From bfe4994432b3a30a7e74fbf531d4e54ab7a3c228 Mon Sep 17 00:00:00 2001 From: jbasney Date: Mon, 7 Apr 2003 18:13:20 +0000 Subject: [PATCH] merge with OpenSSH 3.6.1p1 --- openssh/Makefile.in | 105 ++++++++++++--------- openssh/README.privsep | 4 + openssh/acconfig.h | 13 +++ openssh/auth-krb5.c | 4 +- openssh/auth-pam.c | 8 -- openssh/auth.c | 50 ++++++---- openssh/auth1.c | 8 +- openssh/auth2.c | 5 +- openssh/canohost.c | 25 +++-- openssh/cipher.c | 4 +- openssh/compat.c | 22 +++-- openssh/compat.h | 3 +- openssh/configure.ac | 119 +++++++++++++++++------- openssh/contrib/aix/README | 13 ++- openssh/contrib/aix/buildbff.sh | 62 ++++++++++-- openssh/contrib/aix/inventory.sh | 4 +- openssh/contrib/gnome-ssh-askpass2.c | 50 ++++++---- openssh/defines.h | 14 +++ openssh/includes.h | 4 + openssh/key.c | 8 +- openssh/key.h | 7 +- openssh/log.c | 10 +- openssh/monitor.c | 42 +++++---- openssh/monitor_wrap.c | 32 +++++-- openssh/msg.c | 2 +- openssh/msg.h | 2 +- openssh/openbsd-compat/bsd-getpeereid.c | 2 +- openssh/openbsd-compat/bsd-misc.h | 9 ++ openssh/openbsd-compat/getopt.c | 5 +- openssh/openbsd-compat/port-aix.h | 11 +++ openssh/openbsd-compat/sys-tree.h | 8 +- openssh/packet.c | 64 ++++++------- openssh/packet.h | 2 +- openssh/readconf.c | 26 +++--- openssh/readconf.h | 4 +- openssh/servconf.c | 3 +- openssh/session.c | 61 ++++++++---- openssh/ssh-agent.c | 79 ++++++++++++++-- openssh/ssh-dss.h | 32 ------- openssh/ssh-keysign.8 | 10 +- openssh/ssh-keysign.c | 13 +-- openssh/ssh-rand-helper.c | 7 +- openssh/ssh-rsa.h | 32 ------- openssh/ssh.1 | 34 ++++--- openssh/ssh.c | 19 ++-- openssh/ssh_config.5 | 47 ++++++---- openssh/sshconnect2.c | 45 ++++----- openssh/sshd.8 | 31 +++--- openssh/sshd.c | 37 ++++++-- openssh/sshd_config.5 | 32 ++++--- 50 files changed, 772 insertions(+), 461 deletions(-) delete mode 100644 openssh/ssh-dss.h delete mode 100644 openssh/ssh-rsa.h diff --git a/openssh/Makefile.in b/openssh/Makefile.in index 2ed79a0..d4637bf 100644 --- a/openssh/Makefile.in +++ b/openssh/Makefile.in @@ -27,6 +27,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ +STRIP_OPT=@STRIP_OPT@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ @@ -48,6 +49,7 @@ AR=@AR@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ PERL=@PERL@ +SED=@SED@ ENT=@ENT@ XAUTH_PATH=@XAUTH_PATH@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ @@ -57,15 +59,32 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ INSTALL_GSISSH=@INSTALL_GSISSH@ -@NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT) - -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS) - -LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o kexgss.o gss-genr.o - -SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o - -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o auth2-gss.o gss-serv.o +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) + +LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ + cipher.o compat.o compress.o crc32.o deattack.o fatal.o \ + hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \ + rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \ + key.o dispatch.o kex.o mac.o uuencode.o misc.o \ + rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ + kexdhc.o kexgexc.o scard.o msg.o progressmeter.o \ + kexgss.o kexgssc.o gss-genr.o \ + entropy.o + +SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ + sshconnect.o sshconnect1.o sshconnect2.o + +SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ + sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \ + auth.o auth1.o auth2.o auth-options.o session.o \ + auth-chall.o auth2-chall.o groupaccess.o \ + auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ + auth2-none.o auth2-passwd.o auth2-pubkey.o \ + monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \ + kexdhs.o kexgexs.o \ + auth-krb5.o auth-krb4.o \ + kexgsss.o auth2-gss.o gss-serv.o \ + loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 @@ -75,23 +94,23 @@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out CONFIGFILES_IN=sshd_config ssh_config moduli PATHSUBS = \ - -D/etc/ssh/ssh_prng_cmds=$(sysconfdir)/ssh_prng_cmds \ - -D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \ - -D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \ - -D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \ - -D/usr/libexec=$(libexecdir) \ - -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \ - -D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \ - -D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \ - -D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \ - -D/var/run/sshd.pid=$(piddir)/sshd.pid \ - -D/etc/ssh/moduli=$(sysconfdir)/moduli \ - -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \ - -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \ - -D/var/empty=$(PRIVSEP_PATH) \ - -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@ - -FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) + -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \ + -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ + -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ + -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ + -e 's|/usr/libexec|$(libexecdir)|g' \ + -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \ + -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \ + -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ + -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ + -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ + -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ + -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \ + -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \ + -e 's|/var/empty|$(PRIVSEP_PATH)|g' \ + -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' + +FIXPATHSCMD = $(SED) $(PATHSUBS) all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) @@ -117,8 +136,8 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) -scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o - $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o + $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -138,8 +157,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o - $(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -218,19 +237,19 @@ install-files: scard-install $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) - $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh - $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp - $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add - $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent - $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen - $(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan - $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd + $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh + $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan + $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ - $(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ fi - $(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) - @NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp - @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER) + $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) + $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp + $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 @@ -243,8 +262,8 @@ install-files: scard-install if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ fi - @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 - @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 + $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 + $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(bindir)/slogin ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin diff --git a/openssh/README.privsep b/openssh/README.privsep index b99a667..581bbef 100644 --- a/openssh/README.privsep +++ b/openssh/README.privsep @@ -43,6 +43,10 @@ It does not function on HP-UX with a trusted system configuration. PAMAuthenticationViaKbdInt does not function with privsep. +On Compaq Tru64 Unix, only the pre-authentication part of privsep is +supported. Post-authentication privsep is disabled automatically (so +you won't see the additional process mentioned below). + Note that for a normal interactive login with a shell, enabling privsep will require 1 additional process per login session. diff --git a/openssh/acconfig.h b/openssh/acconfig.h index 49d5ef1..61a8ef7 100644 --- a/openssh/acconfig.h +++ b/openssh/acconfig.h @@ -380,6 +380,19 @@ /* Define if your platform needs to skip post auth file descriptor passing */ #undef DISABLE_FD_PASSING +/* Silly mkstemp() */ +#undef HAVE_STRICT_MKSTEMP + +/* Setproctitle emulation */ +#undef SETPROCTITLE_STRATEGY +#undef SETPROCTITLE_PS_PADDING + +/* Some systems put this outside of libc */ +#undef HAVE_NANOSLEEP + +/* Pushing STREAMS modules incorrectly acquires a controlling TTY */ +#undef STREAMS_PUSH_ACQUIRES_CTTY + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/openssh/auth-krb5.c b/openssh/auth-krb5.c index 512f70b..e3e2d97 100644 --- a/openssh/auth-krb5.c +++ b/openssh/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -107,7 +107,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) if (problem) goto err; - problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL , + problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, KRB5_NT_SRV_HST, &server); if (problem) goto err; diff --git a/openssh/auth-pam.c b/openssh/auth-pam.c index be521ff..09fc3d5 100644 --- a/openssh/auth-pam.c +++ b/openssh/auth-pam.c @@ -210,14 +210,6 @@ int auth_pam_password(Authctxt *authctxt, const char *password) do_pam_set_conv(&conv); - /* deny if no user. */ - if (pw == NULL) - return 0; - if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD) - return 0; - if (*password == '\0' && options.permit_empty_passwd == 0) - return 0; - __pampasswd = password; pamstate = INITIAL_LOGIN; diff --git a/openssh/auth.c b/openssh/auth.c index ac5b3c2..ccedf9d 100644 --- a/openssh/auth.c +++ b/openssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); +RCSID("$OpenBSD: auth.c,v 1.46 2002/11/04 10:07:53 markus Exp $"); #ifdef HAVE_LOGIN_H #include @@ -79,17 +79,20 @@ allowed_user(struct passwd * pw) char *loginmsg; #endif /* WITH_AIXAUTHENTICATE */ #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ - !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) struct spwd *spw; + time_t today; +#endif /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw || !pw->pw_name) return 0; +#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ + !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) #define DAY (24L * 60 * 60) /* 1 day in seconds */ - spw = getspnam(pw->pw_name); - if (spw != NULL) { - time_t today = time(NULL) / DAY; + if ((spw = getspnam(pw->pw_name)) != NULL) { + today = time(NULL) / DAY; debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" " sp_max %d", (int)today, (int)spw->sp_expire, (int)spw->sp_lstchg, (int)spw->sp_max); @@ -116,10 +119,6 @@ allowed_user(struct passwd * pw) return 0; } } -#else - /* Shouldn't be called if pw is NULL, but better safe than sorry... */ - if (!pw || !pw->pw_name) - return 0; #endif /* @@ -202,7 +201,15 @@ allowed_user(struct passwd * pw) } #ifdef WITH_AIXAUTHENTICATE - if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { + /* + * Don't check loginrestrictions() for root account (use + * PermitRootLogin to control logins via ssh), or if running as + * non-root user (since loginrestrictions will always fail). + */ + if ((pw->pw_uid != 0) && (geteuid() == 0) && + loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { + int loginrestrict_errno = errno; + if (loginmsg && *loginmsg) { /* Remove embedded newlines (if any) */ char *p; @@ -212,9 +219,13 @@ allowed_user(struct passwd * pw) } /* Remove trailing newline */ *--p = '\0'; - log("Login restricted for %s: %.100s", pw->pw_name, loginmsg); + log("Login restricted for %s: %.100s", pw->pw_name, + loginmsg); } - return 0; + /* Don't fail if /etc/nologin set */ + if (!(loginrestrict_errno == EPERM && + stat(_PATH_NOLOGIN, &st) == 0)) + return 0; } #endif /* WITH_AIXAUTHENTICATE */ @@ -417,6 +428,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, uid_t uid = pw->pw_uid; char buf[MAXPATHLEN], homedir[MAXPATHLEN]; char *cp; + int comparehome = 0; struct stat st; if (realpath(file, buf) == NULL) { @@ -424,11 +436,8 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, strerror(errno)); return -1; } - if (realpath(pw->pw_dir, homedir) == NULL) { - snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, - strerror(errno)); - return -1; - } + if (realpath(pw->pw_dir, homedir) != NULL) + comparehome = 1; /* check the open file to avoid races */ if (fstat(fileno(f), &st) < 0 || @@ -457,7 +466,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } /* If are passed the homedir then we can stop */ - if (strcmp(homedir, buf) == 0) { + if (comparehome && strcmp(homedir, buf) == 0) { debug3("secure_filename: terminating check at '%s'", buf); break; @@ -487,6 +496,11 @@ getpwnamallow(const char *user) if (pw == NULL) { log("Illegal user %.100s from %.100s", user, get_remote_ipaddr()); +#ifdef WITH_AIXAUTHENTICATE + loginfailed(user, + get_canonical_hostname(options.verify_reverse_mapping), + "ssh"); +#endif return (NULL); } if (!allowed_user(pw)) diff --git a/openssh/auth1.c b/openssh/auth1.c index 3af2b66..8af1991 100644 --- a/openssh/auth1.c +++ b/openssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -282,7 +282,7 @@ do_authloop(Authctxt *authctxt) snprintf(info, sizeof(info), " tktuser %.100s", client_user); - + /* Send response to client */ packet_start( SSH_SMSG_AUTH_KERBEROS_RESPONSE); @@ -450,7 +450,6 @@ do_authloop(Authctxt *authctxt) debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); if (options.challenge_response_authentication == 1) { char *response = packet_get_string(&dlen); - debug("got response '%s'", response); packet_check_eom(); authenticated = verify_response(authctxt, response); memset(response, 'r', dlen); @@ -494,8 +493,7 @@ do_authloop(Authctxt *authctxt) } #else /* Special handling for root */ - if (!use_privsep && - authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(get_authname(type))) authenticated = 0; #endif diff --git a/openssh/auth2.c b/openssh/auth2.c index fcab335..7a42751 100644 --- a/openssh/auth2.c +++ b/openssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $"); #include "ssh2.h" #include "ssh1.h" @@ -267,8 +267,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authctxt->user); /* Special handling for root */ - if (!use_privsep && - authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(method)) authenticated = 0; diff --git a/openssh/canohost.c b/openssh/canohost.c index 4ebbbba..0d1eff9 100644 --- a/openssh/canohost.c +++ b/openssh/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $"); #include "packet.h" #include "xmalloc.h" @@ -38,7 +38,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping) /* Get IP address of client. */ fromlen = sizeof(from); memset(&from, 0, sizeof(from)); - if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) { + if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername failed: %.100s", strerror(errno)); fatal_cleanup(); } @@ -59,11 +59,14 @@ get_remote_hostname(int socket, int verify_reverse_mapping) memset(&from, 0, sizeof(from)); from4->sin_family = AF_INET; + fromlen = sizeof(*from4); memcpy(&from4->sin_addr, &addr, sizeof(addr)); from4->sin_port = port; } } #endif + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) @@ -202,8 +205,8 @@ get_canonical_hostname(int verify_reverse_mapping) } /* - * Returns the remote IP-address of socket as a string. The returned - * string must be freed. + * Returns the local/remote IP-address/hostname of socket as a string. + * The returned string must be freed. */ static char * get_socket_address(int socket, int remote, int flags) @@ -225,10 +228,15 @@ get_socket_address(int socket, int remote, int flags) < 0) return NULL; } + + /* Work around Linux IPv6 weirdness */ + if (addr.ss_family == AF_INET6) + addrlen = sizeof(struct sockaddr_in6); + /* Get the address in ascii. */ if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), NULL, 0, flags) != 0) { - error("get_socket_ipaddr: getnameinfo %d failed", flags); + error("get_socket_address: getnameinfo %d failed", flags); return NULL; } return xstrdup(ntop); @@ -314,11 +322,16 @@ get_sock_port(int sock, int local) return 0; } } else { - if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) { + if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername failed: %.100s", strerror(errno)); fatal_cleanup(); } } + + /* Work around Linux IPv6 weirdness */ + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); + /* Return port number. */ if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, strport, sizeof(strport), NI_NUMERICSERV) != 0) diff --git a/openssh/cipher.c b/openssh/cipher.c index 1933d3e..b5d3874 100644 --- a/openssh/cipher.c +++ b/openssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $"); #include "xmalloc.h" #include "log.h" @@ -239,7 +239,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, cipher->name); klen = EVP_CIPHER_CTX_key_length(&cc->evp); if (klen > 0 && keylen != klen) { - debug("cipher_init: set keylen (%d -> %d)", klen, keylen); + debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) fatal("cipher_init: set keylen failed (%d -> %d)", klen, keylen); diff --git a/openssh/compat.c b/openssh/compat.c index 734760a..b2e9cde 100644 --- a/openssh/compat.c +++ b/openssh/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); +RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $"); #include "buffer.h" #include "packet.h" @@ -87,10 +87,12 @@ compat_datafellows(const char *version) { "*MindTerm*", 0 }, { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, + SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| + SSH_BUG_FIRSTKEX }, { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, + SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| + SSH_BUG_FIRSTKEX }, { "2.0.13*," "2.0.14*," "2.0.15*," @@ -102,26 +104,28 @@ compat_datafellows(const char *version) SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN }, + SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, { "2.0.11*," "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKAUTH|SSH_BUG_PKOK| SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN }, + SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKAUTH|SSH_BUG_PKOK| SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN }, + SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| + SSH_BUG_FIRSTKEX }, { "2.2.0*," "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5 }, - { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 }, + SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, + { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| + SSH_BUG_FIRSTKEX }, { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ - { "2.*", SSH_BUG_DEBUG }, + { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX }, { "3.0.*", SSH_BUG_DEBUG }, { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, { "1.7 SecureFX*", SSH_OLD_SESSIONID }, diff --git a/openssh/compat.h b/openssh/compat.h index aec2812..8d7496f 100644 --- a/openssh/compat.h +++ b/openssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ +/* $OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -55,6 +55,7 @@ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_K5USER 0x00400000 #define SSH_BUG_PROBE 0x00800000 +#define SSH_BUG_FIRSTKEX 0x01000000 #define SSH_OLD_GSSAPI 0x10000000 #define SSH_BUG_GSS_EMPTYUSER 0x20000000 diff --git a/openssh/configure.ac b/openssh/configure.ac index 495cc89..833fe73 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -14,6 +14,7 @@ AC_PROG_RANLIB AC_PROG_INSTALL AC_PATH_PROG(AR, ar) AC_PATH_PROGS(PERL, perl5 perl) +AC_PATH_PROG(SED, sed) AC_SUBST(PERL) AC_PATH_PROG(ENT, ent) AC_SUBST(ENT) @@ -81,8 +82,11 @@ case "$host" in dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) AC_DEFINE(LOGIN_NEEDS_UTMPX) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV) + AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0') ;; *-*-cygwin*) + check_for_libcrypt_later=1 LIBS="$LIBS /usr/lib/textmode.o" AC_DEFINE(HAVE_CYGWIN) AC_DEFINE(USE_PIPES) @@ -121,7 +125,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) LIBS="$LIBS -lsec -lsecpw" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) disable_ptmx_check=yes @@ -137,7 +141,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -150,7 +154,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT) LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -177,6 +181,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) check_for_libcrypt_later=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV) + AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0') inet6_default_4in6=yes ;; mips-sony-bsd|mips-sony-newsos4) @@ -210,6 +216,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(LOGIN_NEEDS_TERM) AC_DEFINE(PAM_TTY_KLUDGE) + AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY) # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) @@ -278,6 +285,9 @@ mips-sony-bsd|mips-sony-newsos4) do_sco3_extra_lib_check=yes ;; *-*-sco3.2v5*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -belf" + fi CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -lprot -lx -ltinfo -lm" @@ -290,8 +300,6 @@ mips-sony-bsd|mips-sony-newsos4) MANTYPE=man ;; *-*-unicosmk*) - no_libsocket=1 - no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) LDFLAGS="$LDFLAGS" @@ -299,8 +307,6 @@ mips-sony-bsd|mips-sony-newsos4) MANTYPE=cat ;; *-*-unicos*) - no_libsocket=1 - no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) AC_DEFINE(NO_SSH_LASTLOG) @@ -325,11 +331,13 @@ mips-sony-bsd|mips-sony-newsos4) AC_MSG_RESULT(yes) AC_DEFINE(HAVE_OSF_SIA) AC_DEFINE(DISABLE_LOGIN) + AC_DEFINE(DISABLE_FD_PASSING) LIBS="$LIBS -lsecurity -ldb -lm -laud" else AC_MSG_RESULT(no) fi fi + AC_DEFINE(DISABLE_FD_PASSING) ;; *-*-nto-qnx) @@ -377,13 +385,13 @@ AC_ARG_WITH(libs, # Checks for header files. AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ - getopt.h glob.h ia.h lastlog.h limits.h login.h \ + getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ - sys/mman.h sys/select.h sys/stat.h \ - sys/stropts.h sys/sysmacros.h sys/time.h \ + sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ + sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) @@ -749,18 +757,25 @@ AC_ARG_WITH(tcp-wrappers, ] ) -dnl Checks for library functions. -AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ - clock fchmod fchown freeaddrinfo futimes gai_strerror \ - getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ - getrlimit getrusage getttyent glob inet_aton inet_ntoa \ - inet_ntop innetgr login_getcapbool md5_crypt memmove \ - mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ - realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ - setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ - setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ - socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ - truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) +dnl Checks for library functions. Please keep in alphabetical order +AC_CHECK_FUNCS(\ + arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \ + bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ + gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \ + getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \ + inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ + mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \ + readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \ + setegid setenv seteuid setgroups setlogin setpcred setproctitle \ + setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \ + snprintf socketpair strerror strlcat strlcpy strmode strnvis \ + sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \ +) + +AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) + +dnl Make sure strsep prototype is defined before defining HAVE_STRSEP +AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ @@ -835,6 +850,32 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ) fi +dnl see whether mkstemp() requires XXXXXX +if test "x$ac_cv_func_mkdtemp" = "xyes" ; then +AC_MSG_CHECKING([for (overly) strict mkstemp]) +AC_TRY_RUN( + [ +#include +main() { char template[]="conftest.mkstemp-test"; +if (mkstemp(template) == -1) + exit(1); +unlink(template); exit(0); +} + ], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_STRICT_MKSTEMP) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_STRICT_MKSTEMP) + ] +) +fi + AC_FUNC_GETPGRP # Check for PAM libs @@ -1671,12 +1712,16 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then have_struct_timeval=1 fi -# If we don't have int64_t then we can't compile sftp-server. So don't -# even attempt to do it. +AC_CHECK_TYPES(struct timespec) + +# We need int64_t or else certian parts of the compile will fail. if test "x$ac_cv_have_int64_t" = "xno" -a \ "x$ac_cv_sizeof_long_int" != "x8" -a \ "x$ac_cv_sizeof_long_long_int" = "x0" ; then - NO_SFTP='#' + echo "OpenSSH requires int64_t support. Contact your vendor or install" + echo "an alternative compiler (I.E., GCC) before continuing." + echo "" + exit 1; else dnl test snprintf (broken on SCO w/gcc) AC_TRY_RUN( @@ -1706,7 +1751,6 @@ main() { exit(0); } ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] ) fi -AC_SUBST(NO_SFTP) dnl Checks for structure members OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) @@ -2202,6 +2246,17 @@ AC_ARG_WITH(xauth, ] ) +STRIP_OPT=-s +AC_ARG_ENABLE(strip, + [ --disable-strip Disable calling strip(1) on install], + [ + if test "x$enableval" = "xno" ; then + STRIP_OPT= + fi + ] +) +AC_SUBST(STRIP_OPT) + if test -z "$xauth_path" ; then XAUTH_PATH="undefined" AC_SUBST(XAUTH_PATH) @@ -2356,7 +2411,11 @@ Edit /etc/login.conf instead.]) # include #endif #ifndef _PATH_STDPATH -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# ifdef _PATH_USERPATH /* Irix */ +# define _PATH_STDPATH _PATH_USERPATH +# else +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# endif #endif #include #include @@ -2794,12 +2853,6 @@ if test "x$PAM_MSG" = "xyes" ; then echo "" fi -if test ! -z "$NO_SFTP"; then - echo "sftp-server will be disabled. Your compiler does not " - echo "support 64bit integers." - echo "" -fi - if test ! -z "$RAND_HELPER_CMDHASH" ; then echo "WARNING: you are using the builtin random number collection " echo "service. Please read WARNING.RNG and request that your OS " diff --git a/openssh/contrib/aix/README b/openssh/contrib/aix/README index 033fd0a..82fd8be 100644 --- a/openssh/contrib/aix/README +++ b/openssh/contrib/aix/README @@ -6,9 +6,15 @@ installable) openssh package. Directions: +(optional) create config.local in your build dir ./configure [options] -cd contrib/aix; ./buildbff.sh +contrib/aix/buildbff.sh +The file config.local or the environment is read to set the following options +(default first): +PERMIT_ROOT_LOGIN=[no|yes] +X11_FORWARDING=[no|yes] +AIX_SRC=[no|yes] Acknowledgements: @@ -19,6 +25,8 @@ Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's and for comparison with the output from this script, however no code from lppbuild is included and it is not required for operation. +SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. + Other notes: @@ -26,8 +34,7 @@ The script treats all packages as USR packages (not ROOT+USR when appropriate). It seems to work, though...... If there are any patches to this that have not yet been integrated they -may be found at http://www.zip.com.au/~dtucker/openssh/ or -http://home.usf.advantra.com.au/~dtucker/openssh/. +may be found at http://www.zip.com.au/~dtucker/openssh/. Disclaimer: diff --git a/openssh/contrib/aix/buildbff.sh b/openssh/contrib/aix/buildbff.sh index 5c09c6b..3b36996 100755 --- a/openssh/contrib/aix/buildbff.sh +++ b/openssh/contrib/aix/buildbff.sh @@ -11,10 +11,12 @@ # # Tunable configuration settings -# create a "config.local" in your build directory to override these. +# create a "config.local" in your build directory or set +# environment variables to override these. # -PERMIT_ROOT_LOGIN=no -X11_FORWARDING=no +[ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no +[ -z "$X11_FORWARDING" ] || X11_FORWARDING=no +[ -z "$AIX_SRC" ] || AIX_SRC=no umask 022 @@ -166,6 +168,18 @@ This software is distributed under a BSD-style license. For the full text of the license, see /usr/lpp/openssh/LICENCE EOD +# +# openssh.size file allows filesystem expansion as required +# generate list of directories containing files +# then calculate disk usage for each directory and store in openssh.size +# +files=`find . -type f -print` +dirs=`for file in $files; do dirname $file; done | sort -u` +for dir in $dirs +do + du $dir +done > ../openssh.size + # # Create postinstall script # @@ -245,14 +259,42 @@ else fi echo -# Add to system startup if required -if grep $sbindir/sshd /etc/rc.tcpip >/dev/null +# Set startup command depending on SRC support +if [ "$AIX_SRC" = "yes" ] +then + echo Creating SRC sshd subsystem. + rmssys -s sshd 2>&1 >/dev/null + mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip + startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\"" + oldstartcmd="$sbindir/sshd" +else + startupcmd="$sbindir/sshd" + oldstartcmd="start $sbindir/sshd \\\"$src_running\\\"" +fi + +# If migrating to or from SRC, change previous startup command +# otherwise add to rc.tcpip +if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null then - echo "sshd found in rc.tcpip, not adding." + if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new + then + chmod 0755 /etc/rc.tcpip.new + mv /etc/rc.tcpip /etc/rc.tcpip.old && \ + mv /etc/rc.tcpip.new /etc/rc.tcpip + else + echo "Updating /etc/rc.tcpip failed, please check." + fi else - echo >>/etc/rc.tcpip - echo "echo Starting sshd" >>/etc/rc.tcpip - echo "$sbindir/sshd" >>/etc/rc.tcpip + # Add to system startup if required + if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null + then + echo "sshd found in rc.tcpip, not adding." + else + echo "Adding sshd to rc.tcpip" + echo >>/etc/rc.tcpip + echo "# Start sshd" >>/etc/rc.tcpip + echo "\$startupcmd" >>/etc/rc.tcpip + fi fi EOF @@ -262,7 +304,7 @@ EOF echo Creating liblpp.a ( cd .. - for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README* + for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README* do ar -r liblpp.a $i rm $i diff --git a/openssh/contrib/aix/inventory.sh b/openssh/contrib/aix/inventory.sh index 78df0d1..619493a 100755 --- a/openssh/contrib/aix/inventory.sh +++ b/openssh/contrib/aix/inventory.sh @@ -2,9 +2,9 @@ # # inventory.sh # -# Originall written by Ben Lindstrom, modified by Darren Tucker to use perl +# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl # -# This will produced and AIX package inventory file, which looks like: +# This will produce an AIX package inventory file, which looks like: # # /usr/local/bin: # class=apply,inventory,openssh diff --git a/openssh/contrib/gnome-ssh-askpass2.c b/openssh/contrib/gnome-ssh-askpass2.c index 89a412a..9e8eaf9 100644 --- a/openssh/contrib/gnome-ssh-askpass2.c +++ b/openssh/contrib/gnome-ssh-askpass2.c @@ -36,10 +36,13 @@ * you don't trust your X server. We grab the keyboard always. */ +#define GRAB_TRIES 16 +#define GRAB_WAIT 250 /* milliseconds */ + /* * Compile with: * - * cc `pkg-config --cflags gtk+-2.0` \ + * cc -Wall `pkg-config --cflags gtk+-2.0` \ * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ * `pkg-config --libs gtk+-2.0` * @@ -48,6 +51,7 @@ #include #include #include +#include #include #include #include @@ -84,13 +88,13 @@ passphrase_dialog(char *message) { const char *failed; char *passphrase, *local; - char **messages; - int result, i, grab_server, grab_pointer; - GtkWidget *dialog, *entry, *label; + int result, grab_tries, grab_server, grab_pointer; + GtkWidget *dialog, *entry; GdkGrabStatus status; grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); + grab_tries = 0; dialog = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION, @@ -117,23 +121,35 @@ passphrase_dialog(char *message) /* Grab focus */ gtk_widget_show_now(dialog); - if (grab_server) { - gdk_x11_grab_server(); - } if (grab_pointer) { - status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE, - 0, NULL, NULL, GDK_CURRENT_TIME); - if (status != GDK_GRAB_SUCCESS) { - failed = "mouse"; - goto nograb; + for(;;) { + status = gdk_pointer_grab( + (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, + NULL, GDK_CURRENT_TIME); + if (status == GDK_GRAB_SUCCESS) + break; + usleep(GRAB_WAIT * 1000); + if (++grab_tries > GRAB_TRIES) { + failed = "mouse"; + goto nograb; + } } } - status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE, - GDK_CURRENT_TIME); - if (status != GDK_GRAB_SUCCESS) { - failed = "keyboard"; - goto nograbkb; + for(;;) { + status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, + FALSE, GDK_CURRENT_TIME); + if (status == GDK_GRAB_SUCCESS) + break; + usleep(GRAB_WAIT * 1000); + if (++grab_tries > GRAB_TRIES) { + failed = "keyboard"; + goto nograbkb; + } } + if (grab_server) { + gdk_x11_grab_server(); + } + result = gtk_dialog_run(GTK_DIALOG(dialog)); /* Ungrab */ diff --git a/openssh/defines.h b/openssh/defines.h index 69d8105..e8d33b2 100644 --- a/openssh/defines.h +++ b/openssh/defines.h @@ -370,6 +370,20 @@ struct winsize { } while (0) #endif +#ifndef TIMEVAL_TO_TIMESPEC +#define TIMEVAL_TO_TIMESPEC(tv, ts) { \ + (ts)->tv_sec = (tv)->tv_sec; \ + (ts)->tv_nsec = (tv)->tv_usec * 1000; \ +} +#endif + +#ifndef TIMESPEC_TO_TIMEVAL +#define TIMESPEC_TO_TIMEVAL(tv, ts) { \ + (tv)->tv_sec = (ts)->tv_sec; \ + (tv)->tv_usec = (ts)->tv_nsec / 1000; \ +} +#endif + #ifndef __P # define __P(x) x #endif diff --git a/openssh/includes.h b/openssh/includes.h index d7b875c..37d402e 100644 --- a/openssh/includes.h +++ b/openssh/includes.h @@ -157,6 +157,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } # include #endif +#ifdef HAVE_LIBUTIL_H +# include /* Openpty on FreeBSD at least */ +#endif + #include /* For OPENSSL_VERSION_NUMBER */ #include "defines.h" diff --git a/openssh/key.c b/openssh/key.c index 6701faa..2271004 100644 --- a/openssh/key.c +++ b/openssh/key.c @@ -32,15 +32,13 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.51 2003/02/12 09:33:04 markus Exp $"); #include #include "xmalloc.h" #include "key.h" #include "rsa.h" -#include "ssh-dss.h" -#include "ssh-rsa.h" #include "uuencode.h" #include "buffer.h" #include "bufaux.h" @@ -410,14 +408,14 @@ key_read(Key *ret, char **cpp) case KEY_DSA: space = strchr(cp, ' '); if (space == NULL) { - debug3("key_read: no space"); + debug3("key_read: missing whitespace"); return -1; } *space = '\0'; type = key_type_from_name(cp); *space = ' '; if (type == KEY_UNSPEC) { - debug3("key_read: no key found"); + debug3("key_read: missing keytype"); return -1; } cp = space+1; diff --git a/openssh/key.h b/openssh/key.h index 957dab2..4ad321f 100644 --- a/openssh/key.h +++ b/openssh/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */ +/* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -79,4 +79,9 @@ int key_names_valid2(const char *); int key_sign(Key *, u_char **, u_int *, u_char *, u_int); int key_verify(Key *, u_char *, u_int, u_char *, u_int); +int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int); +int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int); +int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int); +int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int); + #endif diff --git a/openssh/log.c b/openssh/log.c index d27dbaa..84e4ce0 100644 --- a/openssh/log.c +++ b/openssh/log.c @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $"); +RCSID("$OpenBSD: log.c,v 1.25 2003/01/11 18:29:43 markus Exp $"); #include "log.h" #include "xmalloc.h" @@ -233,6 +233,7 @@ fatal_remove_all_cleanups(void) next_cu = cu->next; xfree(cu); } + fatal_cleanups = NULL; } /* Cleanup and exit */ @@ -386,11 +387,14 @@ do_log(LogLevel level, const char *fmt, va_list args) } else { vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); } + /* Escape magic chars in output. */ + strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_OCTAL); + if (log_on_stderr) { - fprintf(stderr, "%d: %s\r\n", getpid(), msgbuf); + fprintf(stderr, "%s\r\n", fmtbuf); } else { openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); - syslog(pri, "%.500s", msgbuf); + syslog(pri, "%.500s", fmtbuf); closelog(); } } diff --git a/openssh/monitor.c b/openssh/monitor.c index bf5f0e6..65acd44 100644 --- a/openssh/monitor.c +++ b/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.36 2003/04/01 10:22:21 markus Exp $"); #include @@ -704,20 +704,20 @@ mm_answer_bsdauthquery(int socket, Buffer *m) u_int numprompts; u_int *echo_on; char **prompts; - int res; + u_int success; - res = bsdauth_query(authctxt, &name, &infotxt, &numprompts, - &prompts, &echo_on); + success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, + &prompts, &echo_on) < 0 ? 0 : 1; buffer_clear(m); - buffer_put_int(m, res); - if (res != -1) + buffer_put_int(m, success); + if (success) buffer_put_cstring(m, prompts[0]); - debug3("%s: sending challenge res: %d", __func__, res); + debug3("%s: sending challenge success: %u", __func__, success); mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); - if (res != -1) { + if (success) { xfree(name); xfree(infotxt); xfree(prompts); @@ -761,16 +761,16 @@ mm_answer_skeyquery(int socket, Buffer *m) { struct skey skey; char challenge[1024]; - int res; + u_int success; - res = skeychallenge(&skey, authctxt->user, challenge); + success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1; buffer_clear(m); - buffer_put_int(m, res); - if (res != -1) + buffer_put_int(m, success); + if (success) buffer_put_cstring(m, challenge); - debug3("%s: sending challenge res: %d", __func__, res); + debug3("%s: sending challenge success: %u", __func__, success); mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); return (0); @@ -876,8 +876,9 @@ mm_answer_keyallowed(int socket, Buffer *m) fatal("%s: unknown key type %d", __func__, type); break; } - key_free(key); } + if (key != NULL) + key_free(key); /* clear temporarily storage (used by verify) */ monitor_reset_key_state(); @@ -896,6 +897,7 @@ mm_answer_keyallowed(int socket, Buffer *m) buffer_clear(m); buffer_put_int(m, allowed); + buffer_put_int(m, forced_command != NULL); mm_append_debug(m); @@ -1258,6 +1260,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) } buffer_clear(m); buffer_put_int(m, allowed); + buffer_put_int(m, forced_command != NULL); /* clear temporarily storage (used by generate challenge) */ monitor_reset_key_state(); @@ -1272,8 +1275,9 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m) key_blob = blob; key_bloblen = blen; key_blobtype = MM_RSAUSERKEY; - key_free(key); } + if (key != NULL) + key_free(key); mm_append_debug(m); @@ -1314,6 +1318,9 @@ mm_answer_rsa_challenge(int socket, Buffer *m) mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); + + xfree(blob); + key_free(key); return (0); } @@ -1344,6 +1351,7 @@ mm_answer_rsa_response(int socket, Buffer *m) fatal("%s: received bad response to challenge", __func__); success = auth_rsa_verify_response(key, ssh1_challenge, response); + xfree(blob); key_free(key); xfree(response); @@ -1528,6 +1536,8 @@ mm_get_kex(Buffer *m) (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); + kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m); @@ -1621,7 +1631,7 @@ mm_get_keystate(struct monitor *pmonitor) void * mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { - size_t len = size * ncount; + size_t len = (size_t) size * ncount; void *address; if (len == 0 || ncount > SIZE_T_MAX / size) diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c index 0caaa93..8637e4c 100644 --- a/openssh/monitor_wrap.c +++ b/openssh/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $"); #include #include @@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); #include "dh.h" #include "kex.h" #include "auth.h" +#include "auth-options.h" #include "buffer.h" #include "bufaux.h" #include "packet.h" @@ -316,7 +317,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) Buffer m; u_char *blob; u_int len; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -338,6 +339,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + /* Send potential debug messages */ mm_send_debug(&m); @@ -718,7 +724,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; - int res; + u_int success; char *challenge; debug3("%s: entering", __func__); @@ -728,8 +734,8 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, &m); - res = buffer_get_int(&m); - if (res == -1) { + success = buffer_get_int(&m); + if (success == 0) { debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); @@ -775,7 +781,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; - int len, res; + int len; + u_int success; char *p, *challenge; debug3("%s: entering", __func__); @@ -785,8 +792,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt, mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, &m); - res = buffer_get_int(&m); - if (res == -1) { + success = buffer_get_int(&m); + if (success == 0) { debug3("%s: no challenge", __func__); buffer_free(&m); return (-1); @@ -856,7 +863,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) Key *key; u_char *blob; u_int blen; - int allowed = 0; + int allowed = 0, have_forced = 0; debug3("%s entering", __func__); @@ -868,6 +875,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) allowed = buffer_get_int(&m); + /* fake forced command */ + auth_clear_options(); + have_forced = buffer_get_int(&m); + forced_command = have_forced ? xstrdup("true") : NULL; + if (allowed && rkey != NULL) { blob = buffer_get_string(&m, &blen); if ((key = key_from_blob(blob, blen)) == NULL) @@ -1173,7 +1185,7 @@ mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) xfree(p); } buffer_free(&m); - return (success); + return (success); } #endif diff --git a/openssh/msg.c b/openssh/msg.c index 107a376..5d266c2 100644 --- a/openssh/msg.c +++ b/openssh/msg.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $"); +RCSID("$OpenBSD: msg.c,v 1.5 2002/12/19 00:07:02 djm Exp $"); #include "buffer.h" #include "getput.h" diff --git a/openssh/msg.h b/openssh/msg.h index 8980e25..c07df88 100644 --- a/openssh/msg.h +++ b/openssh/msg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.h,v 1.1 2002/05/23 19:24:30 markus Exp $ */ +/* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * diff --git a/openssh/openbsd-compat/bsd-getpeereid.c b/openssh/openbsd-compat/bsd-getpeereid.c index 808df21..71225f7 100644 --- a/openssh/openbsd-compat/bsd-getpeereid.c +++ b/openssh/openbsd-compat/bsd-getpeereid.c @@ -33,7 +33,7 @@ int getpeereid(int s, uid_t *euid, gid_t *gid) { struct ucred cred; - size_t len = sizeof(cred); + socklen_t len = sizeof(cred); if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) return (-1); diff --git a/openssh/openbsd-compat/bsd-misc.h b/openssh/openbsd-compat/bsd-misc.h index 3e336dd..124cb7b 100644 --- a/openssh/openbsd-compat/bsd-misc.h +++ b/openssh/openbsd-compat/bsd-misc.h @@ -81,5 +81,14 @@ int truncate (const char *path, off_t length); int setgroups(size_t size, const gid_t *list); #endif +#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) +#ifndef HAVE_STRUCT_TIMESPEC +struct timespec { + time_t tv_sec; + long tv_nsec; +}; +#endif +int nanosleep(const struct timespec *req, struct timespec *rem); +#endif #endif /* _BSD_MISC_H */ diff --git a/openssh/openbsd-compat/getopt.c b/openssh/openbsd-compat/getopt.c index 4a5cfe5..a3fe807 100644 --- a/openssh/openbsd-compat/getopt.c +++ b/openssh/openbsd-compat/getopt.c @@ -35,7 +35,7 @@ #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $"; +static char *rcsid = "$OpenBSD: getopt.c,v 1.4 2002/12/08 22:57:14 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -66,6 +66,9 @@ BSDgetopt(nargc, nargv, ostr) static char *place = EMSG; /* option letter processing */ char *oli; /* option letter list index */ + if (ostr == NULL) + return (-1); + if (BSDoptreset || !*place) { /* update scanning pointer */ BSDoptreset = 0; if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { diff --git a/openssh/openbsd-compat/port-aix.h b/openssh/openbsd-compat/port-aix.h index 79570a2..4abe003 100644 --- a/openssh/openbsd-compat/port-aix.h +++ b/openssh/openbsd-compat/port-aix.h @@ -25,5 +25,16 @@ */ #ifdef _AIX + +/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */ +#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP) +# define nanosleep(a,b) nsleep(a,b) +#endif + +/* For struct timespec on AIX 4.2.x */ +#ifdef HAVE_SYS_TIMERS_H +# include +#endif + void aix_usrinfo(struct passwd *pw); #endif /* _AIX */ diff --git a/openssh/openbsd-compat/sys-tree.h b/openssh/openbsd-compat/sys-tree.h index 0a58710..927ca04 100644 --- a/openssh/openbsd-compat/sys-tree.h +++ b/openssh/openbsd-compat/sys-tree.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */ +/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -343,12 +343,13 @@ struct { \ RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ else \ RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - RB_AUGMENT(RB_PARENT(elm, field)); \ } else \ (head)->rbh_root = (tmp); \ RB_LEFT(tmp, field) = (elm); \ RB_PARENT(elm, field) = (tmp); \ RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ } while (0) #define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ @@ -362,12 +363,13 @@ struct { \ RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ else \ RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ - RB_AUGMENT(RB_PARENT(elm, field)); \ } else \ (head)->rbh_root = (tmp); \ RB_RIGHT(tmp, field) = (elm); \ RB_PARENT(elm, field) = (tmp); \ RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ } while (0) /* Generates prototypes and inline functions */ diff --git a/openssh/packet.c b/openssh/packet.c index ded0d41..23b5b71 100644 --- a/openssh/packet.c +++ b/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $"); +RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -564,7 +564,7 @@ set_newkeys(int mode) CipherContext *cc; int encrypt; - debug("newkeys: mode %d", mode); + debug2("set_newkeys: mode %d", mode); if (mode == MODE_OUT) { cc = &send_context; @@ -574,7 +574,7 @@ set_newkeys(int mode) encrypt = CIPHER_DECRYPT; } if (newkeys[mode] != NULL) { - debug("newkeys: rekeying"); + debug("set_newkeys: rekeying"); cipher_cleanup(cc); enc = &newkeys[mode]->enc; mac = &newkeys[mode]->mac; @@ -840,7 +840,7 @@ packet_read_poll1(void) cp = buffer_ptr(&input); len = GET_32BIT(cp); if (len < 1 + 2 + 2 || len > 256 * 1024) - packet_disconnect("Bad packet length %d.", len); + packet_disconnect("Bad packet length %u.", len); padded_len = (len + 8) & ~7; /* Check if the packet has been entirely received. */ @@ -936,9 +936,9 @@ packet_read_poll2(u_int32_t *seqnr_p) packet_length = GET_32BIT(cp); if (packet_length < 1 + 4 || packet_length > 256 * 1024) { buffer_dump(&incoming_packet); - packet_disconnect("Bad packet length %d.", packet_length); + packet_disconnect("Bad packet length %u.", packet_length); } - DBG(debug("input: packet len %d", packet_length+4)); + DBG(debug("input: packet len %u", packet_length+4)); buffer_consume(&input, block_size); } /* we have a partial packet of block_size bytes */ @@ -1233,6 +1233,9 @@ packet_disconnect(const char *fmt,...) vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); + /* Display the error locally */ + log("Disconnecting: %.100s", buf); + /* Send the disconnect message to the other side, and wait for it to get sent. */ if (compat20) { packet_start(SSH2_MSG_DISCONNECT); @@ -1252,8 +1255,6 @@ packet_disconnect(const char *fmt,...) /* Close the connection. */ packet_close(); - /* Display the error locally and exit. */ - log("Disconnecting: %.100s", buf); fatal_cleanup(); } @@ -1320,16 +1321,26 @@ packet_not_very_much_data_to_write(void) return buffer_len(&output) < 128 * 1024; } +static void +packet_set_tos(int interactive) +{ + int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; + + if (!packet_connection_is_on_socket() || + !packet_connection_is_ipv4()) + return; + if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos, + sizeof(tos)) < 0) + error("setsockopt IP_TOS %d: %.100s:", + tos, strerror(errno)); +} + /* Informs that the current session is interactive. Sets IP flags for that. */ void packet_set_interactive(int interactive) { static int called = 0; -#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - int lowdelay = IPTOS_LOWDELAY; - int throughput = IPTOS_THROUGHPUT; -#endif if (called) return; @@ -1340,35 +1351,12 @@ packet_set_interactive(int interactive) /* Only set socket options if using a socket. */ if (!packet_connection_is_on_socket()) - return; - /* - * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only - */ - if (interactive) { - /* - * Set IP options for an interactive connection. Use - * IPTOS_LOWDELAY and TCP_NODELAY. - */ -#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - if (packet_connection_is_ipv4()) { - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, - &lowdelay, sizeof(lowdelay)) < 0) - error("setsockopt IPTOS_LOWDELAY: %.100s", - strerror(errno)); - } -#endif + if (interactive) set_nodelay(connection_in); - } else if (packet_connection_is_ipv4()) { - /* - * Set IP options for a non-interactive connection. Use - * IPTOS_THROUGHPUT. - */ #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput, - sizeof(throughput)) < 0) - error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno)); + packet_set_tos(interactive); #endif - } + } /* Returns true if the current connection is interactive. */ diff --git a/openssh/packet.h b/openssh/packet.h index 8c0435f..53c3003 100644 --- a/openssh/packet.h +++ b/openssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.37 2003/04/01 10:22:21 markus Exp $ */ /* * Author: Tatu Ylonen diff --git a/openssh/readconf.c b/openssh/readconf.c index 52ecbcb..81e9f93 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -120,6 +120,7 @@ typedef enum { oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oDeprecated } OpCodes; @@ -201,6 +202,7 @@ static struct { { "bindaddress", oBindAddress }, { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, + { "enablesshkeysign", oEnableSSHKeysign }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { NULL, oBadOption } }; @@ -282,14 +284,16 @@ parse_token(const char *cp, const char *filename, int linenum) * Processes a single option line as used in the configuration files. This * only sets those values that have not already been set. */ +#define WHITESPACE " \t\r\n" int process_config_line(Options *options, const char *host, char *line, const char *filename, int linenum, int *activep) { - char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; + char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; int opcode, *intptr, value; + size_t len; u_short fwd_port, fwd_host_port; char sfwd_host_port[6]; @@ -523,16 +527,9 @@ parse_string: case oProxyCommand: charptr = &options->proxy_command; - string = xstrdup(""); - while ((arg = strdelim(&s)) != NULL && *arg != '\0') { - string = xrealloc(string, strlen(string) + strlen(arg) + 2); - strcat(string, " "); - strcat(string, arg); - } + len = strspn(s, WHITESPACE "="); if (*activep && *charptr == NULL) - *charptr = string; - else - xfree(string); + *charptr = xstrdup(s + len); return 0; case oPort: @@ -706,6 +703,10 @@ parse_int: *intptr = value; break; + case oEnableSSHKeysign: + intptr = &options->enable_ssh_keysign; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -838,6 +839,7 @@ initialize_options(Options * options) options->preferred_authentications = NULL; options->bind_address = NULL; options->smartcard_device = NULL; + options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; } @@ -965,6 +967,8 @@ fill_default_options(Options * options) clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; + if (options->enable_ssh_keysign == -1) + options->enable_ssh_keysign = 0; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/openssh/readconf.h b/openssh/readconf.h index 74ae2fd..851382d 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.46 2003/04/01 10:22:21 markus Exp $ */ /* * Author: Tatu Ylonen @@ -111,6 +111,8 @@ typedef struct { int num_remote_forwards; Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; int clear_forwardings; + + int enable_ssh_keysign; int no_host_authentication_for_localhost; } Options; diff --git a/openssh/servconf.c b/openssh/servconf.c index 8b05132..7aa0c73 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $"); #if defined(KRB4) #include @@ -974,6 +974,7 @@ read_server_config(ServerOptions *options, const char *filename) char line[1024]; FILE *f; + debug2("read_server_config: filename %s", filename); f = fopen(filename, "r"); if (!f) { perror(filename); diff --git a/openssh/session.c b/openssh/session.c index a23ae9d..e697e08 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -205,6 +205,8 @@ auth_input_request_forwarding(struct passwd * pw) void do_authenticated(Authctxt *authctxt) { + setproctitle("%s", authctxt->pw->pw_name); + /* * Cancel the alarm we set to limit the time taken for * authentication. @@ -705,7 +707,7 @@ do_pre_login(Session *s) record_utmp_only(pid, s->tty, s->pw->pw_name, get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), - (struct sockaddr *)&from); + (struct sockaddr *)&from, fromlen); } #endif @@ -746,8 +748,8 @@ do_login(Session *s, const char *command) * the address be 0.0.0.0. */ memset(&from, 0, sizeof(from)); + fromlen = sizeof(from); if (packet_connection_is_on_socket()) { - fromlen = sizeof(from); if (getpeername(packet_get_connection_in(), (struct sockaddr *) & from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); @@ -965,7 +967,7 @@ do_setup_env(Session *s, const char *shell) { char buf[256]; u_int i, envsize; - char **env; + char **env, *laddr; struct passwd *pw = s->pw; /* Initialize the environment. */ @@ -992,6 +994,9 @@ do_setup_env(Session *s, const char *shell) /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); +#ifdef _AIX + child_set_env(&env, &envsize, "LOGIN", pw->pw_name); +#endif child_set_env(&env, &envsize, "HOME", pw->pw_dir); #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) @@ -1048,9 +1053,10 @@ do_setup_env(Session *s, const char *shell) get_remote_ipaddr(), get_remote_port(), get_local_port()); child_set_env(&env, &envsize, "SSH_CLIENT", buf); + laddr = get_local_ipaddr(packet_get_connection_in()); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", - get_remote_ipaddr(), get_remote_port(), - get_local_ipaddr(packet_get_connection_in()), get_local_port()); + get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); + xfree(laddr); child_set_env(&env, &envsize, "SSH_CONNECTION", buf); if (s->ttyfd != -1) @@ -1169,8 +1175,10 @@ do_rc_files(Session *s, const char *shell) /* Add authority data to .Xauthority if appropriate. */ if (debug_flag) { fprintf(stderr, - "Running %.500s add " - "%.100s %.100s %.100s\n", + "Running %.500s remove %.100s\n", + options.xauth_location, s->auth_display); + fprintf(stderr, + "%.500s add %.100s %.100s %.100s\n", options.xauth_location, s->auth_display, s->auth_proto, s->auth_data); } @@ -1178,6 +1186,8 @@ do_rc_files(Session *s, const char *shell) options.xauth_location); f = popen(cmd, "w"); if (f) { + fprintf(f, "remove %s\n", + s->auth_display); fprintf(f, "add %s %s %s\n", s->auth_display, s->auth_proto, s->auth_data); @@ -1210,6 +1220,7 @@ do_nologin(struct passwd *pw) while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); + fflush(NULL); exit(254); } } @@ -1218,11 +1229,11 @@ do_nologin(struct passwd *pw) void do_setusercontext(struct passwd *pw) { -#ifdef HAVE_CYGWIN - if (is_winnt) { -#else /* HAVE_CYGWIN */ - if (getuid() == 0 || geteuid() == 0) { +#ifndef HAVE_CYGWIN + if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ + { + #ifdef HAVE_SETPCRED setpcred(pw->pw_name); #endif /* HAVE_SETPCRED */ @@ -1272,6 +1283,10 @@ do_setusercontext(struct passwd *pw) permanently_set_uid(pw); #endif } + +#ifdef HAVE_CYGWIN + if (is_winnt) +#endif if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); } @@ -1341,7 +1356,7 @@ do_child(Session *s, const char *command) */ if (!options.use_login) { #ifdef HAVE_OSF_SIA - session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); + session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); if (!check_quietlogin(s, command)) do_motd(); #else /* HAVE_OSF_SIA */ @@ -1355,12 +1370,17 @@ do_child(Session *s, const char *command) * legal, and means /bin/sh. */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + + /* + * Make sure $SHELL points to the shell from the password file, + * even if shell is overridden from login.conf + */ + env = do_setup_env(s, shell); + #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif - env = do_setup_env(s, shell); - /* we have to stash the hostname before we close our socket. */ if (options.use_login) hostname = get_remote_name_or_ip(utmp_len, @@ -2048,13 +2068,22 @@ session_tty_list(void) { static char buf[1024]; int i; + char *cp; + buf[0] = '\0'; for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (s->used && s->ttyfd != -1) { + + if (strncmp(s->tty, "/dev/", 5) != 0) { + cp = strrchr(s->tty, '/'); + cp = (cp == NULL) ? s->tty : cp + 1; + } else + cp = s->tty + 5; + if (buf[0] != '\0') strlcat(buf, ",", sizeof buf); - strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf); + strlcat(buf, cp, sizeof buf); } } if (buf[0] == '\0') diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c index cca720e..eb593de 100644 --- a/openssh/ssh-agent.c +++ b/openssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $"); #include #include @@ -50,6 +50,8 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); #include "authfd.h" #include "compat.h" #include "log.h" +#include "readpass.h" +#include "misc.h" #ifdef SMARTCARD #include "scard.h" @@ -77,6 +79,7 @@ typedef struct identity { Key *key; char *comment; u_int death; + u_int confirm; } Identity; typedef struct { @@ -106,6 +109,9 @@ extern char *__progname; char *__progname; #endif +/* Default lifetime (0 == forever) */ +static int lifetime = 0; + static void close_socket(SocketEntry *e) { @@ -159,6 +165,30 @@ lookup_identity(Key *key, int version) return (NULL); } +/* Check confirmation of keysign request */ +static int +confirm_key(Identity *id) +{ + char *p, prompt[1024]; + int ret = -1; + + p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); + snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n" + "Key fingerprint %s.", id->comment, p); + xfree(p); + p = read_passphrase(prompt, RP_ALLOW_EOF); + if (p != NULL) { + /* + * Accept empty responses and responses consisting + * of the word "yes" as affirmative. + */ + if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) + ret = 0; + xfree(p); + } + return (ret); +} + /* send list of supported public keys to 'client' */ static void process_request_identities(SocketEntry *e, int version) @@ -222,7 +252,7 @@ process_authentication_challenge1(SocketEntry *e) goto failure; id = lookup_identity(key, 1); - if (id != NULL) { + if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { Key *private = id->key; /* Decrypt the challenge using the private key. */ if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) @@ -282,7 +312,7 @@ process_sign_request2(SocketEntry *e) key = key_from_blob(blob, blen); if (key != NULL) { Identity *id = lookup_identity(key, 2); - if (id != NULL) + if (id != NULL && (!id->confirm || confirm_key(id) == 0)) ok = key_sign(id->key, &signature, &slen, data, dlen); } key_free(key); @@ -402,7 +432,7 @@ static void process_add_identity(SocketEntry *e, int version) { Idtab *tab = idtab_lookup(version); - int type, success = 0, death = 0; + int type, success = 0, death = 0, confirm = 0; char *type_name, *comment; Key *k = NULL; @@ -453,6 +483,17 @@ process_add_identity(SocketEntry *e, int version) } break; } + /* enable blinding */ + switch (k->type) { + case KEY_RSA: + case KEY_RSA1: + if (RSA_blinding_on(k->rsa, NULL) != 1) { + error("process_add_identity: RSA_blinding_on failed"); + key_free(k); + goto send; + } + break; + } comment = buffer_get_string(&e->request, NULL); if (k == NULL) { xfree(comment); @@ -464,15 +505,21 @@ process_add_identity(SocketEntry *e, int version) case SSH_AGENT_CONSTRAIN_LIFETIME: death = time(NULL) + buffer_get_int(&e->request); break; + case SSH_AGENT_CONSTRAIN_CONFIRM: + confirm = 1; + break; default: break; } } + if (lifetime && !death) + death = time(NULL) + lifetime; if (lookup_identity(k, version) == NULL) { Identity *id = xmalloc(sizeof(Identity)); id->key = k; id->comment = comment; id->death = death; + id->confirm = confirm; TAILQ_INSERT_TAIL(&tab->idlist, id, next); /* Increment the number of identities. */ tab->nentries++; @@ -557,6 +604,7 @@ process_add_smartcard_key (SocketEntry *e) id->key = k; id->comment = xstrdup("smartcard key"); id->death = 0; + id->confirm = 0; TAILQ_INSERT_TAIL(&tab->idlist, id, next); tab->nentries++; success = 1; @@ -930,13 +978,15 @@ usage(void) fprintf(stderr, " -k Kill the current agent.\n"); fprintf(stderr, " -d Debug mode.\n"); fprintf(stderr, " -a socket Bind agent socket to given name.\n"); + fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); exit(1); } int main(int ac, char **av) { - int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; + int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; + int sock, fd, ch, nalloc; char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; struct sockaddr_un sunaddr; @@ -961,7 +1011,7 @@ main(int ac, char **av) init_rng(); seed_rng(); - while ((ch = getopt(ac, av, "cdksa:")) != -1) { + while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { switch (ch) { case 'c': if (s_flag) @@ -984,6 +1034,12 @@ main(int ac, char **av) case 'a': agentsocket = optarg; break; + case 't': + if ((lifetime = convtime(optarg)) == -1) { + fprintf(stderr, "Invalid lifetime\n"); + usage(); + } + break; default: usage(); } @@ -1116,9 +1172,14 @@ main(int ac, char **av) } (void)chdir("/"); - close(0); - close(1); - close(2); + if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + /* XXX might close listen socket */ + (void)dup2(fd, STDIN_FILENO); + (void)dup2(fd, STDOUT_FILENO); + (void)dup2(fd, STDERR_FILENO); + if (fd > 2) + close(fd); + } #ifdef HAVE_SETRLIMIT /* deny core dumps, since memory contains unencrypted private keys */ diff --git a/openssh/ssh-dss.h b/openssh/ssh-dss.h deleted file mode 100644 index 0613acb..0000000 --- a/openssh/ssh-dss.h +++ /dev/null @@ -1,32 +0,0 @@ -/* $OpenBSD: ssh-dss.h,v 1.5 2001/06/26 17:27:25 markus Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef DSA_H -#define DSA_H - -int ssh_dss_sign(Key *, u_char **, int *, u_char *, int); -int ssh_dss_verify(Key *, u_char *, int, u_char *, int); - -#endif diff --git a/openssh/ssh-keysign.8 b/openssh/ssh-keysign.8 index cea4a82..2e3f8ff 100644 --- a/openssh/ssh-keysign.8 +++ b/openssh/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.6 2003/03/28 10:11:43 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -39,10 +39,10 @@ required during hostbased authentication with SSH protocol version 2. .Pp .Nm is disabled by default and can only be enabled in the -the global client configuration file +global client configuration file .Pa /etc/ssh/ssh_config by setting -.Cm HostbasedAuthentication +.Cm EnableSSHKeysign to .Dq yes . .Pp @@ -62,8 +62,8 @@ Controls whether is enabled. .It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys used to -generate the digital signature. They -should be owned by root, readable only by root, and not +generate the digital signature. +They should be owned by root, readable only by root, and not accessible to others. Since they are readable only by root, .Nm diff --git a/openssh/ssh-keysign.c b/openssh/ssh-keysign.c index 79aee17..26c8faa 100644 --- a/openssh/ssh-keysign.c +++ b/openssh/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $"); #include #include @@ -168,8 +168,8 @@ main(int argc, char **argv) initialize_options(&options); (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); fill_default_options(&options); - if (options.hostbased_authentication != 1) - fatal("Hostbased authentication not enabled in %s", + if (options.enable_ssh_keysign != 1) + fatal("ssh-keysign not enabled in %s", _PATH_HOST_CONFIG_FILE); if (key_fd[0] == -1 && key_fd[1] == -1) @@ -192,13 +192,6 @@ main(int argc, char **argv) keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, NULL, NULL); close(key_fd[i]); - if (keys[i] != NULL && keys[i]->type == KEY_RSA) { - if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { - error("RSA_blinding_on failed"); - key_free(keys[i]); - keys[i] = NULL; - } - } if (keys[i] != NULL) found = 1; } diff --git a/openssh/ssh-rand-helper.c b/openssh/ssh-rand-helper.c index f96447b..1251570 100644 --- a/openssh/ssh-rand-helper.c +++ b/openssh/ssh-rand-helper.c @@ -355,6 +355,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) case 0: /* timer expired */ error_abort = 1; + kill(pid, SIGINT); break; case 1: /* command input */ @@ -561,7 +562,8 @@ prng_write_seedfile(void) debug("writing PRNG seed to file %.100s", filename); - RAND_bytes(seed, sizeof(seed)); + if (RAND_bytes(seed, sizeof(seed)) <= 0) + fatal("PRNG seed extration failed"); /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); @@ -848,7 +850,8 @@ main(int argc, char **argv) if (!RAND_status()) fatal("Not enough entropy in RNG"); - RAND_bytes(buf, bytes); + if (RAND_bytes(buf, bytes) <= 0) + fatal("Couldn't extract entropy from PRNG"); if (output_hex) { for(ret = 0; ret < bytes; ret++) diff --git a/openssh/ssh-rsa.h b/openssh/ssh-rsa.h deleted file mode 100644 index 11d355d..0000000 --- a/openssh/ssh-rsa.h +++ /dev/null @@ -1,32 +0,0 @@ -/* $OpenBSD: ssh-rsa.h,v 1.5 2001/06/26 17:27:25 markus Exp $ */ - -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef SSH_RSA_H -#define SSH_RSA_H - -int ssh_rsa_sign(Key *, u_char **, int *, u_char *, int); -int ssh_rsa_verify(Key *, u_char *, int, u_char *, int); - -#endif diff --git a/openssh/ssh.1 b/openssh/ssh.1 index 27808b1..fd822bb 100644 --- a/openssh/ssh.1 +++ b/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.168 2003/03/28 10:11:43 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -48,6 +48,7 @@ .Op Ar command .Pp .Nm ssh +.Bk -words .Op Fl afgknqstvxACNTX1246 .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec @@ -66,6 +67,8 @@ .Sm on .Xc .Oc +.Ek +.Bk -words .Oo Fl R Xo .Sm off .Ar port : @@ -77,6 +80,7 @@ .Op Fl D Ar port .Ar hostname | user@hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -361,7 +365,7 @@ variable is set to .Fl A and .Fl a -options described later) and +options described later) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. .Pp @@ -403,10 +407,11 @@ Disables forwarding of the authentication agent connection. Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. .Pp -Agent forwarding should be enabled with caution. Users with the -ability to bypass file permissions on the remote host (for the agent's -Unix-domain socket) can access the local agent through the forwarded -connection. An attacker cannot obtain key material from the agent, +Agent forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the agent's Unix-domain socket) +can access the local agent through the forwarded connection. +An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. .It Fl b Ar bind_address @@ -428,8 +433,8 @@ is only supported in the client for interoperability with legacy protocol 1 implementations that do not support the .Ar 3des -cipher. Its use is strongly discouraged due to cryptographic -weaknesses. +cipher. +Its use is strongly discouraged due to cryptographic weaknesses. .It Fl c Ar cipher_spec Additionally, for protocol version 2 a comma-separated list of ciphers can be specified in order of preference. @@ -566,11 +571,11 @@ Disables X11 forwarding. Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. .Pp -X11 forwarding should be enabled with caution. Users with the ability -to bypass file permissions on the remote host (for the user's X -authorization database) can access the local X11 display through the -forwarded connection. An attacker may then be able to perform -activities such as keystroke monitoring. +X11 forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the user's X authorization database) +can access the local X11 display through the forwarded connection. +An attacker may then be able to perform activities such as keystroke monitoring. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -637,7 +642,8 @@ This works by allocating a socket to listen to on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the -remote machine. Currently the SOCKS4 protocol is supported, and +remote machine. +Currently the SOCKS4 protocol is supported, and .Nm will act as a SOCKS4 server. Only root can forward privileged ports. diff --git a/openssh/ssh.c b/openssh/ssh.c index 82e8801..ebf93da 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $"); #include #include @@ -495,9 +495,9 @@ again: av += optind; if (ac > 0 && !host && **av != '-') { - if (strchr(*av, '@')) { + if (strrchr(*av, '@')) { p = xstrdup(*av); - cp = strchr(p, '@'); + cp = strrchr(p, '@'); if (cp == NULL || cp == p) usage(); options.user = p; @@ -505,12 +505,11 @@ again: host = ++cp; } else host = *av; - ac--, av++; - if (ac > 0) { - optind = 0; - optreset = 1; + if (ac > 1) { + optind = optreset = 1; goto again; } + ac--, av++; } /* Check that we got a host name. */ @@ -633,6 +632,10 @@ again: if (options.hostname != NULL) host = options.hostname; + if (options.proxy_command != NULL && + strcmp(options.proxy_command, "none") == 0) + options.proxy_command = NULL; + /* Disable rhosts authentication if not running as root. */ #ifdef HAVE_CYGWIN /* Ignore uid if running under Windows */ @@ -1057,7 +1060,7 @@ ssh_session2_setup(int id, void *arg) int interactive = 0; struct termios tio; - debug("ssh_session2_setup: id %d", id); + debug2("ssh_session2_setup: id %d", id); if (tty_flag) { struct winsize ws; diff --git a/openssh/ssh_config.5 b/openssh/ssh_config.5 index f6ecd23..b7058ba 100644 --- a/openssh/ssh_config.5 +++ b/openssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -185,8 +185,8 @@ is only supported in the client for interoperability with legacy protocol 1 implementations that do not support the .Ar 3des -cipher. Its use is strongly discouraged due to cryptographic -weaknesses. +cipher. +Its use is strongly discouraged due to cryptographic weaknesses. The default is .Dq 3des . .It Cm Ciphers @@ -202,7 +202,8 @@ The default is .It Cm ClearAllForwardings Specifies that all local, remote and dynamic port forwardings specified in the configuration files or on the command line be -cleared. This option is primarily useful when used from the +cleared. +This option is primarily useful when used from the .Nm ssh command line to clear port forwardings set in configuration files, and is automatically set by @@ -239,13 +240,14 @@ The default is 1. Specifies that a TCP/IP port on the local machine be forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the -remote machine. The argument must be a port number. +remote machine. +The argument must be a port number. Currently the SOCKS4 protocol is supported, and .Nm ssh will act as a SOCKS4 server. Multiple forwardings may be specified, and -additional forwardings can be given on the command line. Only -the superuser can forward privileged ports. +additional forwardings can be given on the command line. +Only the superuser can forward privileged ports. .It Cm EscapeChar Sets the escape character (default: .Ql ~ ) . @@ -268,10 +270,11 @@ or The default is .Dq no . .Pp -Agent forwarding should be enabled with caution. Users with the -ability to bypass file permissions on the remote host (for the agent's -Unix-domain socket) can access the local agent through the forwarded -connection. An attacker cannot obtain key material from the agent, +Agent forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the agent's Unix-domain socket) +can access the local agent through the forwarded connection. +An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. .It Cm ForwardX11 @@ -286,18 +289,18 @@ or The default is .Dq no . .Pp -X11 forwarding should be enabled with caution. Users with the ability -to bypass file permissions on the remote host (for the user's X -authorization database) can access the local X11 display through the -forwarded connection. An attacker may then be able to perform -activities such as keystroke monitoring. +X11 forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the user's X authorization database) +can access the local X11 display through the forwarded connection. +An attacker may then be able to perform activities such as keystroke monitoring. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to local forwarded ports. By default, .Nm ssh -binds local port forwardings to the loopback address. This -prevents other remote hosts from connecting to forwarded ports. +binds local port forwardings to the loopback address. +This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm ssh @@ -420,8 +423,9 @@ Gives the verbosity level that is used when logging messages from .Nm ssh . The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -and DEBUG3 each specify higher levels of verbose output. +The default is INFO. +DEBUG and DEBUG1 are equivalent. +DEBUG2 and DEBUG3 each specify higher levels of verbose output. .It Cm MACs Specifies the MAC (message authentication code) algorithms in order of preference. @@ -499,6 +503,9 @@ somewhere. Host key management will be done using the HostName of the host being connected (defaulting to the name typed by the user). +Setting the command to +.Dq none +disables this option entirely. Note that .Cm CheckHostIP is not available for connects with a proxy command. diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index 2128113..9b7b61a 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.114 2003/04/01 10:22:21 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -97,7 +97,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) orig = myproposal[PROPOSAL_KEX_ALGS]; canonhost = xstrdup(get_canonical_hostname(1)); resolve_localhost(&canonhost); - gss = ssh_gssapi_mechanisms(0,canonhost); + gss = ssh_gssapi_mechanisms(canonhost); xfree(canonhost); canonhost=NULL; if (gss) { @@ -148,6 +148,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) /* start key exchange */ kex = kex_setup(myproposal); + kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; +#ifdef GSSAPI + kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; +#endif kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; @@ -171,7 +176,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) packet_send(); packet_write_wait(); #endif - debug("done: ssh_kex2."); } /* @@ -287,24 +291,23 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; - debug("send SSH2_MSG_SERVICE_REQUEST"); packet_start(SSH2_MSG_SERVICE_REQUEST); packet_put_cstring("ssh-userauth"); packet_send(); + debug("SSH2_MSG_SERVICE_REQUEST sent"); packet_write_wait(); type = packet_read(); - if (type != SSH2_MSG_SERVICE_ACCEPT) { - fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); - } + if (type != SSH2_MSG_SERVICE_ACCEPT) + fatal("Server denied authentication request: %d", type); if (packet_remaining() > 0) { char *reply = packet_get_string(NULL); - debug("service_accept: %s", reply); + debug2("service_accept: %s", reply); xfree(reply); } else { - debug("buggy server: service_accept w/o service"); + debug2("buggy server: service_accept w/o service"); } packet_check_eom(); - debug("got SSH2_MSG_SERVICE_ACCEPT"); + debug("SSH2_MSG_SERVICE_ACCEPT received"); if (options.preferred_authentications == NULL) options.preferred_authentications = authmethods_get(); @@ -337,7 +340,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, if (authctxt.agent != NULL) ssh_close_authentication_connection(authctxt.agent); - debug("ssh-userauth2 successful: method %s", authctxt.method->name); + debug("Authentication succeeded (%s).", authctxt.method->name); } void userauth(Authctxt *authctxt, char *authlist) @@ -418,7 +421,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) if (partial != 0) log("Authenticated with partial success."); - debug("authentications that can continue: %s", authlist); + debug("Authentications that can continue: %s", authlist); clear_auth_state(authctxt); userauth(authctxt, authlist); @@ -450,7 +453,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", + debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d", pkalg, blen, authctxt->last_key, authctxt->last_key_hint); do { @@ -1002,7 +1005,7 @@ userauth_pubkey_agent(Authctxt *authctxt) if (k == NULL) { debug2("userauth_pubkey_agent: no more keys"); } else { - debug("userauth_pubkey_agent: testing agent key %s", comment); + debug("Offering agent key: %s", comment); xfree(comment); ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); if (ret == 0) @@ -1030,7 +1033,7 @@ userauth_pubkey(Authctxt *authctxt) key = options.identity_keys[idx]; filename = options.identity_files[idx]; if (key == NULL) { - debug("try privkey: %s", filename); + debug("Trying private key: %s", filename); key = load_identity_file(filename); if (key != NULL) { sent = sign_and_send_pubkey(authctxt, key, @@ -1038,7 +1041,7 @@ userauth_pubkey(Authctxt *authctxt) key_free(key); } } else if (key->type != KEY_RSA1) { - debug("try pubkey: %s", filename); + debug("Offering public key: %s", filename); sent = send_pubkey_test(authctxt, key, identity_sign_cb, idx); } @@ -1144,7 +1147,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, pid_t pid; int to[2], from[2], status, version = 2; - debug("ssh_keysign called"); + debug2("ssh_keysign called"); if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { error("ssh_keysign: no installed: %s", strerror(errno)); @@ -1233,7 +1236,7 @@ userauth_hostbased(Authctxt *authctxt) } } if (!found) { - debug("userauth_hostbased: no more client hostkeys"); + debug("No more client hostkeys for hostbased authentication."); return 0; } if (key_to_blob(private, &blob, &blen) == 0) { @@ -1252,6 +1255,7 @@ userauth_hostbased(Authctxt *authctxt) strlcpy(chost, p, len); strlcat(chost, ".", len); debug2("userauth_hostbased: chost %s", chost); + xfree(p); service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; @@ -1347,7 +1351,6 @@ static char *preferred = NULL; static Authmethod * authmethod_get(char *authlist) { - char *name = NULL; u_int next; @@ -1368,7 +1371,7 @@ authmethod_get(char *authlist) for (;;) { if ((name = match_list(preferred, supported, &next)) == NULL) { - debug("no more auth methods to try"); + debug("No more authentication methods to try."); current = NULL; return NULL; } @@ -1378,7 +1381,7 @@ authmethod_get(char *authlist) if ((current = authmethod_lookup(name)) != NULL && authmethod_is_enabled(current)) { debug3("authmethod_is_enabled %s", name); - debug("next auth method to try is %s", name); + debug("Next authentication method: %s", name); return current; } } diff --git a/openssh/sshd.8 b/openssh/sshd.8 index 22ab70e..a99c4f1 100644 --- a/openssh/sshd.8 +++ b/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $ +.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -43,6 +43,7 @@ .Nd OpenSSH SSH daemon .Sh SYNOPSIS .Nm sshd +.Bk -words .Op Fl deiqtD46 .Op Fl b Ar bits .Op Fl f Ar config_file @@ -52,6 +53,7 @@ .Op Fl o Ar option .Op Fl p Ar port .Op Fl u Ar len +.Ek .Sh DESCRIPTION .Nm (SSH Daemon) is the daemon program for @@ -75,7 +77,7 @@ This implementation of .Nm supports both SSH protocol version 1 and 2 simultaneously. .Nm -works as follows. +works as follows: .Pp .Ss SSH protocol version 1 .Pp @@ -86,7 +88,7 @@ the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and is never stored on disk. .Pp -Whenever a client connects the daemon responds with its public +Whenever a client connects, the daemon responds with its public host and server keys. The client compares the RSA host key against its own database to verify that it has not changed. @@ -119,7 +121,7 @@ System security is not improved unless .Nm rshd , .Nm rlogind , and -.Xr rexecd +.Nm rexecd are disabled (thus completely disabling .Xr rlogin and @@ -189,7 +191,9 @@ The server sends verbose debug output to the system log, and does not put itself in the background. The server also will not fork and will only process one connection. This option is only intended for debugging for the server. -Multiple -d options increase the debugging level. +Multiple +.Fl d +options increase the debugging level. Maximum is 3. .It Fl e When this option is specified, @@ -225,7 +229,8 @@ the different protocol versions and host key algorithms. .It Fl i Specifies that .Nm -is being run from inetd. +is being run from +.Xr inetd 8 . .Nm is normally not run from inetd because it needs to generate the server key before it can @@ -282,7 +287,7 @@ should be put into the .Pa utmp file. .Fl u0 -is also be used to prevent +may also be used to prevent .Nm from making DNS requests unless the authentication mechanism or configuration requires it. @@ -446,7 +451,7 @@ authentication. The command supplied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; otherwise it is run without a tty. -If a 8-bit clean channel is required, +If an 8-bit clean channel is required, one must not request a pty or should specify .Cm no-pty . A quote may be included in the command by quoting it with a backslash. @@ -506,7 +511,7 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hu permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 .Sh SSH_KNOWN_HOSTS FILE FORMAT The -.Pa /etc/ssh/ssh_known_hosts , +.Pa /etc/ssh/ssh_known_hosts and .Pa $HOME/.ssh/known_hosts files contain host public keys for all known hosts. @@ -627,7 +632,7 @@ These files should be writable only by root/the owner. .Pa /etc/ssh/ssh_known_hosts should be world-readable, and .Pa $HOME/.ssh/known_hosts -can but need not be world-readable. +can, but need not be, world-readable. .It Pa /etc/nologin If this file exists, .Nm @@ -644,7 +649,7 @@ Further details are described in This file contains host-username pairs, separated by a space, one per line. The given user on the corresponding host is permitted to log in -without password. +without a password. The same file is used by rlogind and rshd. The file must be writable only by the user; it is recommended that it not be @@ -713,7 +718,9 @@ controlled via the .Cm PermitUserEnvironment option. .It Pa $HOME/.ssh/rc -If this file exists, it is run with /bin/sh after reading the +If this file exists, it is run with +.Pa /bin/sh +after reading the environment files but before starting the user's shell or command. It must not produce any output on stdout; stderr must be used instead. diff --git a/openssh/sshd.c b/openssh/sshd.c index b43affe..24f1ce4 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $"); #include #include @@ -211,8 +211,8 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ /* variables used for privilege separation */ -extern struct monitor *pmonitor; -extern int use_privsep; +int use_privsep; +struct monitor *pmonitor; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); @@ -836,9 +836,17 @@ main(int ac, char **av) __progname = get_progname(av[0]); init_rng(); - /* Save argv. */ + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; saved_argv = av; + saved_argv = xmalloc(sizeof(*saved_argv) * ac); + for (i = 0; i < ac; i++) + saved_argv[i] = xstrdup(av[i]); + +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + compat_init_setproctitle(ac, av); +#endif /* Initialize configuration options to their default values. */ initialize_server_options(&options); @@ -953,7 +961,7 @@ main(int ac, char **av) SYSLOG_LEVEL_INFO : options.log_level, options.log_facility == SYSLOG_FACILITY_NOT_SET ? SYSLOG_FACILITY_AUTH : options.log_facility, - !inetd_flag); + log_stderr || !inetd_flag); #ifdef _UNICOS /* Cray can define user privs drop all prives now! @@ -1070,8 +1078,8 @@ main(int ac, char **av) #else if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) #endif - fatal("Bad owner or mode for %s", - _PATH_PRIVSEP_CHROOT_DIR); + fatal("%s must be owned by root and not group or " + "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); } /* Configuration looks good, so exit if in test mode. */ @@ -1408,8 +1416,12 @@ main(int ac, char **av) * setlogin() affects the entire process group. We don't * want the child to be able to affect the parent. */ -#if 0 - /* XXX: this breaks Solaris */ +#if !defined(STREAMS_PUSH_ACQUIRES_CTTY) + /* + * If setsid is called on Solaris, sshd will acquire the controlling + * terminal while pushing STREAMS modules. This will prevent the + * shell from acquiring it later. + */ if (!debug_flag && !inetd_flag && setsid() < 0) error("setsid: %.100s", strerror(errno)); #endif @@ -1880,7 +1892,7 @@ do_ssh2_kex(void) orig= NULL; if (options.gss_keyex) - gss = ssh_gssapi_mechanisms(1,NULL); + gss = ssh_server_gssapi_mechanisms(); else gss = NULL; @@ -1908,6 +1920,11 @@ do_ssh2_kex(void) /* start key exchange */ kex = kex_setup(myproposal); + kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; +#ifdef GSSAPI + kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; +#endif kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5 index 433bfab..b4d5fa1 100644 --- a/openssh/sshd_config.5 +++ b/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -89,7 +89,7 @@ own forwarders. .It Cm AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. -If specified, login is allowed only for users names that +If specified, login is allowed only for user names that match one of the patterns. .Ql \&* and @@ -211,8 +211,8 @@ Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, .Nm sshd -binds remote port forwardings to the loopback address. This -prevents other remote hosts from connecting to forwarded ports. +binds remote port forwardings to the loopback address. +This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm sshd @@ -391,7 +391,8 @@ is not specified, will listen on the address and all prior .Cm Port options specified. The default is to listen on all local -addresses. Multiple +addresses. +Multiple .Cm ListenAddress options are permitted. Additionally, any .Cm Port @@ -406,10 +407,10 @@ Gives the verbosity level that is used when logging messages from .Nm sshd . The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -and DEBUG3 each specify higher levels of debugging output. -Logging with a DEBUG level violates the privacy of users -and is not recommended. +The default is INFO. +DEBUG and DEBUG1 are equivalent. +DEBUG2 and DEBUG3 each specify higher levels of debugging output. +Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 @@ -620,16 +621,18 @@ will be disabled because .Xr login 1 does not know how to handle .Xr xauth 1 -cookies. If +cookies. +If .Cm UsePrivilegeSeparation is specified, it will be disabled after authentication. .It Cm UsePrivilegeSeparation Specifies whether .Nm sshd separates privileges by creating an unprivileged child process -to deal with incoming network traffic. After successful authentication, -another process will be created that has the privilege of the authenticated -user. The goal of privilege separation is to prevent privilege +to deal with incoming network traffic. +After successful authentication, another process will be created that has +the privilege of the authenticated user. +The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is .Dq yes . @@ -687,7 +690,8 @@ is enabled. Specifies whether .Nm sshd should bind the X11 forwarding server to the loopback address or to -the wildcard address. By default, +the wildcard address. +By default, .Nm sshd binds the forwarding server to the loopback address and sets the hostname part of the -- 2.45.1