From: mouring Date: Sat, 2 Dec 2000 19:03:54 +0000 (+0000) Subject: 20001203 X-Git-Tag: PRE-REORDER~130 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/0b6fbf032ac5f2d2c5f63918fc8e28effa86fc3b 20001203 - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/11/30 22:54:31 [channels.c] debug->warn if tried to do -R style fwd w/o client requesting this; ok neils@ - markus@cvs.openbsd.org 2000/11/29 20:39:17 [cipher.c] des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV - markus@cvs.openbsd.org 2000/11/30 18:33:05 [ssh-agent.c] agents must not dump core, ok niels@ - markus@cvs.openbsd.org 2000/11/30 07:04:02 [ssh.1] T is for both protocols - markus@cvs.openbsd.org 2000/12/01 00:00:51 [ssh.1] typo; from green@FreeBSD.org - markus@cvs.openbsd.org 2000/11/30 07:02:35 [ssh.c] check -T before isatty() - provos@cvs.openbsd.org 2000/11/29 13:51:27 [sshconnect.c] show IP address and hostname when new key is encountered. okay markus@ - markus@cvs.openbsd.org 2000/11/30 22:53:35 [sshconnect.c] disable agent/x11/port fwding if hostkey has changed; ok niels@ - marksu@cvs.openbsd.org 2000/11/29 21:11:59 [sshd.c] sshd -D, startup w/o deamon(), for monitoring scripts or inittab; from handler@sub-rosa.com and eric@urbanrange.com; ok niels@ --- diff --git a/ChangeLog b/ChangeLog index b2876463..a3b82951 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,35 @@ +20001203 +- (bal) OpenBSD CVS updates: + - markus@cvs.openbsd.org 2000/11/30 22:54:31 + [channels.c] + debug->warn if tried to do -R style fwd w/o client requesting this; + ok neils@ + - markus@cvs.openbsd.org 2000/11/29 20:39:17 + [cipher.c] + des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV + - markus@cvs.openbsd.org 2000/11/30 18:33:05 + [ssh-agent.c] + agents must not dump core, ok niels@ + - markus@cvs.openbsd.org 2000/11/30 07:04:02 + [ssh.1] + T is for both protocols + - markus@cvs.openbsd.org 2000/12/01 00:00:51 + [ssh.1] + typo; from green@FreeBSD.org + - markus@cvs.openbsd.org 2000/11/30 07:02:35 + [ssh.c] + check -T before isatty() + - provos@cvs.openbsd.org 2000/11/29 13:51:27 + [sshconnect.c] + show IP address and hostname when new key is encountered. okay markus@ + - markus@cvs.openbsd.org 2000/11/30 22:53:35 + [sshconnect.c] + disable agent/x11/port fwding if hostkey has changed; ok niels@ + - marksu@cvs.openbsd.org 2000/11/29 21:11:59 + [sshd.c] + sshd -D, startup w/o deamon(), for monitoring scripts or inittab; + from handler@sub-rosa.com and eric@urbanrange.com; ok niels@ + 20001202 - (bal) Backed out of part of Alain St-Denis' loginrec.c patch. - (bal) Irix need some sort of mansubdir, patch by Michael Stone diff --git a/TODO b/TODO index c7135806..de51b3b0 100644 --- a/TODO +++ b/TODO @@ -2,6 +2,8 @@ Programming: - Replacement for setproctitle() - HP/UX support only currently - Improve PAM support (a pam_lastlog module will cause sshd to exit) + and maybe support alternate forms of authenications like OPIE via + pam? - Complete Tru64 SIA support diff --git a/channels.c b/channels.c index 0886a91e..91a1b50c 100644 --- a/channels.c +++ b/channels.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.73 2000/11/06 23:04:55 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.74 2000/11/30 22:54:31 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -1729,7 +1729,8 @@ channel_connect_by_listen_adress(u_short listen_port) return channel_connect_to( permitted_opens[i].host_to_connect, permitted_opens[i].port_to_connect); - debug("channel_connect_by_listen_adress: unknown listen_port %d", listen_port); + error("WARNING: Server requests forwarding for unknown listen_port %d", + listen_port); return -1; } diff --git a/cipher.c b/cipher.c index 65cde473..f9091453 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.37 2000/10/23 19:31:54 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.38 2000/11/29 20:39:17 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -154,14 +154,9 @@ des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src, memcpy(&iv1, iv2, 8); - des_cbc_encrypt(src, dest, len, cc->u.des3.key1, &iv1, DES_ENCRYPT); - memcpy(&iv1, dest + len - 8, 8); - - des_cbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_DECRYPT); - memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */ - - des_cbc_encrypt(dest, dest, len, cc->u.des3.key3, iv3, DES_ENCRYPT); - memcpy(iv3, dest + len - 8, 8); + des_ncbc_encrypt(src, dest, len, cc->u.des3.key1, &iv1, DES_ENCRYPT); + des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_DECRYPT); + des_ncbc_encrypt(dest, dest, len, cc->u.des3.key3, iv3, DES_ENCRYPT); } void des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, @@ -173,15 +168,9 @@ des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, memcpy(&iv1, iv2, 8); - des_cbc_encrypt(src, dest, len, cc->u.des3.key3, iv3, DES_DECRYPT); - memcpy(iv3, src + len - 8, 8); - - des_cbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_ENCRYPT); - memcpy(iv2, dest + len - 8, 8); - - des_cbc_encrypt(dest, dest, len, cc->u.des3.key1, &iv1, DES_DECRYPT); - /* memcpy(&iv1, iv2, 8); */ - /* Note how iv1 == iv2 on entry and exit. */ + des_ncbc_encrypt(src, dest, len, cc->u.des3.key3, iv3, DES_DECRYPT); + des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_ENCRYPT); + des_ncbc_encrypt(dest, dest, len, cc->u.des3.key1, &iv1, DES_DECRYPT); } /* Blowfish */ diff --git a/ssh-agent.c b/ssh-agent.c index 6f89dd5c..821ee26f 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.41 2000/11/30 18:33:05 markus Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.41 2000/11/30 18:33:05 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -674,6 +674,7 @@ main(int ac, char **av) fd_set readset, writeset; int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch; struct sockaddr_un sunaddr; + struct rlimit rlim; pid_t pid; char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; extern int optind; @@ -804,6 +805,12 @@ main(int ac, char **av) close(1); close(2); + /* deny core dumps, since memory contains unencrypted private keys */ + rlim.rlim_cur = rlim.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &rlim) < 0) { + perror("setrlimit rlimit_core failed"); + cleanup_exit(1); + } if (setsid() == -1) { perror("setsid"); cleanup_exit(1); diff --git a/ssh.1 b/ssh.1 index 4bbfe34c..8f3be174 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.68 2000/11/12 19:50:38 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.70 2000/12/01 00:00:51 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -446,7 +446,7 @@ needs to ask for a password or passphrase; see also the option.) .It Fl N Do not execute a remote command. -This is usefull if you just want to forward ports +This is useful if you just want to forward ports (protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the config file. @@ -475,7 +475,7 @@ This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. .It Fl T -Disable pseudo-tty allocation (protocol version 2 only). +Disable pseudo-tty allocation. .It Fl v Verbose mode. Causes @@ -1236,7 +1236,7 @@ This version of OpenSSH .Bl -bullet .It has all components of a restrictive nature (i.e., patents, see -.Xr crypto 3 ) +.Xr ssl 8 ) directly removed from the source code; any licensed or patented components are chosen from external libraries. @@ -1265,4 +1265,4 @@ The support for SSH protocol 2 was written by Markus Friedl. .Xr ssh-keygen 1 , .Xr telnet 1 , .Xr sshd 8 , -.Xr crypto 3 +.Xr ssl 8 diff --git a/ssh.c b/ssh.c index 3af5e037..d95f2214 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.75 2000/11/30 07:02:35 markus Exp $"); #include #include @@ -526,15 +526,15 @@ main(int ac, char **av) if (buffer_len(&command) == 0) tty_flag = 1; + /* Force no tty*/ + if (no_tty_flag) + tty_flag = 0; /* Do not allocate a tty if stdin is not a tty. */ if (!isatty(fileno(stdin))) { if (tty_flag) fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n"); tty_flag = 0; } - /* force */ - if (no_tty_flag) - tty_flag = 0; /* Get user data. */ pw = getpwuid(original_real_uid); diff --git a/sshconnect.c b/sshconnect.c index b33f2095..b54e75a8 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.81 2000/11/06 23:16:35 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $"); #include #include @@ -508,13 +508,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (options.proxy_command != NULL && options.check_host_ip) options.check_host_ip = 0; - if (options.check_host_ip) { - if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), - NULL, 0, NI_NUMERICHOST) != 0) - fatal("check_host_key: getnameinfo failed"); - ip = xstrdup(ntop); - } - + if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), + NULL, 0, NI_NUMERICHOST) != 0) + fatal("check_host_key: getnameinfo failed"); + ip = xstrdup(ntop); + /* * Store the host key from the known host file in here so that we can * compare it with the key for the IP address. @@ -577,10 +575,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, char prompt[1024]; char *fp = key_fingerprint(host_key); snprintf(prompt, sizeof(prompt), - "The authenticity of host '%.200s' can't be established.\n" + "The authenticity of host '%.200s (%s)' can't be established.\n" "%s key fingerprint is %s.\n" "Are you sure you want to continue connecting (yes/no)? ", - host, type, fp); + host, ip, type, fp); if (!read_yes_or_no(prompt, -1)) fatal("Aborted by user!\n"); } @@ -647,6 +645,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("Agent forwarding is disabled to avoid trojan horses."); options.forward_agent = 0; } + if (options.forward_x11) { + error("X11 forwarding is disabled to avoid trojan horses."); + options.forward_x11 = 0; + } + if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) { + error("Port forwarding is disabled to avoid trojan horses."); + options.num_local_forwards = options.num_remote_forwards = 0; + } /* * XXX Should permit the user to change to use the new id. * This could be done by converting the host key to an @@ -656,8 +662,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, */ break; } - if (options.check_host_ip) - xfree(ip); + + xfree(ip); } /* diff --git a/sshd.c b/sshd.c index 4a5f6627..4a01ebec 100644 --- a/sshd.c +++ b/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.134 2000/11/12 19:50:38 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.135 2000/11/29 21:11:59 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -111,6 +111,9 @@ int debug_flag = 0; /* Flag indicating that the daemon is being started from inetd. */ int inetd_flag = 0; +/* Flag indicating that sshd should not detach and become a daemon. */ +int no_daemon_flag = 0; + /* debug goes to stderr unless inetd_flag is set */ int log_stderr = 0; @@ -583,7 +586,7 @@ main(int ac, char **av) initialize_server_options(&options); /* Parse command-line arguments. */ - while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:diqQ46")) != EOF) { + while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != EOF) { switch (opt) { case '4': IPv4or6 = AF_INET; @@ -605,6 +608,9 @@ main(int ac, char **av) exit(1); } break; + case 'D': + no_daemon_flag = 1; + break; case 'i': inetd_flag = 1; break; @@ -769,7 +775,7 @@ main(int ac, char **av) * from the controlling terminal, and fork. The original process * exits. */ - if (!debug_flag && !inetd_flag) { + if (!(debug_flag || inetd_flag || no_daemon_flag)) { #ifdef TIOCNOTTY int fd; #endif /* TIOCNOTTY */