From dfddba3d7e01aaef75b0f84b9f3c53f34e2504c9 Mon Sep 17 00:00:00 2001 From: jbasney Date: Sat, 12 Mar 2005 20:38:12 +0000 Subject: [PATCH] merged OpenSSH 4.0p1 to trunk and removed GSSAPI compat flags needed for compat with OpenSSH 3.6.1 and earlier. --- openssh/Makefile.in | 32 ++- openssh/README.platform | 24 +- openssh/README.privsep | 5 +- openssh/acconfig.h | 3 - openssh/auth-krb5.c | 5 + openssh/auth-pam.c | 145 ++++++---- openssh/auth-pam.h | 1 + openssh/auth-shadow.c | 3 + openssh/auth.c | 81 +++++- openssh/auth.h | 4 + openssh/auth1.c | 33 ++- openssh/auth2-kbdint.c | 2 +- openssh/auth2-none.c | 21 +- openssh/auth2-passwd.c | 8 +- openssh/auth2-pubkey.c | 12 +- openssh/auth2.c | 31 +- openssh/canohost.c | 21 +- openssh/canohost.h | 2 + openssh/cipher-ctr.c | 2 +- openssh/cipher.c | 10 +- openssh/compat.c | 26 +- openssh/compat.h | 6 +- openssh/configure.ac | 358 ++++++++++++++++++------ openssh/contrib/findssl.sh | 10 +- openssh/defines.h | 18 ++ openssh/gss-genr.c | 50 +--- openssh/gss-serv.c | 2 - openssh/includes.h | 2 +- openssh/key.c | 38 ++- openssh/log.c | 16 ++ openssh/misc.c | 67 ++++- openssh/moduli.c | 6 +- openssh/monitor.c | 73 ++++- openssh/monitor.h | 1 + openssh/monitor_mm.c | 2 +- openssh/monitor_wrap.c | 35 +++ openssh/monitor_wrap.h | 6 + openssh/openbsd-compat/bsd-misc.h | 4 - openssh/openbsd-compat/bsd-openpty.c | 2 - openssh/openbsd-compat/fake-rfc2553.h | 1 + openssh/openbsd-compat/getrrsetbyname.c | 2 +- openssh/openbsd-compat/port-aix.c | 121 ++++++-- openssh/openbsd-compat/port-aix.h | 44 ++- openssh/openbsd-compat/xmmap.c | 2 +- openssh/packet.c | 6 +- openssh/readconf.c | 169 ++++++++--- openssh/readconf.h | 16 +- openssh/servconf.c | 93 +++--- openssh/servconf.h | 3 +- openssh/session.c | 68 ++++- openssh/ssh-agent.c | 30 +- openssh/ssh-keyscan.c | 18 +- openssh/ssh-keysign.c | 6 +- openssh/ssh-rand-helper.c | 91 ++++-- openssh/ssh.1 | 179 +++++++----- openssh/ssh.c | 196 ++++++++----- openssh/ssh1.h | 5 +- openssh/ssh_config.5 | 101 ++++++- openssh/sshconnect2.c | 40 ++- openssh/sshd.8 | 52 +++- openssh/sshd.c | 75 ++--- openssh/sshd_config | 3 +- openssh/sshd_config.5 | 37 ++- openssh/version.h | 8 +- 64 files changed, 1833 insertions(+), 700 deletions(-) diff --git a/openssh/Makefile.in b/openssh/Makefile.in index bedf648..50bec28 100644 --- a/openssh/Makefile.in +++ b/openssh/Makefile.in @@ -43,6 +43,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ AR=@AR@ @@ -87,7 +88,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ kexgsss.o gss-serv-gsi.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ + audit.o audit-bsm.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 @@ -161,7 +163,7 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -197,13 +199,13 @@ moduli: clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core + rm -f *.out core survey (cd openbsd-compat && $(MAKE) clean) distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~ + rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) (cd scard && $(MAKE) distclean) @@ -231,8 +233,9 @@ distprep: catman-do -rm -rf autom4te.cache (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files +install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf +install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files check-config: -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config @@ -296,6 +299,8 @@ install-files: scard-install rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/gsisftp.1; \ ln -s ./sftp.1 $(DESTDIR)$(mandir)/$(mansubdir)1/gsisftp.1; \ fi + +install-sysconf: if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ fi @@ -309,7 +314,7 @@ install-files: scard-install else \ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ fi - @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ + @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ else \ @@ -403,7 +408,7 @@ tests: $(TARGETS) BUILDDIR=`pwd`; \ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ [ -f `pwd`/regress/Makefile ] || \ - ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \ + ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ TEST_SHELL="@TEST_SHELL@"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ @@ -433,10 +438,19 @@ tests: $(TARGETS) $@ regressclean: - if [ -f regress/Makefile -a -r regress/Makefile ]; then \ + if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ (cd regress && $(MAKE) clean) \ fi +survey: survey.sh ssh + @$(SHELL) ./survey.sh > survey + @echo 'The survey results have been placed in the file "survey" in the' + @echo 'current directory. Please review the file then send with' + @echo '"make send-survey".' + +send-survey: survey + mail portable-survey@mindrot.org krb5_ccname, len, "FILE:%s", authctxt->krb5_ticket_file); +#ifdef USE_PAM + if (options.use_pam) + do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname); +#endif + out: restore_uid(); diff --git a/openssh/auth-pam.c b/openssh/auth-pam.c index 63908a7..0b79f3a 100644 --- a/openssh/auth-pam.c +++ b/openssh/auth-pam.c @@ -186,6 +186,7 @@ static int sshpam_account_status = -1; static char **sshpam_env = NULL; static Authctxt *sshpam_authctxt = NULL; static const char *sshpam_password = NULL; +static char badpw[] = "\b\n\r\177INCORRECT"; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -490,6 +491,51 @@ sshpam_null_conv(int n, struct pam_message **msg, static struct pam_conv null_conv = { sshpam_null_conv, NULL }; +static int +sshpam_store_conv(int n, struct pam_message **msg, + struct pam_response **resp, void *data) +{ + struct pam_response *reply; + int i; + size_t len; + + debug3("PAM: %s called with %d messages", __func__, n); + *resp = NULL; + + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + + if ((reply = malloc(n * sizeof(*reply))) == NULL) + return (PAM_CONV_ERR); + memset(reply, 0, n * sizeof(*reply)); + + for (i = 0; i < n; ++i) { + switch (PAM_MSG_MEMBER(msg, i, msg_style)) { + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + len = strlen(PAM_MSG_MEMBER(msg, i, msg)); + buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); + buffer_append(&loginmsg, "\n", 1 ); + reply[i].resp_retcode = PAM_SUCCESS; + break; + default: + goto fail; + } + } + *resp = reply; + return (PAM_SUCCESS); + + fail: + for(i = 0; i < n; i++) { + if (reply[i].resp != NULL) + xfree(reply[i].resp); + } + xfree(reply); + return (PAM_CONV_ERR); +} + +static struct pam_conv store_conv = { sshpam_store_conv, NULL }; + void sshpam_cleanup(void) { @@ -527,7 +573,7 @@ sshpam_init(Authctxt *authctxt) } debug("PAM: initializing for \"%s\"", user); sshpam_err = - pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); + pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle); sshpam_authctxt = authctxt; if (sshpam_err != PAM_SUCCESS) { @@ -609,7 +655,7 @@ sshpam_query(void *ctx, char **name, char **info, size_t plen; u_char type; char *msg; - size_t len; + size_t len, mlen; debug3("PAM: %s entering", __func__); buffer_init(&buffer); @@ -622,22 +668,27 @@ sshpam_query(void *ctx, char **name, char **info, while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { type = buffer_get_char(&buffer); msg = buffer_get_string(&buffer, NULL); + mlen = strlen(msg); switch (type) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: *num = 1; - len = plen + strlen(msg) + 1; + len = plen + mlen + 1; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; **echo_on = (type == PAM_PROMPT_ECHO_ON); xfree(msg); return (0); case PAM_ERROR_MSG: case PAM_TEXT_INFO: /* accumulate messages */ - len = plen + strlen(msg) + 2; + len = plen + mlen + 2; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s\n", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; + strlcat(**prompts + plen, "\n", len - plen); + plen++; xfree(msg); break; case PAM_SUCCESS: @@ -651,6 +702,12 @@ sshpam_query(void *ctx, char **name, char **info, **prompts = NULL; } if (type == PAM_SUCCESS) { + if (!sshpam_authctxt->valid || + (sshpam_authctxt->pw->pw_uid == 0 && + options.permit_root_login != PERMIT_YES)) + fatal("Internal error: PAM auth " + "succeeded when it should have " + "failed"); import_environments(&buffer); *num = 0; **echo_on = 0; @@ -696,7 +753,12 @@ sshpam_respond(void *ctx, u_int num, char **resp) return (-1); } buffer_init(&buffer); - buffer_put_cstring(&buffer, *resp); + if (sshpam_authctxt->valid && + (sshpam_authctxt->pw->pw_uid != 0 || + options.permit_root_login == PERMIT_YES)) + buffer_put_cstring(&buffer, *resp); + else + buffer_put_cstring(&buffer, badpw); if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { buffer_free(&buffer); return (-1); @@ -759,11 +821,13 @@ finish_pam(void) u_int do_pam_account(void) { + debug("%s: called", __func__); if (sshpam_account_status != -1) return (sshpam_account_status); sshpam_err = pam_acct_mgmt(sshpam_handle, 0); - debug3("PAM: %s pam_acct_mgmt = %d", __func__, sshpam_err); + debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, + pam_strerror(sshpam_handle, sshpam_err)); if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { sshpam_account_status = 0; @@ -793,7 +857,7 @@ void do_pam_setcred(int init) { sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); + (const void *)&store_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); @@ -894,51 +958,6 @@ do_pam_chauthtok(void) pam_strerror(sshpam_handle, sshpam_err)); } -static int -sshpam_store_conv(int n, struct pam_message **msg, - struct pam_response **resp, void *data) -{ - struct pam_response *reply; - int i; - size_t len; - - debug3("PAM: %s called with %d messages", __func__, n); - *resp = NULL; - - if (n <= 0 || n > PAM_MAX_NUM_MSG) - return (PAM_CONV_ERR); - - if ((reply = malloc(n * sizeof(*reply))) == NULL) - return (PAM_CONV_ERR); - memset(reply, 0, n * sizeof(*reply)); - - for (i = 0; i < n; ++i) { - switch (PAM_MSG_MEMBER(msg, i, msg_style)) { - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - len = strlen(PAM_MSG_MEMBER(msg, i, msg)); - buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); - buffer_append(&loginmsg, "\n", 1 ); - reply[i].resp_retcode = PAM_SUCCESS; - break; - default: - goto fail; - } - } - *resp = reply; - return (PAM_SUCCESS); - - fail: - for(i = 0; i < n; i++) { - if (reply[i].resp != NULL) - xfree(reply[i].resp); - } - xfree(reply); - return (PAM_CONV_ERR); -} - -static struct pam_conv store_conv = { sshpam_store_conv, NULL }; - void do_pam_session(void) { @@ -949,10 +968,21 @@ do_pam_session(void) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: pam_open_session(): %s", + if (sshpam_err == PAM_SUCCESS) + sshpam_session_open = 1; + else { + sshpam_session_open = 0; + disable_forwarding(); + error("PAM: pam_open_session(): %s", pam_strerror(sshpam_handle, sshpam_err)); - sshpam_session_open = 1; + } + +} + +int +is_pam_session_open(void) +{ + return sshpam_session_open; } /* @@ -1075,7 +1105,6 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) { int flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); - static char badpw[] = "\b\n\r\177INCORRECT"; if (!options.use_pam || sshpam_handle == NULL) fatal("PAM: %s called when PAM disabled or failed to " diff --git a/openssh/auth-pam.h b/openssh/auth-pam.h index f756b31..93a1eca 100644 --- a/openssh/auth-pam.h +++ b/openssh/auth-pam.h @@ -45,5 +45,6 @@ void free_pam_environment(char **); void sshpam_thread_cleanup(void); void sshpam_cleanup(void); int sshpam_auth_passwd(Authctxt *, const char *); +int is_pam_session_open(void); #endif /* USE_PAM */ diff --git a/openssh/auth-shadow.c b/openssh/auth-shadow.c index 66e8401..5762723 100644 --- a/openssh/auth-shadow.c +++ b/openssh/auth-shadow.c @@ -32,6 +32,9 @@ RCSID("$Id$"); #include "buffer.h" #include "log.h" +#ifdef DAY +# undef DAY +#endif #define DAY (24L * 60 * 60) /* 1 day in seconds */ extern Buffer loginmsg; diff --git a/openssh/auth.c b/openssh/auth.c index 9d3dde0..70bf48a 100644 --- a/openssh/auth.c +++ b/openssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #ifdef HAVE_LOGIN_H #include @@ -50,6 +50,8 @@ RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); #include "misc.h" #include "bufaux.h" #include "packet.h" +#include "loginrec.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; @@ -153,8 +155,9 @@ allowed_user(struct passwd * pw) for (i = 0; i < options.num_deny_users; i++) if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) { - logit("User %.100s not allowed because listed in DenyUsers", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because listed in DenyUsers", + pw->pw_name, hostname); return 0; } } @@ -166,16 +169,16 @@ allowed_user(struct passwd * pw) break; /* i < options.num_allow_users iff we break for loop */ if (i >= options.num_allow_users) { - logit("User %.100s not allowed because not listed in AllowUsers", - pw->pw_name); + logit("User %.100s from %.100s not allowed because " + "not listed in AllowUsers", pw->pw_name, hostname); return 0; } } if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ if (ga_init(pw->pw_name, pw->pw_gid) == 0) { - logit("User %.100s not allowed because not in any group", - pw->pw_name); + logit("User %.100s from %.100s not allowed because " + "not in any group", pw->pw_name, hostname); return 0; } @@ -184,8 +187,9 @@ allowed_user(struct passwd * pw) if (ga_match(options.deny_groups, options.num_deny_groups)) { ga_free(); - logit("User %.100s not allowed because a group is listed in DenyGroups", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because a group is listed in DenyGroups", + pw->pw_name, hostname); return 0; } /* @@ -196,15 +200,16 @@ allowed_user(struct passwd * pw) if (!ga_match(options.allow_groups, options.num_allow_groups)) { ga_free(); - logit("User %.100s not allowed because none of user's groups are listed in AllowGroups", - pw->pw_name); + logit("User %.100s from %.100s not allowed " + "because none of user's groups are listed " + "in AllowGroups", pw->pw_name, hostname); return 0; } ga_free(); } #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER - if (!sys_auth_allowed_user(pw)) + if (!sys_auth_allowed_user(pw, &loginmsg)) return 0; #endif @@ -241,8 +246,50 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) info); #ifdef CUSTOM_FAILED_LOGIN - if (authenticated == 0 && strcmp(method, "password") == 0) - record_failed_login(authctxt->user, "ssh"); + if (authenticated == 0 && !authctxt->postponed && + (strcmp(method, "password") == 0 || + strncmp(method, "keyboard-interactive", 20) == 0 || + strcmp(method, "challenge-response") == 0)) + record_failed_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh"); +#endif +#ifdef SSH_AUDIT_EVENTS + if (authenticated == 0 && !authctxt->postponed) { + ssh_audit_event_t event; + + debug3("audit failed auth attempt, method %s euid %d", + method, (int)geteuid()); + /* + * Because the auth loop is used in both monitor and slave, + * we must be careful to send each event only once and with + * enough privs to write the event. + */ + event = audit_classify_auth(method); + switch(event) { + case SSH_AUTH_FAIL_NONE: + case SSH_AUTH_FAIL_PASSWD: + case SSH_AUTH_FAIL_KBDINT: + if (geteuid() == 0) + audit_event(event); + break; + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + /* + * This is required to handle the case where privsep + * is enabled but it's root logging in, since + * use_privsep won't be cleared until after a + * successful login. + */ + if (geteuid() == 0) + audit_event(event); + else + PRIVSEP(audit_event(event)); + break; + default: + error("unknown authentication audit event %d", event); + } + } #endif } @@ -467,8 +514,12 @@ getpwnamallow(const char *user) (user && user[0]) ? user : "", get_remote_ipaddr()); #ifdef CUSTOM_FAILED_LOGIN - record_failed_login(user, "ssh"); + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_INVALID_USER); +#endif /* SSH_AUDIT_EVENTS */ return (NULL); } if (!allowed_user(pw)) diff --git a/openssh/auth.h b/openssh/auth.h index bc4086b..635233b 100644 --- a/openssh/auth.h +++ b/openssh/auth.h @@ -136,6 +136,9 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +#include "audit.h" +void remove_kbdint_device(const char *); + void disable_forwarding(void); void do_authentication(Authctxt *); @@ -143,6 +146,7 @@ void do_authentication2(Authctxt *); void auth_log(Authctxt *, int, char *, char *); void userauth_finish(Authctxt *, int, char *); +void userauth_send_banner(const char *); int auth_root_allowed(char *); char *auth2_read_banner(void); diff --git a/openssh/auth1.c b/openssh/auth1.c index 3f93b98..d089284 100644 --- a/openssh/auth1.c +++ b/openssh/auth1.c @@ -25,9 +25,11 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); #include "session.h" #include "uidswap.h" #include "monitor_wrap.h" +#include "buffer.h" /* import */ extern ServerOptions options; +extern Buffer loginmsg; /* * convert ssh auth msg type into description @@ -245,14 +247,33 @@ do_authloop(Authctxt *authctxt) #else /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(get_authname(type))) + !auth_root_allowed(get_authname(type))) { authenticated = 0; +# ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); +# endif + } #endif #ifdef USE_PAM if (options.use_pam && authenticated && - !PRIVSEP(do_pam_account())) - authenticated = 0; + !PRIVSEP(do_pam_account())) { + char *msg; + size_t len; + + error("Access denied for user %s by PAM account " + "configuration", authctxt->user); + len = buffer_len(&loginmsg); + buffer_append(&loginmsg, "\0", 1); + msg = buffer_ptr(&loginmsg); + /* strip trailing newlines */ + if (len > 0) + while (len > 0 && msg[--len] == '\n') + msg[len] = '\0'; + else + msg = "Access denied."; + packet_disconnect(msg); + } #endif /* Log before sending the reply */ @@ -266,8 +287,12 @@ do_authloop(Authctxt *authctxt) if (authenticated) return; - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } packet_start(SSH_SMSG_FAILURE); packet_send(); diff --git a/openssh/auth2-kbdint.c b/openssh/auth2-kbdint.c index 1696ef4..fa83649 100644 --- a/openssh/auth2-kbdint.c +++ b/openssh/auth2-kbdint.c @@ -53,7 +53,7 @@ userauth_kbdint(Authctxt *authctxt) xfree(lang); #ifdef HAVE_CYGWIN if (check_nt_auth(0, authctxt->pw) == 0) - return(0); + authenticated = 0; #endif return authenticated; } diff --git a/openssh/auth2-none.c b/openssh/auth2-none.c index 2bf5b5c..1c30a32 100644 --- a/openssh/auth2-none.c +++ b/openssh/auth2-none.c @@ -74,6 +74,19 @@ auth2_read_banner(void) return (banner); } +void +userauth_send_banner(const char *msg) +{ + if (datafellows & SSH_BUG_BANNER) + return; + + packet_start(SSH2_MSG_USERAUTH_BANNER); + packet_put_cstring(msg); + packet_put_cstring(""); /* language, unused */ + packet_send(); + debug("%s: sent", __func__); +} + static void userauth_banner(void) { @@ -84,12 +97,8 @@ userauth_banner(void) if ((banner = PRIVSEP(auth2_read_banner())) == NULL) goto done; + userauth_send_banner(banner); - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(banner); - packet_put_cstring(""); /* language, unused */ - packet_send(); - debug("userauth_banner: sent"); done: if (banner) xfree(banner); @@ -103,7 +112,7 @@ userauth_none(Authctxt *authctxt) userauth_banner(); #ifdef HAVE_CYGWIN if (check_nt_auth(1, authctxt->pw) == 0) - return(0); + return (0); #endif if (options.password_authentication) return (PRIVSEP(auth_password(authctxt, ""))); diff --git a/openssh/auth2-passwd.c b/openssh/auth2-passwd.c index a4f482d..2321ef4 100644 --- a/openssh/auth2-passwd.c +++ b/openssh/auth2-passwd.c @@ -55,12 +55,12 @@ userauth_passwd(Authctxt *authctxt) if (change) logit("password change not supported"); - else if (PRIVSEP(auth_password(authctxt, password)) == 1 + else if (PRIVSEP(auth_password(authctxt, password)) == 1) + authenticated = 1; #ifdef HAVE_CYGWIN - && check_nt_auth(1, authctxt->pw) + if (check_nt_auth(1, authctxt->pw) == 0) + authenticated = 0; #endif - ) - authenticated = 1; memset(password, 0, len); xfree(password); return authenticated; diff --git a/openssh/auth2-pubkey.c b/openssh/auth2-pubkey.c index 9898d4a..a97d0f4 100644 --- a/openssh/auth2-pubkey.c +++ b/openssh/auth2-pubkey.c @@ -23,8 +23,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $"); +#include "ssh.h" #include "ssh2.h" #include "xmalloc.h" #include "packet.h" @@ -40,6 +41,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $"); #include "auth-options.h" #include "canohost.h" #include "monitor_wrap.h" +#include "misc.h" /* import */ extern ServerOptions options; @@ -158,7 +160,7 @@ done: xfree(pkblob); #ifdef HAVE_CYGWIN if (check_nt_auth(0, authctxt->pw) == 0) - return(0); + authenticated = 0; #endif return authenticated; } @@ -167,7 +169,7 @@ done: static int user_key_allowed2(struct passwd *pw, Key *key, char *file) { - char line[8192]; + char line[SSH_MAX_PUBKEY_BYTES]; int found_key = 0; FILE *f; u_long linenum = 0; @@ -204,9 +206,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) found_key = 0; found = key_new(key->type); - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp, *key_options = NULL; - linenum++; + /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; diff --git a/openssh/auth2.c b/openssh/auth2.c index 49a76fe..48da9a9 100644 --- a/openssh/auth2.c +++ b/openssh/auth2.c @@ -35,6 +35,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "dispatch.h" #include "pathnames.h" #include "monitor_wrap.h" +#include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -44,6 +45,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; +extern Buffer loginmsg; /* methods */ @@ -206,6 +208,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) #ifdef USE_PAM if (options.use_pam) PRIVSEP(start_pam(authctxt)); +#endif +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_INVALID_USER)); #endif } #ifdef GSSAPI @@ -263,12 +268,26 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(method)) + !auth_root_allowed(method)) { authenticated = 0; +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); +#endif + } #ifdef USE_PAM - if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) - authenticated = 0; + if (options.use_pam && authenticated) { + if (!PRIVSEP(do_pam_account())) { + /* if PAM returned a message, send it to the user */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + userauth_send_banner(buffer_ptr(&loginmsg)); + packet_write_wait(); + } + fatal("Access denied for user %s by PAM account " + "configuration", authctxt->user); + } + } #endif #ifdef _UNICOS @@ -294,8 +313,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) /* now we can break out */ authctxt->success = 1; } else { - if (authctxt->failures++ > options.max_authtries) + if (authctxt->failures++ > options.max_authtries) { +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +#endif packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + } methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/openssh/canohost.c b/openssh/canohost.c index 465e6ea..3b672bd 100644 --- a/openssh/canohost.c +++ b/openssh/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $"); #include "packet.h" #include "xmalloc.h" @@ -20,7 +20,6 @@ RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $"); #include "canohost.h" static void check_ip_options(int, char *); -static void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); /* * Return the canonical name of the host at the other end of the socket. The @@ -166,7 +165,7 @@ check_ip_options(int sock, char *ipaddr) #endif /* IP_OPTIONS */ } -static void +void ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) { struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr; @@ -232,6 +231,7 @@ get_socket_address(int sock, int remote, int flags) struct sockaddr_storage addr; socklen_t addrlen; char ntop[NI_MAXHOST]; + int r; /* Get IP address of client. */ addrlen = sizeof(addr); @@ -252,9 +252,10 @@ get_socket_address(int sock, int remote, int flags) addrlen = sizeof(struct sockaddr_in6); /* Get the address in ascii. */ - if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), - NULL, 0, flags) != 0) { - error("get_socket_address: getnameinfo %d failed", flags); + if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, + sizeof(ntop), NULL, 0, flags)) != 0) { + error("get_socket_address: getnameinfo %d failed: %s", flags, + r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); return NULL; } return xstrdup(ntop); @@ -330,6 +331,7 @@ get_sock_port(int sock, int local) struct sockaddr_storage from; socklen_t fromlen; char strport[NI_MAXSERV]; + int r; /* Get IP address of client. */ fromlen = sizeof(from); @@ -351,9 +353,10 @@ get_sock_port(int sock, int local) fromlen = sizeof(struct sockaddr_in6); /* Return port number. */ - if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, - strport, sizeof(strport), NI_NUMERICSERV) != 0) - fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed"); + if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, + strport, sizeof(strport), NI_NUMERICSERV)) != 0) + fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed: %s", + r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); return atoi(strport); } diff --git a/openssh/canohost.h b/openssh/canohost.h index 2edb420..937abd2 100644 --- a/openssh/canohost.h +++ b/openssh/canohost.h @@ -25,3 +25,5 @@ int get_remote_port(void); int get_local_port(void); void resolve_localhost(char **host); + +void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/openssh/cipher-ctr.c b/openssh/cipher-ctr.c index 395dabe..43f1ede 100644 --- a/openssh/cipher-ctr.c +++ b/openssh/cipher-ctr.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $"); +RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $"); #include diff --git a/openssh/cipher.c b/openssh/cipher.c index 075a4c5..beba461 100644 --- a/openssh/cipher.c +++ b/openssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.71 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -146,7 +146,7 @@ cipher_by_name(const char *name) { Cipher *c; for (c = ciphers; c->name != NULL; c++) - if (strcasecmp(c->name, name) == 0) + if (strcmp(c->name, name) == 0) return c; return NULL; } @@ -199,8 +199,10 @@ cipher_number(const char *name) Cipher *c; if (name == NULL) return -1; - c = cipher_by_name(name); - return (c==NULL) ? -1 : c->number; + for (c = ciphers; c->name != NULL; c++) + if (strcasecmp(c->name, name) == 0) + return c->number; + return -1; } char * diff --git a/openssh/compat.c b/openssh/compat.c index 4e1c584..4086e85 100644 --- a/openssh/compat.c +++ b/openssh/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $"); #include "buffer.h" #include "packet.h" @@ -62,32 +62,28 @@ compat_datafellows(const char *version) "OpenSSH_2.1*," "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.5.0p1*," "OpenSSH_2.5.1p1*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| - SSH_OLD_GSSAPI}, + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.5.0*," "OpenSSH_2.5.1*," "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF}, - { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, - { "OpenSSH_2.9p*", SSH_OLD_GSSAPI }, + SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.*," "OpenSSH_3.0*," - "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_BUG_GSS_EMPTYUSER| - SSH_BUG_GSSAPI_BER}, - { "OpenSSH_3.2*," - "OpenSSH_3.3*," - "OpenSSH_3.4*," - "OpenSSH_3.5*," - "OpenSSH_3.6.1*", SSH_BUG_GSSAPI_BER}, + "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, + { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH*", 0 }, { "*MindTerm*", 0 }, diff --git a/openssh/compat.h b/openssh/compat.h index 682e1d6..cf92dbd 100644 --- a/openssh/compat.h +++ b/openssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.38 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: compat.h,v 1.39 2005/03/01 10:09:52 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -55,9 +55,7 @@ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 #define SSH_BUG_FIRSTKEX 0x00800000 -#define SSH_BUG_GSSAPI_BER 0x01000000 -#define SSH_OLD_GSSAPI 0x02000000 -#define SSH_BUG_GSS_EMPTYUSER 0x10000000 +#define SSH_OLD_FORWARD_ADDR 0x01000000 void enable_compat13(void); void enable_compat20(void); diff --git a/openssh/configure.ac b/openssh/configure.ac index 6f712b6..6dd54d5 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -14,7 +14,7 @@ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -AC_INIT +AC_INIT(OpenSSH, Portable) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -121,8 +121,11 @@ case "$host" in LIBS="$LIBS -ls" ]) ]) + dnl Check for various auth function declarations in headers. + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, + passwdexpired], , , [#include ]) dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECL(loginfailed, + AC_CHECK_DECLS(loginfailed, [AC_MSG_CHECKING(if loginfailed takes 4 arguments) AC_TRY_COMPILE( [#include ], @@ -135,7 +138,7 @@ case "$host" in [#include ] ) AC_CHECK_FUNCS(setauthdb) - AC_DEFINE(BROKEN_GETADDRINFO) + check_for_aix_broken_getaddrinfo=1 AC_DEFINE(BROKEN_REALPATH) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -155,7 +158,6 @@ case "$host" in AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) @@ -210,7 +212,9 @@ case "$host" in AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) check_for_hpux_broken_getaddrinfo=1 + check_for_conflicting_getspnam=1 LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -246,6 +250,8 @@ case "$host" in AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM) + AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) @@ -326,6 +332,8 @@ mips-sony-bsd|mips-sony-newsos4) *-sni-sysv*) # /usr/ucblib MUST NOT be searched on ReliantUNIX AC_CHECK_LIB(dl, dlsym, ,) + # -lresolv needs to be at then end of LIBS or DNS lookups break + AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ]) IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) @@ -338,12 +346,14 @@ mips-sony-bsd|mips-sony-newsos4) # Attention: always take care to bind libsocket and libnsl before libc, # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog ;; +# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. *-*-sysv4.2*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) ;; +# UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -352,25 +362,11 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-sysv*) ;; +# SCO UNIX and OEM versions of SCO UNIX *-*-sco3.2v4*) - CPPFLAGS="$CPPFLAGS -Dftruncate=chsize" - LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm" - RANLIB=true - no_dev_ptmx=1 - AC_DEFINE(BROKEN_SYS_TERMIO_H) - AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SECUREWARE) - AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(BROKEN_SAVED_UIDS) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_CHECK_FUNCS(getluid setluid) - MANTYPE=man - do_sco3_extra_lib_check=yes - TEST_SHELL=ksh + AC_MSG_ERROR("This Platform is no longer supported.") ;; +# SCO OpenServer 5.x *-*-sco3.2v5*) if test -z "$GCC"; then CFLAGS="$CFLAGS -belf" @@ -386,6 +382,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(BROKEN_UPDWTMPX) + AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man TEST_SHELL=ksh @@ -497,15 +494,17 @@ AC_ARG_WITH(libs, ) AC_MSG_CHECKING(compiler and flags for sanity) -AC_TRY_RUN([ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([ #include int main(){exit(0);} - ], + ])], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) - ] + ], + [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] ) # Checks for header files. @@ -516,21 +515,21 @@ AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \ sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \ - sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \ + sys/pstat.h sys/select.h sys/stat.h sys/stream.h \ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \ time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS(sys/ptms.h, [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include +#endif +]) + # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -dnl SCO OS3 needs this for libwrap -if test "x$with_tcp_wrappers" != "xno" ; then - if test "x$do_sco3_extra_lib_check" = "xyes" ; then - AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc) - fi -fi - dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ @@ -631,7 +630,7 @@ AC_ARG_WITH(zlib-version-check, ) AC_MSG_CHECKING(for zlib 1.1.4 or greater) -AC_TRY_RUN([ +AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include int main() { @@ -643,7 +642,7 @@ int main() exit(0); exit(2); } - ], + ]])], AC_MSG_RESULT(yes), [ AC_MSG_RESULT(no) if test -z "$zlib_check_nonfatal" ; then @@ -656,7 +655,8 @@ If you are in doubt, upgrade zlib to version 1.1.4 or greater.]) else AC_MSG_WARN([zlib version may have security problems]) fi - ] + ], + [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] ) dnl UnixWare 2.x @@ -710,16 +710,20 @@ AC_EGREP_CPP(FOUNDIT, ) AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) + ], + [ + AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) + AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) ] ) @@ -880,8 +884,7 @@ fi # Check whether user wants S/Key support SKEY_MSG="no" AC_ARG_WITH(skey, - [ --with-skey[[=PATH]] Enable S/Key support - (optionally in PATH)], + [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], [ if test "x$withval" != "xno" ; then @@ -922,8 +925,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } # Check whether user wants TCP wrappers support TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support - (optionally in PATH)], + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], [ if test "x$withval" != "xno" ; then saved_LIBS="$LIBS" @@ -976,12 +978,59 @@ AC_ARG_WITH(tcp-wrappers, ] ) +# Check whether user wants libedit support +LIBEDIT_MSG="no" +AC_ARG_WITH(libedit, + [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ if test "x$withval" != "xno" ; then + AC_CHECK_LIB(edit, el_init, + [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) + LIBEDIT="-ledit -lcurses" + LIBEDIT_MSG="yes" + AC_SUBST(LIBEDIT) + ], + [], [-lcurses] + ) + fi ] +) + +AUDIT_MODULE=none +AC_ARG_WITH(audit, + [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], + [ + AC_MSG_CHECKING(for supported audit module) + case "$withval" in + bsm) + AC_MSG_RESULT(bsm) + AUDIT_MODULE=bsm + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS(bsm/audit.h, [], + [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) + AC_CHECK_LIB(bsm, getaudit, [], + [AC_MSG_ERROR(BSM enabled and required library not found)]) + AC_CHECK_FUNCS(getaudit, [], + [AC_MSG_ERROR(BSM enabled and required function not found)]) + # These are optional + AC_CHECK_FUNCS(getaudit_addr) + AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) + ;; + debug) + AUDIT_MODULE=debug + AC_MSG_RESULT(debug) + AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) + ;; + *) + AC_MSG_ERROR([Unknown audit module $withval]) + ;; + esac ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ - bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \ - futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \ - getpeereid _getpty getrlimit getttyent glob inet_aton \ + bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \ + freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \ + getopt getpeereid _getpty getrlimit getttyent glob inet_aton \ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ @@ -1025,28 +1074,32 @@ AC_CHECK_DECLS(h_errno, , ,[#include ]) AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESUID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) AC_CHECK_FUNCS(setresgid, [ dnl Some platorms have setresgid that isn't implemented, test for this AC_MSG_CHECKING(if setresgid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESGID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) @@ -1072,17 +1125,18 @@ AC_CHECK_FUNC(getpagesize, # Check for broken snprintf if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_SNPRINTF) AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ] + ], + [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] ) fi @@ -1241,6 +1295,82 @@ main(void) ) fi +if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING(if getaddrinfo seems to work) + AC_TRY_RUN( + [ +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main(void) +{ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(AIX_GETNAMEINFO_HACK, [], +[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) + ], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_GETADDRINFO) + ] + ) +fi + +if test "x$check_for_conflicting_getspnam" = "x1"; then + AC_MSG_CHECKING(for conflicting getspnam in shadow.h) + AC_COMPILE_IFELSE( + [ +#include +int main(void) {exit(0);} + ], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1, + [Conflicting defs for getspnam]) + ] + ) +fi + AC_FUNC_GETPGRP # Check for PAM libs @@ -1302,6 +1432,10 @@ AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ if test "x$withval" != "xno" ; then + case "$withval" in + # Relative paths + ./*|../*) withval="`pwd`/$withval" + esac if test -d "$withval/lib"; then if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" @@ -1345,8 +1479,8 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), # Determine OpenSSL header version AC_MSG_CHECKING([OpenSSL header version]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include #include @@ -1364,7 +1498,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_header_ver=`cat conftest.sslincver` AC_MSG_RESULT($ssl_header_ver) @@ -1372,13 +1506,16 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL version header not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Determine OpenSSL library version AC_MSG_CHECKING([OpenSSL library version]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include #include @@ -1397,7 +1534,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_library_ver=`cat conftest.ssllibver` AC_MSG_RESULT($ssl_library_ver) @@ -1405,17 +1542,20 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL library not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } - ], + ]])], [ AC_MSG_RESULT(yes) ], @@ -1424,6 +1564,9 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } AC_MSG_ERROR([Your OpenSSL headers do not match your library. Check config.log for details. Also see contrib/findssl.sh for help identifying header/library mismatches.]) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) @@ -1444,12 +1587,12 @@ fi # Check wheter OpenSSL seeds itself AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) -AC_TRY_RUN( - [ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(void) { exit(RAND_status() == 1 ? 0 : 1); } - ], + ]])], [ OPENSSL_SEEDS_ITSELF=yes AC_MSG_RESULT(yes) @@ -1459,6 +1602,12 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); } # Default to use of the rand helper if OpenSSL doesn't # seed itself USE_RAND_HELPER=yes + ], + [ + AC_MSG_WARN([cross compiling: assuming yes]) + # This is safe, since all recent OpenSSL versions will + # complain at runtime if not seeded correctly. + OPENSSL_SEEDS_ITSELF=yes ] ) @@ -1843,6 +1992,10 @@ TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) +AC_CHECK_TYPES(in_addr_t,,, +[#include +#include ]) + AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_TRY_COMPILE( [ @@ -2025,8 +2178,8 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \ exit 1; else dnl test snprintf (broken on SCO w/gcc) - AC_TRY_RUN( - [ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include #ifdef HAVE_SNPRINTF @@ -2049,7 +2202,8 @@ main() #else main() { exit(0); } #endif - ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] + ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], + AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ) fi @@ -2154,13 +2308,14 @@ fi dnl make sure we're using the real structure members and not defines AC_CACHE_CHECK([for msg_accrights field in struct msghdr], ac_cv_have_accrights_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include #include #include int main() { #ifdef msg_accrights +#error "msg_accrights is a macro" exit(1); #endif struct msghdr m; @@ -2178,13 +2333,14 @@ fi AC_CACHE_CHECK([for msg_control field in struct msghdr], ac_cv_have_control_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include #include #include int main() { #ifdef msg_control +#error "msg_control is a macro" exit(1); #endif struct msghdr m; @@ -2564,6 +2720,10 @@ if test ! -z "$MAIL" ; then AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") fi +if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then + AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) + disable_ptmx_check=yes +fi if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then AC_CHECK_FILE("/dev/ptmx", @@ -2574,12 +2734,17 @@ if test -z "$no_dev_ptmx" ; then ) fi fi -AC_CHECK_FILE("/dev/ptc", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) - have_dev_ptc=1 - ] -) + +if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then + AC_CHECK_FILE("/dev/ptc", + [ + AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) + have_dev_ptc=1 + ] + ) +else + AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) +fi # Options from here on. Some of these are preset by platform above AC_ARG_WITH(mantype, @@ -2675,14 +2840,26 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],, -[ -AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) - -if test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) + [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], + [ if test "x$enableval" = "xno"; then + AC_MSG_NOTICE([/etc/default/login handling disabled]) + etc_default_login=no + else + etc_default_login=yes + fi ], + [ etc_default_login=yes ] +) + +if test "x$etc_default_login" != "xno"; then + AC_CHECK_FILE("/etc/default/login", + [ external_path_file=/etc/default/login ]) + if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then + AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) + elif test "x$external_path_file" = "x/etc/default/login"; then + AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) + fi fi -]) dnl BSD systems use /etc/login.conf so --with-default-path= has no effect if test $ac_cv_func_login_getcapbool = "yes" -a \ @@ -3116,7 +3293,8 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then fi AC_EXEEXT -AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) +AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ + scard/Makefile ssh_prng_cmds survey.sh]) AC_OUTPUT # Print summary of options @@ -3162,6 +3340,7 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" +echo " libedit support: $LIBEDIT_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" @@ -3182,7 +3361,8 @@ echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}" echo "" if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"\n" + echo "SVR4 style packages are supported with \"make package\"" + echo "" fi if test "x$PAM_MSG" = "xyes" ; then @@ -3211,3 +3391,7 @@ if test ! -z "$NO_PEERCHECK" ; then echo "" fi +if test "$AUDIT_MODULE" = "bsm" ; then + echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." + echo "See the Solaris section in README.platform for details." +fi diff --git a/openssh/contrib/findssl.sh b/openssh/contrib/findssl.sh index c01f35a..a4e8f4c 100644 --- a/openssh/contrib/findssl.sh +++ b/openssh/contrib/findssl.sh @@ -1,5 +1,7 @@ #!/bin/sh # +# $Id$ +# # findssl.sh # Search for all instances of OpenSSL headers and libraries # and print their versions. @@ -9,10 +11,11 @@ # Written by Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain. # -# $Id$ +# Release history: # 2002-07-27: Initial release. # 2002-08-04: Added public domain notice. # 2003-06-24: Incorporated readme, set library paths. First cvs version. +# 2004-12-13: Add traps to cleanup temp files, from Amarendra Godbole. # # "OpenSSL headers do not match your library" are usually caused by # OpenSSH's configure picking up an older version of OpenSSL headers @@ -63,6 +66,11 @@ CC=gcc STATIC=-static +# +# Cleanup on interrupt +# +trap 'rm -f conftest.c' INT HUP TERM + # # Set up conftest C source # diff --git a/openssh/defines.h b/openssh/defines.h index b21235f..b0891a3 100644 --- a/openssh/defines.h +++ b/openssh/defines.h @@ -288,6 +288,10 @@ struct sockaddr_un { }; #endif /* HAVE_SYS_UN_H */ +#ifndef HAVE_IN_ADDR_T +typedef u_int32_t in_addr_t; +#endif + #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) #define _STRUCT_WINSIZE struct winsize { @@ -530,6 +534,11 @@ struct winsize { # define getpgrp() getpgrp(0) #endif +#ifdef USE_BSM_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) # define OPENSSL_free(x) Free(x) @@ -644,6 +653,15 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif +/* HP-UX 11.11 */ +#ifdef BTMP_FILE +# define _PATH_BTMP BTMP_FILE +#endif + +#if defined(USE_BTMP) && defined(_PATH_BTMP) +# define CUSTOM_FAILED_LOGIN +#endif + /** end of login recorder definitions */ #endif /* _DEFINES_H */ diff --git a/openssh/gss-genr.c b/openssh/gss-genr.c index e0a0def..1ca2ff1 100644 --- a/openssh/gss-genr.c +++ b/openssh/gss-genr.c @@ -77,20 +77,12 @@ ssh_gssapi_client_mechanisms(char *host) { EVP_MD_CTX md; int oidpos=0; - if (datafellows & SSH_OLD_GSSAPI) return NULL; - gss_indicate_mechs(&min_status,&supported); - if (datafellows & SSH_BUG_GSSAPI_BER) { - gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping) - *((supported->count*2)+1)); - } else { - gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping) - *(supported->count+1)); - } + gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping) + *(supported->count+1)); buffer_init(&buf); - for (i=0;icount;i++) { gss_enc2oid[oidpos].encoded=NULL; @@ -98,44 +90,6 @@ ssh_gssapi_client_mechanisms(char *host) { if (supported->elements[i].length<128 && ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) { - /* Earlier versions of this code interpreted the - * spec incorrectly with regard to OID encoding. They - * also mis-encoded the krb5 OID. The following - * _temporary_ code interfaces with these broken - * servers */ - - if (datafellows & SSH_BUG_GSSAPI_BER) { - char *bodge=NULL; - gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}; - gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"}; - - if (supported->elements[i].length==krb5oid.length && - memcmp(supported->elements[i].elements, - krb5oid.elements, krb5oid.length)==0) { - bodge="Se3H81ismmOC3OE+FwYCiQ=="; - } - - if (supported->elements[i].length==gsioid.length && - memcmp(supported->elements[i].elements, - gsioid.elements, gsioid.length)==0) { - bodge="N3+k7/4wGxHyuP8Yxi4RhA=="; - } - - if (bodge) { - if (oidpos!=0) { - buffer_put_char(&buf,','); - } - - buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1); - buffer_append(&buf, bodge, strlen(bodge)); - - gss_enc2oid[oidpos].oid=&(supported->elements[i]); - gss_enc2oid[oidpos].encoded=bodge; - - oidpos++; - } - } - /* Add the required DER encoding octets and MD5 hash */ deroid[0]=0x06; /* Object Identifier */ deroid[1]=supported->elements[i].length; diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c index 865a748..e3604f6 100644 --- a/openssh/gss-serv.c +++ b/openssh/gss-serv.c @@ -356,8 +356,6 @@ ssh_gssapi_server_mechanisms() { int present; char * mechs; - if (datafellows & SSH_OLD_GSSAPI) return NULL; - ssh_gssapi_supported_oids(&supported); buffer_init(&buf); diff --git a/openssh/includes.h b/openssh/includes.h index 3a6b4c3..3d3aa3b 100644 --- a/openssh/includes.h +++ b/openssh/includes.h @@ -185,7 +185,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. */ -#ifdef __hpux +#ifdef GETSPNAM_CONFLICTING_DEFS # ifdef _INCLUDE__STDC__ # undef _INCLUDE__STDC__ # endif diff --git a/openssh/key.c b/openssh/key.c index 2cf75ce..51d3cfe 100644 --- a/openssh/key.c +++ b/openssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.56 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $"); #include @@ -683,8 +683,8 @@ Key * key_from_blob(const u_char *blob, u_int blen) { Buffer b; - char *ktype; int rlen, type; + char *ktype = NULL; Key *key = NULL; #ifdef DEBUG_PK @@ -692,24 +692,38 @@ key_from_blob(const u_char *blob, u_int blen) #endif buffer_init(&b); buffer_append(&b, blob, blen); - ktype = buffer_get_string(&b, NULL); + if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) { + error("key_from_blob: can't read key type"); + goto out; + } + type = key_type_from_name(ktype); switch (type) { case KEY_RSA: key = key_new(type); - buffer_get_bignum2(&b, key->rsa->e); - buffer_get_bignum2(&b, key->rsa->n); + if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + error("key_from_blob: can't read rsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif break; case KEY_DSA: key = key_new(type); - buffer_get_bignum2(&b, key->dsa->p); - buffer_get_bignum2(&b, key->dsa->q); - buffer_get_bignum2(&b, key->dsa->g); - buffer_get_bignum2(&b, key->dsa->pub_key); + if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { + error("key_from_blob: can't read dsa key"); + key_free(key); + key = NULL; + goto out; + } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif @@ -719,12 +733,14 @@ key_from_blob(const u_char *blob, u_int blen) break; default: error("key_from_blob: cannot handle type %s", ktype); - break; + goto out; } rlen = buffer_len(&b); if (key != NULL && rlen != 0) error("key_from_blob: remaining bytes in key blob %d", rlen); - xfree(ktype); + out: + if (ktype != NULL) + xfree(ktype); buffer_free(&b); return key; } diff --git a/openssh/log.c b/openssh/log.c index 5d8625d..e55a54f 100644 --- a/openssh/log.c +++ b/openssh/log.c @@ -193,6 +193,9 @@ debug3(const char *fmt,...) void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + struct syslog_data sdata = SYSLOG_DATA_INIT; +#endif argv0 = av0; switch (level) { @@ -261,6 +264,19 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) (int) facility); exit(1); } + + /* + * If an external library (eg libwrap) attempts to use syslog + * immediately after reexec, syslog may be pointing to the wrong + * facility, so we force an open/close of syslog here. + */ +#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) + openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); + closelog_r(&sdata); +#else + openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); + closelog(); +#endif } #define MSGBUFSIZ 1024 diff --git a/openssh/misc.c b/openssh/misc.c index bba0382..eebb402 100644 --- a/openssh/misc.c +++ b/openssh/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $"); #include "misc.h" #include "log.h" @@ -293,6 +293,48 @@ convtime(const char *s) return total; } +/* + * Search for next delimiter between hostnames/addresses and ports. + * Argument may be modified (for termination). + * Returns *cp if parsing succeeds. + * *cp is set to the start of the next delimiter, if one was found. + * If this is the last field, *cp is set to NULL. + */ +char * +hpdelim(char **cp) +{ + char *s, *old; + + if (cp == NULL || *cp == NULL) + return NULL; + + old = s = *cp; + if (*s == '[') { + if ((s = strchr(s, ']')) == NULL) + return NULL; + else + s++; + } else if ((s = strpbrk(s, ":/")) == NULL) + s = *cp + strlen(*cp); /* skip to end (see first case below) */ + + switch (*s) { + case '\0': + *cp = NULL; /* no more fields*/ + break; + + case ':': + case '/': + *s = '\0'; /* terminate */ + *cp = s + 1; + break; + + default: + return NULL; + } + + return old; +} + char * cleanhostname(char *host) { @@ -350,3 +392,26 @@ addargs(arglist *args, char *fmt, ...) args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } + +/* + * Read an entire line from a public key file into a static buffer, discarding + * lines that exceed the buffer size. Returns 0 on success, -1 on failure. + */ +int +read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, + u_long *lineno) +{ + while (fgets(buf, bufsz, f) != NULL) { + (*lineno)++; + if (buf[strlen(buf) - 1] == '\n' || feof(f)) { + return 0; + } else { + debug("%s: %s line %lu exceeds size limit", __func__, + filename, *lineno); + /* discard remainder of line */ + while(fgetc(f) != '\n' && !feof(f)) + ; /* nothing */ + } + } + return -1; +} diff --git a/openssh/moduli.c b/openssh/moduli.c index 581b035..8b05248 100644 --- a/openssh/moduli.c +++ b/openssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -56,7 +56,7 @@ #define QTYPE_UNKNOWN (0) #define QTYPE_UNSTRUCTURED (1) #define QTYPE_SAFE (2) -#define QTYPE_SCHNOOR (3) +#define QTYPE_SCHNORR (3) #define QTYPE_SOPHIE_GERMAIN (4) #define QTYPE_STRONG (5) @@ -530,7 +530,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) break; case QTYPE_UNSTRUCTURED: case QTYPE_SAFE: - case QTYPE_SCHNOOR: + case QTYPE_SCHNORR: case QTYPE_STRONG: case QTYPE_UNKNOWN: debug2("%10u: (%u)", count_in, in_type); diff --git a/openssh/monitor.c b/openssh/monitor.c index eecd9d4..0ccb1be 100644 --- a/openssh/monitor.c +++ b/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $"); #include @@ -153,6 +153,11 @@ int mm_answer_gss_indicate_mechs(int, Buffer *); int mm_answer_gss_localname(int, Buffer *); #endif +#ifdef SSH_AUDIT_EVENTS +int mm_answer_audit_event(int, Buffer *); +int mm_answer_audit_command(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -196,6 +201,9 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, +#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, @@ -232,6 +240,10 @@ struct mon_table mon_dispatch_postauth20[] = { {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -266,6 +278,9 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, +#endif +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, #endif {0, 0, NULL} }; @@ -274,6 +289,10 @@ struct mon_table mon_dispatch_postauth15[] = { {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, +#endif {0, 0, NULL} }; @@ -652,6 +671,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); #endif +#ifdef SSH_AUDIT_EVENTS + monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1); +#endif return (0); } @@ -853,6 +875,9 @@ mm_answer_pam_account(int sock, Buffer *m) ret = do_pam_account(); buffer_put_int(m, ret); + buffer_append(&loginmsg, "\0", 1); + buffer_put_cstring(m, buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); @@ -1340,7 +1365,7 @@ mm_answer_sesskey(int sock, Buffer *m) int rsafail; /* Turn off permissions */ - monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); if ((p = BN_new()) == NULL) fatal("%s: BN_new", __func__); @@ -1531,6 +1556,50 @@ mm_answer_term(int sock, Buffer *req) exit(res); } +#ifdef SSH_AUDIT_EVENTS +/* Report that an audit event occurred */ +int +mm_answer_audit_event(int socket, Buffer *m) +{ + ssh_audit_event_t event; + + debug3("%s entering", __func__); + + event = buffer_get_int(m); + buffer_free(m); + switch(event) { + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_ROOT_DENIED: + case SSH_CONNECTION_CLOSE: + case SSH_INVALID_USER: + audit_event(event); + break; + default: + fatal("Audit event type %d not permitted", event); + } + + return (0); +} + +int +mm_answer_audit_command(int socket, Buffer *m) +{ + u_int len; + char *cmd; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); + /* sanity check command, if so how? */ + audit_run_command(cmd); + xfree(cmd); + buffer_free(m); + return (0); +} +#endif /* SSH_AUDIT_EVENTS */ + void monitor_apply_keystate(struct monitor *pmonitor) { diff --git a/openssh/monitor.h b/openssh/monitor.h index 705d86d..cfce700 100644 --- a/openssh/monitor.h +++ b/openssh/monitor.h @@ -63,6 +63,7 @@ enum monitor_reqtype { MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, MONITOR_REQ_TERM }; diff --git a/openssh/monitor_mm.c b/openssh/monitor_mm.c index ff523a5..b0ec37c 100644 --- a/openssh/monitor_mm.c +++ b/openssh/monitor_mm.c @@ -92,7 +92,7 @@ mm_create(struct mm_master *mmalloc, size_t size) mm->mmalloc = mmalloc; address = xmmap(size); - if (address == MAP_FAILED) + if (address == (void *)MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); mm->address = address; diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c index dfbfa77..6731097 100644 --- a/openssh/monitor_wrap.c +++ b/openssh/monitor_wrap.c @@ -72,6 +72,7 @@ extern struct monitor *pmonitor; extern Buffer input, output; extern Buffer loginmsg; extern ServerOptions options; +extern Buffer loginmsg; int mm_is_monitor(void) @@ -716,6 +717,7 @@ mm_do_pam_account(void) { Buffer m; u_int ret; + char *msg; debug3("%s entering", __func__); if (!options.use_pam) @@ -727,6 +729,9 @@ mm_do_pam_account(void) mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_ACCOUNT, &m); ret = buffer_get_int(&m); + msg = buffer_get_string(&m, NULL); + buffer_append(&loginmsg, msg, strlen(msg)); + xfree(msg); buffer_free(&m); @@ -1098,6 +1103,36 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } +#ifdef SSH_AUDIT_EVENTS +void +mm_audit_event(ssh_audit_event_t event) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_int(&m, event); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); + buffer_free(&m); +} + +void +mm_audit_run_command(const char *command) +{ + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); + buffer_free(&m); +} +#endif /* SSH_AUDIT_EVENTS */ + #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) diff --git a/openssh/monitor_wrap.h b/openssh/monitor_wrap.h index 64f5068..dfc995f 100644 --- a/openssh/monitor_wrap.h +++ b/openssh/monitor_wrap.h @@ -80,6 +80,12 @@ int mm_sshpam_respond(void *, u_int, char **); void mm_sshpam_free_ctx(void *); #endif +#ifdef SSH_AUDIT_EVENTS +#include "audit.h" +void mm_audit_event(ssh_audit_event_t); +void mm_audit_run_command(const char *); +#endif + struct Session; void mm_terminate(void); int mm_pty_allocate(int *, int *, char *, int); diff --git a/openssh/openbsd-compat/bsd-misc.h b/openssh/openbsd-compat/bsd-misc.h index f746653..e8e95ce 100644 --- a/openssh/openbsd-compat/bsd-misc.h +++ b/openssh/openbsd-compat/bsd-misc.h @@ -67,10 +67,6 @@ int utimes(char *, struct timeval *); int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -int setgroups(size_t, const gid_t *); -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) #ifndef HAVE_STRUCT_TIMESPEC struct timespec { diff --git a/openssh/openbsd-compat/bsd-openpty.c b/openssh/openbsd-compat/bsd-openpty.c index daf5f8b..8eb62b7 100644 --- a/openssh/openbsd-compat/bsd-openpty.c +++ b/openssh/openbsd-compat/bsd-openpty.c @@ -102,7 +102,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, return (-1); } -#ifndef HAVE_CYGWIN /* * Try to push the appropriate streams modules, as described * in Solaris pts(7). @@ -112,7 +111,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); # endif /* __hpux */ -#endif /* HAVE_CYGWIN */ return (0); diff --git a/openssh/openbsd-compat/fake-rfc2553.h b/openssh/openbsd-compat/fake-rfc2553.h index 0928ef7..fcf0805 100644 --- a/openssh/openbsd-compat/fake-rfc2553.h +++ b/openssh/openbsd-compat/fake-rfc2553.h @@ -117,6 +117,7 @@ struct sockaddr_in6 { # define EAI_NODATA 1 # define EAI_MEMORY 2 # define EAI_NONAME 3 +# define EAI_SYSTEM 4 #endif #ifndef HAVE_STRUCT_ADDRINFO diff --git a/openssh/openbsd-compat/getrrsetbyname.c b/openssh/openbsd-compat/getrrsetbyname.c index 660427c..4e869c4 100644 --- a/openssh/openbsd-compat/getrrsetbyname.c +++ b/openssh/openbsd-compat/getrrsetbyname.c @@ -277,7 +277,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, /* allocate memory for signatures */ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { + if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) { result = ERRSET_NOMEMORY; goto fail; } diff --git a/openssh/openbsd-compat/port-aix.c b/openssh/openbsd-compat/port-aix.c index 78f4fae..fa6a4ff 100644 --- a/openssh/openbsd-compat/port-aix.c +++ b/openssh/openbsd-compat/port-aix.c @@ -1,6 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. + * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -27,19 +28,15 @@ #include "auth.h" #include "ssh.h" #include "log.h" -#include "servconf.h" -#include "canohost.h" #include "xmalloc.h" #include "buffer.h" #ifdef _AIX #include +#include #include "port-aix.h" -extern ServerOptions options; -extern Buffer loginmsg; - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif @@ -51,6 +48,8 @@ static char old_registry[REGISTRY_SIZE] = ""; * NOTE: TTY= should be set, but since no one uses it and it's hard to * acquire due to privsep code. We will just drop support. */ + + void aix_usrinfo(struct passwd *pw) { @@ -91,6 +90,59 @@ aix_remove_embedded_newlines(char *p) *p = '\0'; } +/* + * Test specifically for the case where SYSTEM == NONE and AUTH1 contains + * anything other than NONE or SYSTEM, which indicates that the admin has + * configured the account for purely AUTH1-type authentication. + * + * Since authenticate() doesn't check AUTH1, and sshd can't sanely support + * AUTH1 itself, in such a case authenticate() will allow access without + * authentation, which is almost certainly not what the admin intends. + * + * (The native tools, eg login, will process the AUTH1 list in addition to + * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods + * have been deprecated since AIX 4.2.x and would be very difficult for sshd + * to support. + * + * Returns 0 if an unsupportable combination is found, 1 otherwise. + */ +static int +aix_valid_authentications(const char *user) +{ + char *auth1, *sys, *p; + int valid = 1; + + if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { + logit("Can't retrieve attribute SYSTEM for %s: %.100s", + user, strerror(errno)); + return 0; + } + + debug3("AIX SYSTEM attribute %s", sys); + if (strcmp(sys, "NONE") != 0) + return 1; /* not "NONE", so is OK */ + + if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { + logit("Can't retrieve attribute auth1 for %s: %.100s", + user, strerror(errno)); + return 0; + } + + p = auth1; + /* A SEC_LIST is concatenated strings, ending with two NULs. */ + while (p[0] != '\0' && p[1] != '\0') { + debug3("AIX auth1 attribute list member %s", p); + if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { + logit("Account %s has unsupported auth1 value '%s'", + user, p); + valid = 0; + } + p += strlen(p) + 1; + } + + return (valid); +} + /* * Do authentication via AIX's authenticate routine. We loop until the * reenter parameter is 0, but normally authenticate is called only once. @@ -99,7 +151,7 @@ aix_remove_embedded_newlines(char *p) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) { char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; @@ -112,6 +164,9 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) authmsg); } while (reenter); + if (!aix_valid_authentications(name)) + result = -1; + if (result == 0) { authsuccess = 1; @@ -126,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); @@ -136,7 +191,6 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) break; case 1: /* expired, password change required */ ctxt->force_pwchange = 1; - disable_forwarding(); break; default: /* user can't change(2) or other error (-1) */ logit("Password can't be changed for user %s: %.100s", @@ -160,7 +214,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) * Returns 1 if login is allowed, 0 if not allowed. */ int -sys_auth_allowed_user(struct passwd *pw) +sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) { char *msg = NULL; int result, permitted = 0; @@ -187,7 +241,7 @@ sys_auth_allowed_user(struct passwd *pw) if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) permitted = 1; else if (msg != NULL) - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); if (msg == NULL) msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); @@ -200,17 +254,18 @@ sys_auth_allowed_user(struct passwd *pw) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm) +sys_auth_record_login(const char *user, const char *host, const char *ttynm, + Buffer *loginmsg) { char *msg; int success = 0; aix_setauthdb(user); - if (loginsuccess((char *)user, host, ttynm, &msg) == 0) { + if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { success = 1; if (msg != NULL) { - debug("AIX/loginsuccess: msg %s", __func__, msg); - buffer_append(&loginmsg, msg, strlen(msg)); + debug("AIX/loginsuccess: msg %s", msg); + buffer_append(loginmsg, msg, strlen(msg)); xfree(msg); } } @@ -223,18 +278,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { - char *hostname = (char *)get_canonical_hostname(options.use_dns); - if (geteuid() != 0) return; aix_setauthdb(user); # ifdef AIX_LOGINFAILED_4ARG - loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); + loginfailed((char *)user, (char *)hostname, (char *)ttyname, + AUDIT_FAIL_AUTH); # else - loginfailed((char *)user, hostname, (char *)ttyname); + loginfailed((char *)user, (char *)hostname, (char *)ttyname); # endif aix_restoreauthdb(); } @@ -291,4 +345,33 @@ aix_restoreauthdb(void) # endif /* WITH_AIXAUTHENTICATE */ +# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) +# undef getnameinfo +/* + * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros + * IPv6 address into its textual representation ("::"), so we wrap it + * with a function that will. + */ +int +sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in6 *sa6; + u_int32_t *a6; + + if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && + sa->sa_family == AF_INET6) { + sa6 = (struct sockaddr_in6 *)sa; + a6 = sa6->sin6_addr.u6_addr.u6_addr32; + + if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { + strlcpy(host, "::", hostlen); + snprintf(serv, servlen, "%d", sa6->sin6_port); + return 0; + } + } + return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); +} +# endif /* AIX_GETNAMEINFO_HACK */ + #endif /* _AIX */ diff --git a/openssh/openbsd-compat/port-aix.h b/openssh/openbsd-compat/port-aix.h index f1a9965..4f0080e 100644 --- a/openssh/openbsd-compat/port-aix.h +++ b/openssh/openbsd-compat/port-aix.h @@ -27,6 +27,13 @@ #ifdef _AIX +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include /* for seteuid() */ +#endif + #ifdef WITH_AIXAUTHENTICATE # include # include @@ -37,6 +44,28 @@ # include #endif +#include "buffer.h" + +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); +/* these may or may not be in the headers depending on the version */ +#if (HAVE_DECL_AUTHENTICATE == 0) +int authenticate(char *, char *, int *, char **); +#endif +#if (HAVE_DECL_LOGINFAILED == 0) +int loginfailed(char *, char *, char *); +#endif +#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +int loginrestrictions(char *, int, char *, char **); +#endif +#if (HAVE_DECL_LOGINSUCCESS == 0) +int loginsuccess(char *, char *, char *, char **); +#endif +#if (HAVE_DECL_PASSWDEXPIRED == 0) +int passwdexpired(char *, char **); +#endif + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type @@ -65,14 +94,23 @@ void aix_usrinfo(struct passwd *); #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_SYS_AUTH_PASSWD 1 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *); +int sys_auth_allowed_user(struct passwd *, Buffer *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, const char *); +int sys_auth_record_login(const char *, const char *, const char *, Buffer *); # define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); #endif void aix_setauthdb(const char *); void aix_restoreauthdb(void); void aix_remove_embedded_newlines(char *); + +#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) +# ifdef getnameinfo +# undef getnameinfo +# endif +int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) +#endif + #endif /* _AIX */ diff --git a/openssh/openbsd-compat/xmmap.c b/openssh/openbsd-compat/xmmap.c index d136a34..d853031 100644 --- a/openssh/openbsd-compat/xmmap.c +++ b/openssh/openbsd-compat/xmmap.c @@ -47,7 +47,7 @@ void *xmmap(size_t size) # endif #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" - if (address == MAP_FAILED) { + if (address == (void *)MAP_FAILED) { char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; int tmpfd; mode_t old_umask; diff --git a/openssh/packet.c b/openssh/packet.c index 82a5694..7c150fd 100644 --- a/openssh/packet.c +++ b/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -981,6 +981,8 @@ packet_read_poll1(void) buffer_len(&compression_buffer)); } type = buffer_get_char(&incoming_packet); + if (type < SSH_MSG_MIN || type > SSH_MSG_MAX) + packet_disconnect("Invalid ssh1 packet type: %d", type); return type; } @@ -1093,6 +1095,8 @@ packet_read_poll2(u_int32_t *seqnr_p) * return length of payload (without type field) */ type = buffer_get_char(&incoming_packet); + if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN) + packet_disconnect("Invalid ssh2 packet type: %d", type); if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_IN); #ifdef PACKET_DEBUG diff --git a/openssh/readconf.c b/openssh/readconf.c index 76dc42e..d18ca3c 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -106,7 +106,7 @@ typedef enum { oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, + oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oDeprecated, oUnsupported } OpCodes; @@ -199,6 +199,7 @@ static struct { { "sendenv", oSendEnv }, { "controlpath", oControlPath }, { "controlmaster", oControlMaster }, + { "hashknownhosts", oHashKnownHosts }, { NULL, oBadOption } }; @@ -208,21 +209,23 @@ static struct { */ void -add_local_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_local_forward(Options *options, const Forward *newfwd) { Forward *fwd; #ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; - if (port < IPPORT_RESERVED && original_real_uid != 0) + if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); #endif if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->local_forwards[options->num_local_forwards++]; - fwd->port = port; - fwd->host = xstrdup(host); - fwd->host_port = host_port; + + fwd->listen_host = (newfwd->listen_host == NULL) ? + NULL : xstrdup(newfwd->listen_host); + fwd->listen_port = newfwd->listen_port; + fwd->connect_host = xstrdup(newfwd->connect_host); + fwd->connect_port = newfwd->connect_port; } /* @@ -231,17 +234,19 @@ add_local_forward(Options *options, u_short port, const char *host, */ void -add_remote_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_remote_forward(Options *options, const Forward *newfwd) { Forward *fwd; if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many remote forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->remote_forwards[options->num_remote_forwards++]; - fwd->port = port; - fwd->host = xstrdup(host); - fwd->host_port = host_port; + + fwd->listen_host = (newfwd->listen_host == NULL) ? + NULL : xstrdup(newfwd->listen_host); + fwd->listen_port = newfwd->listen_port; + fwd->connect_host = xstrdup(newfwd->connect_host); + fwd->connect_port = newfwd->connect_port; } static void @@ -249,11 +254,15 @@ clear_forwardings(Options *options) { int i; - for (i = 0; i < options->num_local_forwards; i++) - xfree(options->local_forwards[i].host); + for (i = 0; i < options->num_local_forwards; i++) { + xfree(options->local_forwards[i].listen_host); + xfree(options->local_forwards[i].connect_host); + } options->num_local_forwards = 0; - for (i = 0; i < options->num_remote_forwards; i++) - xfree(options->remote_forwards[i].host); + for (i = 0; i < options->num_remote_forwards; i++) { + xfree(options->remote_forwards[i].listen_host); + xfree(options->remote_forwards[i].connect_host); + } options->num_remote_forwards = 0; } @@ -286,11 +295,10 @@ process_config_line(Options *options, const char *host, char *line, const char *filename, int linenum, int *activep) { - char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; + char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; int opcode, *intptr, value; size_t len; - u_short fwd_port, fwd_host_port; - char sfwd_host_port[6]; + Forward fwd; /* Strip trailing whitespace */ for(len = strlen(line) - 1; len > 0; len--) { @@ -651,30 +659,26 @@ parse_int: case oLocalForward: case oRemoteForward: arg = strdelim(&s); - if (!arg || *arg == '\0') + if (arg == NULL || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - if ((fwd_port = a2port(arg)) == 0) - fatal("%.200s line %d: Bad listen port.", + arg2 = strdelim(&s); + if (arg2 == NULL || *arg2 == '\0') + fatal("%.200s line %d: Missing target argument.", filename, linenum); - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing second argument.", - filename, linenum); - if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 && - sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2) + + /* construct a string for parse_forward */ + snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); + + if (parse_forward(&fwd, fwdarg) == 0) fatal("%.200s line %d: Bad forwarding specification.", filename, linenum); - if ((fwd_host_port = a2port(sfwd_host_port)) == 0) - fatal("%.200s line %d: Bad forwarding port.", - filename, linenum); + if (*activep) { if (opcode == oLocalForward) - add_local_forward(options, fwd_port, buf, - fwd_host_port); + add_local_forward(options, &fwd); else if (opcode == oRemoteForward) - add_remote_forward(options, fwd_port, buf, - fwd_host_port); + add_remote_forward(options, &fwd); } break; @@ -683,12 +687,25 @@ parse_int: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - fwd_port = a2port(arg); - if (fwd_port == 0) + memset(&fwd, '\0', sizeof(fwd)); + fwd.connect_host = "socks"; + fwd.listen_host = hpdelim(&arg); + if (fwd.listen_host == NULL || + strlen(fwd.listen_host) >= NI_MAXHOST) + fatal("%.200s line %d: Bad forwarding specification.", + filename, linenum); + if (arg) { + fwd.listen_port = a2port(arg); + fwd.listen_host = cleanhostname(fwd.listen_host); + } else { + fwd.listen_port = a2port(fwd.listen_host); + fwd.listen_host = ""; + } + if (fwd.listen_port == 0) fatal("%.200s line %d: Badly formatted port number.", filename, linenum); if (*activep) - add_local_forward(options, fwd_port, "socks", 0); + add_local_forward(options, &fwd); break; case oClearAllForwardings: @@ -764,6 +781,8 @@ parse_int: if (strchr(arg, '=') != NULL) fatal("%s line %d: Invalid environment name.", filename, linenum); + if (!*activep) + continue; if (options->num_send_env >= MAX_SEND_ENV) fatal("%s line %d: too many send env.", filename, linenum); @@ -780,6 +799,10 @@ parse_int: intptr = &options->control_master; goto parse_yesnoask; + case oHashKnownHosts: + intptr = &options->hash_known_hosts; + goto parse_flag; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -924,6 +947,7 @@ initialize_options(Options * options) options->num_send_env = 0; options->control_path = NULL; options->control_master = -1; + options->hash_known_hosts = -1; } /* @@ -1048,9 +1072,76 @@ fill_default_options(Options * options) options->server_alive_count_max = 3; if (options->control_master == -1) options->control_master = 0; + if (options->hash_known_hosts == -1) + options->hash_known_hosts = 0; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ } + +/* + * parse_forward + * parses a string containing a port forwarding specification of the form: + * [listenhost:]listenport:connecthost:connectport + * returns number of arguments parsed or zero on error + */ +int +parse_forward(Forward *fwd, const char *fwdspec) +{ + int i; + char *p, *cp, *fwdarg[4]; + + memset(fwd, '\0', sizeof(*fwd)); + + cp = p = xstrdup(fwdspec); + + /* skip leading spaces */ + while (*cp && isspace(*cp)) + cp++; + + for (i = 0; i < 4; ++i) + if ((fwdarg[i] = hpdelim(&cp)) == NULL) + break; + + /* Check for trailing garbage in 4-arg case*/ + if (cp != NULL) + i = 0; /* failure */ + + switch (i) { + case 3: + fwd->listen_host = NULL; + fwd->listen_port = a2port(fwdarg[0]); + fwd->connect_host = xstrdup(cleanhostname(fwdarg[1])); + fwd->connect_port = a2port(fwdarg[2]); + break; + + case 4: + fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); + fwd->listen_port = a2port(fwdarg[1]); + fwd->connect_host = xstrdup(cleanhostname(fwdarg[2])); + fwd->connect_port = a2port(fwdarg[3]); + break; + default: + i = 0; /* failure */ + } + + xfree(p); + + if (fwd->listen_port == 0 && fwd->connect_port == 0) + goto fail_free; + + if (fwd->connect_host != NULL && + strlen(fwd->connect_host) >= NI_MAXHOST) + goto fail_free; + + return (i); + + fail_free: + if (fwd->connect_host != NULL) + xfree(fwd->connect_host); + if (fwd->listen_host != NULL) + xfree(fwd->listen_host); + return (0); +} diff --git a/openssh/readconf.h b/openssh/readconf.h index ec5116b..a902993 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.64 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $ */ /* * Author: Tatu Ylonen @@ -21,9 +21,10 @@ /* Data structure for representing a forwarding request. */ typedef struct { - u_short port; /* Port to forward. */ - char *host; /* Host to connect. */ - u_short host_port; /* Port to connect on host. */ + char *listen_host; /* Host (address) to listen on. */ + u_short listen_port; /* Port to forward. */ + char *connect_host; /* Host to connect. */ + u_short connect_port; /* Port to connect on connect_host. */ } Forward; /* Data structure for representing option data. */ @@ -114,17 +115,20 @@ typedef struct { char *control_path; int control_master; + + int hash_known_hosts; } Options; void initialize_options(Options *); void fill_default_options(Options *); int read_config_file(const char *, const char *, Options *, int); +int parse_forward(Forward *, const char *); int process_config_line(Options *, const char *, char *, const char *, int, int *); -void add_local_forward(Options *, u_short, const char *, u_short); -void add_remote_forward(Options *, u_short, const char *, u_short); +void add_local_forward(Options *, const Forward *); +void add_remote_forward(Options *, const Forward *); #endif /* READCONF_H */ diff --git a/openssh/servconf.c b/openssh/servconf.c index a959c4b..66212eb 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $"); #include "ssh.h" #include "log.h" @@ -26,8 +26,6 @@ RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); -/* AF_UNSPEC or AF_INET or AF_INET6 */ -extern int IPv4or6; /* Use of privilege separation or not */ extern int use_privsep; @@ -45,6 +43,7 @@ initialize_server_options(ServerOptions *options) options->num_ports = 0; options->ports_from_cmdline = 0; options->listen_addrs = NULL; + options->address_family = -1; options->num_host_key_files = 0; options->pid_file = NULL; options->server_key_bits = -1; @@ -269,7 +268,8 @@ typedef enum { #ifdef SESSION_HOOKS sAllowSessionHooks, sSessionHookStartupCmd, sSessionHookShutdownCmd, #endif - sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sTCPKeepAlive, @@ -354,6 +354,7 @@ static struct { { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ { "checkmail", sDeprecated }, { "listenaddress", sListenAddress }, + { "addressfamily", sAddressFamily }, { "printmotd", sPrintMotd }, { "printlastlog", sPrintLastLog }, { "ignorerhosts", sIgnoreRhosts }, @@ -420,6 +421,8 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port) if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; + if (options->address_family == -1) + options->address_family = AF_UNSPEC; if (port == 0) for (i = 0; i < options->num_ports; i++) add_one_listen_addr(options, addr, options->ports[i]); @@ -435,7 +438,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) int gaierr; memset(&hints, 0, sizeof(hints)); - hints.ai_family = IPv4or6; + hints.ai_family = options->address_family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; snprintf(strport, sizeof strport, "%u", port); @@ -456,6 +459,7 @@ process_server_config_line(ServerOptions *options, char *line, char *cp, **charptr, *arg, *p; int *intptr, value, i, n; ServerOpCodes opcode; + u_short port; cp = line; arg = strdelim(&cp); @@ -528,39 +532,40 @@ parse_time: case sListenAddress: arg = strdelim(&cp); - if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0) - fatal("%s line %d: missing inet addr.", + if (arg == NULL || *arg == '\0') + fatal("%s line %d: missing address", filename, linenum); - if (*arg == '[') { - if ((p = strchr(arg, ']')) == NULL) - fatal("%s line %d: bad ipv6 inet addr usage.", - filename, linenum); - arg++; - memmove(p, p+1, strlen(p+1)+1); - } else if (((p = strchr(arg, ':')) == NULL) || - (strchr(p+1, ':') != NULL)) { - add_listen_addr(options, arg, 0); - break; - } - if (*p == ':') { - u_short port; + p = hpdelim(&arg); + if (p == NULL) + fatal("%s line %d: bad address:port usage", + filename, linenum); + p = cleanhostname(p); + if (arg == NULL) + port = 0; + else if ((port = a2port(arg)) == 0) + fatal("%s line %d: bad port number", filename, linenum); - p++; - if (*p == '\0') - fatal("%s line %d: bad inet addr:port usage.", - filename, linenum); - else { - *(p-1) = '\0'; - if ((port = a2port(p)) == 0) - fatal("%s line %d: bad port number.", - filename, linenum); - add_listen_addr(options, arg, port); - } - } else if (*p == '\0') - add_listen_addr(options, arg, 0); + add_listen_addr(options, p, port); + + break; + + case sAddressFamily: + arg = strdelim(&cp); + intptr = &options->address_family; + if (options->listen_addrs != NULL) + fatal("%s line %d: address family must be specified before " + "ListenAddress.", filename, linenum); + if (strcasecmp(arg, "inet") == 0) + value = AF_INET; + else if (strcasecmp(arg, "inet6") == 0) + value = AF_INET6; + else if (strcasecmp(arg, "any") == 0) + value = AF_UNSPEC; else - fatal("%s line %d: bad inet addr usage.", - filename, linenum); + fatal("%s line %d: unsupported address family \"%s\".", + filename, linenum, arg); + if (*intptr == -1) + *intptr = value; break; case sHostKeyFile: @@ -760,7 +765,23 @@ parse_flag: case sGatewayPorts: intptr = &options->gateway_ports; - goto parse_flag; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing yes/no/clientspecified " + "argument.", filename, linenum); + value = 0; /* silence compiler */ + if (strcmp(arg, "clientspecified") == 0) + value = 2; + else if (strcmp(arg, "yes") == 0) + value = 1; + else if (strcmp(arg, "no") == 0) + value = 0; + else + fatal("%s line %d: Bad yes/no/clientspecified " + "argument: %s", filename, linenum, arg); + if (*intptr == -1) + *intptr = value; + break; case sUseDNS: intptr = &options->use_dns; diff --git a/openssh/servconf.h b/openssh/servconf.h index 7ce7f7f..0a57e1c 100644 --- a/openssh/servconf.h +++ b/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */ /* * Author: Tatu Ylonen @@ -43,6 +43,7 @@ typedef struct { u_short ports[MAX_PORTS]; /* Port number to listen on. */ char *listen_addr; /* Address on which the server listens. */ struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ + int address_family; /* Address family used by the server. */ char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ int num_host_key_files; /* Number of files for host keys. */ char *pid_file; /* Where to put our pid */ diff --git a/openssh/session.c b/openssh/session.c index 09c3fe1..1227af8 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -265,6 +265,10 @@ do_authenticated1(Authctxt *authctxt) u_int proto_len, data_len, dlen, compression_level = 0; s = session_new(); + if (s == NULL) { + error("no more sessions"); + return; + } s->authctxt = authctxt; s->pw = authctxt->pw; @@ -709,6 +713,18 @@ do_exec(Session *s, const char *command) } #endif +#ifdef SSH_AUDIT_EVENTS + if (command != NULL) + PRIVSEP(audit_run_command(command)); + else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; + PRIVSEP(audit_run_command(shell)); + } +#endif + if (s->ttyfd != -1) do_exec_pty(s, command); else @@ -1130,7 +1146,13 @@ do_setup_env(Session *s, const char *shell) * The Windows environment contains some setting which are * important for a running system. They must not be dropped. */ - copy_environment(environ, &env, &envsize); + { + char **p; + + p = fetch_windows_environment(); + copy_environment(p, &env, &envsize); + free_windows_environment(p); + } #endif #ifdef GSSAPI @@ -1248,14 +1270,24 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); #endif /* _UNICOS */ + /* + * Since we clear KRB5CCNAME at startup, if it's set now then it + * must have been set by a native authentication method (eg AIX or + * SIA), so copy it to the child. + */ + { + char *cp; + + if ((cp = getenv("KRB5CCNAME")) != NULL) + child_set_env(&env, &envsize, "KRB5CCNAME", cp); + } + #ifdef _AIX { char *cp; if ((cp = getenv("AUTHSTATE")) != NULL) child_set_env(&env, &envsize, "AUTHSTATE", cp); - if ((cp = getenv("KRB5CCNAME")) != NULL) - child_set_env(&env, &envsize, "KRB5CCNAME", cp); read_environment_file(&env, &envsize, "/etc/environment"); } #endif @@ -1415,6 +1447,13 @@ do_setusercontext(struct passwd *pw) # ifdef __bsdi__ setpgid(0, 0); # endif +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM if (options.use_pam) { do_pam_session(); @@ -1445,6 +1484,13 @@ do_setusercontext(struct passwd *pw) exit(1); } endgrent(); +#ifdef GSSAPI + if (options.gss_authentication) { + temporarily_use_uid(pw); + ssh_gssapi_storecreds(); + restore_uid(); + } +#endif # ifdef USE_PAM /* * PAM credentials may take the form of supplementary groups. @@ -1482,7 +1528,12 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef PASSWD_NEEDS_USERNAME + execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, + (char *)NULL); +#else execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); +#endif perror("passwd"); } else { fprintf(stderr, @@ -1608,11 +1659,18 @@ do_child(Session *s, const char *command) * generated messages, so if this in an interactive * login then display them too. */ - if (command == NULL) + if (!check_quietlogin(s, command)) display_loginmsg(); #endif /* HAVE_OSF_SIA */ } +#ifdef USE_PAM + if (options.use_pam && !is_pam_session_open()) { + display_loginmsg(); + exit(254); + } +#endif + /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c index bc4d8d3..dd7e22a 100644 --- a/openssh/ssh-agent.c +++ b/openssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.120 2004/08/11 21:43:05 avsm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); #include #include @@ -168,23 +168,15 @@ lookup_identity(Key *key, int version) static int confirm_key(Identity *id) { - char *p, prompt[1024]; + char *p; int ret = -1; p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); - snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n" - "Key fingerprint %s.", id->comment, p); + if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", + id->comment, p)) + ret = 0; xfree(p); - p = read_passphrase(prompt, RP_ALLOW_EOF); - if (p != NULL) { - /* - * Accept empty responses and responses consisting - * of the word "yes" as affirmative. - */ - if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) - ret = 0; - xfree(p); - } + return (ret); } @@ -1010,9 +1002,7 @@ main(int ac, char **av) #ifdef HAVE_SETRLIMIT struct rlimit rlim; #endif -#ifdef HAVE_CYGWIN int prev_mask; -#endif extern int optind; extern char *optarg; pid_t pid; @@ -1124,24 +1114,20 @@ main(int ac, char **av) sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { perror("socket"); + *socket_name = '\0'; /* Don't unlink any existing file */ cleanup_exit(1); } memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); -#ifdef HAVE_CYGWIN prev_mask = umask(0177); -#endif if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) { perror("bind"); -#ifdef HAVE_CYGWIN + *socket_name = '\0'; /* Don't unlink any existing file */ umask(prev_mask); -#endif cleanup_exit(1); } -#ifdef HAVE_CYGWIN umask(prev_mask); -#endif if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { perror("listen"); cleanup_exit(1); diff --git a/openssh/ssh-keyscan.c b/openssh/ssh-keyscan.c index 3cb52ac..bc2c3b7 100644 --- a/openssh/ssh-keyscan.c +++ b/openssh/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $"); #include "openbsd-compat/sys-queue.h" @@ -28,6 +28,7 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.50 2004/08/11 21:44:32 avsm Exp $"); #include "log.h" #include "atomicio.h" #include "misc.h" +#include "hostfile.h" /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -41,6 +42,8 @@ int ssh_port = SSH_DEFAULT_PORT; int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */ +int hash_hosts = 0; /* Hash hostname on output */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -366,10 +369,14 @@ keygrab_ssh2(con *c) static void keyprint(con *c, Key *key) { + char *host = c->c_output_name ? c->c_output_name : c->c_name; + if (!key) return; + if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) + fatal("host_hash failed"); - fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name); + fprintf(stdout, "%s ", host); key_write(key, stdout); fputs("\n", stdout); } @@ -676,7 +683,7 @@ fatal(const char *fmt,...) static void usage(void) { - fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-t type] [-f file]\n" + fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" "\t\t [host | addrlist namelist] [...]\n", __progname); exit(1); @@ -700,8 +707,11 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { switch (opt) { + case 'H': + hash_hosts = 1; + break; case 'p': ssh_port = a2port(optarg); if (ssh_port == 0) { diff --git a/openssh/ssh-keysign.c b/openssh/ssh-keysign.c index 5176557..04597a9 100644 --- a/openssh/ssh-keysign.c +++ b/openssh/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); #include #include @@ -151,7 +151,8 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - if ((pw = getpwuid(getuid())) == NULL) + original_real_uid = getuid(); /* XXX readconf.c needs this */ + if ((pw = getpwuid(original_real_uid)) == NULL) fatal("getpwuid failed"); pw = pwcopy(pw); @@ -166,7 +167,6 @@ main(int argc, char **argv) #endif /* verify that ssh-keysign is enabled by the admin */ - original_real_uid = getuid(); /* XXX readconf.c needs this */ initialize_options(&options); (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); fill_default_options(&options); diff --git a/openssh/ssh-rand-helper.c b/openssh/ssh-rand-helper.c index 2d8707e..28c93b6 100644 --- a/openssh/ssh-rand-helper.c +++ b/openssh/ssh-rand-helper.c @@ -209,6 +209,22 @@ done: return rval; } +static int +seed_from_prngd(unsigned char *buf, size_t bytes) +{ +#ifdef PRNGD_PORT + debug("trying egd/prngd port %d", PRNGD_PORT); + if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) + return 0; +#endif +#ifdef PRNGD_SOCKET + debug("trying egd/prngd socket %s", PRNGD_SOCKET); + if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) + return 0; +#endif + return -1; +} + double stir_gettimeofday(double entropy_estimate) { @@ -534,10 +550,11 @@ prng_check_seedfile(char *filename) void prng_write_seedfile(void) { - int fd; + int fd, save_errno; unsigned char seed[SEED_FILE_SIZE]; - char filename[MAXPATHLEN]; + char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; struct passwd *pw; + mode_t old_umask; pw = getpwuid(getuid()); if (pw == NULL) @@ -552,7 +569,10 @@ prng_write_seedfile(void) snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); - debug("writing PRNG seed to file %.100s", filename); + strlcpy(tmpseed, filename, sizeof(tmpseed)); + if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= + sizeof(tmpseed)) + fatal("PRNG seed filename too long"); if (RAND_bytes(seed, sizeof(seed)) <= 0) fatal("PRNG seed extraction failed"); @@ -560,15 +580,31 @@ prng_write_seedfile(void) /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); - if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) { - debug("WARNING: couldn't access PRNG seedfile %.100s " - "(%.100s)", filename, strerror(errno)); + old_umask = umask(0177); + + if ((fd = mkstemp(tmpseed)) == -1) { + debug("WARNING: couldn't make temporary PRNG seedfile %.100s " + "(%.100s)", tmpseed, strerror(errno)); } else { - if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) + debug("writing PRNG seed to file %.100s", tmpseed); + if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { + save_errno = errno; + close(fd); + unlink(tmpseed); fatal("problem writing PRNG seedfile %.100s " - "(%.100s)", filename, strerror(errno)); + "(%.100s)", filename, strerror(save_errno)); + } close(fd); + debug("moving temporary PRNG seed to file %.100s", filename); + if (rename(tmpseed, filename) == -1) { + save_errno = errno; + unlink(tmpseed); + fatal("problem renaming PRNG seedfile from %.100s " + "to %.100s (%.100s)", tmpseed, filename, + strerror(save_errno)); + } } + umask(old_umask); } void @@ -747,7 +783,7 @@ usage(void) fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); fprintf(stderr, " Multiple -v increases verbosity.\n"); - fprintf(stderr, " -x Force output in hexidecimal (for debugging)\n"); + fprintf(stderr, " -x Force output in hexadecimal (for debugging)\n"); fprintf(stderr, " -X Force output in binary\n"); fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n", OUTPUT_SEED_SIZE); @@ -815,21 +851,16 @@ main(int argc, char **argv) debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system()); -#ifdef PRNGD_PORT - if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == -1) - fatal("Entropy collection failed"); - RAND_add(buf, bytes, bytes); -#elif defined(PRNGD_SOCKET) - if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == -1) - fatal("Entropy collection failed"); - RAND_add(buf, bytes, bytes); -#else - /* Read in collection commands */ - if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) - fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", - (int)stir_from_programs()); -#endif + /* try prngd, fall back to commands if prngd fails or not configured */ + if (seed_from_prngd(buf, bytes) == 0) { + RAND_add(buf, bytes, bytes); + } else { + /* Read in collection commands */ + if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) + fatal("PRNG initialisation failed -- exiting."); + debug("Seeded RNG with %i bytes from programs", + (int)stir_from_programs()); + } #ifdef USE_SEED_FILES prng_write_seedfile(); @@ -857,3 +888,15 @@ main(int argc, char **argv) return ret == bytes ? 0 : 1; } + +/* + * We may attempt to re-seed during mkstemp if we are using the one in the + * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we + * need our own seed_rng(). We must also check that we have enough entropy. + */ +void +seed_rng(void) +{ + if (!RAND_status()) + fatal("Not enough entropy in RNG"); +} diff --git a/openssh/ssh.1 b/openssh/ssh.1 index 0ff77ea..e6f4b4a 100644 --- a/openssh/ssh.1 +++ b/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $ +.\" $OpenBSD: ssh.1,v 1.205 2005/03/07 23:41:54 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -43,40 +43,35 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh +.Bk -words .Op Fl 1246AaCfgkMNnqsTtVvXxY .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec -.Bk -words .Op Fl D Ar port .Op Fl e Ar escape_char .Op Fl F Ar configfile .Op Fl i Ar identity_file -.Oo Fl L Xo +.Oo Fl L\ \& .Sm off -.Ar port : -.Ar host : -.Ar hostport +.Oo Ar bind_address : Oc +.Ar port : host : hostport .Sm on -.Xc .Oc -.Ek .Op Fl l Ar login_name .Op Fl m Ar mac_spec +.Op Fl O Ar ctl_cmd .Op Fl o Ar option -.Bk -words .Op Fl p Ar port -.Ek -.Oo Fl R Xo +.Oo Fl R\ \& .Sm off -.Ar port : -.Ar host : -.Ar hostport +.Oo Ar bind_address : Oc +.Ar port : host : hostport .Sm on -.Xc .Oc -.Op Fl S Ar ctl +.Op Fl S Ar ctl_path .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -103,35 +98,25 @@ is specified, .Ar command is executed on the remote host instead of a login shell. .Ss SSH protocol version 1 -First, if the machine the user logs in from is listed in +The first authentication method is the +.Em rhosts +or +.Em hosts.equiv +method combined with RSA-based host authentication. +If the machine the user logs in from is listed in .Pa /etc/hosts.equiv or .Pa /etc/shosts.equiv on the remote machine, and the user names are -the same on both sides, the user is immediately permitted to log in. -Second, if -.Pa .rhosts +the same on both sides, or if the files +.Pa $HOME/.rhosts or -.Pa .shosts -exists in the user's home directory on the -remote machine and contains a line containing the name of the client +.Pa $HOME/.shosts +exist in the user's home directory on the +remote machine and contain a line containing the name of the client machine and the name of the user on that machine, the user is -permitted to log in. -This form of authentication alone is normally not -allowed by the server because it is not secure. -.Pp -The second authentication method is the -.Em rhosts -or -.Em hosts.equiv -method combined with RSA-based host authentication. -It means that if the login would be permitted by -.Pa $HOME/.rhosts , -.Pa $HOME/.shosts , -.Pa /etc/hosts.equiv , -or -.Pa /etc/shosts.equiv , -and if additionally the server can verify the client's +considered for log in. +Additionally, if the server can verify the client's host key (see .Pa /etc/ssh/ssh_known_hosts and @@ -147,7 +132,7 @@ spoofing, DNS spoofing and routing spoofing. and the rlogin/rsh protocol in general, are inherently insecure and should be disabled if security is desired.] .Pp -As a third authentication method, +As a second authentication method, .Nm supports RSA based authentication. The scheme is based on public-key cryptography: there are cryptosystems @@ -195,9 +180,6 @@ file corresponds to the conventional file, and has one key per line, though the lines can be very long). After this, the user can log in without giving the password. -RSA authentication is much more secure than -.Em rhosts -authentication. .Pp The most convenient way to use RSA authentication may be with an authentication agent. @@ -582,6 +564,7 @@ configuration files). Disables forwarding (delegation) of GSSAPI credentials to the server. .It Fl L Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : host : hostport .Sm on .Xc @@ -589,7 +572,9 @@ Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to .Ar port -on the local side, and whenever a connection is made to this port, the +on the local side, optionally bound to the specified +.Ar bind_address . +Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to .Ar host @@ -597,14 +582,30 @@ port .Ar hostport from the remote machine. Port forwardings can also be specified in the configuration file. -Only root can forward privileged ports. IPv6 addresses can be specified with an alternative syntax: .Sm off .Xo +.Op Ar bind_address No / .Ar port No / Ar host No / -.Ar hostport . +.Ar hostport .Xc .Sm on +or by enclosing the address in square brackets. +Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * +indicates that the port should be available from all interfaces. .It Fl l Ar login_name Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file. @@ -650,6 +651,18 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl O Ar ctl_cmd +Control an active connection multiplexing master process. +When the +.Fl O +option is specified, the +.Ar ctl_cmd +argument is interpreted and passed to the master process. +Valid commands are: +.Dq check +(check that the master process is running) and +.Dq exit +(request the master to exit). .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate @@ -681,6 +694,7 @@ For full details of the options listed below, and their possible values, see .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials +.It HashKnownHosts .It Host .It HostbasedAuthentication .It HostKeyAlgorithms @@ -688,6 +702,7 @@ For full details of the options listed below, and their possible values, see .It HostName .It IdentityFile .It IdentitiesOnly +.It KbdInteractiveDevices .It LocalForward .It LogLevel .It MACs @@ -723,6 +738,7 @@ Quiet mode. Causes all warning and diagnostic messages to be suppressed. .It Fl R Xo .Sm off +.Oo Ar bind_address : Oc .Ar port : host : hostport .Sm on .Xc @@ -737,17 +753,36 @@ made to port .Ar hostport from the local machine. +.Pp Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. -IPv6 addresses can be specified with an alternative syntax: +IPv6 addresses can be specified by enclosing the address in square braces or +using an alternative syntax: .Sm off .Xo -.Ar port No / Ar host No / -.Ar hostport . -.Xc +.Op Ar bind_address No / +.Ar host No / Ar port No / +.Ar hostport +.Xc . .Sm on -.It Fl S Ar ctl +.Pp +By default, the listening socket on the server will be bound to the loopback +interface only. +This may be overriden by specifying a +.Ar bind_address . +An empty +.Ar bind_address , +or the address +.Ql * , +indicates that the remote socket should listen on all interfaces. +Specifying a remote +.Ar bind_address +will only succeed if the server's +.Cm GatewayPorts +option is enabled (see +.Xr sshd_config 5 ) . +.It Fl S Ar ctl_path Specifies the location of a control socket for connection sharing. Refer to the description of .Cm ControlPath @@ -796,10 +831,23 @@ Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. +.Pp +For this reason, X11 forwarding is subjected to X11 SECURITY extension +restrictions by default. +Please refer to the +.Nm +.Fl Y +option and the +.Cm ForwardX11Trusted +directive in +.Xr ssh_config 5 +for more information. .It Fl x Disables X11 forwarding. .It Fl Y Enables trusted X11 forwarding. +Trusted X11 forwardings are not subjected to the X11 SECURITY extension +controls. .El .Sh CONFIGURATION FILES .Nm @@ -859,7 +907,7 @@ and open an X11 window to read the passphrase. This is particularly useful when calling .Nm from a -.Pa .Xsession +.Pa .xsession or related script. (Note that on some machines it may be necessary to redirect the input from @@ -1012,7 +1060,9 @@ By default is not setuid root. .It Pa $HOME/.rhosts This file is used in -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication to list the host/user pairs that are permitted to log in. (Note that this file is @@ -1031,12 +1081,10 @@ The recommended permission for most machines is read/write for the user, and not accessible by others. .Pp -Note that by default +Note that .Xr sshd 8 -will be installed so that it requires successful RSA host -authentication before permitting -.Em rhosts -authentication. +allows authentication only in combination with client host key +authentication before permitting log in. If the server machine does not have the client's host key in .Pa /etc/ssh/ssh_known_hosts , it can be stored in @@ -1049,15 +1097,19 @@ will automatically add the host key to This file is used exactly the same way as .Pa .rhosts . The purpose for -having this file is to be able to use rhosts authentication with -.Nm -without permitting login with +having this file is to be able to use +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +authentication without permitting login with .Xr rlogin or .Xr rsh 1 . .It Pa /etc/hosts.equiv This file is used during -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication. It contains canonical hosts names, one per line (the full format is described in the @@ -1066,8 +1118,7 @@ manual page). If the client host is found in this file, login is automatically permitted provided client and server user names are the same. -Additionally, successful RSA host authentication is normally -required. +Additionally, successful client host key authentication is required. This file should only be writable by root. .It Pa /etc/shosts.equiv This file is processed exactly as diff --git a/openssh/ssh.c b/openssh/ssh.c index 41f22ec..715a8ba 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $"); #include #include @@ -144,6 +144,9 @@ pid_t proxy_command_pid = 0; /* fd to control socket */ int control_fd = -1; +/* Multiplexing control command */ +static u_int mux_command = SSHMUX_COMMAND_OPEN; + /* Only used in control client mode */ volatile sig_atomic_t control_client_terminate = 0; u_int control_server_pid = 0; @@ -154,10 +157,12 @@ static void usage(void) { fprintf(stderr, -"usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" -" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n" -" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n" -" [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command]\n" +"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" +" [-D port] [-e escape_char] [-F configfile]\n" +" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" +" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" +" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" +" [user@]hostname [command]\n" ); exit(1); } @@ -174,14 +179,13 @@ int main(int ac, char **av) { int i, opt, exit_status; - u_short fwd_port, fwd_host_port; - char sfwd_port[6], sfwd_host_port[6]; char *p, *cp, *line, buf[256]; struct stat st; struct passwd *pw; int dummy; extern int optind, optreset; extern char *optarg; + Forward fwd; __progname = ssh_get_progname(av[0]); init_rng(); @@ -236,7 +240,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -270,6 +274,14 @@ again: case 'g': options.gateway_ports = 1; break; + case 'O': + if (strcmp(optarg, "check") == 0) + mux_command = SSHMUX_COMMAND_ALIVE_CHECK; + else if (strcmp(optarg, "exit") == 0) + mux_command = SSHMUX_COMMAND_TERMINATE; + else + fatal("Invalid multiplex command."); + break; case 'P': /* deprecated */ options.use_privileged_port = 0; break; @@ -285,7 +297,8 @@ again: case 'i': if (stat(optarg, &st) < 0) { fprintf(stderr, "Warning: Identity file %s " - "does not exist.\n", optarg); + "not accessible: %s.\n", optarg, + strerror(errno)); break; } if (options.num_identity_files >= @@ -316,10 +329,10 @@ again: options.log_level++; break; } - /* fallthrough */ + /* FALLTHROUGH */ case 'V': fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); if (opt == 'V') exit(0); break; @@ -388,39 +401,51 @@ again: break; case 'L': - case 'R': - if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]", - sfwd_port, buf, sfwd_host_port) != 3 && - sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]", - sfwd_port, buf, sfwd_host_port) != 3) { + if (parse_forward(&fwd, optarg)) + add_local_forward(&options, &fwd); + else { fprintf(stderr, - "Bad forwarding specification '%s'\n", + "Bad local forwarding specification '%s'\n", optarg); - usage(); - /* NOTREACHED */ + exit(1); } - if ((fwd_port = a2port(sfwd_port)) == 0 || - (fwd_host_port = a2port(sfwd_host_port)) == 0) { + break; + + case 'R': + if (parse_forward(&fwd, optarg)) { + add_remote_forward(&options, &fwd); + } else { fprintf(stderr, - "Bad forwarding port(s) '%s'\n", optarg); + "Bad remote forwarding specification " + "'%s'\n", optarg); exit(1); } - if (opt == 'L') - add_local_forward(&options, fwd_port, buf, - fwd_host_port); - else if (opt == 'R') - add_remote_forward(&options, fwd_port, buf, - fwd_host_port); break; case 'D': - fwd_port = a2port(optarg); - if (fwd_port == 0) { + cp = p = xstrdup(optarg); + memset(&fwd, '\0', sizeof(fwd)); + fwd.connect_host = "socks"; + if ((fwd.listen_host = hpdelim(&cp)) == NULL) { + fprintf(stderr, "Bad dynamic forwarding " + "specification '%.100s'\n", optarg); + exit(1); + } + if (cp != NULL) { + fwd.listen_port = a2port(cp); + fwd.listen_host = cleanhostname(fwd.listen_host); + } else { + fwd.listen_port = a2port(fwd.listen_host); + fwd.listen_host = ""; + } + + if (fwd.listen_port == 0) { fprintf(stderr, "Bad dynamic port '%s'\n", optarg); exit(1); } - add_local_forward(&options, fwd_port, "socks", 0); + add_local_forward(&options, &fwd); + xfree(p); break; case 'C': @@ -855,14 +880,19 @@ ssh_init_forwarding(void) /* Initiate local TCP/IP port forwardings. */ for (i = 0; i < options.num_local_forwards; i++) { - debug("Connections to local port %d forwarded to remote address %.200s:%d", - options.local_forwards[i].port, - options.local_forwards[i].host, - options.local_forwards[i].host_port); + debug("Local connections to %.200s:%d forwarded to remote " + "address %.200s:%d", + (options.local_forwards[i].listen_host == NULL) ? + (options.gateway_ports ? "*" : "LOCALHOST") : + options.local_forwards[i].listen_host, + options.local_forwards[i].listen_port, + options.local_forwards[i].connect_host, + options.local_forwards[i].connect_port); success += channel_setup_local_fwd_listener( - options.local_forwards[i].port, - options.local_forwards[i].host, - options.local_forwards[i].host_port, + options.local_forwards[i].listen_host, + options.local_forwards[i].listen_port, + options.local_forwards[i].connect_host, + options.local_forwards[i].connect_port, options.gateway_ports); } if (i > 0 && success == 0) @@ -870,14 +900,17 @@ ssh_init_forwarding(void) /* Initiate remote TCP/IP port forwardings. */ for (i = 0; i < options.num_remote_forwards; i++) { - debug("Connections to remote port %d forwarded to local address %.200s:%d", - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + debug("Remote connections from %.200s:%d forwarded to " + "local address %.200s:%d", + options.remote_forwards[i].listen_host, + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); channel_request_remote_forwarding( - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].listen_host, + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); } } @@ -1053,12 +1086,12 @@ client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) return; debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", - options.remote_forwards[i].port, - options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].listen_port, + options.remote_forwards[i].connect_host, + options.remote_forwards[i].connect_port); if (type == SSH2_MSG_REQUEST_FAILURE) - logit("Warning: remote port forwarding failed for listen port %d", - options.remote_forwards[i].port); + logit("Warning: remote port forwarding failed for listen " + "port %d", options.remote_forwards[i].listen_port); } static void @@ -1275,10 +1308,20 @@ static void control_client(const char *path) { struct sockaddr_un addr; - int i, r, sock, exitval, num_env, addr_len; + int i, r, fd, sock, exitval, num_env, addr_len; Buffer m; - char *cp; + char *term; extern char **environ; + u_int flags; + + if (stdin_null_flag) { + if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) + fatal("open(/dev/null): %s", strerror(errno)); + if (dup2(fd, STDIN_FILENO) == -1) + fatal("dup2: %s", strerror(errno)); + if (fd > STDERR_FILENO) + close(fd); + } memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; @@ -1295,26 +1338,52 @@ control_client(const char *path) if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) fatal("Couldn't connect to %s: %s", path, strerror(errno)); - if ((cp = getenv("TERM")) == NULL) - cp = ""; + if ((term = getenv("TERM")) == NULL) + term = ""; + + flags = 0; + if (tty_flag) + flags |= SSHMUX_FLAG_TTY; + if (subsystem_flag) + flags |= SSHMUX_FLAG_SUBSYS; buffer_init(&m); - /* Get PID of controlee */ + /* Send our command to server */ + buffer_put_int(&m, mux_command); + buffer_put_int(&m, flags); + if (ssh_msg_send(sock, /* version */1, &m) == -1) + fatal("%s: msg_send", __func__); + buffer_clear(&m); + + /* Get authorisation status and PID of controlee */ if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 0) + if (buffer_get_char(&m) != 1) fatal("%s: wrong version", __func__); - /* Connection allowed? */ if (buffer_get_int(&m) != 1) fatal("Connection to master denied"); control_server_pid = buffer_get_int(&m); buffer_clear(&m); - buffer_put_int(&m, tty_flag); - buffer_put_int(&m, subsystem_flag); - buffer_put_cstring(&m, cp); + switch (mux_command) { + case SSHMUX_COMMAND_ALIVE_CHECK: + fprintf(stderr, "Master running (pid=%d)\r\n", + control_server_pid); + exit(0); + case SSHMUX_COMMAND_TERMINATE: + fprintf(stderr, "Exit request sent.\r\n"); + exit(0); + case SSHMUX_COMMAND_OPEN: + /* continue below */ + break; + default: + fatal("silly mux_command %d", mux_command); + } + + /* SSHMUX_COMMAND_OPEN */ + buffer_put_cstring(&m, term); buffer_append(&command, "\0", 1); buffer_put_cstring(&m, buffer_ptr(&command)); @@ -1336,7 +1405,7 @@ control_client(const char *path) } } - if (ssh_msg_send(sock, /* version */0, &m) == -1) + if (ssh_msg_send(sock, /* version */1, &m) == -1) fatal("%s: msg_send", __func__); mm_send_fd(sock, STDIN_FILENO); @@ -1347,10 +1416,11 @@ control_client(const char *path) buffer_clear(&m); if (ssh_msg_recv(sock, &m) == -1) fatal("%s: msg_recv", __func__); - if (buffer_get_char(&m) != 0) - fatal("%s: master returned error", __func__); + if (buffer_get_char(&m) != 1) + fatal("%s: wrong version", __func__); buffer_free(&m); + signal(SIGHUP, control_client_sighandler); signal(SIGINT, control_client_sighandler); signal(SIGTERM, control_client_sighandler); signal(SIGWINCH, control_client_sigrelay); diff --git a/openssh/ssh1.h b/openssh/ssh1.h index cc7fbc8..1741c22 100644 --- a/openssh/ssh1.h +++ b/openssh/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: ssh1.h,v 1.5 2004/10/20 11:48:53 markus Exp $ */ /* * Author: Tatu Ylonen @@ -18,6 +18,9 @@ * for compatibility. The maximum value is 254; value 255 is reserved for * future extension. */ +/* Ranges */ +#define SSH_MSG_MIN 1 +#define SSH_MSG_MAX 254 /* Message name */ /* msg code */ /* arguments */ #define SSH_MSG_NONE 0 /* no message */ #define SSH_MSG_DISCONNECT 1 /* cause (string) */ diff --git a/openssh/ssh_config.5 b/openssh/ssh_config.5 index b40a789..3ca22a3 100644 --- a/openssh/ssh_config.5 +++ b/openssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.38 2004/06/26 09:11:14 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -69,7 +69,7 @@ system-wide configuration file .Pp For each parameter, the first obtained value will be used. -The configuration files contain sections bracketed by +The configuration files contain sections separated by .Dq Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. @@ -126,9 +126,9 @@ Specifies which address family to use when connecting. Valid arguments are .Dq any , .Dq inet -(Use IPv4 only) or +(use IPv4 only) or .Dq inet6 -(Use IPv6 only.) +(use IPv6 only). .It Cm BatchMode If set to .Dq yes , @@ -365,11 +365,16 @@ option is also enabled. If this option is set to .Dq yes then remote X11 clients will have full access to the original X11 display. +.Pp If this option is set to .Dq no then remote X11 clients will be considered untrusted and prevented from stealing or tampering with data belonging to trusted X11 clients. +Furthermore, the +.Xr xauth 1 +token used for the session will be set to expire after 20 minutes. +Remote clients will be refused access after this time. .Pp The default is .Dq no . @@ -414,6 +419,22 @@ Forward (delegate) credentials to the server. The default is .Dq yes . Note that this option applies to protocol version 2 only. +.It Cm HashKnownHosts +Indicates that +.Nm ssh +should hash host names and addresses when they are added to +.Pa $HOME/.ssh/known_hosts . +These hashed names may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. +The default is +.Dq no . +Note that hashing of names and addresses will not be retrospectively applied +to existing known hosts files, but these may be manually hashed using +.Xr ssh-keygen 1 . .It Cm HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. @@ -479,16 +500,45 @@ This option is intented for situations where offers many different identities. The default is .Dq no . +.It Cm KbdInteractiveDevices +Specifies the list of methods to use in keyboard-interactive authentication. +Multiple method names must be comma-separated. +The default is to use the server specified list. .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . -Multiple forwardings may be specified, and additional -forwardings can be given on the command line. +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host : port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing addresses in square brackets or +by using an alternative syntax: +.Sm off +.Xo +.Op Ar bind_address No / +.Ar host No / Ar port +.Xc . +.Sm on +Multiple forwardings may be specified, and additional forwardings can be +given on the command line. Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Sq * +indicates that the port should be available from all interfaces. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Nm ssh . @@ -595,12 +645,39 @@ This option applies to protocol version 2 only. Specifies that a TCP/IP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host : port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing any addresses in square brackets +or by using the alternative syntax: +.Sm off +.Xo +.Op Ar bind_address No / +.Ar host No / Ar port +.Xc . +.Sm on Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.Pp +If the +.Ar bind_address +is not specified, the default is to only bind to loopback addresses. +If the +.Ar bind_address +is +.Ql * +or an empty string, then the forwarding is requested to listen on all +interfaces. +Specifying a remote +.Ar bind_address +will only succeed if the server's +.Cm GatewayPorts +option is enabled (see +.Xr sshd_config 5 ) . .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index 42f3379..448648a 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -582,17 +582,11 @@ userauth_gssapi(Authctxt *authctxt) packet_put_int(1); - /* Some servers encode the OID incorrectly (as we used to) */ - if (datafellows & SSH_BUG_GSSAPI_BER) { - packet_put_string(gss_supported->elements[mech].elements, - gss_supported->elements[mech].length); - } else { - packet_put_int((gss_supported->elements[mech].length)+2); - packet_put_char(SSH_GSS_OIDTYPE); - packet_put_char(gss_supported->elements[mech].length); - packet_put_raw(gss_supported->elements[mech].elements, - gss_supported->elements[mech].length); - } + packet_put_int((gss_supported->elements[mech].length) + 2); + packet_put_char(SSH_GSS_OIDTYPE); + packet_put_char(gss_supported->elements[mech].length); + packet_put_raw(gss_supported->elements[mech].elements, + gss_supported->elements[mech].length); packet_send(); @@ -675,20 +669,18 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) /* Setup our OID */ oidv = packet_get_string(&oidlen); - if (datafellows & SSH_BUG_GSSAPI_BER) { - if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen)) - fatal("Server returned different OID than expected"); - } else { - if(oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen-2) { - debug("Badly encoded mechanism OID received"); - userauth(authctxt, NULL); - xfree(oidv); - return; - } - if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2)) - fatal("Server returned different OID than expected"); + if (oidlen <= 2 || + oidv[0] != SSH_GSS_OIDTYPE || + oidv[1] != oidlen - 2) { + xfree(oidv); + debug("Badly encoded mechanism OID received"); + userauth(authctxt, NULL); + return; } + if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) + fatal("Server returned different OID than expected"); + packet_check_eom(); xfree(oidv); @@ -795,7 +787,7 @@ userauth_external(Authctxt *authctxt) debug2("userauth_external"); packet_start(SSH2_MSG_USERAUTH_REQUEST); #ifdef GSI - if(options.implicit && !(datafellows & SSH_BUG_GSS_EMPTYUSER)) { + if(options.implicit) { packet_put_cstring(""); } else { #endif diff --git a/openssh/sshd.8 b/openssh/sshd.8 index 233b000..ac3bf96 100644 --- a/openssh/sshd.8 +++ b/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.201 2004/05/02 11:54:31 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -106,8 +106,6 @@ to use from those offered by the server. Next, the server and the client enter an authentication dialog. The client tries to authenticate itself using .Em .rhosts -authentication, -.Em .rhosts authentication combined with RSA host authentication, RSA challenge-response authentication, or password based authentication. @@ -135,11 +133,6 @@ or .Ql \&*NP\&* ). .Pp -.Em rhosts -authentication is normally disabled -because it is fundamentally insecure, but can be enabled in the server -configuration file if desired. -System security is not improved unless .Nm rshd , .Nm rlogind , and @@ -427,7 +420,9 @@ or .Dq ssh-rsa . .Pp Note that lines in this file are usually several hundred bytes long -(because of the size of the public key encoding). +(because of the size of the public key encoding) up to a limit of +8 kilobytes, which permits DSA keys up to 8 kilobits and RSA +keys up to 16 kilobits. You don't want to type them in; instead, copy the .Pa identity.pub , .Pa id_dsa.pub @@ -558,6 +553,14 @@ to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. .Pp +Alternately, hostnames may be stored in a hashed form which hides host names +and addresses should the file's contents be disclosed. +Hashed hostnames start with a +.Ql | +character. +Only one hashed hostname may appear on a single line and none of the above +negation or wildcard operators may be applied. +.Pp Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from .Pa /etc/ssh/ssh_host_key.pub . @@ -589,6 +592,11 @@ and adding the host names at the front. closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= .Ed +.Bd -literal +# A hashed hostname +|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa +AAAA1234.....= +.Ed .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config @@ -657,6 +665,20 @@ These files should be writable only by root/the owner. should be world-readable, and .Pa $HOME/.ssh/known_hosts can, but need not be, world-readable. +.It Pa /etc/motd +See +.Xr motd 5 . +.It Pa $HOME/.hushlogin +This file is used to suppress printing the last login time and +.Pa /etc/motd , +if +.Cm PrintLastLog +and +.Cm PrintMotd , +respectively, +are enabled. +It does not suppress printing of the banner specified by +.Cm Banner . .It Pa /etc/nologin If this file exists, .Nm @@ -670,7 +692,11 @@ Access controls that should be enforced by tcp-wrappers are defined here. Further details are described in .Xr hosts_access 5 . .It Pa $HOME/.rhosts -This file contains host-username pairs, separated by a space, one per +This file is used during +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication +and contains host-username pairs, separated by a space, one per line. The given user on the corresponding host is permitted to log in without a password. @@ -691,7 +717,9 @@ However, this file is not used by rlogin and rshd, so using this permits access using SSH only. .It Pa /etc/hosts.equiv This file is used during -.Em rhosts +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication authentication. In the simplest form, this file contains host names, one per line. Users on @@ -710,7 +738,7 @@ Negated entries start with If the client host/user is successfully matched in this file, login is automatically permitted provided the client and server user names are the same. -Additionally, successful RSA host authentication is normally required. +Additionally, successful client host key authentication is required. This file must be writable only by root; it is recommended that it be world-readable. .Pp diff --git a/openssh/sshd.c b/openssh/sshd.c index 6554578..72aa933 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.301 2004/08/11 11:50:09 dtucker Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $"); #include #include @@ -120,12 +120,6 @@ ServerOptions options; /* Name of the server configuration file. */ char *config_file_name = _PATH_SERVER_CONFIG_FILE; -/* - * Flag indicating whether IPv4 or IPv6. This can be set on the command line. - * Default value is AF_UNSPEC means both IPv4 and IPv6. - */ -int IPv4or6 = AF_UNSPEC; - /* * Debug mode flag. This can be set on the command line. If debug * mode is enabled, extra debugging output will be sent to the system @@ -759,7 +753,7 @@ get_hostkey_index(Key *key) static int drop_connection(int startups) { - double p, r; + int p, r; if (startups < options.max_startups_begin) return 0; @@ -770,12 +764,11 @@ drop_connection(int startups) p = 100 - options.max_startups_rate; p *= startups - options.max_startups_begin; - p /= (double) (options.max_startups - options.max_startups_begin); + p /= options.max_startups - options.max_startups_begin; p += options.max_startups_rate; - p /= 100.0; - r = arc4random() / (double) UINT_MAX; + r = arc4random() % 100; - debug("drop_connection: p %g, r %g", p, r); + debug("drop_connection: p %d, r %d", p, r); return (r < p) ? 1 : 0; } @@ -783,7 +776,7 @@ static void usage(void) { fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); fprintf(stderr, "usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n" " [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n" @@ -893,7 +886,7 @@ main(int ac, char **av) char ntop[NI_MAXHOST], strport[NI_MAXSERV]; char *line; int listen_sock, maxfd; - int startup_p[2], config_s[2]; + int startup_p[2] = { -1 , -1 }, config_s[2] = { -1 , -1 }; int startups = 0; Key *key; Authctxt *authctxt; @@ -930,10 +923,10 @@ main(int ac, char **av) while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { switch (opt) { case '4': - IPv4or6 = AF_INET; + options.address_family = AF_INET; break; case '6': - IPv4or6 = AF_INET6; + options.address_family = AF_INET6; break; case 'f': config_file_name = optarg; @@ -1034,7 +1027,6 @@ main(int ac, char **av) closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); SSLeay_add_all_algorithms(); - channel_set_af(IPv4or6); /* * Force logging to stderr until we have loaded the private host @@ -1047,13 +1039,13 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); -#ifdef _AIX /* * Unset KRB5CCNAME, otherwise the user's session may inherit it from * root's environment */ - unsetenv("KRB5CCNAME"); -#endif /* _AIX */ + if (getenv("KRB5CCNAME") != NULL) + unsetenv("KRB5CCNAME"); + #ifdef _UNICOS /* Cray can define user privs drop all privs now! * Not needed on PRIV_SU systems! @@ -1084,13 +1076,16 @@ main(int ac, char **av) /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); + /* set default channel AF */ + channel_set_af(options.address_family); + /* Check that there are no remaining arguments. */ if (optind < ac) { fprintf(stderr, "Extra argument %s.\n", av[optind]); exit(1); } - debug("sshd version %.100s", SSH_VERSION); + debug("sshd version %.100s", SSH_RELEASE); /* load private host keys */ sensitive_data.host_keys = xmalloc(options.num_host_key_files * @@ -1209,7 +1204,7 @@ main(int ac, char **av) } /* Initialize the log (it is reinitialized below in case we forked). */ - if (debug_flag && !inetd_flag) + if (debug_flag && (!inetd_flag || rexeced_flag)) log_stderr = 1; log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -1285,10 +1280,12 @@ main(int ac, char **av) if (num_listen_socks >= MAX_LISTEN_SOCKS) fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS"); - if (getnameinfo(ai->ai_addr, ai->ai_addrlen, + if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("getnameinfo failed"); + NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { + error("getnameinfo failed: %.100s", + (ret != EAI_SYSTEM) ? gai_strerror(ret) : + strerror(errno)); continue; } /* Create socket for listening. */ @@ -1519,7 +1516,8 @@ main(int ac, char **av) sock_in = newsock; sock_out = newsock; log_init(__progname, options.log_level, options.log_facility, log_stderr); - close(config_s[0]); + if (rexec_flag) + close(config_s[0]); break; } } @@ -1644,6 +1642,9 @@ main(int ac, char **av) remote_port = get_remote_port(); remote_ip = get_remote_ipaddr(); +#ifdef SSH_AUDIT_EVENTS + audit_connection_from(remote_ip, remote_port); +#endif #ifdef LIBWRAP /* Check whether logins are denied from this host. */ if (packet_connection_is_on_socket()) { @@ -1687,9 +1688,6 @@ main(int ac, char **av) packet_set_nonblocking(); - /* prepare buffers to collect authentication messages */ - buffer_init(&loginmsg); - /* allocate authentication context */ authctxt = xmalloc(sizeof(*authctxt)); memset(authctxt, 0, sizeof(*authctxt)); @@ -1697,13 +1695,13 @@ main(int ac, char **av) /* XXX global for cleanup, access from other modules */ the_authctxt = authctxt; + /* prepare buffer to collect messages to display to user after login */ + buffer_init(&loginmsg); + if (use_privsep) if (privsep_preauth(authctxt) == 1) goto authenticated; - /* prepare buffer to collect messages to display to user after login */ - buffer_init(&loginmsg); - /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { @@ -1723,6 +1721,10 @@ main(int ac, char **av) } authenticated: +#ifdef SSH_AUDIT_EVENTS + audit_event(SSH_AUTH_SUCCESS); +#endif + /* * In privilege separation, we fork another child and prepare * file descriptor passing. @@ -1745,6 +1747,10 @@ main(int ac, char **av) finish_pam(); #endif /* USE_PAM */ +#ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); +#endif + packet_close(); if (use_privsep) @@ -2078,5 +2084,10 @@ cleanup_exit(int i) { if (the_authctxt) do_cleanup(the_authctxt); +#ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if (!use_privsep || mm_is_monitor()) + audit_event(SSH_CONNECTION_ABANDON); +#endif _exit(i); } diff --git a/openssh/sshd_config b/openssh/sshd_config index 8e3a753..338f6c1 100644 --- a/openssh/sshd_config +++ b/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ +# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -12,6 +12,7 @@ #Port 22 #Protocol 2,1 +#AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5 index b7ba7f0..becabc0 100644 --- a/openssh/sshd_config.5 +++ b/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.35 2004/06/26 09:14:40 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted user environments. For this reason, care should be taken in the use of this directive. The default is not to accept any environment variables. +.It Cm AddressFamily +Specifies which address family should be used by +.Nm sshd . +Valid arguments are +.Dq any , +.Dq inet +(use IPv4 only) or +.Dq inet6 +(use IPv6 only). +The default is +.Dq any . .It Cm AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -245,12 +256,15 @@ This prevents other remote hosts from connecting to forwarded ports. .Cm GatewayPorts can be used to specify that .Nm sshd -should bind remote port forwardings to the wildcard address, -thus allowing remote hosts to connect to forwarded ports. -The argument must be +should allow remote port forwardings to bind to non-loopback addresses, thus +allowing other hosts to connect. +The argument may be +.Dq no +to force remote port forwardings to be available to the local host only, .Dq yes -or -.Dq no . +to force remote port forwardings to bind to the wildcard address, or +.Dq clientspecified +to allow the client to select the address to which the forwarding is bound. The default is .Dq no . .It Cm GSSAPIAuthentication @@ -467,7 +481,7 @@ server allows login to accounts with empty password strings. The default is .Dq no . .It Cm PermitRootLogin -Specifies whether root can login using +Specifies whether root can log in using .Xr ssh 1 . The argument must be .Dq yes , @@ -480,9 +494,7 @@ The default is .Pp If this option is set to .Dq without-password -password authentication is disabled for root. Note that other authentication -methods (e.g., keyboard-interactive/PAM) may still allow root to login using -a password. +password authentication is disabled for root. .Pp If this option is set to .Dq forced-commands-only @@ -496,7 +508,7 @@ All other authentication methods are disabled for root. .Pp If this option is set to .Dq no -root is not allowed to login. +root is not allowed to log in. .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment @@ -528,7 +540,8 @@ See also .It Cm PrintLastLog Specifies whether .Nm sshd -should print the date and time when the user last logged in. +should print the date and time of the last user login when a user logs +in interactively. The default is .Dq yes . .It Cm PrintMotd diff --git a/openssh/version.h b/openssh/version.h index 0bbf9e9..07e578a 100644 --- a/openssh/version.h +++ b/openssh/version.h @@ -1,4 +1,4 @@ -/* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */ +/* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */ #ifdef GSI #define GSI_VERSION " GSI" @@ -18,6 +18,8 @@ #define MGLUE_VERSION "" #endif -#define SSH_VERSION "OpenSSH_3.9p1" \ - " NCSA_GSSAPI_20040818" \ +#define SSH_VERSION "OpenSSH_4.0" +#define SSH_PORTABLE "p1" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE \ + " NCSA_GSSAPI_20050312" \ GSI_VERSION KRB5_VERSION MGLUE_VERSION -- 2.45.1