From 44a053a3174c2aaef640d35350c460003288be99 Mon Sep 17 00:00:00 2001 From: jbasney Date: Fri, 21 Jun 2002 22:21:36 +0000 Subject: [PATCH] resolved conflicts with import of OpenSSH 3.3p1 --- openssh/Makefile.in | 29 +- openssh/README.privsep | 23 +- openssh/acconfig.h | 3 + openssh/auth-krb5.c | 2 +- openssh/auth.h | 9 +- openssh/auth1.c | 5 +- openssh/auth2.c | 599 ++------------------------- openssh/cipher.c | 95 ++--- openssh/configure.ac | 35 +- openssh/defines.h | 8 +- openssh/gss-serv.c | 12 + openssh/kex.h | 4 +- openssh/key.c | 6 +- openssh/monitor.c | 234 ++++++----- openssh/monitor.h | 6 +- openssh/monitor_fdpass.c | 18 +- openssh/monitor_mm.c | 17 +- openssh/monitor_wrap.c | 144 +++---- openssh/openbsd-compat/port-aix.c | 95 ----- openssh/openbsd-compat/port-aix.h | 5 - openssh/packet.c | 23 +- openssh/packet.h | 3 +- openssh/readconf.c | 40 +- openssh/readconf.h | 4 +- openssh/scard/Ssh.bin | Bin 568 -> 0 bytes openssh/servconf.c | 26 +- openssh/servconf.h | 3 +- openssh/session.c | 133 +++++- openssh/ssh-rand-helper.c | 2 +- openssh/ssh.1 | 653 ++--------------------------- openssh/ssh.c | 141 ++----- openssh/ssh_config.5 | 35 +- openssh/sshconnect1.c | 12 +- openssh/sshconnect2.c | 121 +++++- openssh/sshd.8 | 657 +----------------------------- openssh/sshd.c | 35 +- openssh/sshd_config.5 | 16 + 37 files changed, 828 insertions(+), 2425 deletions(-) delete mode 100644 openssh/scard/Ssh.bin diff --git a/openssh/Makefile.in b/openssh/Makefile.in index 47f98fb..cba469e 100644 --- a/openssh/Makefile.in +++ b/openssh/Makefile.in @@ -23,15 +23,18 @@ VPATH=@srcdir@ SSH_PROGRAM=@bindir@/ssh ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server +SSH_KEYSIGN=$(libexecdir)/ssh-keysign +RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ + -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \ -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \ - -DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\" + -DSSH_RAND_HELPER=\"$(RAND_HELPER)\" CC=@CC@ LD=@LD@ @@ -48,23 +51,22 @@ ENT=@ENT@ XAUTH_PATH=@XAUTH_PATH@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ EXEEXT=@EXEEXT@ -SSH_MODE= @SSHMODE@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ @NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT) -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) -LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o kexgss.o gss-genr.o +LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o kexgss.o gss-genr.o SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o gss-serv.o +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o gss-serv.o -MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out -MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 +MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out +MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 MANTYPE = @MANTYPE@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out @@ -125,6 +127,9 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o + $(LD) -o $@ ssh-keysign.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) @@ -204,9 +209,10 @@ install-files: scard-install $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) $(srcdir)/mkinstalldirs $(DESTDIR)$(datadir) $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) - $(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh + $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent @@ -216,6 +222,7 @@ install-files: scard-install if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ $(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ fi + $(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) @NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 @@ -224,12 +231,15 @@ install-files: scard-install $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 + $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 + $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ fi @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 + $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(bindir)/slogin ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 @@ -323,6 +333,8 @@ uninstall: -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) + -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) + -rm -f $(DESTDIR)$(RAND_HELPER)$(EXEEXT) -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/gsissh.1 @@ -335,4 +347,5 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 diff --git a/openssh/README.privsep b/openssh/README.privsep index 63c4d4a..c2ce935 100644 --- a/openssh/README.privsep +++ b/openssh/README.privsep @@ -1,13 +1,16 @@ -Privilege separation, or privsep, is an experimental feature in -OpenSSH in which operations that require root privilege are performed -by a separate privileged monitor process. Its purpose is to prevent -privilege escalation by containing corruption to an unprivileged -process. More information is available at: +Privilege separation, or privsep, is method in OpenSSH by which +operations that require root privilege are performed by a separate +privileged monitor process. Its purpose is to prevent privilege +escalation by containing corruption to an unprivileged process. +More information is available at: http://www.citi.umich.edu/u/provos/ssh/privsep.html -Privilege separation is not enabled by default, and may be enabled by -specifying "UsePrivilegeSeparation yes" in sshd_config; see the -UsePrivilegeSeparation option in sshd(8). +Privilege separation is now enabled by default; see the +UsePrivilegeSeparation option in sshd_config(5). + +On systems which lack mmap or anonymous (MAP_ANON) memory mapping, +compression must be disabled in order for privilege separation to +function. When privsep is enabled, the pre-authentication sshd process will chroot(2) to "/var/empty" and change its privileges to the "sshd" user @@ -34,8 +37,8 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing and mmap(MAP_ANON). -PAM-enabled OpenSSH is known to function with privsep on Linux and -Solaris 8. It does not function on HP-UX with a trusted system +PAM-enabled OpenSSH is known to function with privsep on Linux. +It does not function on HP-UX with a trusted system configuration. PAMAuthenticationViaKbdInt does not function with privsep. diff --git a/openssh/acconfig.h b/openssh/acconfig.h index b6c2d40..7e36262 100644 --- a/openssh/acconfig.h +++ b/openssh/acconfig.h @@ -12,6 +12,9 @@ /* supported by bsd-setproctitle.c */ #undef SPT_TYPE +/* setgroups() NOOP allowed */ +#undef SETGROUPS_NOOP + /* SCO workaround */ #undef BROKEN_SYS_TERMIO_H diff --git a/openssh/auth-krb5.c b/openssh/auth-krb5.c index 76c2419..308a6d5 100644 --- a/openssh/auth-krb5.c +++ b/openssh/auth-krb5.c @@ -323,7 +323,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, authctxt->pw->pw_name)) { - problem = -1; + problem = -1; goto out; } diff --git a/openssh/auth.h b/openssh/auth.h index 6627f80..6dd349c 100644 --- a/openssh/auth.h +++ b/openssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.37 2002/05/13 20:44:58 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -43,6 +43,7 @@ #endif typedef struct Authctxt Authctxt; +typedef struct Authmethod Authmethod; typedef struct KbdintDevice KbdintDevice; struct Authctxt { @@ -72,6 +73,12 @@ struct Authctxt { void *methoddata; }; +struct Authmethod { + char *name; + int (*userauth)(Authctxt *authctxt); + int *enabled; +}; + /* * Keyboard interactive device: * init_ctx returns: non NULL upon success diff --git a/openssh/auth1.c b/openssh/auth1.c index baf3e68..db56616 100644 --- a/openssh/auth1.c +++ b/openssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.40 2002/04/10 08:21:47 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -354,7 +354,7 @@ do_authloop(Authctxt *authctxt) if (bits != BN_num_bits(client_host_key->rsa->n)) verbose("Warning: keysize mismatch for client_host_key: " "actual %d, announced %d", - BN_num_bits(client_host_key->rsa->n), bits); + BN_num_bits(client_host_key->rsa->n), bits); packet_check_eom(); authenticated = auth_rhosts_rsa(pw, client_user, @@ -475,6 +475,7 @@ do_authloop(Authctxt *authctxt) if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE + /* XXX: privsep */ loginfailed(authctxt->user, get_canonical_hostname(options.verify_reverse_mapping), "ssh"); diff --git a/openssh/auth2.c b/openssh/auth2.c index a6932ec..e40a8da 100644 --- a/openssh/auth2.c +++ b/openssh/auth2.c @@ -23,36 +23,19 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.91 2002/05/13 02:37:39 itojun Exp $"); - -#include +RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $"); #include "ssh2.h" #include "ssh1.h" #include "xmalloc.h" -#include "rsa.h" -#include "sshpty.h" #include "packet.h" -#include "buffer.h" #include "log.h" #include "servconf.h" #include "compat.h" -#include "channels.h" -#include "bufaux.h" #include "auth.h" -#include "session.h" #include "dispatch.h" -#include "key.h" -#include "cipher.h" -#include "kex.h" #include "pathnames.h" -#include "uidswap.h" -#include "auth-options.h" -#include "hostfile.h" -#include "canohost.h" -#include "match.h" #include "monitor_wrap.h" -#include "atomicio.h" #include "misc.h" #ifdef GSSAPI @@ -70,13 +53,30 @@ extern u_char *session_id2; extern int session_id2_len; Authctxt *x_authctxt = NULL; -static int one = 1; -typedef struct Authmethod Authmethod; -struct Authmethod { - char *name; - int (*userauth)(Authctxt *authctxt); - int *enabled; +/* methods */ + +extern Authmethod method_none; +#ifdef GSSAPI +extern Authmethod method_external; +extern Authmethod method_gssapi; +#endif +extern Authmethod method_pubkey; +extern Authmethod method_passwd; +extern Authmethod method_kbdint; +extern Authmethod method_hostbased; + +Authmethod *authmethods[] = { + &method_none, +#ifdef GSSAPI + &method_external, + &method_gssapi, +#endif + &method_pubkey, + &method_passwd, + &method_kbdint, + &method_hostbased, + NULL }; /* protocol */ @@ -90,46 +90,6 @@ static char *authmethods_get(void); int user_key_allowed(struct passwd *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); -/* auth */ -static void userauth_banner(void); -static int userauth_none(Authctxt *); -static int userauth_passwd(Authctxt *); -static int userauth_pubkey(Authctxt *); -static int userauth_hostbased(Authctxt *); -static int userauth_kbdint(Authctxt *); - -#ifdef GSSAPI -int userauth_external(Authctxt *authctxt); -int userauth_gssapi(Authctxt *authctxt); -#endif - -Authmethod authmethods[] = { - {"none", - userauth_none, - &one}, -#ifdef GSSAPI - {"external-keyx", - userauth_external, - &options.gss_authentication}, - {"gssapi", - userauth_gssapi, - &options.gss_authentication}, -#endif - {"publickey", - userauth_pubkey, - &options.pubkey_authentication}, - {"password", - userauth_passwd, - &options.password_authentication}, - {"keyboard-interactive", - userauth_kbdint, - &options.kbd_interactive_authentication}, - {"hostbased", - userauth_hostbased, - &options.hostbased_authentication}, - {NULL, NULL, NULL} -}; - /* * loop until authctxt->success == TRUE */ @@ -345,6 +305,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) } else { if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE + /* XXX: privsep */ loginfailed(authctxt->user, get_canonical_hostname(options.verify_reverse_mapping), "ssh"); @@ -372,327 +333,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) } } -char * -auth2_read_banner(void) -{ - struct stat st; - char *banner = NULL; - off_t len, n; - int fd; - - if ((fd = open(options.banner, O_RDONLY)) == -1) - return (NULL); - if (fstat(fd, &st) == -1) { - close(fd); - return (NULL); - } - len = st.st_size; - banner = xmalloc(len + 1); - n = atomicio(read, fd, banner, len); - close(fd); - - if (n != len) { - free(banner); - return (NULL); - } - banner[n] = '\0'; - - return (banner); -} - -static void -userauth_banner(void) -{ - char *banner = NULL; - - if (options.banner == NULL || (datafellows & SSH_BUG_BANNER)) - return; - - if ((banner = PRIVSEP(auth2_read_banner())) == NULL) - goto done; - - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(banner); - packet_put_cstring(""); /* language, unused */ - packet_send(); - debug("userauth_banner: sent"); -done: - if (banner) - xfree(banner); - return; -} - -static int -userauth_none(Authctxt *authctxt) -{ - /* disable method "none", only allowed one time */ - Authmethod *m = authmethod_lookup("none"); - if (m != NULL) - m->enabled = NULL; - packet_check_eom(); - userauth_banner(); - - if (authctxt->valid == 0) - return(0); - -#ifdef HAVE_CYGWIN - if (check_nt_auth(1, authctxt->pw) == 0) - return(0); -#endif - return PRIVSEP(auth_password(authctxt, "")); -} - -static int -userauth_passwd(Authctxt *authctxt) -{ - char *password; - int authenticated = 0; - int change; - u_int len; - change = packet_get_char(); - if (change) - log("password change not supported"); - password = packet_get_string(&len); - packet_check_eom(); - if (authctxt->valid && -#ifdef HAVE_CYGWIN - check_nt_auth(1, authctxt->pw) && -#endif - PRIVSEP(auth_password(authctxt, password)) == 1) - authenticated = 1; - memset(password, 0, len); - xfree(password); - return authenticated; -} - -static int -userauth_kbdint(Authctxt *authctxt) -{ - int authenticated = 0; - char *lang, *devs; - - lang = packet_get_string(NULL); - devs = packet_get_string(NULL); - packet_check_eom(); - - debug("keyboard-interactive devs %s", devs); - - if (options.challenge_response_authentication) - authenticated = auth2_challenge(authctxt, devs); - -#ifdef USE_PAM - if (authenticated == 0 && options.pam_authentication_via_kbd_int) - authenticated = auth2_pam(authctxt); -#endif - xfree(devs); - xfree(lang); -#ifdef HAVE_CYGWIN - if (check_nt_auth(0, authctxt->pw) == 0) - return(0); -#endif - return authenticated; -} - -static int -userauth_pubkey(Authctxt *authctxt) -{ - Buffer b; - Key *key = NULL; - char *pkalg; - u_char *pkblob, *sig; - u_int alen, blen, slen; - int have_sig, pktype; - int authenticated = 0; - - if (!authctxt->valid) { - debug2("userauth_pubkey: disabled because of invalid user"); - return 0; - } - have_sig = packet_get_char(); - if (datafellows & SSH_BUG_PKAUTH) { - debug2("userauth_pubkey: SSH_BUG_PKAUTH"); - /* no explicit pkalg given */ - pkblob = packet_get_string(&blen); - buffer_init(&b); - buffer_append(&b, pkblob, blen); - /* so we have to extract the pkalg from the pkblob */ - pkalg = buffer_get_string(&b, &alen); - buffer_free(&b); - } else { - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); - } - pktype = key_type_from_name(pkalg); - if (pktype == KEY_UNSPEC) { - /* this is perfectly legal */ - log("userauth_pubkey: unsupported public key algorithm: %s", - pkalg); - goto done; - } - key = key_from_blob(pkblob, blen); - if (key == NULL) { - error("userauth_pubkey: cannot decode key: %s", pkalg); - goto done; - } - if (key->type != pktype) { - error("userauth_pubkey: type mismatch for decoded key " - "(received %d, expected %d)", key->type, pktype); - goto done; - } - if (have_sig) { - sig = packet_get_string(&slen); - packet_check_eom(); - buffer_init(&b); - if (datafellows & SSH_OLD_SESSIONID) { - buffer_append(&b, session_id2, session_id2_len); - } else { - buffer_put_string(&b, session_id2, session_id2_len); - } - /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, - datafellows & SSH_BUG_PKSERVICE ? - "ssh-userauth" : - authctxt->service); - if (datafellows & SSH_BUG_PKAUTH) { - buffer_put_char(&b, have_sig); - } else { - buffer_put_cstring(&b, "publickey"); - buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, pkalg); - } - buffer_put_string(&b, pkblob, blen); -#ifdef DEBUG_PK - buffer_dump(&b); -#endif - /* test for correct signature */ - authenticated = 0; - if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && - PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b))) == 1) - authenticated = 1; - buffer_clear(&b); - xfree(sig); - } else { - debug("test whether pkalg/pkblob are acceptable"); - packet_check_eom(); - - /* XXX fake reply and always send PK_OK ? */ - /* - * XXX this allows testing whether a user is allowed - * to login: if you happen to have a valid pubkey this - * message is sent. the message is NEVER sent at all - * if a user is not allowed to login. is this an - * issue? -markus - */ - if (PRIVSEP(user_key_allowed(authctxt->pw, key))) { - packet_start(SSH2_MSG_USERAUTH_PK_OK); - packet_put_string(pkalg, alen); - packet_put_string(pkblob, blen); - packet_send(); - packet_write_wait(); - authctxt->postponed = 1; - } - } - if (authenticated != 1) - auth_clear_options(); -done: - debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); - if (key != NULL) - key_free(key); - xfree(pkalg); - xfree(pkblob); -#ifdef HAVE_CYGWIN - if (check_nt_auth(0, authctxt->pw) == 0) - return(0); -#endif - return authenticated; -} - -static int -userauth_hostbased(Authctxt *authctxt) -{ - Buffer b; - Key *key = NULL; - char *pkalg, *cuser, *chost, *service; - u_char *pkblob, *sig; - u_int alen, blen, slen; - int pktype; - int authenticated = 0; - - if (!authctxt->valid) { - debug2("userauth_hostbased: disabled because of invalid user"); - return 0; - } - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); - chost = packet_get_string(NULL); - cuser = packet_get_string(NULL); - sig = packet_get_string(&slen); - - debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d", - cuser, chost, pkalg, slen); -#ifdef DEBUG_PK - debug("signature:"); - buffer_init(&b); - buffer_append(&b, sig, slen); - buffer_dump(&b); - buffer_free(&b); -#endif - pktype = key_type_from_name(pkalg); - if (pktype == KEY_UNSPEC) { - /* this is perfectly legal */ - log("userauth_hostbased: unsupported " - "public key algorithm: %s", pkalg); - goto done; - } - key = key_from_blob(pkblob, blen); - if (key == NULL) { - error("userauth_hostbased: cannot decode key: %s", pkalg); - goto done; - } - if (key->type != pktype) { - error("userauth_hostbased: type mismatch for decoded key " - "(received %d, expected %d)", key->type, pktype); - goto done; - } - service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : - authctxt->service; - buffer_init(&b); - buffer_put_string(&b, session_id2, session_id2_len); - /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, service); - buffer_put_cstring(&b, "hostbased"); - buffer_put_string(&b, pkalg, alen); - buffer_put_string(&b, pkblob, blen); - buffer_put_cstring(&b, chost); - buffer_put_cstring(&b, cuser); -#ifdef DEBUG_PK - buffer_dump(&b); -#endif - /* test for allowed key and correct signature */ - authenticated = 0; - if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && - PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b))) == 1) - authenticated = 1; - - buffer_clear(&b); -done: - debug2("userauth_hostbased: authenticated %d", authenticated); - if (key != NULL) - key_free(key); - xfree(pkalg); - xfree(pkblob); - xfree(cuser); - xfree(chost); - xfree(sig); - return authenticated; -} - /* get current user */ struct passwd* @@ -706,18 +346,20 @@ auth_get_user(void) static char * authmethods_get(void) { - Authmethod *method = NULL; Buffer b; char *list; + int i; buffer_init(&b); - for (method = authmethods; method->name != NULL; method++) { - if (strcmp(method->name, "none") == 0) + for (i = 0; authmethods[i] != NULL; i++) { + if (strcmp(authmethods[i]->name, "none") == 0) continue; - if (method->enabled != NULL && *(method->enabled) != 0) { + if (authmethods[i]->enabled != NULL && + *(authmethods[i]->enabled) != 0) { if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); - buffer_append(&b, method->name, strlen(method->name)); + buffer_append(&b, authmethods[i]->name, + strlen(authmethods[i]->name)); } } buffer_append(&b, "\0", 1); @@ -729,174 +371,15 @@ authmethods_get(void) static Authmethod * authmethod_lookup(const char *name) { - Authmethod *method = NULL; + int i; + if (name != NULL) - for (method = authmethods; method->name != NULL; method++) - if (method->enabled != NULL && - *(method->enabled) != 0 && - strcmp(name, method->name) == 0) - return method; - debug2("Unrecognized authentication method name: %s", name ? name : "NULL"); + for (i = 0; authmethods[i] != NULL; i++) + if (authmethods[i]->enabled != NULL && + *(authmethods[i]->enabled) != 0 && + strcmp(name, authmethods[i]->name) == 0) + return authmethods[i]; + debug2("Unrecognized authentication method name: %s", + name ? name : "NULL"); return NULL; } - -/* return 1 if user allows given key */ -static int -user_key_allowed2(struct passwd *pw, Key *key, char *file) -{ - char line[8192]; - int found_key = 0; - FILE *f; - u_long linenum = 0; - struct stat st; - Key *found; - char *fp; - - if (pw == NULL) - return 0; - - /* Temporarily use the user's uid. */ - temporarily_use_uid(pw); - - debug("trying public key file %s", file); - - /* Fail quietly if file does not exist */ - if (stat(file, &st) < 0) { - /* Restore the privileged uid. */ - restore_uid(); - return 0; - } - /* Open the file containing the authorized keys. */ - f = fopen(file, "r"); - if (!f) { - /* Restore the privileged uid. */ - restore_uid(); - return 0; - } - if (options.strict_modes && - secure_filename(f, file, pw, line, sizeof(line)) != 0) { - fclose(f); - log("Authentication refused: %s", line); - restore_uid(); - return 0; - } - - found_key = 0; - found = key_new(key->type); - - while (fgets(line, sizeof(line), f)) { - char *cp, *options = NULL; - linenum++; - /* Skip leading whitespace, empty and comment lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '\n' || *cp == '#') - continue; - - if (key_read(found, &cp) != 1) { - /* no key? check if there are options for this key */ - int quoted = 0; - debug2("user_key_allowed: check options: '%s'", cp); - options = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - /* Skip remaining whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - if (key_read(found, &cp) != 1) { - debug2("user_key_allowed: advance: '%s'", cp); - /* still no key? advance to next line*/ - continue; - } - } - if (key_equal(found, key) && - auth_parse_options(pw, options, file, linenum) == 1) { - found_key = 1; - debug("matching key found: file %s, line %lu", - file, linenum); - fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); - verbose("Found matching %s key: %s", - key_type(found), fp); - xfree(fp); - break; - } - } - restore_uid(); - fclose(f); - key_free(found); - if (!found_key) - debug2("key not found"); - return found_key; -} - -/* check whether given key is in .ssh/authorized_keys* */ -int -user_key_allowed(struct passwd *pw, Key *key) -{ - int success; - char *file; - - file = authorized_keys_file(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); - if (success) - return success; - - /* try suffix "2" for backward compat, too */ - file = authorized_keys_file2(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); - return success; -} - -/* return 1 if given hostkey is allowed */ -int -hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, - Key *key) -{ - const char *resolvedname, *ipaddr, *lookup; - HostStatus host_status; - int len; - - resolvedname = get_canonical_hostname(options.verify_reverse_mapping); - ipaddr = get_remote_ipaddr(); - - debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", - chost, resolvedname, ipaddr); - - if (options.hostbased_uses_name_from_packet_only) { - if (auth_rhosts2(pw, cuser, chost, chost) == 0) - return 0; - lookup = chost; - } else { - if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { - debug2("stripping trailing dot from chost %s", chost); - chost[len - 1] = '\0'; - } - if (strcasecmp(resolvedname, chost) != 0) - log("userauth_hostbased mismatch: " - "client sends %s, but we resolve %s to %s", - chost, ipaddr, resolvedname); - if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) - return 0; - lookup = resolvedname; - } - debug2("userauth_hostbased: access allowed by auth_rhosts2"); - - host_status = check_key_in_hostfiles(pw, key, lookup, - _PATH_SSH_SYSTEM_HOSTFILE, - options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); - - /* backward compat if no key has been found. */ - if (host_status == HOST_NEW) - host_status = check_key_in_hostfiles(pw, key, lookup, - _PATH_SSH_SYSTEM_HOSTFILE2, - options.ignore_user_known_hosts ? NULL : - _PATH_SSH_USER_HOSTFILE2); - - return (host_status == HOST_OK); -} diff --git a/openssh/cipher.c b/openssh/cipher.c index 86d9234..b18c701 100644 --- a/openssh/cipher.c +++ b/openssh/cipher.c @@ -35,30 +35,32 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.55 2002/04/03 09:26:11 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $"); #include "xmalloc.h" #include "log.h" #include "cipher.h" #include -#include "rijndael.h" #if OPENSSL_VERSION_NUMBER < 0x00906000L #define SSH_OLD_EVP #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #endif -static EVP_CIPHER *evp_ssh1_3des(void); -static EVP_CIPHER *evp_ssh1_bf(void); -static EVP_CIPHER *evp_rijndael(void); +#if OPENSSL_VERSION_NUMBER < 0x00907000L +#include "rijndael.h" +static const EVP_CIPHER *evp_rijndael(void); +#endif +static const EVP_CIPHER *evp_ssh1_3des(void); +static const EVP_CIPHER *evp_ssh1_bf(void); struct Cipher { char *name; int number; /* for ssh1 only */ u_int block_size; u_int key_len; - EVP_CIPHER *(*evptype)(void); + const EVP_CIPHER *(*evptype)(void); } ciphers[] = { { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, @@ -69,11 +71,19 @@ struct Cipher { { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, +#if OPENSSL_VERSION_NUMBER < 0x00907000L { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, +#else + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, + { "rijndael-cbc@lysator.liu.se", + SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, +#endif { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } }; @@ -379,7 +389,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } -static EVP_CIPHER * +static const EVP_CIPHER * evp_ssh1_3des(void) { static EVP_CIPHER ssh1_3des; @@ -431,7 +441,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) swap_bytes(out, out, len); return (ret); } -static EVP_CIPHER * +static const EVP_CIPHER * evp_ssh1_bf(void) { static EVP_CIPHER ssh1_bf; @@ -444,6 +454,7 @@ evp_ssh1_bf(void) return (&ssh1_bf); } +#if OPENSSL_VERSION_NUMBER < 0x00907000L /* RIJNDAEL */ #define RIJNDAEL_BLOCKSIZE 16 struct ssh_rijndael_ctx @@ -529,7 +540,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } -static EVP_CIPHER * +static const EVP_CIPHER * evp_rijndael(void) { static EVP_CIPHER rijndal_cbc; @@ -548,6 +559,7 @@ evp_rijndael(void) #endif return (&rijndal_cbc); } +#endif /* * Exports an IV from the CipherContext required to export the key @@ -583,35 +595,38 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) if (evplen == 0) return; if (evplen != len) - fatal("%s: wrong iv length %d != %d", __FUNCTION__, + fatal("%s: wrong iv length %d != %d", __func__, evplen, len); +#if OPENSSL_VERSION_NUMBER < 0x00907000L if (c->evptype == evp_rijndael) { struct ssh_rijndael_ctx *aesc; aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (aesc == NULL) - fatal("%s: no rijndael context", __FUNCTION__); + fatal("%s: no rijndael context", __func__); civ = aesc->r_iv; - } else { + } else +#endif + { civ = cc->evp.iv; } break; case SSH_CIPHER_3DES: { struct ssh1_3des_ctx *desc; if (len != 24) - fatal("%s: bad 3des iv length: %d", __FUNCTION__, len); + fatal("%s: bad 3des iv length: %d", __func__, len); desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (desc == NULL) - fatal("%s: no 3des context", __FUNCTION__); - debug3("%s: Copying 3DES IV", __FUNCTION__); + fatal("%s: no 3des context", __func__); + debug3("%s: Copying 3DES IV", __func__); memcpy(iv, desc->k1.iv, 8); memcpy(iv + 8, desc->k2.iv, 8); memcpy(iv + 16, desc->k3.iv, 8); return; } default: - fatal("%s: bad cipher %d", __FUNCTION__, c->number); + fatal("%s: bad cipher %d", __func__, c->number); } memcpy(iv, civ, len); } @@ -631,14 +646,17 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) if (evplen == 0) return; +#if OPENSSL_VERSION_NUMBER < 0x00907000L if (c->evptype == evp_rijndael) { struct ssh_rijndael_ctx *aesc; aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (aesc == NULL) - fatal("%s: no rijndael context", __FUNCTION__); + fatal("%s: no rijndael context", __func__); div = aesc->r_iv; - }else { + } else +#endif + { div = cc->evp.iv; } break; @@ -646,15 +664,15 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) struct ssh1_3des_ctx *desc; desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (desc == NULL) - fatal("%s: no 3des context", __FUNCTION__); - debug3("%s: Installed 3DES IV", __FUNCTION__); + fatal("%s: no 3des context", __func__); + debug3("%s: Installed 3DES IV", __func__); memcpy(desc->k1.iv, iv, 8); memcpy(desc->k2.iv, iv + 8, 8); memcpy(desc->k3.iv, iv + 16, 8); return; } default: - fatal("%s: bad cipher %d", __FUNCTION__, c->number); + fatal("%s: bad cipher %d", __func__, c->number); } memcpy(div, iv, evplen); } @@ -671,28 +689,14 @@ int cipher_get_keycontext(CipherContext *cc, u_char *dat) { Cipher *c = cc->cipher; - int plen; + int plen = 0; - if (c->number == SSH_CIPHER_3DES) { - struct ssh1_3des_ctx *desc; - desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); - if (desc == NULL) - fatal("%s: no 3des context", __FUNCTION__); - plen = EVP_X_STATE_LEN(desc->k1); + if (c->evptype == EVP_rc4) { + plen = EVP_X_STATE_LEN(cc->evp); if (dat == NULL) - return (3*plen); - memcpy(dat, EVP_X_STATE(desc->k1), plen); - memcpy(dat + plen, EVP_X_STATE(desc->k2), plen); - memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen); - return (3*plen); + return (plen); + memcpy(dat, EVP_X_STATE(cc->evp), plen); } - - /* Generic EVP */ - plen = EVP_X_STATE_LEN(cc->evp); - if (dat == NULL) - return (plen); - - memcpy(dat, EVP_X_STATE(cc->evp), plen); return (plen); } @@ -702,16 +706,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat) Cipher *c = cc->cipher; int plen; - if (c->number == SSH_CIPHER_3DES) { - struct ssh1_3des_ctx *desc; - desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); - if (desc == NULL) - fatal("%s: no 3des context", __FUNCTION__); - plen = EVP_X_STATE_LEN(desc->k1); - memcpy(EVP_X_STATE(desc->k1), dat, plen); - memcpy(EVP_X_STATE(desc->k2), dat + plen, plen); - memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen); - } else { + if (c->evptype == EVP_rc4) { plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } diff --git a/openssh/configure.ac b/openssh/configure.ac index 34ed811..2884f9d 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -85,6 +85,7 @@ case "$host" in AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(NO_X11_UNIX_SOCKETS) + AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) @@ -230,13 +231,11 @@ mips-sony-bsd|mips-sony-newsos4) *-*-sysv4.2*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" -# enable_suid_ssh=no AC_DEFINE(USE_PIPES) ;; *-*-sysv5*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" -# enable_suid_ssh=no AC_DEFINE(USE_PIPES) ;; *-*-sysv*) @@ -672,10 +671,10 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ - setenv seteuid setlogin setproctitle setresgid setreuid setrlimit \ - setsid setvbuf sigaction sigvec snprintf socketpair strerror \ - strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate utimes \ - vhangup vsnprintf waitpid __b64_ntop _getpty) + setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ + setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ + socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ + truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ @@ -723,11 +722,6 @@ dnl Checks for utmpx functions AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) -AC_CHECK_FUNC(getuserattr, - [AC_DEFINE(HAVE_GETUSERATTR)], - [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])] -) - AC_CHECK_FUNC(daemon, [AC_DEFINE(HAVE_DAEMON)], [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] @@ -2236,25 +2230,6 @@ AC_ARG_WITH(bsd-auth, ] ) -AC_MSG_CHECKING(whether to install ssh as suid root) -AC_ARG_ENABLE(suid-ssh, -[ --enable-suid-ssh Install ssh as suid root (default) - --disable-suid-ssh Install ssh without suid bit], -[ case "$enableval" in - no) - AC_MSG_RESULT(no) - SSHMODE=0711 - ;; - *) AC_MSG_RESULT(yes) - SSHMODE=4711 - ;; - esac ], - AC_MSG_RESULT(yes) - SSHMODE=4711 -) -AC_SUBST(SSHMODE) - - # Where to place sshd.pid piddir=/var/run # make sure the directory exists diff --git a/openssh/defines.h b/openssh/defines.h index dfb89b2..f7adb34 100644 --- a/openssh/defines.h +++ b/openssh/defines.h @@ -465,10 +465,10 @@ struct winsize { # define OPENSSL_free(x) Free(x) #endif -#if defined(HAVE___func__) -# define __FUNCTION__ __func__ -#elif !defined(HAVE___FUNCTION__) -# define __FUNCTION__ "" +#if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) +# define __func__ __FUNCTION__ +#elif !defined(HAVE___func__) +# define __func__ "" #endif /* diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c index 5409a16..710edf5 100644 --- a/openssh/gss-serv.c +++ b/openssh/gss-serv.c @@ -74,6 +74,18 @@ static char *delegation_env[] = { NULL }; +Authmethod method_external = { + "external-keyx", + userauth_external, + &options.gss_authentication +}; + +Authmethod method_gssapi = { + "gssapi", + userauth_gssapi, + &options.gss_authentication +}; + #ifdef KRB5 #ifdef HEIMDAL diff --git a/openssh/kex.h b/openssh/kex.h index 2bd86ad..904dea8 100644 --- a/openssh/kex.h +++ b/openssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.30 2002/03/18 17:50:31 provos Exp $ */ +/* $OpenBSD: kex.h,v 1.31 2002/05/16 22:02:50 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -80,7 +80,7 @@ struct Enc { struct Mac { char *name; int enabled; - EVP_MD *md; + const EVP_MD *md; int mac_len; u_char *key; int key_len; diff --git a/openssh/key.c b/openssh/key.c index 077c517..a456d80 100644 --- a/openssh/key.c +++ b/openssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.43 2002/03/19 10:49:35 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $"); #include @@ -781,6 +781,10 @@ key_sign( } } +/* + * key_verify returns 1 for a correct signature, 0 for an incorrect signature + * and -1 on error. + */ int key_verify( Key *key, diff --git a/openssh/monitor.c b/openssh/monitor.c index 1e23d91..39b6248 100644 --- a/openssh/monitor.c +++ b/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $"); #include @@ -83,6 +83,8 @@ struct { u_int ivinlen; u_char *ivout; u_int ivoutlen; + u_char *ssh1key; + u_int ssh1keylen; int ssh1cipher; int ssh1protoflags; u_char *input; @@ -128,6 +130,8 @@ static int key_blobtype = MM_NOKEY; static u_char *hostbased_cuser = NULL; static u_char *hostbased_chost = NULL; static char *auth_method = "unknown"; +static int session_id2_len = 0; +static u_char *session_id2 = NULL; struct mon_table { enum monitor_reqtype type; @@ -267,7 +271,7 @@ monitor_child_preauth(struct monitor *pmonitor) if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", - __FUNCTION__, ent->type); + __func__, ent->type); if (authctxt->pw->pw_uid == 0 && !auth_root_allowed(auth_method)) authenticated = 0; @@ -286,10 +290,10 @@ monitor_child_preauth(struct monitor *pmonitor) } if (!authctxt->valid) - fatal("%s: authenticated invalid user", __FUNCTION__); + fatal("%s: authenticated invalid user", __func__); debug("%s: %s has been authenticated by privileged process", - __FUNCTION__, authctxt->user); + __func__, authctxt->user); mm_get_keystate(pmonitor); @@ -323,8 +327,10 @@ monitor_child_postauth(struct monitor *pmonitor) void monitor_sync(struct monitor *pmonitor) { - /* The member allocation is not visible, so sync it */ - mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); + if (options.compression) { + /* The member allocation is not visible, so sync it */ + mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); + } } int @@ -340,7 +346,7 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, mm_request_receive(pmonitor->m_sendfd, &m); type = buffer_get_char(&m); - debug3("%s: checking request %d", __FUNCTION__, type); + debug3("%s: checking request %d", __func__, type); while (ent->f != NULL) { if (ent->type == type) @@ -350,14 +356,14 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, if (ent->f != NULL) { if (!(ent->flags & MON_PERMIT)) - fatal("%s: unpermitted request %d", __FUNCTION__, + fatal("%s: unpermitted request %d", __func__, type); ret = (*ent->f)(pmonitor->m_sendfd, &m); buffer_free(&m); /* The child may use this request only once, disable it */ if (ent->flags & MON_ONCE) { - debug2("%s: %d used once, disabling now", __FUNCTION__, + debug2("%s: %d used once, disabling now", __func__, type); ent->flags &= ~MON_PERMIT; } @@ -368,7 +374,7 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, return ret; } - fatal("%s: unsupported request: %d", __FUNCTION__, type); + fatal("%s: unsupported request: %d", __func__, type); /* NOTREACHED */ return (-1); @@ -413,11 +419,11 @@ mm_answer_moduli(int socket, Buffer *m) max = buffer_get_int(m); debug3("%s: got parameters: %d %d %d", - __FUNCTION__, min, want, max); + __func__, min, want, max); /* We need to check here, too, in case the child got corrupted */ if (max < min || want < min || max < want) fatal("%s: bad parameters: %d %d %d", - __FUNCTION__, min, want, max); + __func__, min, want, max); buffer_clear(m); @@ -446,20 +452,27 @@ mm_answer_sign(int socket, Buffer *m) u_int siglen, datlen; int keyid; - debug3("%s", __FUNCTION__); + debug3("%s", __func__); keyid = buffer_get_int(m); p = buffer_get_string(m, &datlen); if (datlen != 20) - fatal("%s: data length incorrect: %d", __FUNCTION__, datlen); + fatal("%s: data length incorrect: %d", __func__, datlen); + + /* save session id, it will be passed on the first call */ + if (session_id2_len == 0) { + session_id2_len = datlen; + session_id2 = xmalloc(session_id2_len); + memcpy(session_id2, p, session_id2_len); + } if ((key = get_hostkey_by_index(keyid)) == NULL) - fatal("%s: no hostkey from index %d", __FUNCTION__, keyid); + fatal("%s: no hostkey from index %d", __func__, keyid); if (key_sign(key, &signature, &siglen, p, datlen) < 0) - fatal("%s: key_sign failed", __FUNCTION__); + fatal("%s: key_sign failed", __func__); - debug3("%s: signature %p(%d)", __FUNCTION__, signature, siglen); + debug3("%s: signature %p(%d)", __func__, signature, siglen); buffer_clear(m); buffer_put_string(m, signature, siglen); @@ -484,10 +497,10 @@ mm_answer_pwnamallow(int socket, Buffer *m) struct passwd *pwent; int allowed = 0; - debug3("%s", __FUNCTION__); + debug3("%s", __func__); if (authctxt->attempt++ != 0) - fatal("%s: multiple attempts for getpwnam", __FUNCTION__); + fatal("%s: multiple attempts for getpwnam", __func__); login = buffer_get_string(m, NULL); @@ -520,7 +533,7 @@ mm_answer_pwnamallow(int socket, Buffer *m) buffer_put_cstring(m, pwent->pw_shell); out: - debug3("%s: sending MONITOR_ANS_PWNAM: %d", __FUNCTION__, allowed); + debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(socket, MONITOR_ANS_PWNAM, m); /* For SSHv1 allow authentication now */ @@ -562,7 +575,7 @@ mm_answer_authserv(int socket, Buffer *m) authctxt->service = buffer_get_string(m, NULL); authctxt->style = buffer_get_string(m, NULL); debug3("%s: service=%s, style=%s", - __FUNCTION__, authctxt->service, authctxt->style); + __func__, authctxt->service, authctxt->style); if (strlen(authctxt->style) == 0) { xfree(authctxt->style); @@ -581,14 +594,15 @@ mm_answer_authpassword(int socket, Buffer *m) passwd = buffer_get_string(m, &plen); /* Only authenticate if the context is valid */ - authenticated = authctxt->valid && auth_password(authctxt, passwd); + authenticated = options.password_authentication && + authctxt->valid && auth_password(authctxt, passwd); memset(passwd, 0, strlen(passwd)); xfree(passwd); buffer_clear(m); buffer_put_int(m, authenticated); - debug3("%s: sending result %d", __FUNCTION__, authenticated); + debug3("%s: sending result %d", __func__, authenticated); mm_request_send(socket, MONITOR_ANS_AUTHPASSWORD, m); call_count++; @@ -619,7 +633,7 @@ mm_answer_bsdauthquery(int socket, Buffer *m) if (res != -1) buffer_put_cstring(m, prompts[0]); - debug3("%s: sending challenge res: %d", __FUNCTION__, res); + debug3("%s: sending challenge res: %d", __func__, res); mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); if (res != -1) { @@ -639,18 +653,19 @@ mm_answer_bsdauthrespond(int socket, Buffer *m) int authok; if (authctxt->as == 0) - fatal("%s: no bsd auth session", __FUNCTION__); + fatal("%s: no bsd auth session", __func__); response = buffer_get_string(m, NULL); - authok = auth_userresponse(authctxt->as, response, 0); + authok = options.challenge_response_authentication && + auth_userresponse(authctxt->as, response, 0); authctxt->as = NULL; - debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok); + debug3("%s: <%s> = <%d>", __func__, response, authok); xfree(response); buffer_clear(m); buffer_put_int(m, authok); - debug3("%s: sending authenticated: %d", __FUNCTION__, authok); + debug3("%s: sending authenticated: %d", __func__, authok); mm_request_send(socket, MONITOR_ANS_BSDAUTHRESPOND, m); auth_method = "bsdauth"; @@ -674,7 +689,7 @@ mm_answer_skeyquery(int socket, Buffer *m) if (res != -1) buffer_put_cstring(m, challenge); - debug3("%s: sending challenge res: %d", __FUNCTION__, res); + debug3("%s: sending challenge res: %d", __func__, res); mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); return (0); @@ -688,7 +703,8 @@ mm_answer_skeyrespond(int socket, Buffer *m) response = buffer_get_string(m, NULL); - authok = (authctxt->valid && + authok = (options.challenge_response_authentication && + authctxt->valid && skey_haskey(authctxt->pw->pw_name) == 0 && skey_passcheck(authctxt->pw->pw_name, response) != -1); @@ -697,7 +713,7 @@ mm_answer_skeyrespond(int socket, Buffer *m) buffer_clear(m); buffer_put_int(m, authok); - debug3("%s: sending authenticated: %d", __FUNCTION__, authok); + debug3("%s: sending authenticated: %d", __func__, authok); mm_request_send(socket, MONITOR_ANS_SKEYRESPOND, m); auth_method = "skey"; @@ -726,7 +742,7 @@ static void mm_append_debug(Buffer *m) { if (auth_debug_init && buffer_len(&auth_debug)) { - debug3("%s: Appending debug messages for child", __FUNCTION__); + debug3("%s: Appending debug messages for child", __func__); buffer_append(m, buffer_ptr(&auth_debug), buffer_len(&auth_debug)); buffer_clear(&auth_debug); @@ -742,7 +758,7 @@ mm_answer_keyallowed(int socket, Buffer *m) enum mm_keytype type = 0; int allowed = 0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); type = buffer_get_int(m); cuser = buffer_get_string(m, NULL); @@ -753,26 +769,29 @@ mm_answer_keyallowed(int socket, Buffer *m) if ((compat20 && type == MM_RSAHOSTKEY) || (!compat20 && type != MM_RSAHOSTKEY)) - fatal("%s: key type and protocol mismatch", __FUNCTION__); + fatal("%s: key type and protocol mismatch", __func__); - debug3("%s: key_from_blob: %p", __FUNCTION__, key); + debug3("%s: key_from_blob: %p", __func__, key); if (key != NULL && authctxt->pw != NULL) { switch(type) { case MM_USERKEY: - allowed = user_key_allowed(authctxt->pw, key); + allowed = options.pubkey_authentication && + user_key_allowed(authctxt->pw, key); break; case MM_HOSTKEY: - allowed = hostbased_key_allowed(authctxt->pw, + allowed = options.hostbased_authentication && + hostbased_key_allowed(authctxt->pw, cuser, chost, key); break; case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ - allowed = auth_rhosts_rsa_key_allowed(authctxt->pw, + allowed = options.rhosts_rsa_authentication && + auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); break; default: - fatal("%s: unknown key type %d", __FUNCTION__, type); + fatal("%s: unknown key type %d", __func__, type); break; } key_free(key); @@ -791,7 +810,7 @@ mm_answer_keyallowed(int socket, Buffer *m) } debug3("%s: key %p is %s", - __FUNCTION__, key, allowed ? "allowed" : "disallowed"); + __func__, key, allowed ? "allowed" : "disallowed"); buffer_clear(m); buffer_put_int(m, allowed); @@ -813,17 +832,25 @@ monitor_valid_userblob(u_char *data, u_int datalen) u_char *p; u_int len; int fail = 0; - int session_id2_len = 20 /*XXX should get from [net] */; buffer_init(&b); buffer_append(&b, data, datalen); if (datafellows & SSH_OLD_SESSIONID) { + p = buffer_ptr(&b); + len = buffer_len(&b); + if ((session_id2 == NULL) || + (len < session_id2_len) || + (memcmp(p, session_id2, session_id2_len) != 0)) + fail++; buffer_consume(&b, session_id2_len); } else { - xfree(buffer_get_string(&b, &len)); - if (len != session_id2_len) + p = buffer_get_string(&b, &len); + if ((session_id2 == NULL) || + (len != session_id2_len) || + (memcmp(p, session_id2, session_id2_len) != 0)) fail++; + xfree(p); } if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; @@ -862,14 +889,17 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser, u_char *p; u_int len; int fail = 0; - int session_id2_len = 20 /*XXX should get from [net] */; buffer_init(&b); buffer_append(&b, data, datalen); - xfree(buffer_get_string(&b, &len)); - if (len != session_id2_len) + p = buffer_get_string(&b, &len); + if ((session_id2 == NULL) || + (len != session_id2_len) || + (memcmp(p, session_id2, session_id2_len) != 0)) fail++; + xfree(p); + if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; p = buffer_get_string(&b, NULL); @@ -922,11 +952,11 @@ mm_answer_keyverify(int socket, Buffer *m) if (hostbased_cuser == NULL || hostbased_chost == NULL || !monitor_allowed_key(blob, bloblen)) - fatal("%s: bad key, not previously allowed", __FUNCTION__); + fatal("%s: bad key, not previously allowed", __func__); key = key_from_blob(blob, bloblen); if (key == NULL) - fatal("%s: bad public key blob", __FUNCTION__); + fatal("%s: bad public key blob", __func__); switch (key_blobtype) { case MM_USERKEY: @@ -941,11 +971,11 @@ mm_answer_keyverify(int socket, Buffer *m) break; } if (!valid_data) - fatal("%s: bad signature data blob", __FUNCTION__); + fatal("%s: bad signature data blob", __func__); verified = key_verify(key, signature, signaturelen, data, datalen); debug3("%s: key %p signature %s", - __FUNCTION__, key, verified ? "verified" : "unverified"); + __func__, key, verified ? "verified" : "unverified"); key_free(key); xfree(blob); @@ -958,7 +988,7 @@ mm_answer_keyverify(int socket, Buffer *m) buffer_put_int(m, verified); mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); - auth_method = "publickey"; + auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; return (verified); } @@ -991,9 +1021,9 @@ mm_record_login(Session *s, struct passwd *pw) static void mm_session_close(Session *s) { - debug3("%s: session %d pid %d", __FUNCTION__, s->self, s->pid); + debug3("%s: session %d pid %d", __func__, s->self, s->pid); if (s->ttyfd != -1) { - debug3("%s: tty %s ptyfd %d", __FUNCTION__, s->tty, s->ptyfd); + debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); fatal_remove_cleanup(session_pty_cleanup2, (void *)s); session_pty_cleanup2(s); } @@ -1007,7 +1037,7 @@ mm_answer_pty(int socket, Buffer *m) Session *s; int res, fd0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_clear(m); s = session_new(); @@ -1031,7 +1061,7 @@ mm_answer_pty(int socket, Buffer *m) /* We need to trick ttyslot */ if (dup2(s->ttyfd, 0) == -1) - fatal("%s: dup2", __FUNCTION__); + fatal("%s: dup2", __func__); mm_record_login(s, authctxt->pw); @@ -1040,9 +1070,9 @@ mm_answer_pty(int socket, Buffer *m) /* make sure nothing uses fd 0 */ if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) - fatal("%s: open(/dev/null): %s", __FUNCTION__, strerror(errno)); + fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); if (fd0 != 0) - error("%s: fd0 %d != 0", __FUNCTION__, fd0); + error("%s: fd0 %d != 0", __func__, fd0); /* slave is not needed */ close(s->ttyfd); @@ -1050,7 +1080,7 @@ mm_answer_pty(int socket, Buffer *m) /* no need to dup() because nobody closes ptyfd */ s->ptymaster = s->ptyfd; - debug3("%s: tty %s ptyfd %d", __FUNCTION__, s->tty, s->ttyfd); + debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); return (0); @@ -1068,7 +1098,7 @@ mm_answer_pty_cleanup(int socket, Buffer *m) Session *s; char *tty; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); tty = buffer_get_string(m, NULL); if ((s = session_by_tty(tty)) != NULL) @@ -1088,7 +1118,7 @@ mm_answer_sesskey(int socket, Buffer *m) monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); if ((p = BN_new()) == NULL) - fatal("%s: BN_new", __FUNCTION__); + fatal("%s: BN_new", __func__); buffer_get_bignum2(m, p); @@ -1113,10 +1143,10 @@ mm_answer_sessid(int socket, Buffer *m) { int i; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); if (buffer_len(m) != 16) - fatal("%s: bad ssh1 session id", __FUNCTION__); + fatal("%s: bad ssh1 session id", __func__); for (i = 0; i < 16; i++) session_id[i] = buffer_get_char(m); @@ -1135,11 +1165,11 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) u_int blen = 0; int allowed = 0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); - if (authctxt->valid) { + if (options.rsa_authentication && authctxt->valid) { if ((client_n = BN_new()) == NULL) - fatal("%s: BN_new", __FUNCTION__); + fatal("%s: BN_new", __func__); buffer_get_bignum2(m, client_n); allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); BN_clear_free(client_n); @@ -1153,7 +1183,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) if (allowed && key != NULL) { key->type = KEY_RSA; /* cheat for key_to_blob */ if (key_to_blob(key, &blob, &blen) == 0) - fatal("%s: key_to_blob failed", __FUNCTION__); + fatal("%s: key_to_blob failed", __func__); buffer_put_string(m, blob, blen); /* Save temporarily for comparison in verify */ @@ -1179,17 +1209,17 @@ mm_answer_rsa_challenge(int socket, Buffer *m) u_char *blob; u_int blen; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); if (!authctxt->valid) - fatal("%s: authctxt not valid", __FUNCTION__); + fatal("%s: authctxt not valid", __func__); blob = buffer_get_string(m, &blen); if (!monitor_allowed_key(blob, blen)) - fatal("%s: bad key, not previously allowed", __FUNCTION__); + fatal("%s: bad key, not previously allowed", __func__); if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) - fatal("%s: key type mismatch", __FUNCTION__); + fatal("%s: key type mismatch", __func__); if ((key = key_from_blob(blob, blen)) == NULL) - fatal("%s: received bad key", __FUNCTION__); + fatal("%s: received bad key", __func__); if (ssh1_challenge) BN_clear_free(ssh1_challenge); @@ -1198,7 +1228,7 @@ mm_answer_rsa_challenge(int socket, Buffer *m) buffer_clear(m); buffer_put_bignum2(m, ssh1_challenge); - debug3("%s sending reply", __FUNCTION__); + debug3("%s sending reply", __func__); mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); @@ -1213,23 +1243,23 @@ mm_answer_rsa_response(int socket, Buffer *m) u_int blen, len; int success; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); if (!authctxt->valid) - fatal("%s: authctxt not valid", __FUNCTION__); + fatal("%s: authctxt not valid", __func__); if (ssh1_challenge == NULL) - fatal("%s: no ssh1_challenge", __FUNCTION__); + fatal("%s: no ssh1_challenge", __func__); blob = buffer_get_string(m, &blen); if (!monitor_allowed_key(blob, blen)) - fatal("%s: bad key, not previously allowed", __FUNCTION__); + fatal("%s: bad key, not previously allowed", __func__); if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) - fatal("%s: key type mismatch: %d", __FUNCTION__, key_blobtype); + fatal("%s: key type mismatch: %d", __func__, key_blobtype); if ((key = key_from_blob(blob, blen)) == NULL) - fatal("%s: received bad key", __FUNCTION__); + fatal("%s: received bad key", __func__); response = buffer_get_string(m, &len); if (len != 16) - fatal("%s: received bad response to challenge", __FUNCTION__); + fatal("%s: received bad response to challenge", __func__); success = auth_rsa_verify_response(key, ssh1_challenge, response); key_free(key); @@ -1255,7 +1285,7 @@ mm_answer_term(int socket, Buffer *req) extern struct monitor *pmonitor; int res, status; - debug3("%s: tearing down sessions", __FUNCTION__); + debug3("%s: tearing down sessions", __func__); /* The child is terminating */ session_destroy_all(&mm_session_close); @@ -1277,14 +1307,13 @@ monitor_apply_keystate(struct monitor *pmonitor) set_newkeys(MODE_IN); set_newkeys(MODE_OUT); } else { - u_char key[SSH_SESSION_KEY_LENGTH]; - - memset(key, 'a', sizeof(key)); packet_set_protocol_flags(child_state.ssh1protoflags); - packet_set_encryption_key(key, SSH_SESSION_KEY_LENGTH, - child_state.ssh1cipher); + packet_set_encryption_key(child_state.ssh1key, + child_state.ssh1keylen, child_state.ssh1cipher); + xfree(child_state.ssh1key); } + /* for rc4 and other stateful ciphers */ packet_set_keycontext(MODE_OUT, child_state.keyout); xfree(child_state.keyout); packet_set_keycontext(MODE_IN, child_state.keyin); @@ -1303,7 +1332,8 @@ monitor_apply_keystate(struct monitor *pmonitor) sizeof(outgoing_stream)); /* Update with new address */ - mm_init_compression(pmonitor->m_zlib); + if (options.compression) + mm_init_compression(pmonitor->m_zlib); /* Network I/O buffers */ /* XXX inefficient for large buffers, need: buffer_init_from_string */ @@ -1328,6 +1358,10 @@ mm_get_kex(Buffer *m) kex = xmalloc(sizeof(*kex)); memset(kex, 0, sizeof(*kex)); kex->session_id = buffer_get_string(m, &kex->session_id_len); + if ((session_id2 == NULL) || + (kex->session_id_len != session_id2_len) || + (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) + fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); kex->server = 1; kex->hostkey_type = buffer_get_int(m); @@ -1359,13 +1393,15 @@ mm_get_keystate(struct monitor *pmonitor) u_char *blob, *p; u_int bloblen, plen; - debug3("%s: Waiting for new keys", __FUNCTION__); + debug3("%s: Waiting for new keys", __func__); buffer_init(&m); mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); if (!compat20) { child_state.ssh1protoflags = buffer_get_int(&m); child_state.ssh1cipher = buffer_get_int(&m); + child_state.ssh1key = buffer_get_string(&m, + &child_state.ssh1keylen); child_state.ivout = buffer_get_string(&m, &child_state.ivoutlen); child_state.ivin = buffer_get_string(&m, &child_state.ivinlen); @@ -1379,7 +1415,7 @@ mm_get_keystate(struct monitor *pmonitor) current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); xfree(blob); - debug3("%s: Waiting for second key", __FUNCTION__); + debug3("%s: Waiting for second key", __func__); blob = buffer_get_string(&m, &bloblen); current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); xfree(blob); @@ -1393,22 +1429,22 @@ mm_get_keystate(struct monitor *pmonitor) child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen); child_state.keyin = buffer_get_string(&m, &child_state.keyinlen); - debug3("%s: Getting compression state", __FUNCTION__); + debug3("%s: Getting compression state", __func__); /* Get compression state */ p = buffer_get_string(&m, &plen); if (plen != sizeof(child_state.outgoing)) - fatal("%s: bad request size", __FUNCTION__); + fatal("%s: bad request size", __func__); memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); xfree(p); p = buffer_get_string(&m, &plen); if (plen != sizeof(child_state.incoming)) - fatal("%s: bad request size", __FUNCTION__); + fatal("%s: bad request size", __func__); memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); xfree(p); /* Network I/O buffers */ - debug3("%s: Getting Network I/O buffers", __FUNCTION__); + debug3("%s: Getting Network I/O buffers", __func__); child_state.input = buffer_get_string(&m, &child_state.ilen); child_state.output = buffer_get_string(&m, &child_state.olen); @@ -1457,10 +1493,10 @@ monitor_socketpair(int *pair) { #ifdef HAVE_SOCKETPAIR if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) - fatal("%s: socketpair", __FUNCTION__); + fatal("%s: socketpair", __func__); #else fatal("%s: UsePrivilegeSeparation=yes not supported", - __FUNCTION__); + __func__); #endif FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); @@ -1482,11 +1518,13 @@ monitor_init(void) mon->m_sendfd = pair[1]; /* Used to share zlib space across processes */ - mon->m_zback = mm_create(NULL, MM_MEMSIZE); - mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); + if (options.compression) { + mon->m_zback = mm_create(NULL, MM_MEMSIZE); + mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); - /* Compression needs to share state across borders */ - mm_init_compression(mon->m_zlib); + /* Compression needs to share state across borders */ + mm_init_compression(mon->m_zlib); + } return mon; } diff --git a/openssh/monitor.h b/openssh/monitor.h index b5db999..69114b5 100644 --- a/openssh/monitor.h +++ b/openssh/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.4 2002/05/12 23:53:45 djm Exp $ */ +/* $OpenBSD: monitor.h,v 1.6 2002/06/11 05:46:20 mpech Exp $ */ /* * Copyright 2002 Niels Provos @@ -50,7 +50,7 @@ enum monitor_reqtype { MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, MONITOR_REQ_PAM_START, - MONITOR_REQ_TERM, + MONITOR_REQ_TERM }; struct mm_master; @@ -60,7 +60,7 @@ struct monitor { struct mm_master *m_zback; struct mm_master *m_zlib; struct Kex **m_pkex; - int m_pid; + pid_t m_pid; }; struct monitor *monitor_init(void); diff --git a/openssh/monitor_fdpass.c b/openssh/monitor_fdpass.c index 5401ea4..0d7628f 100644 --- a/openssh/monitor_fdpass.c +++ b/openssh/monitor_fdpass.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_fdpass.c,v 1.2 2002/03/24 17:53:16 stevesk Exp $"); +RCSID("$OpenBSD: monitor_fdpass.c,v 1.3 2002/06/04 23:05:49 markus Exp $"); #include @@ -64,14 +64,14 @@ mm_send_fd(int socket, int fd) msg.msg_iovlen = 1; if ((n = sendmsg(socket, &msg, 0)) == -1) - fatal("%s: sendmsg(%d): %s", __FUNCTION__, fd, + fatal("%s: sendmsg(%d): %s", __func__, fd, strerror(errno)); if (n != 1) fatal("%s: sendmsg: expected sent 1 got %d", - __FUNCTION__, n); + __func__, n); #else fatal("%s: UsePrivilegeSeparation=yes not supported", - __FUNCTION__); + __func__); #endif } @@ -102,24 +102,24 @@ mm_receive_fd(int socket) #endif if ((n = recvmsg(socket, &msg, 0)) == -1) - fatal("%s: recvmsg: %s", __FUNCTION__, strerror(errno)); + fatal("%s: recvmsg: %s", __func__, strerror(errno)); if (n != 1) fatal("%s: recvmsg: expected received 1 got %d", - __FUNCTION__, n); + __func__, n); #ifdef HAVE_ACCRIGHTS_IN_MSGHDR if (msg.msg_accrightslen != sizeof(fd)) - fatal("%s: no fd", __FUNCTION__); + fatal("%s: no fd", __func__); #else cmsg = CMSG_FIRSTHDR(&msg); if (cmsg->cmsg_type != SCM_RIGHTS) - fatal("%s: expected type %d got %d", __FUNCTION__, + fatal("%s: expected type %d got %d", __func__, SCM_RIGHTS, cmsg->cmsg_type); fd = (*(int *)CMSG_DATA(cmsg)); #endif return fd; #else fatal("%s: UsePrivilegeSeparation=yes not supported", - __FUNCTION__); + __func__); #endif } diff --git a/openssh/monitor_mm.c b/openssh/monitor_mm.c index 993925e..0076c42 100644 --- a/openssh/monitor_mm.c +++ b/openssh/monitor_mm.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_mm.c,v 1.4 2002/03/25 20:12:10 stevesk Exp $"); +RCSID("$OpenBSD: monitor_mm.c,v 1.6 2002/06/04 23:05:49 markus Exp $"); #ifdef HAVE_SYS_MMAN_H #include @@ -88,10 +88,10 @@ mm_create(struct mm_master *mmalloc, size_t size) address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); if (address == MAP_FAILED) - fatal("mmap(%lu)", (u_long)size); + fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); #else fatal("%s: UsePrivilegeSeparation=yes not supported", - __FUNCTION__); + __func__); #endif mm->address = address; @@ -132,10 +132,11 @@ mm_destroy(struct mm_master *mm) #ifdef HAVE_MMAP if (munmap(mm->address, mm->size) == -1) - fatal("munmap(%p, %lu)", mm->address, (u_long)mm->size); + fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, + strerror(errno)); #else fatal("%s: UsePrivilegeSeparation=yes not supported", - __FUNCTION__); + __func__); #endif if (mm->mmalloc == NULL) xfree(mm); @@ -150,7 +151,7 @@ mm_xmalloc(struct mm_master *mm, size_t size) address = mm_malloc(mm, size); if (address == NULL) - fatal("%s: mm_malloc(%lu)", __FUNCTION__, (u_long)size); + fatal("%s: mm_malloc(%lu)", __func__, (u_long)size); return (address); } @@ -299,7 +300,7 @@ mm_share_sync(struct mm_master **pmm, struct mm_master **pmmalloc) struct mm_master *mmold; struct mmtree rb_free, rb_allocated; - debug3("%s: Share sync", __FUNCTION__); + debug3("%s: Share sync", __func__); mm = *pmm; mmold = mm->mmalloc; @@ -324,7 +325,7 @@ mm_share_sync(struct mm_master **pmm, struct mm_master **pmmalloc) *pmm = mm; *pmmalloc = mmalloc; - debug3("%s: Share sync end", __FUNCTION__); + debug3("%s: Share sync end", __func__); } void diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c index c5e3fb9..f7e332d 100644 --- a/openssh/monitor_wrap.c +++ b/openssh/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $"); #include #include @@ -65,14 +65,14 @@ mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) u_char buf[5]; u_int mlen = buffer_len(m); - debug3("%s entering: type %d", __FUNCTION__, type); + debug3("%s entering: type %d", __func__, type); PUT_32BIT(buf, mlen + 1); - buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ + buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf)) - fatal("%s: write", __FUNCTION__); + fatal("%s: write", __func__); if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen) - fatal("%s: write", __FUNCTION__); + fatal("%s: write", __func__); } void @@ -82,22 +82,22 @@ mm_request_receive(int socket, Buffer *m) ssize_t res; u_int msg_len; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); res = atomicio(read, socket, buf, sizeof(buf)); if (res != sizeof(buf)) { if (res == 0) fatal_cleanup(); - fatal("%s: read: %ld", __FUNCTION__, (long)res); + fatal("%s: read: %ld", __func__, (long)res); } msg_len = GET_32BIT(buf); if (msg_len > 256 * 1024) - fatal("%s: read: bad msg_len %d", __FUNCTION__, msg_len); + fatal("%s: read: bad msg_len %d", __func__, msg_len); buffer_clear(m); buffer_append_space(m, msg_len); res = atomicio(read, socket, buffer_ptr(m), msg_len); if (res != msg_len) - fatal("%s: read: %ld != msg_len", __FUNCTION__, (long)res); + fatal("%s: read: %ld != msg_len", __func__, (long)res); } void @@ -105,12 +105,12 @@ mm_request_receive_expect(int socket, enum monitor_reqtype type, Buffer *m) { u_char rtype; - debug3("%s entering: type %d", __FUNCTION__, type); + debug3("%s entering: type %d", __func__, type); mm_request_receive(socket, m); rtype = buffer_get_char(m); if (rtype != type) - fatal("%s: read: rtype %d != type %d", __FUNCTION__, + fatal("%s: read: rtype %d != type %d", __func__, rtype, type); } @@ -128,21 +128,21 @@ mm_choose_dh(int min, int nbits, int max) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m); - debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__); + debug3("%s: waiting for MONITOR_ANS_MODULI", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m); success = buffer_get_char(&m); if (success == 0) - fatal("%s: MONITOR_ANS_MODULI failed", __FUNCTION__); + fatal("%s: MONITOR_ANS_MODULI failed", __func__); if ((p = BN_new()) == NULL) - fatal("%s: BN_new failed", __FUNCTION__); + fatal("%s: BN_new failed", __func__); if ((g = BN_new()) == NULL) - fatal("%s: BN_new failed", __FUNCTION__); + fatal("%s: BN_new failed", __func__); buffer_get_bignum2(&m, p); buffer_get_bignum2(&m, g); - debug3("%s: remaining %d", __FUNCTION__, buffer_len(&m)); + debug3("%s: remaining %d", __func__, buffer_len(&m)); buffer_free(&m); return (dh_new_group(g, p)); @@ -154,7 +154,7 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) Kex *kex = *pmonitor->m_pkex; Buffer m; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); buffer_put_int(&m, kex->host_key_index(key)); @@ -162,7 +162,7 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); - debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__); + debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); *sigp = buffer_get_string(&m, lenp); buffer_free(&m); @@ -177,14 +177,14 @@ mm_getpwnamallow(const char *login) struct passwd *pw; u_int pwlen; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); buffer_put_cstring(&m, login); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m); - debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__); + debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m); if (buffer_get_char(&m) == 0) { @@ -193,7 +193,7 @@ mm_getpwnamallow(const char *login) } pw = buffer_get_string(&m, &pwlen); if (pwlen != sizeof(struct passwd)) - fatal("%s: struct passwd size mismatch", __FUNCTION__); + fatal("%s: struct passwd size mismatch", __func__); pw->pw_name = buffer_get_string(&m, NULL); pw->pw_passwd = buffer_get_string(&m, NULL); pw->pw_gecos = buffer_get_string(&m, NULL); @@ -212,7 +212,7 @@ char* mm_auth2_read_banner(void) Buffer m; char *banner; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); @@ -221,7 +221,7 @@ char* mm_auth2_read_banner(void) mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); banner = buffer_get_string(&m, NULL); buffer_free(&m); - + return (banner); } @@ -232,7 +232,7 @@ mm_inform_authserv(char *service, char *style) { Buffer m; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); buffer_put_cstring(&m, service); @@ -250,13 +250,13 @@ mm_auth_password(Authctxt *authctxt, char *password) Buffer m; int authenticated = 0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); buffer_put_cstring(&m, password); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); - debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__); + debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); authenticated = buffer_get_int(&m); @@ -264,7 +264,7 @@ mm_auth_password(Authctxt *authctxt, char *password) buffer_free(&m); debug3("%s: user %sauthenticated", - __FUNCTION__, authenticated ? "" : "not "); + __func__, authenticated ? "" : "not "); return (authenticated); } @@ -300,7 +300,7 @@ mm_send_debug(Buffer *m) while (buffer_len(m)) { msg = buffer_get_string(m, NULL); - debug3("%s: Sending debug: %s", __FUNCTION__, msg); + debug3("%s: Sending debug: %s", __func__, msg); packet_send_debug("%s", msg); xfree(msg); } @@ -314,7 +314,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) u_int len; int allowed = 0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); /* Convert the key to a blob and the pass it over */ if (!key_to_blob(key, &blob, &len)) @@ -329,7 +329,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); - debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__); + debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); allowed = buffer_get_int(&m); @@ -356,7 +356,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) u_int len; int verified = 0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); /* Convert the key to a blob and the pass it over */ if (!key_to_blob(key, &blob, &len)) @@ -370,7 +370,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); - debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__); + debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); verified = buffer_get_int(&m); @@ -391,7 +391,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) Mac *mac; Comp *comp; - debug3("%s: %p(%d)", __FUNCTION__, blob, blen); + debug3("%s: %p(%d)", __func__, blob, blen); #ifdef DEBUG_PK dump_base64(stderr, blob, blen); #endif @@ -411,21 +411,21 @@ mm_newkeys_from_blob(u_char *blob, int blen) enc->key = buffer_get_string(&b, &enc->key_len); enc->iv = buffer_get_string(&b, &len); if (len != enc->block_size) - fatal("%s: bad ivlen: expected %d != %d", __FUNCTION__, + fatal("%s: bad ivlen: expected %d != %d", __func__, enc->block_size, len); if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) - fatal("%s: bad cipher name %s or pointer %p", __FUNCTION__, + fatal("%s: bad cipher name %s or pointer %p", __func__, enc->name, enc->cipher); /* Mac structure */ mac->name = buffer_get_string(&b, NULL); if (mac->name == NULL || mac_init(mac, mac->name) == -1) - fatal("%s: can not init mac %s", __FUNCTION__, mac->name); + fatal("%s: can not init mac %s", __func__, mac->name); mac->enabled = buffer_get_int(&b); mac->key = buffer_get_string(&b, &len); if (len > mac->key_len) - fatal("%s: bad mac key lenght: %d > %d", __FUNCTION__, len, + fatal("%s: bad mac key length: %d > %d", __func__, len, mac->key_len); mac->key_len = len; @@ -452,10 +452,10 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) Comp *comp; Newkeys *newkey = newkeys[mode]; - debug3("%s: converting %p", __FUNCTION__, newkey); + debug3("%s: converting %p", __func__, newkey); if (newkey == NULL) { - error("%s: newkey == NULL", __FUNCTION__); + error("%s: newkey == NULL", __func__); return 0; } enc = &newkey->enc; @@ -520,13 +520,21 @@ mm_send_keystate(struct monitor *pmonitor) if (!compat20) { u_char iv[24]; - int ivlen; + u_char *key; + u_int ivlen, keylen; buffer_put_int(&m, packet_get_protocol_flags()); buffer_put_int(&m, packet_get_ssh1_cipher()); - debug3("%s: Sending ssh1 IV", __FUNCTION__); + debug3("%s: Sending ssh1 KEY+IV", __func__); + keylen = packet_get_encryption_key(NULL); + key = xmalloc(keylen+1); /* add 1 if keylen == 0 */ + keylen = packet_get_encryption_key(key); + buffer_put_string(&m, key, keylen); + memset(key, 0, keylen); + xfree(key); + ivlen = packet_get_keyiv_len(MODE_OUT); packet_get_keyiv(MODE_OUT, iv, ivlen); buffer_put_string(&m, iv, ivlen); @@ -540,17 +548,17 @@ mm_send_keystate(struct monitor *pmonitor) } debug3("%s: Sending new keys: %p %p", - __FUNCTION__, newkeys[MODE_OUT], newkeys[MODE_IN]); + __func__, newkeys[MODE_OUT], newkeys[MODE_IN]); /* Keys from Kex */ if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen)) - fatal("%s: conversion of newkeys failed", __FUNCTION__); + fatal("%s: conversion of newkeys failed", __func__); buffer_put_string(&m, blob, bloblen); xfree(blob); if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) - fatal("%s: conversion of newkeys failed", __FUNCTION__); + fatal("%s: conversion of newkeys failed", __func__); buffer_put_string(&m, blob, bloblen); xfree(blob); @@ -558,7 +566,7 @@ mm_send_keystate(struct monitor *pmonitor) buffer_put_int(&m, packet_get_seqnr(MODE_OUT)); buffer_put_int(&m, packet_get_seqnr(MODE_IN)); - debug3("%s: New keys have been sent", __FUNCTION__); + debug3("%s: New keys have been sent", __func__); skip: /* More key context */ plen = packet_get_keycontext(MODE_OUT, NULL); @@ -574,7 +582,7 @@ mm_send_keystate(struct monitor *pmonitor) xfree(p); /* Compression state */ - debug3("%s: Sending compression state", __FUNCTION__); + debug3("%s: Sending compression state", __func__); buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream)); buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream)); @@ -583,7 +591,7 @@ mm_send_keystate(struct monitor *pmonitor) buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output)); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m); - debug3("%s: Finished sending state", __FUNCTION__); + debug3("%s: Finished sending state", __func__); buffer_free(&m); } @@ -598,12 +606,12 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) buffer_init(&m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); - debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__); + debug3("%s: waiting for MONITOR_ANS_PTY", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m); success = buffer_get_int(&m); if (success == 0) { - debug3("%s: pty alloc failed", __FUNCTION__); + debug3("%s: pty alloc failed", __func__); buffer_free(&m); return (0); } @@ -647,7 +655,7 @@ mm_start_pam(char *user) { Buffer m; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); buffer_put_cstring(&m, user); @@ -694,8 +702,8 @@ static void mm_chall_setup(char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { - *name = xstrdup(""); - *infotxt = xstrdup(""); + *name = xstrdup(""); + *infotxt = xstrdup(""); *numprompts = 1; *prompts = xmalloc(*numprompts * sizeof(char*)); *echo_on = xmalloc(*numprompts * sizeof(u_int)); @@ -710,7 +718,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, int res; char *challenge; - debug3("%s: entering", __FUNCTION__); + debug3("%s: entering", __func__); buffer_init(&m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); @@ -719,7 +727,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, &m); res = buffer_get_int(&m); if (res == -1) { - debug3("%s: no challenge", __FUNCTION__); + debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); } @@ -731,7 +739,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); (*prompts)[0] = challenge; - debug3("%s: received challenge: %s", __FUNCTION__, challenge); + debug3("%s: received challenge: %s", __func__, challenge); return (0); } @@ -742,7 +750,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) Buffer m; int authok; - debug3("%s: entering", __FUNCTION__); + debug3("%s: entering", __func__); if (numresponses != 1) return (-1); @@ -767,7 +775,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, int len, res; char *p, *challenge; - debug3("%s: entering", __FUNCTION__); + debug3("%s: entering", __func__); buffer_init(&m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); @@ -776,7 +784,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, &m); res = buffer_get_int(&m); if (res == -1) { - debug3("%s: no challenge", __FUNCTION__); + debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); } @@ -785,7 +793,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, challenge = buffer_get_string(&m, NULL); buffer_free(&m); - debug3("%s: received challenge: %s", __FUNCTION__, challenge); + debug3("%s: received challenge: %s", __func__, challenge); mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); @@ -805,7 +813,7 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) Buffer m; int authok; - debug3("%s: entering", __FUNCTION__); + debug3("%s: entering", __func__); if (numresponses != 1) return (-1); @@ -828,7 +836,7 @@ mm_ssh1_session_id(u_char session_id[16]) Buffer m; int i; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); for (i = 0; i < 16; i++) @@ -847,7 +855,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) u_int blen; int allowed = 0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); buffer_init(&m); buffer_put_bignum2(&m, client_n); @@ -860,7 +868,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) if (allowed && rkey != NULL) { blob = buffer_get_string(&m, &blen); if ((key = key_from_blob(blob, blen)) == NULL) - fatal("%s: key_from_blob failed", __FUNCTION__); + fatal("%s: key_from_blob failed", __func__); *rkey = key; xfree(blob); } @@ -878,14 +886,14 @@ mm_auth_rsa_generate_challenge(Key *key) u_char *blob; u_int blen; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); if ((challenge = BN_new()) == NULL) - fatal("%s: BN_new failed", __FUNCTION__); + fatal("%s: BN_new failed", __func__); key->type = KEY_RSA; /* XXX cheat for key_to_blob */ if (key_to_blob(key, &blob, &blen) == 0) - fatal("%s: key_to_blob failed", __FUNCTION__); + fatal("%s: key_to_blob failed", __func__); key->type = KEY_RSA1; buffer_init(&m); @@ -909,11 +917,11 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) u_int blen; int success = 0; - debug3("%s entering", __FUNCTION__); + debug3("%s entering", __func__); key->type = KEY_RSA; /* XXX cheat for key_to_blob */ if (key_to_blob(key, &blob, &blen) == 0) - fatal("%s: key_to_blob failed", __FUNCTION__); + fatal("%s: key_to_blob failed", __func__); key->type = KEY_RSA1; buffer_init(&m); diff --git a/openssh/openbsd-compat/port-aix.c b/openssh/openbsd-compat/port-aix.c index 31697d7..ca0a88e 100644 --- a/openssh/openbsd-compat/port-aix.c +++ b/openssh/openbsd-compat/port-aix.c @@ -2,104 +2,9 @@ #ifdef _AIX -#ifdef HAVE_USERSEC_H -#include -#endif /* HAVE_USERSEC_H */ - #include #include <../xmalloc.h> -/* AIX limits */ -#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE) -# define S_UFSIZE_HARD S_UFSIZE "_hard" -# define S_UCPU_HARD S_UCPU "_hard" -# define S_UDATA_HARD S_UDATA "_hard" -# define S_USTACK_HARD S_USTACK "_hard" -# define S_URSS_HARD S_URSS "_hard" -# define S_UCORE_HARD S_UCORE "_hard" -# define S_UNOFILE_HARD S_UNOFILE "_hard" -#endif - -#if defined(HAVE_GETUSERATTR) -/* - * AIX-specific login initialisation - */ -void -set_limit(char *user, char *soft, char *hard, int resource, int mult) -{ - struct rlimit rlim; - int slim, hlim; - - getrlimit(resource, &rlim); - - slim = 0; - if (getuserattr(user, soft, &slim, SEC_INT) != -1) { - if (slim < 0) { - rlim.rlim_cur = RLIM_INFINITY; - } else if (slim != 0) { - /* See the wackiness below */ - if (rlim.rlim_cur == slim * mult) - slim = 0; - else - rlim.rlim_cur = slim * mult; - } - } - hlim = 0; - if (getuserattr(user, hard, &hlim, SEC_INT) != -1) { - if (hlim < 0) { - rlim.rlim_max = RLIM_INFINITY; - } else if (hlim != 0) { - rlim.rlim_max = hlim * mult; - } - } - - /* - * XXX For cpu and fsize the soft limit is set to the hard limit - * if the hard limit is left at its default value and the soft limit - * is changed from its default value, either by requesting it - * (slim == 0) or by setting it to the current default. At least - * that's how rlogind does it. If you're confused you're not alone. - * Bug or feature? AIX 4.3.1.2 - */ - if ((!strcmp(soft, "fsize") || !strcmp(soft, "cpu")) - && hlim == 0 && slim != 0) - rlim.rlim_max = rlim.rlim_cur; - /* A specified hard limit limits the soft limit */ - else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max) - rlim.rlim_cur = rlim.rlim_max; - /* A soft limit can increase a hard limit */ - else if (rlim.rlim_cur > rlim.rlim_max) - rlim.rlim_max = rlim.rlim_cur; - - if (setrlimit(resource, &rlim) != 0) - error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno)); -} - -void -set_limits_from_userattr(char *user) -{ - int mask; - char buf[16]; - - set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512); - set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1); - set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512); - set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512); - set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512); - set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512); -#if defined(S_UNOFILE) - set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1); -#endif - - if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) { - /* Convert decimal to octal */ - (void) snprintf(buf, sizeof(buf), "%d", mask); - if (sscanf(buf, "%o", &mask) == 1) - umask(mask); - } -} -#endif /* defined(HAVE_GETUSERATTR) */ - /* * AIX has a "usrinfo" area where logname and * other stuff is stored - a few applications diff --git a/openssh/openbsd-compat/port-aix.h b/openssh/openbsd-compat/port-aix.h index 29d2ee6..e4d14f4 100644 --- a/openssh/openbsd-compat/port-aix.h +++ b/openssh/openbsd-compat/port-aix.h @@ -1,10 +1,5 @@ #ifdef _AIX -#ifdef HAVE_GETUSERATTR -void set_limit(char *user, char *soft, char *hard, int resource, int mult); -void set_limits_from_userattr(char *user); -#endif /* HAVE_GETUSERATTR */ - void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd); #endif /* _AIX */ diff --git a/openssh/packet.c b/openssh/packet.c index c298013..62f955e 100644 --- a/openssh/packet.c +++ b/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.93 2002/03/24 16:01:13 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -60,6 +60,7 @@ RCSID("$OpenBSD: packet.c,v 1.93 2002/03/24 16:01:13 markus Exp $"); #include "log.h" #include "canohost.h" #include "misc.h" +#include "ssh.h" #ifdef PACKET_DEBUG #define DBG(x) x @@ -118,6 +119,10 @@ Newkeys *newkeys[MODE_MAX]; static u_int32_t read_seqnr = 0; static u_int32_t send_seqnr = 0; +/* Session key for protocol v1 */ +static u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; +static u_int ssh1_keylen; + /* roundup current message to extra_pad bytes */ static u_char extra_pad = 0; @@ -263,7 +268,7 @@ packet_set_seqnr(int mode, u_int32_t seqnr) else if (mode == MODE_OUT) send_seqnr = seqnr; else - fatal("%s: bad mode %d", __FUNCTION__, mode); + fatal("packet_set_seqnr: bad mode %d", mode); } /* returns 1 if connection is via ipv4 */ @@ -391,6 +396,7 @@ packet_start_compression(int level) * key is used for both sending and reception. However, both directions are * encrypted independently of each other. */ + void packet_set_encryption_key(const u_char *key, u_int keylen, int number) @@ -400,10 +406,23 @@ packet_set_encryption_key(const u_char *key, u_int keylen, fatal("packet_set_encryption_key: unknown cipher number %d", number); if (keylen < 20) fatal("packet_set_encryption_key: keylen too small: %d", keylen); + if (keylen > SSH_SESSION_KEY_LENGTH) + fatal("packet_set_encryption_key: keylen too big: %d", keylen); + memcpy(ssh1_key, key, keylen); + ssh1_keylen = keylen; cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT); cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT); } +u_int +packet_get_encryption_key(u_char *key) +{ + if (key == NULL) + return (ssh1_keylen); + memcpy(key, ssh1_key, ssh1_keylen); + return (ssh1_keylen); +} + /* Start constructing a packet to send. */ void packet_start(u_char type) diff --git a/openssh/packet.h b/openssh/packet.h index 08693ca..8c0435f 100644 --- a/openssh/packet.h +++ b/openssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.34 2002/03/18 17:16:38 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */ /* * Author: Tatu Ylonen @@ -24,6 +24,7 @@ int packet_get_connection_in(void); int packet_get_connection_out(void); void packet_close(void); void packet_set_encryption_key(const u_char *, u_int, int); +u_int packet_get_encryption_key(u_char *); void packet_set_protocol_flags(u_int); u_int packet_get_protocol_flags(void); void packet_start_compression(int); diff --git a/openssh/readconf.c b/openssh/readconf.c index 8469422..30d4332 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -41,7 +41,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $"); # that they are given in. Host *.ngs.fi ngs.fi - FallBackToRsh no + User foo Host fake.com HostName another.host.name.real.org @@ -65,7 +65,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $"); ProxyCommand ssh-proxy %h %p Host *.fr - UseRsh yes + PublicKeyAuthentication no Host *.su Cipher none @@ -79,8 +79,6 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $"); PasswordAuthentication yes RSAAuthentication yes RhostsRSAAuthentication yes - FallBackToRsh no - UseRsh no StrictHostKeyChecking yes KeepAlives no IdentityFile ~/.ssh/identity @@ -94,7 +92,7 @@ RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $"); typedef enum { oBadOption, oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, - oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, + oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, #if defined(KRB4) || defined(KRB5) oKerberosAuthentication, @@ -121,7 +119,8 @@ typedef enum { oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oDeprecated } OpCodes; /* Textual representations of the tokens. */ @@ -165,8 +164,8 @@ static struct { #ifdef AFS { "afstokenpassing", oAFSTokenPassing }, #endif - { "fallbacktorsh", oFallBackToRsh }, - { "usersh", oUseRsh }, + { "fallbacktorsh", oDeprecated }, + { "usersh", oDeprecated }, { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* alias */ { "hostname", oHostName }, @@ -405,14 +404,6 @@ parse_flag: intptr = &options->afs_token_passing; goto parse_flag; #endif - case oFallBackToRsh: - intptr = &options->fallback_to_rsh; - goto parse_flag; - - case oUseRsh: - intptr = &options->use_rsh; - goto parse_flag; - case oBatchMode: intptr = &options->batch_mode; goto parse_flag; @@ -710,6 +701,11 @@ parse_int: *intptr = value; break; + case oDeprecated: + debug("%s line %d: Deprecated option \"%s\"", + filename, linenum, keyword); + return 0; + default: fatal("process_config_line: Unimplemented opcode %d", opcode); } @@ -805,8 +801,6 @@ initialize_options(Options * options) options->kbd_interactive_devices = NULL; options->rhosts_rsa_authentication = -1; options->hostbased_authentication = -1; - options->fallback_to_rsh = -1; - options->use_rsh = -1; options->batch_mode = -1; options->check_host_ip = -1; options->strict_host_key_checking = -1; @@ -862,7 +856,7 @@ fill_default_options(Options * options) if (options->use_privileged_port == -1) options->use_privileged_port = 0; if (options->rhosts_authentication == -1) - options->rhosts_authentication = 1; + options->rhosts_authentication = 0; if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) @@ -896,13 +890,9 @@ fill_default_options(Options * options) if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 1; if (options->rhosts_rsa_authentication == -1) - options->rhosts_rsa_authentication = 1; + options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) options->hostbased_authentication = 0; - if (options->fallback_to_rsh == -1) - options->fallback_to_rsh = 0; - if (options->use_rsh == -1) - options->use_rsh = 0; if (options->batch_mode == -1) options->batch_mode = 0; if (options->check_host_ip == -1) diff --git a/openssh/readconf.h b/openssh/readconf.h index a26e20a..9301634 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.42 2002/03/04 17:27:39 stevesk Exp $ */ +/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ /* * Author: Tatu Ylonen @@ -63,8 +63,6 @@ typedef struct { * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ - int fallback_to_rsh;/* Use rsh if cannot connect with ssh. */ - int use_rsh; /* Always use rsh (don\'t try ssh). */ int batch_mode; /* Batch mode: do not ask for passwords. */ int check_host_ip; /* Also keep track of keys for IP address */ int strict_host_key_checking; /* Strict host key checking. */ diff --git a/openssh/scard/Ssh.bin b/openssh/scard/Ssh.bin deleted file mode 100644 index 86453981ac01f404c8bf1bc4b91f647112faaddd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 568 zcmX|6!Df+pY-g)QT`>yLG9Xw2WID9Wk$NTSD^+%w)dKatC&rF?(_gn+=7G*U8-jkF4&P>5Z`8&9dTa zS72RAYMdxP$-BAsk%YM>Uo9G}YsD68uV?~!ttJRv*6)V? z9`hIf^7T-oe6g8fzh(6g_xgtQ`mIGB;lOWYI860RzP|12$wzxEy15!(GK~Axd6+K5 zdi66may=VM^||euB6rF{L<0CgwE?xZ)tmrJz-iKn#~AdvKJw-AkBBSia{ps&jPP^^ z4a+pHgXRd&)SH=Sv&zAMo-uK1rflF1p-Hbu8$+y+UdCEsjBv=b;$I%`{9kp1*p9 @@ -108,6 +108,7 @@ initialize_server_options(ServerOptions *options) options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; options->use_login = -1; + options->compression = -1; options->allow_tcp_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; @@ -240,6 +241,8 @@ fill_default_server_options(ServerOptions *options) options->permit_empty_passwd = 0; if (options->use_login == -1) options->use_login = 0; + if (options->compression == -1) + options->compression = 1; if (options->allow_tcp_forwarding == -1) options->allow_tcp_forwarding = 1; if (options->gateway_ports == -1) @@ -266,9 +269,19 @@ fill_default_server_options(ServerOptions *options) if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - /* Turn privilege separation _off_ by default */ + /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = 0; + use_privsep = 1; + +#if !defined(HAVE_MMAP) || !defined(MAP_ANON) + if (use_privsep && options->compression == 1) { + error("This platform does not support both privilege " + "separation and compression"); + error("Compression disabled"); + options->compression = 0; + } +#endif + } /* Keyword tokens. */ @@ -297,7 +310,7 @@ typedef enum { sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, - sUseLogin, sAllowTcpForwarding, + sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, @@ -368,6 +381,7 @@ static struct { { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, { "uselogin", sUseLogin }, + { "compression", sCompression }, { "keepalive", sKeepAlives }, { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, @@ -744,6 +758,10 @@ parse_flag: intptr = &options->use_login; goto parse_flag; + case sCompression: + intptr = &options->compression; + goto parse_flag; + case sGatewayPorts: intptr = &options->gateway_ports; goto parse_flag; diff --git a/openssh/servconf.h b/openssh/servconf.h index 0973882..fd326fc 100644 --- a/openssh/servconf.h +++ b/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.57 2002/03/20 19:12:25 stevesk Exp $ */ +/* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */ /* * Author: Tatu Ylonen @@ -105,6 +105,7 @@ typedef struct { int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int use_login; /* If true, login(1) is used */ + int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; u_int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; diff --git a/openssh/session.c b/openssh/session.c index 0818d94..6a1d6fd 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.134 2002/03/29 18:59:31 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -115,6 +115,93 @@ char *aixloginmsg; login_cap_t *lc; #endif +/* Name and directory of socket for authentication agent forwarding. */ +static char *auth_sock_name = NULL; +static char *auth_sock_dir = NULL; + +/* removes the agent forwarding socket */ + +static void +auth_sock_cleanup_proc(void *_pw) +{ + struct passwd *pw = _pw; + + if (auth_sock_name != NULL) { + temporarily_use_uid(pw); + unlink(auth_sock_name); + rmdir(auth_sock_dir); + auth_sock_name = NULL; + restore_uid(); + } +} + +static int +auth_input_request_forwarding(struct passwd * pw) +{ + Channel *nc; + int sock; + struct sockaddr_un sunaddr; + + if (auth_sock_name != NULL) { + error("authentication forwarding requested twice."); + return 0; + } + + /* Temporarily drop privileged uid for mkdir/bind. */ + temporarily_use_uid(pw); + + /* Allocate a buffer for the socket name, and format the name. */ + auth_sock_name = xmalloc(MAXPATHLEN); + auth_sock_dir = xmalloc(MAXPATHLEN); + strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); + + /* Create private directory for socket */ + if (mkdtemp(auth_sock_dir) == NULL) { + packet_send_debug("Agent forwarding disabled: " + "mkdtemp() failed: %.100s", strerror(errno)); + restore_uid(); + xfree(auth_sock_name); + xfree(auth_sock_dir); + auth_sock_name = NULL; + auth_sock_dir = NULL; + return 0; + } + snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld", + auth_sock_dir, (long) getpid()); + + /* delete agent socket on fatal() */ + fatal_add_cleanup(auth_sock_cleanup_proc, pw); + + /* Create the socket. */ + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + packet_disconnect("socket: %.100s", strerror(errno)); + + /* Bind it to the name. */ + memset(&sunaddr, 0, sizeof(sunaddr)); + sunaddr.sun_family = AF_UNIX; + strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); + + if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) + packet_disconnect("bind: %.100s", strerror(errno)); + + /* Restore the privileged uid. */ + restore_uid(); + + /* Start listening on the socket. */ + if (listen(sock, 5) < 0) + packet_disconnect("listen: %.100s", strerror(errno)); + + /* Allocate a channel for the authentication agent socket. */ + nc = channel_new("auth socket", + SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, + 0, xstrdup("auth socket"), 1); + strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); + return 1; +} + + void do_authenticated(Authctxt *authctxt) { @@ -145,7 +232,7 @@ do_authenticated(Authctxt *authctxt) do_authenticated1(authctxt); /* remove agent socket */ - if (auth_get_socket_name()) + if (auth_sock_name != NULL) auth_sock_cleanup_proc(authctxt->pw); #ifdef KRB4 if (options.kerberos_ticket_cleanup) @@ -196,6 +283,10 @@ do_authenticated1(Authctxt *authctxt) compression_level); break; } + if (!options.compression) { + debug2("compression disabled"); + break; + } /* Enable compression after we have responded with SUCCESS. */ enable_compression_after_reply = 1; success = 1; @@ -352,7 +443,7 @@ do_authenticated1(Authctxt *authctxt) void do_exec_no_pty(Session *s, const char *command) { - int pid; + pid_t pid; #ifdef USE_PIPES int pin[2], pout[2], perr[2]; @@ -971,9 +1062,9 @@ do_setup_env(Session *s, const char *shell) copy_environment(fetch_pam_environment(), &env, &envsize); #endif /* USE_PAM */ - if (auth_get_socket_name() != NULL) + if (auth_sock_name != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_get_socket_name()); + auth_sock_name); /* read $HOME/.ssh/environment. */ if (!options.use_login) { @@ -1037,7 +1128,7 @@ do_rc_files(Session *s, const char *shell) /* Add authority data to .Xauthority if appropriate. */ if (debug_flag) { fprintf(stderr, - "Running %.100s add " + "Running %.500s add " "%.100s %.100s %.100s\n", options.xauth_location, s->auth_display, s->auth_proto, s->auth_data); @@ -1089,9 +1180,9 @@ do_setusercontext(struct passwd *pw) #else /* HAVE_CYGWIN */ if (getuid() == 0 || geteuid() == 0) { #endif /* HAVE_CYGWIN */ -#ifdef HAVE_GETUSERATTR - set_limits_from_userattr(pw->pw_name); -#endif /* HAVE_GETUSERATTR */ +#ifdef HAVE_SETPCRED + setpcred(pw->pw_name); +#endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { @@ -1141,9 +1232,9 @@ launch_login(struct passwd *pw, const char *hostname) { /* Launch login(1). */ - execl("/usr/bin/login", "login", "-h", hostname, + execl(LOGIN_PROGRAM, "login", "-h", hostname, #ifdef xxxLOGIN_NEEDS_TERM - (s->term ? s->term : "unknown"), + (s->term ? s->term : "unknown"), #endif /* LOGIN_NEEDS_TERM */ #ifdef LOGIN_NO_ENDOPT "-p", "-f", pw->pw_name, (char *)NULL); @@ -1366,12 +1457,12 @@ session_dump(void) int i; for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; - debug("dump: used %d session %d %p channel %d pid %d", + debug("dump: used %d session %d %p channel %d pid %ld", s->used, s->self, s, s->chanid, - s->pid); + (long)s->pid); } } @@ -1429,13 +1520,13 @@ static Session * session_by_pid(pid_t pid) { int i; - debug("session_by_pid: pid %d", pid); + debug("session_by_pid: pid %ld", (long)pid); for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (s->used && s->pid == pid) return s; } - error("session_by_pid: unknown pid %d", pid); + error("session_by_pid: unknown pid %ld", (long)pid); session_dump(); return NULL; } @@ -1725,8 +1816,8 @@ session_exit_message(Session *s, int status) if ((c = channel_lookup(s->chanid)) == NULL) fatal("session_exit_message: session %d: no channel %d", s->self, s->chanid); - debug("session_exit_message: session %d channel %d pid %d", - s->self, s->chanid, s->pid); + debug("session_exit_message: session %d channel %d pid %ld", + s->self, s->chanid, (long)s->pid); if (WIFEXITED(status)) { channel_request_start(s->chanid, "exit-status", 0); @@ -1765,7 +1856,7 @@ session_exit_message(Session *s, int status) void session_close(Session *s) { - debug("session_close: session %d pid %d", s->self, s->pid); + debug("session_close: session %d pid %ld", s->self, (long)s->pid); if (s->ttyfd != -1) { fatal_remove_cleanup(session_pty_cleanup, (void *)s); session_pty_cleanup(s); @@ -1789,7 +1880,8 @@ session_close_by_pid(pid_t pid, int status) { Session *s = session_by_pid(pid); if (s == NULL) { - debug("session_close_by_pid: no session for pid %d", pid); + debug("session_close_by_pid: no session for pid %ld", + (long)pid); return; } if (s->chanid != -1) @@ -1809,7 +1901,8 @@ session_close_by_channel(int id, void *arg) debug("session_close_by_channel: no session for id %d", id); return; } - debug("session_close_by_channel: channel %d child %d", id, s->pid); + debug("session_close_by_channel: channel %d child %ld", + id, (long)s->pid); if (s->pid != 0) { debug("session_close_by_channel: channel %d: has child", id); /* diff --git a/openssh/ssh-rand-helper.c b/openssh/ssh-rand-helper.c index 72a818f..da78a09 100644 --- a/openssh/ssh-rand-helper.c +++ b/openssh/ssh-rand-helper.c @@ -391,7 +391,7 @@ hash_command_output(entropy_cmd_t *src, char *hash) if (waitpid(pid, &status, 0) == -1) { error("Couldn't wait for child '%s' completion: %s", - src->cmdstring, strerror(errno)); + src->cmdstring, strerror(errno)); return 0.0; } diff --git a/openssh/ssh.1 b/openssh/ssh.1 index 71a3f36..8ada41f 100644 --- a/openssh/ssh.1 +++ b/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.151 2002/05/06 23:34:33 millert Exp $ +.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -384,7 +384,7 @@ this mechanism is to prevent man-in-the-middle attacks which could otherwise be used to circumvent the encryption. The .Cm StrictHostKeyChecking -option (see below) can be used to prevent logins to machines whose +option can be used to prevent logins to machines whose host key is not known or has changed. .Pp The options are as follows: @@ -568,13 +568,13 @@ and the .Dq level can be controlled by the .Cm CompressionLevel -option (see below). +option. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks. The default value can be set on a host-by-host basis in the configuration files; see the .Cm Compression -option below. +option. .It Fl F Ar configfile Specifies an alternative per-user configuration file. If a configuration file is given on the command line, @@ -649,612 +649,10 @@ to use IPv6 addresses only. .El .Sh CONFIGURATION FILES .Nm -obtains configuration data from the following sources in -the following order: -command line options, -feature-specific user configuration file(s) (see below), -user's configuration file -.Pq Pa $HOME/.ssh/config , -and system-wide configuration file -.Pq Pa /etc/ssh/ssh_config . -For compatibility with other -.Nm -versions, the following feature-specific user configuration files -will be processed after the command line options but before the user's -main configuration file, so options that other -.Nm -versions may not support don't need to go in the main configuration file: -.Bl -tag -width Ds -.It Pa $HOME/.ssh/config.gssapi -Read if GSSAPI authentication is supported. This is a good place for -the GssapiAuthentication and GssapiDelegateCredentials options. -.It Pa $HOME/.ssh/config.krb -Read if Kerberos authentication is supported. This is a good place -for the KerberosAuthentication and KerberosTgtPassing options. -.It Pa $HOME/.ssh/config.afs -Read if AFS token passing is supported. This is a good place for the -AfsTokenPassing option. -.El -.Pp -For each parameter, the first obtained value -will be used. -The configuration files contain sections bracketed by -.Dq Host -specifications, and that section is only applied for hosts that -match one of the patterns given in the specification. -The matched host name is the one given on the command line. -.Pp -Since the first obtained value for each parameter is used, more -host-specific declarations should be given near the beginning of the -file, and general defaults at the end. -.Pp -The configuration file has the following format: -.Pp -Empty lines and lines starting with -.Ql # -are comments. -.Pp -Otherwise a line is of the format -.Dq keyword arguments . -Configuration options may be separated by whitespace or -optional whitespace and exactly one -.Ql = ; -the latter format is useful to avoid the need to quote whitespace -when specifying configuration options using the -.Nm ssh , -.Nm scp -and -.Nm sftp -.Fl o -option. -.Pp -The possible -keywords and their meanings are as follows (note that -keywords are case-insensitive and arguments are case-sensitive): -.Bl -tag -width Ds -.It Cm Host -Restricts the following declarations (up to the next -.Cm Host -keyword) to be only for those hosts that match one of the patterns -given after the keyword. -.Ql \&* -and -.Ql ? -can be used as wildcards in the -patterns. -A single -.Ql \&* -as a pattern can be used to provide global -defaults for all hosts. -The host is the -.Ar hostname -argument given on the command line (i.e., the name is not converted to -a canonicalized host name before matching). -.It Cm AFSTokenPassing -Specifies whether to pass AFS tokens to remote host. -The argument to this keyword must be -.Dq yes -or -.Dq no . -This option applies to protocol version 1 only. -.It Cm BatchMode -If set to -.Dq yes , -passphrase/password querying will be disabled. -This option is useful in scripts and other batch jobs where no user -is present to supply the password. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm BindAddress -Specify the interface to transmit from on machines with multiple -interfaces or aliased addresses. -Note that this option does not work if -.Cm UsePrivilegedPort -is set to -.Dq yes . -.It Cm CheckHostIP -If this flag is set to -.Dq yes , -ssh will additionally check the host IP address in the -.Pa known_hosts -file. -This allows ssh to detect if a host key changed due to DNS spoofing. -If the option is set to -.Dq no , -the check will not be executed. -The default is -.Dq yes . -.It Cm Cipher -Specifies the cipher to use for encrypting the session -in protocol version 1. -Currently, -.Dq blowfish , -.Dq 3des , -and -.Dq des -are supported. -.Ar des -is only supported in the -.Nm -client for interoperability with legacy protocol 1 implementations -that do not support the -.Ar 3des -cipher. Its use is strongly discouraged due to cryptographic -weaknesses. -The default is -.Dq 3des . -.It Cm Ciphers -Specifies the ciphers allowed for protocol version 2 -in order of preference. -Multiple ciphers must be comma-separated. -The default is -.Pp -.Bd -literal - ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, - aes192-cbc,aes256-cbc'' -.Ed -.It Cm ClearAllForwardings -Specifies that all local, remote and dynamic port forwardings -specified in the configuration files or on the command line be -cleared. This option is primarily useful when used from the -.Nm -command line to clear port forwardings set in -configuration files, and is automatically set by -.Xr scp 1 -and -.Xr sftp 1 . -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm Compression -Specifies whether to use compression. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm CompressionLevel -Specifies the compression level to use if compression is enabled. -The argument must be an integer from 1 (fast) to 9 (slow, best). -The default level is 6, which is good for most applications. -The meaning of the values is the same as in -.Xr gzip 1 . -Note that this option applies to protocol version 1 only. -.It Cm ConnectionAttempts -Specifies the number of tries (one per second) to make before falling -back to rsh or exiting. -The argument must be an integer. -This may be useful in scripts if the connection sometimes fails. -The default is 1. -.It Cm DynamicForward -Specifies that a TCP/IP port on the local machine be forwarded -over the secure channel, and the application -protocol is then used to determine where to connect to from the -remote machine. The argument must be a port number. -Currently the SOCKS4 protocol is supported, and -.Nm -will act as a SOCKS4 server. -Multiple forwardings may be specified, and -additional forwardings can be given on the command line. Only -the superuser can forward privileged ports. -.It Cm EscapeChar -Sets the escape character (default: -.Ql ~ ) . -The escape character can also -be set on the command line. -The argument should be a single character, -.Ql ^ -followed by a letter, or -.Dq none -to disable the escape -character entirely (making the connection transparent for binary -data). -.It Cm FallBackToRsh -Specifies that if connecting via -.Nm -fails due to a connection refused error (there is no -.Xr sshd 8 -listening on the remote host), -.Xr rsh 1 -should automatically be used instead (after a suitable warning about -the session being unencrypted). -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm ForwardAgent -Specifies whether the connection to the authentication agent (if any) -will be forwarded to the remote machine. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm ForwardX11 -Specifies whether X11 connections will be automatically redirected -over the secure channel and -.Ev DISPLAY -set. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm GatewayPorts -Specifies whether remote hosts are allowed to connect to local -forwarded ports. -By default, -.Nm -binds local port forwardings to the loopback addresss. This -prevents other remote hosts from connecting to forwarded ports. -.Cm GatewayPorts -can be used to specify that -.Nm -should bind local port forwardings to the wildcard address, -thus allowing remote hosts to connect to forwarded ports. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm GlobalKnownHostsFile -Specifies a file to use for the global -host key database instead of -.Pa /etc/ssh/ssh_known_hosts . -.It Cm GssapiAuthentication -Specifies whether authentication based on GSSAPI may be used, either using -the result of a successful key exchange, or using GSSAPI user -authentication. -The default is -.Dq yes . -.It Cm GssapiDelegateCredentials -Specifies whether GSSAPI credentials will be delegated (forwarded) to -the server. -The default is -.Dq yes . -.It Cm HostbasedAuthentication -Specifies whether to try rhosts based authentication with public key -authentication. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -This option applies to protocol version 2 only and -is similar to -.Cm RhostsRSAAuthentication . -.It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms -that the client wants to use in order of preference. -The default for this option is: -.Dq ssh-rsa,ssh-dss . -.It Cm HostKeyAlias -Specifies an alias that should be used instead of the -real host name when looking up or saving the host key -in the host key database files. -This option is useful for tunneling ssh connections -or for multiple servers running on a single host. -.It Cm HostName -Specifies the real host name to log into. -This can be used to specify nicknames or abbreviations for hosts. -Default is the name given on the command line. -Numeric IP addresses are also permitted (both on the command line and in -.Cm HostName -specifications). -.It Cm IdentityFile -Specifies a file from which the user's RSA or DSA authentication identity -is read. The default is -.Pa $HOME/.ssh/identity -for protocol version 1, and -.Pa $HOME/.ssh/id_rsa -and -.Pa $HOME/.ssh/id_dsa -for protocol version 2. -Additionally, any identities represented by the authentication agent -will be used for authentication. -The file name may use the tilde -syntax to refer to a user's home directory. -It is possible to have -multiple identity files specified in configuration files; all these -identities will be tried in sequence. -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -.Pp -The default is -.Dq yes -(to send keepalives), and the client will notice -if the network goes down or the remote host dies. -This is important in scripts, and many users want it too. -.Pp -To disable keepalives, the value should be set to -.Dq no . -.It Cm KerberosAuthentication -Specifies whether Kerberos authentication will be used. -The argument to this keyword must be -.Dq yes -or -.Dq no . -.It Cm KerberosTgtPassing -Specifies whether a Kerberos TGT will be forwarded to the server. -This will only work if the Kerberos server is actually an AFS kaserver. -The argument to this keyword must be -.Dq yes -or -.Dq no . -.It Cm LocalForward -Specifies that a TCP/IP port on the local machine be forwarded over -the secure channel to the specified host and port from the remote machine. -The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . -Multiple forwardings may be specified, and additional -forwardings can be given on the command line. -Only the superuser can forward privileged ports. -.It Cm LogLevel -Gives the verbosity level that is used when logging messages from -.Nm ssh . -The possible values are: -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -and DEBUG3 each specify higher levels of verbose output. -.It Cm MACs -Specifies the MAC (message authentication code) algorithms -in order of preference. -The MAC algorithm is used in protocol version 2 -for data integrity protection. -Multiple algorithms must be comma-separated. -The default is -.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . -.It Cm NoHostAuthenticationForLocalhost -This option can be used if the home directory is shared across machines. -In this case localhost will refer to a different machine on each of -the machines and the user will get many warnings about changed host keys. -However, this option disables host authentication for localhost. -The argument to this keyword must be -.Dq yes -or -.Dq no . -The default is to check the host key for localhost. -.It Cm NumberOfPasswordPrompts -Specifies the number of password prompts before giving up. -The argument to this keyword must be an integer. -Default is 3. -.It Cm PasswordAuthentication -Specifies whether to use password authentication. -The argument to this keyword must be -.Dq yes -or -.Dq no . -The default is -.Dq yes . -.It Cm Port -Specifies the port number to connect on the remote host. -Default is 22. -.It Cm PreferredAuthentications -Specifies the order in which the client should try protocol 2 -authentication methods. This allows a client to prefer one method (e.g. -.Cm keyboard-interactive ) -over another method (e.g. -.Cm password ) -The default for this option is: -.Dq hostbased,publickey,keyboard-interactive,password . -.It Cm Protocol -Specifies the protocol versions -.Nm -should support in order of preference. -The possible values are -.Dq 1 -and -.Dq 2 . -Multiple versions must be comma-separated. -The default is -.Dq 2,1 . -This means that -.Nm -tries version 2 and falls back to version 1 -if version 2 is not available. -.It Cm ProxyCommand -Specifies the command to use to connect to the server. -The command -string extends to the end of the line, and is executed with -.Pa /bin/sh . -In the command string, -.Ql %h -will be substituted by the host name to -connect and -.Ql %p -by the port. -The command can be basically anything, -and should read from its standard input and write to its standard output. -It should eventually connect an -.Xr sshd 8 -server running on some machine, or execute -.Ic sshd -i -somewhere. -Host key management will be done using the -HostName of the host being connected (defaulting to the name typed by -the user). -Note that -.Cm CheckHostIP -is not available for connects with a proxy command. -.Pp -.It Cm PubkeyAuthentication -Specifies whether to try public key authentication. -The argument to this keyword must be -.Dq yes -or -.Dq no . -The default is -.Dq yes . -This option applies to protocol version 2 only. -.It Cm RemoteForward -Specifies that a TCP/IP port on the remote machine be forwarded over -the secure channel to the specified host and port from the local machine. -The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . -Multiple forwardings may be specified, and additional -forwardings can be given on the command line. -Only the superuser can forward privileged ports. -.It Cm RhostsAuthentication -Specifies whether to try rhosts based authentication. -Note that this -declaration only affects the client side and has no effect whatsoever -on security. -Disabling rhosts authentication may reduce -authentication time on slow connections when rhosts authentication is -not used. -Most servers do not permit RhostsAuthentication because it -is not secure (see -.Cm RhostsRSAAuthentication ) . -The argument to this keyword must be -.Dq yes -or -.Dq no . -The default is -.Dq yes . -This option applies to protocol version 1 only. -.It Cm RhostsRSAAuthentication -Specifies whether to try rhosts based authentication with RSA host -authentication. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq yes . -This option applies to protocol version 1 only. -.It Cm RSAAuthentication -Specifies whether to try RSA authentication. -The argument to this keyword must be -.Dq yes -or -.Dq no . -RSA authentication will only be -attempted if the identity file exists, or an authentication agent is -running. -The default is -.Dq yes . -Note that this option applies to protocol version 1 only. -.It Cm ChallengeResponseAuthentication -Specifies whether to use challenge response authentication. -The argument to this keyword must be -.Dq yes -or -.Dq no . -The default is -.Dq yes . -.It Cm SmartcardDevice -Specifies which smartcard device to use. The argument to this keyword is -the device -.Nm -should use to communicate with a smartcard used for storing the user's -private RSA key. By default, no device is specified and smartcard support -is not activated. -.It Cm StrictHostKeyChecking -If this flag is set to -.Dq yes , -.Nm -will never automatically add host keys to the -.Pa $HOME/.ssh/known_hosts -file, and refuses to connect to hosts whose host key has changed. -This provides maximum protection against trojan horse attacks, -however, can be annoying when the -.Pa /etc/ssh/ssh_known_hosts -file is poorly maintained, or connections to new hosts are -frequently made. -This option forces the user to manually -add all new hosts. -If this flag is set to -.Dq no , -.Nm -will automatically add new host keys to the -user known hosts files. -If this flag is set to -.Dq ask , -new host keys -will be added to the user known host files only after the user -has confirmed that is what they really want to do, and -.Nm -will refuse to connect to hosts whose host key has changed. -The host keys of -known hosts will be verified automatically in all cases. -The argument must be -.Dq yes , -.Dq no -or -.Dq ask . -The default is -.Dq ask . -.It Cm UsePrivilegedPort -Specifies whether to use a privileged port for outgoing connections. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -Note that this option must be set to -.Dq yes -if -.Cm RhostsAuthentication -and -.Cm RhostsRSAAuthentication -authentications are needed with older servers. -.It Cm User -Specifies the user to log in as. -This can be useful when a different user name is used on different machines. -This saves the trouble of -having to remember to give the user name on the command line. -.It Cm UserKnownHostsFile -Specifies a file to use for the user -host key database instead of -.Pa $HOME/.ssh/known_hosts . -.It Cm UseRsh -Specifies that rlogin/rsh should be used for this host. -It is possible that the host does not at all support the -.Nm -protocol. -This causes -.Nm -to immediately execute -.Xr rsh 1 . -All other options (except -.Cm HostName ) -are ignored if this has been specified. -The argument must be -.Dq yes -or -.Dq no . -.It Cm XAuthLocation -Specifies the location of the -.Xr xauth 1 -program. -The default is -.Pa /usr/X11R6/bin/xauth . -.El +may additionally obtain configuration data from +a per-user configuration file and a system-wide configuration file. +The file format and configuration options are described in +.Xr ssh_config 5 . .Sh ENVIRONMENT .Nm will normally set the following environment variables: @@ -1389,13 +787,8 @@ never used automatically and are not necessary; they are only provided for the convenience of the user. .It Pa $HOME/.ssh/config This is the per-user configuration file. -The format of this file is described above. -This file is used by the -.Nm -client. -This file does not usually contain any sensitive information, -but the recommended permissions are read/write for the user, and not -accessible by others. +The file format and configuration options are described in +.Xr ssh_config 5 . .It Pa $HOME/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the @@ -1430,19 +823,31 @@ checking the key, because someone with access to the name servers would then be able to fool host authentication. .It Pa /etc/ssh/ssh_config Systemwide configuration file. -This file provides defaults for those -values that are not specified in the user's configuration file, and -for those users who do not have a configuration file. -This file must be world-readable. +The file format and configuration options are described in +.Xr ssh_config 5 . .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for .Cm RhostsRSAAuthentication and .Cm HostbasedAuthentication . -Since they are readable only by root +If the protocol version 1 +.Cm RhostsRSAAuthentication +method is used, +.Nm +must be setuid root, since the host key is readable only by root. +For protocol version 2, +.Nm +uses +.Xr ssh-keysign 8 +to access the host keys for +.Cm HostbasedAuthentication . +This eliminates the requirement that +.Nm +be setuid root when that authentication method is used. +By default .Nm -must be setuid root if these authentication methods are desired. +is not setuid root. .It Pa $HOME/.rhosts This file is used in .Pa \&.rhosts @@ -1547,6 +952,8 @@ protocol versions 1.5 and 2.0. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr telnet 1 , +.Xr ssh_config 4 , +.Xr ssh-keysign 8, .Xr sshd 8 .Rs .%A T. Ylonen diff --git a/openssh/ssh.c b/openssh/ssh.c index c258456..f0dbd7e 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.170 2002/04/22 21:04:52 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.179 2002/06/12 01:09:52 markus Exp $"); #include #include @@ -53,7 +53,6 @@ RCSID("$OpenBSD: ssh.c,v 1.170 2002/04/22 21:04:52 markus Exp $"); #include "xmalloc.h" #include "packet.h" #include "buffer.h" -#include "uidswap.h" #include "channels.h" #include "key.h" #include "authfd.h" @@ -107,7 +106,7 @@ int stdin_null_flag = 0; /* * Flag indicating that ssh should fork after authentication. This is useful - * so that the pasphrase can be entered manually, and then ssh goes to the + * so that the passphrase can be entered manually, and then ssh goes to the * background. */ int fork_after_authentication_flag = 0; @@ -132,13 +131,11 @@ char *host; struct sockaddr_storage hostaddr; /* Private host keys. */ -struct { - Key **keys; - int nkeys; -} sensitive_data; +Sensitive sensitive_data; /* Original real UID. */ uid_t original_real_uid; +uid_t original_effective_uid; /* command to be executed */ Buffer command; @@ -203,44 +200,6 @@ usage(void) exit(1); } -/* - * Connects to the given host using rsh (or prints an error message and exits - * if rsh is not available). This function never returns. - */ -static void -rsh_connect(char *host, char *user, Buffer * command) -{ - char *args[10]; - int i; - - log("Using rsh. WARNING: Connection will not be encrypted."); - /* Build argument list for rsh. */ - i = 0; - args[i++] = _PATH_RSH; - /* host may have to come after user on some systems */ - args[i++] = host; - if (user) { - args[i++] = "-l"; - args[i++] = user; - } - if (buffer_len(command) > 0) { - buffer_append(command, "\0", 1); - args[i++] = buffer_ptr(command); - } - args[i++] = NULL; - if (debug_flag) { - for (i = 0; args[i]; i++) { - if (i != 0) - fprintf(stderr, " "); - fprintf(stderr, "%s", args[i]); - } - fprintf(stderr, "\n"); - } - execv(_PATH_RSH, args); - perror(_PATH_RSH); - exit(1); -} - static int ssh_session(void); static int ssh_session2(void); static void load_public_identity_files(void); @@ -251,14 +210,13 @@ static void load_public_identity_files(void); int main(int ac, char **av) { - int i, opt, exit_status, cerr; + int i, opt, exit_status; u_short fwd_port, fwd_host_port; char sfwd_port[6], sfwd_host_port[6]; char *p, *cp, buf[256]; struct stat st; struct passwd *pw; int dummy; - uid_t original_effective_uid; extern int optind, optreset; extern char *optarg; @@ -297,7 +255,7 @@ main(int ac, char **av) * them when the port has been created (actually, when the connection * has been made, as we may need to create the port several times). */ - temporarily_use_uid(pw); + PRIV_END; /* * Set our umask to something reasonable, as some files are created @@ -684,52 +642,52 @@ again: "originating port will not be trusted."); options.rhosts_authentication = 0; } - /* - * If using rsh has been selected, exec it now (without trying - * anything else). Note that we must release privileges first. - */ - if (options.use_rsh) { - /* - * Restore our superuser privileges. This must be done - * before permanently setting the uid. - */ - restore_uid(); - - /* Switch to the original uid permanently. */ - permanently_set_uid(pw); - - /* Execute rsh. */ - rsh_connect(host, options.user, &command); - fatal("rsh_connect returned"); - } - /* Restore our superuser privileges. */ - restore_uid(); - /* Open a connection to the remote host. */ - cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6, + if (ssh_connect(host, &hostaddr, options.port, IPv4or6, options.connection_attempts, - original_effective_uid != 0 || !options.use_privileged_port, - pw, options.proxy_command); +#ifdef HAVE_CYGWIN + options.use_privileged_port, +#else + original_effective_uid == 0 && options.use_privileged_port, +#endif + options.proxy_command) != 0) + exit(1); /* * If we successfully made the connection, load the host private key * in case we will need it later for combined rsa-rhosts * authentication. This must be done before releasing extra * privileges, because the file is only readable by root. + * If we cannot access the private keys, load the public keys + * instead and try to execute the ssh-keysign helper instead. */ sensitive_data.nkeys = 0; sensitive_data.keys = NULL; - if (!cerr && (options.rhosts_rsa_authentication || - options.hostbased_authentication)) { + sensitive_data.external_keysign = 0; + if (options.rhosts_rsa_authentication || + options.hostbased_authentication) { sensitive_data.nkeys = 3; sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); + + PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL); sensitive_data.keys[1] = key_load_private_type(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL); sensitive_data.keys[2] = key_load_private_type(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL); + PRIV_END; + + if (sensitive_data.keys[0] == NULL && + sensitive_data.keys[1] == NULL && + sensitive_data.keys[2] == NULL) { + sensitive_data.keys[1] = key_load_public( + _PATH_HOST_DSA_KEY_FILE, NULL); + sensitive_data.keys[2] = key_load_public( + _PATH_HOST_RSA_KEY_FILE, NULL); + sensitive_data.external_keysign = 1; + } } /* * Get rid of any extra privileges that we may have. We will no @@ -738,15 +696,8 @@ again: * user's home directory if it happens to be on a NFS volume where * root is mapped to nobody. */ - - /* - * Note that some legacy systems need to postpone the following call - * to permanently_set_uid() until the private hostkey is destroyed - * with RSA_free(). Otherwise the calling user could ptrace() the - * process, read the private hostkey and impersonate the host. - * OpenBSD does not allow ptracing of setuid processes. - */ - permanently_set_uid(pw); + seteuid(original_real_uid); + setuid(original_real_uid); /* * Now that we are back to our own permissions, create ~/.ssh @@ -757,21 +708,6 @@ again: if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); - /* Check if the connection failed, and try "rsh" if appropriate. */ - if (cerr) { - if (!options.fallback_to_rsh) - exit(1); - if (options.port != 0) - log("Secure connection to %.100s on port %hu refused; " - "reverting to insecure method", - host, options.port); - else - log("Secure connection to %.100s refused; " - "reverting to insecure method.", host); - - rsh_connect(host, options.user, &command); - fatal("rsh_connect returned"); - } /* load options.identity_files */ load_public_identity_files(); @@ -789,8 +725,7 @@ again: signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ /* Log into the remote system. This never returns if the login fails. */ - ssh_login(sensitive_data.keys, sensitive_data.nkeys, - host, (struct sockaddr *)&hostaddr, pw); + ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw); /* We no longer need the private host keys. Clear them now. */ if (sensitive_data.nkeys != 0) { @@ -842,10 +777,10 @@ x11_get_proto(char **_proto, char **_data) * XXX: "localhost" match to determine FamilyLocal * is not perfect. */ - snprintf(line, sizeof line, "%.100s list unix:%s 2>" + snprintf(line, sizeof line, "%s list unix:%s 2>" _PATH_DEVNULL, options.xauth_location, display+10); else - snprintf(line, sizeof line, "%.100s list %.200s 2>" + snprintf(line, sizeof line, "%s list %.200s 2>" _PATH_DEVNULL, options.xauth_location, display); debug2("x11_get_proto %s", line); f = popen(line, "r"); @@ -1155,7 +1090,7 @@ ssh_session2_setup(int id, void *arg) debug("Sending subsystem: %.*s", len, (u_char *)buffer_ptr(&command)); channel_request_start(id, "subsystem", /*want reply*/ 1); /* register callback for reply */ - /* XXX we asume that client_loop has already been called */ + /* XXX we assume that client_loop has already been called */ dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &client_subsystem_reply); dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &client_subsystem_reply); } else { diff --git a/openssh/ssh_config.5 b/openssh/ssh_config.5 index 53cb0fe..c1796eb 100644 --- a/openssh/ssh_config.5 +++ b/openssh/ssh_config.5 @@ -50,10 +50,30 @@ .Nm ssh obtains configuration data from the following sources in the following order: -command line options, user's configuration file +command line options, +feature-specific user configuration file(s) (see below), +user's configuration file .Pq Pa $HOME/.ssh/config , and system-wide configuration file .Pq Pa /etc/ssh/ssh_config . +For compatibility with other +.Nm +versions, the following feature-specific user configuration files +will be processed after the command line options but before the user's +main configuration file, so options that other +.Nm +versions may not support don't need to go in the main configuration file: +.Bl -tag -width Ds +.It Pa $HOME/.ssh/config.gssapi +Read if GSSAPI authentication is supported. This is a good place for +the GssapiAuthentication and GssapiDelegateCredentials options. +.It Pa $HOME/.ssh/config.krb +Read if Kerberos authentication is supported. This is a good place +for the KerberosAuthentication and KerberosTgtPassing options. +.It Pa $HOME/.ssh/config.afs +Read if AFS token passing is supported. This is a good place for the +AfsTokenPassing option. +.El .Pp For each parameter, the first obtained value will be used. @@ -285,6 +305,17 @@ The default is Specifies a file to use for the global host key database instead of .Pa /etc/ssh/ssh_known_hosts . +.It Cm GssapiAuthentication +Specifies whether authentication based on GSSAPI may be used, either using +the result of a successful key exchange, or using GSSAPI user +authentication. +The default is +.Dq yes . +.It Cm GssapiDelegateCredentials +Specifies whether GSSAPI credentials will be delegated (forwarded) to +the server. +The default is +.Dq yes . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. @@ -418,7 +449,7 @@ authentication methods. This allows a client to prefer one method (e.g. over another method (e.g. .Cm password ) The default for this option is: -.Dq hostbased,publickey,keyboard-interactive,password . +.Dq hostbased,external-keyx,gssapi,publickey,keyboard-interactive,password . .It Cm Protocol Specifies the protocol versions .Nm ssh diff --git a/openssh/sshconnect1.c b/openssh/sshconnect1.c index 7c05f5a..f69a72c 100644 --- a/openssh/sshconnect1.c +++ b/openssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.50 2002/04/21 16:25:06 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.51 2002/05/23 19:24:30 markus Exp $"); #include #include @@ -1620,7 +1620,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) */ void ssh_userauth1(const char *local_user, const char *server_user, char *host, - Key **keys, int nkeys) + Sensitive *sensitive) { #ifdef GSSAPI #ifdef GSI @@ -1789,9 +1789,11 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, */ if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && options.rhosts_rsa_authentication) { - for (i = 0; i < nkeys; i++) { - if (keys[i] != NULL && keys[i]->type == KEY_RSA1 && - try_rhosts_rsa_authentication(local_user, keys[i])) + for (i = 0; i < sensitive->nkeys; i++) { + if (sensitive->keys[i] != NULL && + sensitive->keys[i]->type == KEY_RSA1 && + try_rhosts_rsa_authentication(local_user, + sensitive->keys[i])) goto success; } } diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index 79d4980..fdf6f69 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.99 2002/03/26 15:58:46 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $"); #include "ssh.h" #include "ssh2.h" @@ -45,6 +45,8 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.99 2002/03/26 15:58:46 markus Exp $"); #include "match.h" #include "dispatch.h" #include "canohost.h" +#include "msg.h" +#include "pathnames.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -190,8 +192,7 @@ struct Authctxt { int last_key_hint; AuthenticationConnection *agent; /* hostbased */ - Key **keys; - int nkeys; + Sensitive *sensitive; /* kbd-interactive */ int info_req_seen; /* generic */ @@ -271,7 +272,7 @@ Authmethod authmethods[] = { void ssh_userauth2(const char *local_user, const char *server_user, char *host, - Key **keys, int nkeys) + Sensitive *sensitive) { Authctxt authctxt; int type; @@ -312,8 +313,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, authctxt.method = authmethod_lookup("none"); authctxt.authlist = NULL; authctxt.methoddata = NULL; - authctxt.keys = keys; - authctxt.nkeys = nkeys; + authctxt.sensitive = sensitive; authctxt.info_req_seen = 0; if (authctxt.method == NULL) fatal("ssh_userauth2: internal error: cannot send userauth none request"); @@ -459,7 +459,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) if (key->type != pktype) { error("input_userauth_pk_ok: type mismatch " "for decoded key (received %d, expected %d)", - key->type, pktype); + key->type, pktype); break; } fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); @@ -683,7 +683,7 @@ userauth_passwd(Authctxt *authctxt) packet_add_padding(64); packet_send(); - dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, &input_userauth_passwd_changereq); return 1; @@ -715,7 +715,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) packet_put_cstring(authctxt->service); packet_put_cstring(authctxt->method->name); packet_put_char(1); /* additional info */ - snprintf(prompt, sizeof(prompt), + snprintf(prompt, sizeof(prompt), "Enter %.30s@%.128s's old password: ", authctxt->server_user, authctxt->host); password = read_passphrase(prompt, 0); @@ -724,7 +724,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) xfree(password); password = NULL; while (password == NULL) { - snprintf(prompt, sizeof(prompt), + snprintf(prompt, sizeof(prompt), "Enter %.30s@%.128s's new password: ", authctxt->server_user, authctxt->host); password = read_passphrase(prompt, RP_ALLOW_EOF); @@ -732,7 +732,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) /* bail out */ return; } - snprintf(prompt, sizeof(prompt), + snprintf(prompt, sizeof(prompt), "Retype %.30s@%.128s's new password: ", authctxt->server_user, authctxt->host); retype = read_passphrase(prompt, 0); @@ -750,8 +750,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) xfree(password); packet_add_padding(64); packet_send(); - - dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + + dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, &input_userauth_passwd_changereq); } @@ -1113,14 +1113,88 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) packet_send(); } -/* - * this will be move to an external program (ssh-keysign) ASAP. ssh-keysign - * will be setuid-root and the sbit can be removed from /usr/bin/ssh. - */ +static int +ssh_keysign( + Key *key, + u_char **sigp, u_int *lenp, + u_char *data, u_int datalen) +{ + Buffer b; + struct stat st; + pid_t pid; + int to[2], from[2], status, version = 2; + + debug("ssh_keysign called"); + + if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { + error("ssh_keysign: no installed: %s", strerror(errno)); + return -1; + } + if (fflush(stdout) != 0) + error("ssh_keysign: fflush: %s", strerror(errno)); + if (pipe(to) < 0) { + error("ssh_keysign: pipe: %s", strerror(errno)); + return -1; + } + if (pipe(from) < 0) { + error("ssh_keysign: pipe: %s", strerror(errno)); + return -1; + } + if ((pid = fork()) < 0) { + error("ssh_keysign: fork: %s", strerror(errno)); + return -1; + } + if (pid == 0) { + seteuid(getuid()); + setuid(getuid()); + close(from[0]); + if (dup2(from[1], STDOUT_FILENO) < 0) + fatal("ssh_keysign: dup2: %s", strerror(errno)); + close(to[1]); + if (dup2(to[0], STDIN_FILENO) < 0) + fatal("ssh_keysign: dup2: %s", strerror(errno)); + close(from[1]); + close(to[0]); + execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); + fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN, + strerror(errno)); + } + close(from[1]); + close(to[0]); + + buffer_init(&b); + buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ + buffer_put_string(&b, data, datalen); + msg_send(to[1], version, &b); + + if (msg_recv(from[0], &b) < 0) { + error("ssh_keysign: no reply"); + buffer_clear(&b); + return -1; + } + close(from[0]); + close(to[1]); + + while (waitpid(pid, &status, 0) < 0) + if (errno != EINTR) + break; + + if (buffer_get_char(&b) != version) { + error("ssh_keysign: bad version"); + buffer_clear(&b); + return -1; + } + *sigp = buffer_get_string(&b, lenp); + buffer_clear(&b); + + return 0; +} + int userauth_hostbased(Authctxt *authctxt) { Key *private = NULL; + Sensitive *sensitive = authctxt->sensitive; Buffer b; u_char *signature, *blob; char *chost, *pkalg, *p; @@ -1129,12 +1203,12 @@ userauth_hostbased(Authctxt *authctxt) int ok, i, len, found = 0; /* check for a useful key */ - for (i = 0; i < authctxt->nkeys; i++) { - private = authctxt->keys[i]; + for (i = 0; i < sensitive->nkeys; i++) { + private = sensitive->keys[i]; if (private && private->type != KEY_RSA1) { found = 1; /* we take and free the key */ - authctxt->keys[i] = NULL; + sensitive->keys[i] = NULL; break; } } @@ -1176,7 +1250,12 @@ userauth_hostbased(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif - ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); + if (sensitive->external_keysign) + ok = ssh_keysign(private, &signature, &slen, + buffer_ptr(&b), buffer_len(&b)); + else + ok = key_sign(private, &signature, &slen, + buffer_ptr(&b), buffer_len(&b)); key_free(private); buffer_free(&b); if (ok != 0) { diff --git a/openssh/sshd.8 b/openssh/sshd.8 index e4a1a32..22f8143 100644 --- a/openssh/sshd.8 +++ b/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.181 2002/05/15 21:02:53 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -320,654 +320,8 @@ reads configuration data from (or the file specified with .Fl f on the command line). -The file contains keyword-argument pairs, one per line. -Lines starting with -.Ql # -and empty lines are interpreted as comments. -.Pp -The possible -keywords and their meanings are as follows (note that -keywords are case-insensitive and arguments are case-sensitive): -.Bl -tag -width Ds -.It Cm AFSTokenPassing -Specifies whether an AFS token may be forwarded to the server. -Default is -.Dq no . -.It Cm AllowGroups -This keyword can be followed by a list of group name patterns, separated -by spaces. -If specified, login is allowed only for users whose primary -group or supplementary group list matches one of the patterns. -.Ql \&* -and -.Ql ? -can be used as -wildcards in the patterns. -Only group names are valid; a numerical group ID is not recognized. -By default, login is allowed for all groups. -.Pp -.It Cm AllowTcpForwarding -Specifies whether TCP forwarding is permitted. -The default is -.Dq yes . -Note that disabling TCP forwarding does not improve security unless -users are also denied shell access, as they can always install their -own forwarders. -.Pp -.It Cm AllowUsers -This keyword can be followed by a list of user name patterns, separated -by spaces. -If specified, login is allowed only for users names that -match one of the patterns. -.Ql \&* -and -.Ql ? -can be used as -wildcards in the patterns. -Only user names are valid; a numerical user ID is not recognized. -By default, login is allowed for all users. -If the pattern takes the form USER@HOST then USER and HOST -are separately checked, restricting logins to particular -users from particular hosts. -.Pp -.It Cm AuthorizedKeysFile -Specifies the file that contains the public keys that can be used -for user authentication. -.Cm AuthorizedKeysFile -may contain tokens of the form %T which are substituted during connection -set-up. The following tokens are defined: %% is replaced by a literal '%', -%h is replaced by the home directory of the user being authenticated and -%u is replaced by the username of that user. -After expansion, -.Cm AuthorizedKeysFile -is taken to be an absolute path or one relative to the user's home -directory. -The default is -.Dq .ssh/authorized_keys . -.It Cm Banner -In some jurisdictions, sending a warning message before authentication -may be relevant for getting legal protection. -The contents of the specified file are sent to the remote user before -authentication is allowed. -This option is only available for protocol version 2. -By default, no banner is displayed. -.Pp -.It Cm ChallengeResponseAuthentication -Specifies whether challenge response authentication is allowed. -All authentication styles from -.Xr login.conf 5 -are supported. -The default is -.Dq yes . -.It Cm Ciphers -Specifies the ciphers allowed for protocol version 2. -Multiple ciphers must be comma-separated. -The default is -.Pp -.Bd -literal - ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, - aes192-cbc,aes256-cbc'' -.Ed -.It Cm ClientAliveInterval -Sets a timeout interval in seconds after which if no data has been received -from the client, -.Nm -will send a message through the encrypted -channel to request a response from the client. -The default -is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. -.It Cm ClientAliveCountMax -Sets the number of client alive messages (see above) which may be -sent without -.Nm -receiving any messages back from the client. If this threshold is -reached while client alive messages are being sent, -.Nm -will disconnect the client, terminating the session. It is important -to note that the use of client alive messages is very different from -.Cm KeepAlive -(below). The client alive messages are sent through the -encrypted channel and therefore will not be spoofable. The TCP keepalive -option enabled by -.Cm KeepAlive -is spoofable. The client alive mechanism is valuable when the client or -server depend on knowing when a connection has become inactive. -.Pp -The default value is 3. If -.Cm ClientAliveInterval -(above) is set to 15, and -.Cm ClientAliveCountMax -is left at the default, unresponsive ssh clients -will be disconnected after approximately 45 seconds. -.It Cm DenyGroups -This keyword can be followed by a list of group name patterns, separated -by spaces. -Login is disallowed for users whose primary group or supplementary -group list matches one of the patterns. -.Ql \&* -and -.Ql ? -can be used as -wildcards in the patterns. -Only group names are valid; a numerical group ID is not recognized. -By default, login is allowed for all groups. -.Pp -.It Cm DenyUsers -This keyword can be followed by a list of user name patterns, separated -by spaces. -Login is disallowed for user names that match one of the patterns. -.Ql \&* -and -.Ql ? -can be used as wildcards in the patterns. -Only user names are valid; a numerical user ID is not recognized. -By default, login is allowed for all users. -If the pattern takes the form USER@HOST then USER and HOST -are separately checked, restricting logins to particular -users from particular hosts. -.It Cm GatewayPorts -Specifies whether remote hosts are allowed to connect to ports -forwarded for the client. -By default, -.Nm -binds remote port forwardings to the loopback addresss. This -prevents other remote hosts from connecting to forwarded ports. -.Cm GatewayPorts -can be used to specify that -.Nm -should bind remote port forwardings to the wildcard address, -thus allowing remote hosts to connect to forwarded ports. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.It Cm HostbasedAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together -with successful public key client host authentication is allowed -(hostbased authentication). -This option is similar to -.Cm RhostsRSAAuthentication -and applies to protocol version 2 only. -The default is -.Dq no . -.It Cm GssapiAuthentication -Specifies whether authentication based on GSSAPI may be used, either using -the result of a successful key exchange, or using GSSAPI user -authentication. -The default is -.Dq yes . -.It Cm GssapiKeyExchange -Specifies whether key exchange based on GSSAPI may be used. When using -GSSAPI key exchange the server need not have a host key. -The default is -.Dq yes . -.It Cm GssapiUseSessionCredCache -Specifies whether a unique credentials cache name should be generated per -session for storing delegated credentials. -The default is -.Dq yes . -.It Cm HostKey -Specifies a file containing a private host key -used by SSH. -The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key -and -.Pa /etc/ssh/ssh_host_dsa_key -for protocol version 2. -Note that -.Nm -will refuse to use a file if it is group/world-accessible. -It is possible to have multiple host key files. -.Dq rsa1 -keys are used for version 1 and -.Dq dsa -or -.Dq rsa -are used for version 2 of the SSH protocol. -.It Cm IgnoreRhosts -Specifies that -.Pa .rhosts -and -.Pa .shosts -files will not be used in -.Cm RhostsAuthentication , -.Cm RhostsRSAAuthentication -or -.Cm HostbasedAuthentication . -.Pp -.Pa /etc/hosts.equiv -and -.Pa /etc/shosts.equiv -are still used. -The default is -.Dq yes . -.It Cm IgnoreUserKnownHosts -Specifies whether -.Nm -should ignore the user's -.Pa $HOME/.ssh/known_hosts -during -.Cm RhostsRSAAuthentication -or -.Cm HostbasedAuthentication . -The default is -.Dq no . -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -On the other hand, if keepalives are not sent, -sessions may hang indefinitely on the server, leaving -.Dq ghost -users and consuming server resources. -.Pp -The default is -.Dq yes -(to send keepalives), and the server will notice -if the network goes down or the client host crashes. -This avoids infinitely hanging sessions. -.Pp -To disable keepalives, the value should be set to -.Dq no . -.It Cm KerberosAuthentication -Specifies whether Kerberos authentication is allowed. -This can be in the form of a Kerberos ticket, or if -.Cm PasswordAuthentication -is yes, the password provided by the user will be validated through -the Kerberos KDC. -To use this option, the server needs a -Kerberos servtab which allows the verification of the KDC's identity. -Default is -.Dq no . -.It Cm KerberosOrLocalPasswd -If set then if password authentication through Kerberos fails then -the password will be validated via any additional local mechanism -such as -.Pa /etc/passwd . -Default is -.Dq yes . -.It Cm KerberosTgtPassing -Specifies whether a Kerberos TGT may be forwarded to the server. -Default is -.Dq no , -as this only works when the Kerberos KDC is actually an AFS kaserver. -.It Cm KerberosTicketCleanup -Specifies whether to automatically destroy the user's ticket cache -file on logout. -Default is -.Dq yes . -.It Cm KeyRegenerationInterval -In protocol version 1, the ephemeral server key is automatically regenerated -after this many seconds (if it has been used). -The purpose of regeneration is to prevent -decrypting captured sessions by later breaking into the machine and -stealing the keys. -The key is never stored anywhere. -If the value is 0, the key is never regenerated. -The default is 3600 (seconds). -.It Cm ListenAddress -Specifies the local addresses -.Nm -should listen on. -The following forms may be used: -.Pp -.Bl -item -offset indent -compact -.It -.Cm ListenAddress -.Sm off -.Ar host No | Ar IPv4_addr No | Ar IPv6_addr -.Sm on -.It -.Cm ListenAddress -.Sm off -.Ar host No | Ar IPv4_addr No : Ar port -.Sm on -.It -.Cm ListenAddress -.Sm off -.Oo -.Ar host No | Ar IPv6_addr Oc : Ar port -.Sm on -.El -.Pp -If -.Ar port -is not specified, -.Nm -will listen on the address and all prior -.Cm Port -options specified. The default is to listen on all local -addresses. Multiple -.Cm ListenAddress -options are permitted. Additionally, any -.Cm Port -options must precede this option for non port qualified addresses. -.It Cm LoginGraceTime -The server disconnects after this time if the user has not -successfully logged in. -If the value is 0, there is no time limit. -The default is 600 (seconds). -.It Cm LogLevel -Gives the verbosity level that is used when logging messages from -.Nm sshd . -The possible values are: -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -and DEBUG3 each specify higher levels of debugging output. -Logging with a DEBUG level violates the privacy of users -and is not recommended. -.It Cm MACs -Specifies the available MAC (message authentication code) algorithms. -The MAC algorithm is used in protocol version 2 -for data integrity protection. -Multiple algorithms must be comma-separated. -The default is -.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . -.It Cm MaxStartups -Specifies the maximum number of concurrent unauthenticated connections to the -.Nm -daemon. -Additional connections will be dropped until authentication succeeds or the -.Cm LoginGraceTime -expires for a connection. -The default is 10. -.Pp -Alternatively, random early drop can be enabled by specifying -the three colon separated values -.Dq start:rate:full -(e.g., "10:30:60"). -.Nm -will refuse connection attempts with a probability of -.Dq rate/100 -(30%) -if there are currently -.Dq start -(10) -unauthenticated connections. -The probability increases linearly and all connection attempts -are refused if the number of unauthenticated connections reaches -.Dq full -(60). -.It Cm PAMAuthenticationViaKbdInt -Specifies whether PAM challenge response authentication is allowed. This -allows the use of most PAM challenge response authentication modules, but -it will allow password authentication regardless of whether -.Cm PasswordAuthentication -is disabled. -The default is -.Dq no . -.It Cm PasswordAuthentication -Specifies whether password authentication is allowed. -The default is -.Dq yes . -.It Cm PermitEmptyPasswords -When password authentication is allowed, it specifies whether the -server allows login to accounts with empty password strings. -The default is -.Dq no . -.It Cm PermitRootLogin -Specifies whether root can login using -.Xr ssh 1 . -The argument must be -.Dq yes , -.Dq without-password , -.Dq forced-commands-only -or -.Dq no . -The default is -.Dq yes . -.Pp -If this option is set to -.Dq without-password -password authentication is disabled for root. -.Pp -If this option is set to -.Dq forced-commands-only -root login with public key authentication will be allowed, -but only if the -.Ar command -option has been specified -(which may be useful for taking remote backups even if root login is -normally not allowed). All other authentication methods are disabled -for root. -.Pp -If this option is set to -.Dq no -root is not allowed to login. -.It Cm PidFile -Specifies the file that contains the process identifier of the -.Nm -daemon. -The default is -.Pa /var/run/sshd.pid . -.It Cm Port -Specifies the port number that -.Nm -listens on. -The default is 22. -Multiple options of this type are permitted. -See also -.Cm ListenAddress . -.It Cm PrintLastLog -Specifies whether -.Nm -should print the date and time when the user last logged in. -The default is -.Dq yes . -.It Cm PrintMotd -Specifies whether -.Nm -should print -.Pa /etc/motd -when a user logs in interactively. -(On some systems it is also printed by the shell, -.Pa /etc/profile , -or equivalent.) -The default is -.Dq yes . -.It Cm Protocol -Specifies the protocol versions -.Nm -should support. -The possible values are -.Dq 1 -and -.Dq 2 . -Multiple versions must be comma-separated. -The default is -.Dq 2,1 . -.It Cm PubkeyAuthentication -Specifies whether public key authentication is allowed. -The default is -.Dq yes . -Note that this option applies to protocol version 2 only. -.It Cm RhostsAuthentication -Specifies whether authentication using rhosts or /etc/hosts.equiv -files is sufficient. -Normally, this method should not be permitted because it is insecure. -.Cm RhostsRSAAuthentication -should be used -instead, because it performs RSA-based host authentication in addition -to normal rhosts or /etc/hosts.equiv authentication. -The default is -.Dq no . -This option applies to protocol version 1 only. -.It Cm RhostsRSAAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together -with successful RSA host authentication is allowed. -The default is -.Dq no . -This option applies to protocol version 1 only. -.It Cm RSAAuthentication -Specifies whether pure RSA authentication is allowed. -The default is -.Dq yes . -This option applies to protocol version 1 only. -.It Cm ServerKeyBits -Defines the number of bits in the ephemeral protocol version 1 server key. -The minimum value is 512, and the default is 768. -.It Cm StrictModes -Specifies whether -.Nm -should check file modes and ownership of the -user's files and home directory before accepting login. -This is normally desirable because novices sometimes accidentally leave their -directory or files world-writable. -The default is -.Dq yes . -.It Cm Subsystem -Configures an external subsystem (e.g., file transfer daemon). -Arguments should be a subsystem name and a command to execute upon subsystem -request. -The command -.Xr sftp-server 8 -implements the -.Dq sftp -file transfer subsystem. -By default no subsystems are defined. -Note that this option applies to protocol version 2 only. -.It Cm SyslogFacility -Gives the facility code that is used when logging messages from -.Nm sshd . -The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, -LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. -The default is AUTH. -.It Cm UseLogin -Specifies whether -.Xr login 1 -is used for interactive login sessions. -The default is -.Dq no . -Note that -.Xr login 1 -is never used for remote command execution. -Note also, that if this is enabled, -.Cm X11Forwarding -will be disabled because -.Xr login 1 -does not know how to handle -.Xr xauth 1 -cookies. If -.Cm UsePrivilegeSeparation -is specified, it will be disabled after authentication. -.It Cm UsePrivilegeSeparation -Specifies whether -.Nm -separated privileges by creating an unprivileged child process -to deal with incoming network traffic. After successful authentication, -another process will be created that has the privilege of the authenticated -user. The goal of privilege separation is to prevent privilege -escalation by containing any corruption within the unprivileged processes. -The default is -.Dq no . -.It Cm VerifyReverseMapping -Specifies whether -.Nm -should try to verify the remote host name and check that -the resolved host name for the remote IP address maps back to the -very same IP address. -The default is -.Dq no . -.It Cm X11DisplayOffset -Specifies the first display number available for -.Nm sshd Ns 's -X11 forwarding. -This prevents -.Nm -from interfering with real X11 servers. -The default is 10. -.It Cm X11Forwarding -Specifies whether X11 forwarding is permitted. -The default is -.Dq no . -Note that disabling X11 forwarding does not improve security in any -way, as users can always install their own forwarders. -X11 forwarding is automatically disabled if -.Cm UseLogin -is enabled. -.It Cm X11UseLocalhost -Specifies whether -.Nm -should bind the X11 forwarding server to the loopback address or to -the wildcard address. By default, -.Nm -binds the forwarding server to the loopback address and sets the -hostname part of the -.Ev DISPLAY -environment variable to -.Dq localhost . -This prevents remote hosts from connecting to the fake display. -However, some older X11 clients may not function with this -configuration. -.Cm X11UseLocalhost -may be set to -.Dq no -to specify that the forwarding server should be bound to the wildcard -address. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq yes . -.It Cm XAuthLocation -Specifies the location of the -.Xr xauth 1 -program. -The default is -.Pa /usr/X11R6/bin/xauth . -.El -.Ss Time Formats -.Pp -.Nm -command-line arguments and configuration file options that specify time -may be expressed using a sequence of the form: -.Sm off -.Ar time Oo Ar qualifier Oc , -.Sm on -where -.Ar time -is a positive integer value and -.Ar qualifier -is one of the following: -.Pp -.Bl -tag -width Ds -compact -offset indent -.It Cm -seconds -.It Cm s | Cm S -seconds -.It Cm m | Cm M -minutes -.It Cm h | Cm H -hours -.It Cm d | Cm D -days -.It Cm w | Cm W -weeks -.El -.Pp -Each member of the sequence is added together to calculate -the total time value. -.Pp -Time format examples: -.Pp -.Bl -tag -width Ds -compact -offset indent -.It 600 -600 seconds (10 minutes) -.It 10m -10 minutes -.It 1h30m -1 hour 30 minutes (90 minutes) -.El +The file format and configuration options are described in +.Xr sshd_config 5 . .Sh LOGIN PROCESS When a user successfully logs in, .Nm @@ -1203,8 +557,8 @@ cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= .It Pa /etc/ssh/sshd_config Contains configuration data for .Nm sshd . -This file should be writable by root only, but it is recommended -(though not necessary) that it be world-readable. +The file format and configuration options are described in +.Xr sshd_config 5 . .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not @@ -1405,6 +759,7 @@ for privilege separation. .Xr ssh-keygen 1 , .Xr login.conf 5 , .Xr moduli 5 , +.Xr sshd_config 5 , .Xr sftp-server 8 .Rs .%A T. Ylonen diff --git a/openssh/sshd.c b/openssh/sshd.c index a29dde6..76089f8 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.242 2002/05/15 15:47:49 mouring Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $"); #include #include @@ -387,7 +387,7 @@ sshd_exchange_identification(int sock_in, int sock_out) fatal_cleanup(); } - /* Read other side's version identification. */ + /* Read other sides version identification. */ memset(buf, 0, sizeof(buf)); for (i = 0; i < sizeof(buf) - 1; i++) { if (atomicio(read, sock_in, &buf[i], 1) != 1) { @@ -583,7 +583,7 @@ privsep_preauth(void) if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { - debug2("Network child is on pid %d", pid); + debug2("Network child is on pid %ld", (long)pid); close(pmonitor->m_recvfd); authctxt = monitor_child_preauth(pmonitor); @@ -639,7 +639,7 @@ privsep_postauth(Authctxt *authctxt) if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - debug2("User child is on pid %d", pmonitor->m_pid); + debug2("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); monitor_child_postauth(pmonitor); @@ -1013,6 +1013,19 @@ main(int ac, char **av) } } + if (use_privsep) { + struct passwd *pw; + struct stat st; + + if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || + (S_ISDIR(st.st_mode) == 0)) + fatal("Missing privilege separation directory: %s", + _PATH_PRIVSEP_CHROOT_DIR); + } + /* Configuration looks good, so exit if in test mode. */ if (test_flag) exit(0); @@ -1021,7 +1034,6 @@ main(int ac, char **av) ssh_gssapi_clean_env(); #endif /* GSSAPI */ -#ifndef HAVE_CYGWIN /* * Clear out any supplemental groups we may have inherited. This * prevents inadvertent creation of files with bad modes (in the @@ -1031,7 +1043,6 @@ main(int ac, char **av) */ if (setgroups(0, NULL) < 0) debug("setgroups() failed: %.200s", strerror(errno)); -#endif /* !HAVE_CYGWIN */ /* Initialize the log (it is reinitialized below in case we forked). */ if (debug_flag && !inetd_flag) @@ -1176,7 +1187,7 @@ main(int ac, char **av) */ f = fopen(options.pid_file, "wb"); if (f) { - fprintf(f, "%u\n", (u_int) getpid()); + fprintf(f, "%ld\n", (long) getpid()); fclose(f); } } @@ -1323,7 +1334,7 @@ main(int ac, char **av) if (pid < 0) error("fork: %.100s", strerror(errno)); else - debug("Forked child %d.", pid); + debug("Forked child %ld.", (long)pid); close(startup_p[1]); @@ -1433,7 +1444,7 @@ main(int ac, char **av) sshd_exchange_identification(sock_in, sock_out); /* * Check that the connection comes from a privileged port. - * Rhosts-Authentication only makes sense from priviledged + * Rhosts-Authentication only makes sense from privileged * programs. Of course, if the intruder has root access on his local * machine, he can connect from any port. So do not use these * authentication methods from machines that you do not trust. @@ -1792,7 +1803,7 @@ do_ssh1_kex(void) debug("Received session key; encryption turned on."); - /* Send an acknowledgement packet. Note that this packet is sent encrypted. */ + /* Send an acknowledgment packet. Note that this packet is sent encrypted. */ packet_start(SSH_SMSG_SUCCESS); packet_send(); packet_write_wait(); @@ -1819,6 +1830,10 @@ do_ssh2_kex(void) myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; } + if (!options.compression) { + myproposal[PROPOSAL_COMP_ALGS_CTOS] = + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; + } myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); #ifdef GSSAPI diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5 index 1aecd48..d3e9800 100644 --- a/openssh/sshd_config.5 +++ b/openssh/sshd_config.5 @@ -233,6 +233,22 @@ This option is similar to and applies to protocol version 2 only. The default is .Dq no . +.It Cm GssapiAuthentication +Specifies whether authentication based on GSSAPI may be used, either using +the result of a successful key exchange, or using GSSAPI user +authentication. +The default is +.Dq yes . +.It Cm GssapiKeyExchange +Specifies whether key exchange based on GSSAPI may be used. When using +GSSAPI key exchange the server need not have a host key. +The default is +.Dq yes . +.It Cm GssapiUseSessionCredCache +Specifies whether a unique credentials cache name should be generated per +session for storing delegated credentials. +The default is +.Dq yes . .It Cm HostKey Specifies a file containing a private host key used by SSH. -- 2.45.1