diff options
| author | des <des@FreeBSD.org> | 2002-10-29 10:16:02 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2002-10-29 10:16:02 +0000 |
| commit | 279b0fa809e30e3a007bbc4b2adb1ccbd4d4a87a (patch) | |
| tree | 404fa392fc6f2560e3c459fa20228c7031d0289d /crypto/openssh | |
| parent | ce26c10eda4d687d476e9bbac51ccd26564af8da (diff) | |
| download | FreeBSD-src-279b0fa809e30e3a007bbc4b2adb1ccbd4d4a87a.zip FreeBSD-src-279b0fa809e30e3a007bbc4b2adb1ccbd4d4a87a.tar.gz | |
Resolve conflicts.
Diffstat (limited to 'crypto/openssh')
57 files changed, 1253 insertions, 526 deletions
diff --git a/crypto/openssh/acconfig.h b/crypto/openssh/acconfig.h index ca5181c..b5bb555 100644 --- a/crypto/openssh/acconfig.h +++ b/crypto/openssh/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ +/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ /* $FreeBSD$ */ #ifndef _CONFIG_H @@ -149,7 +149,10 @@ #undef DISABLE_PUTUTXLINE /* Define if you don't want to use lastlog */ -#undef DISABLE_LASTLOG +#define DISABLE_LASTLOG + +/* Define if you don't want to use lastlog in session.c */ +#undef NO_SSH_LASTLOG /* Define if you don't want to use utmp */ #undef DISABLE_UTMP @@ -314,6 +317,9 @@ /* Define if X11 doesn't support AF_UNIX sockets on that system */ #undef NO_X11_UNIX_SOCKETS +/* Define if the concept of ports only accessible to superusers isn't known */ +#undef NO_IPPORT_RESERVED_CONCEPT + /* Needed for SCO and NeXT */ #undef BROKEN_SAVED_UIDS @@ -359,11 +365,8 @@ /* Path that unprivileged child will chroot() to in privep mode */ #undef PRIVSEP_PATH -/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ -#undef HAVE_MMAP_ANON_SHARED - -/* Define if sendmsg()/recvmsg() has problems passing file descriptors */ -#undef BROKEN_FD_PASSING +/* Define if your platform needs to skip post auth file descriptor passing */ +#undef DISABLE_FD_PASSING @BOTTOM@ diff --git a/crypto/openssh/auth-krb4.c b/crypto/openssh/auth-krb4.c index 1cc528a..9359438 100644 --- a/crypto/openssh/auth-krb4.c +++ b/crypto/openssh/auth-krb4.c @@ -23,7 +23,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.27 2002/06/11 05:46:20 mpech Exp $"); +RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $"); +RCSID("$FreeBSD$"); #include "ssh.h" #include "ssh1.h" @@ -210,10 +211,9 @@ krb4_cleanup_proc(void *context) } int -auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) +auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply) { AUTH_DAT adat = {0}; - KTEXT_ST reply; Key_schedule schedule; struct sockaddr_in local, foreign; char instance[INST_SZ]; @@ -263,21 +263,16 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) /* If we can't successfully encrypt the checksum, we send back an empty message, admitting our failure. */ - if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1, + if ((r = krb_mk_priv((u_char *) & cksum, reply->dat, sizeof(cksum) + 1, schedule, &adat.session, &local, &foreign)) < 0) { debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]); - reply.dat[0] = 0; - reply.length = 0; + reply->dat[0] = 0; + reply->length = 0; } else - reply.length = r; + reply->length = r; /* Clear session key. */ memset(&adat.session, 0, sizeof(&adat.session)); - - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *) reply.dat, reply.length); - packet_send(); - packet_write_wait(); return (1); } #endif /* KRB4 */ diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c index 0f1f564..06eb9b7 100644 --- a/crypto/openssh/auth-krb5.c +++ b/crypto/openssh/auth-krb5.c @@ -28,7 +28,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.8 2002/03/19 10:49:35 markus Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $"); +RCSID("$FreeBSD$"); #include "ssh.h" #include "ssh1.h" @@ -73,18 +74,17 @@ krb5_init(void *context) * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) +auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) { krb5_error_code problem; krb5_principal server; - krb5_data reply; krb5_ticket *ticket; int fd, ret; ret = 0; server = NULL; ticket = NULL; - reply.length = 0; + reply->length = 0; problem = krb5_init(authctxt); if (problem) @@ -131,7 +131,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) /* if client wants mutual auth */ problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, - &reply); + reply); if (problem) goto err; @@ -144,19 +144,16 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, client); - packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); - packet_put_string((char *) reply.data, reply.length); - packet_send(); - packet_write_wait(); - ret = 1; err: if (server) krb5_free_principal(authctxt->krb5_ctx, server); if (ticket) krb5_free_ticket(authctxt->krb5_ctx, ticket); - if (reply.length) - xfree(reply.data); + if (!ret && reply->length) { + xfree(reply->data); + memset(reply, 0, sizeof(*reply)); + } if (problem) { if (authctxt->krb5_ctx != NULL) diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index 490990d..8ec96b7 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -25,10 +25,10 @@ #include "includes.h" #ifdef USE_PAM -#include "ssh.h" #include "xmalloc.h" #include "log.h" #include "auth.h" +#include "auth-options.h" #include "auth-pam.h" #include "servconf.h" #include "canohost.h" @@ -36,17 +36,22 @@ extern char *__progname; -RCSID("$Id: auth-pam.c,v 1.46 2002/05/08 02:27:56 djm Exp $"); +extern int use_privsep; + +RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $"); +RCSID("$FreeBSD$"); #define NEW_AUTHTOK_MSG \ - "Warning: Your password has expired, please change it now" + "Warning: Your password has expired, please change it now." +#define NEW_AUTHTOK_MSG_PRIVSEP \ + "Your password has expired, the session cannot proceed." static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); /* module-local variables */ static struct pam_conv conv = { - do_pam_conversation, + (int (*)())do_pam_conversation, NULL }; static char *__pam_msg = NULL; @@ -55,7 +60,7 @@ static const char *__pampasswd = NULL; /* states for do_pam_conversation() */ enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; -/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */ +/* remember whether pam_acct_mgmt() returned PAM_NEW_AUTHTOK_REQD */ static int password_change_required = 0; /* remember whether the last pam_authenticate() succeeded or not */ static int was_authenticated = 0; @@ -100,9 +105,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, char buf[1024]; /* PAM will free this later */ - reply = malloc(num_msg * sizeof(*reply)); - if (reply == NULL) - return PAM_CONV_ERR; + reply = xmalloc(num_msg * sizeof(*reply)); for (count = 0; count < num_msg; count++) { if (pamstate == INITIAL_LOGIN) { @@ -112,11 +115,11 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, */ switch(PAM_MSG_MEMBER(msg, count, msg_style)) { case PAM_PROMPT_ECHO_ON: - free(reply); + xfree(reply); return PAM_CONV_ERR; case PAM_PROMPT_ECHO_OFF: if (__pampasswd == NULL) { - free(reply); + xfree(reply); return PAM_CONV_ERR; } reply[count].resp = xstrdup(__pampasswd); @@ -124,7 +127,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: - if ((*msg)[count].msg != NULL) { + if (PAM_MSG_MEMBER(msg, count, msg) != NULL) { message_cat(&__pam_msg, PAM_MSG_MEMBER(msg, count, msg)); } @@ -132,7 +135,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, reply[count].resp_retcode = PAM_SUCCESS; break; default: - free(reply); + xfree(reply); return PAM_CONV_ERR; } } else { @@ -154,14 +157,14 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: - if ((*msg)[count].msg != NULL) + if (PAM_MSG_MEMBER(msg, count, msg) != NULL) fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, count, msg)); reply[count].resp = xstrdup(""); reply[count].resp_retcode = PAM_SUCCESS; break; default: - free(reply); + xfree(reply); return PAM_CONV_ERR; } } @@ -256,9 +259,14 @@ int do_pam_account(char *username, char *remote_user) break; #if 0 case PAM_NEW_AUTHTOK_REQD: - message_cat(&__pam_msg, NEW_AUTHTOK_MSG); + message_cat(&__pam_msg, use_privsep ? + NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; + /* disallow other functionality for now */ + no_port_forwarding_flag |= 2; + no_agent_forwarding_flag |= 2; + no_x11_forwarding_flag |= 2; break; #endif default: @@ -328,7 +336,7 @@ int is_pam_password_change_required(void) * Have user change authentication token if pam_acct_mgmt() indicated * it was expired. This needs to be called after an interactive * session is established and the user's pty is connected to - * stdin/stout/stderr. + * stdin/stdout/stderr. */ void do_pam_chauthtok(void) { @@ -337,11 +345,23 @@ void do_pam_chauthtok(void) do_pam_set_conv(&conv); if (password_change_required) { + if (use_privsep) + fatal("Password changing is currently unsupported" + " with privilege separation"); pamstate = OTHER; pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_retval != PAM_SUCCESS) fatal("PAM pam_chauthtok failed[%d]: %.200s", pam_retval, PAM_STRERROR(__pamh, pam_retval)); +#if 0 + /* XXX: This would need to be done in the parent process, + * but there's currently no way to pass such request. */ + no_port_forwarding_flag &= ~2; + no_agent_forwarding_flag &= ~2; + no_x11_forwarding_flag &= ~2; + if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + channel_permit_all_opens(); +#endif } } @@ -392,7 +412,7 @@ void start_pam(const char *user) fatal_add_cleanup(&do_pam_cleanup_proc, NULL); } -/* Return list of PAM enviornment strings */ +/* Return list of PAM environment strings */ char **fetch_pam_environment(void) { #ifdef HAVE_PAM_GETENVLIST @@ -402,6 +422,16 @@ char **fetch_pam_environment(void) #endif /* HAVE_PAM_GETENVLIST */ } +void free_pam_environment(char **env) +{ + int i; + + if (env != NULL) { + for (i = 0; env[i] != NULL; i++) + xfree(env[i]); + } +} + /* Print any messages that have been generated during authentication */ /* or account checking to stderr */ void print_pam_messages(void) diff --git a/crypto/openssh/auth-pam.h b/crypto/openssh/auth-pam.h index 6b1f35ad..05a3ba0 100644 --- a/crypto/openssh/auth-pam.h +++ b/crypto/openssh/auth-pam.h @@ -1,14 +1,42 @@ -/* $Id: auth-pam.h,v 1.12 2002/04/04 19:02:28 stevesk Exp $ */ +/* $Id: auth-pam.h,v 1.16 2002/07/23 00:44:07 stevesk Exp $ */ +/* $FreeBSD$ */ + +/* + * Copyright (c) 2000 Damien Miller. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ #include "includes.h" #ifdef USE_PAM -#include <pwd.h> /* For struct passwd */ +#if !defined(SSHD_PAM_SERVICE) +# define SSHD_PAM_SERVICE __progname +#endif void start_pam(const char *user); void finish_pam(void); int auth_pam_password(Authctxt *authctxt, const char *password); char **fetch_pam_environment(void); +void free_pam_environment(char **env); int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index 180df5f..8f2056e 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -89,6 +89,9 @@ RCSID("$FreeBSD$"); #endif /* !USE_PAM && !HAVE_OSF_SIA */ extern ServerOptions options; +#ifdef WITH_AIXAUTHENTICATE +extern char *aixloginmsg; +#endif /* * Tries to authenticate the user using password. Returns true if @@ -121,7 +124,7 @@ auth_password(Authctxt *authctxt, const char *password) #endif #ifdef WITH_AIXAUTHENTICATE char *authmsg; - char *loginmsg; + int authsuccess; int reenter = 1; #endif @@ -153,7 +156,16 @@ auth_password(Authctxt *authctxt, const char *password) } #endif #ifdef WITH_AIXAUTHENTICATE - return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + + if (authsuccess) + /* We don't have a pty yet, so just label the line as "ssh" */ + if (loginsuccess(authctxt->user, + get_canonical_hostname(options.verify_reverse_mapping), + "ssh", &aixloginmsg) < 0) + aixloginmsg = NULL; + + return(authsuccess); #endif #ifdef KRB4 if (options.kerberos_authentication == 1) { diff --git a/crypto/openssh/auth-skey.c b/crypto/openssh/auth-skey.c index 886b2d2..a534e35 100644 --- a/crypto/openssh/auth-skey.c +++ b/crypto/openssh/auth-skey.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.19 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $"); RCSID("$FreeBSD$"); #ifdef SKEY @@ -62,7 +62,7 @@ skey_query(void *ctx, char **name, char **infotxt, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char*)); + *prompts = xmalloc(*numprompts * sizeof(char *)); *echo_on = xmalloc(*numprompts * sizeof(u_int)); (*echo_on)[0] = 0; diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index c90865f..b101d4b 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.43 2002/05/17 14:27:55 millert Exp $"); +RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); RCSID("$FreeBSD$"); #ifdef HAVE_LOGIN_H @@ -257,6 +257,14 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) get_remote_ipaddr(), get_remote_port(), info); + +#ifdef WITH_AIXAUTHENTICATE + if (authenticated == 0 && strcmp(method, "password") == 0) + loginfailed(authctxt->user, + get_canonical_hostname(options.verify_reverse_mapping), + "ssh"); +#endif /* WITH_AIXAUTHENTICATE */ + } /* @@ -393,7 +401,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, /* * Check a given file for security. This is defined as all components - * of the path to the file must either be owned by either the owner of + * of the path to the file must be owned by either the owner of * of the file or root and no directories must be group or world writable. * * XXX Should any specific check be done for sym links ? @@ -477,7 +485,12 @@ getpwnamallow(const char *user) struct passwd *pw; pw = getpwnam(user); - if (pw == NULL || !allowed_user(pw)) + if (pw == NULL) { + log("Illegal user %.100s from %.100s", + user, get_remote_ipaddr()); + return (NULL); + } + if (!allowed_user(pw)) return (NULL); #ifdef HAVE_LOGIN_CAP if ((lc = login_getpwclass(pw)) == NULL) { diff --git a/crypto/openssh/auth.h b/crypto/openssh/auth.h index 730b70d..79ce420 100644 --- a/crypto/openssh/auth.h +++ b/crypto/openssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.41 2002/09/26 11:38:43 markus Exp $ */ /* $FreeBSD$ */ /* @@ -114,7 +114,7 @@ int user_key_allowed(struct passwd *, Key *); #ifdef KRB4 #include <krb.h> -int auth_krb4(Authctxt *, KTEXT, char **); +int auth_krb4(Authctxt *, KTEXT, char **, KTEXT); int auth_krb4_password(Authctxt *, const char *); void krb4_cleanup_proc(void *); @@ -127,7 +127,7 @@ int auth_afs_token(Authctxt *, const char *); #endif /* KRB4 */ #ifdef KRB5 -int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client); +int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(void *authctxt); diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c index 2ebc8d0..f88dcc9 100644 --- a/crypto/openssh/auth1.c +++ b/crypto/openssh/auth1.c @@ -10,7 +10,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); +RCSID("$FreeBSD$"); #include "xmalloc.h" #include "rsa.h" @@ -118,30 +119,49 @@ do_authloop(Authctxt *authctxt) if (kdata[0] == 4) { /* KRB_PROT_VERSION */ #ifdef KRB4 - KTEXT_ST tkt; - + KTEXT_ST tkt, reply; tkt.length = dlen; if (tkt.length < MAX_KTXT_LEN) memcpy(tkt.dat, kdata, tkt.length); - if (auth_krb4(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb4(authctxt, &tkt, + &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + packet_start( + SSH_SMSG_AUTH_KERBEROS_RESPONSE); + packet_put_string((char *) + reply.dat, reply.length); + packet_send(); + packet_write_wait(); } #endif /* KRB4 */ } else { #ifdef KRB5 - krb5_data tkt; + krb5_data tkt, reply; tkt.length = dlen; tkt.data = kdata; - if (auth_krb5(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb5(authctxt, &tkt, + &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + /* Send response to client */ + packet_start( + SSH_SMSG_AUTH_KERBEROS_RESPONSE); + packet_put_string((char *) + reply.data, reply.length); + packet_send(); + packet_write_wait(); + + if (reply.length) + xfree(reply.data); } #endif /* KRB5 */ } @@ -292,6 +312,15 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); +#ifdef _UNICOS + if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) + cray_login_failure(authctxt->user, IA_UDBERR); + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + #ifdef HAVE_CYGWIN if (authenticated && !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { @@ -301,7 +330,8 @@ do_authloop(Authctxt *authctxt) } #else /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && + if (!use_privsep && + authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(get_authname(type))) authenticated = 0; #endif @@ -323,12 +353,6 @@ do_authloop(Authctxt *authctxt) return; if (authctxt->failures++ > AUTH_FAIL_MAX) { -#ifdef WITH_AIXAUTHENTICATE - /* XXX: privsep */ - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } diff --git a/crypto/openssh/auth2-chall.c b/crypto/openssh/auth2-chall.c index 5f43ee9..1e48387 100644 --- a/crypto/openssh/auth2-chall.c +++ b/crypto/openssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $"); RCSID("$FreeBSD$"); #include "ssh2.h" @@ -270,7 +270,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) if (nresp > 100) fatal("input_userauth_info_response: too many replies"); if (nresp > 0) { - response = xmalloc(nresp * sizeof(char*)); + response = xmalloc(nresp * sizeof(char *)); for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL); } diff --git a/crypto/openssh/auth2-pam-freebsd.c b/crypto/openssh/auth2-pam-freebsd.c index 752f45f..6b88697 100644 --- a/crypto/openssh/auth2-pam-freebsd.c +++ b/crypto/openssh/auth2-pam-freebsd.c @@ -81,27 +81,27 @@ pam_child_conv(int n, switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: buffer_put_cstring(&buffer, msg[i]->msg); - msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); - msg_recv(ctxt->pam_sock, &buffer); + ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); + ssh_msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, msg[i]->msg); - msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); - msg_recv(ctxt->pam_sock, &buffer); + ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); + ssh_msg_recv(ctxt->pam_sock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; resp[i]->resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: buffer_put_cstring(&buffer, msg[i]->msg); - msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); + ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); break; case PAM_TEXT_INFO: buffer_put_cstring(&buffer, msg[i]->msg); - msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); + ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer); break; default: goto fail; @@ -142,13 +142,13 @@ pam_child(struct pam_ctxt *ctxt) if (pam_err != PAM_SUCCESS) goto auth_fail; buffer_put_cstring(&buffer, "OK"); - msg_send(ctxt->pam_sock, PAM_SUCCESS, &buffer); + ssh_msg_send(ctxt->pam_sock, PAM_SUCCESS, &buffer); buffer_free(&buffer); pam_end(pamh, pam_err); exit(0); auth_fail: buffer_put_cstring(&buffer, pam_strerror(pamh, pam_err)); - msg_send(ctxt->pam_sock, PAM_AUTH_ERR, &buffer); + ssh_msg_send(ctxt->pam_sock, PAM_AUTH_ERR, &buffer); buffer_free(&buffer); pam_end(pamh, pam_err); exit(0); @@ -222,7 +222,7 @@ pam_query(void *ctx, char **name, char **info, **prompts = NULL; plen = 0; *echo_on = xmalloc(sizeof(u_int)); - while (msg_recv(ctxt->pam_sock, &buffer) == 0) { + while (ssh_msg_recv(ctxt->pam_sock, &buffer) == 0) { type = buffer_get_char(&buffer); msg = buffer_get_string(&buffer, NULL); switch (type) { @@ -296,7 +296,7 @@ pam_respond(void *ctx, u_int num, char **resp) } buffer_init(&buffer); buffer_put_cstring(&buffer, *resp); - msg_send(ctxt->pam_sock, PAM_AUTHTOK, &buffer); + ssh_msg_send(ctxt->pam_sock, PAM_AUTHTOK, &buffer); buffer_free(&buffer); return (1); } diff --git a/crypto/openssh/auth2-pam.c b/crypto/openssh/auth2-pam.c index 79be8e8..8454aae 100644 --- a/crypto/openssh/auth2-pam.c +++ b/crypto/openssh/auth2-pam.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $"); +RCSID("$Id: auth2-pam.c,v 1.14 2002/06/28 16:48:12 mouring Exp $"); RCSID("$FreeBSD$"); #ifdef USE_PAM @@ -117,11 +117,11 @@ do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg, while(context_pam2.finished == 0) { done = 1; dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr); - if(context_pam2.finished == 0) + if (context_pam2.finished == 0) debug("extra packet during conversation"); } - if(context_pam2.num_received == context_pam2.num_expected) { + if (context_pam2.num_received == context_pam2.num_expected) { *resp = context_pam2.responses; return PAM_SUCCESS; } else @@ -144,8 +144,8 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) if (nresp != context_pam2.num_expected) fatal("%s: Received incorrect number of responses " - "(expected %u, received %u)", __func__, nresp, - context_pam2.num_expected); + "(expected %d, received %u)", __func__, + context_pam2.num_expected, nresp); if (nresp > 100) fatal("%s: too many replies", __func__); @@ -164,5 +164,4 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) packet_check_eom(); } - #endif diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index 3ff0b57..554bf68 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $"); RCSID("$FreeBSD$"); #include "ssh2.h" @@ -103,7 +103,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) { Authctxt *authctxt = ctxt; u_int len; - int accept = 0; + int acceptit = 0; char *service = packet_get_string(&len); packet_check_eom(); @@ -112,14 +112,14 @@ input_service_request(int type, u_int32_t seq, void *ctxt) if (strcmp(service, "ssh-userauth") == 0) { if (!authctxt->success) { - accept = 1; + acceptit = 1; /* now we can handle user-auth requests */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); } } /* XXX all other service requests are denied */ - if (accept) { + if (acceptit) { packet_start(SSH2_MSG_SERVICE_ACCEPT); packet_put_cstring(service); packet_send(); @@ -234,7 +234,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authctxt->user); /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && + if (!use_privsep && + authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed(method)) authenticated = 0; @@ -244,6 +245,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authenticated = 0; #endif /* USE_PAM */ +#ifdef _UNICOS + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + /* Log before sending the reply */ auth_log(authctxt, authenticated, method, " ssh2"); @@ -261,14 +269,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authctxt->success = 1; } else { if (authctxt->failures++ > AUTH_FAIL_MAX) { -#ifdef WITH_AIXAUTHENTICATE - /* XXX: privsep */ - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } +#ifdef _UNICOS + if (strcmp(method, "password") == 0) + cray_login_failure(authctxt->user, IA_UDBERR); +#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c index 1b689ea..5af92af 100644 --- a/crypto/openssh/authfd.c +++ b/crypto/openssh/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $"); RCSID("$FreeBSD$"); #include <openssl/evp.h> @@ -54,6 +54,8 @@ RCSID("$FreeBSD$"); #include "log.h" #include "atomicio.h" +static int agent_present = 0; + /* helper */ int decode_reply(int type); @@ -62,6 +64,21 @@ int decode_reply(int type); ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ (x == SSH2_AGENT_FAILURE)) +int +ssh_agent_present(void) +{ + int authfd; + + if (agent_present) + return 1; + if ((authfd = ssh_get_authentication_socket()) == -1) + return 0; + else { + ssh_close_authentication_socket(authfd); + return 1; + } +} + /* Returns the number of the authentication fd, or -1 if there is none. */ int @@ -91,6 +108,7 @@ ssh_get_authentication_socket(void) close(sock); return -1; } + agent_present = 1; return sock; } diff --git a/crypto/openssh/canohost.c b/crypto/openssh/canohost.c index 00c499c..1685c7e 100644 --- a/crypto/openssh/canohost.c +++ b/crypto/openssh/canohost.c @@ -12,7 +12,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.32 2002/06/11 08:11:45 itojun Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $"); +RCSID("$FreeBSD$"); #include "packet.h" #include "xmalloc.h" @@ -77,7 +78,9 @@ get_remote_hostname(int socket, int verify_reverse_mapping) if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), NULL, 0, NI_NAMEREQD) != 0) { /* Host name not found. Use ip address. */ +#if 0 log("Could not reverse map address %.100s.", ntop); +#endif return xstrdup(ntop); } @@ -216,18 +219,12 @@ get_socket_address(int socket, int remote, int flags) if (remote) { if (getpeername(socket, (struct sockaddr *)&addr, &addrlen) - < 0) { - debug("get_socket_ipaddr: getpeername failed: %.100s", - strerror(errno)); + < 0) return NULL; - } } else { if (getsockname(socket, (struct sockaddr *)&addr, &addrlen) - < 0) { - debug("get_socket_ipaddr: getsockname failed: %.100s", - strerror(errno)); + < 0) return NULL; - } } /* Get the address in ascii. */ if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), @@ -241,13 +238,21 @@ get_socket_address(int socket, int remote, int flags) char * get_peer_ipaddr(int socket) { - return get_socket_address(socket, 1, NI_NUMERICHOST); + char *p; + + if ((p = get_socket_address(socket, 1, NI_NUMERICHOST)) != NULL) + return p; + return xstrdup("UNKNOWN"); } char * get_local_ipaddr(int socket) { - return get_socket_address(socket, 0, NI_NUMERICHOST); + char *p; + + if ((p = get_socket_address(socket, 0, NI_NUMERICHOST)) != NULL) + return p; + return xstrdup("UNKNOWN"); } char * diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 25d23e3..cad8b8e 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $"); RCSID("$FreeBSD$"); #include "ssh.h" @@ -187,6 +187,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, } else { c->isatty = 0; } + c->wfd_isatty = isatty(c->wfd); /* enable nonblocking mode */ if (nonblock) { @@ -573,6 +574,7 @@ void channel_send_open(int id) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_send_open: %d: bad id", id); return; @@ -590,6 +592,7 @@ void channel_request_start(int local_id, char *service, int wantconfirm) { Channel *c = channel_lookup(local_id); + if (c == NULL) { log("channel_request_start: %d: unknown channel id", local_id); return; @@ -604,6 +607,7 @@ void channel_register_confirm(int id, channel_callback_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_register_comfirm: %d: bad id", id); return; @@ -614,6 +618,7 @@ void channel_register_cleanup(int id, channel_callback_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_register_cleanup: %d: bad id", id); return; @@ -624,6 +629,7 @@ void channel_cancel_cleanup(int id) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_cancel_cleanup: %d: bad id", id); return; @@ -634,6 +640,7 @@ void channel_register_filter(int id, channel_filter_fn *fn) { Channel *c = channel_lookup(id); + if (c == NULL) { log("channel_register_filter: %d: bad id", id); return; @@ -646,6 +653,7 @@ channel_set_fds(int id, int rfd, int wfd, int efd, int extusage, int nonblock, u_int window_max) { Channel *c = channel_lookup(id); + if (c == NULL || c->type != SSH_CHANNEL_LARVAL) fatal("channel_activate for non-larval channel %d.", id); channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); @@ -816,6 +824,7 @@ static void channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) { int ret = x11_open_helper(&c->output); + if (ret == 1) { /* Start normal processing for the channel. */ c->type = SSH_CHANNEL_OPEN; @@ -867,7 +876,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) static int channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) { - u_char *p, *host; + char *p, *host; int len, have, i, found; char username[256]; struct { @@ -1279,6 +1288,11 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) buffer_len(&c->output) > 0) { data = buffer_ptr(&c->output); dlen = buffer_len(&c->output); +#ifdef _AIX + /* XXX: Later AIX versions can't push as much data to tty */ + if (compat20 && c->wfd_isatty && dlen > 8*1024) + dlen = 8*1024; +#endif len = write(c->wfd, data, dlen); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; @@ -1396,6 +1410,7 @@ static void channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset) { int len; + /* Send buffered output data to the socket. */ if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) { len = write(c->sock, buffer_ptr(&c->output), @@ -1473,6 +1488,7 @@ static void channel_handler_init(void) { int i; + for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { channel_pre[i] = NULL; channel_post[i] = NULL; @@ -2007,7 +2023,6 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por struct addrinfo hints, *ai, *aitop; const char *host; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - struct linger linger; success = 0; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? @@ -2050,13 +2065,13 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por continue; } /* - * Set socket options. We would like the socket to disappear - * as soon as it has been closed for whatever reason. + * Set socket options. + * Allow local port reuse in TIME_WAIT. */ - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, + sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR: %s", strerror(errno)); + debug("Local forwarding listening on %s port %s.", ntop, strport); /* Bind the socket to the address. */ @@ -2606,6 +2621,7 @@ void deny_input_open(int type, u_int32_t seq, void *ctxt) { int rchan = packet_get_int(); + switch (type) { case SSH_SMSG_AGENT_OPEN: error("Warning: ssh server tried agent forwarding."); diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index 7ef0039..9ff0fd9 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -78,6 +78,7 @@ struct Channel { int efd; /* extended fd */ int sock; /* sock fd */ int isatty; /* rfd is a tty */ + int wfd_isatty; /* wfd is a tty */ int force_drain; /* force close on iEOF */ int delayed; /* fdset hack */ Buffer input; /* data read from socket, to be sent over diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index 288b4d6..254bd91 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); RCSID("$FreeBSD$"); #include "xmalloc.h" @@ -438,6 +438,18 @@ swap_bytes(const u_char *src, u_char *dst, int n) } } +#ifdef SSH_OLD_EVP +static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + if (iv != NULL) + memcpy (&(ctx->oiv[0]), iv, 8); + memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8); + if (key != NULL) + BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx), + key); +} +#endif static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; static int @@ -459,6 +471,9 @@ evp_ssh1_bf(void) memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); orig_bf = ssh1_bf.do_cipher; ssh1_bf.nid = NID_undef; +#ifdef SSH_OLD_EVP + ssh1_bf.init = bf_ssh1_init; +#endif ssh1_bf.do_cipher = bf_ssh1_cipher; ssh1_bf.key_len = 32; return (&ssh1_bf); @@ -568,7 +583,7 @@ evp_rijndael(void) rijndal_cbc.do_cipher = ssh_rijndael_cbc; #ifndef SSH_OLD_EVP rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | - EVP_CIPH_ALWAYS_CALL_INIT; + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; #endif return (&rijndal_cbc); } diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c index 406b47c..cf78707 100644 --- a/crypto/openssh/compat.c +++ b/crypto/openssh/compat.c @@ -23,7 +23,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.63 2002/04/10 08:21:47 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); +RCSID("$FreeBSD$"); #include "buffer.h" #include "packet.h" @@ -39,13 +40,13 @@ int datafellows = 0; void enable_compat20(void) { - verbose("Enabling compatibility mode for protocol 2.0"); + debug("Enabling compatibility mode for protocol 2.0"); compat20 = 1; } void enable_compat13(void) { - verbose("Enabling compatibility mode for protocol 1.3"); + debug("Enabling compatibility mode for protocol 1.3"); compat13 = 1; } /* datafellows bug compatibility */ @@ -146,6 +147,8 @@ compat_datafellows(const char *version) "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, { "*SSH_Version_Mapper*", SSH_BUG_SCANNER }, + { "Probe-*", + SSH_BUG_PROBE }, { NULL, 0 } }; diff --git a/crypto/openssh/compat.h b/crypto/openssh/compat.h index 7afca04..4670108 100644 --- a/crypto/openssh/compat.h +++ b/crypto/openssh/compat.h @@ -1,4 +1,5 @@ -/* $OpenBSD: compat.h,v 1.32 2002/04/10 08:21:47 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ +/* $FreeBSD$ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -54,6 +55,7 @@ #define SSH_BUG_DUMMYCHAN 0x00100000 #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_K5USER 0x00400000 +#define SSH_BUG_PROBE 0x00800000 void enable_compat13(void); void enable_compat20(void); diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index 0ca9296..eef77f3 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $ +# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ # $FreeBSD$ AC_INIT @@ -18,7 +18,6 @@ AC_PATH_PROGS(PERL, perl5 perl) AC_SUBST(PERL) AC_PATH_PROG(ENT, ent) AC_SUBST(ENT) -AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin) AC_PATH_PROG(TEST_MINUS_S_SH, bash) AC_PATH_PROG(TEST_MINUS_S_SH, ksh) AC_PATH_PROG(TEST_MINUS_S_SH, sh) @@ -72,7 +71,12 @@ case "$host" in ) LDFLAGS="$saved_LDFLAGS" fi - AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)]) + AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], + [AC_CHECK_LIB(s,authenticate, + [ AC_DEFINE(WITH_AIXAUTHENTICATE) + LIBS="$LIBS -ls" + ]) + ]) AC_DEFINE(BROKEN_GETADDRINFO) AC_DEFINE(BROKEN_REALPATH) dnl AIX handles lastlog as part of its login message @@ -87,14 +91,24 @@ case "$host" in AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(NO_X11_UNIX_SOCKETS) - AC_DEFINE(BROKEN_FD_PASSING) + AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) + AC_DEFINE(DISABLE_FD_PASSING) AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) ;; *-*-darwin*) - AC_DEFINE(BROKEN_GETADDRINFO) + AC_MSG_CHECKING(if we have working getaddrinfo) + AC_TRY_RUN([#include <mach-o/dyld.h> +main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + exit(0); + else + exit(1); +}], [AC_MSG_RESULT(working)], + [AC_MSG_RESULT(buggy) + AC_DEFINE(BROKEN_GETADDRINFO)], + [AC_MSG_RESULT(assume it is working)]) ;; *-*-hpux10.26) if test -z "$GCC"; then @@ -109,7 +123,8 @@ case "$host" in AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(SPT_TYPE,SPT_PSTAT) - LIBS="$LIBS -lxnet -lsec -lsecpw" + LIBS="$LIBS -lsec -lsecpw" + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) disable_ptmx_check=yes ;; *-*-hpux10*) @@ -124,7 +139,8 @@ case "$host" in AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(SPT_TYPE,SPT_PSTAT) - LIBS="$LIBS -lxnet -lsec" + LIBS="$LIBS -lsec" + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; *-*-hpux11*) CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" @@ -136,7 +152,8 @@ case "$host" in AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(SPT_TYPE,SPT_PSTAT) - LIBS="$LIBS -lxnet -lsec" + LIBS="$LIBS -lsec" + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; *-*-irix5*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" @@ -168,6 +185,7 @@ mips-sony-bsd|mips-sony-newsos4) SONY=1 ;; *-*-netbsd*) + check_for_libcrypt_before=1 need_dash_r=1 ;; *-*-freebsd*) @@ -268,17 +286,28 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(USE_PIPES) AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(BROKEN_FD_PASSING) + AC_DEFINE(DISABLE_FD_PASSING) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man ;; +*-*-unicosmk*) + no_libsocket=1 + no_libnsl=1 + AC_DEFINE(USE_PIPES) + AC_DEFINE(DISABLE_FD_PASSING) + LDFLAGS="$LDFLAGS" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat + ;; *-*-unicos*) no_libsocket=1 no_libnsl=1 AC_DEFINE(USE_PIPES) - AC_DEFINE(BROKEN_FD_PASSING) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" - LIBS="$LIBS -lgen -lrsc" + AC_DEFINE(DISABLE_FD_PASSING) + AC_DEFINE(NO_SSH_LASTLOG) + LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat ;; *-dec-osf*) AC_MSG_CHECKING(for Digital Unix SIA) @@ -349,14 +378,14 @@ AC_ARG_WITH(libs, # Checks for header files. AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ - getopt.h glob.h lastlog.h limits.h login.h \ + getopt.h glob.h ia.h lastlog.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ sys/mman.h sys/select.h sys/stat.h \ sys/stropts.h sys/sysmacros.h sys/time.h \ - sys/un.h time.h ttyent.h usersec.h \ + sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) # Checks for libraries. @@ -420,7 +449,8 @@ AC_CHECK_FUNC(strcasecmp, [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] ) AC_CHECK_FUNC(utimes, - [], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ] + [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) + LIBS="$LIBS -lc89"]) ] ) dnl Checks for libutil functions @@ -469,7 +499,7 @@ AC_TRY_RUN( [ #include <sys/types.h> #include <dirent.h> -int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} +int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ], [AC_MSG_RESULT(yes)], [ @@ -500,7 +530,7 @@ AC_ARG_WITH(skey, [ #include <stdio.h> #include <skey.h> -int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } +int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } ], [AC_MSG_RESULT(yes)], [ @@ -603,7 +633,7 @@ AC_ARG_WITH(tcp-wrappers, dnl Checks for library functions. AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ clock fchmod fchown freeaddrinfo futimes gai_strerror \ - getaddrinfo getcwd getgrouplist getnameinfo getopt \ + getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ getrlimit getrusage getttyent glob inet_aton inet_ntoa \ inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ @@ -613,31 +643,6 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) -if test $ac_cv_func_mmap = yes ; then -AC_MSG_CHECKING([for mmap anon shared]) -AC_TRY_RUN( - [ -#include <sys/types.h> -#include <stdio.h> -#include <sys/mman.h> -#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) -#define MAP_ANON MAP_ANONYMOUS -#endif -main() { char *p; -p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); -if (p == (char *)-1) - exit(1); -exit(0); -} - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_MMAP_ANON_SHARED) - ], - [ AC_MSG_RESULT(no) ] -) -fi - dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ @@ -700,7 +705,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_TRY_RUN( [ #include <stdio.h> -int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} +int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ], [AC_MSG_RESULT(yes)], [ @@ -760,6 +765,12 @@ if test "x$PAM_MSG" = "xyes" ; then ) fi +# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, +# because the system crypt() is more featureful. +if test "x$check_for_libcrypt_before" = "x1"; then + AC_CHECK_LIB(crypt, crypt) +fi + # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" saved_LDFLAGS="$LDFLAGS" @@ -806,6 +817,70 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), ] ) +# Determine OpenSSL header version +AC_MSG_CHECKING([OpenSSL header version]) +AC_TRY_RUN( + [ +#include <stdio.h> +#include <string.h> +#include <openssl/opensslv.h> +#define DATA "conftest.sslincver" +int main(void) { + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) + exit(1); + + exit(0); +} + ], + [ + ssl_header_ver=`cat conftest.sslincver` + AC_MSG_RESULT($ssl_header_ver) + ], + [ + AC_MSG_RESULT(not found) + AC_MSG_ERROR(OpenSSL version header not found.) + ] +) + +# Determine OpenSSL library version +AC_MSG_CHECKING([OpenSSL library version]) +AC_TRY_RUN( + [ +#include <stdio.h> +#include <string.h> +#include <openssl/opensslv.h> +#include <openssl/crypto.h> +#define DATA "conftest.ssllibver" +int main(void) { + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) + exit(1); + + exit(0); +} + ], + [ + ssl_library_ver=`cat conftest.ssllibver` + AC_MSG_RESULT($ssl_library_ver) + ], + [ + AC_MSG_RESULT(not found) + AC_MSG_ERROR(OpenSSL library not found.) + ] +) # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) @@ -813,7 +888,7 @@ AC_TRY_RUN( [ #include <string.h> #include <openssl/opensslv.h> -int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } +int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ], [ AC_MSG_RESULT(yes) @@ -839,7 +914,7 @@ AC_TRY_RUN( [ #include <string.h> #include <openssl/rand.h> -int main(void) { return(RAND_status() == 1 ? 0 : 1); } +int main(void) { exit(RAND_status() == 1 ? 0 : 1); } ], [ OPENSSL_SEEDS_ITSELF=yes @@ -1093,7 +1168,16 @@ fi AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ AC_TRY_COMPILE( - [ #include <sys/types.h> ], + [ +#include <sys/types.h> +#ifdef HAVE_STDINT_H +# include <stdint.h> +#endif +#include <sys/socket.h> +#ifdef HAVE_SYS_BITYPES_H +# include <sys/bitypes.h> +#endif + ], [ int64_t a; a = 1;], [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" ] @@ -1101,33 +1185,6 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ ]) if test "x$ac_cv_have_int64_t" = "xyes" ; then AC_DEFINE(HAVE_INT64_T) - have_int64_t=1 -fi - -if test -z "$have_int64_t" ; then - AC_MSG_CHECKING([for int64_t type in sys/socket.h]) - AC_TRY_COMPILE( - [ #include <sys/socket.h> ], - [ int64_t a; a = 1], - [ - AC_DEFINE(HAVE_INT64_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -if test -z "$have_int64_t" ; then - AC_MSG_CHECKING([for int64_t type in sys/bitypes.h]) - AC_TRY_COMPILE( - [ #include <sys/bitypes.h> ], - [ int64_t a; a = 1], - [ - AC_DEFINE(HAVE_INT64_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) fi AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ @@ -1860,7 +1917,7 @@ LIBS="$LIBS $KLIBS $K5LIBS" PRIVSEP_PATH=/var/empty AC_ARG_WITH(privsep-path, - [ --with-privsep-path=xxx Path for privilege separation chroot ], + [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], [ if test "x$withval" != "$no" ; then PRIVSEP_PATH=$withval @@ -1877,7 +1934,12 @@ AC_ARG_WITH(xauth, fi ], [ - AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin) + TestPath="$PATH" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" + AC_PATH_PROG(xauth_path, xauth, , $TestPath) if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then xauth_path="/usr/openwin/bin/xauth" fi @@ -1931,7 +1993,8 @@ AC_ARG_WITH(mantype, ] ) if test -z "$MANTYPE"; then - AC_PATH_PROGS(NROFF, nroff awf, /bin/false, /usr/bin:/usr/ucb) + TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" + AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath) if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then MANTYPE=doc elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then diff --git a/crypto/openssh/hostfile.c b/crypto/openssh/hostfile.c index cefff8d..36753d4 100644 --- a/crypto/openssh/hostfile.c +++ b/crypto/openssh/hostfile.c @@ -36,7 +36,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.29 2001/12/18 10:04:21 jakob Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.30 2002/07/24 16:11:18 markus Exp $"); +RCSID("$FreeBSD$"); #include "packet.h" #include "match.h" @@ -91,11 +92,14 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i * in the list of our known hosts. Returns HOST_OK if the host is known and * has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED * if the host is known but used to have a different host key. + * + * If no 'key' has been specified and a key of type 'keytype' is known + * for the specified host, then HOST_FOUND is returned. */ -HostStatus -check_host_in_hostfile(const char *filename, const char *host, Key *key, - Key *found, int *numret) +static HostStatus +check_host_in_hostfile_by_key_or_type(const char *filename, + const char *host, Key *key, int keytype, Key *found, int *numret) { FILE *f; char line[8192]; @@ -105,8 +109,7 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key, HostStatus end_return; debug3("check_host_in_hostfile: filename %s", filename); - if (key == NULL) - fatal("no key to look up"); + /* Open the file containing the list of known hosts. */ f = fopen(filename, "r"); if (!f) @@ -147,12 +150,20 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key, */ if (!hostfile_read_key(&cp, &kbits, found)) continue; - if (!hostfile_check_key(kbits, found, host, filename, linenum)) - continue; if (numret != NULL) *numret = linenum; + if (key == NULL) { + /* we found a key of the requested type */ + if (found->type == keytype) + return HOST_FOUND; + continue; + } + + if (!hostfile_check_key(kbits, found, host, filename, linenum)) + continue; + /* Check if the current key is the same as the given key. */ if (key_equal(key, found)) { /* Ok, they match. */ @@ -177,6 +188,24 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key, return end_return; } +HostStatus +check_host_in_hostfile(const char *filename, const char *host, Key *key, + Key *found, int *numret) +{ + if (key == NULL) + fatal("no key to look up"); + return (check_host_in_hostfile_by_key_or_type(filename, host, key, 0, + found, numret)); +} + +int +lookup_key_in_hostfile_by_type(const char *filename, const char *host, + int keytype, Key *found, int *numret) +{ + return (check_host_in_hostfile_by_key_or_type(filename, host, NULL, + keytype, found, numret) == HOST_FOUND); +} + /* * Appends an entry to the host file. Returns false if the entry could not * be appended. diff --git a/crypto/openssh/includes.h b/crypto/openssh/includes.h index a35f4e5..1a98df4 100644 --- a/crypto/openssh/includes.h +++ b/crypto/openssh/includes.h @@ -116,6 +116,9 @@ __RCSID(msg) #ifdef HAVE_SYS_UN_H # include <sys/un.h> /* For sockaddr_un */ #endif +#ifdef HAVE_STDINT_H +# include <stdint.h> +#endif #ifdef HAVE_SYS_BITYPES_H # include <sys/bitypes.h> /* For u_intXX_t */ #endif @@ -147,6 +150,14 @@ __RCSID(msg) # include <readpassphrase.h> #endif +#ifdef HAVE_IA_H +# include <ia.h> +#endif + +#ifdef HAVE_TMPDIR_H +# include <tmpdir.h> +#endif + #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ #include "defines.h" diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index 1c6569c..7359bba 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $"); +RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $"); RCSID("$FreeBSD$"); #include <openssl/evp.h> @@ -172,7 +172,7 @@ key_equal(Key *a, Key *b) return 0; } -static u_char* +static u_char * key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) { const EVP_MD *md = NULL; @@ -228,8 +228,8 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) return retval; } -static char* -key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len) +static char * +key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) { char *retval; int i; @@ -245,8 +245,8 @@ key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len) return retval; } -static char* -key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len) +static char * +key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) { char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', @@ -292,7 +292,7 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len) return retval; } -char* +char * key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) { char *retval = NULL; @@ -495,7 +495,8 @@ key_write(Key *key, FILE *f) { int n, success = 0; u_int len, bits = 0; - u_char *blob, *uu; + u_char *blob; + char *uu; if (key->type == KEY_RSA1 && key->rsa != NULL) { /* size of modulus 'n' */ @@ -730,7 +731,6 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) { Buffer b; int len; - u_char *buf; if (key == NULL) { error("key_to_blob: key == NULL"); @@ -756,14 +756,14 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) return 0; } len = buffer_len(&b); - buf = xmalloc(len); - memcpy(buf, buffer_ptr(&b), len); - memset(buffer_ptr(&b), 0, len); - buffer_free(&b); if (lenp != NULL) *lenp = len; - if (blobp != NULL) - *blobp = buf; + if (blobp != NULL) { + *blobp = xmalloc(len); + memcpy(*blobp, buffer_ptr(&b), len); + } + memset(buffer_ptr(&b), 0, len); + buffer_free(&b); return len; } diff --git a/crypto/openssh/loginrec.c b/crypto/openssh/loginrec.c index dfdf08a..ce2bdab 100644 --- a/crypto/openssh/loginrec.c +++ b/crypto/openssh/loginrec.c @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.40 2002/04/23 13:09:19 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); RCSID("$FreeBSD$"); #ifdef HAVE_UTIL_H @@ -623,13 +623,13 @@ construct_utmp(struct logininfo *li, switch (li->type) { case LTYPE_LOGIN: ut->ut_type = USER_PROCESS; -#ifdef _CRAY +#ifdef _UNICOS cray_set_tmpdir(ut); #endif break; case LTYPE_LOGOUT: ut->ut_type = DEAD_PROCESS; -#ifdef _CRAY +#ifdef _UNICOS cray_retain_utmp(ut, li->pid); #endif break; @@ -1251,7 +1251,7 @@ wtmpx_get_entry(struct logininfo *li) } if (fstat(fd, &st) != 0) { log("wtmpx_get_entry: couldn't stat %s: %s", - WTMP_FILE, strerror(errno)); + WTMPX_FILE, strerror(errno)); close(fd); return 0; } @@ -1273,6 +1273,7 @@ wtmpx_get_entry(struct logininfo *li) /* Logouts are recorded as a blank username on a particular line. * So, we just need to find the username in struct utmpx */ if ( wtmpx_islogin(li, &utx) ) { + found = 1; # ifdef HAVE_TV_IN_UTMPX li->tv_sec = utx.ut_tv.tv_sec; # else diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index 1d929c2..5a597ef 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); RCSID("$FreeBSD$"); #include <openssl/dh.h> @@ -133,6 +133,13 @@ int mm_answer_pam_respond(int, Buffer *); int mm_answer_pam_free_ctx(int, Buffer *); #endif +#ifdef KRB4 +int mm_answer_krb4(int, Buffer *); +#endif +#ifdef KRB5 +int mm_answer_krb5(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -140,8 +147,8 @@ static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ static u_char *key_blob = NULL; static u_int key_bloblen = 0; static int key_blobtype = MM_NOKEY; -static u_char *hostbased_cuser = NULL; -static u_char *hostbased_chost = NULL; +static char *hostbased_cuser = NULL; +static char *hostbased_chost = NULL; static char *auth_method = "unknown"; static int session_id2_len = 0; static u_char *session_id2 = NULL; @@ -220,6 +227,12 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif +#ifdef KRB4 + {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, +#endif +#ifdef KRB5 + {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, +#endif {0, 0, NULL} }; @@ -472,7 +485,7 @@ mm_answer_sign(int socket, Buffer *m) p = buffer_get_string(m, &datlen); if (datlen != 20) - fatal("%s: data length incorrect: %d", __func__, datlen); + fatal("%s: data length incorrect: %u", __func__, datlen); /* save session id, it will be passed on the first call */ if (session_id2_len == 0) { @@ -486,7 +499,7 @@ mm_answer_sign(int socket, Buffer *m) if (key_sign(key, &signature, &siglen, p, datlen) < 0) fatal("%s: key_sign failed", __func__); - debug3("%s: signature %p(%d)", __func__, signature, siglen); + debug3("%s: signature %p(%u)", __func__, signature, siglen); buffer_clear(m); buffer_put_string(m, signature, siglen); @@ -576,7 +589,7 @@ int mm_answer_auth2_read_banner(int socket, Buffer *m) mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m); if (banner != NULL) - free(banner); + xfree(banner); return (0); } @@ -604,7 +617,8 @@ mm_answer_authpassword(int socket, Buffer *m) { static int call_count; char *passwd; - int authenticated, plen; + int authenticated; + u_int plen; passwd = buffer_get_string(m, &plen); /* Only authenticate if the context is valid */ @@ -862,7 +876,8 @@ int mm_answer_keyallowed(int socket, Buffer *m) { Key *key; - u_char *cuser, *chost, *blob; + char *cuser, *chost; + u_char *blob; u_int bloblen; enum mm_keytype type = 0; int allowed = 0; @@ -938,7 +953,7 @@ static int monitor_valid_userblob(u_char *data, u_int datalen) { Buffer b; - u_char *p; + char *p; u_int len; int fail = 0; @@ -991,11 +1006,11 @@ monitor_valid_userblob(u_char *data, u_int datalen) } static int -monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser, - u_char *chost) +monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, + char *chost) { Buffer b; - u_char *p; + char *p; u_int len; int fail = 0; @@ -1388,6 +1403,89 @@ mm_answer_rsa_response(int socket, Buffer *m) return (success); } +#ifdef KRB4 +int +mm_answer_krb4(int socket, Buffer *m) +{ + KTEXT_ST auth, reply; + char *client, *p; + int success; + u_int alen; + + reply.length = auth.length = 0; + + p = buffer_get_string(m, &alen); + if (alen >= MAX_KTXT_LEN) + fatal("%s: auth too large", __func__); + memcpy(auth.dat, p, alen); + auth.length = alen; + memset(p, 0, alen); + xfree(p); + + success = options.kerberos_authentication && + authctxt->valid && + auth_krb4(authctxt, &auth, &client, &reply); + + memset(auth.dat, 0, alen); + buffer_clear(m); + buffer_put_int(m, success); + + if (success) { + buffer_put_cstring(m, client); + buffer_put_string(m, reply.dat, reply.length); + if (client) + xfree(client); + if (reply.length) + memset(reply.dat, 0, reply.length); + } + + debug3("%s: sending result %d", __func__, success); + mm_request_send(socket, MONITOR_ANS_KRB4, m); + + auth_method = "kerberos"; + + /* Causes monitor loop to terminate if authenticated */ + return (success); +} +#endif + +#ifdef KRB5 +int +mm_answer_krb5(int socket, Buffer *m) +{ + krb5_data tkt, reply; + char *client_user; + u_int len; + int success; + + /* use temporary var to avoid size issues on 64bit arch */ + tkt.data = buffer_get_string(m, &len); + tkt.length = len; + + success = options.kerberos_authentication && + authctxt->valid && + auth_krb5(authctxt, &tkt, &client_user, &reply); + + if (tkt.length) + xfree(tkt.data); + + buffer_clear(m); + buffer_put_int(m, success); + + if (success) { + buffer_put_cstring(m, client_user); + buffer_put_string(m, reply.data, reply.length); + if (client_user) + xfree(client_user); + if (reply.length) + xfree(reply.data); + } + mm_request_send(socket, MONITOR_ANS_KRB5, m); + + return success; +} +#endif + int mm_answer_term(int socket, Buffer *req) { @@ -1565,10 +1663,10 @@ mm_get_keystate(struct monitor *pmonitor) void * mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { - int len = size * ncount; + size_t len = size * ncount; void *address; - if (len <= 0) + if (len == 0 || ncount > SIZE_T_MAX / size) fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); address = mm_malloc(mm, len); diff --git a/crypto/openssh/monitor.h b/crypto/openssh/monitor.h index cf3b0bb..5fd6ec2 100644 --- a/crypto/openssh/monitor.h +++ b/crypto/openssh/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.6 2002/06/11 05:46:20 mpech Exp $ */ +/* $OpenBSD: monitor.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */ /* $FreeBSD$ */ /* @@ -50,6 +50,8 @@ enum monitor_reqtype { MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED, MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, + MONITOR_REQ_KRB4, MONITOR_ANS_KRB4, + MONITOR_REQ_KRB5, MONITOR_ANS_KRB5, MONITOR_REQ_PAM_START, MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, diff --git a/crypto/openssh/monitor_wrap.c b/crypto/openssh/monitor_wrap.c index 71ea233..4ca5e49 100644 --- a/crypto/openssh/monitor_wrap.c +++ b/crypto/openssh/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); RCSID("$FreeBSD$"); #include <openssl/bn.h> @@ -63,8 +63,8 @@ extern Buffer input, output; void mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) { - u_char buf[5]; u_int mlen = buffer_len(m); + u_char buf[5]; debug3("%s entering: type %d", __func__, type); @@ -80,8 +80,8 @@ void mm_request_receive(int socket, Buffer *m) { u_char buf[4]; - ssize_t res; u_int msg_len; + ssize_t res; debug3("%s entering", __func__); @@ -208,7 +208,7 @@ mm_getpwnamallow(const char *login) return (pw); } -char* mm_auth2_read_banner(void) +char *mm_auth2_read_banner(void) { Buffer m; char *banner; @@ -412,7 +412,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) enc->key = buffer_get_string(&b, &enc->key_len); enc->iv = buffer_get_string(&b, &len); if (len != enc->block_size) - fatal("%s: bad ivlen: expected %d != %d", __func__, + fatal("%s: bad ivlen: expected %u != %u", __func__, enc->block_size, len); if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) @@ -426,7 +426,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) mac->enabled = buffer_get_int(&b); mac->key = buffer_get_string(&b, &len); if (len > mac->key_len) - fatal("%s: bad mac key length: %d > %d", __func__, len, + fatal("%s: bad mac key length: %u > %d", __func__, len, mac->key_len); mac->key_len = len; @@ -437,7 +437,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) len = buffer_len(&b); if (len != 0) - error("newkeys_from_blob: remaining bytes in blob %d", len); + error("newkeys_from_blob: remaining bytes in blob %u", len); buffer_free(&b); return (newkey); } @@ -447,7 +447,6 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) { Buffer b; int len; - u_char *buf; Enc *enc; Mac *mac; Comp *comp; @@ -485,14 +484,14 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) buffer_put_cstring(&b, comp->name); len = buffer_len(&b); - buf = xmalloc(len); - memcpy(buf, buffer_ptr(&b), len); - memset(buffer_ptr(&b), 0, len); - buffer_free(&b); if (lenp != NULL) *lenp = len; - if (blobp != NULL) - *blobp = buf; + if (blobp != NULL) { + *blobp = xmalloc(len); + memcpy(*blobp, buffer_ptr(&b), len); + } + memset(buffer_ptr(&b), 0, len); + buffer_free(&b); return len; } @@ -601,7 +600,7 @@ int mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) { Buffer m; - u_char *p; + char *p; int success = 0; buffer_init(&m); @@ -788,7 +787,7 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, *name = xstrdup(""); *infotxt = xstrdup(""); *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char*)); + *prompts = xmalloc(*numprompts * sizeof(char *)); *echo_on = xmalloc(*numprompts * sizeof(u_int)); (*echo_on)[0] = 0; } @@ -1022,3 +1021,74 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } + +#ifdef KRB4 +int +mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) +{ + KTEXT auth, reply; + Buffer m; + u_int rlen; + int success = 0; + char *p; + + debug3("%s entering", __func__); + auth = _auth; + reply = _reply; + + buffer_init(&m); + buffer_put_string(&m, auth->dat, auth->length); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); + + success = buffer_get_int(&m); + if (success) { + *client = buffer_get_string(&m, NULL); + p = buffer_get_string(&m, &rlen); + if (rlen >= MAX_KTXT_LEN) + fatal("%s: reply from monitor too large", __func__); + reply->length = rlen; + memcpy(reply->dat, p, rlen); + memset(p, 0, rlen); + xfree(p); + } + buffer_free(&m); + return (success); +} +#endif + +#ifdef KRB5 +int +mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) +{ + krb5_data *tkt, *reply; + Buffer m; + int success; + + debug3("%s entering", __func__); + tkt = (krb5_data *) argp; + reply = (krb5_data *) resp; + + buffer_init(&m); + buffer_put_string(&m, tkt->data, tkt->length); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); + + success = buffer_get_int(&m); + if (success) { + u_int len; + + *userp = buffer_get_string(&m, NULL); + reply->data = buffer_get_string(&m, &len); + reply->length = len; + } else { + memset(reply, 0, sizeof(*reply)); + *userp = NULL; + } + + buffer_free(&m); + return (success); +} +#endif diff --git a/crypto/openssh/monitor_wrap.h b/crypto/openssh/monitor_wrap.h index 0d96e9d..e404be5 100644 --- a/crypto/openssh/monitor_wrap.h +++ b/crypto/openssh/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.5 2002/05/12 23:53:45 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */ /* $FreeBSD$ */ /* @@ -45,7 +45,7 @@ DH *mm_choose_dh(int, int, int); int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); -char* mm_auth2_read_banner(void); +char *mm_auth2_read_banner(void); int mm_auth_password(struct Authctxt *, char *); int mm_key_allowed(enum mm_keytype, char *, char *, Key *); int mm_user_key_allowed(struct passwd *, Key *); @@ -88,6 +88,16 @@ int mm_bsdauth_respond(void *, u_int, char **); int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); int mm_skey_respond(void *, u_int, char **); +/* auth_krb */ +#ifdef KRB4 +int mm_auth_krb4(struct Authctxt *, void *, char **, void *); +#endif +#ifdef KRB5 +/* auth and reply are really krb5_data objects, but we don't want to + * include all of the krb5 headers here */ +int mm_auth_krb5(void *authctxt, void *auth, char **client, void *reply); +#endif + /* zlib allocation hooks */ void *mm_zalloc(struct mm_master *, u_int, u_int); diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index d45df25..716b542 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -202,7 +202,7 @@ add_local_forward(Options *options, u_short port, const char *host, u_short host_port) { Forward *fwd; -#ifndef HAVE_CYGWIN +#ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; if (port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); diff --git a/crypto/openssh/rijndael.c b/crypto/openssh/rijndael.c index 448048e..5786025 100644 --- a/crypto/openssh/rijndael.c +++ b/crypto/openssh/rijndael.c @@ -1,4 +1,5 @@ -/* $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */ +/* $OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */ +/* $FreeBSD$ */ /** * rijndael-alg-fst.c @@ -1226,7 +1227,7 @@ rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt) memset(ctx->dk, 0, sizeof(ctx->dk)); } else { ctx->decrypt = 1; - memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek)); + memcpy(ctx->dk, ctx->ek, sizeof(ctx->dk)); rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr); } } diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index bb19bc2..0aa1101 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $"); RCSID("$FreeBSD$"); #if defined(KRB4) @@ -102,6 +102,7 @@ initialize_server_options(ServerOptions *options) options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; + options->permit_user_env = -1; options->use_login = -1; options->compression = -1; options->allow_tcp_forwarding = -1; @@ -234,6 +235,8 @@ fill_default_server_options(ServerOptions *options) options->challenge_response_authentication = 1; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; + if (options->permit_user_env == -1) + options->permit_user_env = 0; if (options->use_login == -1) options->use_login = 0; if (options->compression == -1) @@ -268,7 +271,7 @@ fill_default_server_options(ServerOptions *options) if (use_privsep == -1) use_privsep = 1; -#if !defined(HAVE_MMAP_ANON_SHARED) +#ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " "separation and compression"); @@ -302,7 +305,7 @@ typedef enum { sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, - sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, @@ -368,6 +371,7 @@ static struct { { "xauthlocation", sXAuthLocation }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, + { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, { "keepalive", sKeepAlives }, @@ -728,6 +732,10 @@ parse_flag: intptr = &options->permit_empty_passwd; goto parse_flag; + case sPermitUserEnvironment: + intptr = &options->permit_user_env; + goto parse_flag; + case sUseLogin: intptr = &options->use_login; goto parse_flag; diff --git a/crypto/openssh/servconf.h b/crypto/openssh/servconf.h index c94f541..ea74f6e 100644 --- a/crypto/openssh/servconf.h +++ b/crypto/openssh/servconf.h @@ -1,4 +1,5 @@ -/* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ +/* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -97,6 +98,7 @@ typedef struct { int challenge_response_authentication; int permit_empty_passwd; /* If false, do not permit empty * passwords. */ + int permit_user_env; /* If true, read ~/.ssh/environment */ int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index 649e4ee..f7fa228 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $"); RCSID("$FreeBSD$"); #include "xmalloc.h" @@ -43,6 +43,7 @@ RCSID("$FreeBSD$"); #include "buffer.h" #include "log.h" #include "servconf.h" +#include "canohost.h" #include "sshpty.h" #include "channels.h" #include "compat.h" @@ -144,7 +145,9 @@ sigchld_handler(int sig) int save_errno = errno; debug("Received SIGCHLD."); child_terminated = 1; +#ifndef _UNICOS mysignal(SIGCHLD, sigchld_handler); +#endif notify_parent(); errno = save_errno; } @@ -348,14 +351,17 @@ process_input(fd_set * readset) if (FD_ISSET(connection_in, readset)) { len = read(connection_in, buf, sizeof(buf)); if (len == 0) { - verbose("Connection closed by remote host."); + verbose("Connection closed by %.100s", + get_remote_ipaddr()); connection_closed = 1; if (compat20) return; fatal_cleanup(); } else if (len < 0) { if (errno != EINTR && errno != EAGAIN) { - verbose("Read error from remote host: %.100s", strerror(errno)); + verbose("Read error from remote host " + "%.100s: %.100s", + get_remote_ipaddr(), strerror(errno)); fatal_cleanup(); } } else { @@ -973,8 +979,11 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if (!options.allow_tcp_forwarding || - no_port_forwarding_flag || - (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) { + no_port_forwarding_flag +#ifndef NO_IPPORT_RESERVED_CONCEPT + || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) +#endif + ) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 87139cf..281dd72 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); +RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); RCSID("$FreeBSD$"); #include "ssh.h" @@ -211,13 +211,6 @@ do_authenticated(Authctxt *authctxt) close(startup_pipe); startup_pipe = -1; } -#ifdef WITH_AIXAUTHENTICATE - /* We don't have a pty yet, so just label the line as "ssh" */ - if (loginsuccess(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh", &aixloginmsg) < 0) - aixloginmsg = NULL; -#endif /* WITH_AIXAUTHENTICATE */ /* setup the channel layer */ if (!no_port_forwarding_flag && options.allow_tcp_forwarding) @@ -471,6 +464,8 @@ do_exec_no_pty(Session *s, const char *command) /* Fork the child. */ if ((pid = fork()) == 0) { + fatal_remove_all_cleanups(); + /* Child. Reinitialize the log since the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -518,10 +513,17 @@ do_exec_no_pty(Session *s, const char *command) perror("dup2 stderr"); #endif /* USE_PIPES */ +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -586,6 +588,7 @@ do_exec_pty(Session *s, const char *command) /* Fork the child. */ if ((pid = fork()) == 0) { + fatal_remove_all_cleanups(); /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -608,8 +611,12 @@ do_exec_pty(Session *s, const char *command) /* record login, etc. similar to login(1) */ #ifndef HAVE_OSF_SIA - if (!(options.use_login && command == NULL)) + if (!(options.use_login && command == NULL)) { +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif /* _UNICOS */ do_login(s, command); + } # ifdef LOGIN_NEEDS_UTMPX else do_pre_login(s); @@ -620,6 +627,9 @@ do_exec_pty(Session *s, const char *command) do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -759,7 +769,8 @@ do_login(Session *s, const char *command) if (aixloginmsg && *aixloginmsg) printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ -#ifndef USE_PAM + +#ifndef NO_SSH_LASTLOG if (options.print_lastlog && s->last_login_time != 0) { time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) @@ -770,7 +781,7 @@ do_login(Session *s, const char *command) printf("Last login: %s from %s\r\n", time_string, s->hostname); } -#endif /* !USE_PAM */ +#endif /* NO_SSH_LASTLOG */ do_motd(); } @@ -1025,13 +1036,13 @@ do_setup_env(Session *s, const char *shell) if (!options.use_login) { while (custom_environment) { struct envstring *ce = custom_environment; - char *s = ce->s; + char *str = ce->s; - for (i = 0; s[i] != '=' && s[i]; i++) + for (i = 0; str[i] != '=' && str[i]; i++) ; - if (s[i] == '=') { - s[i] = 0; - child_set_env(&env, &envsize, s, s + i + 1); + if (str[i] == '=') { + str[i] = 0; + child_set_env(&env, &envsize, str, str + i + 1); } custom_environment = ce->next; xfree(ce->s); @@ -1039,10 +1050,16 @@ do_setup_env(Session *s, const char *shell) } } + /* SSH_CLIENT deprecated */ snprintf(buf, sizeof buf, "%.50s %d %d", get_remote_ipaddr(), get_remote_port(), get_local_port()); child_set_env(&env, &envsize, "SSH_CLIENT", buf); + snprintf(buf, sizeof buf, "%.50s %d %.50s %d", + get_remote_ipaddr(), get_remote_port(), + get_local_ipaddr(packet_get_connection_in()), get_local_port()); + child_set_env(&env, &envsize, "SSH_CONNECTION", buf); + if (s->ttyfd != -1) child_set_env(&env, &envsize, "SSH_TTY", s->tty); if (s->term) @@ -1053,6 +1070,11 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); +#ifdef _UNICOS + if (cray_tmpdir[0] != '\0') + child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); +#endif /* _UNICOS */ + #ifdef _AIX { char *cp; @@ -1075,8 +1097,17 @@ do_setup_env(Session *s, const char *shell) s->authctxt->krb5_ticket_file); #endif #ifdef USE_PAM - /* Pull in any environment variables that may have been set by PAM. */ - copy_environment(fetch_pam_environment(), &env, &envsize); + /* + * Pull in any environment variables that may have + * been set by PAM. + */ + { + char **p; + + p = fetch_pam_environment(); + copy_environment(p, &env, &envsize); + free_pam_environment(p); + } #endif /* USE_PAM */ if (auth_sock_name != NULL) @@ -1084,9 +1115,9 @@ do_setup_env(Session *s, const char *shell) auth_sock_name); /* read $HOME/.ssh/environment. */ - if (!options.use_login) { + if (options.permit_user_env && !options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", - pw->pw_dir); + strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } if (debug_flag) { @@ -1181,6 +1212,8 @@ do_nologin(struct passwd *pw) #endif if (f) { /* /etc/nologin exists. Print its contents and exit. */ + log("User %.100s not allowed because %s exists", + pw->pw_name, _PATH_NOLOGIN); while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); @@ -1192,8 +1225,6 @@ do_nologin(struct passwd *pw) void do_setusercontext(struct passwd *pw) { - char tty='\0'; - #ifdef HAVE_CYGWIN if (is_winnt) { #else /* HAVE_CYGWIN */ @@ -1203,9 +1234,9 @@ do_setusercontext(struct passwd *pw) setpcred(pw->pw_name); #endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP -#ifdef __bsdi__ +# ifdef __bsdi__ setpgid(0, 0); -#endif +# endif if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) { perror("unable to set user context"); @@ -1242,8 +1273,7 @@ do_setusercontext(struct passwd *pw) irix_setusercontext(pw); # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ # ifdef _AIX - /* XXX: Disable tty setting. Enabled if required later */ - aix_usrinfo(pw, &tty, -1); + aix_usrinfo(pw); # endif /* _AIX */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); @@ -1299,6 +1329,10 @@ do_child(Session *s, const char *command) if (options.use_login && command != NULL) options.use_login = 0; +#ifdef _UNICOS + cray_setup(pw->pw_uid, pw->pw_name, command); +#endif /* _UNICOS */ + /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. @@ -1838,6 +1872,27 @@ session_pty_cleanup(void *session) PRIVSEP(session_pty_cleanup2(session)); } +static char * +sig2name(int sig) +{ +#define SSH_SIG(x) if (sig == SIG ## x) return #x + SSH_SIG(ABRT); + SSH_SIG(ALRM); + SSH_SIG(FPE); + SSH_SIG(HUP); + SSH_SIG(ILL); + SSH_SIG(INT); + SSH_SIG(KILL); + SSH_SIG(PIPE); + SSH_SIG(QUIT); + SSH_SIG(SEGV); + SSH_SIG(TERM); + SSH_SIG(USR1); + SSH_SIG(USR2); +#undef SSH_SIG + return "SIG@openssh.com"; +} + static void session_exit_message(Session *s, int status) { @@ -1855,7 +1910,7 @@ session_exit_message(Session *s, int status) packet_send(); } else if (WIFSIGNALED(status)) { channel_request_start(s->chanid, "exit-signal", 0); - packet_put_int(WTERMSIG(status)); + packet_put_cstring(sig2name(WTERMSIG(status))); #ifdef WCOREDUMP packet_put_char(WCOREDUMP(status)); #else /* WCOREDUMP */ diff --git a/crypto/openssh/session.h b/crypto/openssh/session.h index cd1c8c3..249e21c 100644 --- a/crypto/openssh/session.h +++ b/crypto/openssh/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */ +/* $OpenBSD: session.h,v 1.19 2002/06/30 21:59:45 deraadt Exp $ */ /* $FreeBSD$ */ /* @@ -58,7 +58,7 @@ struct Session { void do_authenticated(Authctxt *); -int session_open(Authctxt*, int); +int session_open(Authctxt *, int); int session_input_channel_req(Channel *, const char *); void session_close_by_pid(pid_t, int); void session_close_by_channel(int, void *); diff --git a/crypto/openssh/ssh-add.c b/crypto/openssh/ssh-add.c index 176fd85..dd1591f 100644 --- a/crypto/openssh/ssh-add.c +++ b/crypto/openssh/ssh-add.c @@ -35,7 +35,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.61 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); +RCSID("$FreeBSD$"); #include <openssl/evp.h> @@ -264,7 +265,7 @@ lock_agent(AuthenticationConnection *ac, int lock) fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); memset(p1, 0, strlen(p1)); xfree(p1); - return -1; + return (ret); } static int @@ -290,7 +291,7 @@ usage(void) fprintf(stderr, " -d Delete identity.\n"); fprintf(stderr, " -D Delete all identities.\n"); fprintf(stderr, " -x Lock agent.\n"); - fprintf(stderr, " -x Unlock agent.\n"); + fprintf(stderr, " -X Unlock agent.\n"); fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); #ifdef SMARTCARD fprintf(stderr, " -s reader Add key in smartcard reader.\n"); diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 4ff5b54..d0d4451 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -34,8 +34,8 @@ */ #include "includes.h" -#include "openbsd-compat/fake-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); +#include "openbsd-compat/sys-queue.h" +RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); RCSID("$FreeBSD$"); #include <openssl/evp.h> @@ -108,6 +108,17 @@ char *__progname; #endif static void +close_socket(SocketEntry *e) +{ + close(e->fd); + e->fd = -1; + e->type = AUTH_UNUSED; + buffer_free(&e->input); + buffer_free(&e->output); + buffer_free(&e->request); +} + +static void idtab_init(void) { int i; @@ -618,13 +629,7 @@ process_message(SocketEntry *e) cp = buffer_ptr(&e->input); msg_len = GET_32BIT(cp); if (msg_len > 256 * 1024) { - shutdown(e->fd, SHUT_RDWR); - close(e->fd); - e->fd = -1; - e->type = AUTH_UNUSED; - buffer_free(&e->input); - buffer_free(&e->output); - buffer_free(&e->request); + close_socket(e); return; } if (buffer_len(&e->input) < msg_len + 4) @@ -806,6 +811,8 @@ after_select(fd_set *readset, fd_set *writeset) char buf[1024]; int len, sock; u_int i; + uid_t euid; + gid_t egid; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -821,6 +828,19 @@ after_select(fd_set *readset, fd_set *writeset) strerror(errno)); break; } + if (getpeereid(sock, &euid, &egid) < 0) { + error("getpeereid %d failed: %s", + sock, strerror(errno)); + close(sock); + break; + } + if ((euid != 0) && (getuid() != euid)) { + error("uid mismatch: " + "peer euid %u != uid %u", + (u_int) euid, (u_int) getuid()); + close(sock); + break; + } new_socket(AUTH_CONNECTION, sock); } break; @@ -837,13 +857,7 @@ after_select(fd_set *readset, fd_set *writeset) break; } while (1); if (len <= 0) { - shutdown(sockets[i].fd, SHUT_RDWR); - close(sockets[i].fd); - sockets[i].fd = -1; - sockets[i].type = AUTH_UNUSED; - buffer_free(&sockets[i].input); - buffer_free(&sockets[i].output); - buffer_free(&sockets[i].request); + close_socket(&sockets[i]); break; } buffer_consume(&sockets[i].output, len); @@ -857,13 +871,7 @@ after_select(fd_set *readset, fd_set *writeset) break; } while (1); if (len <= 0) { - shutdown(sockets[i].fd, SHUT_RDWR); - close(sockets[i].fd); - sockets[i].fd = -1; - sockets[i].type = AUTH_UNUSED; - buffer_free(&sockets[i].input); - buffer_free(&sockets[i].output); - buffer_free(&sockets[i].request); + close_socket(&sockets[i]); break; } buffer_append(&sockets[i].input, buf, len); @@ -944,6 +952,10 @@ main(int ac, char **av) pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; + /* drop */ + setegid(getgid()); + setgid(getgid()); + SSLeay_add_all_algorithms(); __progname = get_progname(av[0]); @@ -1053,7 +1065,7 @@ main(int ac, char **av) #ifdef HAVE_CYGWIN umask(prev_mask); #endif - if (listen(sock, 5) < 0) { + if (listen(sock, 128) < 0) { perror("listen"); cleanup_exit(1); } diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c index 333a38e..fb5ca7f 100644 --- a/crypto/openssh/ssh-keyscan.c +++ b/crypto/openssh/ssh-keyscan.c @@ -7,9 +7,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.36 2002/06/16 21:30:58 itojun Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.40 2002/07/06 17:47:58 stevesk Exp $"); +RCSID("$FreeBSD$"); -#include "openbsd-compat/fake-queue.h" +#include "openbsd-compat/sys-queue.h" #include <openssl/bn.h> @@ -116,7 +117,8 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...)) if (!(lb = malloc(sizeof(*lb)))) { if (errfun) - (*errfun) ("linebuf (%s): malloc failed\n", lb->filename); + (*errfun) ("linebuf (%s): malloc failed\n", + filename ? filename : "(stdin)"); return (NULL); } if (filename) { @@ -171,13 +173,14 @@ static char * Linebuf_getline(Linebuf * lb) { int n = 0; + void *p; lb->lineno++; for (;;) { /* Read a line */ if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) { if (ferror(lb->stream) && lb->errfun) - (*lb->errfun) ("%s: %s\n", lb->filename, + (*lb->errfun)("%s: %s\n", lb->filename, strerror(errno)); return (NULL); } @@ -190,17 +193,20 @@ Linebuf_getline(Linebuf * lb) } if (n != lb->size - 1) { if (lb->errfun) - (*lb->errfun) ("%s: skipping incomplete last line\n", + (*lb->errfun)("%s: skipping incomplete last line\n", lb->filename); return (NULL); } /* Double the buffer if we need more space */ - if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) { + lb->size *= 2; + if ((p = realloc(lb->buf, lb->size)) == NULL) { + lb->size /= 2; if (lb->errfun) - (*lb->errfun) ("linebuf (%s): realloc failed\n", + (*lb->errfun)("linebuf (%s): realloc failed\n", lb->filename); return (NULL); } + lb->buf = p; } } @@ -229,6 +235,7 @@ fdlim_set(int lim) #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) struct rlimit rlfd; #endif + if (lim <= 0) return (-1); #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) @@ -411,8 +418,8 @@ tcpconnect(char *host) static int conalloc(char *iname, char *oname, int keytype) { - int s; char *namebase, *name, *namelist; + int s; namebase = namelist = xstrdup(iname); @@ -476,8 +483,8 @@ contouch(int s) static int conrecycle(int s) { - int ret; con *c = &fdcon[s]; + int ret; ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype); confree(s); @@ -487,10 +494,10 @@ conrecycle(int s) static void congreet(int s) { + int remote_major, remote_minor, n = 0; char buf[256], *cp; char remote_version[sizeof buf]; size_t bufsiz; - int remote_major, remote_minor, n = 0; con *c = &fdcon[s]; bufsiz = sizeof(buf); @@ -554,8 +561,8 @@ congreet(int s) static void conread(int s) { - int n; con *c = &fdcon[s]; + int n; if (c->c_status == CS_CON) { congreet(s); @@ -594,10 +601,10 @@ conread(int s) static void conloop(void) { - fd_set *r, *e; struct timeval seltime, now; - int i; + fd_set *r, *e; con *c; + int i; gettimeofday(&now, NULL); c = TAILQ_FIRST(&tq); @@ -664,6 +671,7 @@ void fatal(const char *fmt,...) { va_list args; + va_start(args, fmt); do_log(SYSLOG_LEVEL_FATAL, fmt, args); va_end(args); @@ -676,16 +684,9 @@ fatal(const char *fmt,...) static void usage(void) { - fprintf(stderr, "Usage: %s [options] host ...\n", + fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-f file]\n" + "\t\t [host | addrlist namelist] [...]\n", __progname); - fprintf(stderr, "Options:\n"); - fprintf(stderr, " -f file Read hosts or addresses from file.\n"); - fprintf(stderr, " -p port Connect to the specified port.\n"); - fprintf(stderr, " -t keytype Specify the host key type.\n"); - fprintf(stderr, " -T timeout Set connection timeout.\n"); - fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); - fprintf(stderr, " -4 Use IPv4 only.\n"); - fprintf(stderr, " -6 Use IPv6 only.\n"); exit(1); } @@ -717,9 +718,11 @@ main(int argc, char **argv) } break; case 'T': - timeout = atoi(optarg); - if (timeout <= 0) + timeout = convtime(optarg); + if (timeout == -1 || timeout == 0) { + fprintf(stderr, "Bad timeout '%s'\n", optarg); usage(); + } break; case 'v': if (!debug_flag) { diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 314062a..591e15c 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ +.\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $ .\" $FreeBSD$ .Dd September 25, 1999 .Dt SSH 1 @@ -49,7 +49,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqstvxACNPTX1246 +.Op Fl afgknqstvxACNTX1246 .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char @@ -355,9 +355,17 @@ the connection is opened. The real authentication cookie is never sent to the server machine (and no cookies are sent in the plain). .Pp -If the user is using an authentication agent, the connection to the agent -is automatically forwarded to the remote side unless disabled on -the command line or in a configuration file. +If the +.Cm ForwardAgent +variable is set to +.Dq yes +(or, see the description of the +.Fl A +and +.Fl a +options described later) and +the user is using an authentication agent, the connection to the agent +is automatically forwarded to the remote side. .Pp Forwarding of arbitrary TCP/IP connections over the secure channel can be specified either on the command line or in a configuration file. @@ -396,6 +404,13 @@ Disables forwarding of the authentication agent connection. .It Fl A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. +.Pp +Agent forwarding should be enabled with caution. Users with the +ability to bypass file permissions on the remote host (for the agent's +Unix-domain socket) can access the local agent through the forwarded +connection. An attacker cannot obtain key material from the agent, +however they can perform operations on the keys that enable them to +authenticate using the identities loaded into the agent. .It Fl b Ar bind_address Specify the interface to transmit from on machines with multiple interfaces or aliased addresses. @@ -517,15 +532,6 @@ command-line flag. Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file. -.It Fl P -Use a non-privileged port for outgoing connections. -This can be used if a firewall does -not permit connections from privileged ports. -Note that this option turns off -.Cm RhostsAuthentication -and -.Cm RhostsRSAAuthentication -for older servers. .It Fl q Quiet mode. Causes all warning and diagnostic messages to be suppressed. @@ -561,6 +567,12 @@ Disables X11 forwarding. .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. +.Pp +X11 forwarding should be enabled with caution. Users with the ability +to bypass file permissions on the remote host (for the user's X +authorization database) can access the local X11 display through the +forwarded connection. An attacker may then be able to perform +activities such as keystroke monitoring. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -570,7 +582,7 @@ and the .Dq level can be controlled by the .Cm CompressionLevel -option. +option for protocol version 1. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks. The default value can be set on a host-by-host basis in the @@ -716,11 +728,11 @@ to make this work.) .It Ev SSH_AUTH_SOCK Identifies the path of a unix-domain socket used to communicate with the agent. -.It Ev SSH_CLIENT -Identifies the client end of the connection. +.It Ev SSH_CONNECTION +Identifies the client and server ends of the connection. The variable contains -three space-separated values: client ip-address, client port number, -and server port number. +four space-separated values: client ip-address, client port number, +server ip-address and server port number. .It Ev SSH_ORIGINAL_COMMAND The variable contains the original command line if a forced command is executed. @@ -744,7 +756,12 @@ reads .Pa $HOME/.ssh/environment , and adds lines of the format .Dq VARNAME=value -to the environment. +to the environment if the file exists and if users are allowed to +change their environment. +See the +.Cm PermitUserEnvironment +option in +.Xr sshd_config 5 . .Sh FILES .Bl -tag -width Ds .It Pa $HOME/.ssh/known_hosts diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 64e7c113..37eb251 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.179 2002/06/12 01:09:52 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $"); RCSID("$FreeBSD$"); #include <openssl/evp.h> @@ -147,6 +147,9 @@ int subsystem_flag = 0; /* # of replies received for global requests */ static int client_global_request_id = 0; +/* pid of proxycommand child process */ +pid_t proxy_command_pid = 0; + /* Prints a help message to the user. This function never returns. */ static void @@ -175,7 +178,6 @@ usage(void) fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); fprintf(stderr, " Multiple -v increases verbosity.\n"); fprintf(stderr, " -V Display version number only.\n"); - fprintf(stderr, " -P Don't allocate a privileged port.\n"); fprintf(stderr, " -q Quiet; don't display any warning messages.\n"); fprintf(stderr, " -f Fork into background after authentication.\n"); fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n"); @@ -230,6 +232,15 @@ main(int ac, char **av) */ original_real_uid = getuid(); original_effective_uid = geteuid(); + + /* + * Use uid-swapping to give up root privileges for the duration of + * option processing. We will re-instantiate the rights when we are + * ready to create the privileged port, and will permanently drop + * them when the port has been created (actually, when the connection + * has been made, as we may need to create the port several times). + */ + PRIV_END; #ifdef HAVE_SETRLIMIT /* If we are installed setuid root be careful to not drop core. */ @@ -250,15 +261,6 @@ main(int ac, char **av) pw = pwcopy(pw); /* - * Use uid-swapping to give up root privileges for the duration of - * option processing. We will re-instantiate the rights when we are - * ready to create the privileged port, and will permanently drop - * them when the port has been created (actually, when the connection - * has been made, as we may need to create the port several times). - */ - PRIV_END; - - /* * Set our umask to something reasonable, as some files are created * with the default umask. This will make them world-readable but * writable only by the owner, which is ok for all files for which we @@ -304,7 +306,7 @@ again: case 'g': options.gateway_ports = 1; break; - case 'P': + case 'P': /* deprecated */ options.use_privileged_port = 0; break; case 'a': @@ -553,7 +555,7 @@ again: if (buffer_len(&command) == 0) tty_flag = 1; - /* Force no tty*/ + /* Force no tty */ if (no_tty_flag) tty_flag = 0; /* Do not allocate a tty if stdin is not a tty. */ @@ -655,7 +657,8 @@ again: if (options.rhosts_rsa_authentication || options.hostbased_authentication) { sensitive_data.nkeys = 3; - sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); + sensitive_data.keys = xmalloc(sensitive_data.nkeys * + sizeof(Key)); PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, @@ -666,7 +669,8 @@ again: _PATH_HOST_RSA_KEY_FILE, "", NULL); PRIV_END; - if (sensitive_data.keys[0] == NULL && + if (options.hostbased_authentication == 1 && + sensitive_data.keys[0] == NULL && sensitive_data.keys[1] == NULL && sensitive_data.keys[2] == NULL) { sensitive_data.keys[1] = key_load_public( @@ -739,6 +743,14 @@ again: exit_status = compat20 ? ssh_session2() : ssh_session(); packet_close(); + + /* + * Send SIGHUP to proxy command if used. We don't wait() in + * case it hangs and instead rely on init to reap the child + */ + if (proxy_command_pid > 1) + kill(proxy_command_pid, SIGHUP); + return exit_status; } @@ -750,11 +762,19 @@ x11_get_proto(char **_proto, char **_data) FILE *f; int got_data = 0, i; char *display; + struct stat st; *_proto = proto; *_data = data; proto[0] = data[0] = '\0'; - if (options.xauth_location && (display = getenv("DISPLAY"))) { + if (!options.xauth_location || + (stat(options.xauth_location, &st) == -1)) { + debug("No xauth program."); + } else { + if ((display = getenv("DISPLAY")) == NULL) { + debug("x11_get_proto: DISPLAY not set"); + return; + } /* Try to get Xauthority information for the display. */ if (strncmp(display, "localhost:", 10) == 0) /* @@ -769,7 +789,7 @@ x11_get_proto(char **_proto, char **_data) else snprintf(line, sizeof line, "%s list %.200s 2>" _PATH_DEVNULL, options.xauth_location, display); - debug2("x11_get_proto %s", line); + debug2("x11_get_proto: %s", line); f = popen(line, "r"); if (f && fgets(line, sizeof(line), f) && sscanf(line, "%*s %511s %511s", proto, data) == 2) @@ -788,6 +808,7 @@ x11_get_proto(char **_proto, char **_data) if (!got_data) { u_int32_t rand = 0; + log("Warning: No xauth data; using fake authentication data for X11 forwarding."); strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); for (i = 0; i < 16; i++) { if (i % 4 == 0) @@ -837,11 +858,8 @@ check_agent_present(void) { if (options.forward_agent) { /* Clear agent forwarding if we don\'t have an agent. */ - int authfd = ssh_get_authentication_socket(); - if (authfd < 0) + if (!ssh_agent_present()) options.forward_agent = 0; - else - ssh_close_authentication_socket(authfd); } } diff --git a/crypto/openssh/ssh.h b/crypto/openssh/ssh.h index ea71a56..794af34 100644 --- a/crypto/openssh/ssh.h +++ b/crypto/openssh/ssh.h @@ -61,10 +61,6 @@ */ #define SSH_SERVICE_NAME "ssh" -#if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE) -# define SSHD_PAM_SERVICE __progname -#endif - /* * Name of the environment variable containing the process ID of the * authentication agent. diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index c251f21..6b74a6b 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $ +# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $ # $FreeBSD$ # This is the ssh client system-wide configuration file. See @@ -23,6 +23,7 @@ # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes +# HostbasedAuthentication no # BatchMode no # CheckHostIP no # StrictHostKeyChecking ask diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 85acc6a..52dab57 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $ +.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $ .\" $FreeBSD$ .Dd September 25, 1999 .Dt SSH_CONFIG 5 @@ -51,10 +51,16 @@ .Nm ssh obtains configuration data from the following sources in the following order: -command line options, user's configuration file -.Pq Pa $HOME/.ssh/config , -and system-wide configuration file -.Pq Pa /etc/ssh/ssh_config . +.Bl -enum -offset indent -compact +.It +command-line options +.It +user's configuration file +.Pq Pa $HOME/.ssh/config +.It +system-wide configuration file +.Pq Pa /etc/ssh/ssh_config +.El .Pp For each parameter, the first obtained value will be used. @@ -253,6 +259,13 @@ or .Dq no . The default is .Dq no . +.Pp +Agent forwarding should be enabled with caution. Users with the +ability to bypass file permissions on the remote host (for the agent's +Unix-domain socket) can access the local agent through the forwarded +connection. An attacker cannot obtain key material from the agent, +however they can perform operations on the keys that enable them to +authenticate using the identities loaded into the agent. .It Cm ForwardX11 Specifies whether X11 connections will be automatically redirected over the secure channel and @@ -264,6 +277,12 @@ or .Dq no . The default is .Dq no . +.Pp +X11 forwarding should be enabled with caution. Users with the ability +to bypass file permissions on the remote host (for the user's X +authorization database) can access the local X11 display through the +forwarded connection. An attacker may then be able to perform +activities such as keystroke monitoring. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to local forwarded ports. @@ -493,7 +512,12 @@ or .Dq no . The default is .Dq no . -This option applies to protocol version 1 only. +This option applies to protocol version 1 only and requires +.Nm ssh +to be setuid root and +.Cm UsePrivilegedPort +to be set to +.Dq yes . .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. @@ -568,6 +592,10 @@ or .Dq no . The default is .Dq no . +If set to +.Dq yes +.Nm ssh +must be setuid root. Note that this option must be set to .Dq yes if @@ -588,7 +616,7 @@ host key database instead of Specifies a string to append to the regular version string to identify OS- or site-specific modifications. .It Cm XAuthLocation -Specifies the location of the +Specifies the full pathname of the .Xr xauth 1 program. The default is diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index d96b02d..95f47f1 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $"); RCSID("$FreeBSD$"); #include <openssl/bn.h> @@ -42,21 +42,13 @@ extern Options options; extern char *__progname; extern uid_t original_real_uid; extern uid_t original_effective_uid; +extern pid_t proxy_command_pid; #ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */ #define INET6_ADDRSTRLEN 46 #endif -static const char * -sockaddr_ntop(struct sockaddr *sa, socklen_t salen) -{ - static char addrbuf[NI_MAXHOST]; - - if (getnameinfo(sa, salen, addrbuf, sizeof(addrbuf), NULL, 0, - NI_NUMERICHOST) != 0) - fatal("sockaddr_ntop: getnameinfo NI_NUMERICHOST failed"); - return addrbuf; -} +static int show_other_keys(const char *, Key *); /* * Connect to the given ssh server using a proxy command. @@ -74,9 +66,16 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) /* Convert the port number into a string. */ snprintf(strport, sizeof strport, "%hu", port); - /* Build the final command string in the buffer by making the - appropriate substitutions to the given proxy command. */ + /* + * Build the final command string in the buffer by making the + * appropriate substitutions to the given proxy command. + * + * Use "exec" to avoid "sh -c" processes on some platforms + * (e.g. Solaris) + */ buffer_init(&command); + buffer_append(&command, "exec ", 5); + for (cp = proxy_command; *cp; cp++) { if (cp[0] == '%' && cp[1] == '%') { buffer_append(&command, "%", 1); @@ -144,6 +143,8 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) /* Parent. */ if (pid < 0) fatal("fork failed: %.100s", strerror(errno)); + else + proxy_command_pid = pid; /* save pid to clean up later */ /* Close child side of the descriptors. */ close(pin[0]); @@ -239,7 +240,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, int sock = -1, attempt; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo hints, *ai, *aitop; - struct linger linger; struct servent *sp; /* * Did we get only other errors than "Connection refused" (which @@ -308,9 +308,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, } else { if (errno == ECONNREFUSED) full_failure = 0; - log("ssh: connect to address %s port %s: %s", - sockaddr_ntop(ai->ai_addr, ai->ai_addrlen), - strport, strerror(errno)); + debug("connect to address %s port %s: %s", + ntop, strport, strerror(errno)); /* * Close the failed socket; there appear to * be some problems when reusing a socket for @@ -333,20 +332,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, freeaddrinfo(aitop); /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) + if (attempt >= connection_attempts) { + log("ssh: connect to host %s port %s: %s", + host, strport, strerror(errno)); return full_failure ? ECONNABORTED : ECONNREFUSED; + } debug("Connection established."); - /* - * Set socket options. We would like the socket to disappear as soon - * as it has been closed for whatever reason. - */ - /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger)); - /* Set keepalives if requested. */ if (options.keepalives && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, @@ -477,7 +470,7 @@ confirm(const char *prompt) (p[0] == '\0') || (p[0] == '\n') || strncasecmp(p, "no", 2) == 0) ret = 0; - if (strncasecmp(p, "yes", 3) == 0) + if (p && strncasecmp(p, "yes", 3) == 0) ret = 1; if (p) xfree(p); @@ -504,7 +497,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int salen; char ntop[NI_MAXHOST]; char msg[1024]; - int len, host_line, ip_line; + int len, host_line, ip_line, has_keys; const char *host_file = NULL, *ip_file = NULL; /* @@ -648,14 +641,19 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "have requested strict checking.", type, host); goto fail; } else if (options.strict_host_key_checking == 2) { + has_keys = show_other_keys(host, host_key); /* The default */ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " - "established.\n" + "established%s\n" "%s key fingerprint is %s.\n" "Are you sure you want to continue connecting " - "(yes/no)? ", host, ip, type, fp); + "(yes/no)? ", + host, ip, + has_keys ? ",\nbut keys of different type are already " + "known for this host." : ".", + type, fp); xfree(fp); if (!confirm(msg)) goto fail; @@ -758,6 +756,9 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, * accept the authentication. */ break; + case HOST_FOUND: + fatal("internal error"); + break; } if (options.check_host_ip && host_status != HOST_CHANGED && @@ -869,3 +870,58 @@ ssh_put_password(char *password) memset(padded, 0, size); xfree(padded); } + +static int +show_key_from_file(const char *file, const char *host, int keytype) +{ + Key *found; + char *fp; + int line, ret; + + found = key_new(keytype); + if ((ret = lookup_key_in_hostfile_by_type(file, host, + keytype, found, &line))) { + fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); + log("WARNING: %s key found for host %s\n" + "in %s:%d\n" + "%s key fingerprint %s.", + key_type(found), host, file, line, + key_type(found), fp); + xfree(fp); + } + key_free(found); + return (ret); +} + +/* print all known host keys for a given host, but skip keys of given type */ +static int +show_other_keys(const char *host, Key *key) +{ + int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, -1}; + int i, found = 0; + + for (i = 0; type[i] != -1; i++) { + if (type[i] == key->type) + continue; + if (type[i] != KEY_RSA1 && + show_key_from_file(options.user_hostfile2, host, type[i])) { + found = 1; + continue; + } + if (type[i] != KEY_RSA1 && + show_key_from_file(options.system_hostfile2, host, type[i])) { + found = 1; + continue; + } + if (show_key_from_file(options.user_hostfile, host, type[i])) { + found = 1; + continue; + } + if (show_key_from_file(options.system_hostfile, host, type[i])) { + found = 1; + continue; + } + debug2("no key of type %d for host %s", type[i], host); + } + return (found); +} diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c index e28b7fc..368b412 100644 --- a/crypto/openssh/sshconnect1.c +++ b/crypto/openssh/sshconnect1.c @@ -13,7 +13,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.51 2002/05/23 19:24:30 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.52 2002/08/08 13:50:23 aaron Exp $"); +RCSID("$FreeBSD$"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -254,7 +255,7 @@ try_rsa_authentication(int idx) * load the private key. Try first with empty passphrase; if it * fails, ask for a passphrase. */ - if (public->flags && KEY_FLAG_EXT) + if (public->flags & KEY_FLAG_EXT) private = public; else private = key_load_private_type(KEY_RSA1, authfile, "", NULL); diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index ccef7fc..8fb098b 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $"); RCSID("$FreeBSD$"); #include "ssh.h" @@ -96,10 +96,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); if (options.compression) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none"; } else { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib"; } if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = @@ -423,7 +423,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) clear_auth_state(authctxt); dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL); - /* try another method if we did not send a packet*/ + /* try another method if we did not send a packet */ if (sent == 0) userauth(authctxt, NULL); @@ -948,9 +948,9 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, buffer_init(&b); buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ buffer_put_string(&b, data, datalen); - msg_send(to[1], version, &b); + ssh_msg_send(to[1], version, &b); - if (msg_recv(from[0], &b) < 0) { + if (ssh_msg_recv(from[0], &b) < 0) { error("ssh_keysign: no reply"); buffer_clear(&b); return -1; diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 5c04ae0..32d67f6 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $ .\" $FreeBSD$ .Dd September 25, 1999 .Dt SSHD 8 @@ -204,7 +204,7 @@ The default is refuses to start if there is no configuration file. .It Fl g Ar login_grace_time Gives the grace time for clients to authenticate themselves (default -600 seconds). +120 seconds). If the client fails to authenticate the user within this many seconds, the server disconnects and exits. A value of zero indicates no limit. @@ -350,7 +350,11 @@ Sets up basic environment. .It Reads .Pa $HOME/.ssh/environment -if it exists. +if it exists and users are allowed to change their environment. +See the +.Cm PermitUserEnvironment +option in +.Xr sshd_config 5 . .It Changes to user's home directory. .It @@ -386,9 +390,9 @@ Each RSA public key consists of the following fields, separated by spaces: options, bits, exponent, modulus, comment. Each protocol version 2 public key consists of: options, keytype, base64 encoded key, comment. -The options fields -are optional; its presence is determined by whether the line starts -with a number or not (the option field never starts with a number). +The options field +is optional; its presence is determined by whether the line starts +with a number or not (the options field never starts with a number). The bits, exponent, modulus and comment fields give the RSA key for protocol version 1; the comment field is not used for anything (but may be convenient for the @@ -399,7 +403,7 @@ or .Dq ssh-rsa . .Pp Note that lines in this file are usually several hundred bytes long -(because of the size of the RSA key modulus). +(because of the size of the public key encoding). You don't want to type them in; instead, copy the .Pa identity.pub , .Pa id_dsa.pub @@ -418,7 +422,7 @@ The following option specifications are supported (note that option keywords are case-insensitive): .Bl -tag -width Ds .It Cm from="pattern-list" -Specifies that in addition to RSA authentication, the canonical name +Specifies that in addition to public key authentication, the canonical name of the remote host must be present in the comma-separated list of patterns .Pf ( Ql * @@ -430,7 +434,7 @@ patterns negated by prefixing them with .Ql ! ; if the canonical host name matches a negated pattern, the key is not accepted. The purpose -of this option is to optionally increase security: RSA authentication +of this option is to optionally increase security: public key authentication by itself does not trust the network or name servers or anything (but the key); however, if somebody somehow steals the key, the key permits an intruder to log in from anywhere in the world. @@ -448,7 +452,7 @@ one must not request a pty or should specify .Cm no-pty . A quote may be included in the command by quoting it with a backslash. This option might be useful -to restrict certain RSA keys to perform just a specific operation. +to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP/IP and/or X11 forwarding unless they are explicitly prohibited. @@ -459,6 +463,10 @@ logging in using this key. Environment variables set this way override other default environment values. Multiple options of this type are permitted. +Environment processing is disabled by default and is +controlled via the +.Cm PermitUserEnvironment +option. This option is automatically disabled if .Cm UseLogin is enabled. @@ -579,6 +587,8 @@ These files are created using .Xr ssh-keygen 1 . .It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +The file format is described in +.Xr moduli 5 . .It Pa /var/empty .Xr chroot 2 directory used by @@ -699,6 +709,10 @@ It can only contain empty lines, comment lines (that start with and assignment lines of the form name=value. The file should be writable only by the user; it need not be readable by anyone else. +Environment processing is disabled by default and is +controlled via the +.Cm PermitUserEnvironment +option. .It Pa $HOME/.ssh/rc If this file exists, it is run with .Pa /bin/sh @@ -726,12 +740,12 @@ something similar to: if read proto cookie && [ -n "$DISPLAY" ]; then if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then # X11UseLocalhost=yes - xauth add unix:`echo $DISPLAY | + echo add unix:`echo $DISPLAY | cut -c11-` $proto $cookie else # X11UseLocalhost=no - xauth add $DISPLAY $proto $cookie - fi + echo add $DISPLAY $proto $cookie + fi | xauth -q - fi .Ed .Pp diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index a181878..4a8e4cc 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); RCSID("$FreeBSD$"); #include <openssl/dh.h> @@ -304,11 +304,8 @@ grace_alarm_handler(int sig) { /* XXX no idea how fix this signal handler */ - /* Close the connection. */ - packet_close(); - /* Log error and exit. */ - fatal("Timeout before authentication for %s.", get_remote_ipaddr()); + fatal("Timeout before authentication for %s", get_remote_ipaddr()); } /* @@ -321,7 +318,7 @@ grace_alarm_handler(int sig) static void generate_ephemeral_server_key(void) { - u_int32_t rand = 0; + u_int32_t rnd = 0; int i; verbose("Generating %s%d bit RSA key.", @@ -334,9 +331,9 @@ generate_ephemeral_server_key(void) for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { if (i % 4 == 0) - rand = arc4random(); - sensitive_data.ssh1_cookie[i] = rand & 0xff; - rand >>= 8; + rnd = arc4random(); + sensitive_data.ssh1_cookie[i] = rnd & 0xff; + rnd >>= 8; } arc4random_stir(); } @@ -428,6 +425,12 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); + if (datafellows & SSH_BUG_PROBE) { + log("probed from %s with %s. Don't panic.", + get_remote_ipaddr(), client_version_string); + fatal_cleanup(); + } + if (datafellows & SSH_BUG_SCANNER) { log("scanned from %s with %s. Don't panic.", get_remote_ipaddr(), client_version_string); @@ -530,8 +533,8 @@ demote_sensitive_data(void) static void privsep_preauth_child(void) { - u_int32_t rand[256]; - gid_t gidset[2]; + u_int32_t rnd[256]; + gid_t gidset[1]; struct passwd *pw; int i; @@ -539,8 +542,8 @@ privsep_preauth_child(void) privsep_challenge_enable(); for (i = 0; i < 256; i++) - rand[i] = arc4random(); - RAND_seed(rand, sizeof(rand)); + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -551,7 +554,7 @@ privsep_preauth_child(void) memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); endpwent(); - /* Change our root directory*/ + /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); @@ -574,7 +577,7 @@ privsep_preauth_child(void) #endif } -static Authctxt* +static Authctxt * privsep_preauth(void) { Authctxt *authctxt = NULL; @@ -590,6 +593,8 @@ privsep_preauth(void) if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { + fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); + debug2("Network child is on pid %ld", (long)pid); close(pmonitor->m_recvfd); @@ -603,6 +608,10 @@ privsep_preauth(void) while (waitpid(pid, &status, 0) < 0) if (errno != EINTR) break; + + /* Reinstall, since the child has finished */ + fatal_add_cleanup((void (*) (void *)) packet_close, NULL); + return (authctxt); } else { /* child */ @@ -625,7 +634,7 @@ privsep_postauth(Authctxt *authctxt) /* XXX - Remote port forwarding */ x_authctxt = authctxt; -#ifdef BROKEN_FD_PASSING +#ifdef DISABLE_FD_PASSING if (1) { #else if (authctxt->pw->pw_uid == 0 || options.use_login) { @@ -650,6 +659,8 @@ privsep_postauth(Authctxt *authctxt) if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { + fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); + debug2("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); monitor_child_postauth(pmonitor); @@ -802,7 +813,6 @@ main(int ac, char **av) const char *remote_ip; int remote_port; FILE *f; - struct linger linger; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; int listen_sock, maxfd; @@ -907,6 +917,10 @@ main(int ac, char **av) break; case 'u': utmp_len = atoi(optarg); + if (utmp_len > MAXHOSTNAMELEN) { + fprintf(stderr, "Invalid utmp length.\n"); + exit(1); + } break; case 'o': if (process_server_config_line(&options, optarg, @@ -933,7 +947,7 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, !inetd_flag); -#ifdef _CRAY +#ifdef _UNICOS /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems! */ @@ -957,7 +971,8 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_VERSION); /* load private host keys */ - sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*)); + sensitive_data.host_keys = xmalloc(options.num_host_key_files * + sizeof(Key *)); for (i = 0; i < options.num_host_key_files; i++) sensitive_data.host_keys[i] = NULL; sensitive_data.server_key = NULL; @@ -1036,7 +1051,14 @@ main(int ac, char **av) (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); + +#ifdef HAVE_CYGWIN + if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && + (st.st_uid != getuid () || + (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) +#else if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) +#endif fatal("Bad owner or mode for %s", _PATH_PRIVSEP_CHROOT_DIR); } @@ -1136,17 +1158,12 @@ main(int ac, char **av) continue; } /* - * Set socket options. We try to make the port - * reusable and have it close as fast as possible - * without waiting in unnecessary wait states on - * close. + * Set socket options. + * Allow local port reuse in TIME_WAIT. */ - setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, - &on, sizeof(on)); - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, - &linger, sizeof(linger)); + if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, + &on, sizeof(on)) == -1) + error("setsockopt SO_REUSEADDR: %s", strerror(errno)); debug("Bind to port %s on %s.", strport, ntop); @@ -1395,16 +1412,6 @@ main(int ac, char **av) signal(SIGCHLD, SIG_DFL); signal(SIGINT, SIG_DFL); - /* - * Set socket options for the connection. We want the socket to - * close as fast as possible without waiting for anything. If the - * connection is not a socket, these will do nothing. - */ - /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); - /* Set keepalives if requested. */ if (options.keepalives && setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, @@ -1592,7 +1599,7 @@ do_ssh1_kex(void) u_char session_key[SSH_SESSION_KEY_LENGTH]; u_char cookie[8]; u_int cipher_type, auth_mask, protocol_flags; - u_int32_t rand = 0; + u_int32_t rnd = 0; /* * Generate check bytes that the client must send back in the user @@ -1605,9 +1612,9 @@ do_ssh1_kex(void) */ for (i = 0; i < 8; i++) { if (i % 4 == 0) - rand = arc4random(); - cookie[i] = rand & 0xff; - rand >>= 8; + rnd = arc4random(); + cookie[i] = rnd & 0xff; + rnd >>= 8; } /* diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index f01c854..0a45865 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ +# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ # $FreeBSD$ # This is the sshd server system-wide configuration file. See @@ -82,6 +82,7 @@ #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes +#PermitUserEnvironment no #Compression yes #MaxStartups 10 diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 5507bd6..33b66aa 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $ .\" $FreeBSD$ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 @@ -378,7 +378,7 @@ options must precede this option for non port qualified addresses. The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. -The default is 120 (seconds). +The default is 120 seconds. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Nm sshd . @@ -464,6 +464,20 @@ for root. If this option is set to .Dq no root is not allowed to login. +.It Cm PermitUserEnvironment +Specifies whether +.Pa ~/.ssh/environment +and +.Cm environment= +options in +.Pa ~/.ssh/authorized_keys +are processed by +.Nm sshd . +The default is +.Dq no . +Enabling environment processing may enable users to bypass access +restrictions in some configurations using mechanisms such as +.Ev LD_PRELOAD . .It Cm PidFile Specifies the file that contains the process ID of the .Nm sshd @@ -498,7 +512,7 @@ The default is .It Cm Protocol Specifies the protocol versions .Nm sshd -should support. +supports. The possible values are .Dq 1 and @@ -506,6 +520,13 @@ and Multiple versions must be comma-separated. The default is .Dq 2,1 . +Note that the order of the protocol list does not indicate preference, +because the client selects among multiple protocol versions offered +by the server. +Specifying +.Dq 2,1 +is identical to +.Dq 1,2 . .It Cm PubkeyAuthentication Specifies whether public key authentication is allowed. The default is @@ -616,10 +637,35 @@ from interfering with real X11 servers. The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. +The argument must be +.Dq yes +or +.Dq no . The default is .Dq no . -Note that disabling X11 forwarding does not improve security in any -way, as users can always install their own forwarders. +.Pp +When X11 forwarding is enabled, there may be additional exposure to +the server and to client displays if the +.Nm sshd +proxy display is configured to listen on the wildcard address (see +.Cm X11UseLocalhost +below), however this is not the default. +Additionally, the authentication spoofing and authentication data +verification and substitution occur on the client side. +The security risk of using X11 forwarding is that the client's X11 +display server may be exposed to attack when the ssh client requests +forwarding (see the warnings for +.Cm ForwardX11 +in +.Xr ssh_config 5 ). +A system administrator may have a stance in which they want to +protect clients that may expose themselves to attack by unwittingly +requesting X11 forwarding, which can warrant a +.Dq no +setting. +.Pp +Note that disabling X11 forwarding does not prevent users from +forwarding X11 traffic, as users can always install their own forwarders. X11 forwarding is automatically disabled if .Cm UseLogin is enabled. @@ -634,7 +680,7 @@ hostname part of the .Ev DISPLAY environment variable to .Dq localhost . -This prevents remote hosts from connecting to the fake display. +This prevents remote hosts from connecting to the proxy display. However, some older X11 clients may not function with this configuration. .Cm X11UseLocalhost @@ -649,7 +695,7 @@ or The default is .Dq yes . .It Cm XAuthLocation -Specifies the location of the +Specifies the full pathname of the .Xr xauth 1 program. The default is @@ -661,7 +707,7 @@ The default is command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: .Sm off -.Ar time Oo Ar qualifier Oc , +.Ar time Op Ar qualifier , .Sm on where .Ar time diff --git a/crypto/openssh/sshlogin.c b/crypto/openssh/sshlogin.c index 4549a2a..6aeaa05 100644 --- a/crypto/openssh/sshlogin.c +++ b/crypto/openssh/sshlogin.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$OpenBSD: sshlogin.c,v 1.5 2002/08/29 15:57:25 stevesk Exp $"); RCSID("$FreeBSD$"); #include "loginrec.h" diff --git a/crypto/openssh/sshlogin.h b/crypto/openssh/sshlogin.h index 9f0d5f0..2bf9e0d 100644 --- a/crypto/openssh/sshlogin.h +++ b/crypto/openssh/sshlogin.h @@ -1,5 +1,5 @@ -/* $OpenBSD: sshlogin.h,v 1.3 2001/06/26 17:27:25 markus Exp $ */ -/* $FreeBSD$ */ +/* $OpenBSD: sshlogin.h,v 1.4 2002/08/29 15:57:25 stevesk Exp $ */ +/* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> diff --git a/crypto/openssh/sshpty.c b/crypto/openssh/sshpty.c index 14a01b7..dad1b16 100644 --- a/crypto/openssh/sshpty.c +++ b/crypto/openssh/sshpty.c @@ -163,7 +163,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) } return 1; #else /* HAVE_DEV_PTS_AND_PTC */ -#ifdef _CRAY +#ifdef _UNICOS char buf[64]; int i; int highpty; @@ -269,7 +269,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) void *old; #endif /* USE_VHANGUP */ -#ifdef _CRAY +#ifdef _UNICOS if (setsid() < 0) error("setsid: %.100s", strerror(errno)); @@ -291,7 +291,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) error("%.100s: %.100s", ttyname, strerror(errno)); close(*ttyfd); *ttyfd = fd; -#else /* _CRAY */ +#else /* _UNICOS */ /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY @@ -346,7 +346,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) strerror(errno)); else close(fd); -#endif /* _CRAY */ +#endif /* _UNICOS */ } /* Changes the window size associated with the pty. */ diff --git a/crypto/openssh/version.c b/crypto/openssh/version.c index 392f5ea..a661439 100644 --- a/crypto/openssh/version.c +++ b/crypto/openssh/version.c @@ -23,13 +23,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * + * $FreeBSD$ */ #include "includes.h" #include "version.h" #include "xmalloc.h" -RCSID("$FreeBSD$"); static char *version = NULL; diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 138ebf2..2136a00 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,11 +1,11 @@ -/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */ +/* $OpenBSD: version.h,v 1.35 2002/10/01 13:24:50 markus Exp $ */ /* $FreeBSD$ */ #ifndef SSH_VERSION #define SSH_VERSION (ssh_version_get()) -#define SSH_VERSION_BASE "OpenSSH_3.4p1" -#define SSH_VERSION_ADDENDUM "FreeBSD-20020702" +#define SSH_VERSION_BASE "OpenSSH_3.5p1" +#define SSH_VERSION_ADDENDUM "FreeBSD-20021029" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); |
