; i++) - if (match_user(pw->pw_name, hostname, ipaddr, - options.allow_users[i])) + for (i = 0; i < options.num_allow_users; i++) { + r = match_user(pw->pw_name, hostname, ipaddr, + options.allow_users[i]); + if (r < 0) { + fatal("Invalid AllowUsers pattern \"%.100s\"", + options.allow_users[i]); + } else if (r == 1) break; + } /* i < options.num_allow_users iff we break for loop */ if (i >= options.num_allow_users) { logit("User %.100s from %.100s not allowed because " @@ -354,7 +366,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, else authmsg = authenticated ? "Accepted" : "Failed"; - authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", + authlog("%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", authmsg, method, submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, @@ -362,7 +374,6 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - compat20 ? "ssh2" : "ssh1", authctxt->info != NULL ? ": " : "", authctxt->info != NULL ? authctxt->info : ""); if (!authctxt->postponed) @@ -377,12 +388,11 @@ auth_maxtries_exceeded(Authctxt *authctxt) struct ssh *ssh = active_state; /* XXX */ error("maximum authentication attempts exceeded for " - "%s%.100s from %.200s port %d %s", + "%s%.100s from %.200s port %d ssh2", authctxt->valid ? "" : "invalid user ", authctxt->user, ssh_remote_ipaddr(ssh), - ssh_remote_port(ssh), - compat20 ? "ssh2" : "ssh1"); + ssh_remote_port(ssh)); packet_disconnect("Too many authentication failures"); /* NOTREACHED */ } diff --git a/crypto/external/bsd/openssh/dist/auth.h b/crypto/external/bsd/openssh/dist/auth.h index bff2e92e0431..9f53d8b4dbfe 100644 --- a/crypto/external/bsd/openssh/dist/auth.h +++ b/crypto/external/bsd/openssh/dist/auth.h @@ -1,5 +1,5 @@ -/* $NetBSD: auth.h,v 1.13 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: auth.h,v 1.88 2016/05/04 14:04:40 markus Exp $ */ +/* $NetBSD: auth.h,v 1.14 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: auth.h,v 1.89 2016/08/13 17:47:41 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -119,21 +119,11 @@ struct KbdintDevice void (*free_ctx)(void *ctx); }; -void disable_forwarding(void); -int auth_rhosts(struct passwd *, const char *); int auth_rhosts2(struct passwd *, const char *, const char *, const char *); -int auth_rhosts_rsa(Authctxt *, char *, Key *); int auth_password(Authctxt *, const char *); -int auth_rsa(Authctxt *, BIGNUM *); -int auth_rsa_challenge_dialog(Key *); -BIGNUM *auth_rsa_generate_challenge(Key *); -int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); -int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); -int auth_rhosts_rsa_key_allowed(struct passwd *, const char *, - const char *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); int user_key_allowed(struct passwd *, Key *, int); void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) @@ -166,7 +156,6 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ -void do_authentication(Authctxt *); void do_authentication2(Authctxt *); void auth_info(Authctxt *authctxt, const char *, ...) @@ -193,9 +182,6 @@ int bsdauth_respond(void *, u_int, char **); int allowed_user(struct passwd *); struct passwd * getpwnamallow(const char *user); -char *get_challenge(Authctxt *); -int verify_response(Authctxt *, const char *); - char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); @@ -215,7 +201,6 @@ Key *get_hostkey_public_by_index(int, struct ssh *); Key *get_hostkey_public_by_type(int, int, struct ssh *); Key *get_hostkey_private_by_type(int, int, struct ssh *); int get_hostkey_index(Key *, int, struct ssh *); -int ssh1_session_key(BIGNUM *); int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, const u_char *, size_t, const char *, u_int); @@ -224,6 +209,8 @@ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); void auth_debug_send(void); void auth_debug_reset(void); +void disable_forwarding(void); + struct passwd *fakepw(void); #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" diff --git a/crypto/external/bsd/openssh/dist/auth1.c b/crypto/external/bsd/openssh/dist/auth1.c deleted file mode 100644 index dde32702f5a2..000000000000 --- a/crypto/external/bsd/openssh/dist/auth1.c +++ /dev/null @@ -1,474 +0,0 @@ -/* $NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $ */ -/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */ -/* - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" -__RCSID("$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $"); -#include -#include - -#include -#include -#include -#include - -#include "xmalloc.h" -#include "rsa.h" -#include "ssh1.h" -#include "packet.h" -#include "buffer.h" -#include "log.h" -#include "misc.h" -#include "servconf.h" -#include "compat.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" -#include "channels.h" -#include "session.h" -#include "uidswap.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" -#include "buffer.h" -#include "pfilter.h" - -/* import */ -extern ServerOptions options; -extern Buffer loginmsg; - -static int auth1_process_password(Authctxt *); -static int auth1_process_rsa(Authctxt *); -static int auth1_process_rhosts_rsa(Authctxt *); -static int auth1_process_tis_challenge(Authctxt *); -static int auth1_process_tis_response(Authctxt *); -#if defined(KRB4) || defined(KRB5) -static int auth1_process_kerberos(Authctxt *); -#endif - -struct AuthMethod1 { - int type; - const char *name; - int *enabled; - int (*method)(Authctxt *); -}; - -const struct AuthMethod1 auth1_methods[] = { - { - SSH_CMSG_AUTH_PASSWORD, "password", - &options.password_authentication, auth1_process_password - }, - { - SSH_CMSG_AUTH_RSA, "rsa", - &options.rsa_authentication, auth1_process_rsa - }, - { - SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa", - &options.rhosts_rsa_authentication, auth1_process_rhosts_rsa - }, - { - SSH_CMSG_AUTH_TIS, "challenge-response", - &options.challenge_response_authentication, - auth1_process_tis_challenge - }, - { - SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response", - &options.challenge_response_authentication, - auth1_process_tis_response - }, -#if defined(KRB4) || defined(KRB5) - { - SSH_CMSG_AUTH_KERBEROS, "kerberos", - &options.kerberos_authentication, - auth1_process_kerberos - }, -#endif /* KRB4 || KRB5 */ - { -1, NULL, NULL, NULL} -}; - -static const struct AuthMethod1 -*lookup_authmethod1(int type) -{ - int i; - - for (i = 0; auth1_methods[i].name != NULL; i++) - if (auth1_methods[i].type == type) - return (&(auth1_methods[i])); - - return (NULL); -} - -static const char * -get_authname(int type) -{ - const struct AuthMethod1 *a; - static char buf[64]; - - if ((a = lookup_authmethod1(type)) != NULL) - return (a->name); - snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type); - return (buf); -} - -/*ARGSUSED*/ -static int -auth1_process_password(Authctxt *authctxt) -{ - int authenticated = 0; - char *password; - u_int dlen; - - /* - * Read user password. It is in plain text, but was - * transmitted over the encrypted channel so it is - * not visible to an outside observer. - */ - password = packet_get_string(&dlen); - packet_check_eom(); - - /* Try authentication with the password. */ - authenticated = PRIVSEP(auth_password(authctxt, password)); - - explicit_bzero(password, dlen); - free(password); - - return (authenticated); -} - -#if defined(KRB4) || defined(KRB5) -static int -auth1_process_kerberos(Authctxt *authctxt) -{ - int authenticated = 0; - u_int dlen; - char *client_user; - char *kdata = packet_get_string(&dlen); - packet_check_eom(); - - if (kdata[0] == 4) { /* KRB_PROT_VERSION */ -#ifdef KRB4 - KTEXT_ST tkt, reply; - tkt.length = dlen; - if (tkt.length < MAX_KTXT_LEN) - memcpy(tkt.dat, kdata, tkt.length); - - if (PRIVSEP(auth_krb4(authctxt, &tkt, &client_user, &reply))) { - authenticated = 1; - - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *) - reply.dat, reply.length); - packet_send(); - packet_write_wait(); - - free(client_user); - } -#endif /* KRB4 */ - } else { -#ifdef KRB5 - krb5_data tkt, reply; - tkt.length = dlen; - tkt.data = kdata; - - if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) { - authenticated = 1; - - /* Send response to client */ - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *)reply.data, reply.length); - packet_send(); - packet_write_wait(); - - if (reply.length) - free(reply.data); - free(client_user); - } -#endif /* KRB5 */ - } - free(kdata); - return authenticated; -} -#endif /* KRB4 || KRB5 */ - -/*ARGSUSED*/ -static int -auth1_process_rhosts_rsa(Authctxt *authctxt) -{ - int keybits, authenticated = 0; - u_int bits; - char *client_user; - Key *client_host_key; - u_int ulen; - - /* - * Get client user name. Note that we just have to - * trust the client; root on the client machine can - * claim to be any user. - */ - client_user = packet_get_cstring(&ulen); - - /* Get the client host key. */ - client_host_key = key_new(KEY_RSA1); - bits = packet_get_int(); - packet_get_bignum(client_host_key->rsa->e); - packet_get_bignum(client_host_key->rsa->n); - - keybits = BN_num_bits(client_host_key->rsa->n); - if (keybits < 0 || bits != (u_int)keybits) { - verbose("Warning: keysize mismatch for client_host_key: " - "actual %d, announced %d", - BN_num_bits(client_host_key->rsa->n), bits); - } - packet_check_eom(); - - authenticated = auth_rhosts_rsa(authctxt, client_user, - client_host_key); - key_free(client_host_key); - - auth_info(authctxt, "ruser %.100s", client_user); - free(client_user); - - return (authenticated); -} - -/*ARGSUSED*/ -static int -auth1_process_rsa(Authctxt *authctxt) -{ - int authenticated = 0; - BIGNUM *n; - - /* RSA authentication requested. */ - if ((n = BN_new()) == NULL) - fatal("do_authloop: BN_new failed"); - packet_get_bignum(n); - packet_check_eom(); - authenticated = auth_rsa(authctxt, n); - BN_clear_free(n); - - return (authenticated); -} - -/*ARGSUSED*/ -static int -auth1_process_tis_challenge(Authctxt *authctxt) -{ - char *challenge; - - if ((challenge = get_challenge(authctxt)) == NULL) - return (0); - - debug("sending challenge '%s'", challenge); - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_cstring(challenge); - free(challenge); - packet_send(); - packet_write_wait(); - - return (-1); -} - -/*ARGSUSED*/ -static int -auth1_process_tis_response(Authctxt *authctxt) -{ - int authenticated = 0; - char *response; - u_int dlen; - - response = packet_get_string(&dlen); - packet_check_eom(); - authenticated = verify_response(authctxt, response); - explicit_bzero(response, dlen); - free(response); - - return (authenticated); -} - -/* - * read packets, try to authenticate the user and - * return only if authentication is successful - */ -static void -do_authloop(Authctxt *authctxt) -{ - int authenticated = 0; - int type = 0; - const struct AuthMethod1 *meth; - - debug("Attempting authentication for %s%.100s.", - authctxt->valid ? "" : "invalid user ", authctxt->user); - - /* If the user has no password, accept authentication immediately. */ - if (options.permit_empty_passwd && options.password_authentication && -#if defined(KRB4) || defined(KRB5) - (!options.kerberos_authentication || options.kerberos_or_local_passwd) && -#endif - PRIVSEP(auth_password(authctxt, __UNCONST("")))) { -#ifdef USE_PAM - if (options.use_pam && PRIVSEP(do_pam_account())) -#endif - { - auth_log(authctxt, 1, 0, "without authentication", - NULL); - return; - } - return; - } - - /* Indicate that authentication is needed. */ - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - - for (;;) { - /* default to fail */ - authenticated = 0; - - - /* Get a packet from the client. */ - type = packet_read(); - if (authctxt->failures >= options.max_authtries) - goto skip; - if ((meth = lookup_authmethod1(type)) == NULL) { - logit("Unknown message during authentication: " - "type %d", type); - goto skip; - } - - if (!*(meth->enabled)) { - verbose("%s authentication disabled.", meth->name); - goto skip; - } - - authenticated = meth->method(authctxt); - if (authenticated == -1) - continue; /* "postponed" */ - -#ifdef BSD_AUTH - if (authctxt->as) { - auth_close(authctxt->as); - authctxt->as = NULL; - } -#endif - if (!authctxt->valid && authenticated) - fatal("INTERNAL ERROR: authenticated invalid user %s", - authctxt->user); - - /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(meth->name)) - authenticated = 0; - -#ifdef USE_PAM - if (options.use_pam && authenticated && - !PRIVSEP(do_pam_account())) { - char *msg; - size_t len; - - pfilter_notify(1); - error("Access denied for user %s by PAM account " - "configuration", authctxt->user); - len = buffer_len(&loginmsg); - buffer_append(&loginmsg, "\0", 1); - msg = (char *)buffer_ptr(&loginmsg); - /* strip trailing newlines */ - if (len > 0) - while (len > 0 && msg[--len] == '\n') - msg[len] = '\0'; - else - msg = __UNCONST("Access denied."); - packet_disconnect("%s", msg); - } -#endif - - skip: - /* Log before sending the reply */ - auth_log(authctxt, authenticated, 0, get_authname(type), NULL); - - if (authenticated) - return; - - if (++authctxt->failures >= options.max_authtries) - auth_maxtries_exceeded(authctxt); - - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - } -} - -/* - * Performs authentication of an incoming connection. Session key has already - * been exchanged and encryption is enabled. - */ -void -do_authentication(Authctxt *authctxt) -{ - u_int ulen; - char *user, *style = NULL; - - /* Get the name of the user that we wish to log in as. */ - packet_read_expect(SSH_CMSG_USER); - - /* Get the user name. */ - user = packet_get_cstring(&ulen); - packet_check_eom(); - - if ((style = strchr(user, ':')) != NULL) - *style++ = '\0'; - - authctxt->user = user; - authctxt->style = style; - - /* Verify that the user is a valid user. */ - if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) - authctxt->valid = 1; - else { - debug("do_authentication: invalid user %s", user); - authctxt->pw = fakepw(); - pfilter_notify(1); - } - - /* Configuration may have changed as a result of Match */ - if (options.num_auth_methods != 0) - fatal("AuthenticationMethods is not supported with SSH " - "protocol 1"); - - setproctitle("%s%s", authctxt->valid ? user : "unknown", - use_privsep ? " [net]" : ""); - -#ifdef USE_PAM - if (options.use_pam) - PRIVSEP(start_pam(authctxt)); -#endif - - /* - * If we are not running as root, the user must have the same uid as - * the server. - */ - if (!use_privsep && getuid() != 0 && authctxt->pw && - authctxt->pw->pw_uid != getuid()) - packet_disconnect("Cannot change user when server not running as root."); - - /* - * Loop until the user has been authenticated or the connection is - * closed, do_authloop() returns only if authentication is successful - */ - do_authloop(authctxt); - - /* The user has been authenticated and accepted. */ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -} diff --git a/crypto/external/bsd/openssh/dist/auth2-chall.c b/crypto/external/bsd/openssh/dist/auth2-chall.c index 3a83d8646763..a442f4568c44 100644 --- a/crypto/external/bsd/openssh/dist/auth2-chall.c +++ b/crypto/external/bsd/openssh/dist/auth2-chall.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-chall.c,v 1.10 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: auth2-chall.c,v 1.11 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth2-chall.c,v 1.44 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-chall.c,v 1.10 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth2-chall.c,v 1.11 2016/12/25 00:07:46 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/auth2-gss.c b/crypto/external/bsd/openssh/dist/auth2-gss.c index a9029351dc79..cef934dccf29 100644 --- a/crypto/external/bsd/openssh/dist/auth2-gss.c +++ b/crypto/external/bsd/openssh/dist/auth2-gss.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-gss.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth2-gss.c,v 1.9 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-gss.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: auth2-gss.c,v 1.9 2016/12/25 00:07:46 christos Exp $"); #ifdef GSSAPI diff --git a/crypto/external/bsd/openssh/dist/auth2-hostbased.c b/crypto/external/bsd/openssh/dist/auth2-hostbased.c index 14df38b98803..8bb3284061e9 100644 --- a/crypto/external/bsd/openssh/dist/auth2-hostbased.c +++ b/crypto/external/bsd/openssh/dist/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-hostbased.c,v 1.9 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: auth2-hostbased.c,v 1.10 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth2-hostbased.c,v 1.26 2016/03/07 19:02:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-hostbased.c,v 1.9 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth2-hostbased.c,v 1.10 2016/12/25 00:07:46 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/auth2-kbdint.c b/crypto/external/bsd/openssh/dist/auth2-kbdint.c index 70acc2409eac..cf2862f73bbb 100644 --- a/crypto/external/bsd/openssh/dist/auth2-kbdint.c +++ b/crypto/external/bsd/openssh/dist/auth2-kbdint.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-kbdint.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth2-kbdint.c,v 1.6 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-kbdint.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: auth2-kbdint.c,v 1.6 2016/12/25 00:07:46 christos Exp $"); #include #include "xmalloc.h" diff --git a/crypto/external/bsd/openssh/dist/auth2-krb5.c b/crypto/external/bsd/openssh/dist/auth2-krb5.c index 23d3e04580ff..435c1da557e6 100644 --- a/crypto/external/bsd/openssh/dist/auth2-krb5.c +++ b/crypto/external/bsd/openssh/dist/auth2-krb5.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-krb5.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth2-krb5.c,v 1.5 2016/12/25 00:07:46 christos Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -24,7 +24,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-krb5.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: auth2-krb5.c,v 1.5 2016/12/25 00:07:46 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/auth2-none.c b/crypto/external/bsd/openssh/dist/auth2-none.c index c8b9028bf664..a8167880b682 100644 --- a/crypto/external/bsd/openssh/dist/auth2-none.c +++ b/crypto/external/bsd/openssh/dist/auth2-none.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-none.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth2-none.c,v 1.6 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth2-none.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-none.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: auth2-none.c,v 1.6 2016/12/25 00:07:46 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/auth2-passwd.c b/crypto/external/bsd/openssh/dist/auth2-passwd.c index 47f8209e9460..b931319af16b 100644 --- a/crypto/external/bsd/openssh/dist/auth2-passwd.c +++ b/crypto/external/bsd/openssh/dist/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-passwd.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth2-passwd.c,v 1.6 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-passwd.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: auth2-passwd.c,v 1.6 2016/12/25 00:07:46 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/auth2-pubkey.c b/crypto/external/bsd/openssh/dist/auth2-pubkey.c index b42ba48b568f..774977e0f7d9 100644 --- a/crypto/external/bsd/openssh/dist/auth2-pubkey.c +++ b/crypto/external/bsd/openssh/dist/auth2-pubkey.c @@ -1,5 +1,5 @@ -/* $NetBSD: auth2-pubkey.c,v 1.14 2016/03/11 01:55:00 christos Exp $ */ -/* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */ +/* $NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-pubkey.c,v 1.14 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $"); #include #include #include @@ -569,7 +569,7 @@ match_principals_option(const char *principal_list, struct sshkey_cert *cert) static int process_principals(FILE *f, char *file, struct passwd *pw, - struct sshkey_cert *cert) + const struct sshkey_cert *cert) { char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; u_long linenum = 0; @@ -638,14 +638,17 @@ match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert) * returns 1 if the principal is allowed or 0 otherwise. */ static int -match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert) +match_principals_command(struct passwd *user_pw, const struct sshkey *key) { + const struct sshkey_cert *cert = key->cert; FILE *f = NULL; - int ok, found_principal = 0; + int r, ok, found_principal = 0; struct passwd *pw; int i, ac = 0, uid_swapped = 0; pid_t pid; char *tmp, *username = NULL, *command = NULL, **av = NULL; + char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL; + char serial_s[16]; void (*osigchld)(int); if (options.authorized_principals_command == NULL) @@ -683,10 +686,38 @@ match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert) command); goto out; } + if ((ca_fp = sshkey_fingerprint(cert->signature_key, + options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { + error("%s: sshkey_fingerprint failed", __func__); + goto out; + } + if ((key_fp = sshkey_fingerprint(key, + options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { + error("%s: sshkey_fingerprint failed", __func__); + goto out; + } + if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) { + error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); + goto out; + } + if ((r = sshkey_to_base64(key, &keytext)) != 0) { + error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); + goto out; + } + snprintf(serial_s, sizeof(serial_s), "%llu", + (unsigned long long)cert->serial); for (i = 1; i < ac; i++) { tmp = percent_expand(av[i], "u", user_pw->pw_name, "h", user_pw->pw_dir, + "t", sshkey_ssh_name(key), + "T", sshkey_ssh_name(cert->signature_key), + "f", key_fp, + "F", ca_fp, + "k", keytext, + "K", catext, + "i", cert->key_id, + "s", serial_s, (char *)NULL); if (tmp == NULL) fatal("%s: percent_expand failed", __func__); @@ -721,6 +752,10 @@ match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert) restore_uid(); free(command); free(username); + free(ca_fp); + free(key_fp); + free(catext); + free(keytext); return found_principal; } /* @@ -731,11 +766,9 @@ static int check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) { char line[SSH_MAX_PUBKEY_BYTES]; - const char *reason; int found_key = 0; u_long linenum = 0; Key *found; - char *fp; #ifdef WITH_LDAP_PUBKEY ldap_key_t * k; unsigned int i = 0; @@ -786,7 +819,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) auth_parse_options(pw, xoptions, file, linenum) == 1) { found_key = 1; debug("[LDAP] matching key found"); - fp = sshkey_fingerprint(found, SSH_FP_HASH_DEFAULT, SSH_FP_HEX); + char *fp = sshkey_fingerprint(found, SSH_FP_HASH_DEFAULT, SSH_FP_HEX); verbose("[LDAP] Found matching %s key: %s", key_type(found), fp); /* restoring memory */ @@ -818,7 +851,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) found = NULL; while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { - char *cp, *key_options = NULL; + char *cp, *key_options = NULL, *fp = NULL; + const char *reason = NULL; + if (found != NULL) key_free(found); found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); @@ -883,10 +918,8 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) authorized_principals == NULL ? pw->pw_name : NULL, &reason) != 0) goto fail_reason; - if (auth_cert_options(key, pw) != 0) { - free(fp); - continue; - } + if (auth_cert_options(key, pw, &reason) != 0) + goto fail_reason; verbose("Accepted certificate ID \"%s\" (serial %llu) " "signed by %s CA %s via %s", key->cert->key_id, (unsigned long long)key->cert->serial, @@ -949,7 +982,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) found_principal = 1; } /* Try querying command if specified */ - if (!found_principal && match_principals_command(pw, key->cert)) + if (!found_principal && match_principals_command(pw, key)) found_principal = 1; /* If principals file or command is specified, then require a match */ use_authorized_principals = principals_file != NULL || @@ -964,8 +997,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) if (key_cert_check_authority(key, 0, 1, use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) goto fail_reason; - if (auth_cert_options(key, pw) != 0) - goto out; + if (auth_cert_options(key, pw, &reason) != 0) + goto fail_reason; verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " "%s CA %s via %s", key->cert->key_id, diff --git a/crypto/external/bsd/openssh/dist/auth2.c b/crypto/external/bsd/openssh/dist/auth2.c index 6276efadcfe2..2428cb5acacf 100644 --- a/crypto/external/bsd/openssh/dist/auth2.c +++ b/crypto/external/bsd/openssh/dist/auth2.c @@ -1,4 +1,4 @@ -/* $NetBSD: auth2.c,v 1.12 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: auth2.c,v 1.13 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2.c,v 1.12 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: auth2.c,v 1.13 2016/12/25 00:07:46 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/authfd.c b/crypto/external/bsd/openssh/dist/authfd.c index 20d02452b864..7147c7a02d8d 100644 --- a/crypto/external/bsd/openssh/dist/authfd.c +++ b/crypto/external/bsd/openssh/dist/authfd.c @@ -1,4 +1,4 @@ -/* $NetBSD: authfd.c,v 1.11 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: authfd.c,v 1.12 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: authfd.c,v 1.100 2015/12/04 16:41:28 markus Exp $ */ /* @@ -38,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: authfd.c,v 1.11 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: authfd.c,v 1.12 2016/12/25 00:07:46 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/authfd.h b/crypto/external/bsd/openssh/dist/authfd.h index f466fbe43421..42109ae1366f 100644 --- a/crypto/external/bsd/openssh/dist/authfd.h +++ b/crypto/external/bsd/openssh/dist/authfd.h @@ -1,4 +1,4 @@ -/* $NetBSD: authfd.h,v 1.6 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: authfd.h,v 1.7 2016/12/25 00:07:46 christos Exp $ */ /* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/authfile.c b/crypto/external/bsd/openssh/dist/authfile.c index 892f65f6e691..46319e5a7455 100644 --- a/crypto/external/bsd/openssh/dist/authfile.c +++ b/crypto/external/bsd/openssh/dist/authfile.c @@ -1,5 +1,6 @@ -/* $NetBSD: authfile.c,v 1.14 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: authfile.c,v 1.121 2016/04/09 12:39:30 djm Exp $ */ +/* $NetBSD: authfile.c,v 1.15 2016/12/25 00:07:46 christos Exp $ */ +/* $OpenBSD: authfile.c,v 1.122 2016/11/25 23:24:45 djm Exp $ */ + /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -25,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: authfile.c,v 1.14 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: authfile.c,v 1.15 2016/12/25 00:07:46 christos Exp $"); #include #include #include @@ -100,13 +101,25 @@ sshkey_load_file(int fd, struct sshbuf *blob) u_char buf[1024]; size_t len; struct stat st; - int r; + int r, dontmax = 0; if (fstat(fd, &st) < 0) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) return SSH_ERR_INVALID_FORMAT; + /* + * Pre-allocate the buffer used for the key contents and clamp its + * maximum size. This ensures that key contents are never leaked via + * implicit realloc() in the sshbuf code. + */ + if ((st.st_mode & S_IFREG) == 0 || st.st_size <= 0) { + st.st_size = 64*1024; /* 64k should be enough for anyone :) */ + dontmax = 1; + } + if ((r = sshbuf_allocate(blob, st.st_size)) != 0 || + (dontmax && (r = sshbuf_set_max_size(blob, st.st_size)) != 0)) + return r; for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) diff --git a/crypto/external/bsd/openssh/dist/authfile.h b/crypto/external/bsd/openssh/dist/authfile.h index c758a081b68f..ef3646a1adf5 100644 --- a/crypto/external/bsd/openssh/dist/authfile.h +++ b/crypto/external/bsd/openssh/dist/authfile.h @@ -1,4 +1,4 @@ -/* $NetBSD: authfile.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: authfile.h,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c b/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c index c662742a6251..3496aab22074 100644 --- a/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c +++ b/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c @@ -16,7 +16,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: bcrypt_pbkdf.c,v 1.2 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: bcrypt_pbkdf.c,v 1.3 2016/12/25 00:07:47 christos Exp $"); #ifndef HAVE_BCRYPT_PBKDF diff --git a/crypto/external/bsd/openssh/dist/bitmap.c b/crypto/external/bsd/openssh/dist/bitmap.c index a89684f03733..34c5e3647552 100644 --- a/crypto/external/bsd/openssh/dist/bitmap.c +++ b/crypto/external/bsd/openssh/dist/bitmap.c @@ -1,4 +1,4 @@ -/* $NetBSD: bitmap.c,v 1.3 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: bitmap.c,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* * Copyright (c) 2015 Damien Miller * @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: bitmap.c,v 1.3 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: bitmap.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/bitmap.h b/crypto/external/bsd/openssh/dist/bitmap.h index 66a31137e61f..492f581a1892 100644 --- a/crypto/external/bsd/openssh/dist/bitmap.h +++ b/crypto/external/bsd/openssh/dist/bitmap.h @@ -1,4 +1,4 @@ -/* $NetBSD: bitmap.h,v 1.2 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: bitmap.h,v 1.3 2016/12/25 00:07:47 christos Exp $ */ /* * Copyright (c) 2015 Damien Miller diff --git a/crypto/external/bsd/openssh/dist/blocks.c b/crypto/external/bsd/openssh/dist/blocks.c index 8fb666baec84..8df54bd4cfce 100644 --- a/crypto/external/bsd/openssh/dist/blocks.c +++ b/crypto/external/bsd/openssh/dist/blocks.c @@ -5,7 +5,7 @@ * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c */ #include "includes.h" -__RCSID("$NetBSD: blocks.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: blocks.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include "crypto_api.h" diff --git a/crypto/external/bsd/openssh/dist/blowfish.c b/crypto/external/bsd/openssh/dist/blowfish.c index 052c6ac62839..ffc0349338fe 100644 --- a/crypto/external/bsd/openssh/dist/blowfish.c +++ b/crypto/external/bsd/openssh/dist/blowfish.c @@ -40,7 +40,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: blowfish.c,v 1.2 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: blowfish.c,v 1.3 2016/12/25 00:07:47 christos Exp $"); #if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) diff --git a/crypto/external/bsd/openssh/dist/bufaux.c b/crypto/external/bsd/openssh/dist/bufaux.c index b98fed20d52f..8fee323ad58f 100644 --- a/crypto/external/bsd/openssh/dist/bufaux.c +++ b/crypto/external/bsd/openssh/dist/bufaux.c @@ -1,4 +1,4 @@ -/* $NetBSD: bufaux.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: bufaux.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */ /* * Copyright (c) 2012 Damien Miller @@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: bufaux.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: bufaux.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ #include diff --git a/crypto/external/bsd/openssh/dist/bufbn.c b/crypto/external/bsd/openssh/dist/bufbn.c index 7c299e4b05a7..0dfd9e8a2c4e 100644 --- a/crypto/external/bsd/openssh/dist/bufbn.c +++ b/crypto/external/bsd/openssh/dist/bufbn.c @@ -1,4 +1,4 @@ -/* $NetBSD: bufbn.c,v 1.6 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: bufbn.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */ /* @@ -18,7 +18,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: bufbn.c,v 1.6 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: bufbn.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include "buffer.h" diff --git a/crypto/external/bsd/openssh/dist/bufec.c b/crypto/external/bsd/openssh/dist/bufec.c index 0dff8c265f8f..3403d34e3b91 100644 --- a/crypto/external/bsd/openssh/dist/bufec.c +++ b/crypto/external/bsd/openssh/dist/bufec.c @@ -1,4 +1,4 @@ -/* $NetBSD: bufec.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: bufec.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */ /* @@ -17,7 +17,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: bufec.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: bufec.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ diff --git a/crypto/external/bsd/openssh/dist/buffer.c b/crypto/external/bsd/openssh/dist/buffer.c index 69bb1a83257b..38dccfe7a6eb 100644 --- a/crypto/external/bsd/openssh/dist/buffer.c +++ b/crypto/external/bsd/openssh/dist/buffer.c @@ -1,4 +1,4 @@ -/* $NetBSD: buffer.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: buffer.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */ /* @@ -18,7 +18,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: buffer.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: buffer.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ diff --git a/crypto/external/bsd/openssh/dist/buffer.h b/crypto/external/bsd/openssh/dist/buffer.h index 98a7d9b8bf5d..87d65c873ff2 100644 --- a/crypto/external/bsd/openssh/dist/buffer.h +++ b/crypto/external/bsd/openssh/dist/buffer.h @@ -1,4 +1,4 @@ -/* $NetBSD: buffer.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: buffer.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: buffer.h,v 1.25 2014/04/30 05:29:56 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/canohost.c b/crypto/external/bsd/openssh/dist/canohost.c index b1b32d5ada71..43b98d67e14e 100644 --- a/crypto/external/bsd/openssh/dist/canohost.c +++ b/crypto/external/bsd/openssh/dist/canohost.c @@ -1,4 +1,4 @@ -/* $NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $ */ +/* $NetBSD: canohost.c,v 1.11 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen @@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $"); +__RCSID("$NetBSD: canohost.c,v 1.11 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/canohost.h b/crypto/external/bsd/openssh/dist/canohost.h index ef76fdf9ca10..f4af4a843a44 100644 --- a/crypto/external/bsd/openssh/dist/canohost.h +++ b/crypto/external/bsd/openssh/dist/canohost.h @@ -1,4 +1,4 @@ -/* $NetBSD: canohost.h,v 1.6 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: canohost.h,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: canohost.h,v 1.12 2016/03/07 19:02:43 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/chacha.c b/crypto/external/bsd/openssh/dist/chacha.c index d2b772c29f8e..da99aab9b610 100644 --- a/crypto/external/bsd/openssh/dist/chacha.c +++ b/crypto/external/bsd/openssh/dist/chacha.c @@ -5,7 +5,7 @@ Public domain. */ #include "includes.h" -__RCSID("$NetBSD: chacha.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: chacha.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include /* for NULL */ #include "chacha.h" diff --git a/crypto/external/bsd/openssh/dist/channels.c b/crypto/external/bsd/openssh/dist/channels.c index b030d51af67a..3f8fc7231e61 100644 --- a/crypto/external/bsd/openssh/dist/channels.c +++ b/crypto/external/bsd/openssh/dist/channels.c @@ -1,5 +1,6 @@ -/* $NetBSD: channels.c,v 1.16 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */ +/* $NetBSD: channels.c,v 1.17 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,10 +42,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: channels.c,v 1.16 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: channels.c,v 1.17 2016/12/25 00:07:47 christos Exp $"); #include #include -#include /* MIN MAX */ #include #include #include @@ -70,6 +70,7 @@ __RCSID("$NetBSD: channels.c,v 1.16 2016/08/02 13:45:12 christos Exp $"); #include "ssh.h" #include "ssh1.h" #include "ssh2.h" +#include "ssherr.h" #include "packet.h" #include "log.h" #include "misc.h" @@ -123,6 +124,7 @@ typedef struct { char *listen_host; /* Remote side should listen address. */ char *listen_path; /* Remote side should listen path. */ int listen_port; /* Remote side should listen port. */ + Channel *downstream; /* Downstream mux*/ } ForwardPermission; /* List of all permitted host/port pairs to connect by the user. */ @@ -186,6 +188,7 @@ static int IPv4or6 = AF_UNSPEC; /* helper */ static void port_open_helper(Channel *c, const char *rtype); +static const char *channel_rfwd_bind_host(const char *listen_host); /* non-blocking connect helpers */ static int connect_next(struct channel_connect *); @@ -210,6 +213,20 @@ channel_by_id(int id) return c; } +Channel * +channel_by_remote_id(int remote_id) +{ + Channel *c; + u_int i; + + for (i = 0; i < channels_alloc; i++) { + c = channels[i]; + if (c != NULL && c->remote_id == remote_id) + return c; + } + return NULL; +} + /* * Returns the channel if it is allowed to receive protocol messages. * Private channels, like listening sockets, may not receive messages. @@ -232,6 +249,7 @@ channel_lookup(int id) case SSH_CHANNEL_INPUT_DRAINING: case SSH_CHANNEL_OUTPUT_DRAINING: case SSH_CHANNEL_ABANDONED: + case SSH_CHANNEL_MUX_PROXY: return (c); } logit("Non-public channel %d, type %d.", id, c->type); @@ -247,9 +265,9 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage, int nonblock, int is_tty) { /* Update the maximum file descriptor value. */ - channel_max_fd = MAX(channel_max_fd, rfd); - channel_max_fd = MAX(channel_max_fd, wfd); - channel_max_fd = MAX(channel_max_fd, efd); + channel_max_fd = MAXIMUM(channel_max_fd, rfd); + channel_max_fd = MAXIMUM(channel_max_fd, wfd); + channel_max_fd = MAXIMUM(channel_max_fd, efd); if (rfd != -1) fcntl(rfd, F_SETFD, FD_CLOEXEC); @@ -373,9 +391,9 @@ channel_find_maxfd(void) for (i = 0; i < channels_alloc; i++) { c = channels[i]; if (c != NULL) { - max = MAX(max, c->rfd); - max = MAX(max, c->wfd); - max = MAX(max, c->efd); + max = MAXIMUM(max, c->rfd); + max = MAXIMUM(max, c->wfd); + max = MAXIMUM(max, c->efd); } } return max; @@ -411,14 +429,56 @@ channel_free(Channel *c) { char *s; u_int i, n; + Channel *other; struct channel_confirm *cc; - for (n = 0, i = 0; i < channels_alloc; i++) - if (channels[i]) + for (n = 0, i = 0; i < channels_alloc; i++) { + if ((other = channels[i]) != NULL) { n++; + + /* detach from mux client and prepare for closing */ + if (c->type == SSH_CHANNEL_MUX_CLIENT && + other->type == SSH_CHANNEL_MUX_PROXY && + other->mux_ctx == c) { + other->mux_ctx = NULL; + other->type = SSH_CHANNEL_OPEN; + other->istate = CHAN_INPUT_CLOSED; + other->ostate = CHAN_OUTPUT_CLOSED; + } + } + } debug("channel %d: free: %s, nchannels %u", c->self, c->remote_name ? c->remote_name : "???", n); + /* XXX more MUX cleanup: remove remote forwardings */ + if (c->type == SSH_CHANNEL_MUX_CLIENT) { + for (i = 0; i < (u_int)num_permitted_opens; i++) { + if (permitted_opens[i].downstream != c) + continue; + /* cancel on the server, since mux client is gone */ + debug("channel %d: cleanup remote forward for %s:%u", + c->self, + permitted_opens[i].listen_host, + permitted_opens[i].listen_port); + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("cancel-tcpip-forward"); + packet_put_char(0); + packet_put_cstring(channel_rfwd_bind_host( + permitted_opens[i].listen_host)); + packet_put_int(permitted_opens[i].listen_port); + packet_send(); + /* unregister */ + permitted_opens[i].listen_port = 0; + permitted_opens[i].port_to_connect = 0; + free(permitted_opens[i].host_to_connect); + permitted_opens[i].host_to_connect = NULL; + free(permitted_opens[i].listen_host); + permitted_opens[i].listen_host = NULL; + permitted_opens[i].listen_path = NULL; + permitted_opens[i].downstream = NULL; + } + } + s = channel_open_message(); debug3("channel %d: status: %s", c->self, s); free(s); @@ -564,6 +624,7 @@ channel_still_open(void) case SSH_CHANNEL_OPEN: case SSH_CHANNEL_X11_OPEN: case SSH_CHANNEL_MUX_CLIENT: + case SSH_CHANNEL_MUX_PROXY: return 1; case SSH_CHANNEL_INPUT_DRAINING: case SSH_CHANNEL_OUTPUT_DRAINING: @@ -597,6 +658,7 @@ channel_find_open(void) case SSH_CHANNEL_RPORT_LISTENER: case SSH_CHANNEL_MUX_LISTENER: case SSH_CHANNEL_MUX_CLIENT: + case SSH_CHANNEL_MUX_PROXY: case SSH_CHANNEL_OPENING: case SSH_CHANNEL_CONNECTING: case SSH_CHANNEL_ZOMBIE: @@ -622,7 +684,6 @@ channel_find_open(void) return -1; } - /* * Returns a message describing the currently open forwarded connections, * suitable for sending to the client. The message contains crlf pairs for @@ -651,7 +712,6 @@ channel_open_message(void) case SSH_CHANNEL_AUTH_SOCKET: case SSH_CHANNEL_ZOMBIE: case SSH_CHANNEL_ABANDONED: - case SSH_CHANNEL_MUX_CLIENT: case SSH_CHANNEL_MUX_LISTENER: case SSH_CHANNEL_UNIX_LISTENER: case SSH_CHANNEL_RUNIX_LISTENER: @@ -664,6 +724,8 @@ channel_open_message(void) case SSH_CHANNEL_X11_OPEN: case SSH_CHANNEL_INPUT_DRAINING: case SSH_CHANNEL_OUTPUT_DRAINING: + case SSH_CHANNEL_MUX_PROXY: + case SSH_CHANNEL_MUX_CLIENT: snprintf(buf, sizeof buf, " #%d %.300s (t%d r%d i%u/%d o%u/%d fd %d/%d cc %d)\r\n", c->self, c->remote_name, @@ -1914,7 +1976,7 @@ read_mux(Channel *c, u_int need) if (buffer_len(&c->input) < need) { rlen = need - buffer_len(&c->input); - len = read(c->rfd, buf, MIN(rlen, CHAN_RBUF)); + len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF)); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return buffer_len(&c->input); if (len <= 0) { @@ -2217,7 +2279,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, { u_int n, sz, nfdset; - n = MAX(*maxfdp, channel_max_fd); + n = MAXIMUM(*maxfdp, channel_max_fd); nfdset = howmany(n+1, NFDBITS); /* Explicitly test here, because xrealloc isn't always called */ @@ -2379,6 +2441,284 @@ channel_output_poll(void) return (packet_length); } +/* -- mux proxy support */ + +/* + * When multiplexing channel messages for mux clients we have to deal + * with downstream messages from the mux client and upstream messages + * from the ssh server: + * 1) Handling downstream messages is straightforward and happens + * in channel_proxy_downstream(): + * - We forward all messages (mostly) unmodified to the server. + * - However, in order to route messages from upstream to the correct + * downstream client, we have to replace the channel IDs used by the + * mux clients with a unique channel ID because the mux clients might + * use conflicting channel IDs. + * - so we inspect and change both SSH2_MSG_CHANNEL_OPEN and + * SSH2_MSG_CHANNEL_OPEN_CONFIRMATION messages, create a local + * SSH_CHANNEL_MUX_PROXY channel and replace the mux clients ID + * with the newly allocated channel ID. + * 2) Upstream messages are received by matching SSH_CHANNEL_MUX_PROXY + * channels and procesed by channel_proxy_upstream(). The local channel ID + * is then translated back to the original mux client ID. + * 3) In both cases we need to keep track of matching SSH2_MSG_CHANNEL_CLOSE + * messages so we can clean up SSH_CHANNEL_MUX_PROXY channels. + * 4) The SSH_CHANNEL_MUX_PROXY channels also need to closed when the + * downstream mux client are removed. + * 5) Handling SSH2_MSG_CHANNEL_OPEN messages from the upstream server + * requires more work, because they are not addressed to a specific + * channel. E.g. client_request_forwarded_tcpip() needs to figure + * out whether the request is addressed to the local client or a + * specific downstream client based on the listen-address/port. + * 6) Agent and X11-Forwarding have a similar problem and are currenly + * not supported as the matching session/channel cannot be identified + * easily. + */ + +/* + * receive packets from downstream mux clients: + * channel callback fired on read from mux client, creates + * SSH_CHANNEL_MUX_PROXY channels and translates channel IDs + * on channel creation. + */ +int +channel_proxy_downstream(Channel *downstream) +{ + Channel *c = NULL; + struct ssh *ssh = active_state; + struct sshbuf *original = NULL, *modified = NULL; + const u_char *cp; + char *ctype = NULL, *listen_host = NULL; + u_char type; + size_t have; + int ret = -1, r, idx; + u_int id, remote_id, listen_port; + + /* sshbuf_dump(&downstream->input, stderr); */ + if ((r = sshbuf_get_string_direct(&downstream->input, &cp, &have)) + != 0) { + error("%s: malformed message: %s", __func__, ssh_err(r)); + return -1; + } + if (have < 2) { + error("%s: short message", __func__); + return -1; + } + type = cp[1]; + /* skip padlen + type */ + cp += 2; + have -= 2; + if (ssh_packet_log_type(type)) + debug3("%s: channel %u: down->up: type %u", __func__, + downstream->self, type); + + switch (type) { + case SSH2_MSG_CHANNEL_OPEN: + if ((original = sshbuf_from(cp, have)) == NULL || + (modified = sshbuf_new()) == NULL) { + error("%s: alloc", __func__); + goto out; + } + if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0 || + (r = sshbuf_get_u32(original, &id)) != 0) { + error("%s: parse error %s", __func__, ssh_err(r)); + goto out; + } + c = channel_new("mux proxy", SSH_CHANNEL_MUX_PROXY, + -1, -1, -1, 0, 0, 0, ctype, 1); + c->mux_ctx = downstream; /* point to mux client */ + c->mux_downstream_id = id; /* original downstream id */ + if ((r = sshbuf_put_cstring(modified, ctype)) != 0 || + (r = sshbuf_put_u32(modified, c->self)) != 0 || + (r = sshbuf_putb(modified, original)) != 0) { + error("%s: compose error %s", __func__, ssh_err(r)); + channel_free(c); + goto out; + } + break; + case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION: + /* + * Almost the same as SSH2_MSG_CHANNEL_OPEN, except then we + * need to parse 'remote_id' instead of 'ctype'. + */ + if ((original = sshbuf_from(cp, have)) == NULL || + (modified = sshbuf_new()) == NULL) { + error("%s: alloc", __func__); + goto out; + } + if ((r = sshbuf_get_u32(original, &remote_id)) != 0 || + (r = sshbuf_get_u32(original, &id)) != 0) { + error("%s: parse error %s", __func__, ssh_err(r)); + goto out; + } + c = channel_new("mux proxy", SSH_CHANNEL_MUX_PROXY, + -1, -1, -1, 0, 0, 0, "mux-down-connect", 1); + c->mux_ctx = downstream; /* point to mux client */ + c->mux_downstream_id = id; + c->remote_id = remote_id; + if ((r = sshbuf_put_u32(modified, remote_id)) != 0 || + (r = sshbuf_put_u32(modified, c->self)) != 0 || + (r = sshbuf_putb(modified, original)) != 0) { + error("%s: compose error %s", __func__, ssh_err(r)); + channel_free(c); + goto out; + } + break; + case SSH2_MSG_GLOBAL_REQUEST: + if ((original = sshbuf_from(cp, have)) == NULL) { + error("%s: alloc", __func__); + goto out; + } + if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0) { + error("%s: parse error %s", __func__, ssh_err(r)); + goto out; + } + if (strcmp(ctype, "tcpip-forward") != 0) { + error("%s: unsupported request %s", __func__, ctype); + goto out; + } + if ((r = sshbuf_get_u8(original, NULL)) != 0 || + (r = sshbuf_get_cstring(original, &listen_host, NULL)) != 0 || + (r = sshbuf_get_u32(original, &listen_port)) != 0) { + error("%s: parse error %s", __func__, ssh_err(r)); + goto out; + } + if (listen_port > 65535) { + error("%s: tcpip-forward for %s: bad port %u", + __func__, listen_host, listen_port); + goto out; + } + /* Record that connection to this host/port is permitted. */ + permitted_opens = xreallocarray(permitted_opens, + num_permitted_opens + 1, sizeof(*permitted_opens)); + idx = num_permitted_opens++; + permitted_opens[idx].host_to_connect = xstrdup(""); + permitted_opens[idx].port_to_connect = -1; + permitted_opens[idx].listen_host = listen_host; + permitted_opens[idx].listen_port = (int)listen_port; + permitted_opens[idx].downstream = downstream; + listen_host = NULL; + break; + case SSH2_MSG_CHANNEL_CLOSE: + if (have < 4) + break; + remote_id = PEEK_U32(cp); + if ((c = channel_by_remote_id(remote_id)) != NULL) { + if (c->flags & CHAN_CLOSE_RCVD) + channel_free(c); + else + c->flags |= CHAN_CLOSE_SENT; + } + break; + } + if (modified) { + if ((r = sshpkt_start(ssh, type)) != 0 || + (r = sshpkt_putb(ssh, modified)) != 0 || + (r = sshpkt_send(ssh)) != 0) { + error("%s: send %s", __func__, ssh_err(r)); + goto out; + } + } else { + if ((r = sshpkt_start(ssh, type)) != 0 || + (r = sshpkt_put(ssh, cp, have)) != 0 || + (r = sshpkt_send(ssh)) != 0) { + error("%s: send %s", __func__, ssh_err(r)); + goto out; + } + } + ret = 0; + out: + free(ctype); + free(listen_host); + sshbuf_free(original); + sshbuf_free(modified); + return ret; +} + +/* + * receive packets from upstream server and de-multiplex packets + * to correct downstream: + * implemented as a helper for channel input handlers, + * replaces local (proxy) channel ID with downstream channel ID. + */ +int +channel_proxy_upstream(Channel *c, int type, u_int32_t seq, void *ctxt) +{ + struct ssh *ssh = active_state; + struct sshbuf *b = NULL; + Channel *downstream; + const u_char *cp = NULL; + size_t len; + int r; + + /* + * When receiving packets from the peer we need to check whether we + * need to forward the packets to the mux client. In this case we + * restore the orignal channel id and keep track of CLOSE messages, + * so we can cleanup the channel. + */ + if (c == NULL || c->type != SSH_CHANNEL_MUX_PROXY) + return 0; + if ((downstream = c->mux_ctx) == NULL) + return 0; + switch (type) { + case SSH2_MSG_CHANNEL_CLOSE: + case SSH2_MSG_CHANNEL_DATA: + case SSH2_MSG_CHANNEL_EOF: + case SSH2_MSG_CHANNEL_EXTENDED_DATA: + case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION: + case SSH2_MSG_CHANNEL_OPEN_FAILURE: + case SSH2_MSG_CHANNEL_WINDOW_ADJUST: + case SSH2_MSG_CHANNEL_SUCCESS: + case SSH2_MSG_CHANNEL_FAILURE: + case SSH2_MSG_CHANNEL_REQUEST: + break; + default: + debug2("%s: channel %u: unsupported type %u", __func__, + c->self, type); + return 0; + } + if ((b = sshbuf_new()) == NULL) { + error("%s: alloc reply", __func__); + goto out; + } + /* get remaining payload (after id) */ + cp = sshpkt_ptr(ssh, &len); + if (cp == NULL) { + error("%s: no packet", __func__); + goto out; + } + /* translate id and send to muxclient */ + if ((r = sshbuf_put_u8(b, 0)) != 0 || /* padlen */ + (r = sshbuf_put_u8(b, type)) != 0 || + (r = sshbuf_put_u32(b, c->mux_downstream_id)) != 0 || + (r = sshbuf_put(b, cp, len)) != 0 || + (r = sshbuf_put_stringb(&downstream->output, b)) != 0) { + error("%s: compose for muxclient %s", __func__, ssh_err(r)); + goto out; + } + /* sshbuf_dump(b, stderr); */ + if (ssh_packet_log_type(type)) + debug3("%s: channel %u: up->down: type %u", __func__, c->self, + type); + out: + /* update state */ + switch (type) { + case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION: + /* record remote_id for SSH2_MSG_CHANNEL_CLOSE */ + if (cp && len > 4) + c->remote_id = PEEK_U32(cp); + break; + case SSH2_MSG_CHANNEL_CLOSE: + if (c->flags & CHAN_CLOSE_SENT) + channel_free(c); + else + c->flags |= CHAN_CLOSE_RCVD; + break; + } + sshbuf_free(b); + return 1; +} /* -- protocol input */ @@ -2396,6 +2736,8 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) c = channel_lookup(id); if (c == NULL) packet_disconnect("Received data for nonexistent channel %d.", id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; /* Ignore any data for non-open channels (might happen on close) */ if (c->type != SSH_CHANNEL_OPEN && @@ -2458,6 +2800,8 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) if (c == NULL) packet_disconnect("Received extended_data for bad channel %d.", id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; if (c->type != SSH_CHANNEL_OPEN) { logit("channel %d: ext data for non open", id); return 0; @@ -2503,6 +2847,8 @@ channel_input_ieof(int type, u_int32_t seq, void *ctxt) c = channel_lookup(id); if (c == NULL) packet_disconnect("Received ieof for nonexistent channel %d.", id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; chan_rcvd_ieof(c); /* XXX force input close */ @@ -2527,7 +2873,8 @@ channel_input_close(int type, u_int32_t seq, void *ctxt) c = channel_lookup(id); if (c == NULL) packet_disconnect("Received close for nonexistent channel %d.", id); - + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; /* * Send a confirmation that we have closed the channel and no more * data is coming for it. @@ -2562,9 +2909,11 @@ channel_input_oclose(int type, u_int32_t seq, void *ctxt) int id = packet_get_int(); Channel *c = channel_lookup(id); - packet_check_eom(); if (c == NULL) packet_disconnect("Received oclose for nonexistent channel %d.", id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; + packet_check_eom(); chan_rcvd_oclose(c); return 0; } @@ -2576,10 +2925,12 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) int id = packet_get_int(); Channel *c = channel_lookup(id); - packet_check_eom(); if (c == NULL) packet_disconnect("Received close confirmation for " "out-of-range channel %d.", id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; + packet_check_eom(); if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED) packet_disconnect("Received close confirmation for " "non-closed channel %d (type %d).", id, c->type); @@ -2597,7 +2948,12 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) id = packet_get_int(); c = channel_lookup(id); - if (c==NULL || c->type != SSH_CHANNEL_OPENING) + if (c==NULL) + packet_disconnect("Received open confirmation for " + "unknown channel %d.", id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; + if (c->type != SSH_CHANNEL_OPENING) packet_disconnect("Received open confirmation for " "non-opening channel %d.", id); remote_id = packet_get_int(); @@ -2647,7 +3003,12 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) id = packet_get_int(); c = channel_lookup(id); - if (c==NULL || c->type != SSH_CHANNEL_OPENING) + if (c==NULL) + packet_disconnect("Received open failure for " + "unknown channel %d.", id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; + if (c->type != SSH_CHANNEL_OPENING) packet_disconnect("Received open failure for " "non-opening channel %d.", id); if (compat20) { @@ -2691,6 +3052,8 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) logit("Received window adjust for non-open channel %d.", id); return 0; } + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; adjust = packet_get_int(); packet_check_eom(); debug2("channel %d: rcvd adjust %u", id, adjust); @@ -2745,14 +3108,15 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) packet_set_alive_timeouts(0); id = packet_get_int(); - packet_check_eom(); - debug2("channel_input_status_confirm: type %d id %d", type, id); if ((c = channel_lookup(id)) == NULL) { logit("channel_input_status_confirm: %d: unknown", id); return 0; } + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; + packet_check_eom(); if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL) return 0; cc->cb(type, c, cc->ctx); @@ -3313,6 +3677,7 @@ channel_request_remote_forwarding(struct Forward *fwd) permitted_opens[idx].listen_path = NULL; permitted_opens[idx].listen_port = fwd->listen_port; } + permitted_opens[idx].downstream = NULL; } return (idx); } @@ -3408,6 +3773,7 @@ channel_request_rforward_cancel_tcpip(const char *host, u_short port) free(permitted_opens[i].listen_host); permitted_opens[i].listen_host = NULL; permitted_opens[i].listen_path = NULL; + permitted_opens[i].downstream = NULL; return 0; } @@ -3445,6 +3811,7 @@ channel_request_rforward_cancel_streamlocal(const char *path) permitted_opens[i].listen_host = NULL; free(permitted_opens[i].listen_path); permitted_opens[i].listen_path = NULL; + permitted_opens[i].downstream = NULL; return 0; } @@ -3464,43 +3831,6 @@ channel_request_rforward_cancel(struct Forward *fwd) } } -/* - * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates - * listening for the port, and sends back a success reply (or disconnect - * message if there was an error). - */ -int -channel_input_port_forward_request(int is_root, struct ForwardOptions *fwd_opts) -{ - int success = 0; - struct Forward fwd; - - /* Get arguments from the packet. */ - memset(&fwd, 0, sizeof(fwd)); - fwd.listen_port = packet_get_int(); - fwd.connect_host = packet_get_string(NULL); - fwd.connect_port = packet_get_int(); - - /* - * Check that an unprivileged user is not trying to forward a - * privileged port. - */ - if (fwd.listen_port < IPPORT_RESERVED && !is_root) - packet_disconnect( - "Requested forwarding of port %d but user is not root.", - fwd.listen_port); - if (fwd.connect_port == 0) - packet_disconnect("Dynamic forwarding denied."); - - /* Initiate forwarding */ - success = channel_setup_local_fwd_listener(&fwd, fwd_opts); - - /* Free the argument string. */ - free(fwd.connect_host); - - return (success ? 0 : -1); -} - /* * Permits opening to any host/port if permitted_opens[] is empty. This is * usually called by the server, because the user could connect to any port @@ -3525,6 +3855,7 @@ channel_add_permitted_opens(char *host, int port) permitted_opens[num_permitted_opens].listen_host = NULL; permitted_opens[num_permitted_opens].listen_path = NULL; permitted_opens[num_permitted_opens].listen_port = 0; + permitted_opens[num_permitted_opens].downstream = NULL; num_permitted_opens++; all_opens_permitted = 0; @@ -3656,7 +3987,7 @@ connect_next(struct channel_connect *cctx) { int sock, saved_errno; struct sockaddr_un *sunaddr; - char ntop[NI_MAXHOST], strport[MAX(NI_MAXSERV,sizeof(sunaddr->sun_path))]; + char ntop[NI_MAXHOST], strport[MAXIMUM(NI_MAXSERV,sizeof(sunaddr->sun_path))]; for (; cctx->ai; cctx->ai = cctx->ai->ai_next) { switch (cctx->ai->ai_family) { @@ -3787,6 +4118,10 @@ connect_to(const char *name, int port, const char *ctype, const char *rname) return c; } +/* + * returns either the newly connected channel or the downstream channel + * that needs to deal with this connection. + */ Channel * channel_connect_by_listen_address(const char *listen_host, u_short listen_port, const char *ctype, char *rname) @@ -3796,6 +4131,8 @@ channel_connect_by_listen_address(const char *listen_host, for (i = 0; i < num_permitted_opens; i++) { if (open_listen_match_tcpip(&permitted_opens[i], listen_host, listen_port, 1)) { + if (permitted_opens[i].downstream) + return permitted_opens[i].downstream; return connect_to( permitted_opens[i].host_to_connect, permitted_opens[i].port_to_connect, ctype, rname); @@ -4214,7 +4551,6 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, char *new_data; int screen_number; const char *cp; - u_int32_t rnd = 0; if (x11_saved_display == NULL) x11_saved_display = xstrdup(disp); @@ -4235,23 +4571,20 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, if (x11_saved_proto == NULL) { /* Save protocol name. */ x11_saved_proto = xstrdup(proto); - /* - * Extract real authentication data and generate fake data - * of the same length. - */ + + /* Extract real authentication data. */ x11_saved_data = xmalloc(data_len); - x11_fake_data = xmalloc(data_len); for (i = 0; i < data_len; i++) { if (sscanf(data + 2 * i, "%2x", &value) != 1) fatal("x11_request_forwarding: bad " "authentication data: %.100s", data); - if (i % 4 == 0) - rnd = arc4random(); x11_saved_data[i] = value; - x11_fake_data[i] = rnd & 0xff; - rnd >>= 8; } x11_saved_data_len = data_len; + + /* Generate fake data of the same length. */ + x11_fake_data = xmalloc(data_len); + arc4random_buf(x11_fake_data, data_len); x11_fake_data_len = data_len; } diff --git a/crypto/external/bsd/openssh/dist/channels.h b/crypto/external/bsd/openssh/dist/channels.h index 54be9d0ffc5d..2b889c8f2c6e 100644 --- a/crypto/external/bsd/openssh/dist/channels.h +++ b/crypto/external/bsd/openssh/dist/channels.h @@ -1,5 +1,5 @@ -/* $NetBSD: channels.h,v 1.11 2015/07/03 00:59:59 christos Exp $ */ -/* $OpenBSD: channels.h,v 1.118 2015/07/01 02:26:31 djm Exp $ */ +/* $NetBSD: channels.h,v 1.12 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: channels.h,v 1.120 2016/10/18 17:32:54 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -59,7 +59,8 @@ #define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */ #define SSH_CHANNEL_UNIX_LISTENER 18 /* Listening on a domain socket. */ #define SSH_CHANNEL_RUNIX_LISTENER 19 /* Listening to a R-style domain socket. */ -#define SSH_CHANNEL_MAX_TYPE 20 +#define SSH_CHANNEL_MUX_PROXY 20 /* proxy channel for mux-slave */ +#define SSH_CHANNEL_MAX_TYPE 21 #define CHANNEL_CANCEL_PORT_STATIC -1 @@ -162,6 +163,7 @@ struct Channel { mux_callback_fn *mux_rcb; void *mux_ctx; int mux_pause; + int mux_downstream_id; }; #define CHAN_EXTENDED_IGNORE 0 @@ -211,6 +213,7 @@ struct Channel { /* channel management */ Channel *channel_by_id(int); +Channel *channel_by_remote_id(int); Channel *channel_lookup(int); Channel *channel_new(const char *, int, int, int, int, u_int, u_int, int, const char *, int); @@ -231,6 +234,11 @@ void channel_cancel_cleanup(int); int channel_close_fd(int *); void channel_send_window_changes(void); +/* mux proxy support */ + +int channel_proxy_downstream(Channel *mc); +int channel_proxy_upstream(Channel *, int, u_int32_t, void *); + /* protocol handler */ int channel_input_close(int, u_int32_t, void *); @@ -270,7 +278,6 @@ void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); -int channel_input_port_forward_request(int, struct ForwardOptions *); Channel *channel_connect_to_port(const char *, u_short, const char *, const char *); Channel *channel_connect_to_path(const char *, const char *, const char *); Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); diff --git a/crypto/external/bsd/openssh/dist/cipher-3des1.c b/crypto/external/bsd/openssh/dist/cipher-3des1.c index 3b75f8dc0a68..7a3d55a1657a 100644 --- a/crypto/external/bsd/openssh/dist/cipher-3des1.c +++ b/crypto/external/bsd/openssh/dist/cipher-3des1.c @@ -1,4 +1,4 @@ -/* $NetBSD: cipher-3des1.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: cipher-3des1.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -20,7 +20,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: cipher-3des1.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: cipher-3des1.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/cipher-bf1.c b/crypto/external/bsd/openssh/dist/cipher-bf1.c index ecb0c8e996bc..b8ef807b04d1 100644 --- a/crypto/external/bsd/openssh/dist/cipher-bf1.c +++ b/crypto/external/bsd/openssh/dist/cipher-bf1.c @@ -1,4 +1,4 @@ -/* $NetBSD: cipher-bf1.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: cipher-bf1.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: cipher-bf1.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -20,7 +20,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: cipher-bf1.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: cipher-bf1.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/cipher-chachapoly.c b/crypto/external/bsd/openssh/dist/cipher-chachapoly.c index 16b26a240c56..c08adcb084a0 100644 --- a/crypto/external/bsd/openssh/dist/cipher-chachapoly.c +++ b/crypto/external/bsd/openssh/dist/cipher-chachapoly.c @@ -14,10 +14,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: cipher-chachapoly.c,v 1.6 2014/07/03 12:42:16 jsing Exp $ */ -/* $OpenBSD: cipher-chachapoly.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ +/* $OpenBSD: cipher-chachapoly.c,v 1.8 2016/08/03 05:41:57 djm Exp $ */ #include "includes.h" -__RCSID("$NetBSD: cipher-chachapoly.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: cipher-chachapoly.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include #include /* needed for log.h */ @@ -29,7 +28,8 @@ __RCSID("$NetBSD: cipher-chachapoly.c,v 1.3 2015/04/03 23:58:19 christos Exp $") #include "ssherr.h" #include "cipher-chachapoly.h" -int chachapoly_init(struct chachapoly_ctx *ctx, +int +chachapoly_init(struct chachapoly_ctx *ctx, const u_char *key, u_int keylen) { if (keylen != (32 + 32)) /* 2 x 256 bit keys */ diff --git a/crypto/external/bsd/openssh/dist/cipher-ctr-mt.c b/crypto/external/bsd/openssh/dist/cipher-ctr-mt.c index a56f788497cb..6e620492bc87 100644 --- a/crypto/external/bsd/openssh/dist/cipher-ctr-mt.c +++ b/crypto/external/bsd/openssh/dist/cipher-ctr-mt.c @@ -1,4 +1,4 @@ -/* $NetBSD: cipher-ctr-mt.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: cipher-ctr-mt.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* * OpenSSH Multi-threaded AES-CTR Cipher * diff --git a/crypto/external/bsd/openssh/dist/cipher.c b/crypto/external/bsd/openssh/dist/cipher.c index 27d038f435e7..4846a83a63a8 100644 --- a/crypto/external/bsd/openssh/dist/cipher.c +++ b/crypto/external/bsd/openssh/dist/cipher.c @@ -1,5 +1,5 @@ -/* $NetBSD: cipher.c,v 1.8 2016/03/11 01:55:00 christos Exp $ */ -/* $OpenBSD: cipher.c,v 1.101 2015/12/10 17:08:40 mmcc Exp $ */ +/* $NetBSD: cipher.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: cipher.c,v 1.102 2016/08/03 05:41:57 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: cipher.c,v 1.8 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: cipher.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include @@ -57,6 +57,15 @@ extern const EVP_CIPHER *evp_ssh1_3des(void); extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); #endif +struct sshcipher_ctx { + int plaintext; + int encrypt; + EVP_CIPHER_CTX *evp; + struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ + const struct sshcipher *cipher; +}; + struct sshcipher { const char *name; int number; /* for ssh1 only */ @@ -201,6 +210,18 @@ cipher_is_cbc(const struct sshcipher *c) return (c->flags & CFLAG_CBC) != 0; } +u_int +cipher_ctx_is_plaintext(struct sshcipher_ctx *cc) +{ + return cc->plaintext; +} + +u_int +cipher_ctx_get_number(struct sshcipher_ctx *cc) +{ + return cc->cipher->number; +} + u_int cipher_mask_ssh1(int client) { @@ -294,65 +315,81 @@ cipher_warning_message(const struct sshcipher_ctx *cc) } int -cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, +cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { -#ifdef WITH_OPENSSL + struct sshcipher_ctx *cc = NULL; int ret = SSH_ERR_INTERNAL_ERROR; +#ifdef WITH_OPENSSL const EVP_CIPHER *type; int klen; u_char *junk, *discard; +#endif + + *ccp = NULL; + if ((cc = calloc(sizeof(*cc), 1)) == NULL) + return SSH_ERR_ALLOC_FAIL; if (cipher->number == SSH_CIPHER_DES) { if (keylen > 8) keylen = 8; } -#endif + cc->plaintext = (cipher->number == SSH_CIPHER_NONE); cc->encrypt = do_encrypt; if (keylen < cipher->key_len || - (iv != NULL && ivlen < cipher_ivlen(cipher))) - return SSH_ERR_INVALID_ARGUMENT; + (iv != NULL && ivlen < cipher_ivlen(cipher))) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; + } cc->cipher = cipher; if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { - return chachapoly_init(&cc->cp_ctx, key, keylen); + ret = chachapoly_init(&cc->cp_ctx, key, keylen); + goto out; } #ifndef WITH_OPENSSL if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); aesctr_ivsetup(&cc->ac_ctx, iv); - return 0; + ret = 0; + goto out; } - if ((cc->cipher->flags & CFLAG_NONE) != 0) - return 0; - return SSH_ERR_INVALID_ARGUMENT; -#else + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + ret = 0; + goto out; + } + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; +#else /* WITH_OPENSSL */ type = (*cipher->evptype)(); - EVP_CIPHER_CTX_init(&cc->evp); - if (EVP_CipherInit(&cc->evp, type, NULL, __UNCONST(iv), + if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (EVP_CipherInit(cc->evp, type, NULL, (const u_char *)iv, (do_encrypt == CIPHER_ENCRYPT)) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; - goto bad; + goto out; } if (cipher_authlen(cipher) && - !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, + !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, __UNCONST(iv))) { ret = SSH_ERR_LIBCRYPTO_ERROR; - goto bad; + goto out; } - klen = EVP_CIPHER_CTX_key_length(&cc->evp); + klen = EVP_CIPHER_CTX_key_length(cc->evp); if (klen > 0 && keylen != (u_int)klen) { - if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) { + if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; - goto bad; + goto out; } } - if (EVP_CipherInit(&cc->evp, NULL, __UNCONST(key), NULL, -1) == 0) { + if (EVP_CipherInit(cc->evp, NULL, __UNCONST(key), NULL, -1) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; - goto bad; + goto out; } if (cipher->discard_len > 0) { @@ -360,21 +397,34 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, (discard = malloc(cipher->discard_len)) == NULL) { free(junk); ret = SSH_ERR_ALLOC_FAIL; - goto bad; + goto out; } - ret = EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len); + ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len); explicit_bzero(discard, cipher->discard_len); free(junk); free(discard); if (ret != 1) { ret = SSH_ERR_LIBCRYPTO_ERROR; - bad: - EVP_CIPHER_CTX_cleanup(&cc->evp); - return ret; + goto out; } } -#endif - return 0; + ret = 0; +#endif /* WITH_OPENSSL */ + out: + if (ret == 0) { + /* success */ + *ccp = cc; + } else { + if (cc != NULL) { +#ifdef WITH_OPENSSL + if (cc->evp != NULL) + EVP_CIPHER_CTX_free(cc->evp); +#endif /* WITH_OPENSSL */ + explicit_bzero(cc, sizeof(*cc)); + free(cc); + } + } + return ret; } /* @@ -415,33 +465,33 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, if (authlen != cipher_authlen(cc->cipher)) return SSH_ERR_INVALID_ARGUMENT; /* increment IV */ - if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, + if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) return SSH_ERR_LIBCRYPTO_ERROR; /* set tag on decyption */ if (!cc->encrypt && - !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG, + !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, authlen, __UNCONST(src + aadlen + len))) return SSH_ERR_LIBCRYPTO_ERROR; } if (aadlen) { if (authlen && - EVP_Cipher(&cc->evp, NULL, (const u_char *)src, aadlen) < 0) + EVP_Cipher(cc->evp, NULL, (const u_char *)src, aadlen) < 0) return SSH_ERR_LIBCRYPTO_ERROR; memcpy(dest, src, aadlen); } if (len % cc->cipher->block_size) return SSH_ERR_INVALID_ARGUMENT; - if (EVP_Cipher(&cc->evp, dest + aadlen, (const u_char *)src + aadlen, + if (EVP_Cipher(cc->evp, dest + aadlen, (const u_char *)src + aadlen, len) < 0) return SSH_ERR_LIBCRYPTO_ERROR; if (authlen) { /* compute tag (on encrypt) or verify tag (on decrypt) */ - if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) + if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0) return cc->encrypt ? SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID; if (cc->encrypt && - !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, + !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, dest + aadlen + len)) return SSH_ERR_LIBCRYPTO_ERROR; } @@ -463,20 +513,23 @@ cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr, return 0; } -int -cipher_cleanup(struct sshcipher_ctx *cc) +void +cipher_free(struct sshcipher_ctx *cc) { - if (cc == NULL || cc->cipher == NULL) - return 0; + if (cc == NULL) + return; if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); #ifdef WITH_OPENSSL - else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) - return SSH_ERR_LIBCRYPTO_ERROR; + if (cc->evp != NULL) { + EVP_CIPHER_CTX_free(cc->evp); + cc->evp = NULL; + } #endif - return 0; + explicit_bzero(cc, sizeof(*cc)); + free(cc); } /* @@ -484,8 +537,8 @@ cipher_cleanup(struct sshcipher_ctx *cc) * passphrase and using the resulting 16 bytes as the key. */ int -cipher_set_key_string(struct sshcipher_ctx *cc, const struct sshcipher *cipher, - const char *passphrase, int do_encrypt) +cipher_set_key_string(struct sshcipher_ctx **ccp, + const struct sshcipher *cipher, const char *passphrase, int do_encrypt) { u_char digest[16]; int r = SSH_ERR_INTERNAL_ERROR; @@ -495,7 +548,7 @@ cipher_set_key_string(struct sshcipher_ctx *cc, const struct sshcipher *cipher, digest, sizeof(digest))) != 0) goto out; - r = cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); + r = cipher_init(ccp, cipher, digest, 16, NULL, 0, do_encrypt); out: explicit_bzero(digest, sizeof(digest)); return r; @@ -520,7 +573,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc) ivlen = sizeof(cc->ac_ctx.ctr); #ifdef WITH_OPENSSL else - ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); + ivlen = EVP_CIPHER_CTX_iv_length(cc->evp); #endif /* WITH_OPENSSL */ return (ivlen); } @@ -553,7 +606,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); if (evplen == 0) return 0; else if (evplen < 0) @@ -561,16 +614,16 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) if ((u_int)evplen != len) return SSH_ERR_INVALID_ARGUMENT; if (cipher_authlen(c)) { - if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, + if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else - memcpy(iv, cc->evp.iv, len); + memcpy(iv, cc->evp->iv, len); break; #endif #ifdef WITH_SSH1 case SSH_CIPHER_3DES: - return ssh1_3des_iv(&cc->evp, 0, iv, 24); + return ssh1_3des_iv(cc->evp, 0, iv, 24); #endif default: return SSH_ERR_INVALID_ARGUMENT; @@ -597,21 +650,21 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); if (evplen <= 0) return SSH_ERR_LIBCRYPTO_ERROR; if (cipher_authlen(c)) { /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ - if (!EVP_CIPHER_CTX_ctrl(&cc->evp, + if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, __UNCONST(iv))) return SSH_ERR_LIBCRYPTO_ERROR; } else - memcpy(cc->evp.iv, iv, evplen); + memcpy(cc->evp->iv, iv, evplen); break; #endif #ifdef WITH_SSH1 case SSH_CIPHER_3DES: - return ssh1_3des_iv(&cc->evp, 1, __UNCONST(iv), 24); + return ssh1_3des_iv(cc->evp, 1, __UNCONST(iv), 24); #endif default: return SSH_ERR_INVALID_ARGUMENT; @@ -620,8 +673,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) } #ifdef WITH_OPENSSL -#define EVP_X_STATE(evp) (evp).cipher_data -#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size +#define EVP_X_STATE(evp) (evp)->cipher_data +#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size #endif int diff --git a/crypto/external/bsd/openssh/dist/cipher.h b/crypto/external/bsd/openssh/dist/cipher.h index 8dd99977d5c3..ff5384bcfbb4 100644 --- a/crypto/external/bsd/openssh/dist/cipher.h +++ b/crypto/external/bsd/openssh/dist/cipher.h @@ -1,5 +1,5 @@ -/* $NetBSD: cipher.h,v 1.8 2015/08/13 10:33:21 christos Exp $ */ -/* $OpenBSD: cipher.h,v 1.48 2015/07/08 19:09:25 markus Exp $ */ +/* $NetBSD: cipher.h,v 1.9 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: cipher.h,v 1.49 2016/08/03 05:41:57 djm Exp $ */ /* * Author: Tatu Ylonen @@ -64,14 +64,7 @@ #define CIPHER_DECRYPT 0 struct sshcipher; -struct sshcipher_ctx { - int plaintext; - int encrypt; - EVP_CIPHER_CTX evp; - struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ - struct aesctr_ctx ac_ctx; /* XXX union with evp? */ - const struct sshcipher *cipher; -}; +struct sshcipher_ctx; u_int cipher_mask_ssh1(int); const struct sshcipher *cipher_by_name(const char *); @@ -81,15 +74,15 @@ const char *cipher_name(int); const char *cipher_warning_message(const struct sshcipher_ctx *); int ciphers_valid(const char *); char *cipher_alg_list(char, int); -int cipher_init(struct sshcipher_ctx *, const struct sshcipher *, +int cipher_init(struct sshcipher_ctx **, const struct sshcipher *, const u_char *, u_int, const u_char *, u_int, int); int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *, u_int, u_int, u_int); int cipher_get_length(struct sshcipher_ctx *, u_int *, u_int, const u_char *, u_int); -int cipher_cleanup(struct sshcipher_ctx *); -int cipher_set_key_string(struct sshcipher_ctx *, const struct sshcipher *, - const char *, int); +void cipher_free(struct sshcipher_ctx *); +int cipher_set_key_string(struct sshcipher_ctx **, + const struct sshcipher *, const char *, int); u_int cipher_blocksize(const struct sshcipher *); u_int cipher_keylen(const struct sshcipher *); u_int cipher_seclen(const struct sshcipher *); @@ -97,10 +90,14 @@ u_int cipher_authlen(const struct sshcipher *); u_int cipher_ivlen(const struct sshcipher *); u_int cipher_is_cbc(const struct sshcipher *); +u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *); +u_int cipher_ctx_get_number(struct sshcipher_ctx *); + u_int cipher_get_number(const struct sshcipher *); int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int); int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *); int cipher_get_keyiv_len(const struct sshcipher_ctx *); int cipher_get_keycontext(const struct sshcipher_ctx *, u_char *); void cipher_set_keycontext(struct sshcipher_ctx *, const u_char *); + #endif /* CIPHER_H */ diff --git a/crypto/external/bsd/openssh/dist/cleanup.c b/crypto/external/bsd/openssh/dist/cleanup.c index 60faea5e951f..9050a9b83715 100644 --- a/crypto/external/bsd/openssh/dist/cleanup.c +++ b/crypto/external/bsd/openssh/dist/cleanup.c @@ -1,4 +1,4 @@ -/* $NetBSD: cleanup.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: cleanup.c,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2003 Markus Friedl diff --git a/crypto/external/bsd/openssh/dist/clientloop.c b/crypto/external/bsd/openssh/dist/clientloop.c index 1c58cbd3826f..5f217cd010d2 100644 --- a/crypto/external/bsd/openssh/dist/clientloop.c +++ b/crypto/external/bsd/openssh/dist/clientloop.c @@ -1,5 +1,6 @@ -/* $NetBSD: clientloop.c,v 1.19 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */ +/* $NetBSD: clientloop.c,v 1.20 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -61,9 +62,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: clientloop.c,v 1.19 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: clientloop.c,v 1.20 2016/12/25 00:07:47 christos Exp $"); -#include /* MIN MAX */ #include #include #include @@ -308,7 +308,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; static char proto[512], data[512]; FILE *f; - int got_data = 0, generated = 0, do_unlink = 0, i, r; + int got_data = 0, generated = 0, do_unlink = 0, r; struct stat st; u_int now, x11_timeout_real; @@ -435,17 +435,16 @@ client_x11_get_proto(const char *display, const char *xauth_path, * for the local connection. */ if (!got_data) { - u_int32_t rnd = 0; + u_int8_t rnd[16]; + u_int i; logit("Warning: No xauth data; " "using fake authentication data for X11 forwarding."); strlcpy(proto, SSH_X11_PROTO, sizeof proto); - for (i = 0; i < 16; i++) { - if (i % 4 == 0) - rnd = arc4random(); + arc4random_buf(rnd, sizeof(rnd)); + for (i = 0; i < sizeof(rnd); i++) { snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", - rnd & 0xff); - rnd >>= 8; + rnd[i]); } } @@ -671,16 +670,16 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, server_alive_time = now + options.server_alive_interval; } if (options.rekey_interval > 0 && compat20 && !rekeying) - timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout()); + timeout_secs = MINIMUM(timeout_secs, packet_get_rekey_timeout()); set_control_persist_exit_time(); if (control_persist_exit_time > 0) { - timeout_secs = MIN(timeout_secs, + timeout_secs = MINIMUM(timeout_secs, control_persist_exit_time - now); if (timeout_secs < 0) timeout_secs = 0; } if (minwait_secs != 0) - timeout_secs = MIN(timeout_secs, (int)minwait_secs); + timeout_secs = MINIMUM(timeout_secs, (int)minwait_secs); if (timeout_secs == INT_MAX) tvp = NULL; else { @@ -1551,7 +1550,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) buffer_high = 64 * 1024; connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); - max_fd = MAX(connection_in, connection_out); + max_fd = MAXIMUM(connection_in, connection_out); if (!compat20) { /* enable nonblocking unless tty */ @@ -1561,9 +1560,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) set_nonblock(fileno(stdout)); if (!isatty(fileno(stderr))) set_nonblock(fileno(stderr)); - max_fd = MAX(max_fd, fileno(stdin)); - max_fd = MAX(max_fd, fileno(stdout)); - max_fd = MAX(max_fd, fileno(stderr)); + max_fd = MAXIMUM(max_fd, fileno(stdin)); + max_fd = MAXIMUM(max_fd, fileno(stdout)); + max_fd = MAXIMUM(max_fd, fileno(stderr)); } quit_pending = 0; escape_char1 = escape_char_arg; @@ -1883,11 +1882,14 @@ client_input_agent_open(int type, u_int32_t seq, void *ctxt) } static Channel * -client_request_forwarded_tcpip(const char *request_type, int rchan) +client_request_forwarded_tcpip(const char *request_type, int rchan, + u_int rwindow, u_int rmaxpack) { Channel *c = NULL; + struct sshbuf *b = NULL; char *listen_address, *originator_address; u_short listen_port, originator_port; + int r; /* Get rest of the packet */ listen_address = packet_get_string(NULL); @@ -1902,6 +1904,31 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) c = channel_connect_by_listen_address(listen_address, listen_port, "forwarded-tcpip", originator_address); + if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { + if ((b = sshbuf_new()) == NULL) { + error("%s: alloc reply", __func__); + goto out; + } + /* reconstruct and send to muxclient */ + if ((r = sshbuf_put_u8(b, 0)) != 0 || /* padlen */ + (r = sshbuf_put_u8(b, SSH2_MSG_CHANNEL_OPEN)) != 0 || + (r = sshbuf_put_cstring(b, request_type)) != 0 || + (r = sshbuf_put_u32(b, rchan)) != 0 || + (r = sshbuf_put_u32(b, rwindow)) != 0 || + (r = sshbuf_put_u32(b, rmaxpack)) != 0 || + (r = sshbuf_put_cstring(b, listen_address)) != 0 || + (r = sshbuf_put_u32(b, listen_port)) != 0 || + (r = sshbuf_put_cstring(b, originator_address)) != 0 || + (r = sshbuf_put_u32(b, originator_port)) != 0 || + (r = sshbuf_put_stringb(&c->output, b)) != 0) { + error("%s: compose for muxclient %s", __func__, + ssh_err(r)); + goto out; + } + } + + out: + sshbuf_free(b); free(originator_address); free(listen_address); return c; @@ -2067,7 +2094,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) ctype, rchan, rwindow, rmaxpack); if (strcmp(ctype, "forwarded-tcpip") == 0) { - c = client_request_forwarded_tcpip(ctype, rchan); + c = client_request_forwarded_tcpip(ctype, rchan, rwindow, + rmaxpack); } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { c = client_request_forwarded_streamlocal(ctype, rchan); } else if (strcmp(ctype, "x11") == 0) { @@ -2075,8 +2103,9 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { c = client_request_agent(ctype, rchan); } -/* XXX duplicate : */ - if (c != NULL) { + if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { + debug3("proxied to downstream: %s", ctype); + } else if (c != NULL) { debug("confirm %s", ctype); c->remote_id = rchan; c->remote_window = rwindow; @@ -2112,6 +2141,9 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) char *rtype; id = packet_get_int(); + c = channel_lookup(id); + if (channel_proxy_upstream(c, type, seq, ctxt)) + return 0; rtype = packet_get_string(NULL); reply = packet_get_char(); @@ -2120,7 +2152,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) if (id == -1) { error("client_input_channel_req: request for channel -1"); - } else if ((c = channel_lookup(id)) == NULL) { + } else if (c == NULL) { error("client_input_channel_req: channel %d: " "unknown channel", id); } else if (strcmp(rtype, "eow@openssh.com") == 0) { diff --git a/crypto/external/bsd/openssh/dist/clientloop.h b/crypto/external/bsd/openssh/dist/clientloop.h index 008b946c8b71..9bbb69cb0920 100644 --- a/crypto/external/bsd/openssh/dist/clientloop.h +++ b/crypto/external/bsd/openssh/dist/clientloop.h @@ -1,5 +1,5 @@ -/* $NetBSD: clientloop.h,v 1.12 2016/03/11 01:55:00 christos Exp $ */ -/* $OpenBSD: clientloop.h,v 1.32 2016/01/13 23:04:47 djm Exp $ */ +/* $NetBSD: clientloop.h,v 1.13 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: clientloop.h,v 1.33 2016/09/30 09:19:13 markus Exp $ */ /* * Author: Tatu Ylonen @@ -72,9 +72,10 @@ void client_expect_confirm(int, const char *, enum confirm_action); #define SSHMUX_COMMAND_FORWARD 5 /* Forward only, no command */ #define SSHMUX_COMMAND_STOP 6 /* Disable mux but not conn */ #define SSHMUX_COMMAND_CANCEL_FWD 7 /* Cancel forwarding(s) */ +#define SSHMUX_COMMAND_PROXY 8 /* Open new connection */ void muxserver_listen(void); -void muxclient(const char *); +int muxclient(const char *); void mux_exit_message(Channel *, int); void mux_tty_alloc_failed(Channel *); diff --git a/crypto/external/bsd/openssh/dist/compat.c b/crypto/external/bsd/openssh/dist/compat.c index ab6f9a02ef03..e14238e7d747 100644 --- a/crypto/external/bsd/openssh/dist/compat.c +++ b/crypto/external/bsd/openssh/dist/compat.c @@ -1,4 +1,4 @@ -/* $NetBSD: compat.c,v 1.14 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: compat.c,v 1.15 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: compat.c,v 1.14 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: compat.c,v 1.15 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/compat.h b/crypto/external/bsd/openssh/dist/compat.h index a423a1aa2d9b..0ed4d9bc85d1 100644 --- a/crypto/external/bsd/openssh/dist/compat.h +++ b/crypto/external/bsd/openssh/dist/compat.h @@ -1,4 +1,4 @@ -/* $NetBSD: compat.h,v 1.7 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: compat.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/crc32.c b/crypto/external/bsd/openssh/dist/crc32.c index 27765ab6f0bf..d2d8e8724057 100644 --- a/crypto/external/bsd/openssh/dist/crc32.c +++ b/crypto/external/bsd/openssh/dist/crc32.c @@ -1,4 +1,4 @@ -/* $NetBSD: crc32.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: crc32.c,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: crc32.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: crc32.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include "crc32.h" diff --git a/crypto/external/bsd/openssh/dist/crc32.h b/crypto/external/bsd/openssh/dist/crc32.h index c709a1ffdb91..7c71901b646f 100644 --- a/crypto/external/bsd/openssh/dist/crc32.h +++ b/crypto/external/bsd/openssh/dist/crc32.h @@ -1,4 +1,4 @@ -/* $NetBSD: crc32.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: crc32.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/deattack.c b/crypto/external/bsd/openssh/dist/deattack.c index aaec089c4bea..bae2fd557d9f 100644 --- a/crypto/external/bsd/openssh/dist/deattack.c +++ b/crypto/external/bsd/openssh/dist/deattack.c @@ -1,4 +1,4 @@ -/* $NetBSD: deattack.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: deattack.c,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: deattack.c,v 1.32 2015/01/20 23:14:00 deraadt Exp $ */ /* * Cryptographic attack detector for ssh - source code @@ -20,7 +20,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: deattack.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: deattack.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/deattack.h b/crypto/external/bsd/openssh/dist/deattack.h index cb1cc5d03b4e..931627fe1a21 100644 --- a/crypto/external/bsd/openssh/dist/deattack.h +++ b/crypto/external/bsd/openssh/dist/deattack.h @@ -1,4 +1,4 @@ -/* $NetBSD: deattack.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: deattack.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: deattack.h,v 1.11 2015/01/19 19:52:16 markus Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/dh.c b/crypto/external/bsd/openssh/dist/dh.c index 3e74c8883fc8..9ce2fdc07657 100644 --- a/crypto/external/bsd/openssh/dist/dh.c +++ b/crypto/external/bsd/openssh/dist/dh.c @@ -1,5 +1,6 @@ -/* $NetBSD: dh.c,v 1.10 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */ +/* $NetBSD: dh.c,v 1.11 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: dh.c,v 1.62 2016/12/15 21:20:41 dtucker Exp $ */ + /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -25,10 +26,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: dh.c,v 1.10 2016/08/02 13:45:12 christos Exp $"); -#include -#include /* MIN */ +__RCSID("$NetBSD: dh.c,v 1.11 2016/12/25 00:07:47 christos Exp $"); +#include /* MIN */ #include #include @@ -156,7 +156,7 @@ choose_dh(int min, int wantbits, int max) struct dhgroup dhg; if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) { - logit("WARNING: could open open %s (%s), using fixed modulus", + logit("WARNING: could not open %s (%s), using fixed modulus", _PATH_DH_MODULI, strerror(errno)); return (dh_new_group_fallback(max)); } @@ -275,7 +275,7 @@ dh_gen_key(DH *dh, int need) * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * so double requested need here. */ - dh->length = MIN(need * 2, pbits - 1); + dh->length = MINIMUM(need * 2, pbits - 1); if (DH_generate_key(dh) == 0 || !dh_pub_is_valid(dh, dh->pub_key)) { BN_clear_free(dh->priv_key); diff --git a/crypto/external/bsd/openssh/dist/dh.h b/crypto/external/bsd/openssh/dist/dh.h index add25d6f5b1d..6811bce2e09f 100644 --- a/crypto/external/bsd/openssh/dist/dh.h +++ b/crypto/external/bsd/openssh/dist/dh.h @@ -1,4 +1,4 @@ -/* $NetBSD: dh.h,v 1.7 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: dh.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/digest-libc.c b/crypto/external/bsd/openssh/dist/digest-libc.c index fd100d718401..7b0d799d033b 100644 --- a/crypto/external/bsd/openssh/dist/digest-libc.c +++ b/crypto/external/bsd/openssh/dist/digest-libc.c @@ -16,7 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: digest-libc.c,v 1.4 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: digest-libc.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/digest-openssl.c b/crypto/external/bsd/openssh/dist/digest-openssl.c index 06a59c59ec36..68d5d9d8701e 100644 --- a/crypto/external/bsd/openssh/dist/digest-openssl.c +++ b/crypto/external/bsd/openssh/dist/digest-openssl.c @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: digest-openssl.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: digest-openssl.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/dispatch.c b/crypto/external/bsd/openssh/dist/dispatch.c index 06f0ccc0d29a..655b8687cb05 100644 --- a/crypto/external/bsd/openssh/dist/dispatch.c +++ b/crypto/external/bsd/openssh/dist/dispatch.c @@ -1,4 +1,4 @@ -/* $NetBSD: dispatch.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: dispatch.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: dispatch.c,v 1.27 2015/05/01 07:10:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: dispatch.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: dispatch.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/dispatch.h b/crypto/external/bsd/openssh/dist/dispatch.h index ec0883edb821..2bf67b5fa879 100644 --- a/crypto/external/bsd/openssh/dist/dispatch.h +++ b/crypto/external/bsd/openssh/dist/dispatch.h @@ -1,4 +1,4 @@ -/* $NetBSD: dispatch.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: dispatch.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: dispatch.h,v 1.12 2015/01/19 20:07:45 markus Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/dns.c b/crypto/external/bsd/openssh/dist/dns.c index 3c082a17cea1..523e9b489fa5 100644 --- a/crypto/external/bsd/openssh/dist/dns.c +++ b/crypto/external/bsd/openssh/dist/dns.c @@ -1,4 +1,4 @@ -/* $NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $ */ +/* $NetBSD: dns.c,v 1.13 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */ /* @@ -27,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $"); +__RCSID("$NetBSD: dns.c,v 1.13 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/dns.h b/crypto/external/bsd/openssh/dist/dns.h index 34c68af0c619..1c721814cfac 100644 --- a/crypto/external/bsd/openssh/dist/dns.h +++ b/crypto/external/bsd/openssh/dist/dns.h @@ -1,4 +1,4 @@ -/* $NetBSD: dns.h,v 1.7 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: dns.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: dns.h,v 1.15 2015/05/08 06:45:13 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/ed25519.c b/crypto/external/bsd/openssh/dist/ed25519.c index c36422f618cb..b179d6783e66 100644 --- a/crypto/external/bsd/openssh/dist/ed25519.c +++ b/crypto/external/bsd/openssh/dist/ed25519.c @@ -6,7 +6,7 @@ * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c */ #include "includes.h" -__RCSID("$NetBSD: ed25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: ed25519.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include "crypto_api.h" diff --git a/crypto/external/bsd/openssh/dist/fatal.c b/crypto/external/bsd/openssh/dist/fatal.c index 43d74c255947..f01fb58f449f 100644 --- a/crypto/external/bsd/openssh/dist/fatal.c +++ b/crypto/external/bsd/openssh/dist/fatal.c @@ -1,4 +1,4 @@ -/* $NetBSD: fatal.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: fatal.c,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: fatal.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: fatal.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/fe25519.c b/crypto/external/bsd/openssh/dist/fe25519.c index f46c812a8f69..516c39e15097 100644 --- a/crypto/external/bsd/openssh/dist/fe25519.c +++ b/crypto/external/bsd/openssh/dist/fe25519.c @@ -6,7 +6,7 @@ * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c */ #include "includes.h" -__RCSID("$NetBSD: fe25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: fe25519.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #define WINDOWSIZE 1 /* Should be 1,2, or 4 */ #define WINDOWMASK ((1< -__RCSID("$NetBSD: getpeereid.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: getpeereid.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #if defined(SO_PEERCRED) int diff --git a/crypto/external/bsd/openssh/dist/getpeereid.h b/crypto/external/bsd/openssh/dist/getpeereid.h index feb656d60728..09634d176833 100644 --- a/crypto/external/bsd/openssh/dist/getpeereid.h +++ b/crypto/external/bsd/openssh/dist/getpeereid.h @@ -1,4 +1,4 @@ -/* $NetBSD: getpeereid.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: getpeereid.h,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* Id: bsd-getpeereid.h,v 1.1 2002/09/12 00:33:02 djm Exp */ #ifndef _BSD_GETPEEREID_H diff --git a/crypto/external/bsd/openssh/dist/getrrsetbyname.c b/crypto/external/bsd/openssh/dist/getrrsetbyname.c index 749c9f96dbf1..403a337b44fb 100644 --- a/crypto/external/bsd/openssh/dist/getrrsetbyname.c +++ b/crypto/external/bsd/openssh/dist/getrrsetbyname.c @@ -1,4 +1,4 @@ -/* $NetBSD: getrrsetbyname.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: getrrsetbyname.c,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */ /* @@ -47,7 +47,7 @@ /* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ #include "includes.h" -__RCSID("$NetBSD: getrrsetbyname.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: getrrsetbyname.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #ifndef HAVE_GETRRSETBYNAME diff --git a/crypto/external/bsd/openssh/dist/getrrsetbyname.h b/crypto/external/bsd/openssh/dist/getrrsetbyname.h index b43e9ef0df9f..cfdd644f0b46 100644 --- a/crypto/external/bsd/openssh/dist/getrrsetbyname.h +++ b/crypto/external/bsd/openssh/dist/getrrsetbyname.h @@ -1,6 +1,6 @@ /* OPENBSD BASED ON : include/netdb.h */ -/* $NetBSD: getrrsetbyname.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: getrrsetbyname.h,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/groupaccess.c b/crypto/external/bsd/openssh/dist/groupaccess.c index 3a2d3e46f34e..bb7454077294 100644 --- a/crypto/external/bsd/openssh/dist/groupaccess.c +++ b/crypto/external/bsd/openssh/dist/groupaccess.c @@ -1,4 +1,4 @@ -/* $NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: groupaccess.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: groupaccess.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/groupaccess.h b/crypto/external/bsd/openssh/dist/groupaccess.h index a5ee00a9d5e8..c937b5507885 100644 --- a/crypto/external/bsd/openssh/dist/groupaccess.h +++ b/crypto/external/bsd/openssh/dist/groupaccess.h @@ -1,4 +1,4 @@ -/* $NetBSD: groupaccess.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: groupaccess.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: groupaccess.h,v 1.8 2008/07/04 03:44:59 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/gss-genr.c b/crypto/external/bsd/openssh/dist/gss-genr.c index 93fe1cbd8e5f..db098412e55a 100644 --- a/crypto/external/bsd/openssh/dist/gss-genr.c +++ b/crypto/external/bsd/openssh/dist/gss-genr.c @@ -1,5 +1,5 @@ -/* $NetBSD: gss-genr.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */ +/* $NetBSD: gss-genr.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -29,7 +29,6 @@ __RCSID("$NetBSD"); #ifdef GSSAPI -#include #include #include diff --git a/crypto/external/bsd/openssh/dist/gss-serv-krb5.c b/crypto/external/bsd/openssh/dist/gss-serv-krb5.c index fba43fcdbf3b..3ecb409e283b 100644 --- a/crypto/external/bsd/openssh/dist/gss-serv-krb5.c +++ b/crypto/external/bsd/openssh/dist/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: gss-serv-krb5.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: gss-serv-krb5.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #ifdef GSSAPI #ifdef KRB5 diff --git a/crypto/external/bsd/openssh/dist/gss-serv.c b/crypto/external/bsd/openssh/dist/gss-serv.c index f6548e1e1c68..0756b17bc4f3 100644 --- a/crypto/external/bsd/openssh/dist/gss-serv.c +++ b/crypto/external/bsd/openssh/dist/gss-serv.c @@ -1,4 +1,4 @@ -/* $NetBSD: gss-serv.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: gss-serv.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: gss-serv.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: gss-serv.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/hash.c b/crypto/external/bsd/openssh/dist/hash.c index 2679878bc5c1..7fa139cb6b83 100644 --- a/crypto/external/bsd/openssh/dist/hash.c +++ b/crypto/external/bsd/openssh/dist/hash.c @@ -8,7 +8,7 @@ D. J. Bernstein Public domain. */ #include "includes.h" -__RCSID("$NetBSD: hash.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: hash.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include "crypto_api.h" diff --git a/crypto/external/bsd/openssh/dist/hmac.c b/crypto/external/bsd/openssh/dist/hmac.c index b41cd7e15ff6..f6ec39b37a5b 100644 --- a/crypto/external/bsd/openssh/dist/hmac.c +++ b/crypto/external/bsd/openssh/dist/hmac.c @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: hmac.c,v 1.4 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: hmac.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/hostfile.c b/crypto/external/bsd/openssh/dist/hostfile.c index d0417c267d56..f278b61fca2c 100644 --- a/crypto/external/bsd/openssh/dist/hostfile.c +++ b/crypto/external/bsd/openssh/dist/hostfile.c @@ -1,5 +1,6 @@ -/* $NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */ -/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */ +/* $NetBSD: hostfile.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -38,7 +39,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: hostfile.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include @@ -124,14 +125,13 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) u_char salt[256], result[256]; char uu_salt[512], uu_result[512]; static char encoded[1024]; - u_int i, len; + u_int len; len = ssh_digest_bytes(SSH_DIGEST_SHA1); if (name_from_hostfile == NULL) { /* Create new salt */ - for (i = 0; i < len; i++) - salt[i] = arc4random(); + arc4random_buf(salt, len); } else { /* Extract salt from known host entry */ if (extract_salt(name_from_hostfile, src_len, salt, diff --git a/crypto/external/bsd/openssh/dist/hostfile.h b/crypto/external/bsd/openssh/dist/hostfile.h index c24406520d1b..3bc51d4e672d 100644 --- a/crypto/external/bsd/openssh/dist/hostfile.h +++ b/crypto/external/bsd/openssh/dist/hostfile.h @@ -1,4 +1,4 @@ -/* $NetBSD: hostfile.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: hostfile.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: hostfile.h,v 1.24 2015/02/16 22:08:57 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/includes.h b/crypto/external/bsd/openssh/dist/includes.h index 7891fd641327..5ce92b3334e6 100644 --- a/crypto/external/bsd/openssh/dist/includes.h +++ b/crypto/external/bsd/openssh/dist/includes.h @@ -1,4 +1,4 @@ -/* $NetBSD: includes.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: includes.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ #include #ifndef __OpenBSD__ #define __bounded__(a, b, c) diff --git a/crypto/external/bsd/openssh/dist/kex.c b/crypto/external/bsd/openssh/dist/kex.c index da8de36a5447..2c4e79af4bcd 100644 --- a/crypto/external/bsd/openssh/dist/kex.c +++ b/crypto/external/bsd/openssh/dist/kex.c @@ -1,5 +1,6 @@ -/* $NetBSD: kex.c,v 1.16 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */ +/* $NetBSD: kex.c,v 1.17 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */ + /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -25,9 +26,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: kex.c,v 1.16 2016/08/02 13:45:12 christos Exp $"); -#include /* MAX roundup */ +__RCSID("$NetBSD: kex.c,v 1.17 2016/12/25 00:07:47 christos Exp $"); +#include /* MAX roundup */ #include #include #include @@ -96,6 +97,7 @@ static const struct kexalg kexalgs[] = { SSH_DIGEST_SHA512 }, #endif { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, + { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, { NULL, (u_int)-1, -1, -1}, }; @@ -326,14 +328,21 @@ static int kex_send_ext_info(struct ssh *ssh) { int r; + char *algs; + if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) + return SSH_ERR_ALLOC_FAIL; if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || - (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 || + (r = sshpkt_put_cstring(ssh, algs)) != 0 || (r = sshpkt_send(ssh)) != 0) - return r; - return 0; + goto out; + /* success */ + r = 0; + out: + free(algs); + return r; } int @@ -408,6 +417,8 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt) ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); if ((r = sshpkt_get_end(ssh)) != 0) return r; + if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) + return r; kex->done = 1; sshbuf_reset(kex->peer); /* sshbuf_reset(kex->my); */ @@ -461,6 +472,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) if (kex == NULL) return SSH_ERR_INVALID_ARGUMENT; + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ptr = sshpkt_ptr(ssh, &dlen); if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) return r; @@ -764,10 +776,8 @@ kex_choose_conf(struct ssh *ssh) char *ext; ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); - if (ext) { - kex->ext_info_c = 1; - free(ext); - } + kex->ext_info_c = (ext != NULL); + free(ext); } /* Algorithm Negotiation */ @@ -850,14 +860,14 @@ kex_choose_conf(struct ssh *ssh) need = dh_need = 0; for (mode = 0; mode < MODE_MAX; mode++) { newkeys = kex->newkeys[mode]; - need = MAX(need, newkeys->enc.key_len); - need = MAX(need, newkeys->enc.block_size); - need = MAX(need, newkeys->enc.iv_len); - need = MAX(need, newkeys->mac.key_len); - dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher)); - dh_need = MAX(dh_need, newkeys->enc.block_size); - dh_need = MAX(dh_need, newkeys->enc.iv_len); - dh_need = MAX(dh_need, newkeys->mac.key_len); + need = MAXIMUM(need, newkeys->enc.key_len); + need = MAXIMUM(need, newkeys->enc.block_size); + need = MAXIMUM(need, newkeys->enc.iv_len); + need = MAXIMUM(need, newkeys->mac.key_len); + dh_need = MAXIMUM(dh_need, cipher_seclen(newkeys->enc.cipher)); + dh_need = MAXIMUM(dh_need, newkeys->enc.block_size); + dh_need = MAXIMUM(dh_need, newkeys->enc.iv_len); + dh_need = MAXIMUM(dh_need, newkeys->mac.key_len); } /* XXX need runden? */ kex->we_need = need; @@ -888,7 +898,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0) return SSH_ERR_INVALID_ARGUMENT; - if ((digest = calloc(1, roundup(need, mdsz))) == NULL) { + if ((digest = calloc(1, ROUNDUP(need, mdsz))) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } diff --git a/crypto/external/bsd/openssh/dist/kex.h b/crypto/external/bsd/openssh/dist/kex.h index f0e55984e8be..113e296b0dec 100644 --- a/crypto/external/bsd/openssh/dist/kex.h +++ b/crypto/external/bsd/openssh/dist/kex.h @@ -1,5 +1,5 @@ -/* $NetBSD: kex.h,v 1.13 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */ +/* $NetBSD: kex.h,v 1.14 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: kex.h,v 1.81 2016/09/28 21:44:52 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -37,17 +37,18 @@ #define KEX_COOKIE_LEN 16 -#define KEX_DH1 "diffie-hellman-group1-sha1" -#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1" -#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256" -#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512" -#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512" -#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" -#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" -#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" -#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" -#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" -#define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" +#define KEX_DH1 "diffie-hellman-group1-sha1" +#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1" +#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256" +#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512" +#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512" +#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" +#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" +#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" +#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" +#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" +#define KEX_CURVE25519_SHA256 "curve25519-sha256" +#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define COMP_NONE 0 #define COMP_ZLIB 1 diff --git a/crypto/external/bsd/openssh/dist/kexc25519.c b/crypto/external/bsd/openssh/dist/kexc25519.c index 5345e3e46204..90a5dc819694 100644 --- a/crypto/external/bsd/openssh/dist/kexc25519.c +++ b/crypto/external/bsd/openssh/dist/kexc25519.c @@ -25,7 +25,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: kexc25519.c,v 1.5 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: kexc25519.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include diff --git a/crypto/external/bsd/openssh/dist/kexc25519c.c b/crypto/external/bsd/openssh/dist/kexc25519c.c index b60221d5b41e..a2d272329f18 100644 --- a/crypto/external/bsd/openssh/dist/kexc25519c.c +++ b/crypto/external/bsd/openssh/dist/kexc25519c.c @@ -25,7 +25,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: kexc25519c.c,v 1.4 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: kexc25519c.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include diff --git a/crypto/external/bsd/openssh/dist/kexc25519s.c b/crypto/external/bsd/openssh/dist/kexc25519s.c index 510377d90b55..8170c2e339b6 100644 --- a/crypto/external/bsd/openssh/dist/kexc25519s.c +++ b/crypto/external/bsd/openssh/dist/kexc25519s.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexc25519s.c,v 1.6 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: kexc25519s.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexc25519s.c,v 1.10 2015/12/04 16:41:28 markus Exp $ */ /* @@ -26,7 +26,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: kexc25519s.c,v 1.6 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: kexc25519s.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/kexdh.c b/crypto/external/bsd/openssh/dist/kexdh.c index 48c7b8943c36..57bdd94e4920 100644 --- a/crypto/external/bsd/openssh/dist/kexdh.c +++ b/crypto/external/bsd/openssh/dist/kexdh.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexdh.c,v 1.5 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: kexdh.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexdh.c,v 1.5 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: kexdh.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/kexdhc.c b/crypto/external/bsd/openssh/dist/kexdhc.c index 7e8b146c21e8..7a9b0f823d87 100644 --- a/crypto/external/bsd/openssh/dist/kexdhc.c +++ b/crypto/external/bsd/openssh/dist/kexdhc.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexdhc.c,v 1.7 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: kexdhc.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexdhc.c,v 1.7 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: kexdhc.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/kexdhs.c b/crypto/external/bsd/openssh/dist/kexdhs.c index f75908ae1b89..a5b6cce3b39c 100644 --- a/crypto/external/bsd/openssh/dist/kexdhs.c +++ b/crypto/external/bsd/openssh/dist/kexdhs.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexdhs.c,v 1.10 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: kexdhs.c,v 1.11 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexdhs.c,v 1.10 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: kexdhs.c,v 1.11 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/kexecdh.c b/crypto/external/bsd/openssh/dist/kexecdh.c index 5a7de25c55ab..572ca06f1bee 100644 --- a/crypto/external/bsd/openssh/dist/kexecdh.c +++ b/crypto/external/bsd/openssh/dist/kexecdh.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexecdh.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: kexecdh.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexecdh.c,v 1.6 2015/01/19 20:16:15 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexecdh.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: kexecdh.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/kexecdhc.c b/crypto/external/bsd/openssh/dist/kexecdhc.c index 76c3c18275cd..240df76a2aee 100644 --- a/crypto/external/bsd/openssh/dist/kexecdhc.c +++ b/crypto/external/bsd/openssh/dist/kexecdhc.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexecdhc.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: kexecdhc.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexecdhc.c,v 1.10 2015/01/26 06:10:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexecdhc.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: kexecdhc.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/kexecdhs.c b/crypto/external/bsd/openssh/dist/kexecdhs.c index 8ec9cedfc96f..7154c19bc8ed 100644 --- a/crypto/external/bsd/openssh/dist/kexecdhs.c +++ b/crypto/external/bsd/openssh/dist/kexecdhs.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexecdhs.c,v 1.6 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: kexecdhs.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexecdhs.c,v 1.15 2015/12/04 16:41:28 markus Exp $ */ /* @@ -27,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexecdhs.c,v 1.6 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: kexecdhs.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/kexgex.c b/crypto/external/bsd/openssh/dist/kexgex.c index 3b94cc21da66..7c7d616f8a7c 100644 --- a/crypto/external/bsd/openssh/dist/kexgex.c +++ b/crypto/external/bsd/openssh/dist/kexgex.c @@ -1,4 +1,4 @@ -/* $NetBSD: kexgex.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: kexgex.c,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: kexgex.c,v 1.29 2015/01/19 20:16:15 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexgex.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: kexgex.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/kexgexc.c b/crypto/external/bsd/openssh/dist/kexgexc.c index f892a0af85f9..2849720f1886 100644 --- a/crypto/external/bsd/openssh/dist/kexgexc.c +++ b/crypto/external/bsd/openssh/dist/kexgexc.c @@ -1,5 +1,6 @@ -/* $NetBSD: kexgexc.c,v 1.7 2015/07/03 01:00:00 christos Exp $ */ -/* $OpenBSD: kexgexc.c,v 1.22 2015/05/26 23:23:40 dtucker Exp $ */ +/* $NetBSD: kexgexc.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.23 2016/09/12 01:22:38 deraadt Exp $ */ + /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexgexc.c,v 1.7 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: kexgexc.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); #include #include @@ -49,6 +50,7 @@ __RCSID("$NetBSD: kexgexc.c,v 1.7 2015/07/03 01:00:00 christos Exp $"); #include "dispatch.h" #include "ssherr.h" #include "sshbuf.h" +#include "misc.h" static int input_kex_dh_gex_group(int, u_int32_t, void *); static int input_kex_dh_gex_reply(int, u_int32_t, void *); @@ -66,7 +68,7 @@ kexgex_client(struct ssh *ssh) kex->max = DH_GRP_MAX; kex->nbits = nbits; if (datafellows & SSH_BUG_DHGEX_LARGE) - kex->nbits = MIN(kex->nbits, 4096); + kex->nbits = MINIMUM(kex->nbits, 4096); /* New GEX request */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || (r = sshpkt_put_u32(ssh, kex->min)) != 0 || diff --git a/crypto/external/bsd/openssh/dist/kexgexs.c b/crypto/external/bsd/openssh/dist/kexgexs.c index 023cd8d531ec..bfb0afe2e947 100644 --- a/crypto/external/bsd/openssh/dist/kexgexs.c +++ b/crypto/external/bsd/openssh/dist/kexgexs.c @@ -1,5 +1,6 @@ -/* $NetBSD: kexgexs.c,v 1.11 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: kexgexs.c,v 1.29 2016/06/08 02:13:01 dtucker Exp $ */ +/* $NetBSD: kexgexs.c,v 1.12 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.30 2016/09/12 01:22:38 deraadt Exp $ */ + /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,9 +27,9 @@ */ #include "includes.h" -__RCSID("$NetBSD: kexgexs.c,v 1.11 2016/08/02 13:45:12 christos Exp $"); -#include /* MIN MAX */ +__RCSID("$NetBSD: kexgexs.c,v 1.12 2016/12/25 00:07:47 christos Exp $"); +#include /* MIN MAX */ #include #include #include @@ -51,6 +52,7 @@ __RCSID("$NetBSD: kexgexs.c,v 1.11 2016/08/02 13:45:12 christos Exp $"); #include "dispatch.h" #include "ssherr.h" #include "sshbuf.h" +#include "misc.h" static int input_kex_dh_gex_request(int, u_int32_t, void *); static int input_kex_dh_gex_init(int, u_int32_t, void *); @@ -81,10 +83,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) kex->nbits = nbits; kex->min = min; kex->max = max; - min = MAX(DH_GRP_MIN, min); - max = MIN(DH_GRP_MAX, max); - nbits = MAX(DH_GRP_MIN, nbits); - nbits = MIN(DH_GRP_MAX, nbits); + min = MAXIMUM(DH_GRP_MIN, min); + max = MINIMUM(DH_GRP_MAX, max); + nbits = MAXIMUM(DH_GRP_MIN, nbits); + nbits = MINIMUM(DH_GRP_MAX, nbits); if (kex->max < kex->min || kex->nbits < kex->min || kex->max < kex->nbits || kex->max < DH_GRP_MIN) { diff --git a/crypto/external/bsd/openssh/dist/key.c b/crypto/external/bsd/openssh/dist/key.c index 242f335eb09d..8dec99def075 100644 --- a/crypto/external/bsd/openssh/dist/key.c +++ b/crypto/external/bsd/openssh/dist/key.c @@ -1,11 +1,11 @@ -/* $NetBSD: key.c,v 1.19 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: key.c,v 1.20 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */ /* * placed in the public domain */ #include "includes.h" -__RCSID("$NetBSD: key.c,v 1.19 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: key.c,v 1.20 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/key.h b/crypto/external/bsd/openssh/dist/key.h index e23729e3c3c6..795e80ce3141 100644 --- a/crypto/external/bsd/openssh/dist/key.h +++ b/crypto/external/bsd/openssh/dist/key.h @@ -1,5 +1,5 @@ -/* $NetBSD: key.h,v 1.11 2016/03/11 01:55:00 christos Exp $ */ -/* $OpenBSD: key.h,v 1.49 2015/12/04 16:41:28 markus Exp $ */ +/* $NetBSD: key.h,v 1.12 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: key.h,v 1.50 2016/09/12 23:31:27 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -75,7 +75,6 @@ int key_certify(Key *, Key *); void key_cert_copy(const Key *, Key *); int key_cert_check_authority(const Key *, int, int, const char *, const char **); -char *key_alg_list(int, int); #ifdef WITH_OPENSSL int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); diff --git a/crypto/external/bsd/openssh/dist/krl.c b/crypto/external/bsd/openssh/dist/krl.c index 64d52304e20f..4636d50dbf6a 100644 --- a/crypto/external/bsd/openssh/dist/krl.c +++ b/crypto/external/bsd/openssh/dist/krl.c @@ -1,4 +1,4 @@ -/* $NetBSD: krl.c,v 1.8 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: krl.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* * Copyright (c) 2012 Damien Miller @@ -17,9 +17,9 @@ */ #include -__RCSID("$NetBSD: krl.c,v 1.8 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: krl.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); -/* $OpenBSD: krl.c,v 1.37 2015/12/31 00:33:52 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.38 2016/09/12 01:22:38 deraadt Exp $ */ #include "includes.h" #include /* MIN */ @@ -125,7 +125,7 @@ blob_cmp(struct revoked_blob *a, struct revoked_blob *b) int r; if (a->len != b->len) { - if ((r = memcmp(a->blob, b->blob, MIN(a->len, b->len))) != 0) + if ((r = memcmp(a->blob, b->blob, MINIMUM(a->len, b->len))) != 0) return r; return a->len > b->len ? 1 : -1; } else @@ -465,9 +465,9 @@ choose_next_state(int current_state, u_int64_t contig, int final, * Avoid unsigned overflows. * The limits are high enough to avoid confusing the calculations. */ - contig = MIN(contig, 1ULL<<31); - last_gap = MIN(last_gap, 1ULL<<31); - next_gap = MIN(next_gap, 1ULL<<31); + contig = MINIMUM(contig, 1ULL<<31); + last_gap = MINIMUM(last_gap, 1ULL<<31); + next_gap = MINIMUM(next_gap, 1ULL<<31); /* * Calculate the cost to switch from the current state to candidates. @@ -493,8 +493,8 @@ choose_next_state(int current_state, u_int64_t contig, int final, /* Estimate base cost in bits of each section type */ cost_list += 64 * contig + (final ? 0 : 8+64); cost_range += (2 * 64) + (final ? 0 : 8+64); - cost_bitmap += last_gap + contig + (final ? 0 : MIN(next_gap, 8+64)); - cost_bitmap_restart += contig + (final ? 0 : MIN(next_gap, 8+64)); + cost_bitmap += last_gap + contig + (final ? 0 : MINIMUM(next_gap, 8+64)); + cost_bitmap_restart += contig + (final ? 0 : MINIMUM(next_gap, 8+64)); /* Convert to byte costs for actual comparison */ cost_list = (cost_list + 7) / 8; diff --git a/crypto/external/bsd/openssh/dist/ldapauth.c b/crypto/external/bsd/openssh/dist/ldapauth.c index a716737fd47f..a2a7b6f4eb95 100644 --- a/crypto/external/bsd/openssh/dist/ldapauth.c +++ b/crypto/external/bsd/openssh/dist/ldapauth.c @@ -1,5 +1,5 @@ -/* $NetBSD: ldapauth.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ -/* $Id: ldapauth.c,v 1.5 2015/04/03 23:58:19 christos Exp $ +/* $NetBSD: ldapauth.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ +/* $Id: ldapauth.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* @@ -23,7 +23,7 @@ * */ #include "includes.h" -__RCSID("$NetBSD: ldapauth.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: ldapauth.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #ifdef WITH_LDAP_PUBKEY #include diff --git a/crypto/external/bsd/openssh/dist/ldapauth.h b/crypto/external/bsd/openssh/dist/ldapauth.h index 6822e5741730..d2304b82e4b9 100644 --- a/crypto/external/bsd/openssh/dist/ldapauth.h +++ b/crypto/external/bsd/openssh/dist/ldapauth.h @@ -1,5 +1,5 @@ -/* $NetBSD: ldapauth.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */ -/* $Id: ldapauth.h,v 1.3 2015/04/03 23:58:19 christos Exp $ +/* $NetBSD: ldapauth.h,v 1.4 2016/12/25 00:07:47 christos Exp $ */ +/* $Id: ldapauth.h,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/log.c b/crypto/external/bsd/openssh/dist/log.c index b226e0076ba8..5a92e1aa2491 100644 --- a/crypto/external/bsd/openssh/dist/log.c +++ b/crypto/external/bsd/openssh/dist/log.c @@ -1,4 +1,4 @@ -/* $NetBSD: log.c,v 1.14 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: log.c,v 1.15 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -36,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: log.c,v 1.14 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: log.c,v 1.15 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/log.h b/crypto/external/bsd/openssh/dist/log.h index 52b71ec7eb7d..855fbdb65fb6 100644 --- a/crypto/external/bsd/openssh/dist/log.h +++ b/crypto/external/bsd/openssh/dist/log.h @@ -1,4 +1,4 @@ -/* $NetBSD: log.h,v 1.10 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: log.h,v 1.11 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: log.h,v 1.21 2016/07/15 05:01:58 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/mac.c b/crypto/external/bsd/openssh/dist/mac.c index d5a2d5eecd97..7298bdc40ad3 100644 --- a/crypto/external/bsd/openssh/dist/mac.c +++ b/crypto/external/bsd/openssh/dist/mac.c @@ -1,4 +1,4 @@ -/* $NetBSD: mac.c,v 1.12 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: mac.c,v 1.13 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: mac.c,v 1.33 2016/07/08 03:44:42 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: mac.c,v 1.12 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: mac.c,v 1.13 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/mac.h b/crypto/external/bsd/openssh/dist/mac.h index 2412e2e8cf53..53ef821d9ef2 100644 --- a/crypto/external/bsd/openssh/dist/mac.h +++ b/crypto/external/bsd/openssh/dist/mac.h @@ -1,4 +1,4 @@ -/* $NetBSD: mac.h,v 1.6 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: mac.h,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: mac.h,v 1.10 2016/07/08 03:44:42 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/match.c b/crypto/external/bsd/openssh/dist/match.c index c0b0ae285a06..f967d183631e 100644 --- a/crypto/external/bsd/openssh/dist/match.c +++ b/crypto/external/bsd/openssh/dist/match.c @@ -1,5 +1,6 @@ -/* $NetBSD: match.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */ -/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */ +/* $NetBSD: match.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: match.c,v 1.33 2016/11/06 05:46:37 djm Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: match.c,v 1.6 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: match.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include @@ -192,11 +193,10 @@ match_host_and_ip(const char *host, const char *ipaddr, { int mhost, mip; - /* error in ipaddr match */ if ((mip = addr_match_list(ipaddr, patterns)) == -2) - return -1; - else if (mip == -1) /* negative ip address match */ - return 0; + return -1; /* error in ipaddr match */ + else if (host == NULL || ipaddr == NULL || mip == -1) + return 0; /* negative ip address match, or testing pattern */ /* negative hostname match */ if ((mhost = match_hostname(host, patterns)) == -1) @@ -208,7 +208,9 @@ match_host_and_ip(const char *host, const char *ipaddr, } /* - * match user, user@host_or_ip, user@host_or_ip_list against pattern + * Match user, user@host_or_ip, user@host_or_ip_list against pattern. + * If user, host and ipaddr are all NULL then validate pattern/ + * Returns -1 on invalid pattern, 0 on no match, 1 on match. */ int match_user(const char *user, const char *host, const char *ipaddr, @@ -217,6 +219,14 @@ match_user(const char *user, const char *host, const char *ipaddr, char *p, *pat; int ret; + /* test mode */ + if (user == NULL && host == NULL && ipaddr == NULL) { + if ((p = strchr(pattern, '@')) != NULL && + match_host_and_ip(NULL, NULL, p + 1) < 0) + return -1; + return 0; + } + if ((p = strchr(pattern,'@')) == NULL) return match_pattern(user, pattern); diff --git a/crypto/external/bsd/openssh/dist/match.h b/crypto/external/bsd/openssh/dist/match.h index 7e301743f9e1..215efc98e58e 100644 --- a/crypto/external/bsd/openssh/dist/match.h +++ b/crypto/external/bsd/openssh/dist/match.h @@ -1,4 +1,4 @@ -/* $NetBSD: match.h,v 1.6 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: match.h,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/md-sha256.c b/crypto/external/bsd/openssh/dist/md-sha256.c index b527c2ea369f..84e937bcbf7c 100644 --- a/crypto/external/bsd/openssh/dist/md-sha256.c +++ b/crypto/external/bsd/openssh/dist/md-sha256.c @@ -1,4 +1,4 @@ -/* $NetBSD: md-sha256.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: md-sha256.c,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ /* * Copyright (c) 2005 Damien Miller @@ -18,7 +18,7 @@ /* EVP wrapper for SHA256 */ #include "includes.h" -__RCSID("$NetBSD: md-sha256.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: md-sha256.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include diff --git a/crypto/external/bsd/openssh/dist/misc.c b/crypto/external/bsd/openssh/dist/misc.c index b2dce46d061b..56770badd162 100644 --- a/crypto/external/bsd/openssh/dist/misc.c +++ b/crypto/external/bsd/openssh/dist/misc.c @@ -1,5 +1,6 @@ -/* $NetBSD: misc.c,v 1.13 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: misc.c,v 1.105 2016/07/15 00:24:30 djm Exp $ */ +/* $NetBSD: misc.c,v 1.14 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */ + /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -26,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: misc.c,v 1.13 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: misc.c,v 1.14 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -1202,3 +1203,29 @@ forward_equals(const struct Forward *a, const struct Forward *b) return 1; } +/* returns 1 if bind to specified port by specified user is permitted */ +int +bind_permitted(int port, uid_t uid) +{ + if (port < IPPORT_RESERVED && uid != 0) + return 0; + return 1; +} + +/* returns 1 if process is already daemonized, 0 otherwise */ +int +daemonized(void) +{ + int fd; + + if ((fd = open(_PATH_TTY, O_RDONLY | O_NOCTTY)) >= 0) { + close(fd); + return 0; /* have controlling terminal */ + } + if (getppid() != 1) + return 0; /* parent is not init */ + if (getsid(0) != getpid()) + return 0; /* not session leader */ + debug3("already daemonized"); + return 1; +} diff --git a/crypto/external/bsd/openssh/dist/misc.h b/crypto/external/bsd/openssh/dist/misc.h index 417bab63b6df..b13704f1401d 100644 --- a/crypto/external/bsd/openssh/dist/misc.h +++ b/crypto/external/bsd/openssh/dist/misc.h @@ -1,5 +1,5 @@ -/* $NetBSD: misc.h,v 1.10 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: misc.h,v 1.57 2016/07/15 00:24:30 djm Exp $ */ +/* $NetBSD: misc.h,v 1.11 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: misc.h,v 1.61 2016/11/30 00:28:31 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -16,6 +16,8 @@ #ifndef _MISC_H #define _MISC_H +#include + /* Data structure for representing a forwarding request. */ struct Forward { char *listen_host; /* Host (address) to listen on. */ @@ -29,6 +31,8 @@ struct Forward { }; int forward_equals(const struct Forward *, const struct Forward *); +int bind_permitted(int, uid_t); +int daemonized(void); /* Common server and client forwarding options. */ struct ForwardOptions { @@ -146,4 +150,8 @@ char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) +#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) +#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) + #endif /* _MISC_H */ diff --git a/crypto/external/bsd/openssh/dist/moduli b/crypto/external/bsd/openssh/dist/moduli index 79de8bad29b8..410f74b86a40 100644 --- a/crypto/external/bsd/openssh/dist/moduli +++ b/crypto/external/bsd/openssh/dist/moduli @@ -1,4 +1,4 @@ -# $NetBSD: moduli,v 1.7 2015/11/12 23:11:21 christos Exp $ +# $NetBSD: moduli,v 1.8 2016/12/25 00:07:47 christos Exp $ # Time Type Tests Tries Size Generator Modulus 20151112182404 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AE85A87 diff --git a/crypto/external/bsd/openssh/dist/moduli.5 b/crypto/external/bsd/openssh/dist/moduli.5 index 1c97c8bd9940..480e3a3bb547 100644 --- a/crypto/external/bsd/openssh/dist/moduli.5 +++ b/crypto/external/bsd/openssh/dist/moduli.5 @@ -1,4 +1,4 @@ -.\" $NetBSD: moduli.5,v 1.3 2015/04/03 23:58:19 christos Exp $ +.\" $NetBSD: moduli.5,v 1.4 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: moduli.5,v 1.7 2003/03/06 20:48:35 jmc Exp $ .\" .\" Copyright 1997, 2000 William Allen Simpson diff --git a/crypto/external/bsd/openssh/dist/moduli.c b/crypto/external/bsd/openssh/dist/moduli.c index 2a5ad1fbbab5..f9f1c31b5901 100644 --- a/crypto/external/bsd/openssh/dist/moduli.c +++ b/crypto/external/bsd/openssh/dist/moduli.c @@ -1,5 +1,6 @@ -/* $NetBSD: moduli.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: moduli.c,v 1.30 2015/01/20 23:14:00 deraadt Exp $ */ +/* $NetBSD: moduli.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: moduli.c,v 1.31 2016/09/12 01:22:38 deraadt Exp $ */ + /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -38,9 +39,8 @@ * Second step: test primes' safety (processor intensive) */ #include "includes.h" -__RCSID("$NetBSD: moduli.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: moduli.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); -#include /* MAX */ #include #include @@ -606,7 +606,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, if (checkpoint_file != NULL) last_processed = read_checkpoint(checkpoint_file); - last_processed = start_lineno = MAX(last_processed, start_lineno); + last_processed = start_lineno = MAXIMUM(last_processed, start_lineno); if (end_lineno == ULONG_MAX) debug("process from line %lu from pipe", last_processed); else diff --git a/crypto/external/bsd/openssh/dist/monitor.c b/crypto/external/bsd/openssh/dist/monitor.c index ce1b3344643b..1272a69d35fa 100644 --- a/crypto/external/bsd/openssh/dist/monitor.c +++ b/crypto/external/bsd/openssh/dist/monitor.c @@ -1,5 +1,6 @@ -/* $NetBSD: monitor.c,v 1.19 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: monitor.c,v 1.161 2016/07/22 03:39:13 djm Exp $ */ +/* $NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ + /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -27,7 +28,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor.c,v 1.19 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -51,10 +52,6 @@ __RCSID("$NetBSD: monitor.c,v 1.19 2016/08/02 13:45:12 christos Exp $"); #include #include -#ifdef SKEY -#include -#endif - #include "atomicio.h" #include "xmalloc.h" #include "ssh.h" @@ -77,7 +74,6 @@ __RCSID("$NetBSD: monitor.c,v 1.19 2016/08/02 13:45:12 christos Exp $"); #include "misc.h" #include "servconf.h" #include "monitor.h" -#include "monitor_mm.h" #ifdef GSSAPI #include "ssh-gss.h" #endif @@ -136,12 +132,9 @@ int mm_answer_pam_respond(int, Buffer *); int mm_answer_pam_free_ctx(int, Buffer *); #endif -#ifdef KRB4 -int mm_answer_krb4(int, Buffer *); -#endif #ifdef KRB5 int mm_answer_krb5(int, Buffer *); -#endif +#endif #ifdef GSSAPI int mm_answer_gss_setup_ctx(int, Buffer *); @@ -154,10 +147,6 @@ static int monitor_read_log(struct monitor *); static Authctxt *authctxt; -#ifdef WITH_SSH1 -static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ -#endif - /* local state for key verify */ static u_char *key_blob = NULL; static u_int key_bloblen = 0; @@ -205,24 +194,17 @@ struct mon_table mon_dispatch_proto20[] = { #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, -#endif -#ifdef SKEY - {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, - {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, #endif {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, -#ifdef KRB4 - {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, -#endif #ifdef KRB5 {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, #endif #ifdef GSSAPI {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, - {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, - {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, - {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, + {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, + {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, + {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, #endif {0, 0, NULL} }; @@ -238,51 +220,6 @@ struct mon_table mon_dispatch_postauth20[] = { {0, 0, NULL} }; -struct mon_table mon_dispatch_proto15[] = { -#ifdef WITH_SSH1 - {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, - {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, - {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, - {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, - {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, - {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, - {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, - {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, -#ifdef BSD_AUTH - {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, - {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, -#endif -#ifdef SKEY - {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, - {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, -#endif -#ifdef USE_PAM - {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, - {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, - {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, - {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, - {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, - {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, -#endif -#ifdef KRB4 - {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, -#endif -#ifdef KRB5 - {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, -#endif -#endif - {0, 0, NULL} -}; - -struct mon_table mon_dispatch_postauth15[] = { -#ifdef WITH_SSH1 - {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, - {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, - {MONITOR_REQ_TERM, 0, mm_answer_term}, -#endif - {0, 0, NULL} -}; - struct mon_table *mon_dispatch; /* Specifies if a certain message is allowed at the moment */ @@ -329,17 +266,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); - if (compat20) { - mon_dispatch = mon_dispatch_proto20; - - /* Permit requests for moduli and signatures */ - monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); - } else { - mon_dispatch = mon_dispatch_proto15; - - monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); - } + mon_dispatch = mon_dispatch_proto20; + /* Permit requests for moduli and signatures */ + monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); /* The first few requests do not require asynchronous access */ while (!authenticated) { @@ -350,9 +280,6 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* Special handling for multiple required authentications */ if (options.num_auth_methods != 0) { - if (!compat20) - fatal("AuthenticationMethods is not supported" - "with SSH protocol 1"); if (authenticated && !auth2_update_methods_lists(authctxt, auth_method, auth_submethod)) { @@ -433,17 +360,13 @@ monitor_child_postauth(struct monitor *pmonitor) signal(SIGTERM, &monitor_child_handler); signal(SIGINT, &monitor_child_handler); - if (compat20) { - mon_dispatch = mon_dispatch_postauth20; + mon_dispatch = mon_dispatch_postauth20; + + /* Permit requests for moduli and signatures */ + monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); - /* Permit requests for moduli and signatures */ - monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); - } else { - mon_dispatch = mon_dispatch_postauth15; - monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); - } if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); @@ -453,31 +376,6 @@ monitor_child_postauth(struct monitor *pmonitor) monitor_read(pmonitor, mon_dispatch, NULL); } -void -monitor_sync(struct monitor *pmonitor) -{ - if (options.compression) { - /* The member allocation is not visible, so sync it */ - mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); - } -} - -/* Allocation functions for zlib */ -static void * -mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) -{ - if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) - fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); - - return mm_malloc(mm, size * ncount); -} - -static void -mm_zfree(struct mm_master *mm, void *address) -{ - mm_free(mm, address); -} - static int monitor_read_log(struct monitor *pmonitor) { @@ -819,7 +717,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) #undef M_CP_STRARRAYOPT /* Create valid auth method lists */ - if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { + if (auth2_setup_methods_lists(authctxt) != 0) { /* * The monitor will continue long enough to let the child * run to it's packet_disconnect(), but it must not allow any @@ -831,14 +729,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); - /* For SSHv1 allow authentication now */ - if (!compat20) - monitor_permit_authentications(1); - else { - /* Allow service/style information on the auth context */ - monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); - } + /* Allow service/style information on the auth context */ + monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); #ifdef USE_PAM if (options.use_pam) @@ -887,6 +780,8 @@ mm_answer_authpassword(int sock, Buffer *m) int authenticated; u_int plen; + if (!options.password_authentication) + fatal("%s: password authentication not enabled", __func__); passwd = buffer_get_string(m, &plen); /* Only authenticate if the context is valid */ authenticated = options.password_authentication && @@ -920,6 +815,8 @@ mm_answer_bsdauthquery(int sock, Buffer *m) char **prompts; u_int success; + if (!options.kbd_interactive_authentication) + fatal("%s: kbd-int authentication not enabled", __func__); success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, &prompts, &echo_on) < 0 ? 0 : 1; @@ -947,6 +844,8 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) char *response; int authok; + if (!options.kbd_interactive_authentication) + fatal("%s: kbd-int authentication not enabled", __func__); if (authctxt->as == NULL) fatal("%s: no bsd auth session", __func__); @@ -963,11 +862,8 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) debug3("%s: sending authenticated: %d", __func__, authok); mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); - if (compat20) { - auth_method = "keyboard-interactive"; - auth_submethod = "bsdauth"; - } else - auth_method = "bsdauth"; + auth_method = "keyboard-interactive"; + auth_submethod = "bsdauth"; return (authok != 0); } @@ -1017,6 +913,7 @@ mm_answer_skeyrespond(int sock, Buffer *m) mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); auth_method = "skey"; + auth_submethod = "bsdauth"; return (authok != 0); } @@ -1174,10 +1071,6 @@ mm_answer_keyallowed(int sock, Buffer *m) key = key_from_blob(blob, bloblen); - if ((compat20 && type == MM_RSAHOSTKEY) || - (!compat20 && type != MM_RSAHOSTKEY)) - fatal("%s: key type and protocol mismatch", __func__); - debug3("%s: key_from_blob: %p", __func__, key); if (key != NULL && authctxt->valid) { @@ -1211,17 +1104,6 @@ mm_answer_keyallowed(int sock, Buffer *m) cuser, chost); auth_method = "hostbased"; break; -#ifdef WITH_SSH1 - case MM_RSAHOSTKEY: - key->type = KEY_RSA1; /* XXX */ - allowed = options.rhosts_rsa_authentication && - auth_rhosts_rsa_key_allowed(authctxt->pw, - cuser, chost, key); - if (options.rhosts_rsa_authentication && allowed != 1) - auth_clear_options(); - auth_method = "rsa"; - break; -#endif default: fatal("%s: unknown key type %d", __func__, type); break; @@ -1258,9 +1140,6 @@ mm_answer_keyallowed(int sock, Buffer *m) mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); - if (type == MM_RSAHOSTKEY) - monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); - return (0); } @@ -1453,9 +1332,6 @@ mm_record_login(Session *s, struct passwd *pw) socklen_t fromlen; struct sockaddr_storage from; - if (options.use_login) - return; - /* * Get IP address of client. If the connection is not a socket, let * the address be 0.0.0.0. @@ -1569,232 +1445,6 @@ mm_answer_pty_cleanup(int sock, Buffer *m) return (0); } -#ifdef WITH_SSH1 -int -mm_answer_sesskey(int sock, Buffer *m) -{ - BIGNUM *p; - int rsafail; - - /* Turn off permissions */ - monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); - - if ((p = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - buffer_get_bignum2(m, p); - - rsafail = ssh1_session_key(p); - - buffer_clear(m); - buffer_put_int(m, rsafail); - buffer_put_bignum2(m, p); - - BN_clear_free(p); - - mm_request_send(sock, MONITOR_ANS_SESSKEY, m); - - /* Turn on permissions for sessid passing */ - monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); - - return (0); -} - -int -mm_answer_sessid(int sock, Buffer *m) -{ - int i; - - debug3("%s entering", __func__); - - if (buffer_len(m) != 16) - fatal("%s: bad ssh1 session id", __func__); - for (i = 0; i < 16; i++) - session_id[i] = buffer_get_char(m); - - /* Turn on permissions for getpwnam */ - monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); - - return (0); -} - -int -mm_answer_rsa_keyallowed(int sock, Buffer *m) -{ - BIGNUM *client_n; - Key *key = NULL; - u_char *blob = NULL; - u_int blen = 0; - int allowed = 0; - - debug3("%s entering", __func__); - - auth_method = "rsa"; - if (options.rsa_authentication && authctxt->valid) { - if ((client_n = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - buffer_get_bignum2(m, client_n); - allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); - BN_clear_free(client_n); - } - buffer_clear(m); - buffer_put_int(m, allowed); - buffer_put_int(m, forced_command != NULL); - - /* clear temporarily storage (used by generate challenge) */ - monitor_reset_key_state(); - - if (allowed && key != NULL) { - key->type = KEY_RSA; /* cheat for key_to_blob */ - if (key_to_blob(key, &blob, &blen) == 0) - fatal("%s: key_to_blob failed", __func__); - buffer_put_string(m, blob, blen); - - /* Save temporarily for comparison in verify */ - key_blob = blob; - key_bloblen = blen; - key_blobtype = MM_RSAUSERKEY; - } - if (key != NULL) - key_free(key); - - mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); - - monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); - monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); - return (0); -} - -int -mm_answer_rsa_challenge(int sock, Buffer *m) -{ - Key *key = NULL; - u_char *blob; - u_int blen; - - debug3("%s entering", __func__); - - if (!authctxt->valid) - fatal("%s: authctxt not valid", __func__); - blob = buffer_get_string(m, &blen); - if (!monitor_allowed_key(blob, blen)) - fatal("%s: bad key, not previously allowed", __func__); - if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) - fatal("%s: key type mismatch", __func__); - if ((key = key_from_blob(blob, blen)) == NULL) - fatal("%s: received bad key", __func__); - if (key->type != KEY_RSA) - fatal("%s: received bad key type %d", __func__, key->type); - key->type = KEY_RSA1; - if (ssh1_challenge) - BN_clear_free(ssh1_challenge); - ssh1_challenge = auth_rsa_generate_challenge(key); - - buffer_clear(m); - buffer_put_bignum2(m, ssh1_challenge); - - debug3("%s sending reply", __func__); - mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); - - monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); - - free(blob); - key_free(key); - return (0); -} - -int -mm_answer_rsa_response(int sock, Buffer *m) -{ - Key *key = NULL; - u_char *blob, *response; - u_int blen, len; - int success; - - debug3("%s entering", __func__); - - if (!authctxt->valid) - fatal("%s: authctxt not valid", __func__); - if (ssh1_challenge == NULL) - fatal("%s: no ssh1_challenge", __func__); - - blob = buffer_get_string(m, &blen); - if (!monitor_allowed_key(blob, blen)) - fatal("%s: bad key, not previously allowed", __func__); - if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) - fatal("%s: key type mismatch: %d", __func__, key_blobtype); - if ((key = key_from_blob(blob, blen)) == NULL) - fatal("%s: received bad key", __func__); - response = buffer_get_string(m, &len); - if (len != 16) - fatal("%s: received bad response to challenge", __func__); - success = auth_rsa_verify_response(key, ssh1_challenge, response); - - free(blob); - key_free(key); - free(response); - - auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; - - /* reset state */ - BN_clear_free(ssh1_challenge); - ssh1_challenge = NULL; - monitor_reset_key_state(); - - buffer_clear(m); - buffer_put_int(m, success); - mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m); - - return (success); -} -#endif - -#ifdef KRB4 -int -mm_answer_krb4(int socket, Buffer *m) -{ - KTEXT_ST auth, reply; - char *client, *p; - int success; - u_int alen; - - reply.length = auth.length = 0; - - p = buffer_get_string(m, &alen); - if (alen >= MAX_KTXT_LEN) - fatal("%s: auth too large", __func__); - memcpy(auth.dat, p, alen); - auth.length = alen; - memset(p, 0, alen); - free(p); - - success = options.kerberos_authentication && - authctxt->valid && - auth_krb4(authctxt, &auth, &client, &reply); - - memset(auth.dat, 0, alen); - buffer_clear(m); - buffer_put_int(m, success); - - if (success) { - buffer_put_cstring(m, client); - buffer_put_string(m, reply.dat, reply.length); - if (client) - free(client); - if (reply.length) - memset(reply.dat, 0, reply.length); - } - - debug3("%s: sending result %d", __func__, success); - mm_request_send(socket, MONITOR_ANS_KRB4, m); - - auth_method = "kerberos"; - - /* Causes monitor loop to terminate if authenticated */ - return (success); -} -#endif - #ifdef KRB5 int mm_answer_krb5(int xsocket, Buffer *m) @@ -1886,13 +1536,6 @@ monitor_apply_keystate(struct monitor *pmonitor) kex->host_key_index=&get_hostkey_index; kex->sign = sshd_hostkey_sign; } - - /* Update with new address */ - if (options.compression) { - ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib, - (ssh_packet_comp_alloc_func *)mm_zalloc, - (ssh_packet_comp_free_func *)mm_zfree); - } } /* This function requries careful sanity checking */ @@ -1945,24 +1588,11 @@ monitor_openfds(struct monitor *mon, int do_logfds) struct monitor * monitor_init(void) { - struct ssh *ssh = active_state; /* XXX */ struct monitor *mon; mon = xcalloc(1, sizeof(*mon)); - monitor_openfds(mon, 1); - /* Used to share zlib space across processes */ - if (options.compression) { - mon->m_zback = mm_create(NULL, MM_MEMSIZE); - mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); - - /* Compression needs to share state across borders */ - ssh_packet_set_compress_hooks(ssh, mon->m_zlib, - (ssh_packet_comp_alloc_func *)mm_zalloc, - (ssh_packet_comp_free_func *)mm_zfree); - } - return mon; } @@ -1980,6 +1610,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) OM_uint32 major; u_int len; + if (!options.gss_authentication) + fatal("%s: GSSAPI authentication not enabled", __func__); + goid.elements = buffer_get_string(m, &len); goid.length = len; @@ -2007,6 +1640,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) OM_uint32 flags = 0; /* GSI needs this */ u_int len; + if (!options.gss_authentication) + fatal("%s: GSSAPI authentication not enabled", __func__); + in.value = buffer_get_string(m, &len); in.length = len; major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); @@ -2035,6 +1671,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) OM_uint32 ret; u_int len; + if (!options.gss_authentication) + fatal("%s: GSSAPI authentication not enabled", __func__); + gssbuf.value = buffer_get_string(m, &len); gssbuf.length = len; mic.value = buffer_get_string(m, &len); @@ -2061,6 +1700,9 @@ mm_answer_gss_userok(int sock, Buffer *m) { int authenticated; + if (!options.gss_authentication) + fatal("%s: GSSAPI authentication not enabled", __func__); + authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); buffer_clear(m); diff --git a/crypto/external/bsd/openssh/dist/monitor.h b/crypto/external/bsd/openssh/dist/monitor.h index 204f5c2df872..148f72745b35 100644 --- a/crypto/external/bsd/openssh/dist/monitor.h +++ b/crypto/external/bsd/openssh/dist/monitor.h @@ -1,5 +1,5 @@ -/* $NetBSD: monitor.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: monitor.h,v 1.19 2015/01/19 19:52:16 markus Exp $ */ +/* $NetBSD: monitor.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: monitor.h,v 1.20 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -76,21 +76,17 @@ enum monitor_reqtype { }; -struct mm_master; struct monitor { int m_recvfd; int m_sendfd; int m_log_recvfd; int m_log_sendfd; - struct mm_master *m_zback; - struct mm_master *m_zlib; struct kex **m_pkex; pid_t m_pid; }; struct monitor *monitor_init(void); void monitor_reinit(struct monitor *); -void monitor_sync(struct monitor *); struct Authctxt; void monitor_child_preauth(struct Authctxt *, struct monitor *); diff --git a/crypto/external/bsd/openssh/dist/monitor_fdpass.c b/crypto/external/bsd/openssh/dist/monitor_fdpass.c index 18a516038c6a..4377a280a141 100644 --- a/crypto/external/bsd/openssh/dist/monitor_fdpass.c +++ b/crypto/external/bsd/openssh/dist/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $NetBSD: monitor_fdpass.c,v 1.6 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: monitor_fdpass.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: monitor_fdpass.c,v 1.21 2016/02/29 20:22:36 jca Exp $ */ /* * Copyright 2001 Niels Provos @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_fdpass.c,v 1.6 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: monitor_fdpass.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/monitor_fdpass.h b/crypto/external/bsd/openssh/dist/monitor_fdpass.h index 10d7bc59d305..b8275d9e75d8 100644 --- a/crypto/external/bsd/openssh/dist/monitor_fdpass.h +++ b/crypto/external/bsd/openssh/dist/monitor_fdpass.h @@ -1,4 +1,4 @@ -/* $NetBSD: monitor_fdpass.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: monitor_fdpass.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: monitor_fdpass.h,v 1.4 2007/09/04 03:21:03 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/monitor_mm.c b/crypto/external/bsd/openssh/dist/monitor_mm.c deleted file mode 100644 index f2ade523ba91..000000000000 --- a/crypto/external/bsd/openssh/dist/monitor_mm.c +++ /dev/null @@ -1,350 +0,0 @@ -/* $NetBSD: monitor_mm.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: monitor_mm.c,v 1.21 2015/02/06 23:21:59 millert Exp $ */ -/* - * Copyright 2002 Niels Provos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -__RCSID("$NetBSD: monitor_mm.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "xmalloc.h" -#include "ssh.h" -#include "log.h" -#include "monitor_mm.h" - -static int -mm_compare(struct mm_share *a, struct mm_share *b) -{ - ptrdiff_t diff = (char *)a->address - (char *)b->address; - - if (diff == 0) - return (0); - else if (diff < 0) - return (-1); - else - return (1); -} - -RB_GENERATE(mmtree, mm_share, next, mm_compare) - -static struct mm_share * -mm_make_entry(struct mm_master *mm, struct mmtree *head, - void *address, size_t size) -{ - struct mm_share *tmp, *tmp2; - - if (mm->mmalloc == NULL) - tmp = xcalloc(1, sizeof(struct mm_share)); - else - tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share)); - tmp->address = address; - tmp->size = size; - - tmp2 = RB_INSERT(mmtree, head, tmp); - if (tmp2 != NULL) - fatal("mm_make_entry(%p): double address %p->%p(%zu)", - mm, tmp2, address, size); - - return (tmp); -} - -/* Creates a shared memory area of a certain size */ - -struct mm_master * -mm_create(struct mm_master *mmalloc, size_t size) -{ - void *address; - struct mm_master *mm; - - if (mmalloc == NULL) - mm = xcalloc(1, sizeof(struct mm_master)); - else - mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); - - /* - * If the memory map has a mm_master it can be completely - * shared including authentication between the child - * and the client. - */ - mm->mmalloc = mmalloc; - - address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, - -1, 0); - if (address == MAP_FAILED) - fatal("mmap(%zu): %s", size, strerror(errno)); - - mm->address = address; - mm->size = size; - - RB_INIT(&mm->rb_free); - RB_INIT(&mm->rb_allocated); - - mm_make_entry(mm, &mm->rb_free, address, size); - - return (mm); -} - -/* Frees either the allocated or the free list */ - -static void -mm_freelist(struct mm_master *mmalloc, struct mmtree *head) -{ - struct mm_share *mms, *next; - - for (mms = RB_ROOT(head); mms; mms = next) { - next = RB_NEXT(mmtree, head, mms); - RB_REMOVE(mmtree, head, mms); - if (mmalloc == NULL) - free(mms); - else - mm_free(mmalloc, mms); - } -} - -/* Destroys a memory mapped area */ - -void -mm_destroy(struct mm_master *mm) -{ - mm_freelist(mm->mmalloc, &mm->rb_free); - mm_freelist(mm->mmalloc, &mm->rb_allocated); - - if (munmap(mm->address, mm->size) == -1) - fatal("munmap(%p, %zu): %s", mm->address, mm->size, - strerror(errno)); - if (mm->mmalloc == NULL) - free(mm); - else - mm_free(mm->mmalloc, mm); -} - -void * -mm_xmalloc(struct mm_master *mm, size_t size) -{ - void *address; - - address = mm_malloc(mm, size); - if (address == NULL) - fatal("%s: mm_malloc(%zu)", __func__, size); - memset(address, 0, size); - return (address); -} - - -/* Allocates data from a memory mapped area */ - -void * -mm_malloc(struct mm_master *mm, size_t size) -{ - struct mm_share *mms, *tmp; - - if (size == 0) - fatal("mm_malloc: try to allocate 0 space"); - if (size > SIZE_MAX - MM_MINSIZE + 1) - fatal("mm_malloc: size too big"); - - size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE; - - RB_FOREACH(mms, mmtree, &mm->rb_free) { - if (mms->size >= size) - break; - } - - if (mms == NULL) - return (NULL); - - /* Debug */ - memset(mms->address, 0xd0, size); - - tmp = mm_make_entry(mm, &mm->rb_allocated, mms->address, size); - - /* Does not change order in RB tree */ - mms->size -= size; - mms->address = (char *)mms->address + size; - - if (mms->size == 0) { - RB_REMOVE(mmtree, &mm->rb_free, mms); - if (mm->mmalloc == NULL) - free(mms); - else - mm_free(mm->mmalloc, mms); - } - - return (tmp->address); -} - -/* Frees memory in a memory mapped area */ - -void -mm_free(struct mm_master *mm, void *address) -{ - struct mm_share *mms, *prev, tmp; - - tmp.address = address; - mms = RB_FIND(mmtree, &mm->rb_allocated, &tmp); - if (mms == NULL) - fatal("mm_free(%p): can not find %p", mm, address); - - /* Debug */ - memset(mms->address, 0xd0, mms->size); - - /* Remove from allocated list and insert in free list */ - RB_REMOVE(mmtree, &mm->rb_allocated, mms); - if (RB_INSERT(mmtree, &mm->rb_free, mms) != NULL) - fatal("mm_free(%p): double address %p", mm, address); - - /* Find previous entry */ - prev = mms; - if (RB_LEFT(prev, next)) { - prev = RB_LEFT(prev, next); - while (RB_RIGHT(prev, next)) - prev = RB_RIGHT(prev, next); - } else { - if (RB_PARENT(prev, next) && - (prev == RB_RIGHT(RB_PARENT(prev, next), next))) - prev = RB_PARENT(prev, next); - else { - while (RB_PARENT(prev, next) && - (prev == RB_LEFT(RB_PARENT(prev, next), next))) - prev = RB_PARENT(prev, next); - prev = RB_PARENT(prev, next); - } - } - - /* Check if range does not overlap */ - if (prev != NULL && MM_ADDRESS_END(prev) > address) - fatal("mm_free: memory corruption: %p(%zu) > %p", - prev->address, prev->size, address); - - /* See if we can merge backwards */ - if (prev != NULL && MM_ADDRESS_END(prev) == address) { - prev->size += mms->size; - RB_REMOVE(mmtree, &mm->rb_free, mms); - if (mm->mmalloc == NULL) - free(mms); - else - mm_free(mm->mmalloc, mms); - } else - prev = mms; - - if (prev == NULL) - return; - - /* Check if we can merge forwards */ - mms = RB_NEXT(mmtree, &mm->rb_free, prev); - if (mms == NULL) - return; - - if (MM_ADDRESS_END(prev) > mms->address) - fatal("mm_free: memory corruption: %p < %p(%zu)", - mms->address, prev->address, prev->size); - if (MM_ADDRESS_END(prev) != mms->address) - return; - - prev->size += mms->size; - RB_REMOVE(mmtree, &mm->rb_free, mms); - - if (mm->mmalloc == NULL) - free(mms); - else - mm_free(mm->mmalloc, mms); -} - -static void -mm_sync_list(struct mmtree *oldtree, struct mmtree *newtree, - struct mm_master *mm, struct mm_master *mmold) -{ - struct mm_master *mmalloc = mm->mmalloc; - struct mm_share *mms, *new; - - /* Sync free list */ - RB_FOREACH(mms, mmtree, oldtree) { - /* Check the values */ - mm_memvalid(mmold, mms, sizeof(struct mm_share)); - mm_memvalid(mm, mms->address, mms->size); - - new = mm_xmalloc(mmalloc, sizeof(struct mm_share)); - memcpy(new, mms, sizeof(struct mm_share)); - RB_INSERT(mmtree, newtree, new); - } -} - -void -mm_share_sync(struct mm_master **pmm, struct mm_master **pmmalloc) -{ - struct mm_master *mm; - struct mm_master *mmalloc; - struct mm_master *mmold; - struct mmtree rb_free, rb_allocated; - - debug3("%s: Share sync", __func__); - - mm = *pmm; - mmold = mm->mmalloc; - mm_memvalid(mmold, mm, sizeof(*mm)); - - mmalloc = mm_create(NULL, mm->size); - mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); - memcpy(mm, *pmm, sizeof(struct mm_master)); - mm->mmalloc = mmalloc; - - rb_free = mm->rb_free; - rb_allocated = mm->rb_allocated; - - RB_INIT(&mm->rb_free); - RB_INIT(&mm->rb_allocated); - - mm_sync_list(&rb_free, &mm->rb_free, mm, mmold); - mm_sync_list(&rb_allocated, &mm->rb_allocated, mm, mmold); - - mm_destroy(mmold); - - *pmm = mm; - *pmmalloc = mmalloc; - - debug3("%s: Share sync end", __func__); -} - -void -mm_memvalid(struct mm_master *mm, void *address, size_t size) -{ - void *end = (char *)address + size; - - if (address < mm->address) - fatal("mm_memvalid: address too small: %p", address); - if (end < address) - fatal("mm_memvalid: end < address: %p < %p", end, address); - if (end > MM_ADDRESS_END(mm)) - fatal("mm_memvalid: address too large: %p", address); -} diff --git a/crypto/external/bsd/openssh/dist/monitor_mm.h b/crypto/external/bsd/openssh/dist/monitor_mm.h deleted file mode 100644 index 21f47a05cb69..000000000000 --- a/crypto/external/bsd/openssh/dist/monitor_mm.h +++ /dev/null @@ -1,63 +0,0 @@ -/* $NetBSD: monitor_mm.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: monitor_mm.h,v 1.6 2014/01/04 17:50:55 tedu Exp $ */ - -/* - * Copyright 2002 Niels Provos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _MM_H_ -#define _MM_H_ - -struct mm_share { - RB_ENTRY(mm_share) next; - void *address; - size_t size; -}; - -struct mm_master { - RB_HEAD(mmtree, mm_share) rb_free; - struct mmtree rb_allocated; - void *address; - size_t size; - - struct mm_master *mmalloc; /* Used to completely share */ -}; - -RB_PROTOTYPE(mmtree, mm_share, next, mm_compare) - -#define MM_MINSIZE 128 - -#define MM_ADDRESS_END(x) (void *)((char *)(x)->address + (x)->size) - -struct mm_master *mm_create(struct mm_master *, size_t); -void mm_destroy(struct mm_master *); - -void mm_share_sync(struct mm_master **, struct mm_master **); - -void *mm_malloc(struct mm_master *, size_t); -void *mm_xmalloc(struct mm_master *, size_t); -void mm_free(struct mm_master *, void *); - -void mm_memvalid(struct mm_master *, void *, size_t); -#endif /* _MM_H_ */ diff --git a/crypto/external/bsd/openssh/dist/monitor_wrap.c b/crypto/external/bsd/openssh/dist/monitor_wrap.c index d88f1cd25c1c..e7d644a68d19 100644 --- a/crypto/external/bsd/openssh/dist/monitor_wrap.c +++ b/crypto/external/bsd/openssh/dist/monitor_wrap.c @@ -1,5 +1,6 @@ -/* $NetBSD: monitor_wrap.c,v 1.15 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: monitor_wrap.c,v 1.88 2016/03/07 19:02:43 djm Exp $ */ +/* $NetBSD: monitor_wrap.c,v 1.16 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.89 2016/08/13 17:47:41 markus Exp $ */ + /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -27,7 +28,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_wrap.c,v 1.15 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: monitor_wrap.c,v 1.16 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -82,7 +83,6 @@ __RCSID("$NetBSD: monitor_wrap.c,v 1.15 2016/08/02 13:45:12 christos Exp $"); #include "ssherr.h" /* Imports */ -extern int compat20; extern z_stream incoming_stream; extern z_stream outgoing_stream; extern struct monitor *pmonitor; @@ -378,18 +378,6 @@ mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); } -int -mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *user, - const char *host, Key *key) -{ - int ret; - - key->type = KEY_RSA; /* XXX hack for key_to_blob */ - ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0); - key->type = KEY_RSA1; - return (ret); -} - int mm_key_allowed(enum mm_keytype type, const char *user, const char *host, Key *key, int pubkey_auth_attempt) @@ -700,28 +688,6 @@ mm_terminate(void) buffer_free(&m); } -#ifdef WITH_SSH1 -int -mm_ssh1_session_key(BIGNUM *num) -{ - int rsafail; - Buffer m; - - buffer_init(&m); - buffer_put_bignum2(&m, num); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m); - - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m); - - rsafail = buffer_get_int(&m); - buffer_get_bignum2(&m, num); - - buffer_free(&m); - - return (rsafail); -} -#endif - #if defined(BSD_AUTH) || defined(SKEY) static void mm_chall_setup(char **name, char **infotxt, u_int *numprompts, @@ -734,7 +700,6 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, *echo_on = xcalloc(*numprompts, sizeof(u_int)); (*echo_on)[0] = 0; } -#endif #ifdef BSD_AUTH int @@ -855,120 +820,7 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) return ((authok == 0) ? -1 : 0); } #endif /* SKEY */ - -void -mm_ssh1_session_id(u_char session_id[16]) -{ - Buffer m; - int i; - - debug3("%s entering", __func__); - - buffer_init(&m); - for (i = 0; i < 16; i++) - buffer_put_char(&m, session_id[i]); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m); - buffer_free(&m); -} - -#ifdef WITH_SSH1 -int -mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) -{ - Buffer m; - Key *key; - u_char *blob; - u_int blen; - int allowed = 0, have_forced = 0; - - debug3("%s entering", __func__); - - buffer_init(&m); - buffer_put_bignum2(&m, client_n); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m); - - allowed = buffer_get_int(&m); - - /* fake forced command */ - auth_clear_options(); - have_forced = buffer_get_int(&m); - forced_command = have_forced ? xstrdup("true") : NULL; - - if (allowed && rkey != NULL) { - blob = buffer_get_string(&m, &blen); - if ((key = key_from_blob(blob, blen)) == NULL) - fatal("%s: key_from_blob failed", __func__); - *rkey = key; - free(blob); - } - buffer_free(&m); - - return (allowed); -} - -BIGNUM * -mm_auth_rsa_generate_challenge(Key *key) -{ - Buffer m; - BIGNUM *challenge; - u_char *blob; - u_int blen; - - debug3("%s entering", __func__); - - if ((challenge = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - - key->type = KEY_RSA; /* XXX cheat for key_to_blob */ - if (key_to_blob(key, &blob, &blen) == 0) - fatal("%s: key_to_blob failed", __func__); - key->type = KEY_RSA1; - - buffer_init(&m); - buffer_put_string(&m, blob, blen); - free(blob); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); - - buffer_get_bignum2(&m, challenge); - buffer_free(&m); - - return (challenge); -} - -int -mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) -{ - Buffer m; - u_char *blob; - u_int blen; - int success = 0; - - debug3("%s entering", __func__); - - key->type = KEY_RSA; /* XXX cheat for key_to_blob */ - if (key_to_blob(key, &blob, &blen) == 0) - fatal("%s: key_to_blob failed", __func__); - key->type = KEY_RSA1; - - buffer_init(&m); - buffer_put_string(&m, blob, blen); - buffer_put_string(&m, response, 16); - free(blob); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); - - success = buffer_get_int(&m); - buffer_free(&m); - - return (success); -} -#endif +#endif /* BSDAUTH || SKEY */ #ifdef GSSAPI OM_uint32 @@ -1056,42 +908,6 @@ mm_ssh_gssapi_userok(char *user) } #endif /* GSSAPI */ -#ifdef KRB4 -int -mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) -{ - KTEXT auth, reply; - Buffer m; - u_int rlen; - int success = 0; - char *p; - - debug3("%s entering", __func__); - auth = _auth; - reply = _reply; - - buffer_init(&m); - buffer_put_string(&m, auth->dat, auth->length); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); - - success = buffer_get_int(&m); - if (success) { - *client = buffer_get_string(&m, NULL); - p = buffer_get_string(&m, &rlen); - if (rlen >= MAX_KTXT_LEN) - fatal("%s: reply from monitor too large", __func__); - reply->length = rlen; - memcpy(reply->dat, p, rlen); - memset(p, 0, rlen); - free(p); - } - buffer_free(&m); - return (success); -} -#endif - #ifdef KRB5 int mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) diff --git a/crypto/external/bsd/openssh/dist/monitor_wrap.h b/crypto/external/bsd/openssh/dist/monitor_wrap.h index 4d8fa506feb2..2ee702bb5741 100644 --- a/crypto/external/bsd/openssh/dist/monitor_wrap.h +++ b/crypto/external/bsd/openssh/dist/monitor_wrap.h @@ -1,5 +1,5 @@ -/* $NetBSD: monitor_wrap.h,v 1.11 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: monitor_wrap.h,v 1.30 2016/03/07 19:02:43 djm Exp $ */ +/* $NetBSD: monitor_wrap.h,v 1.12 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.32 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -32,7 +32,7 @@ extern int use_privsep; #define PRIVSEP(x) (use_privsep ? mm_##x : x) -enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY}; +enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY }; struct monitor; struct mm_master; @@ -50,12 +50,7 @@ int mm_key_allowed(enum mm_keytype, const char *, const char *, Key *, int); int mm_user_key_allowed(struct passwd *, Key *, int); int mm_hostbased_key_allowed(struct passwd *, const char *, const char *, Key *); -int mm_auth_rhosts_rsa_key_allowed(struct passwd *, const char *, - const char *, Key *); int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); -int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); -int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); -BIGNUM *mm_auth_rsa_generate_challenge(Key *); #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); @@ -79,10 +74,6 @@ void mm_terminate(void); int mm_pty_allocate(int *, int *, char *, size_t); void mm_session_pty_cleanup2(struct Session *); -/* SSHv1 interfaces */ -void mm_ssh1_session_id(u_char *); -int mm_ssh1_session_key(BIGNUM *); - /* Key export functions */ struct newkeys *mm_newkeys_from_blob(u_char *, int); int mm_newkeys_to_blob(int, u_char **, u_int *); @@ -100,16 +91,9 @@ int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); int mm_skey_respond(void *, u_int, char **); /* auth_krb */ -#ifdef KRB4 -int mm_auth_krb4(struct Authctxt *, void *, char **, void *); -#endif #ifdef KRB5 /* auth and reply are really krb5_data objects, but we don't want to * include all of the krb5 headers here */ int mm_auth_krb5(void *authctxt, void *auth, char **client, void *reply); #endif - -/* zlib allocation hooks */ -void mm_init_compression(struct mm_master *); - #endif /* _MM_WRAP_H_ */ diff --git a/crypto/external/bsd/openssh/dist/msg.c b/crypto/external/bsd/openssh/dist/msg.c index abeb7660cc71..72ef493eb937 100644 --- a/crypto/external/bsd/openssh/dist/msg.c +++ b/crypto/external/bsd/openssh/dist/msg.c @@ -1,4 +1,4 @@ -/* $NetBSD: msg.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: msg.c,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: msg.c,v 1.16 2015/01/15 09:40:00 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: msg.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: msg.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/msg.h b/crypto/external/bsd/openssh/dist/msg.h index 2b556d262c8c..21ed3d097a4f 100644 --- a/crypto/external/bsd/openssh/dist/msg.h +++ b/crypto/external/bsd/openssh/dist/msg.h @@ -1,4 +1,4 @@ -/* $NetBSD: msg.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: msg.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: msg.h,v 1.5 2015/01/15 09:40:00 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/mux.c b/crypto/external/bsd/openssh/dist/mux.c index 0e42ade82a64..16f0e9ddd586 100644 --- a/crypto/external/bsd/openssh/dist/mux.c +++ b/crypto/external/bsd/openssh/dist/mux.c @@ -1,5 +1,6 @@ -/* $NetBSD: mux.c,v 1.16 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: mux.c,v 1.60 2016/06/03 03:14:41 dtucker Exp $ */ +/* $NetBSD: mux.c,v 1.17 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: mux.c,v 1.63 2016/10/19 23:21:56 dtucker Exp $ */ + /* * Copyright (c) 2002-2008 Damien Miller * @@ -32,7 +33,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: mux.c,v 1.16 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: mux.c,v 1.17 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -69,6 +70,7 @@ __RCSID("$NetBSD: mux.c,v 1.16 2016/08/02 13:45:12 christos Exp $"); #include "key.h" #include "readconf.h" #include "clientloop.h" +#include "ssherr.h" /* from ssh.c */ extern int tty_flag; @@ -134,6 +136,7 @@ struct mux_master_state { #define MUX_C_CLOSE_FWD 0x10000007 #define MUX_C_NEW_STDIO_FWD 0x10000008 #define MUX_C_STOP_LISTENING 0x10000009 +#define MUX_C_PROXY 0x1000000f #define MUX_S_OK 0x80000001 #define MUX_S_PERMISSION_DENIED 0x80000002 #define MUX_S_FAILURE 0x80000003 @@ -142,6 +145,7 @@ struct mux_master_state { #define MUX_S_SESSION_OPENED 0x80000006 #define MUX_S_REMOTE_PORT 0x80000007 #define MUX_S_TTY_ALLOC_FAIL 0x80000008 +#define MUX_S_PROXY 0x8000000f /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */ #define MUX_FWD_LOCAL 1 @@ -159,6 +163,7 @@ static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *); static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *); static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *); static int process_mux_stop_listening(u_int, Channel *, Buffer *, Buffer *); +static int process_mux_proxy(u_int, Channel *, Buffer *, Buffer *); static const struct { u_int type; @@ -172,6 +177,7 @@ static const struct { { MUX_C_CLOSE_FWD, process_mux_close_fwd }, { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd }, { MUX_C_STOP_LISTENING, process_mux_stop_listening }, + { MUX_C_PROXY, process_mux_proxy }, { 0, NULL } }; @@ -1100,6 +1106,18 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r) return 0; } +static int +process_mux_proxy(u_int rid, Channel *c, Buffer *m, Buffer *r) +{ + debug("%s: channel %d: proxy request", __func__, c->self); + + c->mux_rcb = channel_proxy_downstream; + buffer_put_int(r, MUX_S_PROXY); + buffer_put_int(r, rid); + + return 0; +} + /* Channel callbacks fired on read/write from mux slave fd */ static int mux_master_read_cb(Channel *c) @@ -1944,6 +1962,41 @@ mux_client_request_session(int fd) exit(exitval); } +static int +mux_client_proxy(int fd) +{ + Buffer m; + char *e; + u_int type, rid; + + buffer_init(&m); + buffer_put_int(&m, MUX_C_PROXY); + buffer_put_int(&m, muxclient_request_id); + if (mux_client_write_packet(fd, &m) != 0) + fatal("%s: write packet: %s", __func__, strerror(errno)); + + buffer_clear(&m); + + /* Read their reply */ + if (mux_client_read_packet(fd, &m) != 0) { + buffer_free(&m); + return 0; + } + type = buffer_get_int(&m); + if (type != MUX_S_PROXY) { + e = buffer_get_string(&m, NULL); + fatal("%s: master returned error: %s", __func__, e); + } + if ((rid = buffer_get_int(&m)) != muxclient_request_id) + fatal("%s: out of sequence reply: my id %u theirs %u", + __func__, muxclient_request_id, rid); + buffer_free(&m); + + debug3("%s: done", __func__); + muxclient_request_id++; + return 0; +} + static int mux_client_request_stdio_fwd(int fd) { @@ -2091,7 +2144,7 @@ mux_client_request_stop_listening(int fd) } /* Multiplex client main loop. */ -void +int muxclient(const char *path) { struct sockaddr_un addr; @@ -2113,7 +2166,7 @@ muxclient(const char *path) case SSHCTL_MASTER_NO: break; default: - return; + return -1; } memset(&addr, '\0', sizeof(addr)); @@ -2123,7 +2176,8 @@ muxclient(const char *path) if (strlcpy(addr.sun_path, path, sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) - fatal("ControlPath too long"); + fatal("ControlPath too long ('%s' >= %u bytes)", path, + (unsigned int)sizeof(addr.sun_path)); if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) fatal("%s socket(): %s", __func__, strerror(errno)); @@ -2148,14 +2202,14 @@ muxclient(const char *path) strerror(errno)); } close(sock); - return; + return -1; } set_nonblock(sock); if (mux_client_hello_exchange(sock) != 0) { error("%s: master hello exchange failed", __func__); close(sock); - return; + return -1; } switch (muxclient_command) { @@ -2166,7 +2220,8 @@ muxclient(const char *path) exit(0); case SSHMUX_COMMAND_TERMINATE: mux_client_request_terminate(sock); - fprintf(stderr, "Exit request sent.\r\n"); + if (options.log_level != SYSLOG_LEVEL_QUIET) + fprintf(stderr, "Exit request sent.\r\n"); exit(0); case SSHMUX_COMMAND_FORWARD: if (mux_client_forwards(sock, 0) != 0) @@ -2175,22 +2230,26 @@ muxclient(const char *path) case SSHMUX_COMMAND_OPEN: if (mux_client_forwards(sock, 0) != 0) { error("%s: master forward request failed", __func__); - return; + return -1; } mux_client_request_session(sock); - return; + return -1; case SSHMUX_COMMAND_STDIO_FWD: mux_client_request_stdio_fwd(sock); exit(0); case SSHMUX_COMMAND_STOP: mux_client_request_stop_listening(sock); - fprintf(stderr, "Stop listening request sent.\r\n"); + if (options.log_level != SYSLOG_LEVEL_QUIET) + fprintf(stderr, "Stop listening request sent.\r\n"); exit(0); case SSHMUX_COMMAND_CANCEL_FWD: if (mux_client_forwards(sock, 1) != 0) error("%s: master cancel forward request failed", __func__); exit(0); + case SSHMUX_COMMAND_PROXY: + mux_client_proxy(sock); + return (sock); default: fatal("unrecognised muxclient_command %d", muxclient_command); } diff --git a/crypto/external/bsd/openssh/dist/myproposal.h b/crypto/external/bsd/openssh/dist/myproposal.h index 3013b1a0246c..9f329e561630 100644 --- a/crypto/external/bsd/openssh/dist/myproposal.h +++ b/crypto/external/bsd/openssh/dist/myproposal.h @@ -1,5 +1,5 @@ -/* $NetBSD: myproposal.h,v 1.14 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: myproposal.h,v 1.51 2016/05/02 10:26:04 djm Exp $ */ +/* $NetBSD: myproposal.h,v 1.15 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: myproposal.h,v 1.54 2016/09/28 16:33:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -28,6 +28,7 @@ #ifdef WITH_OPENSSL #define KEX_COMMON_KEX \ + "curve25519-sha256," \ "curve25519-sha256@libssh.org," \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," \ @@ -65,7 +66,7 @@ "aes128-gcm@openssh.com,aes256-gcm@openssh.com" #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ - "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" + "aes128-cbc,aes192-cbc,aes256-cbc" #define KEX_SERVER_MAC \ "umac-64-etm@openssh.com," \ @@ -84,6 +85,7 @@ #else /* WITH_OPENSSL */ #define KEX_SERVER_KEX \ + "curve25519-sha256," \ "curve25519-sha256@libssh.org" #define KEX_DEFAULT_PK_ALG \ "ssh-ed25519-cert-v01@openssh.com," \ @@ -114,7 +116,7 @@ #define KEX_SERVER_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT \ ",none" -#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" +#define KEX_DEFAULT_COMP "none,zlib@openssh.com" #define KEX_DEFAULT_LANG "" #define KEX_CLIENT \ diff --git a/crypto/external/bsd/openssh/dist/namespace.h b/crypto/external/bsd/openssh/dist/namespace.h index eb36962171c0..6bb2638cd6d3 100644 --- a/crypto/external/bsd/openssh/dist/namespace.h +++ b/crypto/external/bsd/openssh/dist/namespace.h @@ -1,4 +1,4 @@ -/* $NetBSD: namespace.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: namespace.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ #ifndef _SSH_NAMESPACE_H_ #define _SSH_NAMESPACE_H_ #define addargs ssh_addargs diff --git a/crypto/external/bsd/openssh/dist/nchan.c b/crypto/external/bsd/openssh/dist/nchan.c index 5c4f3a85f4b0..2627e532e845 100644 --- a/crypto/external/bsd/openssh/dist/nchan.c +++ b/crypto/external/bsd/openssh/dist/nchan.c @@ -1,4 +1,4 @@ -/* $NetBSD: nchan.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: nchan.c,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: nchan.c,v 1.63 2010/01/26 01:28:35 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: nchan.c,v 1.6 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: nchan.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/nchan.ms b/crypto/external/bsd/openssh/dist/nchan.ms index bd03c3e6fab2..1fcc5d1a8b54 100644 --- a/crypto/external/bsd/openssh/dist/nchan.ms +++ b/crypto/external/bsd/openssh/dist/nchan.ms @@ -1,4 +1,4 @@ -.\" $NetBSD: nchan.ms,v 1.4 2015/04/03 23:58:19 christos Exp $ +.\" $NetBSD: nchan.ms,v 1.5 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $ .\" .\" diff --git a/crypto/external/bsd/openssh/dist/nchan2.ms b/crypto/external/bsd/openssh/dist/nchan2.ms index 3eeb3b810951..ad9a629f0120 100644 --- a/crypto/external/bsd/openssh/dist/nchan2.ms +++ b/crypto/external/bsd/openssh/dist/nchan2.ms @@ -1,4 +1,4 @@ -.\" $NetBSD: nchan2.ms,v 1.4 2015/04/03 23:58:19 christos Exp $ +.\" $NetBSD: nchan2.ms,v 1.5 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: nchan2.ms,v 1.4 2008/05/15 23:52:24 djm Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/opacket.c b/crypto/external/bsd/openssh/dist/opacket.c index e15148473a35..cfb4ded31b81 100644 --- a/crypto/external/bsd/openssh/dist/opacket.c +++ b/crypto/external/bsd/openssh/dist/opacket.c @@ -1,8 +1,8 @@ -/* $NetBSD: opacket.c,v 1.5 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: opacket.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* Written by Markus Friedl. Placed in the public domain. */ #include "includes.h" -__RCSID("$NetBSD: opacket.c,v 1.5 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: opacket.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include "ssherr.h" #include "packet.h" diff --git a/crypto/external/bsd/openssh/dist/opacket.h b/crypto/external/bsd/openssh/dist/opacket.h index 40d90fb79b94..662e0e879ec2 100644 --- a/crypto/external/bsd/openssh/dist/opacket.h +++ b/crypto/external/bsd/openssh/dist/opacket.h @@ -1,4 +1,4 @@ -/* $NetBSD: opacket.h,v 1.5 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: opacket.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ #ifndef _OPACKET_H /* Written by Markus Friedl. Placed in the public domain. */ @@ -136,9 +136,6 @@ void packet_read_expect(int expected_type); ssh_packet_get_input(active_state) #define packet_get_output() \ ssh_packet_get_output(active_state) -#define packet_set_compress_hooks(ctx, allocfunc, freefunc) \ - ssh_packet_set_compress_hooks(active_state, ctx, \ - allocfunc, freefunc); #define packet_check_eom() \ ssh_packet_check_eom(active_state) #define set_newkeys(mode) \ @@ -159,5 +156,9 @@ void packet_read_expect(int expected_type); ssh_packet_set_rekey_limits(active_state, x, y) #define packet_get_bytes(x,y) \ ssh_packet_get_bytes(active_state, x, y) +#define packet_set_mux() \ + ssh_packet_set_mux(active_state) +#define packet_get_mux() \ + ssh_packet_get_mux(active_state) #endif /* _OPACKET_H */ diff --git a/crypto/external/bsd/openssh/dist/packet.c b/crypto/external/bsd/openssh/dist/packet.c index e190ff7f18a8..239a6c0db833 100644 --- a/crypto/external/bsd/openssh/dist/packet.c +++ b/crypto/external/bsd/openssh/dist/packet.c @@ -1,5 +1,6 @@ -/* $NetBSD: packet.c,v 1.25 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: packet.c,v 1.234 2016/07/18 11:35:33 markus Exp $ */ +/* $NetBSD: packet.c,v 1.26 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,7 +40,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.25 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.26 2016/12/25 00:07:47 christos Exp $"); + #include /* MIN roundup */ #include #include @@ -119,10 +121,10 @@ struct session_state { u_int remote_protocol_flags; /* Encryption context for receiving data. Only used for decryption. */ - struct sshcipher_ctx receive_context; + struct sshcipher_ctx *receive_context; /* Encryption context for sending data. Only used for encryption. */ - struct sshcipher_ctx send_context; + struct sshcipher_ctx *send_context; /* Buffer for raw input data from the socket. */ struct sshbuf *input; @@ -202,6 +204,9 @@ struct session_state { /* Used in packet_send2 */ int rekeying; + /* Used in ssh_packet_send_mux() */ + int mux; + /* Used in packet_set_interactive */ int set_interactive_called; @@ -214,6 +219,10 @@ struct session_state { /* SSH1 CRC compensation attack detector */ struct deattack_ctx deattack; + /* Hook for fuzzing inbound packets */ + ssh_packet_hook_fn *hook_in; + void *hook_in_ctx; + TAILQ_HEAD(, packet) outgoing; }; @@ -258,6 +267,13 @@ ssh_alloc_session_state(void) return NULL; } +void +ssh_packet_set_input_hook(struct ssh *ssh, ssh_packet_hook_fn *hook, void *ctx) +{ + ssh->state->hook_in = hook; + ssh->state->hook_in_ctx = ctx; +} + /* Returns nonzero if rekeying is in progress */ int ssh_packet_is_rekeying(struct ssh *ssh) @@ -323,6 +339,19 @@ ssh_packet_set_timeout(struct ssh *ssh, int timeout, int count) state->packet_timeout_ms = timeout * count * 1000; } +void +ssh_packet_set_mux(struct ssh *ssh) +{ + ssh->state->mux = 1; + ssh->state->rekeying = 0; +} + +int +ssh_packet_get_mux(struct ssh *ssh) +{ + return ssh->state->mux; +} + int ssh_packet_stop_discard(struct ssh *ssh) { @@ -521,7 +550,6 @@ void ssh_packet_close(struct ssh *ssh) { struct session_state *state = ssh->state; - int r; u_int mode; if (!state->initialized) @@ -565,10 +593,9 @@ ssh_packet_close(struct ssh *ssh) inflateEnd(stream); } } - if ((r = cipher_cleanup(&state->send_context)) != 0) - error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); - if ((r = cipher_cleanup(&state->receive_context)) != 0) - error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); + cipher_free(state->send_context); + cipher_free(state->receive_context); + state->send_context = state->receive_context = NULL; free(ssh->remote_ipaddr); ssh->remote_ipaddr = NULL; free(ssh->state); @@ -751,86 +778,6 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) /* NOTREACHED */ } -/* Serialise compression state into a blob for privsep */ -static int -ssh_packet_get_compress_state(struct sshbuf *m, struct ssh *ssh) -{ - struct session_state *state = ssh->state; - struct sshbuf *b; - int r; - - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (state->compression_in_started) { - if ((r = sshbuf_put_string(b, &state->compression_in_stream, - sizeof(state->compression_in_stream))) != 0) - goto out; - } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) - goto out; - if (state->compression_out_started) { - if ((r = sshbuf_put_string(b, &state->compression_out_stream, - sizeof(state->compression_out_stream))) != 0) - goto out; - } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) - goto out; - r = sshbuf_put_stringb(m, b); - out: - sshbuf_free(b); - return r; -} - -/* Deserialise compression state from a blob for privsep */ -static int -ssh_packet_set_compress_state(struct ssh *ssh, struct sshbuf *m) -{ - struct session_state *state = ssh->state; - struct sshbuf *b = NULL; - int r; - const u_char *inblob, *outblob; - size_t inl, outl; - - if ((r = sshbuf_froms(m, &b)) != 0) - goto out; - if ((r = sshbuf_get_string_direct(b, &inblob, &inl)) != 0 || - (r = sshbuf_get_string_direct(b, &outblob, &outl)) != 0) - goto out; - if (inl == 0) - state->compression_in_started = 0; - else if (inl != sizeof(state->compression_in_stream)) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } else { - state->compression_in_started = 1; - memcpy(&state->compression_in_stream, inblob, inl); - } - if (outl == 0) - state->compression_out_started = 0; - else if (outl != sizeof(state->compression_out_stream)) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } else { - state->compression_out_started = 1; - memcpy(&state->compression_out_stream, outblob, outl); - } - r = 0; - out: - sshbuf_free(b); - return r; -} - -void -ssh_packet_set_compress_hooks(struct ssh *ssh, void *ctx, - void *(*allocfunc)(void *, u_int, u_int), - void (*freefunc)(void *, void *)) -{ - ssh->state->compression_out_stream.zalloc = (alloc_func)allocfunc; - ssh->state->compression_out_stream.zfree = (free_func)freefunc; - ssh->state->compression_out_stream.opaque = ctx; - ssh->state->compression_in_stream.zalloc = (alloc_func)allocfunc; - ssh->state->compression_in_stream.zfree = (free_func)freefunc; - ssh->state->compression_in_stream.opaque = ctx; -} - /* * Causes any further packets to be encrypted using the given key. The same * key is used for both sending and reception. However, both directions are @@ -862,8 +809,8 @@ ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, NULL, 0, CIPHER_DECRYPT) != 0)) fatal("%s: cipher_init failed: %s", __func__, ssh_err(r)); if (!state->cipher_warning_done && - ((wmsg = cipher_warning_message(&state->send_context)) != NULL || - (wmsg = cipher_warning_message(&state->send_context)) != NULL)) { + ((wmsg = cipher_warning_message(state->send_context)) != NULL || + (wmsg = cipher_warning_message(state->send_context)) != NULL)) { error("Warning: %s", wmsg); state->cipher_warning_done = 1; } @@ -909,7 +856,7 @@ ssh_packet_send1(struct ssh *ssh) /* Insert padding. Initialized to zero in packet_start1() */ padding = 8 - len % 8; - if (!state->send_context.plaintext) { + if (!cipher_ctx_is_plaintext(state->send_context)) { cp = sshbuf_mutable_ptr(state->outgoing_packet); if (cp == NULL) { r = SSH_ERR_INTERNAL_ERROR; @@ -939,7 +886,7 @@ ssh_packet_send1(struct ssh *ssh) if ((r = sshbuf_reserve(state->output, sshbuf_len(state->outgoing_packet), &cp)) != 0) goto out; - if ((r = cipher_crypt(&state->send_context, 0, cp, + if ((r = cipher_crypt(state->send_context, 0, cp, sshbuf_ptr(state->outgoing_packet), sshbuf_len(state->outgoing_packet), 0, 0)) != 0) goto out; @@ -970,33 +917,34 @@ ssh_set_newkeys(struct ssh *ssh, int mode) struct sshenc *enc; struct sshmac *mac; struct sshcomp *comp; - struct sshcipher_ctx *cc; + struct sshcipher_ctx **ccp; + struct packet_state *ps; u_int64_t *max_blocks; - const char *wmsg; + const char *wmsg, *dir; int r, crypt_type; debug2("set_newkeys: mode %d", mode); if (mode == MODE_OUT) { - cc = &state->send_context; + dir = "output"; + ccp = &state->send_context; crypt_type = CIPHER_ENCRYPT; - state->p_send.packets = state->p_send.blocks = 0; + ps = &state->p_send; max_blocks = &state->max_blocks_out; } else { - cc = &state->receive_context; + dir = "input"; + ccp = &state->receive_context; crypt_type = CIPHER_DECRYPT; - state->p_read.packets = state->p_read.blocks = 0; + ps = &state->p_read; max_blocks = &state->max_blocks_in; } if (state->newkeys[mode] != NULL) { - debug("set_newkeys: rekeying, input %llu bytes %llu blocks, " - "output %llu bytes %llu blocks", - (unsigned long long)state->p_read.bytes, - (unsigned long long)state->p_read.blocks, - (unsigned long long)state->p_send.bytes, - (unsigned long long)state->p_send.blocks); - if ((r = cipher_cleanup(cc)) != 0) - return r; + debug("%s: rekeying after %llu %s blocks" + " (%llu bytes total)", __func__, + (unsigned long long)ps->blocks, dir, + (unsigned long long)ps->bytes); + cipher_free(*ccp); + *ccp = NULL; enc = &state->newkeys[mode]->enc; mac = &state->newkeys[mode]->mac; comp = &state->newkeys[mode]->comp; @@ -1012,6 +960,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) free(comp->name); free(state->newkeys[mode]); } + /* note that both bytes and the seqnr are not reset */ + ps->packets = ps->blocks = 0; /* move newkeys from kex to state */ if ((state->newkeys[mode] = ssh->kex->newkeys[mode]) == NULL) return SSH_ERR_INTERNAL_ERROR; @@ -1025,11 +975,11 @@ ssh_set_newkeys(struct ssh *ssh, int mode) } mac->enabled = 1; DBG(debug("cipher_init_context: %d", mode)); - if ((r = cipher_init(cc, enc->cipher, enc->key, enc->key_len, + if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len, enc->iv, enc->iv_len, crypt_type)) != 0) return r; if (!state->cipher_warning_done && - (wmsg = cipher_warning_message(cc)) != NULL) { + (wmsg = cipher_warning_message(*ccp)) != NULL) { error("Warning: %s", wmsg); state->cipher_warning_done = 1; } @@ -1060,7 +1010,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode) else *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; if (state->rekey_limit) - *max_blocks = MIN(*max_blocks, + *max_blocks = MINIMUM(*max_blocks, state->rekey_limit / enc->block_size); debug("rekey after %llu blocks", (unsigned long long)*max_blocks); return 0; @@ -1103,7 +1053,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) return 1; /* Rekey after (cipher-specific) maxiumum blocks */ - out_blocks = roundup(outbound_packet_len, + out_blocks = ROUNDUP(outbound_packet_len, state->newkeys[MODE_OUT]->enc.block_size); return (state->max_blocks_out && (state->p_send.blocks + out_blocks > state->max_blocks_out)) || @@ -1150,7 +1100,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) } /* Used to mute debug logging for noisy packet types */ -static int +int ssh_packet_log_type(u_char type) { switch (type) { @@ -1231,7 +1181,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh) if (state->extra_pad) { tmp = state->extra_pad; state->extra_pad = - roundup(state->extra_pad, block_size); + ROUNDUP(state->extra_pad, block_size); /* check if roundup overflowed */ if (state->extra_pad < tmp) return SSH_ERR_INVALID_ARGUMENT; @@ -1251,7 +1201,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh) } if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0) goto out; - if (enc && !state->send_context.plaintext) { + if (enc && !cipher_ctx_is_plaintext(state->send_context)) { /* random padding */ arc4random_buf(cp, padlen); } else { @@ -1284,7 +1234,7 @@ debug("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1); if ((r = sshbuf_reserve(state->output, sshbuf_len(state->outgoing_packet) + authlen, &cp)) != 0) goto out; - if ((r = cipher_crypt(&state->send_context, state->p_send.seqnr, cp, + if ((r = cipher_crypt(state->send_context, state->p_send.seqnr, cp, sshbuf_ptr(state->outgoing_packet), len - aadlen, aadlen, authlen)) != 0) goto out; @@ -1605,7 +1555,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u_char *typep) * (C)1998 CORE-SDI, Buenos Aires Argentina * Ariel Futoransky(futo@core-sdi.com) */ - if (!state->receive_context.plaintext) { + if (!cipher_ctx_is_plaintext(state->receive_context)) { emsg = NULL; switch (detect_attack(&state->deattack, sshbuf_ptr(state->input), padded_len)) { @@ -1634,7 +1584,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u_char *typep) sshbuf_reset(state->incoming_packet); if ((r = sshbuf_reserve(state->incoming_packet, padded_len, &p)) != 0) goto out; - if ((r = cipher_crypt(&state->receive_context, 0, p, + if ((r = cipher_crypt(state->receive_context, 0, p, sshbuf_ptr(state->input), padded_len, 0, 0)) != 0) goto out; @@ -1702,6 +1652,44 @@ ssh_packet_read_poll1(struct ssh *ssh, u_char *typep) return r; } +static int +ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) +{ + struct session_state *state = ssh->state; + const u_char *cp; + size_t need; + int r; + + if (ssh->kex) + return SSH_ERR_INTERNAL_ERROR; + *typep = SSH_MSG_NONE; + cp = sshbuf_ptr(state->input); + if (state->packlen == 0) { + if (sshbuf_len(state->input) < 4 + 1) + return 0; /* packet is incomplete */ + state->packlen = PEEK_U32(cp); + if (state->packlen < 4 + 1 || + state->packlen > PACKET_MAX_SIZE) + return SSH_ERR_MESSAGE_INCOMPLETE; + } + need = state->packlen + 4; + if (sshbuf_len(state->input) < need) + return 0; /* packet is incomplete */ + sshbuf_reset(state->incoming_packet); + if ((r = sshbuf_put(state->incoming_packet, cp + 4, + state->packlen)) != 0 || + (r = sshbuf_consume(state->input, need)) != 0 || + (r = sshbuf_get_u8(state->incoming_packet, NULL)) != 0 || + (r = sshbuf_get_u8(state->incoming_packet, typep)) != 0) + return r; + if (ssh_packet_log_type(*typep)) + debug3("%s: type %u", __func__, *typep); + /* sshbuf_dump(state->incoming_packet, stderr); */ + /* reset for next packet */ + state->packlen = 0; + return r; +} + int ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { @@ -1714,6 +1702,9 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) struct sshcomp *comp = NULL; int r; + if (state->mux) + return ssh_packet_read_poll2_mux(ssh, typep, seqnr_p); + *typep = SSH_MSG_NONE; if (state->packet_discard) @@ -1732,7 +1723,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; if (aadlen && state->packlen == 0) { - if (cipher_get_length(&state->receive_context, + if (cipher_get_length(state->receive_context, &state->packlen, state->p_read.seqnr, sshbuf_ptr(state->input), sshbuf_len(state->input)) != 0) return 0; @@ -1758,7 +1749,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshbuf_reserve(state->incoming_packet, block_size, &cp)) != 0) goto out; - if ((r = cipher_crypt(&state->receive_context, + if ((r = cipher_crypt(state->receive_context, state->p_send.seqnr, cp, sshbuf_ptr(state->input), block_size, 0, 0)) != 0) goto out; @@ -1826,7 +1817,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need, &cp)) != 0) goto out; - if ((r = cipher_crypt(&state->receive_context, state->p_read.seqnr, cp, + if ((r = cipher_crypt(state->receive_context, state->p_read.seqnr, cp, sshbuf_ptr(state->input), need, aadlen, authlen)) != 0) goto out; if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0) @@ -1906,9 +1897,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) return r; return SSH_ERR_PROTOCOL_ERROR; } - if (*typep == SSH2_MSG_NEWKEYS) - r = ssh_set_newkeys(ssh, MODE_IN); - else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) + if (state->hook_in != NULL && + (r = state->hook_in(ssh, state->incoming_packet, typep, + state->hook_in_ctx)) != 0) + return r; + if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) r = ssh_packet_enable_delayed_compress(ssh); else r = 0; @@ -2448,21 +2441,14 @@ ssh_packet_get_output(struct ssh *ssh) static int ssh_packet_set_postauth(struct ssh *ssh) { - struct sshcomp *comp; - int r, mode; + int r; debug("%s: called", __func__); /* This was set in net child, but is not visible in user child */ ssh->state->after_authentication = 1; ssh->state->rekeying = 0; - for (mode = 0; mode < MODE_MAX; mode++) { - if (ssh->state->newkeys[mode] == NULL) - continue; - comp = &ssh->state->newkeys[mode]->comp; - if (comp && comp->enabled && - (r = ssh_packet_init_compression(ssh)) != 0) - return r; - } + if ((r = ssh_packet_enable_delayed_compress(ssh)) != 0) + return r; return 0; } @@ -2505,8 +2491,8 @@ newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) enc = &newkey->enc; mac = &newkey->mac; comp = &newkey->comp; - cc = (mode == MODE_OUT) ? &ssh->state->send_context : - &ssh->state->receive_context; + cc = (mode == MODE_OUT) ? ssh->state->send_context : + ssh->state->receive_context; if ((r = cipher_get_keyiv(cc, enc->iv, enc->iv_len)) != 0) return r; if ((b = sshbuf_new()) == NULL) @@ -2526,7 +2512,6 @@ newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) goto out; } if ((r = sshbuf_put_u32(b, comp->type)) != 0 || - (r = sshbuf_put_u32(b, comp->enabled)) != 0 || (r = sshbuf_put_cstring(b, comp->name)) != 0) goto out; r = sshbuf_put_stringb(m, b); @@ -2545,18 +2530,18 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) int r, ssh1cipher; if (!compat20) { - ssh1cipher = cipher_get_number(state->receive_context.cipher); - slen = cipher_get_keyiv_len(&state->send_context); - rlen = cipher_get_keyiv_len(&state->receive_context); + ssh1cipher = cipher_ctx_get_number(state->receive_context); + slen = cipher_get_keyiv_len(state->send_context); + rlen = cipher_get_keyiv_len(state->receive_context); if ((r = sshbuf_put_u32(m, state->remote_protocol_flags)) != 0 || (r = sshbuf_put_u32(m, ssh1cipher)) != 0 || (r = sshbuf_put_string(m, state->ssh1_key, state->ssh1_keylen)) != 0 || (r = sshbuf_put_u32(m, slen)) != 0 || (r = sshbuf_reserve(m, slen, &p)) != 0 || - (r = cipher_get_keyiv(&state->send_context, p, slen)) != 0 || + (r = cipher_get_keyiv(state->send_context, p, slen)) != 0 || (r = sshbuf_put_u32(m, rlen)) != 0 || (r = sshbuf_reserve(m, rlen, &p)) != 0 || - (r = cipher_get_keyiv(&state->receive_context, p, rlen)) != 0) + (r = cipher_get_keyiv(state->receive_context, p, rlen)) != 0) return r; } else { if ((r = kex_to_blob(m, ssh->kex)) != 0 || @@ -2575,21 +2560,19 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) return r; } - slen = cipher_get_keycontext(&state->send_context, NULL); - rlen = cipher_get_keycontext(&state->receive_context, NULL); + slen = cipher_get_keycontext(state->send_context, NULL); + rlen = cipher_get_keycontext(state->receive_context, NULL); if ((r = sshbuf_put_u32(m, slen)) != 0 || (r = sshbuf_reserve(m, slen, &p)) != 0) return r; - if (cipher_get_keycontext(&state->send_context, p) != (int)slen) + if (cipher_get_keycontext(state->send_context, p) != (int)slen) return SSH_ERR_INTERNAL_ERROR; if ((r = sshbuf_put_u32(m, rlen)) != 0 || (r = sshbuf_reserve(m, rlen, &p)) != 0) return r; - if (cipher_get_keycontext(&state->receive_context, p) != (int)rlen) + if (cipher_get_keycontext(state->receive_context, p) != (int)rlen) return SSH_ERR_INTERNAL_ERROR; - - if ((r = ssh_packet_get_compress_state(m, ssh)) != 0 || - (r = sshbuf_put_stringb(m, state->input)) != 0 || + if ((r = sshbuf_put_stringb(m, state->input)) != 0 || (r = sshbuf_put_stringb(m, state->output)) != 0) return r; @@ -2643,7 +2626,6 @@ newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode) mac->key_len = maclen; } if ((r = sshbuf_get_u32(b, &comp->type)) != 0 || - (r = sshbuf_get_u32(b, (u_int *)&comp->enabled)) != 0 || (r = sshbuf_get_cstring(b, &comp->name, NULL)) != 0) goto out; if (enc->name == NULL || @@ -2731,11 +2713,11 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) return SSH_ERR_KEY_UNKNOWN_CIPHER; ssh_packet_set_encryption_key(ssh, ssh1key, ssh1keylen, (int)ssh1cipher); - if (cipher_get_keyiv_len(&state->send_context) != (int)slen || - cipher_get_keyiv_len(&state->receive_context) != (int)rlen) + if (cipher_get_keyiv_len(state->send_context) != (int)slen || + cipher_get_keyiv_len(state->receive_context) != (int)rlen) return SSH_ERR_INVALID_FORMAT; - if ((r = cipher_set_keyiv(&state->send_context, ivout)) != 0 || - (r = cipher_set_keyiv(&state->receive_context, ivin)) != 0) + if ((r = cipher_set_keyiv(state->send_context, ivout)) != 0 || + (r = cipher_set_keyiv(state->receive_context, ivin)) != 0) return r; } else { if ((r = kex_from_blob(m, &ssh->kex)) != 0 || @@ -2765,14 +2747,13 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 || (r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0) return r; - if (cipher_get_keycontext(&state->send_context, NULL) != (int)slen || - cipher_get_keycontext(&state->receive_context, NULL) != (int)rlen) + if (cipher_get_keycontext(state->send_context, NULL) != (int)slen || + cipher_get_keycontext(state->receive_context, NULL) != (int)rlen) return SSH_ERR_INVALID_FORMAT; - cipher_set_keycontext(&state->send_context, keyout); - cipher_set_keycontext(&state->receive_context, keyin); + cipher_set_keycontext(state->send_context, keyout); + cipher_set_keycontext(state->receive_context, keyin); - if ((r = ssh_packet_set_compress_state(ssh, m)) != 0 || - (r = ssh_packet_set_postauth(ssh)) != 0) + if ((r = ssh_packet_set_postauth(ssh)) != 0) return r; sshbuf_reset(state->input); @@ -2961,11 +2942,43 @@ sshpkt_start(struct ssh *ssh, u_char type) return sshbuf_put(ssh->state->outgoing_packet, buf, len); } +static int +ssh_packet_send_mux(struct ssh *ssh) +{ + struct session_state *state = ssh->state; + u_char type, *cp; + size_t len; + int r; + + if (ssh->kex) + return SSH_ERR_INTERNAL_ERROR; + len = sshbuf_len(state->outgoing_packet); + if (len < 6) + return SSH_ERR_INTERNAL_ERROR; + cp = sshbuf_mutable_ptr(state->outgoing_packet); + type = cp[5]; + if (ssh_packet_log_type(type)) + debug3("%s: type %u", __func__, type); + /* drop everything, but the connection protocol */ + if (type >= SSH2_MSG_CONNECTION_MIN && + type <= SSH2_MSG_CONNECTION_MAX) { + POKE_U32(cp, len - 4); + if ((r = sshbuf_putb(state->output, + state->outgoing_packet)) != 0) + return r; + /* sshbuf_dump(state->output, stderr); */ + } + sshbuf_reset(state->outgoing_packet); + return 0; +} + /* send it */ int sshpkt_sendx(struct ssh *ssh) { + if (ssh->state && ssh->state->mux) + return ssh_packet_send_mux(ssh); if (compat20) return ssh_packet_send2(ssh); else diff --git a/crypto/external/bsd/openssh/dist/packet.h b/crypto/external/bsd/openssh/dist/packet.h index 2d16f75cfcca..521f61e55de3 100644 --- a/crypto/external/bsd/openssh/dist/packet.h +++ b/crypto/external/bsd/openssh/dist/packet.h @@ -1,5 +1,5 @@ -/* $NetBSD: packet.h,v 1.13 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: packet.h,v 1.71 2016/03/07 19:02:43 djm Exp $ */ +/* $NetBSD: packet.h,v 1.14 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ /* * Author: Tatu Ylonen @@ -65,6 +65,9 @@ struct ssh { void *app_data; }; +typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *, + u_char *, void *); + struct ssh *ssh_alloc_session_state(void); struct ssh *ssh_packet_set_connection(struct ssh *, int, int); void ssh_packet_set_timeout(struct ssh *, int, int); @@ -75,6 +78,8 @@ int ssh_packet_get_connection_in(struct ssh *); int ssh_packet_get_connection_out(struct ssh *); void ssh_packet_close(struct ssh *); void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); +void ssh_packet_set_input_hook(struct ssh *, ssh_packet_hook_fn *, void *); + int ssh_packet_is_rekeying(struct ssh *); void ssh_packet_set_protocol_flags(struct ssh *, u_int); u_int ssh_packet_get_protocol_flags(struct ssh *); @@ -84,6 +89,10 @@ void ssh_packet_set_interactive(struct ssh *, int, int, int); int ssh_packet_is_interactive(struct ssh *); void ssh_packet_set_server(struct ssh *); void ssh_packet_set_authenticated(struct ssh *); +void ssh_packet_set_mux(struct ssh *); +int ssh_packet_get_mux(struct ssh *); + +int ssh_packet_log_type(u_char); int ssh_packet_send1(struct ssh *); int ssh_packet_send2_wrapped(struct ssh *); @@ -109,11 +118,6 @@ void ssh_packet_send_debug(struct ssh *, const char *fmt, ...) __attribute__ int ssh_set_newkeys(struct ssh *, int mode); void ssh_packet_get_bytes(struct ssh *, u_int64_t *, u_int64_t *); -typedef void *(ssh_packet_comp_alloc_func)(void *, u_int, u_int); -typedef void (ssh_packet_comp_free_func)(void *, void *); -void ssh_packet_set_compress_hooks(struct ssh *, void *, - ssh_packet_comp_alloc_func *, ssh_packet_comp_free_func *); - int ssh_packet_write_poll(struct ssh *); int ssh_packet_write_wait(struct ssh *); int ssh_packet_have_data_to_write(struct ssh *); diff --git a/crypto/external/bsd/openssh/dist/pathnames.h b/crypto/external/bsd/openssh/dist/pathnames.h index 2b858fbfaa1b..77530ca2c799 100644 --- a/crypto/external/bsd/openssh/dist/pathnames.h +++ b/crypto/external/bsd/openssh/dist/pathnames.h @@ -1,4 +1,4 @@ -/* $NetBSD: pathnames.h,v 1.10 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: pathnames.h,v 1.11 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: pathnames.h,v 1.25 2016/03/31 05:24:06 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/pkcs11.h b/crypto/external/bsd/openssh/dist/pkcs11.h index d4532893d9c2..ab5e3b0f8ffc 100644 --- a/crypto/external/bsd/openssh/dist/pkcs11.h +++ b/crypto/external/bsd/openssh/dist/pkcs11.h @@ -1,4 +1,4 @@ -/* $NetBSD: pkcs11.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: pkcs11.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: pkcs11.h,v 1.3 2013/11/26 19:15:09 deraadt Exp $ */ /* pkcs11.h Copyright 2006, 2007 g10 Code GmbH diff --git a/crypto/external/bsd/openssh/dist/poly1305.c b/crypto/external/bsd/openssh/dist/poly1305.c index 5c0be80de73b..d775ea6d08c2 100644 --- a/crypto/external/bsd/openssh/dist/poly1305.c +++ b/crypto/external/bsd/openssh/dist/poly1305.c @@ -5,7 +5,7 @@ /* $OpenBSD: poly1305.c,v 1.3 2013/12/19 22:57:13 djm Exp $ */ #include "includes.h" -__RCSID("$NetBSD: poly1305.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: poly1305.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/progressmeter.c b/crypto/external/bsd/openssh/dist/progressmeter.c index 77f6dad905c4..8682d1b4556d 100644 --- a/crypto/external/bsd/openssh/dist/progressmeter.c +++ b/crypto/external/bsd/openssh/dist/progressmeter.c @@ -1,4 +1,4 @@ -/* $NetBSD: progressmeter.c,v 1.8 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: progressmeter.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: progressmeter.c,v 1.8 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: progressmeter.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/progressmeter.h b/crypto/external/bsd/openssh/dist/progressmeter.h index 303819d89e93..e13b5f259b1f 100644 --- a/crypto/external/bsd/openssh/dist/progressmeter.h +++ b/crypto/external/bsd/openssh/dist/progressmeter.h @@ -1,4 +1,4 @@ -/* $NetBSD: progressmeter.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: progressmeter.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ /* * Copyright (c) 2002 Nils Nordman. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/random.h b/crypto/external/bsd/openssh/dist/random.h index 906f1aadfbab..3abfd5149c2c 100644 --- a/crypto/external/bsd/openssh/dist/random.h +++ b/crypto/external/bsd/openssh/dist/random.h @@ -1,4 +1,4 @@ -/* $NetBSD: random.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: random.h,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. diff --git a/crypto/external/bsd/openssh/dist/readconf.c b/crypto/external/bsd/openssh/dist/readconf.c index 35efac32fae8..45f41b90d3fa 100644 --- a/crypto/external/bsd/openssh/dist/readconf.c +++ b/crypto/external/bsd/openssh/dist/readconf.c @@ -1,5 +1,6 @@ -/* $NetBSD: readconf.c,v 1.19 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: readconf.c,v 1.259 2016/07/22 03:35:11 djm Exp $ */ +/* $NetBSD: readconf.c,v 1.20 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,7 +15,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: readconf.c,v 1.19 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: readconf.c,v 1.20 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -328,7 +329,7 @@ add_local_forward(Options *options, const struct Forward *newfwd) extern uid_t original_real_uid; int i; - if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && + if (!bind_permitted(newfwd->listen_port, original_real_uid) && newfwd->listen_path == NULL) fatal("Privileged ports can only be forwarded by root."); /* Don't add duplicates */ @@ -875,7 +876,6 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, case oBadOption: /* don't panic, but count bad options */ return -1; - /* NOTREACHED */ case oIgnoredUnknownOption: debug("%s line %d: Ignored unknown option \"%s\"", filename, linenum, keyword); diff --git a/crypto/external/bsd/openssh/dist/readconf.h b/crypto/external/bsd/openssh/dist/readconf.h index b797cb1b510e..660a61f9faee 100644 --- a/crypto/external/bsd/openssh/dist/readconf.h +++ b/crypto/external/bsd/openssh/dist/readconf.h @@ -1,4 +1,4 @@ -/* $NetBSD: readconf.h,v 1.16 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: readconf.h,v 1.17 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: readconf.h,v 1.117 2016/07/15 00:24:30 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/readpass.c b/crypto/external/bsd/openssh/dist/readpass.c index 90e3c73664c6..799c90335ce5 100644 --- a/crypto/external/bsd/openssh/dist/readpass.c +++ b/crypto/external/bsd/openssh/dist/readpass.c @@ -1,4 +1,4 @@ -/* $NetBSD: readpass.c,v 1.7 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: readpass.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: readpass.c,v 1.51 2015/12/11 00:20:04 mmcc Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: readpass.c,v 1.7 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: readpass.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/readpassphrase.3 b/crypto/external/bsd/openssh/dist/readpassphrase.3 index 51f1656c0d6f..693a6674a152 100644 --- a/crypto/external/bsd/openssh/dist/readpassphrase.3 +++ b/crypto/external/bsd/openssh/dist/readpassphrase.3 @@ -1,4 +1,4 @@ -.\" $NetBSD: readpassphrase.3,v 1.3 2015/04/03 23:58:19 christos Exp $ +.\" $NetBSD: readpassphrase.3,v 1.4 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: readpassphrase.3,v 1.3 2001/08/06 10:42:25 mpech Exp $ .\" .\" Copyright (c) 2000 Todd C. Miller diff --git a/crypto/external/bsd/openssh/dist/readpassphrase.c b/crypto/external/bsd/openssh/dist/readpassphrase.c index 737dd0c7485d..08ab1bf77c97 100644 --- a/crypto/external/bsd/openssh/dist/readpassphrase.c +++ b/crypto/external/bsd/openssh/dist/readpassphrase.c @@ -1,4 +1,4 @@ -/* $NetBSD: readpassphrase.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: readpassphrase.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* * Copyright (c) 2000 Todd C. Miller * All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/readpassphrase.h b/crypto/external/bsd/openssh/dist/readpassphrase.h index a46bfa93ea08..ce72ae3b1fed 100644 --- a/crypto/external/bsd/openssh/dist/readpassphrase.h +++ b/crypto/external/bsd/openssh/dist/readpassphrase.h @@ -1,4 +1,4 @@ -/* $NetBSD: readpassphrase.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: readpassphrase.h,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: readpassphrase.h,v 1.1 2000/11/21 00:48:38 millert Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/rsa.c b/crypto/external/bsd/openssh/dist/rsa.c index f97aa479b7ce..1a6a4159a778 100644 --- a/crypto/external/bsd/openssh/dist/rsa.c +++ b/crypto/external/bsd/openssh/dist/rsa.c @@ -1,4 +1,4 @@ -/* $NetBSD: rsa.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: rsa.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ /* * Author: Tatu Ylonen @@ -62,7 +62,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: rsa.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: rsa.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/rsa.h b/crypto/external/bsd/openssh/dist/rsa.h index d9530918b249..299b212278d0 100644 --- a/crypto/external/bsd/openssh/dist/rsa.h +++ b/crypto/external/bsd/openssh/dist/rsa.h @@ -1,4 +1,4 @@ -/* $NetBSD: rsa.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: rsa.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sandbox-rlimit.c b/crypto/external/bsd/openssh/dist/sandbox-rlimit.c index d156633d8380..db8d2bd65ae4 100644 --- a/crypto/external/bsd/openssh/dist/sandbox-rlimit.c +++ b/crypto/external/bsd/openssh/dist/sandbox-rlimit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */ +/* $OpenBSD: sandbox-rlimit.c,v 1.4 2016/09/12 01:22:38 deraadt Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -16,9 +16,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: sandbox-rlimit.c,v 1.4 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: sandbox-rlimit.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include -#include #include #include diff --git a/crypto/external/bsd/openssh/dist/sc25519.c b/crypto/external/bsd/openssh/dist/sc25519.c index 3166f153e6f4..5971c1d637fb 100644 --- a/crypto/external/bsd/openssh/dist/sc25519.c +++ b/crypto/external/bsd/openssh/dist/sc25519.c @@ -6,7 +6,7 @@ * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c */ #include "includes.h" -__RCSID("$NetBSD: sc25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: sc25519.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include "sc25519.h" diff --git a/crypto/external/bsd/openssh/dist/scp.1 b/crypto/external/bsd/openssh/dist/scp.1 index cbb4ea65153f..074627826fd2 100644 --- a/crypto/external/bsd/openssh/dist/scp.1 +++ b/crypto/external/bsd/openssh/dist/scp.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: scp.1,v 1.12 2016/08/02 13:45:12 christos Exp $ +.\" $NetBSD: scp.1,v 1.13 2016/12/25 00:07:47 christos Exp $ .\" -*- nroff -*- .\" .\" scp.1 diff --git a/crypto/external/bsd/openssh/dist/scp.c b/crypto/external/bsd/openssh/dist/scp.c index 473911ae91c8..a4ee9588f6c1 100644 --- a/crypto/external/bsd/openssh/dist/scp.c +++ b/crypto/external/bsd/openssh/dist/scp.c @@ -1,5 +1,6 @@ -/* $NetBSD: scp.c,v 1.14 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: scp.c,v 1.186 2016/05/25 23:48:45 schwarze Exp $ */ +/* $NetBSD: scp.c,v 1.15 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: scp.c,v 1.187 2016/09/12 01:22:38 deraadt Exp $ */ + /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -73,7 +74,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: scp.c,v 1.14 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: scp.c,v 1.15 2016/12/25 00:07:47 christos Exp $"); + #include /* roundup MAX */ #include #include @@ -377,7 +379,7 @@ main(int argc, char **argv) setlocale(LC_CTYPE, ""); /* Copy argv, because we modify it */ - newargv = xcalloc(MAX(argc + 1, 1), sizeof(*newargv)); + newargv = xcalloc(MAXIMUM(argc + 1, 1), sizeof(*newargv)); for (n = 0; n < argc; n++) newargv[n] = xstrdup(argv[n]); argv = newargv; @@ -1327,7 +1329,7 @@ allocbuf(BUF *bp, int fd, int blksize) run_err("fstat: %s", strerror(errno)); return (0); } - size = roundup(stb.st_blksize, blksize); + size = ROUNDUP(stb.st_blksize, blksize); if (size == 0) size = blksize; if (bp->cnt >= size) diff --git a/crypto/external/bsd/openssh/dist/servconf.c b/crypto/external/bsd/openssh/dist/servconf.c index d7d76c84c5ba..6fb7560e4384 100644 --- a/crypto/external/bsd/openssh/dist/servconf.c +++ b/crypto/external/bsd/openssh/dist/servconf.c @@ -1,6 +1,6 @@ -/* $NetBSD: servconf.c,v 1.21 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: servconf.c,v 1.22 2016/12/25 00:07:47 christos Exp $ */ -/* $OpenBSD: servconf.c,v 1.292 2016/06/23 05:17:51 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -13,7 +13,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: servconf.c,v 1.21 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: servconf.c,v 1.22 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -98,9 +98,7 @@ initialize_server_options(ServerOptions *options) options->num_host_cert_files = 0; options->host_key_agent = NULL; options->pid_file = NULL; - options->server_key_bits = -1; options->login_grace_time = -1; - options->key_regeneration_time = -1; options->permit_root_login = PERMIT_NOT_SET; options->ignore_rhosts = -1; options->ignore_root_rhosts = -1; @@ -117,12 +115,10 @@ initialize_server_options(ServerOptions *options) options->tcp_keep_alive = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; - options->rhosts_rsa_authentication = -1; options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; options->hostbased_key_types = NULL; options->hostkeyalgorithms = NULL; - options->rsa_authentication = -1; options->pubkey_authentication = -1; options->pubkey_key_types = NULL; options->kerberos_authentication = -1; @@ -143,7 +139,6 @@ initialize_server_options(ServerOptions *options) options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; options->permit_user_env = -1; - options->use_login = -1; options->compression = -1; options->rekey_limit = -1; options->rekey_interval = -1; @@ -176,7 +171,6 @@ initialize_server_options(ServerOptions *options) #endif options->macs = NULL; options->kex_algorithms = NULL; - options->protocol = SSH_PROTO_UNKNOWN; options->fwd_opts.gateway_ports = -1; options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; options->fwd_opts.streamlocal_bind_unlink = -1; @@ -207,6 +201,7 @@ initialize_server_options(ServerOptions *options) options->ip_qos_bulk = -1; options->version_addendum = NULL; options->fingerprint_hash = -1; + options->disable_forwarding = -1; options->none_enabled = -1; options->tcp_rcv_buf_poll = -1; options->hpn_disabled = -1; @@ -249,23 +244,16 @@ fill_default_server_options(ServerOptions *options) /* Standard Options */ int i; - if (options->protocol == SSH_PROTO_UNKNOWN) - options->protocol = SSH_PROTO_2; if (options->num_host_key_files == 0) { - /* fill default hostkeys for protocols */ - if (options->protocol & SSH_PROTO_1) - options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_KEY_FILE); - if (options->protocol & SSH_PROTO_2) { - options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_RSA_KEY_FILE); - options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_DSA_KEY_FILE); - options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_ECDSA_KEY_FILE); - options->host_key_files[options->num_host_key_files++] = - __UNCONST(_PATH_HOST_ED25519_KEY_FILE); - } + /* fill default hostkeys */ + options->host_key_files[options->num_host_key_files++] = + __UNCONST(_PATH_HOST_RSA_KEY_FILE); + options->host_key_files[options->num_host_key_files++] = + __UNCONST(_PATH_HOST_DSA_KEY_FILE); + options->host_key_files[options->num_host_key_files++] = + __UNCONST(_PATH_HOST_ECDSA_KEY_FILE); + options->host_key_files[options->num_host_key_files++] = + __UNCONST(_PATH_HOST_ED25519_KEY_FILE); } /* No certificates by default */ if (options->num_ports == 0) @@ -276,12 +264,8 @@ fill_default_server_options(ServerOptions *options) add_listen_addr(options, NULL, 0); if (options->pid_file == NULL) options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); - if (options->server_key_bits == -1) - options->server_key_bits = 1024; if (options->login_grace_time == -1) options->login_grace_time = 120; - if (options->key_regeneration_time == -1) - options->key_regeneration_time = 3600; if (options->permit_root_login == PERMIT_NOT_SET) options->permit_root_login = PERMIT_NO_PASSWD; if (options->ignore_rhosts == -1) @@ -314,14 +298,10 @@ fill_default_server_options(ServerOptions *options) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; - if (options->rhosts_rsa_authentication == -1) - options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) options->hostbased_authentication = 0; if (options->hostbased_uses_name_from_packet_only == -1) options->hostbased_uses_name_from_packet_only = 0; - if (options->rsa_authentication == -1) - options->rsa_authentication = 1; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; if (options->kerberos_authentication == -1) @@ -356,8 +336,6 @@ fill_default_server_options(ServerOptions *options) options->permit_empty_passwd = 0; if (options->permit_user_env == -1) options->permit_user_env = 0; - if (options->use_login == -1) - options->use_login = 0; if (options->compression == -1) options->compression = COMP_DELAYED; if (options->rekey_limit == -1) @@ -474,6 +452,8 @@ fill_default_server_options(ServerOptions *options) options->fwd_opts.streamlocal_bind_unlink = 0; if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; + if (options->disable_forwarding == -1) + options->disable_forwarding = 0; assemble_algorithms(options); @@ -515,11 +495,9 @@ fill_default_server_options(ServerOptions *options) /* Keyword tokens. */ typedef enum { sBadOption, /* == unknown option */ - /* Portable-specific options */ sUsePAM, - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, - sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, + sPort, sHostKeyFile, sLoginGraceTime, + sPermitRootLogin, sLogFacility, sLogLevel, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosGetAFSToken, sKerberosTgtPassing, sChallengeResponseAuthentication, @@ -528,9 +506,9 @@ typedef enum { sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, - sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sAllowTcpForwarding, sCompression, sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, - sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, + sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, sBanner, sUseDNS, sHostbasedAuthentication, @@ -550,8 +528,8 @@ typedef enum { sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, - sAllowStreamLocalForwarding, sFingerprintHash, - sDeprecated, sUnsupported + sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, + sDeprecated, sIgnore, sUnsupported #ifdef WITH_LDAP_PUBKEY ,sLdapPublickey, sLdapServers, sLdapUserDN ,sLdapGroupDN, sBindDN, sBindPw, sMyGroup @@ -580,19 +558,19 @@ static struct { { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, { "pidfile", sPidFile, SSHCFG_GLOBAL }, - { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, + { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, - { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, + { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, { "loglevel", sLogLevel, SSHCFG_GLOBAL }, { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, + { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, - { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, + { "rsaauthentication", sDeprecated, SSHCFG_ALL }, { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ @@ -641,7 +619,7 @@ static struct { { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, - { "uselogin", sUseLogin, SSHCFG_GLOBAL }, + { "uselogin", sDeprecated, SSHCFG_GLOBAL }, { "compression", sCompression, SSHCFG_GLOBAL }, { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, @@ -654,7 +632,7 @@ static struct { { "denygroups", sDenyGroups, SSHCFG_ALL }, { "ciphers", sCiphers, SSHCFG_GLOBAL }, { "macs", sMacs, SSHCFG_GLOBAL }, - { "protocol", sProtocol, SSHCFG_GLOBAL }, + { "protocol", sIgnore, SSHCFG_GLOBAL }, { "gatewayports", sGatewayPorts, SSHCFG_ALL }, { "subsystem", sSubsystem, SSHCFG_GLOBAL }, { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, @@ -664,8 +642,8 @@ static struct { { "usedns", sUseDNS, SSHCFG_GLOBAL }, { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, - { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, - { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, + { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, + { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, #ifdef WITH_LDAP_PUBKEY @@ -712,6 +690,7 @@ static struct { { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, + { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -875,7 +854,7 @@ get_connection_info(int populate, int use_dns) * options set are copied into the main server config. * * Potential additions/improvements: - * - Add Match support for pre-kex directives, eg Protocol, Ciphers. + * - Add Match support for pre-kex directives, eg. Ciphers. * * - Add a Tag directive (idea from David Leonard) ala pf, eg: * Match Address 192.168.0.* @@ -1076,8 +1055,8 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { + { "yes", COMP_DELAYED }, { "delayed", COMP_DELAYED }, - { "yes", COMP_ZLIB }, { "no", COMP_NONE }, { NULL, -1 } }; @@ -1178,18 +1157,6 @@ process_server_config_line(ServerOptions *options, char *line, filename, linenum); break; - case sServerKeyBits: - intptr = &options->server_key_bits; - parse_int: - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing integer value.", - filename, linenum); - value = atoi(arg); - if (*activep && *intptr == -1) - *intptr = value; - break; - case sLoginGraceTime: intptr = &options->login_grace_time; parse_time: @@ -1204,10 +1171,6 @@ process_server_config_line(ServerOptions *options, char *line, *intptr = value; break; - case sKeyRegenerationTime: - intptr = &options->key_regeneration_time; - goto parse_time; - case sListenAddress: arg = strdelim(&cp); if (arg == NULL || *arg == '\0') @@ -1293,7 +1256,6 @@ process_server_config_line(ServerOptions *options, char *line, MAX_HOSTCERTS); charptr = &options->host_cert_files[*intptr]; goto parse_filename; - break; case sPidFile: charptr = &options->pid_file; @@ -1347,10 +1309,6 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->ignore_user_known_hosts; goto parse_flag; - case sRhostsRSAAuthentication: - intptr = &options->rhosts_rsa_authentication; - goto parse_flag; - case sHostbasedAuthentication: intptr = &options->hostbased_authentication; goto parse_flag; @@ -1377,10 +1335,6 @@ process_server_config_line(ServerOptions *options, char *line, charptr = &options->hostkeyalgorithms; goto parse_keytypes; - case sRSAAuthentication: - intptr = &options->rsa_authentication; - goto parse_flag; - case sPubkeyAuthentication: intptr = &options->pubkey_authentication; goto parse_flag; @@ -1447,7 +1401,15 @@ process_server_config_line(ServerOptions *options, char *line, case sX11DisplayOffset: intptr = &options->x11_display_offset; - goto parse_int; + parse_int: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing integer value.", + filename, linenum); + value = atoi(arg); + if (*activep && *intptr == -1) + *intptr = value; + break; case sX11UseLocalhost: intptr = &options->x11_use_localhost; @@ -1481,10 +1443,6 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->permit_user_env; goto parse_flag; - case sUseLogin: - intptr = &options->use_login; - goto parse_flag; - case sCompression: intptr = &options->compression; multistate_ptr = multistate_compression; @@ -1562,6 +1520,10 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->allow_agent_forwarding; goto parse_flag; + case sDisableForwarding: + intptr = &options->disable_forwarding; + goto parse_flag; + case sUsePrivilegeSeparation: intptr = &use_privsep; multistate_ptr = multistate_privsep; @@ -1572,6 +1534,9 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); + if (match_user(NULL, NULL, NULL, arg) == -1) + fatal("%s line %d: invalid AllowUsers pattern: " + "\"%.100s\"", filename, linenum, arg); if (!*activep) continue; options->allow_users[options->num_allow_users++] = @@ -1584,6 +1549,9 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_users >= MAX_DENY_USERS) fatal("%s line %d: too many deny users.", filename, linenum); + if (match_user(NULL, NULL, NULL, arg) == -1) + fatal("%s line %d: invalid DenyUsers pattern: " + "\"%.100s\"", filename, linenum, arg); if (!*activep) continue; options->deny_users[options->num_deny_users++] = @@ -1649,19 +1617,6 @@ process_server_config_line(ServerOptions *options, char *line, options->kex_algorithms = xstrdup(arg); break; - case sProtocol: - intptr = &options->protocol; - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: Missing argument.", filename, linenum); - value = proto_spec(arg); - if (value == SSH_PROTO_UNKNOWN) - fatal("%s line %d: Bad protocol spec '%s'.", - filename, linenum, arg ? arg : ""); - if (*intptr == SSH_PROTO_UNKNOWN) - *intptr = value; - break; - case sSubsystem: if (options->num_subsystems >= MAX_SUBSYSTEMS) { fatal("%s line %d: too many subsystems defined.", @@ -2042,18 +1997,16 @@ process_server_config_line(ServerOptions *options, char *line, break; case sDeprecated: - logit("%s line %d: Deprecated option %s", - filename, linenum, arg); + case sIgnore: + case sUnsupported: + do_log2(opcode == sIgnore ? + SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, + "%s line %d: %s option %s", filename, linenum, + opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); while (arg) arg = strdelim(&cp); break; - case sUnsupported: - logit("%s line %d: Unsupported option %s", - filename, linenum, arg); - while (arg) - arg = strdelim(&cp); - break; #ifdef WITH_LDAP_PUBKEY case sLdapPublickey: intptr = &options->lpk.on; @@ -2289,7 +2242,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(password_authentication); M_CP_INTOPT(gss_authentication); - M_CP_INTOPT(rsa_authentication); M_CP_INTOPT(pubkey_authentication); M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); @@ -2301,6 +2253,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(allow_tcp_forwarding); M_CP_INTOPT(allow_streamlocal_forwarding); M_CP_INTOPT(allow_agent_forwarding); + M_CP_INTOPT(disable_forwarding); M_CP_INTOPT(permit_tun); M_CP_INTOPT(fwd_opts.gateway_ports); M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); @@ -2311,6 +2264,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(permit_user_rc); M_CP_INTOPT(max_sessions); M_CP_INTOPT(max_authtries); + M_CP_INTOPT(client_alive_count_max); + M_CP_INTOPT(client_alive_interval); M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_bulk); M_CP_INTOPT(rekey_limit); @@ -2429,17 +2384,6 @@ fmt_intarg(ServerOpCodes code, int val) return fmt_multistate_int(val, multistate_tcpfwd); case sFingerprintHash: return ssh_digest_alg_name(val); - case sProtocol: - switch (val) { - case SSH_PROTO_1: - return "1"; - case SSH_PROTO_2: - return "2"; - case (SSH_PROTO_1|SSH_PROTO_2): - return "2,1"; - default: - return "UNKNOWN"; - } default: switch (val) { case 0: @@ -2527,7 +2471,6 @@ dump_config(ServerOptions *o) /* these are usually at the top of the config */ for (i = 0; i < o->num_ports; i++) printf("port %d\n", o->ports[i]); - dump_cfg_fmtint(sProtocol, o->protocol); dump_cfg_fmtint(sAddressFamily, o->address_family); /* @@ -2557,9 +2500,7 @@ dump_config(ServerOptions *o) free(laddr1); /* integer arguments */ - dump_cfg_int(sServerKeyBits, o->server_key_bits); dump_cfg_int(sLoginGraceTime, o->login_grace_time); - dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); dump_cfg_int(sMaxAuthTries, o->max_authtries); dump_cfg_int(sMaxSessions, o->max_sessions); @@ -2571,11 +2512,9 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); - dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, o->hostbased_uses_name_from_packet_only); - dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); #ifdef KRB5 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); @@ -2602,12 +2541,12 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); - dump_cfg_fmtint(sUseLogin, o->use_login); dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sUseDNS, o->use_dns); dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); + dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); diff --git a/crypto/external/bsd/openssh/dist/servconf.h b/crypto/external/bsd/openssh/dist/servconf.h index 51ed9516a961..0130e77a5229 100644 --- a/crypto/external/bsd/openssh/dist/servconf.h +++ b/crypto/external/bsd/openssh/dist/servconf.h @@ -1,5 +1,5 @@ -/* $NetBSD: servconf.h,v 1.13 2015/08/13 10:33:21 christos Exp $ */ -/* $OpenBSD: servconf.h,v 1.120 2015/07/10 06:21:53 markus Exp $ */ +/* $NetBSD: servconf.h,v 1.14 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: servconf.h,v 1.123 2016/11/30 03:00:05 djm Exp $ */ /* * Author: Tatu Ylonen @@ -74,10 +74,8 @@ typedef struct { int num_host_cert_files; /* Number of files for host certs. */ char *host_key_agent; /* ssh-agent socket for host keys. */ char *pid_file; /* Where to put our pid */ - int server_key_bits;/* Size of the server key. */ int login_grace_time; /* Disconnect if no auth in this time * (sec). */ - int key_regeneration_time; /* Server key lifetime (seconds). */ int permit_root_login; /* PERMIT_*, see above */ int ignore_rhosts; /* Ignore .rhosts and .shosts. */ int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root; @@ -101,17 +99,13 @@ typedef struct { char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ - int protocol; /* Supported protocol versions. */ struct ForwardOptions fwd_opts; /* forwarding options */ SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for system logging. */ - int rhosts_rsa_authentication; /* If true, permit rhosts RSA - * authentication. */ int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ int hostbased_uses_name_from_packet_only; /* experimental */ char *hostbased_key_types; /* Key types allowed for hostbased */ char *hostkeyalgorithms; /* SSH2 server key types */ - int rsa_authentication; /* If true, permit RSA authentication. */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ char *pubkey_key_types; /* Key types allowed for public key */ int kerberos_authentication; /* If true, permit Kerberos @@ -140,11 +134,11 @@ typedef struct { int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int permit_user_env; /* If true, read ~/.ssh/environment */ - int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; /* One of FORWARD_* */ int allow_streamlocal_forwarding; /* One of FORWARD_* */ int allow_agent_forwarding; + int disable_forwarding; u_int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; u_int num_deny_users; diff --git a/crypto/external/bsd/openssh/dist/serverloop.c b/crypto/external/bsd/openssh/dist/serverloop.c index 8d1639a457f1..3cffa4da6c4e 100644 --- a/crypto/external/bsd/openssh/dist/serverloop.c +++ b/crypto/external/bsd/openssh/dist/serverloop.c @@ -1,5 +1,6 @@ -/* $NetBSD: serverloop.c,v 1.15 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: serverloop.c,v 1.184 2016/03/07 19:02:43 djm Exp $ */ +/* $NetBSD: serverloop.c,v 1.16 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: serverloop.c,v 1.189 2016/12/14 00:36:34 djm Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,7 +38,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: serverloop.c,v 1.15 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: serverloop.c,v 1.16 2016/12/25 00:07:47 christos Exp $"); + #include /* MIN MAX */ #include #include @@ -66,7 +68,6 @@ __RCSID("$NetBSD: serverloop.c,v 1.15 2016/08/02 13:45:12 christos Exp $"); #include "sshpty.h" #include "channels.h" #include "compat.h" -#include "ssh1.h" #include "ssh2.h" #include "key.h" #include "cipher.h" @@ -79,31 +80,15 @@ __RCSID("$NetBSD: serverloop.c,v 1.15 2016/08/02 13:45:12 christos Exp $"); #include "serverloop.h" #include "ssherr.h" +static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */ +static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */ + extern ServerOptions options; /* XXX */ extern Authctxt *the_authctxt; extern int use_privsep; -static Buffer stdin_buffer; /* Buffer for stdin data. */ -static Buffer stdout_buffer; /* Buffer for stdout data. */ -static Buffer stderr_buffer; /* Buffer for stderr data. */ -static int fdin; /* Descriptor for stdin (for writing) */ -static int fdout; /* Descriptor for stdout (for reading); - May be same number as fdin. */ -static int fderr; /* Descriptor for stderr. May be -1. */ -static u_long stdin_bytes = 0; /* Number of bytes written to stdin. */ -static u_long stdout_bytes = 0; /* Number of stdout bytes sent to client. */ -static u_long stderr_bytes = 0; /* Number of stderr bytes sent to client. */ -static u_long fdout_bytes = 0; /* Number of stdout bytes read from program. */ -static int stdin_eof = 0; /* EOF message received from client. */ -static int fdout_eof = 0; /* EOF encountered reading from fdout. */ -static int fderr_eof = 0; /* EOF encountered readung from fderr. */ -static int fdin_is_tty = 0; /* fdin points to a tty. */ -static int connection_in; /* Connection to client (input). */ -static int connection_out; /* Connection to client (output). */ -static int connection_closed = 0; /* Connection to client closed. */ -static u_int buffer_high; /* "Soft" max buffer size. */ static int no_more_sessions = 0; /* Disallow further sessions. */ /* @@ -195,64 +180,6 @@ sigterm_handler(int sig) received_sigterm = sig; } -/* - * Make packets from buffered stderr data, and buffer it for sending - * to the client. - */ -static void -make_packets_from_stderr_data(void) -{ - u_int len; - - /* Send buffered stderr data to the client. */ - while (buffer_len(&stderr_buffer) > 0 && - packet_not_very_much_data_to_write()) { - len = buffer_len(&stderr_buffer); - if (packet_is_interactive()) { - if (len > 512) - len = 512; - } else { - /* Keep the packets at reasonable size. */ - if (len > packet_get_maxsize()) - len = packet_get_maxsize(); - } - packet_start(SSH_SMSG_STDERR_DATA); - packet_put_string(buffer_ptr(&stderr_buffer), len); - packet_send(); - buffer_consume(&stderr_buffer, len); - stderr_bytes += len; - } -} - -/* - * Make packets from buffered stdout data, and buffer it for sending to the - * client. - */ -static void -make_packets_from_stdout_data(void) -{ - u_int len; - - /* Send buffered stdout data to the client. */ - while (buffer_len(&stdout_buffer) > 0 && - packet_not_very_much_data_to_write()) { - len = buffer_len(&stdout_buffer); - if (packet_is_interactive()) { - if (len > 512) - len = 512; - } else { - /* Keep the packets at reasonable size. */ - if (len > packet_get_maxsize()) - len = packet_get_maxsize(); - } - packet_start(SSH_SMSG_STDOUT_DATA); - packet_put_string(buffer_ptr(&stdout_buffer), len); - packet_send(); - buffer_consume(&stdout_buffer, len); - stdout_bytes += len; - } -} - static void client_alive_check(void) { @@ -285,7 +212,8 @@ client_alive_check(void) * for the duration of the wait (0 = infinite). */ static void -wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, +wait_until_can_do_something(int connection_in, int connection_out, + fd_set **readsetp, fd_set **writesetp, int *maxfdp, u_int *nallocp, u_int64_t max_time_ms) { struct timeval tv, *tvp; @@ -299,7 +227,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, /* XXX need proper deadline system for rekey/client alive */ if (minwait_secs != 0) - max_time_ms = MIN(max_time_ms, (u_int)minwait_secs * 1000); + max_time_ms = MINIMUM(max_time_ms, (u_int)minwait_secs * 1000); /* * if using client_alive, set the max timeout accordingly, @@ -309,7 +237,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * this could be randomized somewhat to make traffic * analysis more difficult, but we're not doing it yet. */ - if (compat20 && options.client_alive_interval) { + if (options.client_alive_interval) { uint64_t keepalive_ms = (uint64_t)options.client_alive_interval * 1000; @@ -318,37 +246,11 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, max_time_ms = keepalive_ms; } - if (compat20) { #if 0 - /* wrong: bad condition XXX */ - if (channel_not_very_much_buffered_data()) + /* wrong: bad condition XXX */ + if (channel_not_very_much_buffered_data()) #endif - FD_SET(connection_in, *readsetp); - } else { - /* - * Read packets from the client unless we have too much - * buffered stdin or channel data. - */ - if (buffer_len(&stdin_buffer) < buffer_high && - channel_not_very_much_buffered_data()) - FD_SET(connection_in, *readsetp); - /* - * If there is not too much data already buffered going to - * the client, try to get some more data from the program. - */ - if (packet_not_very_much_data_to_write()) { - if (!fdout_eof) - FD_SET(fdout, *readsetp); - if (!fderr_eof) - FD_SET(fderr, *readsetp); - } - /* - * If we have buffered data, try to write some of that data - * to the program. - */ - if (fdin != -1 && buffer_len(&stdin_buffer) > 0) - FD_SET(fdin, *writesetp); - } + FD_SET(connection_in, *readsetp); notify_prepare(*readsetp); /* @@ -392,8 +294,8 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * Processes input from the client and the program. Input data is stored * in buffers and processed later. */ -static void -process_input(fd_set *readset) +static int +process_input(fd_set *readset, int connection_in) { struct ssh *ssh = active_state; /* XXX */ int len; @@ -405,10 +307,7 @@ process_input(fd_set *readset) if (len == 0) { verbose("Connection closed by %.100s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - connection_closed = 1; - if (compat20) - return; - cleanup_exit(255); + return -1; } else if (len < 0) { if (errno != EINTR && errno != EAGAIN) { verbose("Read error from remote host " @@ -423,367 +322,26 @@ process_input(fd_set *readset) fdout_bytes += len; } } - if (compat20) - return; - - /* Read and buffer any available stdout data from the program. */ - if (!fdout_eof && FD_ISSET(fdout, readset)) { - len = read(fdout, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { - /* do nothing */ - } else if (len <= 0) { - fdout_eof = 1; - } else { - buffer_append(&stdout_buffer, buf, len); - debug ("FD out now: %ld", fdout_bytes); - fdout_bytes += len; - } - } - /* Read and buffer any available stderr data from the program. */ - if (!fderr_eof && FD_ISSET(fderr, readset)) { - len = read(fderr, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { - /* do nothing */ - } else if (len <= 0) { - fderr_eof = 1; - } else { - buffer_append(&stderr_buffer, buf, len); - } - } + return 0; } /* * Sends data from internal buffers to client program stdin. */ static void -process_output(fd_set *writeset) +process_output(fd_set *writeset, int connection_out) { - struct termios tio; - u_char *data; - u_int dlen; - int len; - - /* Write buffered data to program stdin. */ - if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { - data = buffer_ptr(&stdin_buffer); - dlen = buffer_len(&stdin_buffer); - len = write(fdin, data, dlen); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) { - /* do nothing */ - } else if (len <= 0) { - if (fdin != fdout) - close(fdin); - else - shutdown(fdin, SHUT_WR); /* We will no longer send. */ - fdin = -1; - } else { - /* Successful write. */ - if (fdin_is_tty && dlen >= 1 && data[0] != '\r' && - tcgetattr(fdin, &tio) == 0 && - !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { - /* - * Simulate echo to reduce the impact of - * traffic analysis - */ - packet_send_ignore(len); - packet_send(); - } - /* Consume the data from the buffer. */ - buffer_consume(&stdin_buffer, len); - /* Update the count of bytes written to the program. */ - stdin_bytes += len; - } - } /* Send any buffered packet data to the client. */ if (FD_ISSET(connection_out, writeset)) stdin_bytes += packet_write_poll(); } -/* - * Wait until all buffered output has been sent to the client. - * This is used when the program terminates. - */ -static void -drain_output(void) -{ - /* Send any buffered stdout data to the client. */ - if (buffer_len(&stdout_buffer) > 0) { - packet_start(SSH_SMSG_STDOUT_DATA); - packet_put_string(buffer_ptr(&stdout_buffer), - buffer_len(&stdout_buffer)); - packet_send(); - /* Update the count of sent bytes. */ - stdout_bytes += buffer_len(&stdout_buffer); - } - /* Send any buffered stderr data to the client. */ - if (buffer_len(&stderr_buffer) > 0) { - packet_start(SSH_SMSG_STDERR_DATA); - packet_put_string(buffer_ptr(&stderr_buffer), - buffer_len(&stderr_buffer)); - packet_send(); - /* Update the count of sent bytes. */ - stderr_bytes += buffer_len(&stderr_buffer); - } - /* Wait until all buffered data has been written to the client. */ - packet_write_wait(); -} - static void process_buffered_input_packets(void) { dispatch_run(DISPATCH_NONBLOCK, NULL, active_state); } -/* - * Performs the interactive session. This handles data transmission between - * the client and the program. Note that the notion of stdin, stdout, and - * stderr in this function is sort of reversed: this function writes to - * stdin (of the child program), and reads from stdout and stderr (of the - * child program). - */ -void -server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) -{ - fd_set *readset = NULL, *writeset = NULL; - int max_fd = 0; - u_int nalloc = 0; - int wait_status; /* Status returned by wait(). */ - pid_t wait_pid; /* pid returned by wait(). */ - int waiting_termination = 0; /* Have displayed waiting close message. */ - u_int64_t max_time_milliseconds; - u_int previous_stdout_buffer_bytes; - u_int stdout_buffer_bytes; - int type; - - debug("Entering interactive session."); - - /* Initialize the SIGCHLD kludge. */ - child_terminated = 0; - signal(SIGCHLD, sigchld_handler); - - if (!use_privsep) { - signal(SIGTERM, sigterm_handler); - signal(SIGINT, sigterm_handler); - signal(SIGQUIT, sigterm_handler); - } - - /* Initialize our global variables. */ - fdin = fdin_arg; - fdout = fdout_arg; - fderr = fderr_arg; - - /* nonblocking IO */ - set_nonblock(fdin); - set_nonblock(fdout); - /* we don't have stderr for interactive terminal sessions, see below */ - if (fderr != -1) - set_nonblock(fderr); - - if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin)) - fdin_is_tty = 1; - - connection_in = packet_get_connection_in(); - connection_out = packet_get_connection_out(); - - notify_setup(); - - previous_stdout_buffer_bytes = 0; - - /* Set approximate I/O buffer size. */ - if (packet_is_interactive()) - buffer_high = 4096; - else - buffer_high = 64 * 1024; - -#if 0 - /* Initialize max_fd to the maximum of the known file descriptors. */ - max_fd = MAX(connection_in, connection_out); - max_fd = MAX(max_fd, fdin); - max_fd = MAX(max_fd, fdout); - if (fderr != -1) - max_fd = MAX(max_fd, fderr); -#endif - - /* Initialize Initialize buffers. */ - buffer_init(&stdin_buffer); - buffer_init(&stdout_buffer); - buffer_init(&stderr_buffer); - - /* - * If we have no separate fderr (which is the case when we have a pty - * - there we cannot make difference between data sent to stdout and - * stderr), indicate that we have seen an EOF from stderr. This way - * we don't need to check the descriptor everywhere. - */ - if (fderr == -1) - fderr_eof = 1; - - server_init_dispatch(); - - /* Main loop of the server for the interactive session mode. */ - for (;;) { - - /* Process buffered packets from the client. */ - process_buffered_input_packets(); - - /* - * If we have received eof, and there is no more pending - * input data, cause a real eof by closing fdin. - */ - if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) { - if (fdin != fdout) - close(fdin); - else - shutdown(fdin, SHUT_WR); /* We will no longer send. */ - fdin = -1; - } - /* Make packets from buffered stderr data to send to the client. */ - make_packets_from_stderr_data(); - - /* - * Make packets from buffered stdout data to send to the - * client. If there is very little to send, this arranges to - * not send them now, but to wait a short while to see if we - * are getting more data. This is necessary, as some systems - * wake up readers from a pty after each separate character. - */ - max_time_milliseconds = 0; - stdout_buffer_bytes = buffer_len(&stdout_buffer); - if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 && - stdout_buffer_bytes != previous_stdout_buffer_bytes) { - /* try again after a while */ - max_time_milliseconds = 10; - } else { - /* Send it now. */ - make_packets_from_stdout_data(); - } - previous_stdout_buffer_bytes = buffer_len(&stdout_buffer); - - /* Send channel data to the client. */ - if (packet_not_very_much_data_to_write()) - channel_output_poll(); - - /* - * Bail out of the loop if the program has closed its output - * descriptors, and we have no more data to send to the - * client, and there is no pending buffered data. - */ - if (fdout_eof && fderr_eof && !packet_have_data_to_write() && - buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) { - if (!channel_still_open()) - break; - if (!waiting_termination) { - const char *s = "Waiting for forwarded connections to terminate...\r\n"; - char *cp; - waiting_termination = 1; - buffer_append(&stderr_buffer, s, strlen(s)); - - /* Display list of open channels. */ - cp = channel_open_message(); - buffer_append(&stderr_buffer, cp, strlen(cp)); - free(cp); - } - } - max_fd = MAX(connection_in, connection_out); - max_fd = MAX(max_fd, fdin); - max_fd = MAX(max_fd, fdout); - max_fd = MAX(max_fd, fderr); - max_fd = MAX(max_fd, notify_pipe[0]); - - /* Sleep in select() until we can do something. */ - wait_until_can_do_something(&readset, &writeset, &max_fd, - &nalloc, max_time_milliseconds); - - if (received_sigterm) { - logit("Exiting on signal %d", (int)received_sigterm); - /* Clean up sessions, utmp, etc. */ - cleanup_exit(255); - } - - /* Process any channel events. */ - channel_after_select(readset, writeset); - - /* Process input from the client and from program stdout/stderr. */ - process_input(readset); - - /* Process output to the client and to program stdin. */ - process_output(writeset); - } - free(readset); - free(writeset); - - /* Cleanup and termination code. */ - - /* Wait until all output has been sent to the client. */ - drain_output(); - - debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.", - stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes); - - /* Free and clear the buffers. */ - buffer_free(&stdin_buffer); - buffer_free(&stdout_buffer); - buffer_free(&stderr_buffer); - - /* Close the file descriptors. */ - if (fdout != -1) - close(fdout); - fdout = -1; - fdout_eof = 1; - if (fderr != -1) - close(fderr); - fderr = -1; - fderr_eof = 1; - if (fdin != -1) - close(fdin); - fdin = -1; - - channel_free_all(); - - /* We no longer want our SIGCHLD handler to be called. */ - signal(SIGCHLD, SIG_DFL); - - while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0) - if (errno != EINTR) - packet_disconnect("wait: %.100s", strerror(errno)); - if (wait_pid != pid) - error("Strange, wait returned pid %ld, expected %ld", - (long)wait_pid, (long)pid); - - /* Check if it exited normally. */ - if (WIFEXITED(wait_status)) { - /* Yes, normal exit. Get exit status and send it to the client. */ - debug("Command exited with status %d.", WEXITSTATUS(wait_status)); - packet_start(SSH_SMSG_EXITSTATUS); - packet_put_int(WEXITSTATUS(wait_status)); - packet_send(); - packet_write_wait(); - - /* - * Wait for exit confirmation. Note that there might be - * other packets coming before it; however, the program has - * already died so we just ignore them. The client is - * supposed to respond with the confirmation when it receives - * the exit status. - */ - do { - type = packet_read(); - } - while (type != SSH_CMSG_EXIT_CONFIRMATION); - - debug("Received exit confirmation."); - return; - } - /* Check if the program terminated due to a signal. */ - if (WIFSIGNALED(wait_status)) - packet_disconnect("Command terminated on signal %d.", - WTERMSIG(wait_status)); - - /* Some weird exit cause. Just exit. */ - packet_disconnect("wait returned status %04x.", wait_status); - /* NOTREACHED */ -} - static void collect_children(void) { @@ -811,7 +369,7 @@ server_loop2(Authctxt *authctxt) { fd_set *readset = NULL, *writeset = NULL; int max_fd; - u_int nalloc = 0; + u_int nalloc = 0, connection_in, connection_out; u_int64_t rekey_timeout_ms = 0; double start_time, total_time; struct ssh *ssh = active_state; /* XXX */ @@ -832,8 +390,8 @@ server_loop2(Authctxt *authctxt) notify_setup(); - max_fd = MAX(connection_in, connection_out); - max_fd = MAX(max_fd, notify_pipe[0]); + max_fd = MAXIMUM(connection_in, connection_out); + max_fd = MAXIMUM(max_fd, notify_pipe[0]); server_init_dispatch(); @@ -843,14 +401,14 @@ server_loop2(Authctxt *authctxt) if (!ssh_packet_is_rekeying(active_state) && packet_not_very_much_data_to_write()) channel_output_poll(); - if (options.rekey_interval > 0 && compat20 && + if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(active_state)) rekey_timeout_ms = packet_get_rekey_timeout() * 1000; else rekey_timeout_ms = 0; - wait_until_can_do_something(&readset, &writeset, &max_fd, - &nalloc, rekey_timeout_ms); + wait_until_can_do_something(connection_in, connection_out, + &readset, &writeset, &max_fd, &nalloc, rekey_timeout_ms); if (received_sigterm) { logit("Exiting on signal %d", (int)received_sigterm); @@ -861,10 +419,9 @@ server_loop2(Authctxt *authctxt) collect_children(); if (!ssh_packet_is_rekeying(active_state)) channel_after_select(readset, writeset); - process_input(readset); - if (connection_closed) + if (process_input(readset, connection_in) < 0) break; - process_output(writeset); + process_output(writeset, connection_out); } collect_children(); @@ -896,53 +453,6 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt) return 0; } -static int -server_input_stdin_data(int type, u_int32_t seq, void *ctxt) -{ - char *data; - u_int data_len; - - /* Stdin data from the client. Append it to the buffer. */ - /* Ignore any data if the client has closed stdin. */ - if (fdin == -1) - return 0; - data = packet_get_string(&data_len); - packet_check_eom(); - buffer_append(&stdin_buffer, data, data_len); - explicit_bzero(data, data_len); - free(data); - return 0; -} - -static int -server_input_eof(int type, u_int32_t seq, void *ctxt) -{ - /* - * Eof from the client. The stdin descriptor to the - * program will be closed when all buffered data has - * drained. - */ - debug("EOF received for stdin."); - packet_check_eom(); - stdin_eof = 1; - return 0; -} - -static int -server_input_window_size(int type, u_int32_t seq, void *ctxt) -{ - u_int row = packet_get_int(); - u_int col = packet_get_int(); - u_int xpixel = packet_get_int(); - u_int ypixel = packet_get_int(); - - debug("Window change received."); - packet_check_eom(); - if (fdin != -1) - pty_change_window_size(fdin, row, col, xpixel, ypixel); - return 0; -} - static Channel * server_request_direct_tcpip(void) { @@ -961,7 +471,7 @@ server_request_direct_tcpip(void) /* XXX fine grained permissions */ if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && - !no_port_forwarding_flag) { + !no_port_forwarding_flag && !options.disable_forwarding) { c = channel_connect_to_port(target, target_port, "direct-tcpip", "direct-tcpip"); } else { @@ -993,7 +503,8 @@ server_request_direct_streamlocal(void) /* XXX fine grained permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && - !no_port_forwarding_flag) { + !no_port_forwarding_flag && !options.disable_forwarding && + use_privsep) { c = channel_connect_to_path(target, "direct-streamlocal@openssh.com", "direct-streamlocal"); } else { @@ -1237,10 +748,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || - no_port_forwarding_flag || + no_port_forwarding_flag || options.disable_forwarding || (!want_reply && fwd.listen_port == 0) || - (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && - pw->pw_uid != 0)) { + (fwd.listen_port != 0 && + !bind_permitted(fwd.listen_port, pw->pw_uid))) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { @@ -1275,7 +786,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 - || no_port_forwarding_flag) { + || no_port_forwarding_flag || options.disable_forwarding || + !use_privsep) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { @@ -1348,9 +860,9 @@ server_input_channel_req(int type, u_int32_t seq, void *ctxt) } static void -server_init_dispatch_20(void) +server_init_dispatch(void) { - debug("server_init_dispatch_20"); + debug("server_init_dispatch"); dispatch_init(&dispatch_protocol_error); dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose); dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data); @@ -1370,36 +882,3 @@ server_init_dispatch_20(void) /* rekeying */ dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); } -static void -server_init_dispatch_13(void) -{ - debug("server_init_dispatch_13"); - dispatch_init(NULL); - dispatch_set(SSH_CMSG_EOF, &server_input_eof); - dispatch_set(SSH_CMSG_STDIN_DATA, &server_input_stdin_data); - dispatch_set(SSH_CMSG_WINDOW_SIZE, &server_input_window_size); - dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close); - dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation); - dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data); - dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); - dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); - dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); -} -static void -server_init_dispatch_15(void) -{ - server_init_dispatch_13(); - debug("server_init_dispatch_15"); - dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof); - dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose); -} -static void -server_init_dispatch(void) -{ - if (compat20) - server_init_dispatch_20(); - else if (compat13) - server_init_dispatch_13(); - else - server_init_dispatch_15(); -} diff --git a/crypto/external/bsd/openssh/dist/serverloop.h b/crypto/external/bsd/openssh/dist/serverloop.h index 74c664f4b2bd..30505971268f 100644 --- a/crypto/external/bsd/openssh/dist/serverloop.h +++ b/crypto/external/bsd/openssh/dist/serverloop.h @@ -1,5 +1,5 @@ -/* $NetBSD: serverloop.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: serverloop.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ +/* $NetBSD: serverloop.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: serverloop.h,v 1.7 2016/08/13 17:47:41 markus Exp $ */ /* * Author: Tatu Ylonen @@ -22,7 +22,6 @@ #ifndef SERVERLOOP_H #define SERVERLOOP_H -void server_loop(pid_t, int, int, int); void server_loop2(Authctxt *); #endif diff --git a/crypto/external/bsd/openssh/dist/session.c b/crypto/external/bsd/openssh/dist/session.c index 9bc949d78a36..ac314954c922 100644 --- a/crypto/external/bsd/openssh/dist/session.c +++ b/crypto/external/bsd/openssh/dist/session.c @@ -1,5 +1,6 @@ -/* $NetBSD: session.c,v 1.20 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */ +/* $NetBSD: session.c,v 1.21 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: session.c,v 1.286 2016/11/30 03:00:05 djm Exp $ */ + /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -35,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: session.c,v 1.20 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: session.c,v 1.21 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -60,7 +61,6 @@ __RCSID("$NetBSD: session.c,v 1.20 2016/08/02 13:45:12 christos Exp $"); #include "xmalloc.h" #include "ssh.h" -#include "ssh1.h" #include "ssh2.h" #include "sshpty.h" #include "packet.h" @@ -115,7 +115,6 @@ __dead void do_child(Session *, const char *); void do_motd(void); int check_quietlogin(Session *, const char *); -static void do_authenticated1(Authctxt *); static void do_authenticated2(Authctxt *); static int session_pty_req(Session *); @@ -247,7 +246,7 @@ do_authenticated(Authctxt *authctxt) /* setup the channel layer */ /* XXX - streamlocal? */ - if (no_port_forwarding_flag || + if (no_port_forwarding_flag || options.disable_forwarding || (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) channel_disable_adm_local_opens(); else @@ -255,11 +254,7 @@ do_authenticated(Authctxt *authctxt) auth_debug_send(); - if (compat20) - do_authenticated2(authctxt); - else - do_authenticated1(authctxt); - + do_authenticated2(authctxt); do_cleanup(authctxt); } @@ -278,216 +273,6 @@ xauth_valid_string(const char *s) return 1; } -/* - * Prepares for an interactive session. This is called after the user has - * been successfully authenticated. During this message exchange, pseudo - * terminals are allocated, X11, TCP/IP, and authentication agent forwardings - * are requested, etc. - */ -static void -do_authenticated1(Authctxt *authctxt) -{ - Session *s; - char *command; - int success, type, screen_flag; - int enable_compression_after_reply = 0; - u_int proto_len, data_len, dlen, compression_level = 0; - - s = session_new(); - if (s == NULL) { - error("no more sessions"); - return; - } - s->authctxt = authctxt; - s->pw = authctxt->pw; - - /* - * We stay in this loop until the client requests to execute a shell - * or a command. - */ - for (;;) { - success = 0; - - /* Get a packet from the client. */ - type = packet_read(); - - /* Process the packet. */ - switch (type) { - case SSH_CMSG_REQUEST_COMPRESSION: - compression_level = packet_get_int(); - packet_check_eom(); - if (compression_level < 1 || compression_level > 9) { - packet_send_debug("Received invalid compression level %d.", - compression_level); - break; - } - if (options.compression == COMP_NONE) { - debug2("compression disabled"); - break; - } - /* Enable compression after we have responded with SUCCESS. */ - enable_compression_after_reply = 1; - success = 1; - break; - - case SSH_CMSG_REQUEST_PTY: - success = session_pty_req(s); - break; - - case SSH_CMSG_X11_REQUEST_FORWARDING: - s->auth_proto = packet_get_string(&proto_len); - s->auth_data = packet_get_string(&data_len); - - screen_flag = packet_get_protocol_flags() & - SSH_PROTOFLAG_SCREEN_NUMBER; - debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag); - - if (packet_remaining() == 4) { - if (!screen_flag) - debug2("Buggy client: " - "X11 screen flag missing"); - s->screen = packet_get_int(); - } else { - s->screen = 0; - } - packet_check_eom(); - if (xauth_valid_string(s->auth_proto) && - xauth_valid_string(s->auth_data)) - success = session_setup_x11fwd(s); - else { - success = 0; - error("Invalid X11 forwarding data"); - } - if (!success) { - free(s->auth_proto); - free(s->auth_data); - s->auth_proto = NULL; - s->auth_data = NULL; - } - break; - - case SSH_CMSG_AGENT_REQUEST_FORWARDING: - if (!options.allow_agent_forwarding || - no_agent_forwarding_flag || compat13) { - debug("Authentication agent forwarding not permitted for this authentication."); - break; - } - debug("Received authentication agent forwarding request."); - success = auth_input_request_forwarding(s->pw); - break; - - case SSH_CMSG_PORT_FORWARD_REQUEST: - if (no_port_forwarding_flag) { - debug("Port forwarding not permitted for this authentication."); - break; - } - if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) { - debug("Port forwarding not permitted."); - break; - } - debug("Received TCP/IP port forwarding request."); - if (channel_input_port_forward_request(s->pw->pw_uid == 0, - &options.fwd_opts) < 0) { - debug("Port forwarding failed."); - break; - } - success = 1; - break; - - case SSH_CMSG_MAX_PACKET_SIZE: - if (packet_set_maxsize(packet_get_int()) > 0) - success = 1; - break; - -#if defined(AFS) || defined(KRB5) - case SSH_CMSG_HAVE_KERBEROS_TGT: - if (!options.kerberos_tgt_passing) { - verbose("Kerberos TGT passing disabled."); - } else { - char *kdata = packet_get_string(&dlen); - packet_check_eom(); - - /* XXX - 0x41, see creds_to_radix version */ - if (kdata[0] != 0x41) { -#ifdef KRB5 - krb5_data tgt; - tgt.data = kdata; - tgt.length = dlen; - - if (auth_krb5_tgt(s->authctxt, &tgt)) - success = 1; - else - verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); -#endif /* KRB5 */ - } else { -#ifdef AFS - if (auth_krb4_tgt(s->authctxt, kdata)) - success = 1; - else - verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); -#endif /* AFS */ - } - free(kdata); - } - break; -#endif /* AFS || KRB5 */ - -#ifdef AFS - case SSH_CMSG_HAVE_AFS_TOKEN: - if (!options.afs_token_passing || !k_hasafs()) { - verbose("AFS token passing disabled."); - } else { - /* Accept AFS token. */ - char *token = packet_get_string(&dlen); - packet_check_eom(); - - if (auth_afs_token(s->authctxt, token)) - success = 1; - else - verbose("AFS token refused for %.100s", - s->authctxt->user); - free(token); - } - break; -#endif /* AFS */ - - case SSH_CMSG_EXEC_SHELL: - case SSH_CMSG_EXEC_CMD: - if (type == SSH_CMSG_EXEC_CMD) { - command = packet_get_string(&dlen); - debug("Exec command '%.500s'", command); - if (do_exec(s, command) != 0) - packet_disconnect( - "command execution failed"); - free(command); - } else { - if (do_exec(s, NULL) != 0) - packet_disconnect( - "shell execution failed"); - } - packet_check_eom(); - session_close(s); - return; - - default: - /* - * Any unknown messages in this phase are ignored, - * and a failure message is returned. - */ - logit("Unknown packet type received after authentication: %d", type); - } - packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - - /* Enable compression now that we have replied if appropriate. */ - if (enable_compression_after_reply) { - enable_compression_after_reply = 0; - packet_start_compression(compression_level); - } - } -} - #define USE_PIPES 1 /* * This is called to fork and execute a command when we have no tty. This @@ -642,14 +427,8 @@ do_exec_no_pty(Session *s, const char *command) close(pout[1]); close(perr[1]); - if (compat20) { - session_set_fds(s, pin[1], pout[0], perr[0], - s->is_subsystem, 0); - } else { - /* Enter the interactive session. */ - server_loop(pid, pin[1], pout[0], perr[0]); - /* server_loop has closed pin[1], pout[0], and perr[0]. */ - } + session_set_fds(s, pin[1], pout[0], perr[0], + s->is_subsystem, 0); #else /* We are the parent. Close the child sides of the socket pairs. */ close(inout[0]); @@ -659,13 +438,8 @@ do_exec_no_pty(Session *s, const char *command) * Enter the interactive session. Note: server_loop must be able to * handle the case that fdin and fdout are the same. */ - if (compat20) { - session_set_fds(s, inout[1], inout[1], err[1], - s->is_subsystem, 0); - } else { - server_loop(pid, inout[1], inout[1], err[1]); - /* server_loop has closed inout[1] and err[1]. */ - } + session_set_fds(s, inout[1], inout[1], err[1], + s->is_subsystem, 0); #endif return 0; } @@ -753,8 +527,7 @@ do_exec_pty(Session *s, const char *command) close(ttyfd); /* record login, etc. similar to login(1) */ - if (!(options.use_login && command == NULL)) - do_login(s, command); + do_login(s, command); /* * Do common processing for the child, such as execing @@ -774,12 +547,7 @@ do_exec_pty(Session *s, const char *command) s->ptymaster = ptymaster; packet_set_interactive(1, options.ip_qos_interactive, options.ip_qos_bulk); - if (compat20) { - session_set_fds(s, ptyfd, fdout, -1, 1, 1); - } else { - server_loop(pid, ptyfd, fdout, -1); - /* server_loop _has_ closed ptyfd and fdout. */ - } + session_set_fds(s, ptyfd, fdout, -1, 1, 1); return 0; } @@ -1012,67 +780,6 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); } -#ifdef HAVE_LOGIN_CAP -/* - * Sets any environment variables specified in login.conf. - * Taken from: - * NetBSD: login_cap.c,v 1.11 2001/07/22 13:34:01 wiz Exp - * Modified to use child_set_env instead of setenv. - */ -static void -lc_setuserenv(char ***env, u_int *envsize, login_cap_t *lcp) -{ - const char *stop = ", \t"; - int i, count; - char *ptr; - char **res; - char *str = login_getcapstr(lcp, "setenv", NULL, NULL); - - if (str == NULL || *str == '\0') - return; - - /* count the sub-strings */ - for (i = 1, ptr = str; *ptr; i++) { - ptr += strcspn(ptr, stop); - if (*ptr) - ptr++; - } - - /* allocate ptr array and string */ - count = i; - res = malloc(count * sizeof(char *) + strlen(str) + 1); - - if (!res) - return; - - ptr = (char *)res + count * sizeof(char *); - strcpy(ptr, str); - - /* split string */ - for (i = 0; *ptr && i < count; i++) { - res[i] = ptr; - ptr += strcspn(ptr, stop); - if (*ptr) - *ptr++ = '\0'; - } - - res[i] = NULL; - - for (i = 0; i < count && res[i]; i++) { - if (*res[i] != '\0') { - if ((ptr = strchr(res[i], '=')) != NULL) - *ptr++ = '\0'; - else - ptr = __UNCONST(""); - child_set_env(env, envsize, res[i], ptr); - } - } - - free(res); - return; -} -#endif - /* * Reads environment variables from the given file and adds/overrides them * into the environment. If the file does not exist, this does nothing. @@ -1166,53 +873,41 @@ do_setup_env(Session *s, const char *shell) ssh_gssapi_do_child(&env, &envsize); #endif - if (!options.use_login) { -#ifdef HAVE_LOGIN_CAP - lc_setuserenv(&env, &envsize, lc); -#endif - /* Set basic environment. */ - for (i = 0; i < s->num_env; i++) - child_set_env(&env, &envsize, s->env[i].name, - s->env[i].val); + /* Set basic environment. */ + for (i = 0; i < s->num_env; i++) + child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); - child_set_env(&env, &envsize, "USER", pw->pw_name); - child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); - child_set_env(&env, &envsize, "HOME", pw->pw_dir); -#ifdef HAVE_LOGIN_CAP - if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) - child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); - else - child_set_env(&env, &envsize, "PATH", getenv("PATH")); -#else + child_set_env(&env, &envsize, "USER", pw->pw_name); + child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); + child_set_env(&env, &envsize, "HOME", pw->pw_dir); + if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); -#endif + else + child_set_env(&env, &envsize, "PATH", getenv("PATH")); - snprintf(buf, sizeof buf, "%.200s/%.50s", - _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); + snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); + + /* Normal systems set SHELL by default. */ + child_set_env(&env, &envsize, "SHELL", shell); - /* Normal systems set SHELL by default. */ - child_set_env(&env, &envsize, "SHELL", shell); - } if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); /* Set custom environment options from RSA authentication. */ - if (!options.use_login) { - while (custom_environment) { - struct envstring *ce = custom_environment; - char *str = ce->s; + while (custom_environment) { + struct envstring *ce = custom_environment; + char *str = ce->s; - for (i = 0; str[i] != '=' && str[i]; i++) - ; - if (str[i] == '=') { - str[i] = 0; - child_set_env(&env, &envsize, str, str + i + 1); - } - custom_environment = ce->next; - free(ce->s); - free(ce); + for (i = 0; str[i] != '=' && str[i]; i++) + ; + if (str[i] == '=') { + str[i] = 0; + child_set_env(&env, &envsize, str, str + i + 1); } + custom_environment = ce->next; + free(ce->s); + free(ce); } /* SSH_CLIENT deprecated */ @@ -1252,7 +947,7 @@ do_setup_env(Session *s, const char *shell) * Pull in any environment variables that may have * been set by PAM. */ - if (options.use_pam && !options.use_login) { + if (options.use_pam) { char **p; p = fetch_pam_child_environment(); @@ -1270,7 +965,7 @@ do_setup_env(Session *s, const char *shell) auth_sock_name); /* read $HOME/.ssh/environment. */ - if (options.permit_user_env && !options.use_login) { + if (options.permit_user_env) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); @@ -1539,20 +1234,6 @@ do_pwchange(Session *s) exit(1); } -__dead static void -launch_login(struct passwd *pw, const char *hostname) -{ - /* Launch login(1). */ - - execl("/usr/bin/login", "login", "-h", hostname, - "-p", "-f", "--", pw->pw_name, (char *)NULL); - - /* Login couldn't be executed, die. */ - - perror("login"); - exit(1); -} - static void child_close_fds(void) { @@ -1600,11 +1281,10 @@ child_close_fds(void) void do_child(Session *s, const char *command) { - struct ssh *ssh = active_state; /* XXX */ extern char **environ; char **env; char *argv[ARGV_MAX]; - const char *shell, *shell0, *hostname = NULL; + const char *shell, *shell0; struct passwd *pw = s->pw; int r = 0; @@ -1618,25 +1298,10 @@ do_child(Session *s, const char *command) do_pwchange(s); } - /* login(1) is only called if we execute the login shell */ - if (options.use_login && command != NULL) - options.use_login = 0; - /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. */ - if (!options.use_login) { - do_nologin(pw); - do_setusercontext(pw); - /* - * PAM session modules in do_setusercontext may have - * generated messages, so if this in an interactive - * login then display them too. - */ - if (!check_quietlogin(s, command)) - display_loginmsg(); - } #ifdef USE_PAM if (options.use_pam && !is_pam_session_open()) { debug3("PAM session not opened, exiting"); @@ -1644,6 +1309,8 @@ do_child(Session *s, const char *command) exit(254); } #endif + do_nologin(pw); + do_setusercontext(pw); /* * Get the shell from the password data. An empty shell field is @@ -1662,10 +1329,6 @@ do_child(Session *s, const char *command) __UNCONST(shell)); #endif - /* we have to stash the hostname before we close our socket. */ - if (options.use_login) - hostname = session_get_remote_name_or_ip(ssh, utmp_len, - options.use_dns); /* * Close the connection descriptors; note that this is the child, and * the server will still have the socket open, and it is important @@ -1722,8 +1385,7 @@ do_child(Session *s, const char *command) (void)closefrom(STDERR_FILENO + 1); - if (!options.use_login) - do_rc_files(s, shell); + do_rc_files(s, shell); /* restore SIGPIPE for child */ signal(SIGPIPE, SIG_DFL); @@ -1750,11 +1412,6 @@ do_child(Session *s, const char *command) fflush(NULL); - if (options.use_login) { - launch_login(pw, hostname); - /* NEVERREACHED */ - } - /* Get the last component of the shell name. */ if ((shell0 = strrchr(shell, '/')) != NULL) shell0++; @@ -1998,14 +1655,8 @@ session_pty_req(Session *s) } s->term = packet_get_string(&len); - - if (compat20) { - s->col = packet_get_int(); - s->row = packet_get_int(); - } else { - s->row = packet_get_int(); - s->col = packet_get_int(); - } + s->col = packet_get_int(); + s->row = packet_get_int(); s->xpixel = packet_get_int(); s->ypixel = packet_get_int(); @@ -2027,9 +1678,7 @@ session_pty_req(Session *s) } debug("session_pty_req: session %d alloc %s", s->self, s->tty); - /* for SSH1 the tty modes length is not given */ - if (!compat20) - n_bytes = packet_remaining(); + n_bytes = packet_remaining(); tty_parse_modes(s->ttyfd, &n_bytes); if (!use_privsep) @@ -2245,8 +1894,6 @@ void session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, int is_tty) { - if (!compat20) - fatal("session_set_fds: called for proto != 2.0"); /* * now that have a child and a pipe to the child, * we can activate our channel and register the fd's @@ -2586,11 +2233,6 @@ session_setup_x11fwd(Session *s) packet_send_debug("No xauth program; cannot forward with spoofing."); return 0; } - if (options.use_login) { - packet_send_debug("X11 forwarding disabled; " - "not compatible with UseLogin=yes."); - return 0; - } if (s->display != NULL) { debug("X11 display already set."); return 0; @@ -2666,7 +2308,7 @@ do_cleanup(Authctxt *authctxt) #endif #ifdef GSSAPI - if (compat20 && options.gss_cleanup_creds) + if (options.gss_cleanup_creds) ssh_gssapi_cleanup_creds(); #endif diff --git a/crypto/external/bsd/openssh/dist/session.h b/crypto/external/bsd/openssh/dist/session.h index 2a3e4541b13d..24a8d4fc85c8 100644 --- a/crypto/external/bsd/openssh/dist/session.h +++ b/crypto/external/bsd/openssh/dist/session.h @@ -1,5 +1,5 @@ -/* $NetBSD: session.h,v 1.5 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: session.h,v 1.32 2016/03/07 19:02:43 djm Exp $ */ +/* $NetBSD: session.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: session.h,v 1.33 2016/08/13 17:47:41 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -54,7 +54,6 @@ struct Session { char *auth_data; int single_connection; - /* proto 2 */ int chanid; int *x11_chanids; int is_subsystem; diff --git a/crypto/external/bsd/openssh/dist/sftp-client.c b/crypto/external/bsd/openssh/dist/sftp-client.c index ce3f18805dd9..321abd228184 100644 --- a/crypto/external/bsd/openssh/dist/sftp-client.c +++ b/crypto/external/bsd/openssh/dist/sftp-client.c @@ -1,5 +1,6 @@ -/* $NetBSD: sftp-client.c,v 1.16 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: sftp-client.c,v 1.124 2016/05/25 23:48:45 schwarze Exp $ */ +/* $NetBSD: sftp-client.c,v 1.17 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */ + /* * Copyright (c) 2001-2004 Damien Miller * @@ -22,7 +23,8 @@ /* XXX: copy between two remote sites */ #include "includes.h" -__RCSID("$NetBSD: sftp-client.c,v 1.16 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sftp-client.c,v 1.17 2016/12/25 00:07:47 christos Exp $"); + #include /* MIN MAX */ #include #include @@ -458,7 +460,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, /* Some filexfer v.0 servers don't support large packets */ if (ret->version == 0) - ret->transfer_buflen = MIN(ret->transfer_buflen, 20480); + ret->transfer_buflen = MINIMUM(ret->transfer_buflen, 20480); ret->limit_kbps = limit_kbps; if (ret->limit_kbps > 0) { @@ -1348,7 +1350,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, req->offset, req->len, handle, handle_len); /* Reduce the request size */ if (len < buflen) - buflen = MAX(MIN_READ_SIZE, len); + buflen = MAXIMUM(MIN_READ_SIZE, len); } if (max_req > 0) { /* max_req = 0 iff EOF received */ if (size > 0 && offset > size) { diff --git a/crypto/external/bsd/openssh/dist/sftp-client.h b/crypto/external/bsd/openssh/dist/sftp-client.h index 291d9880a870..7ef9412e5a16 100644 --- a/crypto/external/bsd/openssh/dist/sftp-client.h +++ b/crypto/external/bsd/openssh/dist/sftp-client.h @@ -1,4 +1,4 @@ -/* $NetBSD: sftp-client.h,v 1.8 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: sftp-client.h,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sftp-client.h,v 1.27 2015/05/08 06:45:13 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sftp-common.c b/crypto/external/bsd/openssh/dist/sftp-common.c index 2d09a113f4d5..e1cd6bd7ff9b 100644 --- a/crypto/external/bsd/openssh/dist/sftp-common.c +++ b/crypto/external/bsd/openssh/dist/sftp-common.c @@ -1,5 +1,6 @@ -/* $NetBSD: sftp-common.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: sftp-common.c,v 1.28 2015/01/20 23:14:00 deraadt Exp $ */ +/* $NetBSD: sftp-common.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.29 2016/09/12 01:22:38 deraadt Exp $ */ + /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -26,7 +27,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-common.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: sftp-common.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); + #include /* MAX */ #include #include @@ -45,6 +47,7 @@ __RCSID("$NetBSD: sftp-common.c,v 1.7 2015/04/03 23:58:19 christos Exp $"); #include "ssherr.h" #include "sshbuf.h" #include "log.h" +#include "misc.h" #include "sftp.h" #include "sftp-common.h" @@ -244,8 +247,8 @@ ls_file(const char *name, const struct stat *st, int remote, int si_units) } if (sz == 0) tbuf[0] = '\0'; - ulen = MAX(strlen(user), 8); - glen = MAX(strlen(group), 8); + ulen = MAXIMUM(strlen(user), 8); + glen = MAXIMUM(strlen(group), 8); if (si_units) { fmt_scaled((long long)st->st_size, sbuf); snprintf(buf, sizeof buf, "%s %3u %-*s %-*s %8s %s %s", mode, diff --git a/crypto/external/bsd/openssh/dist/sftp-common.h b/crypto/external/bsd/openssh/dist/sftp-common.h index 23abb6aeaff8..a0dd2883e576 100644 --- a/crypto/external/bsd/openssh/dist/sftp-common.h +++ b/crypto/external/bsd/openssh/dist/sftp-common.h @@ -1,4 +1,4 @@ -/* $NetBSD: sftp-common.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: sftp-common.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sftp-common.h,v 1.12 2015/01/14 13:54:13 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sftp-glob.c b/crypto/external/bsd/openssh/dist/sftp-glob.c index 8513569f2be5..806116cfb044 100644 --- a/crypto/external/bsd/openssh/dist/sftp-glob.c +++ b/crypto/external/bsd/openssh/dist/sftp-glob.c @@ -1,4 +1,4 @@ -/* $NetBSD: sftp-glob.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: sftp-glob.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sftp-glob.c,v 1.27 2015/01/14 13:54:13 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-glob.c,v 1.8 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: sftp-glob.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/sftp-server-main.c b/crypto/external/bsd/openssh/dist/sftp-server-main.c index 727a2d37057b..3fb2734d84c0 100644 --- a/crypto/external/bsd/openssh/dist/sftp-server-main.c +++ b/crypto/external/bsd/openssh/dist/sftp-server-main.c @@ -1,4 +1,4 @@ -/* $NetBSD: sftp-server-main.c,v 1.5 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: sftp-server-main.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -18,7 +18,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-server-main.c,v 1.5 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: sftp-server-main.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/sftp-server.8 b/crypto/external/bsd/openssh/dist/sftp-server.8 index 0d085996cf3a..a81ec46b9013 100644 --- a/crypto/external/bsd/openssh/dist/sftp-server.8 +++ b/crypto/external/bsd/openssh/dist/sftp-server.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: sftp-server.8,v 1.9 2015/04/03 23:58:19 christos Exp $ +.\" $NetBSD: sftp-server.8,v 1.10 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/sftp-server.c b/crypto/external/bsd/openssh/dist/sftp-server.c index 9c0a9170c72b..13cd533f0e8a 100644 --- a/crypto/external/bsd/openssh/dist/sftp-server.c +++ b/crypto/external/bsd/openssh/dist/sftp-server.c @@ -1,5 +1,5 @@ -/* $NetBSD: sftp-server.c,v 1.14 2016/03/11 01:55:00 christos Exp $ */ -/* $OpenBSD: sftp-server.c,v 1.109 2016/02/15 09:47:49 dtucker Exp $ */ +/* $NetBSD: sftp-server.c,v 1.15 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.110 2016/09/12 01:22:38 deraadt Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. @@ -18,7 +18,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp-server.c,v 1.14 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: sftp-server.c,v 1.15 2016/12/25 00:07:47 christos Exp $"); + #include /* MIN */ #include #include @@ -501,7 +502,7 @@ status_to_message(u_int32_t status) "Operation unsupported", /* SSH_FX_OP_UNSUPPORTED */ "Unknown error" /* Others */ }; - return (status_messages[MIN(status,SSH2_FX_MAX)]); + return (status_messages[MINIMUM(status,SSH2_FX_MAX)]); } static void diff --git a/crypto/external/bsd/openssh/dist/sftp.1 b/crypto/external/bsd/openssh/dist/sftp.1 index fe0c1c5b67ca..e199372adb4a 100644 --- a/crypto/external/bsd/openssh/dist/sftp.1 +++ b/crypto/external/bsd/openssh/dist/sftp.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: sftp.1,v 1.13 2016/08/02 13:45:12 christos Exp $ +.\" $NetBSD: sftp.1,v 1.14 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: sftp.1,v 1.105 2016/07/16 06:57:55 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/sftp.c b/crypto/external/bsd/openssh/dist/sftp.c index 6fb4758d4775..e1a5679b5187 100644 --- a/crypto/external/bsd/openssh/dist/sftp.c +++ b/crypto/external/bsd/openssh/dist/sftp.c @@ -1,5 +1,6 @@ -/* $NetBSD: sftp.c,v 1.19 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: sftp.c,v 1.175 2016/07/22 03:47:36 djm Exp $ */ +/* $NetBSD: sftp.c,v 1.20 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */ + /* * Copyright (c) 2001-2004 Damien Miller * @@ -17,7 +18,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp.c,v 1.19 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sftp.c,v 1.20 2016/12/25 00:07:47 christos Exp $"); + #include /* MIN MAX */ #include #include @@ -213,6 +215,18 @@ killchild(int signo) _exit(1); } +/* ARGSUSED */ +static void +suspchild(int signo) +{ + if (sshpid > 1) { + kill(sshpid, signo); + while (waitpid(sshpid, NULL, WUNTRACED) == -1 && errno == EINTR) + continue; + } + kill(getpid(), SIGSTOP); +} + /* ARGSUSED */ static void cmd_interrupt(int signo) @@ -788,7 +802,7 @@ do_ls_dir(struct sftp_conn *conn, const char *path, /* Count entries for sort and find longest filename */ for (n = 0; d[n] != NULL; n++) { if (d[n]->filename[0] != '.' || (lflag & LS_SHOW_ALL)) - m = MAX(m, strlen(d[n]->filename)); + m = MAXIMUM(m, strlen(d[n]->filename)); } /* Add any subpath that also needs to be counted */ @@ -800,9 +814,9 @@ do_ls_dir(struct sftp_conn *conn, const char *path, width = ws.ws_col; columns = width / (m + 2); - columns = MAX(columns, 1); + columns = MAXIMUM(columns, 1); colspace = width / columns; - colspace = MIN(colspace, width); + colspace = MINIMUM(colspace, width); } if (lflag & SORT_FLAGS) { @@ -911,10 +925,10 @@ do_globbed_ls(struct sftp_conn *conn, const char *path, if (!(lflag & LS_SHORT_VIEW)) { /* Count entries for sort and find longest filename */ for (i = 0; g.gl_pathv[i]; i++) - m = MAX(m, strlen(g.gl_pathv[i])); + m = MAXIMUM(m, strlen(g.gl_pathv[i])); columns = width / (m + 2); - columns = MAX(columns, 1); + columns = MAXIMUM(columns, 1); colspace = width / columns; } @@ -1675,16 +1689,16 @@ complete_display(char **list, u_int len) /* Count entries for sort and find longest */ for (y = 0; list[y]; y++) - m = MAX(m, strlen(list[y])); + m = MAXIMUM(m, strlen(list[y])); if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) width = ws.ws_col; m = m > len ? m - len : 0; columns = width / (m + 2); - columns = MAX(columns, 1); + columns = MAXIMUM(columns, 1); colspace = width / columns; - colspace = MIN(colspace, width); + colspace = MINIMUM(colspace, width); printf("\n"); m = 1; @@ -2201,6 +2215,9 @@ connect_to_server(const char *path, char **args, int *in, int *out) signal(SIGTERM, killchild); signal(SIGINT, killchild); signal(SIGHUP, killchild); + signal(SIGTSTP, suspchild); + signal(SIGTTIN, suspchild); + signal(SIGTTOU, suspchild); close(c_in); close(c_out); } diff --git a/crypto/external/bsd/openssh/dist/sftp.h b/crypto/external/bsd/openssh/dist/sftp.h index 9ded14310c58..8ec6b13d3c8b 100644 --- a/crypto/external/bsd/openssh/dist/sftp.h +++ b/crypto/external/bsd/openssh/dist/sftp.h @@ -1,4 +1,4 @@ -/* $NetBSD: sftp.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: sftp.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sftp.h,v 1.9 2008/06/13 00:12:02 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c b/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c index 297f2fbe8734..e65dc7436673 100644 --- a/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c +++ b/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c @@ -7,7 +7,7 @@ Derived from public domain code by D. J. Bernstein. */ #include "includes.h" -__RCSID("$NetBSD: smult_curve25519_ref.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: smult_curve25519_ref.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *); diff --git a/crypto/external/bsd/openssh/dist/ssh-add.1 b/crypto/external/bsd/openssh/dist/ssh-add.1 index b1fd75dfb330..8363ffbd888e 100644 --- a/crypto/external/bsd/openssh/dist/ssh-add.1 +++ b/crypto/external/bsd/openssh/dist/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh-add.1,v 1.10 2015/07/03 01:00:00 christos Exp $ +.\" $NetBSD: ssh-add.1,v 1.11 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: ssh-add.1,v 1.62 2015/03/30 18:28:37 jmc Exp $ .\" .\" Author: Tatu Ylonen diff --git a/crypto/external/bsd/openssh/dist/ssh-add.c b/crypto/external/bsd/openssh/dist/ssh-add.c index d7bebeaf7852..03b00ecb9179 100644 --- a/crypto/external/bsd/openssh/dist/ssh-add.c +++ b/crypto/external/bsd/openssh/dist/ssh-add.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-add.c,v 1.13 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: ssh-add.c,v 1.14 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -38,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-add.c,v 1.13 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssh-add.c,v 1.14 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-agent.1 b/crypto/external/bsd/openssh/dist/ssh-agent.1 index b61133bc0faa..238b235e1462 100644 --- a/crypto/external/bsd/openssh/dist/ssh-agent.1 +++ b/crypto/external/bsd/openssh/dist/ssh-agent.1 @@ -1,5 +1,6 @@ -.\" $NetBSD: ssh-agent.1,v 1.10 2016/03/11 01:55:00 christos Exp $ -.\" $OpenBSD: ssh-agent.1,v 1.62 2015/11/15 23:54:15 jmc Exp $ +.\" $NetBSD: ssh-agent.1,v 1.11 2016/12/25 00:07:47 christos Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $ +.\" .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +36,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 15 2015 +.Dd November 30 2016 .Dt SSH-AGENT 1 .Os .Sh NAME @@ -47,6 +48,7 @@ .Op Fl \&Dd .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash +.Op Fl P Ar pkcs11_whitelist .Op Fl t Ar life .Op Ar command Op Ar arg ... .Nm ssh-agent @@ -122,6 +124,18 @@ The default is Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). +.It Fl P Ar pkcs11_whitelist +Specify a pattern-list of acceptable paths for PKCS#11 shared libraries +that may be added using the +.Fl s +option to +.Xr ssh-add 1 . +The default is to allow loading PKCS#11 libraries from +.Dq /usr/lib/*,/usr/local/lib/* . +PKCS#11 libraries that do not match the whitelist will be refused. +See PATTERNS in +.Xr ssh_config 5 +for a description of pattern-list syntax. .It Fl s Generate Bourne shell commands on .Dv stdout . @@ -196,7 +210,7 @@ The agent exits automatically when the command given on the command line terminates. .Sh FILES .Bl -tag -width Ds -.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt +.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent. .Ux Ns -domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. @@ -208,11 +222,12 @@ The sockets should get automatically removed when the agent exits. .Xr ssh-keygen 1 , .Xr sshd 8 .Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. +.An -nosplit +OpenSSH is a derivative of the original and free ssh 1.2.12 release by +.An Tatu Ylonen . +.An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos , Theo de Raadt +and +.An Dug Song +removed many bugs, re-added newer features and created OpenSSH. +.An Markus Friedl +contributed the support for SSH protocol versions 1.5 and 2.0. diff --git a/crypto/external/bsd/openssh/dist/ssh-agent.c b/crypto/external/bsd/openssh/dist/ssh-agent.c index d43791bbf78e..c0e4957d9917 100644 --- a/crypto/external/bsd/openssh/dist/ssh-agent.c +++ b/crypto/external/bsd/openssh/dist/ssh-agent.c @@ -1,5 +1,6 @@ -/* $NetBSD: ssh-agent.c,v 1.18 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */ +/* $NetBSD: ssh-agent.c,v 1.19 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,7 +37,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-agent.c,v 1.18 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh-agent.c,v 1.19 2016/12/25 00:07:47 christos Exp $"); + #include /* MIN MAX */ #include #include @@ -74,11 +76,16 @@ __RCSID("$NetBSD: ssh-agent.c,v 1.18 2016/08/02 13:45:12 christos Exp $"); #include "getpeereid.h" #include "digest.h" #include "ssherr.h" +#include "match.h" #ifdef ENABLE_PKCS11 #include "ssh-pkcs11.h" #endif +#ifndef DEFAULT_PKCS11_WHITELIST +# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" +#endif + typedef enum { AUTH_UNUSED, AUTH_SOCKET, @@ -126,6 +133,9 @@ pid_t cleanup_pid = 0; char socket_name[PATH_MAX]; char socket_dir[PATH_MAX]; +/* PKCS#11 path whitelist */ +static char *pkcs11_whitelist; + /* locking */ #define LOCK_SIZE 32 #define LOCK_SALT_SIZE 16 @@ -529,7 +539,7 @@ reaper(void) tab->nentries--; } else deadline = (deadline == 0) ? id->death : - MIN(deadline, id->death); + MINIMUM(deadline, id->death); } } if (deadline == 0 || deadline <= now) @@ -728,7 +738,7 @@ no_identities(SocketEntry *e, u_int type) static void process_add_smartcard_key(SocketEntry *e) { - char *provider = NULL, *pin; + char *provider = NULL, *pin, canonical_provider[PATH_MAX]; int r, i, version, count = 0, success = 0, confirm = 0; u_int seconds; time_t death = 0; @@ -760,10 +770,21 @@ process_add_smartcard_key(SocketEntry *e) goto send; } } + if (realpath(provider, canonical_provider) == NULL) { + verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", + provider, strerror(errno)); + goto send; + } + if (match_pattern_list(canonical_provider, pkcs11_whitelist, 0) != 1) { + verbose("refusing PKCS#11 add of \"%.100s\": " + "provider not whitelisted", canonical_provider); + goto send; + } + debug("%s: add %.100s", __func__, canonical_provider); if (lifetime && !death) death = monotime() + lifetime; - count = pkcs11_add_provider(provider, pin, &keys); + count = pkcs11_add_provider(canonical_provider, pin, &keys); for (i = 0; i < count; i++) { k = keys[i]; version = k->type == KEY_RSA1 ? 1 : 2; @@ -771,8 +792,8 @@ process_add_smartcard_key(SocketEntry *e) if (lookup_identity(k, version) == NULL) { id = xcalloc(1, sizeof(Identity)); id->key = k; - id->provider = xstrdup(provider); - id->comment = xstrdup(provider); /* XXX */ + id->provider = xstrdup(canonical_provider); + id->comment = xstrdup(canonical_provider); /* XXX */ id->death = death; id->confirm = confirm; TAILQ_INSERT_TAIL(&tab->idlist, id, next); @@ -981,7 +1002,7 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, switch (sockets[i].type) { case AUTH_SOCKET: case AUTH_CONNECTION: - n = MAX(n, sockets[i].fd); + n = MAXIMUM(n, sockets[i].fd); break; case AUTH_UNUSED: break; @@ -1020,7 +1041,7 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, deadline = reaper(); if (parent_alive_interval != 0) deadline = (deadline == 0) ? parent_alive_interval : - MIN(deadline, parent_alive_interval); + MINIMUM(deadline, parent_alive_interval); if (deadline == 0) { *tvpp = NULL; } else { @@ -1161,7 +1182,7 @@ usage(void) { fprintf(stderr, "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" - " [-t life] [command [arg ...]]\n" + " [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" " ssh-agent [-c | -s] -k\n"); exit(1); } @@ -1220,7 +1241,7 @@ main(int ac, char **av) OpenSSL_add_all_algorithms(); #endif - while ((ch = getopt(ac, av, "cDdksE:a:t:")) != -1) { + while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) { switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); @@ -1235,6 +1256,11 @@ main(int ac, char **av) case 'k': k_flag++; break; + case 'P': + if (pkcs11_whitelist != NULL) + fatal("-P option already specified"); + pkcs11_whitelist = xstrdup(optarg); + break; case 's': if (c_flag) usage(); @@ -1269,6 +1295,9 @@ main(int ac, char **av) if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) usage(); + if (pkcs11_whitelist == NULL) + pkcs11_whitelist = xstrdup(DEFAULT_PKCS11_WHITELIST); + if (ac == 0 && !c_flag && !s_flag) { shell = getenv("SHELL"); if (shell != NULL && (len = strlen(shell)) > 2 && @@ -1460,7 +1489,7 @@ skip: nalloc = 0; #ifdef __OpenBSD__ - if (pledge("stdio cpath unix id proc exec", NULL) == -1) + if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1) fatal("%s: pledge: %s", __progname, strerror(errno)); #endif diff --git a/crypto/external/bsd/openssh/dist/ssh-dss.c b/crypto/external/bsd/openssh/dist/ssh-dss.c index ce0b4fcb8f20..889ebd80e8b7 100644 --- a/crypto/external/bsd/openssh/dist/ssh-dss.c +++ b/crypto/external/bsd/openssh/dist/ssh-dss.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-dss.c,v 1.9 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ssh-dss.c,v 1.10 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-dss.c,v 1.9 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh-dss.c,v 1.10 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-ecdsa.c b/crypto/external/bsd/openssh/dist/ssh-ecdsa.c index 561776444e8f..79492a9c0e43 100644 --- a/crypto/external/bsd/openssh/dist/ssh-ecdsa.c +++ b/crypto/external/bsd/openssh/dist/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-ecdsa.c,v 1.8 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ssh-ecdsa.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-ecdsa.c,v 1.13 2016/04/21 06:08:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-ecdsa.c,v 1.8 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh-ecdsa.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-ed25519.c b/crypto/external/bsd/openssh/dist/ssh-ed25519.c index 27cd67065563..97cde7db41c2 100644 --- a/crypto/external/bsd/openssh/dist/ssh-ed25519.c +++ b/crypto/external/bsd/openssh/dist/ssh-ed25519.c @@ -16,7 +16,7 @@ */ #define SSHKEY_INTERNAL #include "includes.h" -__RCSID("$NetBSD: ssh-ed25519.c,v 1.4 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh-ed25519.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-gss.h b/crypto/external/bsd/openssh/dist/ssh-gss.h index 9362eccdf5ee..5a239bb3ea5f 100644 --- a/crypto/external/bsd/openssh/dist/ssh-gss.h +++ b/crypto/external/bsd/openssh/dist/ssh-gss.h @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-gss.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: ssh-gss.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/ssh-keygen.1 b/crypto/external/bsd/openssh/dist/ssh-keygen.1 index a915824514eb..6dab025be982 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keygen.1 +++ b/crypto/external/bsd/openssh/dist/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh-keygen.1,v 1.17 2016/08/02 13:45:12 christos Exp $ +.\" $NetBSD: ssh-keygen.1,v 1.18 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.133 2016/06/16 06:10:45 jmc Exp $ .\" .\" -*- nroff -*- diff --git a/crypto/external/bsd/openssh/dist/ssh-keygen.c b/crypto/external/bsd/openssh/dist/ssh-keygen.c index 3eeeef31defe..5fbd4d01b20f 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keygen.c +++ b/crypto/external/bsd/openssh/dist/ssh-keygen.c @@ -1,5 +1,6 @@ -/* $NetBSD: ssh-keygen.c,v 1.24 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: ssh-keygen.c,v 1.290 2016/05/02 09:36:42 djm Exp $ */ +/* $NetBSD: ssh-keygen.c,v 1.25 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -14,7 +15,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keygen.c,v 1.24 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh-keygen.c,v 1.25 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -203,8 +204,7 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) *bitsp = sshkey_curve_nid_to_bits(nid); if (*bitsp == 0) *bitsp = DEFAULT_BITS_ECDSA; - } - else + } else #endif *bitsp = DEFAULT_BITS; } @@ -2439,10 +2439,10 @@ main(int argc, char **argv) break; case 'J': lines_to_process = strtoul(optarg, NULL, 10); - break; + break; case 'j': start_lineno = strtoul(optarg, NULL, 10); - break; + break; case 'K': if (strlen(optarg) >= PATH_MAX) fatal("Checkpoint filename too long"); diff --git a/crypto/external/bsd/openssh/dist/ssh-keyscan.1 b/crypto/external/bsd/openssh/dist/ssh-keyscan.1 index d7b83120edf5..b2062c3d1a1f 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keyscan.1 +++ b/crypto/external/bsd/openssh/dist/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh-keyscan.1,v 1.11 2016/03/11 01:55:00 christos Exp $ +.\" $NetBSD: ssh-keyscan.1,v 1.12 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . diff --git a/crypto/external/bsd/openssh/dist/ssh-keyscan.c b/crypto/external/bsd/openssh/dist/ssh-keyscan.c index f750bb1b78ec..97bb6decf0c4 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keyscan.c +++ b/crypto/external/bsd/openssh/dist/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keyscan.c,v 1.17 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ssh-keyscan.c,v 1.18 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . @@ -9,7 +9,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keyscan.c,v 1.17 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh-keyscan.c,v 1.18 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-keysign.8 b/crypto/external/bsd/openssh/dist/ssh-keysign.8 index 3ee9db2eb98f..02012618f873 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keysign.8 +++ b/crypto/external/bsd/openssh/dist/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh-keysign.8,v 1.10 2016/03/11 01:55:00 christos Exp $ +.\" $NetBSD: ssh-keysign.8,v 1.11 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: ssh-keysign.8,v 1.15 2016/02/17 07:38:19 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/ssh-keysign.c b/crypto/external/bsd/openssh/dist/ssh-keysign.c index 36e27763568f..040245ccb70c 100644 --- a/crypto/external/bsd/openssh/dist/ssh-keysign.c +++ b/crypto/external/bsd/openssh/dist/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keysign.c,v 1.11 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: ssh-keysign.c,v 1.12 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keysign.c,v 1.11 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssh-keysign.c,v 1.12 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c b/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c index 1582f6a5af5d..2ea6d57d4c79 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-pkcs11-client.c,v 1.7 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: ssh-pkcs11-client.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-pkcs11-client.c,v 1.6 2015/12/11 00:20:04 mmcc Exp $ */ /* @@ -17,7 +17,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: ssh-pkcs11-client.c,v 1.7 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssh-pkcs11-client.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 index 5533c173f6f1..e66b0521a37a 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh-pkcs11-helper.8,v 1.6 2015/04/03 23:58:19 christos Exp $ +.\" $NetBSD: ssh-pkcs11-helper.8,v 1.7 2016/12/25 00:07:47 christos Exp $ .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ .\" .\" Copyright (c) 2010 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c index 9a37f4386665..dcc875c421d2 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-pkcs11-helper.c,v 1.10 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: ssh-pkcs11-helper.c,v 1.11 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -17,7 +17,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: ssh-pkcs11-helper.c,v 1.10 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssh-pkcs11-helper.c,v 1.11 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11.c b/crypto/external/bsd/openssh/dist/ssh-pkcs11.c index 2b55e720167c..170aeef12b15 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11.c +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11.c @@ -1,5 +1,5 @@ -/* $NetBSD: ssh-pkcs11.c,v 1.10 2016/03/11 01:55:00 christos Exp $ */ -/* $OpenBSD: ssh-pkcs11.c,v 1.22 2016/02/12 00:20:30 djm Exp $ */ +/* $NetBSD: ssh-pkcs11.c,v 1.11 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.23 2016/10/28 03:33:52 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. @@ -17,7 +17,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: ssh-pkcs11.c,v 1.10 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssh-pkcs11.c,v 1.11 2016/12/25 00:07:47 christos Exp $"); #include #include @@ -572,7 +572,8 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) *keyp = NULL; if (pkcs11_provider_lookup(provider_id) != NULL) { - error("provider already registered: %s", provider_id); + debug("%s: provider already registered: %s", + __func__, provider_id); goto fail; } /* open shared pkcs11-libarary */ @@ -589,23 +590,27 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) p->handle = handle; /* setup the pkcs11 callbacks */ if ((rv = (*getfunctionlist)(&f)) != CKR_OK) { - error("C_GetFunctionList failed: %lu", rv); + error("C_GetFunctionList for provider %s failed: %lu", + provider_id, rv); goto fail; } p->function_list = f; if ((rv = f->C_Initialize(NULL)) != CKR_OK) { - error("C_Initialize failed: %lu", rv); + error("C_Initialize for provider %s failed: %lu", + provider_id, rv); goto fail; } need_finalize = 1; if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) { - error("C_GetInfo failed: %lu", rv); + error("C_GetInfo for provider %s failed: %lu", + provider_id, rv); goto fail; } rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID)); rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription)); - debug("manufacturerID <%s> cryptokiVersion %d.%d" + debug("provider %s: manufacturerID <%s> cryptokiVersion %d.%d" " libraryDescription <%s> libraryVersion %d.%d", + provider_id, p->info.manufacturerID, p->info.cryptokiVersion.major, p->info.cryptokiVersion.minor, @@ -617,13 +622,15 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) goto fail; } if (p->nslots == 0) { - error("no slots"); + debug("%s: provider %s returned no slots", __func__, + provider_id); goto fail; } p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID)); if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots)) != CKR_OK) { - error("C_GetSlotList failed: %lu", rv); + error("C_GetSlotList for provider %s failed: %lu", + provider_id, rv); goto fail; } p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo)); @@ -633,20 +640,23 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) token = &p->slotinfo[i].token; if ((rv = f->C_GetTokenInfo(p->slotlist[i], token)) != CKR_OK) { - error("C_GetTokenInfo failed: %lu", rv); + error("C_GetTokenInfo for provider %s slot %lu " + "failed: %lu", provider_id, (unsigned long)i, rv); continue; } if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) { - debug2("%s: ignoring uninitialised token in slot %lu", - __func__, (unsigned long)i); + debug2("%s: ignoring uninitialised token in " + "provider %s slot %lu", __func__, + provider_id, (unsigned long)i); continue; } rmspace(token->label, sizeof(token->label)); rmspace(token->manufacturerID, sizeof(token->manufacturerID)); rmspace(token->model, sizeof(token->model)); rmspace(token->serialNumber, sizeof(token->serialNumber)); - debug("label <%s> manufacturerID <%s> model <%s> serial <%s>" - " flags 0x%lx", + debug("provider %s slot %lu: label <%s> manufacturerID <%s> " + "model <%s> serial <%s> flags 0x%lx", + provider_id, (unsigned long)i, token->label, token->manufacturerID, token->model, token->serialNumber, token->flags); /* open session, login with pin and retrieve public keys */ @@ -658,11 +668,12 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) p->refcount++; /* add to provider list */ return (nkeys); } - error("no keys"); + debug("%s: provider %s returned no keys", __func__, provider_id); /* don't add the provider, since it does not have any keys */ fail: if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) - error("C_Finalize failed: %lu", rv); + error("C_Finalize for provider %s failed: %lu", + provider_id, rv); if (p) { free(p->slotlist); free(p->slotinfo); diff --git a/crypto/external/bsd/openssh/dist/ssh-pkcs11.h b/crypto/external/bsd/openssh/dist/ssh-pkcs11.h index 184a4fcc65bd..2f9d2477bb0a 100644 --- a/crypto/external/bsd/openssh/dist/ssh-pkcs11.h +++ b/crypto/external/bsd/openssh/dist/ssh-pkcs11.h @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-pkcs11.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: ssh-pkcs11.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh-pkcs11.h,v 1.3 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/ssh-rsa.c b/crypto/external/bsd/openssh/dist/ssh-rsa.c index b775d266ef14..1d7de2fa7354 100644 --- a/crypto/external/bsd/openssh/dist/ssh-rsa.c +++ b/crypto/external/bsd/openssh/dist/ssh-rsa.c @@ -1,5 +1,6 @@ -/* $NetBSD: ssh-rsa.c,v 1.10 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: ssh-rsa.c,v 1.59 2016/04/21 06:08:02 djm Exp $ */ +/* $NetBSD: ssh-rsa.c,v 1.11 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.60 2016/09/12 23:39:34 djm Exp $ */ + /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -17,7 +18,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-rsa.c,v 1.10 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh-rsa.c,v 1.11 2016/12/25 00:07:47 christos Exp $"); #include #include @@ -51,7 +52,8 @@ rsa_hash_alg_ident(int hash_alg) static int rsa_hash_alg_from_ident(const char *ident) { - if (strcmp(ident, "ssh-rsa") == 0) + if (strcmp(ident, "ssh-rsa") == 0 || + strcmp(ident, "ssh-rsa-cert-v01@openssh.com") == 0) return SSH_DIGEST_SHA1; if (strcmp(ident, "rsa-sha2-256") == 0) return SSH_DIGEST_SHA256; @@ -91,8 +93,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, if (sigp != NULL) *sigp = NULL; - if (alg_ident == NULL || strlen(alg_ident) == 0 || - strncmp(alg_ident, "ssh-rsa-cert", strlen("ssh-rsa-cert")) == 0) + if (alg_ident == NULL || strlen(alg_ident) == 0) hash_alg = SSH_DIGEST_SHA1; else hash_alg = rsa_hash_alg_from_ident(alg_ident); diff --git a/crypto/external/bsd/openssh/dist/ssh.1 b/crypto/external/bsd/openssh/dist/ssh.1 index b969aebbd8dd..491a08a5e22f 100644 --- a/crypto/external/bsd/openssh/dist/ssh.1 +++ b/crypto/external/bsd/openssh/dist/ssh.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh.1,v 1.18 2016/08/02 13:45:12 christos Exp $ +.\" $NetBSD: ssh.1,v 1.19 2016/12/25 00:07:47 christos Exp $ .\" -*- nroff -*- .\" .\" Author: Tatu Ylonen diff --git a/crypto/external/bsd/openssh/dist/ssh.c b/crypto/external/bsd/openssh/dist/ssh.c index c29532314657..6382efda8799 100644 --- a/crypto/external/bsd/openssh/dist/ssh.c +++ b/crypto/external/bsd/openssh/dist/ssh.c @@ -1,5 +1,6 @@ -/* $NetBSD: ssh.c,v 1.23 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: ssh.c,v 1.445 2016/07/17 04:20:16 djm Exp $ */ +/* $NetBSD: ssh.c,v 1.24 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,7 +43,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh.c,v 1.23 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh.c,v 1.24 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -204,10 +205,6 @@ static int ssh_session2(void); static void load_public_identity_files(void); static void main_sigchld_handler(int); -/* from muxclient.c */ -void muxclient(const char *); -void muxserver_listen(void); - /* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */ static void tilde_expand_paths(char **paths, u_int num_paths) @@ -645,6 +642,8 @@ main(int ac, char **av) muxclient_command = SSHMUX_COMMAND_STOP; else if (strcmp(optarg, "cancel") == 0) muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; + else if (strcmp(optarg, "proxy") == 0) + muxclient_command = SSHMUX_COMMAND_PROXY; else fatal("Invalid multiplex command."); break; @@ -662,11 +661,11 @@ main(int ac, char **av) else if (strcmp(optarg, "kex") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) - cp = key_alg_list(0, 0); + cp = sshkey_alg_list(0, 0, '\n'); else if (strcmp(optarg, "key-cert") == 0) - cp = key_alg_list(1, 0); + cp = sshkey_alg_list(1, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) - cp = key_alg_list(0, 1); + cp = sshkey_alg_list(0, 1, '\n'); else if (strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 cp = xstrdup("1\n2"); @@ -1142,7 +1141,8 @@ main(int ac, char **av) tty_flag = options.request_tty != REQUEST_TTY_NO; /* Force no tty */ - if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0) + if (options.request_tty == REQUEST_TTY_NO || + (muxclient_command && muxclient_command != SSHMUX_COMMAND_PROXY)) tty_flag = 0; /* Do not allocate a tty if stdin is not a tty. */ if ((!isatty(fileno(stdin)) || stdin_null_flag) && @@ -1217,8 +1217,16 @@ main(int ac, char **av) if (muxclient_command != 0 && options.control_path == NULL) fatal("No ControlPath specified for \"-O\" command"); - if (options.control_path != NULL) - muxclient(options.control_path); + if (options.control_path != NULL) { + int sock; + if ((sock = muxclient(options.control_path)) >= 0) { + packet_set_connection(sock, sock); + ssh = active_state; /* XXX */ + enable_compat20(); /* XXX */ + packet_set_mux(); + goto skip_connect; + } + } /* * If hostname canonicalisation was not enabled, then we may not @@ -1405,6 +1413,7 @@ main(int ac, char **av) options.certificate_files[i] = NULL; } + skip_connect: exit_status = compat20 ? ssh_session2() : ssh_session(); packet_close(); @@ -1988,7 +1997,8 @@ ssh_session2(void) ssh_init_forwarding(); /* Start listening for multiplex clients */ - muxserver_listen(); + if (!packet_get_mux()) + muxserver_listen(); /* * If we are in control persist mode and have a working mux listen @@ -2153,8 +2163,9 @@ load_public_identity_files(void) free(cp); continue; } + /* NB. leave filename pointing to private key */ + identity_files[n_ids] = xstrdup(filename); identity_keys[n_ids] = public; - identity_files[n_ids] = cp; n_ids++; } diff --git a/crypto/external/bsd/openssh/dist/ssh.h b/crypto/external/bsd/openssh/dist/ssh.h index 1552e62f9762..cbf6c9e2cd7e 100644 --- a/crypto/external/bsd/openssh/dist/ssh.h +++ b/crypto/external/bsd/openssh/dist/ssh.h @@ -1,4 +1,4 @@ -/* $NetBSD: ssh.h,v 1.7 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: ssh.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/ssh1.h b/crypto/external/bsd/openssh/dist/ssh1.h index 1fcd32935581..d8a4cc2eea6b 100644 --- a/crypto/external/bsd/openssh/dist/ssh1.h +++ b/crypto/external/bsd/openssh/dist/ssh1.h @@ -1,4 +1,4 @@ -/* $NetBSD: ssh1.h,v 1.5 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ssh1.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh1.h,v 1.7 2016/05/04 14:22:33 markus Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/ssh2.h b/crypto/external/bsd/openssh/dist/ssh2.h index 8d1b39e0fa98..b4f39e0052c0 100644 --- a/crypto/external/bsd/openssh/dist/ssh2.h +++ b/crypto/external/bsd/openssh/dist/ssh2.h @@ -1,4 +1,4 @@ -/* $NetBSD: ssh2.h,v 1.9 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ssh2.h,v 1.10 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh2.h,v 1.18 2016/05/04 14:22:33 markus Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/ssh_api.c b/crypto/external/bsd/openssh/dist/ssh_api.c index 34e74b1ba7c0..3177d5f9857f 100644 --- a/crypto/external/bsd/openssh/dist/ssh_api.c +++ b/crypto/external/bsd/openssh/dist/ssh_api.c @@ -1,4 +1,4 @@ -/* $NetBSD: ssh_api.c,v 1.4 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ssh_api.c,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh_api.c,v 1.7 2016/05/04 14:22:33 markus Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. @@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh_api.c,v 1.4 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ssh_api.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include "ssh1.h" /* For SSH_MSG_NONE */ #include "ssh_api.h" diff --git a/crypto/external/bsd/openssh/dist/ssh_api.h b/crypto/external/bsd/openssh/dist/ssh_api.h index 477c427ec4ad..42fe223a3c89 100644 --- a/crypto/external/bsd/openssh/dist/ssh_api.h +++ b/crypto/external/bsd/openssh/dist/ssh_api.h @@ -1,4 +1,4 @@ -/* $NetBSD: ssh_api.h,v 1.2 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: ssh_api.h,v 1.3 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. diff --git a/crypto/external/bsd/openssh/dist/ssh_config b/crypto/external/bsd/openssh/dist/ssh_config index e314ba660867..c0e4bbee9b14 100644 --- a/crypto/external/bsd/openssh/dist/ssh_config +++ b/crypto/external/bsd/openssh/dist/ssh_config @@ -1,4 +1,4 @@ -# $NetBSD: ssh_config,v 1.9 2016/03/11 01:55:00 christos Exp $ +# $NetBSD: ssh_config,v 1.10 2016/12/25 00:07:47 christos Exp $ # $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $ # This is the ssh client system-wide configuration file. See diff --git a/crypto/external/bsd/openssh/dist/ssh_config.5 b/crypto/external/bsd/openssh/dist/ssh_config.5 index 634230ca98e3..89ad476da74a 100644 --- a/crypto/external/bsd/openssh/dist/ssh_config.5 +++ b/crypto/external/bsd/openssh/dist/ssh_config.5 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh_config.5,v 1.18 2016/08/02 13:45:12 christos Exp $ +.\" $NetBSD: ssh_config.5,v 1.19 2016/12/25 00:07:47 christos Exp $ .\" -*- nroff -*- .\" .\" Author: Tatu Ylonen @@ -35,8 +35,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.236 2016/07/22 07:00:46 djm Exp $ -.Dd July 22 2016 +.\" $OpenBSD: ssh_config.5,v 1.240 2016/10/15 19:56:25 jmc Exp $ +.Dd October 15 2016 .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -64,25 +64,25 @@ system-wide configuration file For each parameter, the first obtained value will be used. The configuration files contain sections separated by -.Dq Host +.Cm Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the .Cm CanonicalizeHostname -option for exceptions.) +option for exceptions). .Pp Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end. .Pp -The configuration file has the following format: -.Pp -Empty lines and lines starting with +The file contains keyword-argument pairs, one per line. +Lines starting with .Ql # -are comments. -Otherwise a line is of the format -.Dq keyword arguments . +and empty lines are interpreted as comments. +Arguments may optionally be enclosed in double quotes +.Pq \&" +in order to represent arguments containing spaces. Configuration options may be separated by whitespace or optional whitespace and exactly one .Ql = ; @@ -94,9 +94,6 @@ and .Nm sftp .Fl o option. -Arguments may optionally be enclosed in double quotes -.Pq \&" -in order to represent arguments containing spaces. .Pp The possible keywords and their meanings are as follows (note that @@ -119,7 +116,7 @@ The host is usually the argument given on the command line (see the .Cm CanonicalizeHostname -option for exceptions.) +keyword for exceptions). .Pp A pattern entry may be negated by prefixing it with an exclamation mark .Pq Sq !\& . @@ -179,24 +176,11 @@ The keyword executes the specified command under the user's shell. If the command returns a zero exit status then the condition is considered true. Commands containing whitespace characters must be quoted. -The following character sequences in the command will be expanded prior to -execution: -.Ql %L -will be substituted by the first component of the local host name, -.Ql %l -will be substituted by the local host name (including any domain name), -.Ql %h -will be substituted by the target host name, -.Ql %n -will be substituted by the original target host name -specified on the command-line, -.Ql %p -the destination port, -.Ql %r -by the remote login username, and -.Ql %u -by the username of the user running -.Xr ssh 1 . +Arguments to +.Cm exec +accept the tokens described in the +.Sx TOKENS +section. .Pp The other keywords' criteria must be single entries or comma-separated lists and may use the wildcard and negation operators described in the @@ -227,57 +211,54 @@ files). Specifies whether keys should be automatically added to a running .Xr ssh-agent 1 . If this option is set to -.Dq yes +.Cm yes and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by .Xr ssh-add 1 . If this option is set to -.Dq ask , -.Nm ssh +.Cm ask , +.Xr ssh 1 will require confirmation using the .Ev SSH_ASKPASS program before adding a key (see .Xr ssh-add 1 for details). If this option is set to -.Dq confirm , +.Cm confirm , each use of the key must be confirmed, as if the .Fl c option was specified to .Xr ssh-add 1 . If this option is set to -.Dq no , +.Cm no , no keys are added to the agent. The argument must be -.Dq yes , -.Dq confirm , -.Dq ask , +.Cm yes , +.Cm confirm , +.Cm ask , or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm AddressFamily Specifies which address family to use when connecting. Valid arguments are -.Dq any , -.Dq inet +.Cm any +(the default), +.Cm inet (use IPv4 only), or -.Dq inet6 +.Cm inet6 (use IPv6 only). -The default is -.Dq any . .It Cm BatchMode If set to -.Dq yes , +.Cm yes , passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where no user is present to supply the password. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm BindAddress Use the specified address on the local machine as the source address of the connection. @@ -285,7 +266,7 @@ Only useful on systems with more than one address. Note that this option does not work if .Cm UsePrivilegedPort is set to -.Dq yes . +.Cm yes . .It Cm CanonicalDomains When .Cm CanonicalizeHostname @@ -294,11 +275,11 @@ search for the specified destination host. .It Cm CanonicalizeFallbackLocal Specifies whether to fail with an error when hostname canonicalization fails. The default, -.Dq yes , +.Cm yes , will attempt to look up the unqualified hostname using the system resolver's search rules. A value of -.Dq no +.Cm no will cause .Xr ssh 1 to fail instantly if @@ -309,11 +290,11 @@ specified by .It Cm CanonicalizeHostname Controls whether explicit hostname canonicalization is performed. The default, -.Dq no , +.Cm no , is not to perform any name rewriting and let the system resolver handle all hostname lookups. If set to -.Dq yes +.Cm yes then, for connections that do not use a .Cm ProxyCommand , .Xr ssh 1 @@ -326,7 +307,7 @@ rules. If .Cm CanonicalizeHostname is set to -.Dq always , +.Cm always , then canonicalization is applied to proxied connections too. .Pp If this option is enabled, then the configuration files are processed @@ -338,8 +319,7 @@ stanzas. .It Cm CanonicalizeMaxDots Specifies the maximum number of dot characters in a hostname before canonicalization is disabled. -The default, -.Dq 1 , +The default, 1, allows a single dot (i.e. hostname.subdomain). .It Cm CanonicalizePermittedCNAMEs Specifies rules to determine whether CNAMEs should be followed when @@ -354,13 +334,13 @@ and is a pattern-list of domains that they may resolve to. .Pp For example, -.Dq *.a.example.com:*.b.example.com,*.c.example.com +.Qq *.a.example.com:*.b.example.com,*.c.example.com will allow hostnames matching -.Dq *.a.example.com +.Qq *.a.example.com to be canonicalized to names in the -.Dq *.b.example.com +.Qq *.b.example.com or -.Dq *.c.example.com +.Qq *.c.example.com domains. .It Cm CertificateFile Specifies a file from which the user's certificate is read. @@ -377,19 +357,12 @@ via or via a .Cm PKCS11Provider . .Pp -The file name may use the tilde -syntax to refer to a user's home directory or one of the following -escape characters: -.Ql %d -(local user's home directory), -.Ql %u -(local user name), -.Ql %l -(local host name), -.Ql %h -(remote host name) or -.Ql %r -(remote user name). +Arguments to +.Cm CertificateFile +may use the tilde syntax to refer to a user's home directory +or the tokens described in the +.Sx TOKENS +section. .Pp It is possible to have multiple certificate files specified in configuration files; these certificates will be tried in sequence. @@ -400,47 +373,42 @@ authentication. .It Cm ChallengeResponseAuthentication Specifies whether to use challenge-response authentication. The argument to this keyword must be -.Dq yes +.Cm yes +(the default) or -.Dq no . -The default is -.Dq yes . +.Cm no . .It Cm CheckHostIP -If this flag is set to -.Dq yes , +If set to +.Cm yes +(the default), .Xr ssh 1 will additionally check the host IP address in the .Pa known_hosts file. -This allows ssh to detect if a host key changed due to DNS spoofing +This allows it to detect if a host key changed due to DNS spoofing and will add addresses of destination hosts to .Pa ~/.ssh/known_hosts in the process, regardless of the setting of .Cm StrictHostKeyChecking . If the option is set to -.Dq no , +.Cm no , the check will not be executed. -The default is -.Dq yes . .It Cm Cipher Specifies the cipher to use for encrypting the session in protocol version 1. Currently, -.Dq blowfish , -.Dq 3des , +.Cm blowfish , +.Cm 3des +(the default), and -.Dq des -are supported. -.Ar des +.Cm des +are supported, +though +.Cm des is only supported in the .Xr ssh 1 -client for interoperability with legacy protocol 1 implementations -that do not support the -.Ar 3des -cipher. -Its use is strongly discouraged due to cryptographic weaknesses. -The default is -.Dq 3des . +client for interoperability with legacy protocol 1 implementations; +its use is strongly discouraged due to cryptographic weaknesses. .It Cm Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. @@ -451,54 +419,34 @@ character, then the specified ciphers will be appended to the default set instead of replacing them. .Pp The supported ciphers are: -.Pp -.Bl -item -compact -offset indent -.It +.Bd -literal -offset indent 3des-cbc -.It aes128-cbc -.It aes192-cbc -.It aes256-cbc -.It aes128-ctr -.It aes192-ctr -.It aes256-ctr -.It aes128-gcm@openssh.com -.It aes256-gcm@openssh.com -.It arcfour -.It arcfour128 -.It arcfour256 -.It blowfish-cbc -.It cast128-cbc -.It chacha20-poly1305@openssh.com -.El +.Ed .Pp The default is: .Bd -literal -offset indent chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com, -aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc +aes128-cbc,aes192-cbc,aes256-cbc .Ed .Pp -The list of available ciphers may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq cipher . +The list of available ciphers may also be obtained using +.Qq ssh -Q cipher . .It Cm ClearAllForwardings Specifies that all local, remote, and dynamic port forwardings specified in the configuration files or on the command line be @@ -511,19 +459,17 @@ configuration files, and is automatically set by and .Xr sftp 1 . The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm Compression Specifies whether to use compression. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm CompressionLevel Specifies the compression level to use if compression is enabled. The argument must be an integer from 1 (fast) to 9 (slow, best). @@ -544,7 +490,7 @@ not when it refuses the connection. .It Cm ControlMaster Enables the sharing of multiple sessions over a single network connection. When set to -.Dq yes , +.Cm yes , .Xr ssh 1 will listen for connections on a control socket specified using the .Cm ControlPath @@ -554,21 +500,23 @@ Additional sessions can connect to this socket using the same with .Cm ControlMaster set to -.Dq no +.Cm no (the default). These sessions will try to reuse the master instance's network connection rather than initiating new ones, but will fall back to connecting normally if the control socket does not exist, or is not listening. .Pp Setting this to -.Dq ask -will cause ssh +.Cm ask +will cause +.Xr ssh 1 to listen for control connections, but require confirmation using .Xr ssh-askpass 1 . If the .Cm ControlPath cannot be opened, -ssh will continue without connecting to a master instance. +.Xr ssh 1 +will continue without connecting to a master instance. .Pp X11 and .Xr ssh-agent 1 @@ -580,41 +528,25 @@ Two additional options allow for opportunistic multiplexing: try to use a master connection but fall back to creating a new one if one does not already exist. These options are: -.Dq auto +.Cm auto and -.Dq autoask . +.Cm autoask . The latter requires confirmation like the -.Dq ask +.Cm ask option. .It Cm ControlPath Specify the path to the control socket used for connection sharing as described in the .Cm ControlMaster section above or the string -.Dq none +.Cm none to disable connection sharing. -In the path, -.Ql %L -will be substituted by the first component of the local host name, -.Ql %l -will be substituted by the local host name (including any domain name), -.Ql %h -will be substituted by the target host name, -.Ql %n -will be substituted by the original target host name -specified on the command line, -.Ql %p -the destination port, -.Ql %r -by the remote login username, -.Ql %u -by the username and -.Ql %i -by the numeric user ID (uid) of the user running -.Xr ssh 1 , -and -.Ql \&%C -by a hash of the concatenation: %l%h%p%r. +Arguments to +.Cm ControlPath +may use the tilde syntax to refer to a user's home directory +or the tokens described in the +.Sx TOKENS +section. It is recommended that any .Cm ControlPath used for opportunistic connection sharing include @@ -628,18 +560,15 @@ specifies that the master connection should remain open in the background (waiting for future client connections) after the initial client connection has been closed. If set to -.Dq no , +.Cm no , then the master connection will not be placed into the background, and will close as soon as the initial client connection is closed. If set to -.Dq yes -or -.Dq 0 , +.Cm yes +or 0, then the master connection will remain in the background indefinitely (until killed or closed via a mechanism such as the -.Xr ssh 1 -.Dq Fl O No exit -option). +.Qq ssh -O exit ) . If set to a time in seconds, or a time in any of the formats documented in .Xr sshd_config 5 , then the backgrounded master connection will automatically terminate @@ -665,7 +594,7 @@ may be used to bind the connection to a specific address. The .Ar bind_address of -.Dq localhost +.Cm localhost indicates that the listening port be bound for local use only, while an empty address or .Sq * @@ -679,7 +608,7 @@ additional forwardings can be given on the command line. Only the superuser can forward privileged ports. .It Cm EnableSSHKeysign Setting this option to -.Dq yes +.Cm yes in the global client configuration file .Pa /etc/ssh/ssh_config enables the use of the helper program @@ -687,11 +616,10 @@ enables the use of the helper program during .Cm HostbasedAuthentication . The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). This option should be placed in the non-hostspecific section. See .Xr ssh-keysign 8 @@ -704,7 +632,7 @@ be set on the command line. The argument should be a single character, .Ql ^ followed by a letter, or -.Dq none +.Cm none to disable the escape character entirely (making the connection transparent for binary data). @@ -721,28 +649,25 @@ for example, cause .Xr ssh 1 to exit if TCP connections to the ultimate forwarding destination fail. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm FingerprintHash Specifies the hash algorithm used when displaying key fingerprints. Valid options are: -.Dq md5 +.Cm md5 and -.Dq sha256 . -The default is -.Dq sha256 . +.Cm sha256 +(the default). .It Cm ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .Pp Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host @@ -757,11 +682,10 @@ over the secure channel and .Ev DISPLAY set. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .Pp X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host @@ -774,7 +698,8 @@ option is also enabled. .It Cm ForwardX11Timeout Specify a timeout for untrusted X11 forwarding using the format described in the -TIME FORMATS section of +.Sx TIME FORMATS +section of .Xr sshd_config 5 . X11 connections received by .Xr ssh 1 @@ -783,11 +708,12 @@ The default is to disable untrusted X11 forwarding after twenty minutes has elapsed. .It Cm ForwardX11Trusted If this option is set to -.Dq yes , +.Cm yes , remote X11 clients will have full access to the original X11 display. .Pp If this option is set to -.Dq no , +.Cm no +(the default), remote X11 clients will be considered untrusted and prevented from stealing or tampering with data belonging to trusted X11 clients. @@ -796,9 +722,6 @@ Furthermore, the token used for the session will be set to expire after 20 minutes. Remote clients will be refused access after this time. .Pp -The default is -.Dq no . -.Pp See the X11 SECURITY extension specification for full details on the restrictions imposed on untrusted clients. .It Cm GatewayPorts @@ -813,11 +736,10 @@ can be used to specify that ssh should bind local port forwardings to the wildcard address, thus allowing remote hosts to connect to forwarded ports. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm GlobalKnownHostsFile Specifies one or more files to use for the global host key database, separated by whitespace. @@ -827,11 +749,11 @@ The default is .It Cm GSSAPIAuthentication Specifies whether user authentication based on GSSAPI is allowed. The default is -.Dq no . +.Cm no . .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is -.Dq no . +.Cm no . .It Cm HashKnownHosts Indicates that .Xr ssh 1 @@ -844,7 +766,7 @@ and but they do not reveal identifying information should the file's contents be disclosed. The default is -.Dq no . +.Cm no . Note that existing names and addresses in known hosts files will not be converted automatically, but may be manually hashed using @@ -853,11 +775,10 @@ but may be manually hashed using Specifies whether to try rhosts based authentication with public key authentication. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication as a comma-separated pattern list. @@ -902,12 +823,8 @@ ssh-ed25519,ssh-rsa If hostkeys are known for the destination host then this default is modified to prefer their algorithms. .Pp -The list of available key types may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq key . +The list of available key types may also be obtained using +.Qq ssh -Q key . .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -917,20 +834,15 @@ or for multiple servers running on a single host. .It Cm HostName Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. -If the hostname contains the character sequence -.Ql %h , -then this will be replaced with the host name specified on the command line -(this is useful for manipulating unqualified names). -The character sequence -.Ql %% -will be replaced by a single -.Ql % -character, which may be used when specifying IPv6 link-local addresses. -.Pp -The default is the name given on the command line. +Arguments to +.Cm HostName +accept the tokens described in the +.Sx TOKENS +section. Numeric IP addresses are also permitted (both on the command line and in .Cm HostName specifications). +The default is the name given on the command line. .It Cm IdentitiesOnly Specifies that .Xr ssh 1 @@ -947,43 +859,35 @@ or a .Cm PKCS11Provider offers more identities. The argument to this keyword must be -.Dq yes +.Cm yes or -.Dq no . +.Cm no +(the default). This option is intended for situations where ssh-agent offers many different identities. -The default is -.Dq no . .It Cm IdentityAgent Specifies the .Ux Ns -domain socket used to communicate with the authentication agent. .Pp This option overrides the -.Dq SSH_AUTH_SOCK +.Ev SSH_AUTH_SOCK environment variable and can be used to select a specific agent. Setting the socket name to -.Dq none +.Cm none disables the use of an authentication agent. If the string -.Dq SSH_AUTH_SOCK +.Qq SSH_AUTH_SOCK is specified, the location of the socket will be read from the .Ev SSH_AUTH_SOCK environment variable. .Pp -The socket name may use the tilde -syntax to refer to a user's home directory or one of the following -escape characters: -.Ql %d -(local user's home directory), -.Ql %u -(local user name), -.Ql %l -(local host name), -.Ql %h -(remote host name) or -.Ql %r -(remote user name). +Arguments to +.Cm IdentityAgent +may use the tilde syntax to refer to a user's home directory +or the tokens described in the +.Sx TOKENS +section. .It Cm IdentityFile Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication identity is read. @@ -1009,19 +913,12 @@ appending to the path of a specified .Cm IdentityFile . .Pp -The file name may use the tilde -syntax to refer to a user's home directory or one of the following -escape characters: -.Ql %d -(local user's home directory), -.Ql %u -(local user name), -.Ql %l -(local host name), -.Ql %h -(remote host name) or -.Ql %r -(remote user name). +Arguments to +.Cm IdentityFile +may use the tilde syntax to refer to a user's home directory +or the tokens described in the +.Sx TOKENS +section. .Pp It is possible to have multiple identity files specified in configuration files; all these @@ -1056,7 +953,7 @@ Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain .Xr glob 3 wildcards and, for user configurations, shell-like -.Dq ~ +.Sq ~ references to user home directories. Files without absolute paths are assumed to be in .Pa ~/.ssh @@ -1073,48 +970,47 @@ to perform conditional inclusion. .It Cm IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. Accepted values are -.Dq af11 , -.Dq af12 , -.Dq af13 , -.Dq af21 , -.Dq af22 , -.Dq af23 , -.Dq af31 , -.Dq af32 , -.Dq af33 , -.Dq af41 , -.Dq af42 , -.Dq af43 , -.Dq cs0 , -.Dq cs1 , -.Dq cs2 , -.Dq cs3 , -.Dq cs4 , -.Dq cs5 , -.Dq cs6 , -.Dq cs7 , -.Dq ef , -.Dq lowdelay , -.Dq throughput , -.Dq reliability , +.Cm af11 , +.Cm af12 , +.Cm af13 , +.Cm af21 , +.Cm af22 , +.Cm af23 , +.Cm af31 , +.Cm af32 , +.Cm af33 , +.Cm af41 , +.Cm af42 , +.Cm af43 , +.Cm cs0 , +.Cm cs1 , +.Cm cs2 , +.Cm cs3 , +.Cm cs4 , +.Cm cs5 , +.Cm cs6 , +.Cm cs7 , +.Cm ef , +.Cm lowdelay , +.Cm throughput , +.Cm reliability , or a numeric value. This option may take one or two arguments, separated by whitespace. If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. The default is -.Dq lowdelay +.Cm lowdelay for interactive sessions and -.Dq throughput +.Cm throughput for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. The argument to this keyword must be -.Dq yes +.Cm yes +(the default) or -.Dq no . -The default is -.Dq yes . +.Cm no . .It Cm KbdInteractiveDevices Specifies the list of methods to use in keyboard-interactive authentication. Multiple method names must be comma-separated. @@ -1122,10 +1018,10 @@ The default is to use the server specified list. The methods available vary depending on what the server supports. For an OpenSSH server, it may be zero or more of: -.Dq bsdauth , -.Dq pam , +.Cm bsdauth , +.Cm pam , and -.Dq skey . +.Cm skey . .It Cm KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. @@ -1135,41 +1031,25 @@ character, then the specified methods will be appended to the default set instead of replacing them. The default is: .Bd -literal -offset indent -curve25519-sha256@libssh.org, +curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1 .Ed .Pp -The list of available key exchange algorithms may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq kex . +The list of available key exchange algorithms may also be obtained using +.Qq ssh -Q kex . .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. The command string extends to the end of the line, and is executed with the user's shell. -The following escape character substitutions will be performed: -.Ql %d -(local user's home directory), -.Ql %h -(remote host name), -.Ql %l -(local host name), -.Ql %n -(host name as provided on the command line), -.Ql %p -(remote port), -.Ql %r -(remote user name) or -.Ql %u -(local user name) or -.Ql \&%C -by a hash of the concatenation: %l%h%p%r. +Arguments to +.Cm LocalCommand +accept the tokens described in the +.Sx TOKENS +section. .Pp The command is run synchronously and does not have access to the session of the @@ -1202,7 +1082,7 @@ may be used to bind the connection to a specific address. The .Ar bind_address of -.Dq localhost +.Cm localhost indicates that the listening port be bound for local use only, while an empty address or .Sq * @@ -1226,7 +1106,7 @@ character, then the specified algorithms will be appended to the default set instead of replacing them. .Pp The algorithms that contain -.Dq -etm +.Qq -etm calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. .Pp @@ -1239,22 +1119,18 @@ umac-64@openssh.com,umac-128@openssh.com, hmac-sha2-256,hmac-sha2-512,hmac-sha1 .Ed .Pp -The list of available MAC algorithms may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq mac . +The list of available MAC algorithms may also be obtained using +.Qq ssh -Q mac . .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. In this case localhost will refer to a different machine on each of the machines and the user will get many warnings about changed host keys. However, this option disables host authentication for localhost. The argument to this keyword must be -.Dq yes +.Cm yes or -.Dq no . -The default is to check the host key for localhost. +.Cm no . +(the default). .It Cm NumberOfPasswordPrompts Specifies the number of password prompts before giving up. The argument to this keyword must be an integer. @@ -1262,11 +1138,10 @@ The default is 3. .It Cm PasswordAuthentication Specifies whether to use password authentication. The argument to this keyword must be -.Dq yes +.Cm yes +(the default) or -.Dq no . -The default is -.Dq yes . +.Cm no . .It Cm PermitLocalCommand Allow local command execution via the .Ic LocalCommand @@ -1275,11 +1150,10 @@ option or using the escape sequence in .Xr ssh 1 . The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm PKCS11Provider Specifies which PKCS#11 provider to use. The argument to this keyword is the PKCS#11 shared library @@ -1304,18 +1178,14 @@ keyboard-interactive,password Specifies the protocol versions .Xr ssh 1 should support in order of preference. -The possible values are -.Sq 1 -and -.Sq 2 . +The possible values are 1 and 2. Multiple versions must be comma-separated. When this option is set to -.Dq 2,1 +.Cm 2,1 .Nm ssh will try version 2 and fall back to version 1 if version 2 is not available. -The default is -.Sq 2 . +The default is version 2. Protocol 1 suffers from a number of cryptographic weaknesses and should not be used. It is only offered to support legacy devices. @@ -1327,14 +1197,11 @@ using the user's shell .Ql exec directive to avoid a lingering shell process. .Pp -In the command string, any occurrence of -.Ql %h -will be substituted by the host name to -connect, -.Ql %p -by the port, and -.Ql %r -by the remote user name. +Arguments to +.Cm ProxyCommand +accept the tokens described in the +.Sx TOKENS +section. The command can be basically anything, and should read from its standard input and write to its standard output. It should eventually connect an @@ -1346,7 +1213,7 @@ Host key management will be done using the HostName of the host being connected (defaulting to the name typed by the user). Setting the command to -.Dq none +.Cm none disables this option entirely. Note that .Cm CheckHostIP @@ -1391,7 +1258,7 @@ will pass a connected file descriptor back to .Xr ssh 1 instead of continuing to execute and pass data. The default is -.Dq no . +.Cm no . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be used for public key authentication as a comma-separated pattern list. @@ -1410,19 +1277,15 @@ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa .Ed .Pp -The -.Fl Q -option of -.Xr ssh 1 -may be used to list supported key types. +The list of available key types may also be obtained using +.Qq ssh -Q key . .It Cm PubkeyAuthentication Specifies whether to try public key authentication. The argument to this keyword must be -.Dq yes +.Cm yes +(the default) or -.Dq no . -The default is -.Dq yes . +.Cm no . .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1440,12 +1303,13 @@ and depending on the cipher. The optional second value is specified in seconds and may use any of the units documented in the -TIME FORMATS section of +.Sx TIME FORMATS +section of .Xr sshd_config 5 . The default value for .Cm RekeyLimit is -.Dq default none , +.Cm default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. .It Cm RemoteForward @@ -1465,8 +1329,7 @@ logging in as root on the remote machine. .Pp If the .Ar port -argument is -.Ql 0 , +argument is 0, the listen port will be dynamically allocated on the server and reported to the client at run time. .Pp @@ -1488,13 +1351,13 @@ option is enabled (see .It Cm RequestTTY Specifies whether to request a pseudo-tty for the session. The argument may be one of: -.Dq no +.Cm no (never request a TTY), -.Dq yes +.Cm yes (always request a TTY when standard input is a TTY), -.Dq force +.Cm force (always request a TTY) or -.Dq auto +.Cm auto (request a TTY when opening a login session). This option mirrors the .Fl t @@ -1516,25 +1379,23 @@ For more information on KRLs, see the KEY REVOCATION LISTS section in Specifies whether to try rhosts based authentication with RSA host authentication. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). This option applies to protocol version 1 only and requires .Xr ssh 1 to be setuid root. .It Cm RSAAuthentication Specifies whether to try RSA authentication. The argument to this keyword must be -.Dq yes +.Cm yes +(the default) or -.Dq no . +.Cm no . RSA authentication will only be attempted if the identity file exists, or an authentication agent is running. -The default is -.Dq yes . Note that this option applies to protocol version 1 only. .It Cm SendEnv Specifies what variables from the local @@ -1617,14 +1478,13 @@ will be unable to forward the port to the Unix-domain socket file. This option is only used for port forwarding to a Unix-domain socket file. .Pp The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). .It Cm StrictHostKeyChecking If this flag is set to -.Dq yes , +.Cm yes , .Xr ssh 1 will never automatically add host keys to the .Pa ~/.ssh/known_hosts @@ -1637,24 +1497,18 @@ frequently made. This option forces the user to manually add all new hosts. If this flag is set to -.Dq no , +.Cm no , ssh will automatically add new host keys to the user known hosts files. If this flag is set to -.Dq ask , +.Cm ask +(the default), new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases. -The argument must be -.Dq yes , -.Dq no , -or -.Dq ask . -The default is -.Dq ask . .It Cm TCPKeepAlive Specifies whether the system should send TCP keepalive messages to the other side. @@ -1665,31 +1519,30 @@ connections will die if the route is down temporarily, and some people find it annoying. .Pp The default is -.Dq yes +.Cm yes (to send TCP keepalive messages), and the client will notice if the network goes down or the remote host dies. This is important in scripts, and many users want it too. .Pp To disable TCP keepalive messages, the value should be set to -.Dq no . +.Cm no . .It Cm Tunnel Request .Xr tun 4 device forwarding between the client and the server. The argument must be -.Dq yes , -.Dq point-to-point +.Cm yes , +.Cm point-to-point (layer 3), -.Dq ethernet +.Cm ethernet (layer 2), or -.Dq no . +.Cm no +(the default). Specifying -.Dq yes +.Cm yes requests the default tunnel mode, which is -.Dq point-to-point . -The default is -.Dq no . +.Cm point-to-point . .It Cm TunnelDevice Specifies the .Xr tun 4 @@ -1703,14 +1556,14 @@ The argument must be .Ar local_tun Op : Ar remote_tun . .Sm on The devices may be specified by numerical ID or the keyword -.Dq any , +.Cm any , which uses the next available tunnel device. If .Ar remote_tun is not specified, it defaults to -.Dq any . +.Cm any . The default is -.Dq any:any . +.Cm any:any . .It Cm UpdateHostKeys Specifies whether .Xr ssh 1 @@ -1718,10 +1571,10 @@ should accept notifications of additional hostkeys from the server sent after authentication has completed and add them to .Cm UserKnownHostsFile . The argument must be -.Dq yes , -.Dq no +.Cm yes , +.Cm no (the default) or -.Dq ask . +.Cm ask . Enabling this option allows learning alternate hostkeys for a server and supports graceful key rotation by allowing a server to send replacement public keys before old ones are removed. @@ -1730,7 +1583,7 @@ host was already trusted or explicitly accepted by the user. If .Cm UpdateHostKeys is set to -.Dq ask , +.Cm ask , then the user is asked to confirm the modifications to the known_hosts file. Confirmation is currently incompatible with .Cm ControlPersist , @@ -1739,22 +1592,21 @@ and will be disabled if it is enabled. Presently, only .Xr sshd 8 from OpenSSH 6.8 and greater support the -.Dq hostkeys@openssh.com +.Qq hostkeys@openssh.com protocol extension used to inform the client of all the server's hostkeys. .It Cm UsePrivilegedPort Specifies whether to use a privileged port for outgoing connections. The argument must be -.Dq yes +.Cm yes or -.Dq no . -The default is -.Dq no . +.Cm no +(the default). If set to -.Dq yes , +.Cm yes , .Xr ssh 1 must be setuid root. Note that this option must be set to -.Dq yes +.Cm yes for .Cm RhostsRSAAuthentication with older servers. @@ -1773,39 +1625,35 @@ The default is Specifies whether to verify the remote key using DNS and SSHFP resource records. If this option is set to -.Dq yes , +.Cm yes , the client will implicitly trust keys that match a secure fingerprint from DNS. Insecure fingerprints will be handled as if this option was set to -.Dq ask . +.Cm ask . If this option is set to -.Dq ask , +.Cm ask , information on fingerprint match will be displayed, but the user will still need to confirm new host keys according to the .Cm StrictHostKeyChecking option. -The argument must be -.Dq yes , -.Dq no , -or -.Dq ask . The default is -.Dq no . +.Cm no . .Pp -See also VERIFYING HOST KEYS in +See also +.Sx VERIFYING HOST KEYS +in .Xr ssh 1 . .It Cm VisualHostKey If this flag is set to -.Dq yes , +.Cm yes , an ASCII art representation of the remote host key fingerprint is printed in addition to the fingerprint string at login and for unknown host keys. If this flag is set to -.Dq no , +.Cm no +(the default), no fingerprint strings are printed at login and only the fingerprint string will be printed for unknown host keys. -The default is -.Dq no . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1 @@ -1823,7 +1671,7 @@ or .Sq ?\& (a wildcard that matches exactly one character). For example, to specify a set of declarations for any host in the -.Dq .co.uk +.Qq .co.uk set of domains, the following pattern could be used: .Pp @@ -1843,11 +1691,63 @@ by preceding them with an exclamation mark For example, to allow a key to be used from anywhere within an organization except from the -.Dq dialup +.Qq dialup pool, the following entry (in authorized_keys) could be used: .Pp .Dl from=\&"!*.dialup.example.com,*.example.com\&" +.Sh TOKENS +Arguments to some keywords can make use of tokens, +which are expanded at runtime: +.Pp +.Bl -tag -width XXXX -offset indent -compact +.It %% +A literal +.Sq % . +.It \&%C +Shorthand for %l%h%p%r. +.It %d +Local user's home directory. +.It %h +The remote hostname. +.It %i +The local user ID. +.It %L +The local hostname. +.It %l +The local hostname, including the domain name. +.It %n +The original remote hostname, as given on the command line. +.It %p +The remote port. +.It %r +The remote username. +.It %u +The local username. +.El +.Pp +.Cm Match exec +accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. +.Pp +.Cm CertificateFile +accepts the tokens %%, %d, %h, %l, %r, and %u. +.Pp +.Cm ControlPath +accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. +.Pp +.Cm HostName +accepts the tokens %% and %h. +.Pp +.Cm IdentityAgent +and +.Cm IdentityFile +accept the tokens %%, %d, %h, %l, %r, and %u. +.Pp +.Cm LocalCommand +accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. +.Pp +.Cm ProxyCommand +accepts the tokens %%, %h, %p, and %r. .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/config @@ -1866,11 +1766,15 @@ This file must be world-readable. .Sh SEE ALSO .Xr ssh 1 .Sh AUTHORS +.An -nosplit OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song +ssh 1.2.12 release by +.An Tatu Ylonen . +.An Aaron Campbell , Bob Beck , Markus Friedl , +.An Niels Provos , Theo de Raadt +and +.An Dug Song removed many bugs, re-added newer features and created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. +.An Markus Friedl +contributed the support for SSH protocol versions 1.5 and 2.0. diff --git a/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c b/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c index c80d7110f8cd..615505f9481b 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c +++ b/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: sshbuf-getput-basic.c,v 1.5 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sshbuf-getput-basic.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include diff --git a/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c b/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c index 77690d292065..25c774f20cff 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c +++ b/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: sshbuf-getput-crypto.c,v 1.6 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sshbuf-getput-crypto.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/sshbuf-misc.c b/crypto/external/bsd/openssh/dist/sshbuf-misc.c index d9a01be95741..45a79d9ad4c3 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf-misc.c +++ b/crypto/external/bsd/openssh/dist/sshbuf-misc.c @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: sshbuf-misc.c,v 1.6 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sshbuf-misc.c,v 1.7 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/sshbuf.c b/crypto/external/bsd/openssh/dist/sshbuf.c index 1c14a3abf4bc..6e4248240b00 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf.c +++ b/crypto/external/bsd/openssh/dist/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.6 2016/01/12 23:42:54 djm Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.8 2016/11/25 23:22:04 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -15,9 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: sshbuf.c,v 1.5 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: sshbuf.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); -#include /* roundup */ #include #include #include @@ -27,6 +26,7 @@ __RCSID("$NetBSD: sshbuf.c,v 1.5 2016/03/11 01:55:00 christos Exp $"); #include "ssherr.h" #define SSHBUF_INTERNAL #include "sshbuf.h" +#include "misc.h" static inline int sshbuf_check_sanity(const struct sshbuf *buf) @@ -250,7 +250,7 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) if (buf->size < SSHBUF_SIZE_INIT) rlen = SSHBUF_SIZE_INIT; else - rlen = roundup(buf->size, SSHBUF_SIZE_INC); + rlen = ROUNDUP(buf->size, SSHBUF_SIZE_INC); if (rlen > max_size) rlen = max_size; explicit_bzero(buf->d + buf->size, buf->alloc - buf->size); @@ -316,16 +316,13 @@ sshbuf_check_reserve(const struct sshbuf *buf, size_t len) } int -sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) +sshbuf_allocate(struct sshbuf *buf, size_t len) { size_t rlen, need; u_char *dp; int r; - if (dpp != NULL) - *dpp = NULL; - - SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); + SSHBUF_DBG(("allocate buf = %p len = %zu", buf, len)); if ((r = sshbuf_check_reserve(buf, len)) != 0) return r; /* @@ -333,36 +330,49 @@ sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) * then pack the buffer, zeroing buf->off. */ sshbuf_maybe_pack(buf, buf->size + len > buf->max_size); - SSHBUF_TELL("reserve"); - if (len + buf->size > buf->alloc) { - /* - * Prefer to alloc in SSHBUF_SIZE_INC units, but - * allocate less if doing so would overflow max_size. - */ - need = len + buf->size - buf->alloc; - rlen = roundup(buf->alloc + need, SSHBUF_SIZE_INC); - SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); - if (rlen > buf->max_size) - rlen = buf->alloc + need; - SSHBUF_DBG(("adjusted rlen %zu", rlen)); - if ((dp = realloc(buf->d, rlen)) == NULL) { - SSHBUF_DBG(("realloc fail")); - if (dpp != NULL) - *dpp = NULL; - return SSH_ERR_ALLOC_FAIL; - } - buf->alloc = rlen; - buf->cd = buf->d = dp; - if ((r = sshbuf_check_reserve(buf, len)) < 0) { - /* shouldn't fail */ - if (dpp != NULL) - *dpp = NULL; - return r; - } + SSHBUF_TELL("allocate"); + if (len + buf->size <= buf->alloc) + return 0; /* already have it. */ + + /* + * Prefer to alloc in SSHBUF_SIZE_INC units, but + * allocate less if doing so would overflow max_size. + */ + need = len + buf->size - buf->alloc; + rlen = ROUNDUP(buf->alloc + need, SSHBUF_SIZE_INC); + SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); + if (rlen > buf->max_size) + rlen = buf->alloc + need; + SSHBUF_DBG(("adjusted rlen %zu", rlen)); + if ((dp = realloc(buf->d, rlen)) == NULL) { + SSHBUF_DBG(("realloc fail")); + return SSH_ERR_ALLOC_FAIL; } + buf->alloc = rlen; + buf->cd = buf->d = dp; + if ((r = sshbuf_check_reserve(buf, len)) < 0) { + /* shouldn't fail */ + return r; + } + SSHBUF_TELL("done"); + return 0; +} + +int +sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) +{ + u_char *dp; + int r; + + if (dpp != NULL) + *dpp = NULL; + + SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); + if ((r = sshbuf_allocate(buf, len)) != 0) + return r; + dp = buf->d + buf->size; buf->size += len; - SSHBUF_TELL("done"); if (dpp != NULL) *dpp = dp; return 0; diff --git a/crypto/external/bsd/openssh/dist/sshbuf.h b/crypto/external/bsd/openssh/dist/sshbuf.h index fc6f27324292..9761f107f0b9 100644 --- a/crypto/external/bsd/openssh/dist/sshbuf.h +++ b/crypto/external/bsd/openssh/dist/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.7 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.8 2016/11/25 23:22:04 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -134,6 +134,14 @@ u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); */ int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); +/* + * Preallocates len additional bytes in buf. + * Useful for cases where the caller knows how many bytes will ultimately be + * required to avoid realloc in the buffer code. + * Returns 0 on success, or a negative SSH_ERR_* error code on failure. + */ +int sshbuf_allocate(struct sshbuf *buf, size_t len); + /* * Reserve len bytes in buf. * Returns 0 on success and a pointer to the first reserved byte via the diff --git a/crypto/external/bsd/openssh/dist/sshconnect.c b/crypto/external/bsd/openssh/dist/sshconnect.c index 20d4aba0fe8f..d9f60487de12 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect.c +++ b/crypto/external/bsd/openssh/dist/sshconnect.c @@ -1,5 +1,5 @@ -/* $NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $ */ -/* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */ +/* $NetBSD: sshconnect.c,v 1.18 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -16,7 +16,8 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $"); +__RCSID("$NetBSD: sshconnect.c,v 1.18 2016/12/25 00:07:47 christos Exp $"); + #include /* roundup */ #include #include @@ -1414,7 +1415,7 @@ ssh_put_password(char *password) packet_put_cstring(password); return; } - size = roundup(strlen(password) + 1, 32); + size = ROUNDUP(strlen(password) + 1, 32); padded = xcalloc(1, size); strlcpy(padded, password, size); packet_put_string(padded, size); diff --git a/crypto/external/bsd/openssh/dist/sshconnect.h b/crypto/external/bsd/openssh/dist/sshconnect.h index 3d6667a155c0..b9026cf38493 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect.h +++ b/crypto/external/bsd/openssh/dist/sshconnect.h @@ -1,4 +1,4 @@ -/* $NetBSD: sshconnect.h,v 1.7 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: sshconnect.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sshconnect.h,v 1.29 2015/11/15 22:26:49 jcs Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sshconnect1.c b/crypto/external/bsd/openssh/dist/sshconnect1.c index bbaa260acd47..e82a0c551330 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect1.c +++ b/crypto/external/bsd/openssh/dist/sshconnect1.c @@ -1,5 +1,5 @@ -/* $NetBSD: sshconnect1.c,v 1.8 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: sshconnect1.c,v 1.78 2015/11/15 22:26:49 jcs Exp $ */ +/* $NetBSD: sshconnect1.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ /* * Author: Tatu Ylonen @@ -16,7 +16,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect1.c,v 1.8 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sshconnect1.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -973,7 +973,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr) u_char cookie[8]; u_int supported_ciphers; u_int server_flags, client_flags; - u_int32_t rnd = 0; debug("Waiting for server public key."); @@ -1032,12 +1031,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) * random number, interpreted as a 32-byte key, with the least * significant 8 bits being the first byte of the key. */ - for (i = 0; i < 32; i++) { - if (i % 4 == 0) - rnd = arc4random(); - session_key[i] = rnd & 0xff; - rnd >>= 8; - } + arc4random_buf(session_key, sizeof(session_key)); /* * According to the protocol spec, the first byte of the session key diff --git a/crypto/external/bsd/openssh/dist/sshconnect2.c b/crypto/external/bsd/openssh/dist/sshconnect2.c index b053bf5bc069..c2dd4ecd5861 100644 --- a/crypto/external/bsd/openssh/dist/sshconnect2.c +++ b/crypto/external/bsd/openssh/dist/sshconnect2.c @@ -1,5 +1,6 @@ -/* $NetBSD: sshconnect2.c,v 1.26 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: sshconnect2.c,v 1.247 2016/07/22 05:46:11 dtucker Exp $ */ +/* $NetBSD: sshconnect2.c,v 1.27 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */ + /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -26,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect2.c,v 1.26 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sshconnect2.c,v 1.27 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -325,6 +326,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); +static void pubkey_reset(Authctxt *); static Key *load_identity_file(Identity *); static Authmethod *authmethod_get(char *authlist); @@ -431,6 +433,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); } } + if (!authctxt.success) + fatal("Authentication failed."); + debug("Authentication succeeded (%s).", authctxt.method->name); } @@ -585,8 +590,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) if (partial != 0) { verbose("Authenticated with partial success."); /* reset state */ - pubkey_cleanup(authctxt); - pubkey_prepare(authctxt); + pubkey_reset(authctxt); } debug("Authentications that can continue: %s", authlist); @@ -1441,6 +1445,15 @@ pubkey_cleanup(Authctxt *authctxt) } } +static void +pubkey_reset(Authctxt *authctxt) +{ + Identity *id; + + TAILQ_FOREACH(id, &authctxt->keys, next) + id->tried = 0; +} + static int try_identity(Identity *id) { @@ -1489,6 +1502,7 @@ userauth_pubkey(Authctxt *authctxt) } key_free(id->key); id->key = NULL; + id->isprivate = 0; } } if (sent) diff --git a/crypto/external/bsd/openssh/dist/sshd.8 b/crypto/external/bsd/openssh/dist/sshd.8 index 56ba8f5a85bd..aa3cb2990516 100644 --- a/crypto/external/bsd/openssh/dist/sshd.8 +++ b/crypto/external/bsd/openssh/dist/sshd.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: sshd.8,v 1.16 2016/03/11 01:55:00 christos Exp $ +.\" $NetBSD: sshd.8,v 1.17 2016/12/25 00:07:47 christos Exp $ .\" -*- nroff -*- .\" .\" Author: Tatu Ylonen @@ -35,8 +35,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ -.Dd February 17 2016 +.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ +.Dd November 30 2016 .Dt SSHD 8 .Os .Sh NAME @@ -46,14 +46,12 @@ .Nm sshd .Bk -words .Op Fl 46DdeiqTt -.Op Fl b Ar bits .Op Fl C Ar connection_spec .Op Fl c Ar host_certificate_file .Op Fl E Ar log_file .Op Fl f Ar config_file .Op Fl g Ar login_grace_time .Op Fl h Ar host_key_file -.Op Fl k Ar key_gen_time .Op Fl o Ar option .Op Fl p Ar port .Op Fl u Ar len @@ -98,9 +96,6 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. -.It Fl b Ar bits -Specifies the number of bits in the ephemeral protocol version 1 -server key (default 1024). .It Fl C Ar connection_spec Specify the connection parameters to use for the .Fl T @@ -171,36 +166,18 @@ This option must be given if is not run as root (as the normal host key files are normally not readable by anyone but root). The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and .Pa /etc/ssh/ssh_host_dsa_key , -.Pa /etc/ssh/ssh_host_ecdsa_key . +.Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and -.Pa /etc/ssh/ssh_host_rsa_key -for protocol version 2. +.Pa /etc/ssh/ssh_host_rsa_key . It is possible to have multiple host key files for -the different protocol versions and host key algorithms. +the different host key algorithms. .It Fl i Specifies that .Nm is being run from .Xr inetd 8 . -If SSH protocol 1 is enabled, -.Nm -should not normally be run -from inetd because it needs to generate the server key before it can -respond to the client, and this may take some time. -Clients may have to wait too long if the key was regenerated every time. -.It Fl k Ar key_gen_time -Specifies how often the ephemeral protocol version 1 server key is -regenerated (default 3600 seconds, or one hour). -The motivation for regenerating the key fairly -often is that the key is not stored anywhere, and after about an hour -it becomes impossible to recover the key for decrypting intercepted -communications even if the machine is cracked into or physically -seized. -A value of zero indicates that the key will never be regenerated. .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate @@ -259,8 +236,7 @@ may also be used to prevent from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include -.Cm RhostsRSAAuthentication , -.Cm HostbasedAuthentication , +.Cm HostbasedAuthentication and using a .Cm from="pattern-list" option in a key file. @@ -271,42 +247,14 @@ or .Cm DenyUsers . .El .Sh AUTHENTICATION -The OpenSSH SSH daemon supports SSH protocols 1 and 2. -The default is to use protocol 2 only, -though this can be changed via the -.Cm Protocol -option in -.Xr sshd_config 5 . -Protocol 1 should not be used -and is only offered to support legacy devices. -.Pp +The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a host-specific key, used to identify the host. -Partial forward security for protocol 1 is provided through -an additional server key, -normally 1024 bits, -generated when the server starts. -This key is normally regenerated every hour if it has been used, and -is never stored on disk. Whenever a client connects, the daemon responds with its public -host and server keys. +host key. The client compares the -RSA host key against its own database to verify that it has not changed. -The client then generates a 256-bit random number. -It encrypts this -random number using both the host key and the server key, and sends -the encrypted number to the server. -Both sides then use this -random number as a session key which is used to encrypt all further -communications in the session. -The rest of the session is encrypted -using a conventional cipher, currently Blowfish or 3DES, with 3DES -being used by default. -The client selects the encryption algorithm -to use from those offered by the server. -.Pp -For protocol 2, -forward security is provided through a Diffie-Hellman key agreement. +host key against its own database to verify that it has not changed. +Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. The rest of the session is encrypted using a symmetric cipher, currently 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. @@ -452,32 +400,25 @@ key (empty lines and lines starting with a .Ql # are ignored as comments). -Protocol 1 public keys consist of the following space-separated fields: -options, bits, exponent, modulus, comment. -Protocol 2 public key consist of: +Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. -The options field is optional; -its presence is determined by whether the line starts -with a number or not (the options field never starts with a number). -The bits, exponent, modulus, and comment fields give the RSA key for -protocol version 1; the -comment field is not used for anything (but may be convenient for the -user to identify the key). -For protocol version 2 the keytype is +The options field is optional. +The keytype is .Dq ecdsa-sha2-nistp256 , .Dq ecdsa-sha2-nistp384 , .Dq ecdsa-sha2-nistp521 , .Dq ssh-ed25519 , .Dq ssh-dss or -.Dq ssh-rsa . +.Dq ssh-rsa ; +the comment field is not used for anything (but may be convenient for the +user to identify the key). .Pp -Note that lines in this file are usually several hundred bytes long +Note that lines in this file can be several hundred bytes long (because of the size of the public key encoding) up to a limit of 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits. You don't want to type them in; instead, copy the -.Pa identity.pub , .Pa id_dsa.pub , .Pa id_ecdsa.pub , .Pa id_ed25519.pub , @@ -486,8 +427,7 @@ or the file and edit it. .Pp .Nm -enforces a minimum RSA key modulus size for protocol 1 -and protocol 2 keys of 768 bits. +enforces a minimum RSA key modulus size of 768 bits. .Pp The options (if present) consist of comma-separated option specifications. @@ -516,19 +456,27 @@ If an 8-bit clean channel is required, one must not request a pty or should specify .Cm no-pty . A quote may be included in the command by quoting it with a backslash. +.Pp This option might be useful to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 -forwarding unless they are explicitly prohibited. +forwarding unless they are explicitly prohibited, e.g. using the +.Cm restrict +key option. +.Pp The command originally supplied by the client is available in the .Ev SSH_ORIGINAL_COMMAND environment variable. Note that this option applies to shell, command or subsystem execution. -Also note that this command may be superseded by either a +Also note that this command may be superseded by a .Xr sshd_config 5 .Cm ForceCommand -directive or a command embedded in a certificate. +directive. +.Pp +If a command is specified and a forced-command is embedded in a certificate +used for authentication, then the certificate will be accepted only if the +two commands are identical. .It Cm environment="NAME=value" Specifies that the string is to be added to the environment when logging in using this key. @@ -539,9 +487,6 @@ Environment processing is disabled by default and is controlled via the .Cm PermitUserEnvironment option. -This option is automatically disabled if -.Cm UseLogin -is enabled. .It Cm from="pattern-list" Specifies that in addition to public key authentication, either the canonical name of the remote host or its IP address must be present in the @@ -665,7 +610,7 @@ maintained automatically: whenever the user connects from an unknown host, its key is added to the per-user file. .Pp Each line in these files contains the following fields: markers (optional), -hostnames, bits, exponent, modulus, comment. +hostnames, keytype, base64-encoded key, comment. The fields are separated by spaces. .Pp The marker is optional, but if it is present then it must be one of @@ -706,9 +651,9 @@ character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied. .Pp -Bits, exponent, and modulus are taken directly from the RSA host key; they +The keytype and base64-encoded key are taken directly from the host key; they can be obtained, for example, from -.Pa /etc/ssh/ssh_host_key.pub . +.Pa /etc/ssh/ssh_host_rsa_key.pub . The optional comment field continues to the end of the line, and is not used. .Pp Lines starting with @@ -747,8 +692,8 @@ Note that the lines in these files are typically hundreds of characters long, and you definitely don't want to type in the host keys by hand. Rather, generate them by a script, .Xr ssh-keyscan 1 -or by taking -.Pa /etc/ssh/ssh_host_key.pub +or by taking, for example, +.Pa /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the front. .Xr ssh-keygen 1 also offers some basic automated editing for @@ -887,7 +832,6 @@ This file is used in exactly the same way as but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_ed25519_key @@ -899,7 +843,6 @@ Note that .Nm does not start if these files are group/world-accessible. .Pp -.It Pa /etc/ssh/ssh_host_key.pub .It Pa /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_ed25519_key.pub diff --git a/crypto/external/bsd/openssh/dist/sshd.c b/crypto/external/bsd/openssh/dist/sshd.c index 1ddd44d87f76..466bc8dbf0c4 100644 --- a/crypto/external/bsd/openssh/dist/sshd.c +++ b/crypto/external/bsd/openssh/dist/sshd.c @@ -1,5 +1,6 @@ -/* $NetBSD: sshd.c,v 1.25 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: sshd.c,v 1.470 2016/05/24 04:43:45 dtucker Exp $ */ +/* $NetBSD: sshd.c,v 1.26 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sshd.c,v 1.480 2016/12/09 03:04:29 djm Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,7 +45,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshd.c,v 1.25 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sshd.c,v 1.26 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -73,7 +74,6 @@ __RCSID("$NetBSD: sshd.c,v 1.25 2016/08/02 13:45:12 christos Exp $"); #include "xmalloc.h" #include "ssh.h" -#include "ssh1.h" #include "ssh2.h" #include "rsa.h" #include "sshpty.h" @@ -102,7 +102,6 @@ __RCSID("$NetBSD: sshd.c,v 1.25 2016/08/02 13:45:12 christos Exp $"); #include "dispatch.h" #include "channels.h" #include "session.h" -#include "monitor_mm.h" #include "monitor.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -125,12 +124,8 @@ int deny_severity = LOG_WARNING; #include "ldapauth.h" #endif -#ifndef O_NOCTTY -#define O_NOCTTY 0 -#endif - #ifndef HOST_NAME_MAX -#define HOST_NAME_MAX MAXHOSTNAMELEN +#define HOST_NAME_MAX MAXHOSTNAMELEN #endif /* Re-exec fds */ @@ -204,22 +199,12 @@ int have_agent = 0; * not very useful. Currently, memory locking is not implemented. */ struct { - Key *server_key; /* ephemeral server key */ - Key *ssh1_host_key; /* ssh1 host key */ Key **host_keys; /* all private host keys */ Key **host_pubkeys; /* all public host keys */ Key **host_certificates; /* all public host certificates */ - int have_ssh1_key; int have_ssh2_key; - u_char ssh1_cookie[SSH_SESSION_KEY_LENGTH]; } sensitive_data; -/* - * Flag indicating whether the RSA server key needs to be regenerated. - * Is set in the SIGALRM handler and cleared when the key is regenerated. - */ -static volatile sig_atomic_t key_do_regen = 0; - /* This is set to true when a signal is received. */ static volatile sig_atomic_t received_sighup = 0; static volatile sig_atomic_t received_sigterm = 0; @@ -255,10 +240,6 @@ Buffer loginmsg; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); - -#ifdef WITH_SSH1 -static void do_ssh1_kex(void); -#endif static void do_ssh2_kex(void); /* @@ -310,6 +291,8 @@ __dead static void sighup_restart(void) { logit("Received SIGHUP; restarting."); + if (options.pid_file != NULL) + unlink(options.pid_file); close_listen_socks(); close_startup_pipes(); alarm(0); /* alarm timer persists across exec */ @@ -375,65 +358,18 @@ grace_alarm_handler(int sig) ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); } -/* - * Signal handler for the key regeneration alarm. Note that this - * alarm only occurs in the daemon waiting for connections, and it does not - * do anything with the private key or random state before forking. - * Thus there should be no concurrency control/asynchronous execution - * problems. - */ -static void -generate_ephemeral_server_key(void) -{ - verbose("Generating %s%d bit RSA key.", - sensitive_data.server_key ? "new " : "", options.server_key_bits); - if (sensitive_data.server_key != NULL) - key_free(sensitive_data.server_key); - sensitive_data.server_key = key_generate(KEY_RSA1, - options.server_key_bits); - verbose("RSA key generation complete."); - - arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); -} - -/*ARGSUSED*/ -static void -key_regeneration_alarm(int sig) -{ - int save_errno = errno; - - signal(SIGALRM, SIG_DFL); - errno = save_errno; - key_do_regen = 1; -} - static void sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) { u_int i; - int mismatch; int remote_major, remote_minor; - int major, minor; char *s; const char *newline = "\n"; char buf[256]; /* Must not be larger than remote_version. */ char remote_version[256]; /* Must be at least as big as buf. */ - if ((options.protocol & SSH_PROTO_1) && - (options.protocol & SSH_PROTO_2)) { - major = PROTOCOL_MAJOR_1; - minor = 99; - } else if (options.protocol & SSH_PROTO_2) { - major = PROTOCOL_MAJOR_2; - minor = PROTOCOL_MINOR_2; - newline = "\r\n"; - } else { - major = PROTOCOL_MAJOR_1; - minor = PROTOCOL_MINOR_1; - } - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", - major, minor, SSH_RELEASE, + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, *options.version_addendum == '\0' ? "" : " ", options.version_addendum, newline); @@ -515,42 +451,13 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) "refusing connection", remote_version); } - mismatch = 0; - switch (remote_major) { - case 1: - if (remote_minor == 99) { - if (options.protocol & SSH_PROTO_2) - enable_compat20(); - else - mismatch = 1; - break; - } - if (!(options.protocol & SSH_PROTO_1)) { - mismatch = 1; - break; - } - if (remote_minor < 3) { - packet_disconnect("Your ssh version is too old and " - "is no longer supported. Please install a newer version."); - } else if (remote_minor == 3) { - /* note that this disables agent-forwarding */ - enable_compat13(); - } - break; - case 2: - if (options.protocol & SSH_PROTO_2) { - enable_compat20(); - break; - } - /* FALLTHROUGH */ - default: - mismatch = 1; - break; - } chop(server_version_string); debug("Local version string %.200s", server_version_string); - if (mismatch) { + if (remote_major == 2 || + (remote_major == 1 && remote_minor == 99)) { + enable_compat20(); + } else { s = __UNCONST("Protocol major versions differ.\n"); (void) atomicio(vwrite, sock_out, s, strlen(s)); close(sock_in); @@ -569,10 +476,6 @@ destroy_sensitive_data(void) { int i; - if (sensitive_data.server_key) { - key_free(sensitive_data.server_key); - sensitive_data.server_key = NULL; - } for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { key_free(sensitive_data.host_keys[i]); @@ -583,8 +486,6 @@ destroy_sensitive_data(void) sensitive_data.host_certificates[i] = NULL; } } - sensitive_data.ssh1_host_key = NULL; - explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); } /* Demote private to public keys for network child */ @@ -594,24 +495,14 @@ demote_sensitive_data(void) Key *tmp; int i; - if (sensitive_data.server_key) { - tmp = key_demote(sensitive_data.server_key); - key_free(sensitive_data.server_key); - sensitive_data.server_key = tmp; - } - for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { tmp = key_demote(sensitive_data.host_keys[i]); key_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = tmp; - if (tmp->type == KEY_RSA1) - sensitive_data.ssh1_host_key = tmp; } /* Certs do not need demotion */ } - - /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ } static void @@ -693,9 +584,6 @@ privsep_preauth(Authctxt *authctxt) ssh_sandbox_parent_preauth(box, pid); monitor_child_preauth(authctxt, pmonitor); - /* Sync memory */ - monitor_sync(pmonitor); - /* Wait for the child's exit status */ while (waitpid(pid, &status, 0) < 0) { if (errno == EINTR) @@ -735,7 +623,7 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { - if (authctxt->pw->pw_uid == 0 || options.use_login) { + if (authctxt->pw->pw_uid == 0) { /* File descriptor passing is broken or root login */ use_privsep = 0; goto skip; @@ -792,7 +680,7 @@ list_hostkey_types(void) key = sensitive_data.host_keys[i]; if (key == NULL) key = sensitive_data.host_pubkeys[i]; - if (key == NULL || key->type == KEY_RSA1) + if (key == NULL) continue; /* Check that the key is accepted in HostkeyAlgorithms */ if (match_pattern_list(sshkey_ssh_name(key), @@ -941,7 +829,7 @@ notify_hostkeys(struct ssh *ssh) for (i = nkeys = 0; i < options.num_host_key_files; i++) { key = get_hostkey_public_by_index(i, ssh); if (key == NULL || key->type == KEY_UNSPEC || - key->type == KEY_RSA1 || sshkey_is_cert(key)) + sshkey_is_cert(key)) continue; fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); @@ -1007,10 +895,9 @@ usage(void) #endif ); fprintf(stderr, -"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" +"usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n" " [-E log_file] [-f config_file] [-g login_grace_time]\n" -" [-h host_key_file] [-k key_gen_time] [-o option] [-p port]\n" -" [-u len]\n" +" [-h host_key_file] [-o option] [-p port] [-u len]\n" ); exit(1); } @@ -1027,41 +914,11 @@ send_rexec_state(int fd, struct sshbuf *conf) /* * Protocol from reexec master to child: * string configuration - * u_int ephemeral_key_follows - * bignum e (only if ephemeral_key_follows == 1) - * bignum n " - * bignum d " - * bignum iqmp " - * bignum p " - * bignum q " */ if ((m = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); if ((r = sshbuf_put_stringb(m, conf)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - -#ifdef WITH_SSH1 - if (sensitive_data.server_key != NULL && - sensitive_data.server_key->type == KEY_RSA1) { - if ((r = sshbuf_put_u32(m, 1)) != 0 || - (r = sshbuf_put_bignum1(m, - sensitive_data.server_key->rsa->e)) != 0 || - (r = sshbuf_put_bignum1(m, - sensitive_data.server_key->rsa->n)) != 0 || - (r = sshbuf_put_bignum1(m, - sensitive_data.server_key->rsa->d)) != 0 || - (r = sshbuf_put_bignum1(m, - sensitive_data.server_key->rsa->iqmp)) != 0 || - (r = sshbuf_put_bignum1(m, - sensitive_data.server_key->rsa->p)) != 0 || - (r = sshbuf_put_bignum1(m, - sensitive_data.server_key->rsa->q)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - } else -#endif - if ((r = sshbuf_put_u32(m, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (ssh_msg_send(fd, 0, m) == -1) fatal("%s: ssh_msg_send failed", __func__); @@ -1091,23 +948,6 @@ recv_rexec_state(int fd, Buffer *conf) buffer_append(conf, cp, len); free(cp); - if (buffer_get_int(&m)) { -#ifdef WITH_SSH1 - if (sensitive_data.server_key != NULL) - key_free(sensitive_data.server_key); - sensitive_data.server_key = key_new_private(KEY_RSA1); - buffer_get_bignum(&m, sensitive_data.server_key->rsa->e); - buffer_get_bignum(&m, sensitive_data.server_key->rsa->n); - buffer_get_bignum(&m, sensitive_data.server_key->rsa->d); - buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp); - buffer_get_bignum(&m, sensitive_data.server_key->rsa->p); - buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); - if (rsa_generate_additional_parameters( - sensitive_data.server_key->rsa) != 0) - fatal("%s: rsa_generate_additional_parameters " - "error", __func__); -#endif - } buffer_free(&m); debug3("%s: done", __func__); @@ -1230,7 +1070,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) { fd_set *fdset; int i, j, ret, maxfd; - int key_used = 0, startups = 0; + int startups = 0; int startup_p[2] = { -1 , -1 }; struct sockaddr_storage from; socklen_t fromlen; @@ -1277,11 +1117,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) unlink(options.pid_file); exit(received_sigterm == SIGTERM ? 0 : 255); } - if (key_used && key_do_regen) { - generate_ephemeral_server_key(); - key_used = 0; - key_do_regen = 0; - } if (ret < 0) continue; @@ -1318,7 +1153,15 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) continue; } if (drop_connection(startups) == 1) { - debug("drop connection #%d", startups); + char *laddr = get_local_ipaddr(*newsock); + char *raddr = get_peer_ipaddr(*newsock); + + verbose("drop connection #%d from [%s]:%d " + "on [%s]:%d past MaxStartups", startups, + raddr, get_peer_port(*newsock), + laddr, get_local_port(*newsock)); + free(laddr); + free(raddr); close(*newsock); continue; } @@ -1413,19 +1256,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) close(config_s[0]); close(config_s[1]); } - - /* - * Mark that the key has been used (it - * was "given" to the child). - */ - if ((options.protocol & SSH_PROTO_1) && - key_used == 0) { - /* Schedule server key regeneration alarm. */ - signal(SIGALRM, key_regeneration_alarm); - alarm(options.key_regeneration_time); - key_used = 1; - } - close(*newsock); } @@ -1455,6 +1285,7 @@ check_ip_options(struct ssh *ssh) #ifdef IP_OPTIONS socklen_t option_size, i; u_char opts[200]; + socklen_t i, option_size = sizeof(opts), fromlen = sizeof(from); char text[sizeof(opts) * 3 + 1]; #endif @@ -1488,7 +1319,7 @@ main(int ac, char **av) struct ssh *ssh = NULL; extern char *optarg; extern int optind; - int r, opt, i, j, on = 1; + int r, opt, i, j, on = 1, already_daemon; int sock_in = -1, sock_out = -1, newsock = -1; const char *remote_ip; int remote_port; @@ -1568,8 +1399,7 @@ main(int ac, char **av) options.log_level = SYSLOG_LEVEL_QUIET; break; case 'b': - options.server_key_bits = (int)strtonum(optarg, 256, - 32768, NULL); + /* protocol 1, ignored */ break; case 'p': options.ports_from_cmdline = 1; @@ -1590,10 +1420,7 @@ main(int ac, char **av) } break; case 'k': - if ((options.key_regeneration_time = convtime(optarg)) == -1) { - fprintf(stderr, "Invalid key regeneration interval.\n"); - exit(1); - } + /* protocol 1, ignored */ break; case 'h': if (options.num_host_key_files >= MAX_HOSTKEYS) { @@ -1663,9 +1490,6 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); - sensitive_data.server_key = NULL; - sensitive_data.ssh1_host_key = NULL; - sensitive_data.have_ssh1_key = 0; sensitive_data.have_ssh2_key = 0; /* @@ -1716,9 +1540,6 @@ main(int ac, char **av) * and warns for trivial misconfigurations that could break login. */ if (options.num_auth_methods != 0) { - if ((options.protocol & SSH_PROTO_1)) - fatal("AuthenticationMethods is not supported with " - "SSH protocol 1"); for (n = 0; n < options.num_auth_methods; n++) { if (auth2_methods_valid(options.auth_methods[n], 1) == 0) @@ -1783,8 +1604,7 @@ main(int ac, char **av) sensitive_data.host_keys[i] = key; sensitive_data.host_pubkeys[i] = pubkey; - if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 && - have_agent) { + if (key == NULL && pubkey != NULL && have_agent) { debug("will rely on agent for hostkey %s", options.host_key_files[i]); keytype = pubkey->type; @@ -1799,10 +1619,6 @@ main(int ac, char **av) } switch (keytype) { - case KEY_RSA1: - sensitive_data.ssh1_host_key = key; - sensitive_data.have_ssh1_key = 1; - break; case KEY_RSA: case KEY_DSA: case KEY_ECDSA: @@ -1815,19 +1631,10 @@ main(int ac, char **av) SSH_FP_DEFAULT)) == NULL) fatal("sshkey_fingerprint failed"); debug("%s host key #%d: %s %s", - key ? "private" : "agent", i, keytype == KEY_RSA1 ? - sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp); + key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); free(fp); } - if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { - logit("Disabling protocol version 1. Could not load host key"); - options.protocol &= ~SSH_PROTO_1; - } - if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { - logit("Disabling protocol version 2. Could not load host key"); - options.protocol &= ~SSH_PROTO_2; - } - if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { + if (!sensitive_data.have_ssh2_key) { logit("sshd: no hostkeys available -- exiting."); exit(1); } @@ -1875,33 +1682,6 @@ main(int ac, char **av) key_type(key)); } -#ifdef WITH_SSH1 - /* Check certain values for sanity. */ - if (options.protocol & SSH_PROTO_1) { - if (options.server_key_bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - options.server_key_bits > OPENSSL_RSA_MAX_MODULUS_BITS) { - fprintf(stderr, "Bad server key size.\n"); - exit(1); - } - /* - * Check that server and host key lengths differ sufficiently. This - * is necessary to make double encryption work with rsaref. Oh, I - * hate software patents. I dont know if this can go? Niels - */ - if (options.server_key_bits > - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - - SSH_KEY_BITS_RESERVED && options.server_key_bits < - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + - SSH_KEY_BITS_RESERVED) { - options.server_key_bits = - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + - SSH_KEY_BITS_RESERVED; - debug("Forcing server key to %d bits to make it differ from host key.", - options.server_key_bits); - } - } -#endif - if (use_privsep) { struct stat st; @@ -1947,22 +1727,17 @@ main(int ac, char **av) log_init(__progname, options.log_level, options.log_facility, log_stderr); /* - * If not in debugging mode, and not started from inetd, disconnect - * from the controlling terminal, and fork. The original process - * exits. + * If not in debugging mode, not started from inetd and not already + * daemonized (eg re-exec via SIGHUP), disconnect from the controlling + * terminal, and fork. The original process exits. */ - if (!(debug_flag || inetd_flag || no_daemon_flag)) { - int fd; + already_daemon = daemonized(); + if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) { if (daemon(0, 0) < 0) fatal("daemon() failed: %.200s", strerror(errno)); - /* Disconnect from the controlling tty. */ - fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); - if (fd >= 0) { - (void) ioctl(fd, TIOCNOTTY, NULL); - close(fd); - } + disconnect_controlling_tty(); } /* Reinitialize the log (because of the fork above). */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -1981,9 +1756,6 @@ main(int ac, char **av) } else { server_listen(); - if (options.protocol & SSH_PROTO_1) - generate_ephemeral_server_key(); - signal(SIGHUP, sighup_handler); signal(SIGCHLD, main_sigchld_handler); signal(SIGTERM, sigterm_handler); @@ -2141,11 +1913,6 @@ main(int ac, char **av) alarm(options.login_grace_time); sshd_exchange_identification(ssh, sock_in, sock_out); - - /* In inetd mode, generate ephemeral key only for proto 1 connections */ - if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) - generate_ephemeral_server_key(); - packet_set_nonblocking(); /* allocate authentication context */ @@ -2161,7 +1928,7 @@ main(int ac, char **av) if (use_privsep) { if (privsep_preauth(authctxt) == 1) goto authenticated; - } else if (compat20 && have_agent) { + } else if (have_agent) { if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { error("Unable to get agent socket: %s", ssh_err(r)); have_agent = 0; @@ -2170,17 +1937,9 @@ main(int ac, char **av) /* perform the key exchange */ /* authenticate user and start session */ - if (compat20) { - do_ssh2_kex(); - do_authentication2(authctxt); - } else { -#ifdef WITH_SSH1 - do_ssh1_kex(); - do_authentication(authctxt); -#else - fatal("ssh1 not supported"); -#endif - } + do_ssh2_kex(); + do_authentication2(authctxt); + /* * If we use privilege separation, the unprivileged child transfers * the current keystate and exits @@ -2217,16 +1976,13 @@ main(int ac, char **av) if (use_privsep) { privsep_postauth(authctxt); /* the monitor process [priv] will not return */ - if (!compat20) - destroy_sensitive_data(); } packet_set_timeout(options.client_alive_interval, options.client_alive_count_max); /* Try to send all our hostkeys to the client */ - if (compat20) - notify_hostkeys(active_state); + notify_hostkeys(active_state); /* Start session. */ do_authenticated(authctxt); @@ -2250,241 +2006,6 @@ main(int ac, char **av) exit(0); } -#ifdef WITH_SSH1 -/* - * Decrypt session_key_int using our private server key and private host key - * (key with larger modulus first). - */ -int -ssh1_session_key(BIGNUM *session_key_int) -{ - struct ssh *ssh = active_state; /* XXX */ - int rsafail = 0; - - if (BN_cmp(sensitive_data.server_key->rsa->n, - sensitive_data.ssh1_host_key->rsa->n) > 0) { - /* Server key has bigger modulus. */ - if (BN_num_bits(sensitive_data.server_key->rsa->n) < - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + - SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s port %d: " - "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - BN_num_bits(sensitive_data.server_key->rsa->n), - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), - SSH_KEY_BITS_RESERVED); - } - if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.server_key->rsa) != 0) - rsafail++; - if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.ssh1_host_key->rsa) != 0) - rsafail++; - } else { - /* Host key has bigger modulus (or they are equal). */ - if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < - BN_num_bits(sensitive_data.server_key->rsa->n) + - SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s port %d: " - "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), - BN_num_bits(sensitive_data.server_key->rsa->n), - SSH_KEY_BITS_RESERVED); - } - if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.ssh1_host_key->rsa) != 0) - rsafail++; - if (rsa_private_decrypt(session_key_int, session_key_int, - sensitive_data.server_key->rsa) != 0) - rsafail++; - } - return (rsafail); -} - -/* - * SSH1 key exchange - */ -static void -do_ssh1_kex(void) -{ - struct ssh *ssh = active_state; /* XXX */ - int i, len; - int rsafail = 0; - BIGNUM *session_key_int, *fake_key_int, *real_key_int; - u_char session_key[SSH_SESSION_KEY_LENGTH]; - u_char fake_key_bytes[4096 / 8]; - size_t fake_key_len; - u_char cookie[8]; - u_int cipher_type, auth_mask, protocol_flags; - - /* - * Generate check bytes that the client must send back in the user - * packet in order for it to be accepted; this is used to defy ip - * spoofing attacks. Note that this only works against somebody - * doing IP spoofing from a remote machine; any machine on the local - * network can still see outgoing packets and catch the random - * cookie. This only affects rhosts authentication, and this is one - * of the reasons why it is inherently insecure. - */ - arc4random_buf(cookie, sizeof(cookie)); - - /* - * Send our public key. We include in the packet 64 bits of random - * data that must be matched in the reply in order to prevent IP - * spoofing. - */ - packet_start(SSH_SMSG_PUBLIC_KEY); - for (i = 0; i < 8; i++) - packet_put_char(cookie[i]); - - /* Store our public server RSA key. */ - packet_put_int(BN_num_bits(sensitive_data.server_key->rsa->n)); - packet_put_bignum(sensitive_data.server_key->rsa->e); - packet_put_bignum(sensitive_data.server_key->rsa->n); - - /* Store our public host RSA key. */ - packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); - packet_put_bignum(sensitive_data.ssh1_host_key->rsa->e); - packet_put_bignum(sensitive_data.ssh1_host_key->rsa->n); - - /* Put protocol flags. */ - packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN); - - /* Declare which ciphers we support. */ - packet_put_int(cipher_mask_ssh1(0)); - - /* Declare supported authentication types. */ - auth_mask = 0; - if (options.rhosts_rsa_authentication) - auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; - if (options.rsa_authentication) - auth_mask |= 1 << SSH_AUTH_RSA; -#if defined(KRB4) || defined(KRB5) - if (options.kerberos_authentication) - auth_mask |= 1 << SSH_AUTH_KERBEROS; -#endif -#if defined(AFS) || defined(KRB5) - if (options.kerberos_tgt_passing) - auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; -#endif -#ifdef AFS - if (options.afs_token_passing) - auth_mask |= 1 << SSH_PASS_AFS_TOKEN; -#endif - if (options.challenge_response_authentication == 1) - auth_mask |= 1 << SSH_AUTH_TIS; - if (options.password_authentication) - auth_mask |= 1 << SSH_AUTH_PASSWORD; - packet_put_int(auth_mask); - - /* Send the packet and wait for it to be sent. */ - packet_send(); - packet_write_wait(); - - debug("Sent %d bit server key and %d bit host key.", - BN_num_bits(sensitive_data.server_key->rsa->n), - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); - - /* Read clients reply (cipher type and session key). */ - packet_read_expect(SSH_CMSG_SESSION_KEY); - - /* Get cipher type and check whether we accept this. */ - cipher_type = packet_get_char(); - - if (!(cipher_mask_ssh1(0) & (1 << cipher_type))) - packet_disconnect("Warning: client selects unsupported cipher."); - - /* Get check bytes from the packet. These must match those we - sent earlier with the public key packet. */ - for (i = 0; i < 8; i++) - if (cookie[i] != packet_get_char()) - packet_disconnect("IP Spoofing check bytes do not match."); - - debug("Encryption type: %.200s", cipher_name(cipher_type)); - - /* Get the encrypted integer. */ - if ((real_key_int = BN_new()) == NULL) - fatal("do_ssh1_kex: BN_new failed"); - packet_get_bignum(real_key_int); - - protocol_flags = packet_get_int(); - packet_set_protocol_flags(protocol_flags); - packet_check_eom(); - - /* Setup a fake key in case RSA decryption fails */ - if ((fake_key_int = BN_new()) == NULL) - fatal("do_ssh1_kex: BN_new failed"); - fake_key_len = BN_num_bytes(real_key_int); - if (fake_key_len > sizeof(fake_key_bytes)) - fake_key_len = sizeof(fake_key_bytes); - arc4random_buf(fake_key_bytes, fake_key_len); - if (BN_bin2bn(fake_key_bytes, fake_key_len, fake_key_int) == NULL) - fatal("do_ssh1_kex: BN_bin2bn failed"); - - /* Decrypt real_key_int using host/server keys */ - rsafail = PRIVSEP(ssh1_session_key(real_key_int)); - /* If decryption failed, use the fake key. Else, the real key. */ - if (rsafail) - session_key_int = fake_key_int; - else - session_key_int = real_key_int; - - /* - * Extract session key from the decrypted integer. The key is in the - * least significant 256 bits of the integer; the first byte of the - * key is in the highest bits. - */ - (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); - len = BN_num_bytes(session_key_int); - if (len < 0 || (u_int)len > sizeof(session_key)) { - error("%s: bad session key len from %s port %d: " - "session_key_int %d > sizeof(session_key) %lu", __func__, - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - len, (u_long)sizeof(session_key)); - rsafail++; - } else { - explicit_bzero(session_key, sizeof(session_key)); - BN_bn2bin(session_key_int, - session_key + sizeof(session_key) - len); - - derive_ssh1_session_id( - sensitive_data.ssh1_host_key->rsa->n, - sensitive_data.server_key->rsa->n, - cookie, session_id); - /* - * Xor the first 16 bytes of the session key with the - * session id. - */ - for (i = 0; i < 16; i++) - session_key[i] ^= session_id[i]; - } - - /* Destroy the private and public keys. No longer. */ - destroy_sensitive_data(); - - if (use_privsep) - mm_ssh1_session_id(session_id); - - /* Destroy the decrypted integer. It is no longer needed. */ - BN_clear_free(real_key_int); - BN_clear_free(fake_key_int); - - /* Set the session key. From this on all communications will be encrypted. */ - packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); - - /* Destroy our copy of the session key. It is no longer needed. */ - explicit_bzero(session_key, sizeof(session_key)); - - debug("Received session key; encryption turned on."); - - /* Send an acknowledgment packet. Note that this packet is sent encrypted. */ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -} -#endif - int sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, const u_char *data, size_t dlen, const char *alg, u_int flag) @@ -2545,10 +2066,6 @@ do_ssh2_kex(void) if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; - } else if (options.compression == COMP_DELAYED) { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = - "none,zlib@openssh.com"; } if (options.rekey_limit || options.rekey_interval) diff --git a/crypto/external/bsd/openssh/dist/sshd_config b/crypto/external/bsd/openssh/dist/sshd_config index e168cc5b4df1..b3a12ff7cb0e 100644 --- a/crypto/external/bsd/openssh/dist/sshd_config +++ b/crypto/external/bsd/openssh/dist/sshd_config @@ -1,5 +1,5 @@ -# $NetBSD: sshd_config,v 1.17 2016/08/02 13:45:12 christos Exp $ -# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ +# $NetBSD: sshd_config,v 1.18 2016/12/25 00:07:47 christos Exp $ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -14,21 +14,11 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none @@ -44,7 +34,6 @@ #MaxAuthTries 6 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 @@ -57,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes diff --git a/crypto/external/bsd/openssh/dist/sshd_config.5 b/crypto/external/bsd/openssh/dist/sshd_config.5 index ea31f6223d14..9076db02ac37 100644 --- a/crypto/external/bsd/openssh/dist/sshd_config.5 +++ b/crypto/external/bsd/openssh/dist/sshd_config.5 @@ -1,4 +1,4 @@ -.\" $NetBSD: sshd_config.5,v 1.22 2016/08/02 13:45:12 christos Exp $ +.\" $NetBSD: sshd_config.5,v 1.23 2016/12/25 00:07:47 christos Exp $ .\" -*- nroff -*- .\" .\" Author: Tatu Ylonen @@ -35,8 +35,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.227 2016/07/19 12:59:16 jmc Exp $ -.Dd July 19 2016 +.\" $OpenBSD: sshd_config.5,v 1.239 2016/11/30 03:00:05 djm Exp $ +.Dd November 30 2016 .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -92,19 +92,18 @@ The default is not to accept any environment variables. Specifies which address family should be used by .Xr sshd 8 . Valid arguments are -.Dq any , -.Dq inet +.Cm any +(the default), +.Cm inet (use IPv4 only), or -.Dq inet6 +.Cm inet6 (use IPv6 only). -The default is -.Dq any . .It Cm AllowAgentForwarding Specifies whether .Xr ssh-agent 1 forwarding is permitted. The default is -.Dq yes . +.Cm yes . Note that disabling agent forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. @@ -125,46 +124,44 @@ and finally See PATTERNS in .Xr ssh_config 5 for more information on patterns. -.It Cm AllowTcpForwarding -Specifies whether TCP forwarding is permitted. -The available options are -.Dq yes -or -.Dq all -to allow TCP forwarding, -.Dq no -to prevent all TCP forwarding, -.Dq local -to allow local (from the perspective of -.Xr ssh 1 ) -forwarding only or -.Dq remote -to allow remote forwarding only. -The default is -.Dq yes . -Note that disabling TCP forwarding does not improve security unless -users are also denied shell access, as they can always install their -own forwarders. .It Cm AllowStreamLocalForwarding Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. The available options are -.Dq yes +.Cm yes +(the default) or -.Dq all +.Cm all to allow StreamLocal forwarding, -.Dq no +.Cm no to prevent all StreamLocal forwarding, -.Dq local +.Cm local to allow local (from the perspective of .Xr ssh 1 ) forwarding only or -.Dq remote +.Cm remote to allow remote forwarding only. -The default is -.Dq yes . Note that disabling StreamLocal forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. +.It Cm AllowTcpForwarding +Specifies whether TCP forwarding is permitted. +The available options are +.Cm yes +(the default) +or +.Cm all +to allow TCP forwarding, +.Cm no +to prevent all TCP forwarding, +.Cm local +to allow local (from the perspective of +.Xr ssh 1 ) +forwarding only or +.Cm remote +to allow remote forwarding only. +Note that disabling TCP forwarding does not improve security unless +users are also denied shell access, as they can always install their +own forwarders. .It Cm AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. @@ -192,80 +189,73 @@ Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one or more comma-separated lists of authentication method names, or by the single string -.Dq any +.Cm any to indicate the default behaviour of accepting any single authentication method. -if the default is overridden, then successful authentication requires +If the default is overridden, then successful authentication requires completion of every method in at least one of these lists. .Pp -For example, an argument of -.Dq publickey,password publickey,keyboard-interactive +For example, +.Qq publickey,password publickey,keyboard-interactive would require the user to complete public key authentication, followed by either password or keyboard interactive authentication. Only methods that are next in one or more lists are offered at each stage, -so for this example, it would not be possible to attempt password or +so for this example it would not be possible to attempt password or keyboard-interactive authentication before public key. .Pp For keyboard interactive authentication it is also possible to restrict authentication to a specific device by appending a colon followed by the device identifier -.Dq bsdauth , -.Dq pam , +.Cm bsdauth , +.Cm pam , or -.Dq skey , +.Cm skey , depending on the server configuration. For example, -.Dq keyboard-interactive:bsdauth +.Qq keyboard-interactive:bsdauth would restrict keyboard interactive authentication to the -.Dq bsdauth +.Cm bsdauth device. .Pp -If the -.Dq publickey -method is listed more than once, +If the publickey method is listed more than once, .Xr sshd 8 verifies that keys that have been used successfully are not reused for subsequent authentications. -For example, an -.Cm AuthenticationMethods -of -.Dq publickey,publickey -will require successful authentication using two different public keys. +For example, +.Qq publickey,publickey +requires successful authentication using two different public keys. .Pp -This option will yield a fatal -error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. -The default -.Dq any -is not to require multiple authentication; successful completion -of a single authentication method is sufficient. .It Cm AuthorizedKeysCommand Specifies a program to be used to look up the user's public keys. The program must be owned by root, not writable by group or others and specified by an absolute path. -.Pp Arguments to .Cm AuthorizedKeysCommand -may be provided using the following tokens, which will be expanded -at runtime: %% is replaced by a literal '%', %u is replaced by the -username being authenticated, %h is replaced by the home directory -of the user being authenticated, %t is replaced with the key type -offered for authentication, %f is replaced with the fingerprint of -the key, and %k is replaced with the key being offered for authentication. -If no arguments are specified then the username of the target user -will be supplied. +accept the tokens described in the +.Sx TOKENS +section. +If no arguments are specified then the username of the target user is used. .Pp The program should produce on standard output zero or -more lines of authorized_keys output (see AUTHORIZED_KEYS in +more lines of authorized_keys output (see +.Sx AUTHORIZED_KEYS +in .Xr sshd 8 ) . -If a key supplied by AuthorizedKeysCommand does not successfully authenticate +If a key supplied by +.Cm AuthorizedKeysCommand +does not successfully authenticate and authorize the user then public key authentication continues using the usual .Cm AuthorizedKeysFile files. -By default, no AuthorizedKeysCommand is run. +By default, no +.Cm AuthorizedKeysCommand +is run. .It Cm AuthorizedKeysCommandUser -Specifies the user under whose account the AuthorizedKeysCommand is run. +Specifies the user under whose account the +.Cm AuthorizedKeysCommand +is run. It is recommended to use a dedicated user that has no other role on the host than running authorized keys commands. If @@ -276,41 +266,38 @@ is not, then .Xr sshd 8 will refuse to start. .It Cm AuthorizedKeysFile -Specifies the file that contains the public keys that can be used -for user authentication. +Specifies the file that contains the public keys used for user authentication. The format is described in the -AUTHORIZED_KEYS FILE FORMAT +.Sx AUTHORIZED_KEYS FILE FORMAT section of .Xr sshd 8 . +Arguments to .Cm AuthorizedKeysFile -may contain tokens of the form %T which are substituted during connection -setup. -The following tokens are defined: %% is replaced by a literal '%', -%h is replaced by the home directory of the user being authenticated, and -%u is replaced by the username of that user. +accept the tokens described in the +.Sx TOKENS +section. After expansion, .Cm AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory. Multiple files may be listed, separated by whitespace. Alternately this option may be set to -.Dq none +.Cm none to skip checking for user keys in files. The default is -.Dq .ssh/authorized_keys .ssh/authorized_keys2 . +.Qq .ssh/authorized_keys .ssh/authorized_keys2 . .It Cm AuthorizedPrincipalsCommand Specifies a program to be used to generate the list of allowed certificate principals as per .Cm AuthorizedPrincipalsFile . The program must be owned by root, not writable by group or others and specified by an absolute path. -.Pp Arguments to .Cm AuthorizedPrincipalsCommand -may be provided using the following tokens, which will be expanded -at runtime: %% is replaced by a literal '%', %u is replaced by the -username being authenticated and %h is replaced by the home directory -of the user being authenticated. +accept the tokens described in the +.Sx TOKENS +section. +If no arguments are specified then the username of the target user is used. .Pp The program should produce on standard output zero or more lines of @@ -322,9 +309,13 @@ or .Cm AuthorizedPrincipalsFile is specified, then certificates offered by the client for authentication must contain a principal that is listed. -By default, no AuthorizedPrincipalsCommand is run. +By default, no +.Cm AuthorizedPrincipalsCommand +is run. .It Cm AuthorizedPrincipalsCommandUser -Specifies the user under whose account the AuthorizedPrincipalsCommand is run. +Specifies the user under whose account the +.Cm AuthorizedPrincipalsCommand +is run. It is recommended to use a dedicated user that has no other role on the host than running authorized principals commands. If @@ -341,29 +332,28 @@ When using certificates signed by a key listed in .Cm TrustedUserCAKeys , this file lists names, one of which must appear in the certificate for it to be accepted for authentication. -Names are listed one per line preceded by key options (as described -in AUTHORIZED_KEYS FILE FORMAT in +Names are listed one per line preceded by key options (as described in +.Sx AUTHORIZED_KEYS FILE FORMAT +in .Xr sshd 8 ) . Empty lines and comments starting with .Ql # are ignored. .Pp +Arguments to .Cm AuthorizedPrincipalsFile -may contain tokens of the form %T which are substituted during connection -setup. -The following tokens are defined: %% is replaced by a literal '%', -%h is replaced by the home directory of the user being authenticated, and -%u is replaced by the username of that user. +accept the tokens described in the +.Sx TOKENS +section. After expansion, .Cm AuthorizedPrincipalsFile -is taken to be an absolute path or one relative to the user's home -directory. -.Pp +is taken to be an absolute path or one relative to the user's home directory. The default is -.Dq none , +.Cm none , i.e. not to use a principals file \(en in this case, the username of the user must appear in a certificate's principals list for it to be accepted. +.Pp Note that .Cm AuthorizedPrincipalsFile is only used when authentication proceeds using a CA listed in @@ -379,7 +369,7 @@ for details). The contents of the specified file are sent to the remote user before authentication is allowed. If the argument is -.Dq none +.Cm none then no banner is displayed. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication @@ -388,7 +378,7 @@ All authentication styles from .Xr login.conf 5 are supported. The default is -.Dq yes . +.Cm yes . .It Cm ChrootDirectory Specifies the pathname of a directory to .Xr chroot 2 @@ -400,11 +390,11 @@ which are not writable by any other user or group. After the chroot, .Xr sshd 8 changes the working directory to the user's home directory. -.Pp -The pathname may contain the following tokens that are expanded at runtime once -the connecting user has been authenticated: %% is replaced by a literal '%', -%h is replaced by the home directory of the user being authenticated, and -%u is replaced by the username of that user. +Arguments to +.Cm ChrootDirectory +accept the tokens described in the +.Sx TOKENS +section. .Pp The .Cm ChrootDirectory @@ -423,10 +413,9 @@ nodes such as and .Xr tty 4 devices. -For file transfer sessions using -.Dq sftp , -no additional configuration of the environment is necessary if the -in-process sftp server is used, +For file transfer sessions using SFTP +no additional configuration of the environment is necessary if the in-process +sftp-server is used, though sessions which use logging may require .Pa /dev/log inside the chroot directory on some operating systems (see @@ -441,7 +430,7 @@ Misconfiguration can lead to unsafe environments which cannot detect. .Pp The default is -.Dq none , +.Cm none , indicating not to .Xr chroot 2 . .It Cm Ciphers @@ -494,23 +483,17 @@ aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com .Ed .Pp -The list of available ciphers may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq cipher . +The list of available ciphers may also be obtained using +.Qq ssh -Q cipher . .It Cm ClientAliveCountMax -Sets the number of client alive messages (see below) which may be -sent without +Sets the number of client alive messages which may be sent without .Xr sshd 8 receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from -.Cm TCPKeepAlive -(below). +.Cm TCPKeepAlive . The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by @@ -522,7 +505,7 @@ server depend on knowing when a connection has become inactive. The default value is 3. If .Cm ClientAliveInterval -(see below) is set to 15, and +is set to 15, and .Cm ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. @@ -535,15 +518,17 @@ channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. .It Cm Compression -Specifies whether compression is allowed, or delayed until +Specifies whether compression is enabled after the user has authenticated successfully. The argument must be -.Dq yes , -.Dq delayed , +.Cm yes , +.Cm delayed +(a legacy synonym for +.Cm yes ) or -.Dq no . +.Cm no . The default is -.Dq delayed . +.Cm yes . .It Cm DenyGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -582,14 +567,20 @@ and finally See PATTERNS in .Xr ssh_config 5 for more information on patterns. +.It Cm DisableForwarding +Disables all forwarding features, including X11, +.Xr ssh-agent 1 , +TCP and StreamLocal. +This option overrides all other forwarding-related options and may +simplify restricted configurations. .It Cm FingerprintHash Specifies the hash algorithm used when logging key fingerprints. Valid options are: -.Dq md5 +.Cm md5 and -.Dq sha256 . +.Cm sha256 . The default is -.Dq sha256 . +.Cm sha256 . .It Cm ForceCommand Forces the execution of the command specified by .Cm ForceCommand , @@ -605,12 +596,12 @@ The command originally supplied by the client is available in the .Ev SSH_ORIGINAL_COMMAND environment variable. Specifying a command of -.Dq internal-sftp -will force the use of an in-process sftp server that requires no support +.Cm internal-sftp +will force the use of an in-process SFTP server that requires no support files when used with .Cm ChrootDirectory . The default is -.Dq none . +.Cm none . .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -623,38 +614,37 @@ can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be -.Dq no +.Cm no to force remote port forwardings to be available to the local host only, -.Dq yes +.Cm yes to force remote port forwardings to bind to the wildcard address, or -.Dq clientspecified +.Cm clientspecified to allow the client to select the address to which the forwarding is bound. The default is -.Dq no . +.Cm no . .It Cm GSSAPIAuthentication Specifies whether user authentication based on GSSAPI is allowed. The default is -.Dq no . +.Cm no . .It Cm GSSAPICleanupCredentials Specifies whether to automatically destroy the user's credentials cache on logout. The default is -.Dq yes . +.Cm yes . .It Cm GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. If set to -.Dq yes -then the client must authenticate against the -.Pa host +.Cm yes +then the client must authenticate against the host service on the current hostname. If set to -.Dq no +.Cm no then the client may authenticate against any service key stored in the machine's default store. This facility is provided to assist with operation on multi homed machines. The default is -.Dq yes . +.Cm yes . .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication as a comma-separated pattern list. @@ -673,17 +663,14 @@ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa .Ed .Pp -The -.Fl Q -option of -.Xr ssh 1 -may be used to list supported key types. +The list of available key types may also be obtained using +.Qq ssh -Q key . .It Cm HostbasedAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (host-based authentication). The default is -.Dq no . +.Cm no . .It Cm HostbasedUsesNameFromPacketOnly Specifies whether or not the server will attempt to perform a reverse name lookup when matching the name in the @@ -694,13 +681,13 @@ and files during .Cm HostbasedAuthentication . A setting of -.Dq yes +.Cm yes means that .Xr sshd 8 uses the name supplied by the client rather than attempting to resolve the name from the TCP connection itself. The default is -.Dq no . +.Cm no . .It Cm HostCertificate Specifies a file containing a public host certificate. The certificate's public key must match a private host key already specified @@ -712,15 +699,12 @@ is not to load any certificates. .It Cm HostKey Specifies a file containing a private host key used by SSH. -The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and +The defaults are .Pa /etc/ssh/ssh_host_dsa_key , .Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and -.Pa /etc/ssh/ssh_host_rsa_key -for protocol version 2. +.Pa /etc/ssh/ssh_host_rsa_key . .Pp Note that .Xr sshd 8 @@ -731,14 +715,6 @@ option restricts which of the keys are actually used by .Xr sshd 8 . .Pp It is possible to have multiple host key files. -.Dq rsa1 -keys are used for version 1 and -.Dq dsa , -.Dq ecdsa , -.Dq ed25519 -or -.Dq rsa -are used for version 2 of the SSH protocol. It is also possible to specify public host key files instead. In this case operations on the private key will be delegated to an @@ -747,7 +723,7 @@ to an Identifies the UNIX-domain socket used to communicate with an agent that has access to the private host keys. If the string -.Dq SSH_AUTH_SOCK +.Qq SSH_AUTH_SOCK is specified, the location of the socket will be read from the .Ev SSH_AUTH_SOCK environment variable. @@ -765,20 +741,14 @@ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa .Ed .Pp -The list of available key types may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq key . +The list of available key types may also be obtained using +.Qq ssh -Q key . .It Cm IgnoreRhosts Specifies that .Pa .rhosts and .Pa .shosts files will not be used in -.Cm RhostsRSAAuthentication -or .Cm HostbasedAuthentication . .Pp .Pa /etc/hosts.equiv @@ -786,66 +756,64 @@ and .Pa /etc/shosts.equiv are still used. The default is -.Dq yes . +.Cm yes . .It Cm IgnoreUserKnownHosts Specifies whether .Xr sshd 8 should ignore the user's .Pa ~/.ssh/known_hosts during -.Cm RhostsRSAAuthentication -or .Cm HostbasedAuthentication . The default is -.Dq no . +.Cm no . .It Cm IPQoS Specifies the IPv4 type-of-service or DSCP class for the connection. Accepted values are -.Dq af11 , -.Dq af12 , -.Dq af13 , -.Dq af21 , -.Dq af22 , -.Dq af23 , -.Dq af31 , -.Dq af32 , -.Dq af33 , -.Dq af41 , -.Dq af42 , -.Dq af43 , -.Dq cs0 , -.Dq cs1 , -.Dq cs2 , -.Dq cs3 , -.Dq cs4 , -.Dq cs5 , -.Dq cs6 , -.Dq cs7 , -.Dq ef , -.Dq lowdelay , -.Dq throughput , -.Dq reliability , +.Cm af11 , +.Cm af12 , +.Cm af13 , +.Cm af21 , +.Cm af22 , +.Cm af23 , +.Cm af31 , +.Cm af32 , +.Cm af33 , +.Cm af41 , +.Cm af42 , +.Cm af43 , +.Cm cs0 , +.Cm cs1 , +.Cm cs2 , +.Cm cs3 , +.Cm cs4 , +.Cm cs5 , +.Cm cs6 , +.Cm cs7 , +.Cm ef , +.Cm lowdelay , +.Cm throughput , +.Cm reliability , or a numeric value. This option may take one or two arguments, separated by whitespace. If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. The default is -.Dq lowdelay +.Cm lowdelay for interactive sessions and -.Dq throughput +.Cm throughput for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to allow keyboard-interactive authentication. The argument to this keyword must be -.Dq yes +.Cm yes or -.Dq no . +.Cm no . The default is to use whatever value .Cm ChallengeResponseAuthentication is set to (by default -.Dq yes ) . +.Cm yes ) . .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication @@ -853,24 +821,24 @@ will be validated through the Kerberos KDC. To use this option, the server needs a Kerberos servtab which allows the verification of the KDC's identity. The default is -.Dq no . +.Cm no . .It Cm KerberosGetAFSToken If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire an AFS token before accessing the user's home directory. The default is -.Dq no . +.Cm no . .It Cm KerberosOrLocalPasswd If password authentication through Kerberos fails then the password will be validated via any additional local mechanism such as .Pa /etc/passwd . The default is -.Dq yes . +.Cm yes . .It Cm KerberosTicketCleanup Specifies whether to automatically destroy the user's ticket cache file on logout. The default is -.Dq yes . +.Cm yes . .It Cm KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. @@ -882,6 +850,8 @@ The supported algorithms are: .Pp .Bl -item -compact -offset indent .It +curve25519-sha256 +.It curve25519-sha256@libssh.org .It diffie-hellman-group1-sha1 @@ -901,27 +871,14 @@ ecdh-sha2-nistp521 .Pp The default is: .Bd -literal -offset indent -curve25519-sha256@libssh.org, +curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1 .Ed .Pp -The list of available key exchange algorithms may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq kex . -.It Cm KeyRegenerationInterval -In protocol version 1, the ephemeral server key is automatically regenerated -after this many seconds (if it has been used). -The purpose of regeneration is to prevent -decrypting captured sessions by later breaking into the machine and -stealing the keys. -The key is never stored anywhere. -If the value is 0, the key is never regenerated. -The default is 3600 (seconds). +The list of available key exchange algorithms may also be obtained using +.Qq ssh -Q kex . .It Cm ListenAddress Specifies the local addresses .Xr sshd 8 @@ -983,7 +940,7 @@ character, then the specified algorithms will be appended to the default set instead of replacing them. .Pp The algorithms that contain -.Dq -etm +.Qq -etm calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. The supported MACs are: @@ -1036,12 +993,8 @@ umac-64@openssh.com,umac-128@openssh.com, hmac-sha2-256,hmac-sha2-512,hmac-sha1 .Ed .Pp -The list of available MAC algorithms may also be obtained using the -.Fl Q -option of -.Xr ssh 1 -with an argument of -.Dq mac . +The list of available MAC algorithms may also be obtained using +.Qq ssh -Q mac . .It Cm Match Introduces a conditional block. If all of the criteria on the @@ -1070,24 +1023,19 @@ and .Cm Address . The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the -PATTERNS section of +.Sx PATTERNS +section of .Xr ssh_config 5 . .Pp The patterns in an .Cm Address criteria may additionally contain addresses to match in CIDR -address/masklen format, e.g.\& -.Dq 192.0.2.0/24 -or -.Dq 3ffe:ffff::/32 . +address/masklen format, +such as 192.0.2.0/24 or 2001:db8::/32. Note that the mask length provided must be consistent with the address - it is an error to specify a mask length that is too long for the address or one with bits set in this host portion of the address. -For example, -.Dq 192.0.2.0/33 -and -.Dq 192.0.2.0/8 -respectively. +For example, 192.0.2.0/33 and 192.0.2.0/8, respectively. .Pp Only a subset of keywords may be used on the lines following a .Cm Match @@ -1108,6 +1056,8 @@ Available keywords are .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm ChrootDirectory , +.Cm ClientAliveCountMax , +.Cm ClientAliveInterval , .Cm DenyGroups , .Cm DenyUsers , .Cm ForceCommand , @@ -1132,8 +1082,6 @@ Available keywords are .Cm PubkeyAuthentication , .Cm RekeyLimit , .Cm RevokedKeys , -.Cm RhostsRSAAuthentication , -.Cm RSAAuthentication , .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , @@ -1168,29 +1116,21 @@ The default is 10:30:100. .Pp Alternatively, random early drop can be enabled by specifying the three colon separated values -.Dq start:rate:full -(e.g. "10:30:60"). +start:rate:full (e.g. "10:30:60"). .Xr sshd 8 -will refuse connection attempts with a probability of -.Dq rate/100 -(30%) -if there are currently -.Dq start -(10) -unauthenticated connections. +will refuse connection attempts with a probability of rate/100 (30%) +if there are currently start (10) unauthenticated connections. The probability increases linearly and all connection attempts -are refused if the number of unauthenticated connections reaches -.Dq full -(60). +are refused if the number of unauthenticated connections reaches full (60). .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is -.Dq yes . +.Cm yes . .It Cm PermitEmptyPasswords When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is -.Dq no . +.Cm no . .It Cm PermitOpen Specifies the destinations to which TCP port forwarding is permitted. The forwarding specification must be one of the following forms: @@ -1215,36 +1155,36 @@ The forwarding specification must be one of the following forms: .Pp Multiple forwards may be specified by separating them with whitespace. An argument of -.Dq any +.Cm any can be used to remove all restrictions and permit any forwarding requests. An argument of -.Dq none +.Cm none can be used to prohibit all forwarding requests. The wildcard -.Dq * +.Sq * can be used for host or port to allow all hosts or ports, respectively. By default all port forwarding requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using .Xr ssh 1 . The argument must be -.Dq yes , -.Dq prohibit-password , -.Dq without-password , -.Dq forced-commands-only , +.Cm yes , +.Cm prohibit-password , +.Cm without-password , +.Cm forced-commands-only , or -.Dq no . +.Cm no . The default is -.Dq prohibit-password . +.Cm prohibit-password . .Pp If this option is set to -.Dq prohibit-password +.Cm prohibit-password or -.Dq without-password , +.Cm without-password , password and keyboard-interactive authentication are disabled for root. .Pp If this option is set to -.Dq forced-commands-only , +.Cm forced-commands-only , root login with public key authentication will be allowed, but only if the .Ar command @@ -1254,37 +1194,37 @@ normally not allowed). All other authentication methods are disabled for root. .Pp If this option is set to -.Dq no , +.Cm no , root is not allowed to log in. -.It Cm PermitTunnel -Specifies whether -.Xr tun 4 -device forwarding is allowed. -The argument must be -.Dq yes , -.Dq point-to-point -(layer 3), -.Dq ethernet -(layer 2), or -.Dq no . -Specifying -.Dq yes -permits both -.Dq point-to-point -and -.Dq ethernet . -The default is -.Dq no . -.Pp -Independent of this setting, the permissions of the selected -.Xr tun 4 -device must allow access to the user. .It Cm PermitTTY Specifies whether .Xr pty 4 allocation is permitted. The default is -.Dq yes . +.Cm yes . +.It Cm PermitTunnel +Specifies whether +.Xr tun 4 +device forwarding is allowed. +The argument must be +.Cm yes , +.Cm point-to-point +(layer 3), +.Cm ethernet +(layer 2), or +.Cm no . +Specifying +.Cm yes +permits both +.Cm point-to-point +and +.Cm ethernet . +The default is +.Cm no . +.Pp +Independent of this setting, the permissions of the selected +.Xr tun 4 +device must allow access to the user. .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment @@ -1295,7 +1235,7 @@ options in are processed by .Xr sshd 8 . The default is -.Dq no . +.Cm no . Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as .Ev LD_PRELOAD . @@ -1304,11 +1244,11 @@ Specifies whether any .Pa ~/.ssh/rc file is executed. The default is -.Dq yes . +.Cm yes . .It Cm PidFile Specifies the file that contains the process ID of the SSH daemon, or -.Dq none +.Cm none to not write one. The default is .Pa /var/run/sshd.pid . @@ -1326,7 +1266,7 @@ Specifies whether should print the date and time of the last user login when a user logs in interactively. The default is -.Dq yes . +.Cm yes . .It Cm PrintMotd Specifies whether .Xr sshd 8 @@ -1337,29 +1277,7 @@ when a user logs in interactively. .Pa /etc/profile , or equivalent.) The default is -.Dq yes . -.It Cm Protocol -Specifies the protocol versions -.Xr sshd 8 -supports. -The possible values are -.Sq 1 -and -.Sq 2 . -Multiple versions must be comma-separated. -The default is -.Sq 2 . -Protocol 1 suffers from a number of cryptographic weaknesses and should -not be used. -It is only offered to support legacy devices. -.Pp -Note that the order of the protocol list does not indicate preference, -because the client selects among multiple protocol versions offered -by the server. -Specifying -.Dq 2,1 -is identical to -.Dq 1,2 . +.Cm yes . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key authentication as a comma-separated pattern list. @@ -1378,15 +1296,12 @@ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,ssh-rsa .Ed .Pp -The -.Fl Q -option of -.Xr ssh 1 -may be used to list supported key types. +The list of available key types may also be obtained using +.Qq ssh -Q key . .It Cm PubkeyAuthentication Specifies whether public key authentication is allowed. The default is -.Dq yes . +.Cm yes . .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1409,12 +1324,12 @@ section. The default value for .Cm RekeyLimit is -.Dq default none , +.Cm default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. .It Cm RevokedKeys Specifies revoked public keys file, or -.Dq none +.Cm none to not use one. Keys listed in this file will be refused for public key authentication. Note that if this file is not readable, then public key authentication will @@ -1424,20 +1339,6 @@ an OpenSSH Key Revocation List (KRL) as generated by .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . -.It Cm RhostsRSAAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together -with successful RSA host authentication is allowed. -The default is -.Dq no . -This option applies to protocol version 1 only. -.It Cm RSAAuthentication -Specifies whether pure RSA authentication is allowed. -The default is -.Dq yes . -This option applies to protocol version 1 only. -.It Cm ServerKeyBits -Defines the number of bits in the ephemeral protocol version 1 server key. -The default and minimum value is 1024. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1460,11 +1361,11 @@ will be unable to forward the port to the Unix-domain socket file. This option is only used for port forwarding to a Unix-domain socket file. .Pp The argument must be -.Dq yes +.Cm yes or -.Dq no . +.Cm no . The default is -.Dq no . +.Cm no . .It Cm StrictModes Specifies whether .Xr sshd 8 @@ -1473,7 +1374,7 @@ user's files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is -.Dq yes . +.Cm yes . Note that this does not apply to .Cm ChrootDirectory , whose permissions and ownership are checked unconditionally. @@ -1483,16 +1384,12 @@ Arguments should be a subsystem name and a command (with optional arguments) to execute upon subsystem request. .Pp The command -.Xr sftp-server 8 -implements the -.Dq sftp -file transfer subsystem. +.Cm sftp-server +implements the SFTP file transfer subsystem. .Pp Alternately the name -.Dq internal-sftp -implements an in-process -.Dq sftp -server. +.Cm internal-sftp +implements an in-process SFTP server. This may simplify configurations using .Cm ChrootDirectory to force a different filesystem root on clients. @@ -1514,21 +1411,21 @@ connections will die if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not sent, sessions may hang indefinitely on the server, leaving -.Dq ghost +.Qq ghost users and consuming server resources. .Pp The default is -.Dq yes +.Cm yes (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes. This avoids infinitely hanging sessions. .Pp To disable TCP keepalive messages, the value should be set to -.Dq no . +.Cm no . .It Cm TrustedUserCAKeys Specifies a file containing public keys of certificate authorities that are trusted to sign user certificates for authentication, or -.Dq none +.Cm none to not use one. Keys are listed one per line; empty lines and comments starting with .Ql # @@ -1549,7 +1446,7 @@ the resolved host name for the remote IP address maps back to the very same IP address. .Pp If this option is set to -.Dq no +.Cm no (the default) then only addresses and not host names may be used in .Pa ~/.ssh/authorized_keys .Cm from @@ -1558,25 +1455,6 @@ and .Cm Match .Cm Host directives. -.It Cm UseLogin -Specifies whether -.Xr login 1 -is used for interactive login sessions. -The default is -.Dq no . -Note that -.Xr login 1 -is never used for remote command execution. -Note also, that if this is enabled, -.Cm X11Forwarding -will be disabled because -.Xr login 1 -does not know how to handle -.Xr xauth 1 -cookies. -If -.Cm UsePrivilegeSeparation -is specified, it will be disabled after authentication. .It Cm UsePrivilegeSeparation Specifies whether .Xr sshd 8 @@ -1587,23 +1465,23 @@ the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The argument must be -.Dq yes , -.Dq no , +.Cm yes , +.Cm no , or -.Dq sandbox . +.Cm sandbox . If .Cm UsePrivilegeSeparation is set to -.Dq sandbox +.Cm sandbox then the pre-authentication unprivileged process is subject to additional restrictions. The default is -.Dq sandbox . +.Cm sandbox . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Dq none . +.Cm none . .It Cm X11DisplayOffset Specifies the first display number available for .Xr sshd 8 Ns 's @@ -1613,18 +1491,18 @@ The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. The argument must be -.Dq yes +.Cm yes or -.Dq no . +.Cm no . The default is -.Dq no . +.Cm no . .Pp When X11 forwarding is enabled, there may be additional exposure to the server and to client displays if the .Xr sshd 8 proxy display is configured to listen on the wildcard address (see -.Cm X11UseLocalhost -below), though this is not the default. +.Cm X11UseLocalhost ) , +though this is not the default. Additionally, the authentication spoofing and authentication data verification and substitution occur on the client side. The security risk of using X11 forwarding is that the client's X11 @@ -1636,14 +1514,11 @@ in A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a -.Dq no +.Cm no setting. .Pp Note that disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders. -X11 forwarding is automatically disabled if -.Cm UseLogin -is enabled. .It Cm X11UseLocalhost Specifies whether .Xr sshd 8 @@ -1654,26 +1529,26 @@ sshd binds the forwarding server to the loopback address and sets the hostname part of the .Ev DISPLAY environment variable to -.Dq localhost . +.Cm localhost . This prevents remote hosts from connecting to the proxy display. However, some older X11 clients may not function with this configuration. .Cm X11UseLocalhost may be set to -.Dq no +.Cm no to specify that the forwarding server should be bound to the wildcard address. The argument must be -.Dq yes +.Cm yes or -.Dq no . +.Cm no . The default is -.Dq yes . +.Cm yes . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1 program, or -.Dq none +.Cm none to not use one. The default is .Pa /usr/X11R6/bin/xauth . @@ -1775,6 +1650,50 @@ Time format examples: .It 1h30m 1 hour 30 minutes (90 minutes) .El +.Sh TOKENS +Arguments to some keywords can make use of tokens, +which are expanded at runtime: +.Pp +.Bl -tag -width XXXX -offset indent -compact +.It %% +A literal +.Sq % . +.It %F +The fingerprint of the CA key. +.It %f +The fingerprint of the key or certificate. +.It %h +The home directory of the user. +.It %i +The key ID in the certificate. +.It %K +The base64-encoded CA key. +.It %k +The base64-encoded key or certificate for authentication. +.It %s +The serial number of the certificate. +.It \&%T +The type of the CA key. +.It %t +The key or certificate type. +.It %u +The username. +.El +.Pp +.Cm AuthorizedKeysCommand +accepts the tokens %%, %f, %h, %t, and %u. +.Pp +.Cm AuthorizedKeysFile +accepts the tokens %%, %h, and %u. +.Pp +.Cm AuthorizedPrincipalsCommand +accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u. +.Pp +.Cm AuthorizedPrincipalsFile +accepts the tokens %%, %h, and %u. +.Pp +.Cm ChrootDirectory +accepts the tokens %%, %h, and %u. .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config @@ -1784,15 +1703,22 @@ This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. .El .Sh SEE ALSO +.Xr sftp-server 8 , .Xr sshd 8 .Sh AUTHORS +.An -nosplit OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song +ssh 1.2.12 release by +.An Tatu Ylonen . +.An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos , +.An Theo de Raadt +and +.An Dug Song removed many bugs, re-added newer features and created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. -Niels Provos and Markus Friedl contributed support -for privilege separation. +.An Markus Friedl +contributed the support for SSH protocol versions 1.5 and 2.0. +.An Niels Provos +and +.An Markus Friedl +contributed support for privilege separation. diff --git a/crypto/external/bsd/openssh/dist/ssherr.c b/crypto/external/bsd/openssh/dist/ssherr.c index f7b7d82bbb65..ef220da5ad74 100644 --- a/crypto/external/bsd/openssh/dist/ssherr.c +++ b/crypto/external/bsd/openssh/dist/ssherr.c @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: ssherr.c,v 1.4 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssherr.c,v 1.5 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/sshkey.c b/crypto/external/bsd/openssh/dist/sshkey.c index 3090fb30374b..b13728a5447a 100644 --- a/crypto/external/bsd/openssh/dist/sshkey.c +++ b/crypto/external/bsd/openssh/dist/sshkey.c @@ -1,5 +1,6 @@ -/* $NetBSD: sshkey.c,v 1.8 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: sshkey.c,v 1.35 2016/06/19 07:48:02 djm Exp $ */ +/* $NetBSD: sshkey.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ + /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -26,9 +27,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: sshkey.c,v 1.8 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: sshkey.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); -#include /* MIN MAX */ #include #include @@ -187,7 +187,7 @@ sshkey_ecdsa_nid_from_name(const char *name) } char * -key_alg_list(int certs_only, int plain_only) +sshkey_alg_list(int certs_only, int plain_only, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; @@ -199,7 +199,7 @@ key_alg_list(int certs_only, int plain_only) if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; if (ret != NULL) - ret[rlen++] = '\n'; + ret[rlen++] = sep; nlen = strlen(kt->name); if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { free(ret); @@ -496,7 +496,6 @@ sshkey_new(int type) default: free(k); return NULL; - break; } if (sshkey_is_cert(k)) { @@ -865,9 +864,12 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, int nlen = BN_num_bytes(k->rsa->n); int elen = BN_num_bytes(k->rsa->e); + if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } blob_len = nlen + elen; - if (nlen >= INT_MAX - elen || - (blob = malloc(blob_len)) == NULL) { + if ((blob = malloc(blob_len)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1059,10 +1061,10 @@ fingerprint_randomart(const char *alg, u_char *dgst_raw, size_t dgst_raw_len, y += (input & 0x2) ? 1 : -1; /* assure we are still in bounds */ - x = MAX(x, 0); - y = MAX(y, 0); - x = MIN(x, FLDSIZE_X - 1); - y = MIN(y, FLDSIZE_Y - 1); + x = MAXIMUM(x, 0); + y = MAXIMUM(y, 0); + x = MINIMUM(x, FLDSIZE_X - 1); + y = MINIMUM(y, FLDSIZE_Y - 1); /* augment the field */ if (field[x][y] < len - 2) @@ -1103,7 +1105,7 @@ fingerprint_randomart(const char *alg, u_char *dgst_raw, size_t dgst_raw_len, for (y = 0; y < FLDSIZE_Y; y++) { *p++ = '|'; for (x = 0; x < FLDSIZE_X; x++) - *p++ = augmentation_string[MIN(field[x][y], len)]; + *p++ = augmentation_string[MINIMUM(field[x][y], len)]; *p++ = '|'; *p++ = '\n'; } @@ -2815,6 +2817,14 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) BIGNUM *order, *x, *y, *tmp; int ret = SSH_ERR_KEY_INVALID_EC_VALUE; + /* + * NB. This assumes OpenSSL has already verified that the public + * point lies on the curve. This is done by EC_POINT_oct2point() + * implicitly calling EC_POINT_is_on_curve(). If this code is ever + * reachable with public points not unmarshalled using + * EC_POINT_oct2point then the caller will need to explicitly check. + */ + if ((bnctx = BN_CTX_new()) == NULL) return SSH_ERR_ALLOC_FAIL; BN_CTX_start(bnctx); @@ -2982,13 +2992,11 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, size_t i, pubkeylen, keylen, ivlen, blocksize, authlen; u_int check; int r = SSH_ERR_INTERNAL_ERROR; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; const char *kdfname = KDFNAME; struct sshbuf *encoded = NULL, *encrypted = NULL, *kdf = NULL; - memset(&ciphercontext, 0, sizeof(ciphercontext)); - if (rounds <= 0) rounds = DEFAULT_ROUNDS; if (passphrase == NULL || !strlen(passphrase)) { @@ -3075,7 +3083,7 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, if ((r = sshbuf_reserve(encoded, sshbuf_len(encrypted) + authlen, &cp)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, cp, + if ((r = cipher_crypt(ciphercontext, 0, cp, sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0) goto out; @@ -3107,7 +3115,7 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, sshbuf_free(kdf); sshbuf_free(encoded); sshbuf_free(encrypted); - cipher_cleanup(&ciphercontext); + cipher_free(ciphercontext); explicit_bzero(salt, sizeof(salt)); if (key != NULL) { explicit_bzero(key, keylen + ivlen); @@ -3136,12 +3144,11 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, size_t i, keylen = 0, ivlen = 0, authlen = 0, slen = 0; struct sshbuf *encoded = NULL, *decoded = NULL; struct sshbuf *kdf = NULL, *decrypted = NULL; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; struct sshkey *k = NULL; u_char *key = NULL, *salt = NULL, *dp, pad, last; u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; - memset(&ciphercontext, 0, sizeof(ciphercontext)); if (keyp != NULL) *keyp = NULL; if (commentp != NULL) @@ -3270,7 +3277,7 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, (r = cipher_init(&ciphercontext, cipher, key, keylen, key + keylen, ivlen, 0)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded), + if ((r = cipher_crypt(ciphercontext, 0, dp, sshbuf_ptr(decoded), encrypted_len, 0, authlen)) != 0) { /* an integrity error here indicates an incorrect passphrase */ if (r == SSH_ERR_MAC_INVALID) @@ -3324,7 +3331,7 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, } out: pad = 0; - cipher_cleanup(&ciphercontext); + cipher_free(ciphercontext); free(ciphername); free(kdfname); free(comment); @@ -3358,7 +3365,7 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, struct sshbuf *buffer = NULL, *encrypted = NULL; u_char buf[8]; int r, cipher_num; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; u_char *cp; @@ -3428,16 +3435,14 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_ENCRYPT)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, cp, + if ((r = cipher_crypt(ciphercontext, 0, cp, sshbuf_ptr(buffer), sshbuf_len(buffer), 0, 0)) != 0) goto out; - if ((r = cipher_cleanup(&ciphercontext)) != 0) - goto out; r = sshbuf_putb(blob, encrypted); out: - explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + cipher_free(ciphercontext); explicit_bzero(buf, sizeof(buf)); sshbuf_free(buffer); sshbuf_free(encrypted); @@ -3601,7 +3606,7 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, struct sshbuf *decrypted = NULL, *copy = NULL; u_char *cp; char *comment = NULL; - struct sshcipher_ctx ciphercontext; + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; struct sshkey *prv = NULL; @@ -3659,12 +3664,8 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_DECRYPT)) != 0) goto out; - if ((r = cipher_crypt(&ciphercontext, 0, cp, - sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) { - cipher_cleanup(&ciphercontext); - goto out; - } - if ((r = cipher_cleanup(&ciphercontext)) != 0) + if ((r = cipher_crypt(ciphercontext, 0, cp, + sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) goto out; if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 || @@ -3701,7 +3702,7 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, comment = NULL; } out: - explicit_bzero(&ciphercontext, sizeof(ciphercontext)); + cipher_free(ciphercontext); free(comment); sshkey_free(prv); sshbuf_free(copy); diff --git a/crypto/external/bsd/openssh/dist/sshkey.h b/crypto/external/bsd/openssh/dist/sshkey.h index eb87303251b5..c27f49c23ac1 100644 --- a/crypto/external/bsd/openssh/dist/sshkey.h +++ b/crypto/external/bsd/openssh/dist/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.13 2016/05/02 09:36:42 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -151,7 +151,7 @@ int sshkey_ec_validate_private(const EC_KEY *); const char *sshkey_ssh_name(const struct sshkey *); const char *sshkey_ssh_name_plain(const struct sshkey *); int sshkey_names_valid2(const char *, int); -char *key_alg_list(int, int); +char *sshkey_alg_list(int, int, char); int sshkey_from_blob(const u_char *, size_t, struct sshkey **); int sshkey_fromb(struct sshbuf *, struct sshkey **); diff --git a/crypto/external/bsd/openssh/dist/sshlogin.c b/crypto/external/bsd/openssh/dist/sshlogin.c index 37ffaefdfd3c..949db596647f 100644 --- a/crypto/external/bsd/openssh/dist/sshlogin.c +++ b/crypto/external/bsd/openssh/dist/sshlogin.c @@ -1,4 +1,4 @@ -/* $NetBSD: sshlogin.c,v 1.7 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: sshlogin.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sshlogin.c,v 1.32 2015/12/26 20:51:35 guenther Exp $ */ /* @@ -42,7 +42,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshlogin.c,v 1.7 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: sshlogin.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/sshlogin.h b/crypto/external/bsd/openssh/dist/sshlogin.h index a2d38be362b5..ad3cb05cf5ba 100644 --- a/crypto/external/bsd/openssh/dist/sshlogin.h +++ b/crypto/external/bsd/openssh/dist/sshlogin.h @@ -1,4 +1,4 @@ -/* $NetBSD: sshlogin.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: sshlogin.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sshlogin.h,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/sshpty.c b/crypto/external/bsd/openssh/dist/sshpty.c index 8e1f5c82b59c..1b41e81c33df 100644 --- a/crypto/external/bsd/openssh/dist/sshpty.c +++ b/crypto/external/bsd/openssh/dist/sshpty.c @@ -1,5 +1,6 @@ -/* $NetBSD: sshpty.c,v 1.5 2015/08/13 10:33:21 christos Exp $ */ -/* $OpenBSD: sshpty.c,v 1.30 2015/07/30 23:09:15 djm Exp $ */ +/* $NetBSD: sshpty.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sshpty.c,v 1.31 2016/11/29 03:54:50 dtucker Exp $ */ + /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -14,7 +15,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshpty.c,v 1.5 2015/08/13 10:33:21 christos Exp $"); +__RCSID("$NetBSD: sshpty.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include #include @@ -182,3 +183,15 @@ pty_setowner(struct passwd *pw, const char *tty) } } } + +/* Disconnect from the controlling tty. */ +void +disconnect_controlling_tty(void) +{ + int fd; + + if ((fd = open(_PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) { + (void) ioctl(fd, TIOCNOTTY, NULL); + close(fd); + } +} diff --git a/crypto/external/bsd/openssh/dist/sshpty.h b/crypto/external/bsd/openssh/dist/sshpty.h index d2677e56eee6..7597b1154934 100644 --- a/crypto/external/bsd/openssh/dist/sshpty.h +++ b/crypto/external/bsd/openssh/dist/sshpty.h @@ -1,5 +1,5 @@ -/* $NetBSD: sshpty.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ -/* $OpenBSD: sshpty.h,v 1.12 2010/01/09 05:04:24 djm Exp $ */ +/* $NetBSD: sshpty.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: sshpty.h,v 1.13 2016/11/29 03:54:50 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -26,3 +26,4 @@ void pty_release(const char *); void pty_make_controlling_tty(int *, const char *); void pty_change_window_size(int, u_int, u_int, u_int, u_int); void pty_setowner(struct passwd *, const char *); +void disconnect_controlling_tty(void); diff --git a/crypto/external/bsd/openssh/dist/sshtty.c b/crypto/external/bsd/openssh/dist/sshtty.c index 14f6a7e22fc2..edd246a05271 100644 --- a/crypto/external/bsd/openssh/dist/sshtty.c +++ b/crypto/external/bsd/openssh/dist/sshtty.c @@ -1,4 +1,4 @@ -/* $NetBSD: sshtty.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: sshtty.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: sshtty.c,v 1.14 2010/01/09 05:04:24 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +37,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshtty.c,v 1.5 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: sshtty.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/ttymodes.c b/crypto/external/bsd/openssh/dist/ttymodes.c index 33d9c9094f41..63eb455a5897 100644 --- a/crypto/external/bsd/openssh/dist/ttymodes.c +++ b/crypto/external/bsd/openssh/dist/ttymodes.c @@ -1,4 +1,4 @@ -/* $NetBSD: ttymodes.c,v 1.5 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ttymodes.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ttymodes.c,v 1.30 2016/05/04 14:22:33 markus Exp $ */ /* * Author: Tatu Ylonen @@ -45,7 +45,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ttymodes.c,v 1.5 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: ttymodes.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include diff --git a/crypto/external/bsd/openssh/dist/ttymodes.h b/crypto/external/bsd/openssh/dist/ttymodes.h index d0ae18eb65ed..36d8afab3128 100644 --- a/crypto/external/bsd/openssh/dist/ttymodes.h +++ b/crypto/external/bsd/openssh/dist/ttymodes.h @@ -1,4 +1,4 @@ -/* $NetBSD: ttymodes.h,v 1.5 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: ttymodes.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: ttymodes.h,v 1.15 2016/05/03 09:03:49 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/uidswap.c b/crypto/external/bsd/openssh/dist/uidswap.c index fc11ffc047d1..c28f61d28829 100644 --- a/crypto/external/bsd/openssh/dist/uidswap.c +++ b/crypto/external/bsd/openssh/dist/uidswap.c @@ -1,4 +1,4 @@ -/* $NetBSD: uidswap.c,v 1.5 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: uidswap.c,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: uidswap.c,v 1.39 2015/06/24 01:49:19 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: uidswap.c,v 1.5 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: uidswap.c,v 1.6 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/uidswap.h b/crypto/external/bsd/openssh/dist/uidswap.h index 056a1739073d..c45511287028 100644 --- a/crypto/external/bsd/openssh/dist/uidswap.h +++ b/crypto/external/bsd/openssh/dist/uidswap.h @@ -1,4 +1,4 @@ -/* $NetBSD: uidswap.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: uidswap.h,v 1.5 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: uidswap.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/umac.c b/crypto/external/bsd/openssh/dist/umac.c index 6bba6c3d23a3..73f9bd72a6a1 100644 --- a/crypto/external/bsd/openssh/dist/umac.c +++ b/crypto/external/bsd/openssh/dist/umac.c @@ -1,4 +1,4 @@ -/* $NetBSD: umac.c,v 1.11 2016/06/15 05:01:58 mrg Exp $ */ +/* $NetBSD: umac.c,v 1.12 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ /* ----------------------------------------------------------------------- * @@ -67,7 +67,7 @@ /* ---------------------------------------------------------------------- */ #include "includes.h" -__RCSID("$NetBSD: umac.c,v 1.11 2016/06/15 05:01:58 mrg Exp $"); +__RCSID("$NetBSD: umac.c,v 1.12 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/umac.h b/crypto/external/bsd/openssh/dist/umac.h index 71d56bab2a26..91ffe8156506 100644 --- a/crypto/external/bsd/openssh/dist/umac.h +++ b/crypto/external/bsd/openssh/dist/umac.h @@ -1,4 +1,4 @@ -/* $NetBSD: umac.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: umac.h,v 1.7 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */ /* ----------------------------------------------------------------------- * diff --git a/crypto/external/bsd/openssh/dist/utf8.c b/crypto/external/bsd/openssh/dist/utf8.c index 157ef5d91651..d4acc2a5cd59 100644 --- a/crypto/external/bsd/openssh/dist/utf8.c +++ b/crypto/external/bsd/openssh/dist/utf8.c @@ -1,4 +1,4 @@ -/* $NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $ */ +/* $NetBSD: utf8.c,v 1.4 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze @@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $"); +__RCSID("$NetBSD: utf8.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); /* * Utility functions for multibyte-character handling, * in particular to sanitize untrusted strings for terminal output. diff --git a/crypto/external/bsd/openssh/dist/uuencode.c b/crypto/external/bsd/openssh/dist/uuencode.c index 2c5e2f397479..76566cb2941e 100644 --- a/crypto/external/bsd/openssh/dist/uuencode.c +++ b/crypto/external/bsd/openssh/dist/uuencode.c @@ -1,4 +1,4 @@ -/* $NetBSD: uuencode.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: uuencode.c,v 1.9 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: uuencode.c,v 1.28 2015/04/24 01:36:24 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: uuencode.c,v 1.8 2015/07/03 01:00:00 christos Exp $"); +__RCSID("$NetBSD: uuencode.c,v 1.9 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/uuencode.h b/crypto/external/bsd/openssh/dist/uuencode.h index 5f18eca554a8..cc5a13aa1cb8 100644 --- a/crypto/external/bsd/openssh/dist/uuencode.h +++ b/crypto/external/bsd/openssh/dist/uuencode.h @@ -1,4 +1,4 @@ -/* $NetBSD: uuencode.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: uuencode.h,v 1.6 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ /* diff --git a/crypto/external/bsd/openssh/dist/verify.c b/crypto/external/bsd/openssh/dist/verify.c index 73e3f3096fe6..de9e03968a37 100644 --- a/crypto/external/bsd/openssh/dist/verify.c +++ b/crypto/external/bsd/openssh/dist/verify.c @@ -5,7 +5,7 @@ * Copied from nacl-20110221/crypto_verify/32/ref/verify.c */ #include "includes.h" -__RCSID("$NetBSD: verify.c,v 1.3 2015/04/03 23:58:19 christos Exp $"); +__RCSID("$NetBSD: verify.c,v 1.4 2016/12/25 00:07:47 christos Exp $"); #include "crypto_api.h" diff --git a/crypto/external/bsd/openssh/dist/version.h b/crypto/external/bsd/openssh/dist/version.h index 913f6b95597f..1c7551d79ff6 100644 --- a/crypto/external/bsd/openssh/dist/version.h +++ b/crypto/external/bsd/openssh/dist/version.h @@ -1,7 +1,7 @@ -/* $NetBSD: version.h,v 1.21 2016/08/02 13:45:12 christos Exp $ */ -/* $OpenBSD: version.h,v 1.77 2016/07/24 11:45:36 djm Exp $ */ +/* $NetBSD: version.h,v 1.22 2016/12/25 00:07:47 christos Exp $ */ +/* $OpenBSD: version.h,v 1.78 2016/12/19 04:55:51 djm Exp $ */ -#define __OPENSSH_VERSION "OpenSSH_7.3" +#define __OPENSSH_VERSION "OpenSSH_7.4" #define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-20160802" #define SSH_HPN "-hpn13v14" #define SSH_LPK "-lpk" diff --git a/crypto/external/bsd/openssh/dist/xmalloc.c b/crypto/external/bsd/openssh/dist/xmalloc.c index 8bc3c417c3dd..a047b2047c9b 100644 --- a/crypto/external/bsd/openssh/dist/xmalloc.c +++ b/crypto/external/bsd/openssh/dist/xmalloc.c @@ -1,4 +1,4 @@ -/* $NetBSD: xmalloc.c,v 1.7 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: xmalloc.c,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -16,7 +16,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: xmalloc.c,v 1.7 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: xmalloc.c,v 1.8 2016/12/25 00:07:47 christos Exp $"); #include #include #include diff --git a/crypto/external/bsd/openssh/dist/xmalloc.h b/crypto/external/bsd/openssh/dist/xmalloc.h index 3c5851b32331..5bc866794d73 100644 --- a/crypto/external/bsd/openssh/dist/xmalloc.h +++ b/crypto/external/bsd/openssh/dist/xmalloc.h @@ -1,4 +1,4 @@ -/* $NetBSD: xmalloc.h,v 1.7 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: xmalloc.h,v 1.8 2016/12/25 00:07:47 christos Exp $ */ /* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ /* diff --git a/crypto/external/bsd/openssh/lib/shlib_version b/crypto/external/bsd/openssh/lib/shlib_version index b6e6d81b02f5..b7aac9dc44cb 100644 --- a/crypto/external/bsd/openssh/lib/shlib_version +++ b/crypto/external/bsd/openssh/lib/shlib_version @@ -1,5 +1,5 @@ -# $NetBSD: shlib_version,v 1.17 2016/08/02 13:45:13 christos Exp $ +# $NetBSD: shlib_version,v 1.18 2016/12/25 00:07:47 christos Exp $ # Remember to update distrib/sets/lists/base/shl.* when changing # -major=28 +major=29 minor=0