diff options
author | des <des@FreeBSD.org> | 2012-09-03 16:51:41 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2012-09-03 16:51:41 +0000 |
commit | 00f3582ac62b9883e85e2cb420c3d9f5d9028188 (patch) | |
tree | eafe8a40bcffb53c6bb88d75ac823cdc99ac92fe /crypto/openssh | |
parent | d00fafff0e6a902c30e2a606c69d740558908f1d (diff) | |
download | FreeBSD-src-00f3582ac62b9883e85e2cb420c3d9f5d9028188.zip FreeBSD-src-00f3582ac62b9883e85e2cb420c3d9f5d9028188.tar.gz |
Upgrade OpenSSH to 6.1p1.
Diffstat (limited to 'crypto/openssh')
95 files changed, 2649 insertions, 1090 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index ee6460d..f8e6008 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,629 @@ +20120828 + - (djm) Release openssh-6.1 + +20120828 + - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN + for compatibility with future mingw-w64 headers. Patch from vinschen at + redhat com. + +20120822 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update version numbers + +20120731 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2012/07/06 06:38:03 + [ssh-keygen.c] + missing full stop in usage(); + - djm@cvs.openbsd.org 2012/07/10 02:19:15 + [servconf.c servconf.h sshd.c sshd_config] + Turn on systrace sandboxing of pre-auth sshd by default for new installs + by shipping a config that overrides the current UsePrivilegeSeparation=yes + default. Make it easier to flip the default in the future by adding too. + prodded markus@ feedback dtucker@ "get it in" deraadt@ + - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 + [servconf.c] + handle long comments in config files better. bz#2025, ok markus + - markus@cvs.openbsd.org 2012/07/22 18:19:21 + [version.h] + openssh 6.1 + +20120720 + - (dtucker) Import regened moduli file. + +20120706 + - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is + not available. Allows use of sshd compiled on host with a filter-capable + kernel on hosts that lack the support. bz#2011 ok dtucker@ + - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no + unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT + esperi.org.uk; ok dtucker@ +- (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add options to specify starting line number and number of lines to process + when screening moduli candidates. This allows processing of different + parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ + - djm@cvs.openbsd.org 2012/07/06 01:37:21 + [mux.c] + fix memory leak of passed-in environment variables and connection + context when new session message is malformed; bz#2003 from Bert.Wesarg + AT googlemail.com + - djm@cvs.openbsd.org 2012/07/06 01:47:38 + [ssh.c] + move setting of tty_flag to after config parsing so RequestTTY options + are correctly picked up. bz#1995 patch from przemoc AT gmail.com; + ok dtucker@ + +20120704 + - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for + platforms that don't have it. "looks good" tim@ + +20120703 + - (dtucker) [configure.ac] Detect platforms that can't use select(2) with + setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. + - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not + setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its + benefit is minor, so it's not worth disabling the sandbox if it doesn't + work. + +20120702 +- (dtucker) OpenBSD CVS Sync + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; + ok dtucker@ + - markus@cvs.openbsd.org 2012/06/30 14:35:09 + [sandbox-systrace.c sshd.c] + fix a during the load of the sandbox policies (child can still make + the read-syscall and wait forever for systrace-answers) by replacing + the read/write synchronisation with SIGSTOP/SIGCONT; + report and help hshoexer@; ok djm@, dtucker@ + - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 + [ssh.c] + set interactive ToS for forwarded X11 sessions. ok djm@ + - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 + [ssh-pkcs11-helper.c sftp-client.c] + fix a couple of "assigned but not used" warnings. ok markus@ + - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 + [regress/connect-privsep.sh] + remove exit from end of test since it prevents reporting failure + - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] + Move cygwin detection to test-exec and use to skip reexec test on cygwin. + - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. + +20120629 + - OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 + [addrmatch.c] + fix strlcpy truncation check. from carsten at debian org, ok markus + - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 + [monitor.c sshconnect2.c] + remove dead code following 'for (;;)' loops. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 + [sftp.c] + Remove unused variable leftover from tab-completion changes. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 + [sandbox-systrace.c] + Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation + sandbox" since malloc now uses it. From johnw.mail at gmail com. + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [mac.c myproposal.h ssh_config.5 sshd_config.5] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; ok dtucker@ + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [regress/addrmatch.sh] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - djm@cvs.openbsd.org 2012/06/01 00:47:35 + [regress/multiplex.sh regress/forwarding.sh] + append to rather than truncate test log; bz#2013 from openssh AT + roumenpetrov.info + - djm@cvs.openbsd.org 2012/06/01 00:52:52 + [regress/sftp-cmds.sh] + don't delete .* on cleanup due to unintended env expansion; pointed out in + bz#2014 by openssh AT roumenpetrov.info + - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 + [regress/connect-privsep.sh] + test sandbox with every malloc option + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [regress/try-ciphers.sh regress/cipher-speed.sh] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. + - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have + the required functions in libcrypto. + +20120628 + - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null + pointer deref in the client when built with LDNS and using DNSSEC with a + CNAME. Patch from gregdlg+mr at hochet info. + +20120622 + - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as + can logon as a service. Patch from vinschen at redhat com. + +20120620 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/12/02 00:41:56 + [mux.c] + fix bz#1948: ssh -f doesn't fork for multiplexed connection. + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/04 23:16:12 + [mux.c] + revert: + > revision 1.32 + > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 + > fix bz#1948: ssh -f doesn't fork for multiplexed connection. + > ok dtucker@ + it interacts badly with ControlPersist + - djm@cvs.openbsd.org 2012/01/07 21:11:36 + [mux.c] + fix double-free in new session handler + NB. Id sync only + - djm@cvs.openbsd.org 2012/05/23 03:28:28 + [dns.c dns.h key.c key.h ssh-keygen.c] + add support for RFC6594 SSHFP DNS records for ECDSA key types. + patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ + - djm@cvs.openbsd.org 2012/06/01 00:49:35 + [PROTOCOL.mux] + correct types of port numbers (integers, not strings); bz#2004 from + bert.wesarg AT googlemail.com + - djm@cvs.openbsd.org 2012/06/01 01:01:22 + [mux.c] + fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg + AT googlemail.com + - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 + [jpake.c] + correct sizeof usage. patch from saw at online.de, ok deraadt + - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 + [ssh_config.5] + RSA instead of DSA twice. From Steve.McClellan at radisys com + - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 + [ssh.1 sshd.8] + Remove mention of 'three' key files since there are now four. From + Steve.McClellan at radisys com. + - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 + [ssh.1] + Clarify description of -W. Noted by Steve.McClellan at radisys com, + ok jmc + - markus@cvs.openbsd.org 2012/06/19 18:25:28 + [servconf.c servconf.h sshd_config.5] + sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} + this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' + ok djm@ (back in March) + - jmc@cvs.openbsd.org 2012/06/19 21:35:54 + [sshd_config.5] + tweak previous; ok markus + - djm@cvs.openbsd.org 2012/06/20 04:42:58 + [clientloop.c serverloop.c] + initialise accept() backoff timer to avoid EINVAL from select(2) in + rekeying + +20120519 + - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch + from cjwatson at debian org. + - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find + pkg-config so it does the right thing when cross-compiling. Patch from + cjwatson at debian org. +- (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 + [sshd_config.5] + Document PermitOpen none. bz#2001, patch from Loganaden Velvindron + +20120504 + - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> + to fix building on some plaforms. Fom bowman at math utah edu and + des at des no. + +20120427 + - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 + platform rather than exiting early, so that we still clean up and return + success or failure to test-exec.sh + +20120426 + - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters + via Niels + - (djm) [auth-krb5.c] Save errno across calls that might modify it; + ok dtucker@ + +20120423 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/04/23 08:18:17 + [channels.c] + fix function proto/source mismatch + +20120422 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/02/29 11:21:26 + [ssh-keygen.c] + allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ + - guenther@cvs.openbsd.org 2012/03/15 03:10:27 + [session.c] + root should always be excluded from the test for /etc/nologin instead + of having it always enforced even when marked as ignorenologin. This + regressed when the logic was incompletely flipped around in rev 1.251 + ok halex@ millert@ + - djm@cvs.openbsd.org 2012/03/28 07:23:22 + [PROTOCOL.certkeys] + explain certificate extensions/crit split rationale. Mention requirement + that each appear at most once per cert. + - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 + [channels.c channels.h servconf.c] + Add PermitOpen none option based on patch from Loganaden Velvindron + (bz #1949). ok djm@ + - djm@cvs.openbsd.org 2012/04/11 13:16:19 + [channels.c channels.h clientloop.c serverloop.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:17:54 + [auth.c] + Support "none" as an argument for AuthorizedPrincipalsFile to indicate + no file should be read. + - djm@cvs.openbsd.org 2012/04/11 13:26:40 + [sshd.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:34:17 + [ssh-keyscan.1 ssh-keyscan.c] + now that sshd defaults to offering ECDSA keys, ssh-keyscan should also + look for them by default; bz#1971 + - djm@cvs.openbsd.org 2012/04/12 02:42:32 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + VersionAddendum option to allow server operators to append some arbitrary + text to the SSH-... banner; ok deraadt@ "don't care" markus@ + - djm@cvs.openbsd.org 2012/04/12 02:43:55 + [sshd_config sshd_config.5] + mention AuthorizedPrincipalsFile=none default + - djm@cvs.openbsd.org 2012/04/20 03:24:23 + [sftp.c] + setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) + - jmc@cvs.openbsd.org 2012/04/20 16:26:22 + [ssh.1] + use "brackets" instead of "braces", for consistency; + +20120420 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update for release 6.0 + - (djm) [README] Update URL to release notes. + - (djm) Release openssh-6.0 + +20120419 + - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil + contains openpty() but not login() + +20120404 + - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox + mode for Linux's new seccomp filter; patch from Will Drewry; feedback + and ok dtucker@ + +20120330 + - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING + file from spec file. From crighter at nuclioss com. + - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running + openssh binaries on a newer fix release than they were compiled on. + with and ok dtucker@ + - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect + assumptions when building on Cygwin; patch from Corinna Vinschen + +20120309 + - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux + systems where sshd is run in te wrong context. Patch from Sven + Vermeulen; ok dtucker@ + - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 + addressed connections. ok dtucker@ + +20120224 + - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM + audit breakage in Solaris 11. Patch from Magnus Johansson. + +20120215 + - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for + unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c + ok dtucker@ + - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so + it actually works. + - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote + to work. Spotted by Angel Gonzalez + +20120214 + - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of + preserved Cygwin environment variables; from Corinna Vinschen + +20120211 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/01/05 00:16:56 + [monitor.c] + memleak on error path + - djm@cvs.openbsd.org 2012/01/07 21:11:36 + [mux.c] + fix double-free in new session handler + - miod@cvs.openbsd.org 2012/01/08 13:17:11 + [ssh-ecdsa.c] + Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, + ok markus@ + - miod@cvs.openbsd.org 2012/01/16 20:34:09 + [ssh-pkcs11-client.c] + Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. + While there, be sure to buffer_clear() between send_msg() and recv_msg(). + ok markus@ + - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 + [clientloop.c] + Ensure that $DISPLAY contains only valid characters before using it to + extract xauth data so that it can't be used to play local shell + metacharacter games. Report from r00t_ati at ihteam.net, ok markus. + - markus@cvs.openbsd.org 2012/01/25 19:26:43 + [packet.c] + do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; + ok dtucker@, djm@ + - markus@cvs.openbsd.org 2012/01/25 19:36:31 + [authfile.c] + memleak in key_load_file(); from Jan Klemkow + - markus@cvs.openbsd.org 2012/01/25 19:40:09 + [packet.c packet.h] + packet_read_poll() is not used anymore. + - markus@cvs.openbsd.org 2012/02/09 20:00:18 + [version.h] + move from 6.0-beta to 6.0 + +20120206 + - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms + that don't support ECC. Patch from Phil Oleson + +20111219 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/12/02 00:41:56 + [mux.c] + fix bz#1948: ssh -f doesn't fork for multiplexed connection. + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/02 00:43:57 + [mac.c] + fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before + HMAC_init (this change in policy seems insane to me) + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/04 23:16:12 + [mux.c] + revert: + > revision 1.32 + > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 + > fix bz#1948: ssh -f doesn't fork for multiplexed connection. + > ok dtucker@ + it interacts badly with ControlPersist + - djm@cvs.openbsd.org 2011/12/07 05:44:38 + [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] + fix some harmless and/or unreachable int overflows; + reported Xi Wang, ok markus@ + +20111125 + - OpenBSD CVS Sync + - oga@cvs.openbsd.org 2011/11/16 12:24:28 + [sftp.c] + Don't leak list in complete_cmd_parse if there are no commands found. + Discovered when I was ``borrowing'' this code for something else. + ok djm@ + +20111121 + - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ + +20111104 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/10/18 05:15:28 + [ssh.c] + ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ + - djm@cvs.openbsd.org 2011/10/18 23:37:42 + [ssh-add.c] + add -k to usage(); reminded by jmc@ + - djm@cvs.openbsd.org 2011/10/19 00:06:10 + [moduli.c] + s/tmpfile/tmp/ to make this -Wshadow clean + - djm@cvs.openbsd.org 2011/10/19 10:39:48 + [umac.c] + typo in comment; patch from Michael W. Bombardieri + - djm@cvs.openbsd.org 2011/10/24 02:10:46 + [ssh.c] + bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh + was incorrectly requesting the forward in both the control master and + slave. skip requesting it in the master to fix. ok markus@ + - djm@cvs.openbsd.org 2011/10/24 02:13:13 + [session.c] + bz#1859: send tty break to pty master instead of (probably already + closed) slave side; "looks good" markus@ + - dtucker@cvs.openbsd.org 011/11/04 00:09:39 + [moduli] + regenerated moduli file; ok deraadt + - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in + openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] + bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library + which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) + with some rework from myself and djm. ok djm. + +20111025 + - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file + fails. Patch from Corinna Vinschen. + +20111018 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/10/04 14:17:32 + [sftp-glob.c] + silence error spam for "ls */foo" in directory with files; bz#1683 + - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add optional checkpoints for moduli screening. feedback & ok deraadt + - jmc@cvs.openbsd.org 2011/10/16 15:02:41 + [ssh-keygen.c] + put -K in the right place (usage()); + - stsp@cvs.openbsd.org 2011/10/16 15:51:39 + [moduli.c] + add missing includes to unbreak tree; fix from rpointel + - djm@cvs.openbsd.org 2011/10/18 04:58:26 + [auth-options.c key.c] + remove explict search for \0 in packet strings, this job is now done + implicitly by buffer_get_cstring; ok markus + - djm@cvs.openbsd.org 2011/10/18 05:00:48 + [ssh-add.1 ssh-add.c] + new "ssh-add -k" option to load plain keys (skipping certificates); + "looks ok" markus@ + +20111001 + - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 + [channels.c auth-options.c servconf.c channels.h sshd.8] + Add wildcard support to PermitOpen, allowing things like "PermitOpen + localhost:*". bz #1857, ok djm markus. + - markus@cvs.openbsd.org 2011/09/23 07:45:05 + [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c + version.h] + unbreak remote portforwarding with dynamic allocated listen ports: + 1) send the actual listen port in the open message (instead of 0). + this allows multiple forwardings with a dynamic listen port + 2) update the matching permit-open entry, so we can identify where + to connect to + report: den at skbkontur.ru and P. Szczygielski + feedback and ok djm@ + - djm@cvs.openbsd.org 2011/09/25 05:44:47 + [auth2-pubkey.c] + improve the AuthorizedPrincipalsFile debug log message to include + file and line number + - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 + [sshd.c] + don't attempt privsep cleanup when not using privsep; ok markus@ + - djm@cvs.openbsd.org 2011/09/30 21:22:49 + [sshd.c] + fix inverted test that caused logspam; spotted by henning@ + +20110929 + - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch + from des AT des.no + - (dtucker) [configure.ac openbsd-compat/Makefile.in + openbsd-compat/strnlen.c] Add strnlen to the compat library. + +20110923 + - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no + longer want to sync this file (OpenBSD uses a __getcwd syscall now, we + want this longhand version) + - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the + upstream version is YPified and we don't want this + - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. + The file was totally rewritten between what we had in tree and -current. + - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid + marker. The upstream API has changed (function and structure names) + enough to put it out of sync with other providers of this interface. + - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion + of static __findenv() function from upstream setenv.c + - OpenBSD CVS Sync + - millert@cvs.openbsd.org 2006/05/05 15:27:38 + [openbsd-compat/strlcpy.c] + Convert do {} while loop -> while {} for clarity. No binary change + on most architectures. From Oliver Smith. OK deraadt@ and henning@ + - tobias@cvs.openbsd.org 2007/10/21 11:09:30 + [openbsd-compat/mktemp.c] + Comment fix about time consumption of _gettemp. + FreeBSD did this in revision 1.20. + OK deraadt@, krw@ + - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 + [openbsd-compat/mktemp.c] + use arc4random_uniform(); ok djm millert + - millert@cvs.openbsd.org 2008/08/21 16:54:44 + [openbsd-compat/mktemp.c] + Remove useless code, the kernel will set errno appropriately if an + element in the path does not exist. OK deraadt@ pvalchev@ + - otto@cvs.openbsd.org 2008/12/09 19:38:38 + [openbsd-compat/inet_ntop.c] + fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon + +20110922 + - OpenBSD CVS Sync + - pyr@cvs.openbsd.org 2011/05/12 07:15:10 + [openbsd-compat/glob.c] + When the max number of items for a directory has reached GLOB_LIMIT_READDIR + an error is returned but closedir() is not called. + spotted and fix provided by Frank Denis obsd-tech@pureftpd.org + ok otto@, millert@ + - stsp@cvs.openbsd.org 2011/09/20 10:18:46 + [glob.c] + In glob(3), limit recursion during matching attempts. Similar to + fnmatch fix. Also collapse consecutive '*' (from NetBSD). + ok miod deraadt + - djm@cvs.openbsd.org 2011/09/22 06:27:29 + [glob.c] + fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being + applied only to the gl_pathv vector and not the corresponding gl_statv + array. reported in OpenSSH bz#1935; feedback and okay matthew@ + - djm@cvs.openbsd.org 2011/08/26 01:45:15 + [ssh.1] + Add some missing ssh_config(5) options that can be used in ssh(1)'s + -o argument. Patch from duclare AT guu.fi + - djm@cvs.openbsd.org 2011/09/05 05:56:13 + [scp.1 sftp.1] + mention ControlPersist and KbdInteractiveAuthentication in the -o + verbiage in these pages too (prompted by jmc@) + - djm@cvs.openbsd.org 2011/09/05 05:59:08 + [misc.c] + fix typo in IPQoS parsing: there is no "AF14" class, but there is + an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk + - jmc@cvs.openbsd.org 2011/09/05 07:01:44 + [scp.1] + knock out a useless Ns; + - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 + [ssh-keygen.1] + typo (they vs the) found by Lawrence Teo + - djm@cvs.openbsd.org 2011/09/09 00:43:00 + [ssh_config.5 sshd_config.5] + fix typo in IPQoS parsing: there is no "AF14" class, but there is + an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk + - djm@cvs.openbsd.org 2011/09/09 00:44:07 + [PROTOCOL.mux] + MUX_C_CLOSE_FWD includes forward type in message (though it isn't + implemented anyway) + - djm@cvs.openbsd.org 2011/09/09 22:37:01 + [scp.c] + suppress adding '--' to remote commandlines when the first argument + does not start with '-'. saves breakage on some difficult-to-upgrade + embedded/router platforms; feedback & ok dtucker ok markus + - djm@cvs.openbsd.org 2011/09/09 22:38:21 + [sshd.c] + kill the preauth privsep child on fatal errors in the monitor; + ok markus@ + - djm@cvs.openbsd.org 2011/09/09 22:46:44 + [channels.c channels.h clientloop.h mux.c ssh.c] + support for cancelling local and remote port forwards via the multiplex + socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request + the cancellation of the specified forwardings; ok markus@ + - markus@cvs.openbsd.org 2011/09/10 22:26:34 + [channels.c channels.h clientloop.c ssh.1] + support cancellation of local/dynamic forwardings from ~C commandline; + ok & feedback djm@ + - okan@cvs.openbsd.org 2011/09/11 06:59:05 + [ssh.1] + document new -O cancel command; ok djm@ + - markus@cvs.openbsd.org 2011/09/11 16:07:26 + [sftp-client.c] + fix leaks in do_hardlink() and do_readlink(); bz#1921 + from Loganaden Velvindron + - markus@cvs.openbsd.org 2011/09/12 08:46:15 + [sftp-client.c] + fix leak in do_lsreaddir(); ok djm + - djm@cvs.openbsd.org 2011/09/22 06:29:03 + [sftp.c] + don't let remote_glob() implicitly sort its results in do_globbed_ls() - + in all likelihood, they will be resorted anyway + +20110909 + - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From + Colin Watson. + 20110906 - (djm) [README version.h] Correct version - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL index 0031dea..7c60469 100644 --- a/crypto/openssh/INSTALL +++ b/crypto/openssh/INSTALL @@ -80,6 +80,12 @@ these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ +LDNS: + +LDNS is a DNS BSD-licensed resolver library which supports DNSSEC. + +http://nlnetlabs.nl/projects/ldns/ + Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked @@ -260,4 +266,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $ +$Id: INSTALL,v 1.87 2011/11/04 00:25:25 dtucker Exp $ diff --git a/crypto/openssh/LICENCE b/crypto/openssh/LICENCE index 120d6fd..f523871 100644 --- a/crypto/openssh/LICENCE +++ b/crypto/openssh/LICENCE @@ -207,6 +207,7 @@ OpenSSH contains no GPL code. The SCO Group Daniel Walsh Red Hat, Inc + Simon Vallet / Genoscope * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/openssh/PROTOCOL.certkeys b/crypto/openssh/PROTOCOL.certkeys index 2f97649..c985910 100644 --- a/crypto/openssh/PROTOCOL.certkeys +++ b/crypto/openssh/PROTOCOL.certkeys @@ -162,6 +162,13 @@ extensions is a set of zero or more optional extensions. These extensions are not critical, and an implementation that encounters one that it does not recognise may safely ignore it. +Generally, critical options are used to control features that restrict +access where extensions are used to enable features that grant access. +This ensures that certificates containing unknown restrictions do not +inadvertently grant access while allowing new protocol features to be +enabled via extensions without breaking certificates' backwards +compatibility. + The reserved field is currently unused and is ignored in this version of the protocol. @@ -189,7 +196,7 @@ is a sequence of zero or more tuples: string data Options must be lexically ordered by "name" if they appear in the -sequence. +sequence. Each named option may only appear once in a certificate. The name field identifies the option and the data field encodes option-specific information (see below). All options are @@ -220,7 +227,9 @@ Extensions The extensions section of the certificate specifies zero or more non-critical certificate extensions. The encoding and ordering of -extensions in this field is identical to that of the critical options. +extensions in this field is identical to that of the critical options, +as is the requirement that each name appear only once. + If an implementation does not recognise an extension, then it should ignore it. @@ -253,4 +262,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ diff --git a/crypto/openssh/PROTOCOL.mux b/crypto/openssh/PROTOCOL.mux index 9ad2566..b583256 100644 --- a/crypto/openssh/PROTOCOL.mux +++ b/crypto/openssh/PROTOCOL.mux @@ -110,9 +110,9 @@ A client may request the master to establish a port forward: uint32 request id uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. @@ -133,10 +133,11 @@ A client may request the master to close a port forward: uint32 MUX_C_CLOSE_FWD uint32 request id + uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. @@ -218,4 +219,4 @@ XXX inject packet (what about replies) XXX server->client error/warning notifications XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.7 2011/05/08 12:52:01 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $ diff --git a/crypto/openssh/README b/crypto/openssh/README index e26654b..81cb922 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.9 for the release notes. +See http://www.openssh.com/txt/release-6.1 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.77.2.2 2011/09/06 23:11:20 djm Exp $ +$Id: README,v 1.81 2012/08/22 11:57:13 djm Exp $ diff --git a/crypto/openssh/addrmatch.c b/crypto/openssh/addrmatch.c index 5b6773c..388603c 100644 --- a/crypto/openssh/addrmatch.c +++ b/crypto/openssh/addrmatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.5 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> @@ -318,7 +318,7 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) char addrbuf[64], *mp, *cp; /* Don't modify argument */ - if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) > sizeof(addrbuf)) + if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf)) return -1; if ((mp = strchr(addrbuf, '/')) != NULL) { diff --git a/crypto/openssh/audit-bsm.c b/crypto/openssh/audit-bsm.c index f196d4f..6135591 100644 --- a/crypto/openssh/audit-bsm.c +++ b/crypto/openssh/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */ /* * TODO @@ -45,6 +45,10 @@ #include <string.h> #include <unistd.h> +#ifdef BROKEN_BSM_API +#include <libscf.h> +#endif + #include "ssh.h" #include "log.h" #include "key.h" @@ -114,6 +118,12 @@ extern int aug_daemon_session(void); extern Authctxt *the_authctxt; static AuditInfoTermID ssh_bsm_tid; +#ifdef BROKEN_BSM_API +/* For some reason this constant is no longer defined + in Solaris 11. */ +#define BSM_TEXTBUFSZ 256 +#endif + /* Below is the low-level BSM interface code */ /* @@ -161,6 +171,65 @@ aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type) } #endif +#ifdef BROKEN_BSM_API +/* + In Solaris 11 the audit daemon has been moved to SMF. In the process + they simply dropped getacna() from the API, since it read from a now + non-existent config file. This function re-implements getacna() to + read from the SMF repository instead. + */ +int +getacna(char *auditstring, int len) +{ + scf_handle_t *handle = NULL; + scf_property_t *property = NULL; + scf_value_t *value = NULL; + int ret = 0; + + handle = scf_handle_create(SCF_VERSION); + if (handle == NULL) + return -2; /* The man page for getacna on Solaris 10 states + we should return -2 in case of error and set + errno to indicate the error. We don't bother + with errno here, though, since the only use + of this function below doesn't check for errors + anyway. + */ + + ret = scf_handle_bind(handle); + if (ret == -1) + return -2; + + property = scf_property_create(handle); + if (property == NULL) + return -2; + + ret = scf_handle_decode_fmri(handle, + "svc:/system/auditd:default/:properties/preselection/naflags", + NULL, NULL, NULL, NULL, property, 0); + if (ret == -1) + return -2; + + value = scf_value_create(handle); + if (value == NULL) + return -2; + + ret = scf_property_get_value(property, value); + if (ret == -1) + return -2; + + ret = scf_value_get_astring(value, auditstring, len); + if (ret == -1) + return -2; + + scf_value_destroy(value); + scf_property_destroy(property); + scf_handle_destroy(handle); + + return 0; +} +#endif + /* * Check if the specified event is selected (enabled) for auditing. * Returns 1 if the event is selected, 0 if not and -1 on failure. @@ -213,7 +282,15 @@ bsm_audit_record(int typ, char *string, au_event_t event_no) (void) au_write(ad, au_to_text(string)); (void) au_write(ad, AUToReturnFunc(typ, rc)); +#ifdef BROKEN_BSM_API + /* The last argument is the event modifier flags. For + some seemingly undocumented reason it was added in + Solaris 11. */ + rc = au_close(ad, AU_TO_WRITE, event_no, 0); +#else rc = au_close(ad, AU_TO_WRITE, event_no); +#endif + if (rc < 0) error("BSM audit: %s failed to write \"%s\" record: %s", __func__, string, strerror(errno)); diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c index d019fe2..922c66c 100644 --- a/crypto/openssh/auth-krb5.c +++ b/crypto/openssh/auth-krb5.c @@ -226,7 +226,7 @@ krb5_cleanup_proc(Authctxt *authctxt) #ifndef HEIMDAL krb5_error_code ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { - int tmpfd, ret; + int tmpfd, ret, oerrno; char ccname[40]; mode_t old_umask; @@ -237,16 +237,18 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { old_umask = umask(0177); tmpfd = mkstemp(ccname + strlen("FILE:")); + oerrno = errno; umask(old_umask); if (tmpfd == -1) { - logit("mkstemp(): %.100s", strerror(errno)); - return errno; + logit("mkstemp(): %.100s", strerror(oerrno)); + return oerrno; } if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); + oerrno = errno; + logit("fchmod(): %.100s", strerror(oerrno)); close(tmpfd); - return errno; + return oerrno; } close(tmpfd); diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c index eae45cf..0e67bd8 100644 --- a/crypto/openssh/auth-options.c +++ b/crypto/openssh/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -341,7 +341,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto bad_option; } host = cleanhostname(host); - if (p == NULL || (port = a2port(p)) <= 0) { + if (p == NULL || (port = permitopen_port(p)) < 0) { debug("%.100s, line %lu: Bad permitopen port " "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " @@ -452,10 +452,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, buffer_append(&data, data_blob, dlen); debug3("found certificate option \"%.100s\" len %u", name, dlen); - if (strlen(name) != nlen) { - error("Certificate constraint name contains \\0"); - goto out; - } found = 0; if ((which & OPTIONS_EXTENSIONS) != 0) { if (strcmp(name, "permit-X11-forwarding") == 0) { @@ -485,11 +481,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "corrupt", name); goto out; } - if (strlen(command) != clen) { - error("force-command constraint " - "contains \\0"); - goto out; - } if (*cert_forced_command != NULL) { error("Certificate has multiple " "force-command options"); @@ -506,11 +497,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "\"%s\" corrupt", name); goto out; } - if (strlen(allowed) != clen) { - error("source-address constraint " - "contains \\0"); - goto out; - } if ((*cert_source_address_done)++) { error("Certificate has multiple " "source-address options"); diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index b1c6ce0..68bbd18 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -209,6 +209,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) * Authentication is accepted if the encrypted passwords * are identical. */ - return (strcmp(encrypted_password, pw_password) == 0); + return encrypted_password != NULL && + strcmp(encrypted_password, pw_password) == 0; } #endif diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index 893dc7b..7fb1068 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.96 2012/05/13 01:42:32 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -358,7 +358,8 @@ expand_authorized_keys(const char *filename, struct passwd *pw) char * authorized_principals_file(struct passwd *pw) { - if (options.authorized_principals_file == NULL) + if (options.authorized_principals_file == NULL || + strcasecmp(options.authorized_principals_file, "none") == 0) return NULL; return expand_authorized_keys(options.authorized_principals_file, pw); } @@ -545,9 +546,10 @@ getpwnamallow(const char *user) #endif #endif struct passwd *pw; + struct connection_info *ci = get_connection_info(1, options.use_dns); - parse_server_match_config(&options, user, - get_canonical_hostname(options.use_dns), get_remote_ipaddr()); + ci->user = user; + parse_server_match_config(&options, ci); #if defined(_AIX) && defined(HAVE_SETAUTHDB) aix_setauthdb(user); diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c index 137887e..5bccb5d 100644 --- a/crypto/openssh/auth2-pubkey.c +++ b/crypto/openssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.29 2011/05/23 03:30:07 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.30 2011/09/25 05:44:47 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -238,8 +238,9 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) } for (i = 0; i < cert->nprincipals; i++) { if (strcmp(cp, cert->principals[i]) == 0) { - debug3("matched principal from file \"%.100s\"", - cert->principals[i]); + debug3("matched principal \"%.100s\" " + "from file \"%s\" on line %lu", + cert->principals[i], file, linenum); if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index 55238cd..234ca3b 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.124 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -115,7 +115,7 @@ auth2_read_banner(void) close(fd); return (NULL); } - if (st.st_size > 1*1024*1024) { + if (st.st_size <= 0 || st.st_size > 1*1024*1024) { close(fd); return (NULL); } diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c index 1d7e53c..7dd4496 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.92 2011/06/14 22:49:18 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.93 2012/01/25 19:36:31 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -340,7 +340,7 @@ key_load_file(int fd, const char *filename, Buffer *blob) filename == NULL ? "" : " "); return 0; } - buffer_init(blob); + buffer_clear(blob); for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 2242579..04ad255 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.311 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.318 2012/04/23 08:18:17 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -126,6 +126,9 @@ static int num_permitted_opens = 0; /* Number of permitted host/port pair in the array permitted by the admin. */ static int num_adm_permitted_opens = 0; +/* special-case port number meaning allow any port */ +#define FWD_PERMIT_ANY_PORT 0 + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -308,10 +311,13 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, buffer_init(&c->output); buffer_init(&c->extended); c->path = NULL; + c->listening_addr = NULL; + c->listening_port = 0; c->ostate = CHAN_OUTPUT_OPEN; c->istate = CHAN_INPUT_OPEN; c->flags = 0; channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0); + c->notbefore = 0; c->self = found; c->type = type; c->ctype = ctype; @@ -418,6 +424,10 @@ channel_free(Channel *c) xfree(c->path); c->path = NULL; } + if (c->listening_addr) { + xfree(c->listening_addr); + c->listening_addr = NULL; + } while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { if (cc->abandon_cb != NULL) cc->abandon_cb(c, cc->ctx); @@ -1372,6 +1382,8 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) } if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1515,6 +1527,8 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1547,7 +1561,10 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { - error("accept from auth socket: %.100s", strerror(errno)); + error("accept from auth socket: %.100s", + strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } nc = channel_new("accepted auth socket", @@ -1961,6 +1978,8 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset) if ((newsock = accept(c->sock, (struct sockaddr*)&addr, &addrlen)) == -1) { error("%s accept: %s", __func__, strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } @@ -2111,16 +2130,21 @@ channel_garbage_collect(Channel *c) } static void -channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) +channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset, + time_t *unpause_secs) { static int did_init = 0; u_int i, oalloc; Channel *c; + time_t now; if (!did_init) { channel_handler_init(); did_init = 1; } + now = time(NULL); + if (unpause_secs != NULL) + *unpause_secs = 0; for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { c = channels[i]; if (c == NULL) @@ -2131,10 +2155,30 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) else continue; } - if (ftab[c->type] != NULL) - (*ftab[c->type])(c, readset, writeset); + if (ftab[c->type] != NULL) { + /* + * Run handlers that are not paused. + */ + if (c->notbefore <= now) + (*ftab[c->type])(c, readset, writeset); + else if (unpause_secs != NULL) { + /* + * Collect the time that the earliest + * channel comes off pause. + */ + debug3("%s: chan %d: skip for %d more seconds", + __func__, c->self, + (int)(c->notbefore - now)); + if (*unpause_secs == 0 || + (c->notbefore - now) < *unpause_secs) + *unpause_secs = c->notbefore - now; + } + } channel_garbage_collect(c); } + if (unpause_secs != NULL && *unpause_secs != 0) + debug3("%s: first channel unpauses in %d seconds", + __func__, (int)*unpause_secs); } /* @@ -2143,7 +2187,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) */ void channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - u_int *nallocp, int rekeying) + u_int *nallocp, time_t *minwait_secs, int rekeying) { u_int n, sz, nfdset; @@ -2166,7 +2210,8 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, memset(*writesetp, 0, sz); if (!rekeying) - channel_handler(channel_pre, *readsetp, *writesetp); + channel_handler(channel_pre, *readsetp, *writesetp, + minwait_secs); } /* @@ -2176,7 +2221,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, void channel_after_select(fd_set *readset, fd_set *writeset) { - channel_handler(channel_post, readset, writeset); + channel_handler(channel_post, readset, writeset, NULL); } @@ -2696,6 +2741,45 @@ channel_set_hpn(int disabled, u_int buf_size) hpn_disabled, buffer_size); } +/* + * Determine whether or not a port forward listens to loopback, the + * specified address or wildcard. On the client, a specified bind + * address will always override gateway_ports. On the server, a + * gateway_ports of 1 (``yes'') will override the client's specification + * and force a wildcard bind, whereas a value of 2 (``clientspecified'') + * will bind to whatever address the client asked for. + * + * Special-case listen_addrs are: + * + * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR + * "" (empty string), "*" -> wildcard v4/v6 + * "localhost" -> loopback v4/v6 + */ +static const char * +channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, + int is_client, int gateway_ports) +{ + const char *addr = NULL; + int wildcard = 0; + + if (listen_addr == NULL) { + /* No address specified: default to gateway_ports setting */ + if (gateway_ports) + wildcard = 1; + } else if (gateway_ports || is_client) { + if (((datafellows & SSH_OLD_FORWARD_ADDR) && + strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || + *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || + (!is_client && gateway_ports == 1)) + wildcard = 1; + else if (strcmp(listen_addr, "localhost") != 0) + addr = listen_addr; + } + if (wildcardp != NULL) + *wildcardp = wildcard; + return addr; +} + static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, int *allocated_listen_port, @@ -2721,36 +2805,9 @@ channel_setup_fwd_listener(int type, const char *listen_addr, return 0; } - /* - * Determine whether or not a port forward listens to loopback, - * specified address or wildcard. On the client, a specified bind - * address will always override gateway_ports. On the server, a - * gateway_ports of 1 (``yes'') will override the client's - * specification and force a wildcard bind, whereas a value of 2 - * (``clientspecified'') will bind to whatever address the client - * asked for. - * - * Special-case listen_addrs are: - * - * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR - * "" (empty string), "*" -> wildcard v4/v6 - * "localhost" -> loopback v4/v6 - */ - addr = NULL; - if (listen_addr == NULL) { - /* No address specified: default to gateway_ports setting */ - if (gateway_ports) - wildcard = 1; - } else if (gateway_ports || is_client) { - if (((datafellows & SSH_OLD_FORWARD_ADDR) && - strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || - *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || - (!is_client && gateway_ports == 1)) - wildcard = 1; - else if (strcmp(listen_addr, "localhost") != 0) - addr = listen_addr; - } - + /* Determine the bind address, cf. channel_fwd_bind_addr() comment */ + addr = channel_fwd_bind_addr(listen_addr, &wildcard, + is_client, gateway_ports); debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", type, wildcard, (addr == NULL) ? "NULL" : addr); @@ -2862,7 +2919,12 @@ channel_setup_fwd_listener(int type, const char *listen_addr, 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; - c->listening_port = listen_port; + c->listening_addr = addr == NULL ? NULL : xstrdup(addr); + if (listen_port == 0 && allocated_listen_port != NULL && + !(datafellows & SSH_BUG_DYNAMIC_RPORT)) + c->listening_port = *allocated_listen_port; + else + c->listening_port = listen_port; success = 1; } if (success == 0) @@ -2880,9 +2942,44 @@ channel_cancel_rport_listener(const char *host, u_short port) for (i = 0; i < channels_alloc; i++) { Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER) + continue; + if (strcmp(c->path, host) == 0 && c->listening_port == port) { + debug2("%s: close channel %d", __func__, i); + channel_free(c); + found = 1; + } + } + + return (found); +} + +int +channel_cancel_lport_listener(const char *lhost, u_short lport, + int cport, int gateway_ports) +{ + u_int i; + int found = 0; + const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, gateway_ports); - if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && - strcmp(c->path, host) == 0 && c->listening_port == port) { + for (i = 0; i < channels_alloc; i++) { + Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) + continue; + if (c->listening_port != lport) + continue; + if (cport == CHANNEL_CANCEL_PORT_STATIC) { + /* skip dynamic forwardings */ + if (c->host_port == 0) + continue; + } else { + if (c->host_port != cport) + continue; + } + if ((c->listening_addr == NULL && addr != NULL) || + (c->listening_addr != NULL && addr == NULL)) + continue; + if (addr == NULL || strcmp(c->listening_addr, addr) == 0) { debug2("%s: close channel %d", __func__, i); channel_free(c); found = 1; @@ -2913,37 +3010,44 @@ channel_setup_remote_fwd_listener(const char *listen_address, } /* + * Translate the requested rfwd listen host to something usable for + * this server. + */ +static const char * +channel_rfwd_bind_host(const char *listen_host) +{ + if (listen_host == NULL) { + if (datafellows & SSH_BUG_RFWD_ADDR) + return "127.0.0.1"; + else + return "localhost"; + } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { + if (datafellows & SSH_BUG_RFWD_ADDR) + return "0.0.0.0"; + else + return ""; + } else + return listen_host; +} + +/* * Initiate forwarding of connections to port "port" on remote host through * the secure channel to host:port from local side. + * Returns handle (index) for updating the dynamic listen port with + * channel_update_permitted_opens(). */ - int channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { - int type, success = 0; + int type, success = 0, idx = -1; /* Send the forward request to the remote side. */ if (compat20) { - const char *address_to_bind; - if (listen_host == NULL) { - if (datafellows & SSH_BUG_RFWD_ADDR) - address_to_bind = "127.0.0.1"; - else - address_to_bind = "localhost"; - } else if (*listen_host == '\0' || - strcmp(listen_host, "*") == 0) { - if (datafellows & SSH_BUG_RFWD_ADDR) - address_to_bind = "0.0.0.0"; - else - address_to_bind = ""; - } else - address_to_bind = listen_host; - packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); - packet_put_char(1); /* boolean: want reply */ - packet_put_cstring(address_to_bind); + packet_put_char(1); /* boolean: want reply */ + packet_put_cstring(channel_rfwd_bind_host(listen_host)); packet_put_int(listen_port); packet_send(); packet_write_wait(); @@ -2975,25 +3079,25 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, /* Record that connection to this host/port is permitted. */ permitted_opens = xrealloc(permitted_opens, num_permitted_opens + 1, sizeof(*permitted_opens)); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; + idx = num_permitted_opens++; + permitted_opens[idx].host_to_connect = xstrdup(host_to_connect); + permitted_opens[idx].port_to_connect = port_to_connect; + permitted_opens[idx].listen_port = listen_port; } - return (success ? 0 : -1); + return (idx); } /* * Request cancellation of remote forwarding of connection host:port from * local side. */ -void +int channel_request_rforward_cancel(const char *host, u_short port) { int i; if (!compat20) - return; + return -1; for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && @@ -3002,12 +3106,12 @@ channel_request_rforward_cancel(const char *host, u_short port) } if (i >= num_permitted_opens) { debug("%s: requested forward not found", __func__); - return; + return -1; } packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("cancel-tcpip-forward"); packet_put_char(0); - packet_put_cstring(host == NULL ? "" : host); + packet_put_cstring(channel_rfwd_bind_host(host)); packet_put_int(port); packet_send(); @@ -3015,6 +3119,8 @@ channel_request_rforward_cancel(const char *host, u_short port) permitted_opens[i].port_to_connect = 0; xfree(permitted_opens[i].host_to_connect); permitted_opens[i].host_to_connect = NULL; + + return 0; } /* @@ -3083,6 +3189,35 @@ channel_add_permitted_opens(char *host, int port) all_opens_permitted = 0; } +/* + * Update the listen port for a dynamic remote forward, after + * the actual 'newport' has been allocated. If 'newport' < 0 is + * passed then they entry will be invalidated. + */ +void +channel_update_permitted_opens(int idx, int newport) +{ + if (idx < 0 || idx >= num_permitted_opens) { + debug("channel_update_permitted_opens: index out of range:" + " %d num_permitted_opens %d", idx, num_permitted_opens); + return; + } + debug("%s allowed port %d for forwarding to host %s port %d", + newport > 0 ? "Updating" : "Removing", + newport, + permitted_opens[idx].host_to_connect, + permitted_opens[idx].port_to_connect); + if (newport >= 0) { + permitted_opens[idx].listen_port = + (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport; + } else { + permitted_opens[idx].listen_port = 0; + permitted_opens[idx].port_to_connect = 0; + xfree(permitted_opens[idx].host_to_connect); + permitted_opens[idx].host_to_connect = NULL; + } +} + int channel_add_adm_permitted_opens(char *host, int port) { @@ -3097,6 +3232,17 @@ channel_add_adm_permitted_opens(char *host, int port) } void +channel_disable_adm_local_opens(void) +{ + if (num_adm_permitted_opens == 0) { + permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); + permitted_adm_opens[num_adm_permitted_opens].host_to_connect + = NULL; + num_adm_permitted_opens = 1; + } +} + +void channel_clear_permitted_opens(void) { int i; @@ -3137,12 +3283,36 @@ channel_print_adm_permitted_opens(void) return; } for (i = 0; i < num_adm_permitted_opens; i++) - if (permitted_adm_opens[i].host_to_connect != NULL) + if (permitted_adm_opens[i].host_to_connect == NULL) + printf(" none"); + else printf(" %s:%d", permitted_adm_opens[i].host_to_connect, permitted_adm_opens[i].port_to_connect); printf("\n"); } +/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */ +int +permitopen_port(const char *p) +{ + int port; + + if (strcmp(p, "*") == 0) + return FWD_PERMIT_ANY_PORT; + if ((port = a2port(p)) > 0) + return port; + return -1; +} + +static int +port_match(u_short allowedport, u_short requestedport) +{ + if (allowedport == FWD_PERMIT_ANY_PORT || + allowedport == requestedport) + return 1; + return 0; +} + /* Try to start non-blocking connect to next host in cctx list */ static int connect_next(struct channel_connect *cctx) @@ -3245,7 +3415,7 @@ channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && - permitted_opens[i].listen_port == listen_port) { + port_match(permitted_opens[i].listen_port, listen_port)) { return connect_to( permitted_opens[i].host_to_connect, permitted_opens[i].port_to_connect, ctype, rname); @@ -3266,7 +3436,7 @@ channel_connect_to(const char *host, u_short port, char *ctype, char *rname) if (!permit) { for (i = 0; i < num_permitted_opens; i++) if (permitted_opens[i].host_to_connect != NULL && - permitted_opens[i].port_to_connect == port && + port_match(permitted_opens[i].port_to_connect, port) && strcmp(permitted_opens[i].host_to_connect, host) == 0) permit = 1; } @@ -3275,7 +3445,7 @@ channel_connect_to(const char *host, u_short port, char *ctype, char *rname) permit_adm = 0; for (i = 0; i < num_adm_permitted_opens; i++) if (permitted_adm_opens[i].host_to_connect != NULL && - permitted_adm_opens[i].port_to_connect == port && + port_match(permitted_adm_opens[i].port_to_connect, port) && strcmp(permitted_adm_opens[i].host_to_connect, host) == 0) permit_adm = 1; diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index c469720..cede0a4 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */ /* $FreeBSD$ */ /* @@ -58,6 +58,8 @@ #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ #define SSH_CHANNEL_MAX_TYPE 17 +#define CHANNEL_CANCEL_PORT_STATIC -1 + struct Channel; typedef struct Channel Channel; @@ -104,6 +106,7 @@ struct Channel { int wfd_isatty; /* wfd is a tty */ int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ + time_t notbefore; /* Pause IO until deadline (time_t) */ int delayed; /* post-select handlers for newly created * channels are delayed until the first call * to a matching pre-select handler. @@ -117,6 +120,7 @@ struct Channel { char *path; /* path for unix domain sockets, or host name for forwards */ int listening_port; /* port being listened for forwards */ + char *listening_addr; /* addr being listened for forwards */ int host_port; /* remote port to connect for forwards */ char *remote_name; /* remote hostname */ @@ -239,7 +243,8 @@ void channel_input_status_confirm(int, u_int32_t, void *); /* file descriptor handling (read/write) */ -void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); +void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, + time_t*, int); void channel_after_select(fd_set *, fd_set *); void channel_output_poll(void); @@ -254,6 +259,8 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); +void channel_disable_adm_local_opens(void); +void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); @@ -265,9 +272,11 @@ int channel_request_remote_forwarding(const char *, u_short, const char *, u_short); int channel_setup_local_fwd_listener(const char *, u_short, const char *, u_short, int); -void channel_request_rforward_cancel(const char *host, u_short port); +int channel_request_rforward_cancel(const char *host, u_short port); int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); int channel_cancel_rport_listener(const char *, u_short); +int channel_cancel_lport_listener(const char *, u_short, int, int); +int permitopen_port(const char *); /* x11 forwarding */ diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index ba2218a..5dd7b1b 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.240 2012/06/20 04:42:58 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -282,6 +282,23 @@ set_control_persist_exit_time(void) /* else we are already counting down to the timeout */ } +#define SSH_X11_VALID_DISPLAY_CHARS ":/.-_" +static int +client_x11_display_valid(const char *display) +{ + size_t i, dlen; + + dlen = strlen(display); + for (i = 0; i < dlen; i++) { + if (!isalnum(display[i]) && + strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) { + debug("Invalid character '%c' in DISPLAY", display[i]); + return 0; + } + } + return 1; +} + #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" void client_x11_get_proto(const char *display, const char *xauth_path, @@ -304,6 +321,9 @@ client_x11_get_proto(const char *display, const char *xauth_path, if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { debug("No xauth program."); + } else if (!client_x11_display_valid(display)) { + logit("DISPLAY '%s' invalid, falling back to fake xauth data", + display); } else { if (display == NULL) { debug("x11_get_proto: DISPLAY not set"); @@ -564,10 +584,12 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, { struct timeval tv, *tvp; int timeout_secs; + time_t minwait_secs = 0; int ret; /* Add any selections by the channel mechanism. */ - channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); + channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, + &minwait_secs, rekeying); if (!compat20) { /* Read from the connection, unless our buffers are full. */ @@ -620,6 +642,8 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, if (timeout_secs < 0) timeout_secs = 0; } + if (minwait_secs != 0) + timeout_secs = MIN(timeout_secs, (int)minwait_secs); if (timeout_secs == INT_MAX) tvp = NULL; else { @@ -840,9 +864,8 @@ process_cmdline(void) { void (*handler)(int); char *s, *cmd, *cancel_host; - int delete = 0; - int local = 0, remote = 0, dynamic = 0; - int cancel_port; + int delete = 0, local = 0, remote = 0, dynamic = 0; + int cancel_port, ok; Forward fwd; bzero(&fwd, sizeof(fwd)); @@ -868,8 +891,12 @@ process_cmdline(void) "Request remote forward"); logit(" -D[bind_address:]port " "Request dynamic forward"); + logit(" -KL[bind_address:]port " + "Cancel local forward"); logit(" -KR[bind_address:]port " "Cancel remote forward"); + logit(" -KD[bind_address:]port " + "Cancel dynamic forward"); if (!options.permit_local_command) goto out; logit(" !args " @@ -898,11 +925,7 @@ process_cmdline(void) goto out; } - if ((local || dynamic) && delete) { - logit("Not supported."); - goto out; - } - if (remote && delete && !compat20) { + if (delete && !compat20) { logit("Not supported for SSH protocol version 1."); goto out; } @@ -925,7 +948,21 @@ process_cmdline(void) logit("Bad forwarding close port"); goto out; } - channel_request_rforward_cancel(cancel_host, cancel_port); + if (remote) + ok = channel_request_rforward_cancel(cancel_host, + cancel_port) == 0; + else if (dynamic) + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, 0, options.gateway_ports) > 0; + else + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, CHANNEL_CANCEL_PORT_STATIC, + options.gateway_ports) > 0; + if (!ok) { + logit("Unkown port forwarding."); + goto out; + } + logit("Canceled forwarding."); } else { if (!parse_forward(&fwd, s, dynamic, remote)) { logit("Bad forwarding specification."); @@ -946,7 +983,6 @@ process_cmdline(void) goto out; } } - logit("Forwarding port."); } diff --git a/crypto/openssh/clientloop.h b/crypto/openssh/clientloop.h index a259b5e..3bb7948 100644 --- a/crypto/openssh/clientloop.h +++ b/crypto/openssh/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.28 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.29 2011/09/09 22:46:44 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -70,6 +70,7 @@ void client_expect_confirm(int, const char *, enum confirm_action); #define SSHMUX_COMMAND_STDIO_FWD 4 /* Open stdio fwd (ssh -W) */ #define SSHMUX_COMMAND_FORWARD 5 /* Forward only, no command */ #define SSHMUX_COMMAND_STOP 6 /* Disable mux but not conn */ +#define SSHMUX_COMMAND_CANCEL_FWD 7 /* Cancel forwarding(s) */ void muxserver_listen(void); void muxclient(const char *); diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c index d685f6d..c6b0c95 100644 --- a/crypto/openssh/compat.c +++ b/crypto/openssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.78 2008/09/11 14:22:37 markus Exp $ */ +/* $OpenBSD: compat.c,v 1.79 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -93,6 +93,7 @@ compat_datafellows(const char *version) { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH_4*", 0 }, + { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, { "OpenSSH*", SSH_NEW_OPENSSH }, { "*MindTerm*", 0 }, { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| diff --git a/crypto/openssh/compat.h b/crypto/openssh/compat.h index 57f38f5..6db85ea 100644 --- a/crypto/openssh/compat.h +++ b/crypto/openssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.42 2008/09/11 14:22:37 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.43 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* @@ -59,6 +59,7 @@ #define SSH_OLD_FORWARD_ADDR 0x01000000 #define SSH_BUG_RFWD_ADDR 0x02000000 #define SSH_NEW_OPENSSH 0x04000000 +#define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_LARGEWINDOW 0x08000000 void enable_compat13(void); diff --git a/crypto/openssh/config.h.in b/crypto/openssh/config.h.in index baf0011..2834a47 100644 --- a/crypto/openssh/config.h.in +++ b/crypto/openssh/config.h.in @@ -16,6 +16,9 @@ /* Define if your resolver libs need this for getrrsetbyname */ #undef BIND_8_COMPAT +/* The system has incomplete BSM API */ +#undef BROKEN_BSM_API + /* Define if cmsg_type is not passed correctly */ #undef BROKEN_CMSG_TYPE @@ -500,6 +503,9 @@ /* Define if HEADER.ad exists in arpa/nameser.h */ #undef HAVE_HEADER_AD +/* Define to 1 if you have the `HMAC_CTX_init' function. */ +#undef HAVE_HMAC_CTX_INIT + /* Define if you have ut_host in utmp.h */ #undef HAVE_HOST_IN_UTMP @@ -551,6 +557,9 @@ /* Define to 1 if you have the <lastlog.h> header file. */ #undef HAVE_LASTLOG_H +/* Define if you want ldns support */ +#undef HAVE_LDNS + /* Define to 1 if you have the <libaudit.h> header file. */ #undef HAVE_LIBAUDIT_H @@ -593,10 +602,19 @@ /* Define to 1 if you have the <limits.h> header file. */ #undef HAVE_LIMITS_H +/* Define to 1 if you have the <linux/audit.h> header file. */ +#undef HAVE_LINUX_AUDIT_H + +/* Define to 1 if you have the <linux/filter.h> header file. */ +#undef HAVE_LINUX_FILTER_H + /* Define to 1 if you have the <linux/if_tun.h> header file. */ #undef HAVE_LINUX_IF_TUN_H -/* Define if your libraries define login() */ +/* Define to 1 if you have the <linux/seccomp.h> header file. */ +#undef HAVE_LINUX_SECCOMP_H + +/* Define to 1 if you have the `login' function. */ #undef HAVE_LOGIN /* Define to 1 if you have the <login_cap.h> header file. */ @@ -804,6 +822,9 @@ /* Define to 1 if you have the `setgroups' function. */ #undef HAVE_SETGROUPS +/* Define to 1 if you have the `setlinebuf' function. */ +#undef HAVE_SETLINEBUF + /* Define to 1 if you have the `setlogin' function. */ #undef HAVE_SETLOGIN @@ -930,6 +951,9 @@ /* Define to 1 if you have the `strmode' function. */ #undef HAVE_STRMODE +/* Define to 1 if you have the `strnlen' function. */ +#undef HAVE_STRNLEN + /* Define to 1 if you have the `strnvis' function. */ #undef HAVE_STRNVIS @@ -1350,15 +1374,21 @@ /* Sandbox using setrlimit(2) */ #undef SANDBOX_RLIMIT +/* Sandbox using seccomp filter */ +#undef SANDBOX_SECCOMP_FILTER + +/* setrlimit RLIMIT_FSIZE works */ +#undef SANDBOX_SKIP_RLIMIT_FSIZE + /* Sandbox using systrace(4) */ #undef SANDBOX_SYSTRACE +/* Specify the system call convention in use */ +#undef SECCOMP_AUDIT_ARCH + /* Define if your platform breaks doing a seteuid before a setuid */ #undef SETEUID_BREAKS_SETUID -/* The size of `char', as computed by sizeof. */ -#undef SIZEOF_CHAR - /* The size of `int', as computed by sizeof. */ #undef SIZEOF_INT diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h index e4ccc54..53f83a1 100644 --- a/crypto/openssh/defines.h +++ b/crypto/openssh/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.167 2011/06/03 01:17:49 tim Exp $ */ +/* $Id: defines.h,v 1.169 2012/02/15 04:13:06 tim Exp $ */ /* Constants */ @@ -87,6 +87,12 @@ enum # define IPTOS_DSCP_EF 0xb8 #endif /* IPTOS_DSCP_EF */ +#ifndef PATH_MAX +# ifdef _POSIX_PATH_MAX +# define PATH_MAX _POSIX_PATH_MAX +# endif +#endif + #ifndef MAXPATHLEN # ifdef PATH_MAX # define MAXPATHLEN PATH_MAX @@ -99,12 +105,6 @@ enum # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ -#ifndef PATH_MAX -# ifdef _POSIX_PATH_MAX -# define PATH_MAX _POSIX_PATH_MAX -# endif -#endif - #if defined(HAVE_DECL_MAXSYMLINKS) && HAVE_DECL_MAXSYMLINKS == 0 # define MAXSYMLINKS 5 #endif @@ -194,11 +194,7 @@ typedef unsigned int u_int; #endif #ifndef HAVE_INTXX_T -# if (SIZEOF_CHAR == 1) -typedef char int8_t; -# else -# error "8 bit int type not found." -# endif +typedef signed char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else diff --git a/crypto/openssh/dh.c b/crypto/openssh/dh.c index b9029d8..d943ca1 100644 --- a/crypto/openssh/dh.c +++ b/crypto/openssh/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.48 2009/10/01 11:37:33 grunk Exp $ */ +/* $OpenBSD: dh.c,v 1.49 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -236,6 +236,8 @@ dh_gen_key(DH *dh, int need) { int i, bits_set, tries = 0; + if (need < 0) + fatal("dh_gen_key: need < 0"); if (dh->p == NULL) fatal("dh_gen_key: dh->p == NULL"); if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p)) diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c index 131cb3d..9e3084b 100644 --- a/crypto/openssh/dns.c +++ b/crypto/openssh/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.27 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -78,27 +78,46 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, u_char **digest, u_int *digest_len, Key *key) { int success = 0; + enum fp_type fp_type = 0; switch (key->type) { case KEY_RSA: *algorithm = SSHFP_KEY_RSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA1; break; case KEY_DSA: *algorithm = SSHFP_KEY_DSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA1; + break; + case KEY_ECDSA: + *algorithm = SSHFP_KEY_ECDSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA256; break; - /* XXX KEY_ECDSA */ default: *algorithm = SSHFP_KEY_RESERVED; /* 0 */ + *digest_type = SSHFP_HASH_RESERVED; /* 0 */ + } + + switch (*digest_type) { + case SSHFP_HASH_SHA1: + fp_type = SSH_FP_SHA1; + break; + case SSHFP_HASH_SHA256: + fp_type = SSH_FP_SHA256; + break; + default: + *digest_type = SSHFP_HASH_RESERVED; /* 0 */ } - if (*algorithm) { - *digest_type = SSHFP_HASH_SHA1; - *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len); + if (*algorithm && *digest_type) { + *digest = key_fingerprint_raw(key, fp_type, digest_len); if (*digest == NULL) fatal("dns_read_key: null from key_fingerprint_raw()"); success = 1; } else { - *digest_type = SSHFP_HASH_RESERVED; *digest = NULL; *digest_len = 0; success = 0; @@ -180,7 +199,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, struct rrsetinfo *fingerprints = NULL; u_int8_t hostkey_algorithm; - u_int8_t hostkey_digest_type; + u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; u_char *hostkey_digest; u_int hostkey_digest_len; @@ -216,7 +235,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, fingerprints->rri_nrdatas); } - /* Initialize host key parameters */ + /* Initialize default host key parameters */ if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating host key fingerprint."); @@ -240,16 +259,27 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, continue; } + if (hostkey_digest_type != dnskey_digest_type) { + hostkey_digest_type = dnskey_digest_type; + xfree(hostkey_digest); + + /* Initialize host key parameters */ + if (!dns_read_key(&hostkey_algorithm, + &hostkey_digest_type, &hostkey_digest, + &hostkey_digest_len, hostkey)) { + error("Error calculating key fingerprint."); + freerrset(fingerprints); + return -1; + } + } + /* Check if the current key is the same as the given key */ if (hostkey_algorithm == dnskey_algorithm && hostkey_digest_type == dnskey_digest_type) { - if (hostkey_digest_len == dnskey_digest_len && - memcmp(hostkey_digest, dnskey_digest, - hostkey_digest_len) == 0) { - + timingsafe_bcmp(hostkey_digest, dnskey_digest, + hostkey_digest_len) == 0) *flags |= DNS_VERIFY_MATCH; - } } xfree(dnskey_digest); } @@ -275,31 +305,36 @@ int export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) { u_int8_t rdata_pubkey_algorithm = 0; - u_int8_t rdata_digest_type = SSHFP_HASH_SHA1; + u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; + u_int8_t dtype; u_char *rdata_digest; - u_int rdata_digest_len; - - u_int i; + u_int i, rdata_digest_len; int success = 0; - if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, - &rdata_digest, &rdata_digest_len, key)) { - - if (generic) - fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname, - DNS_RDATATYPE_SSHFP, 2 + rdata_digest_len, - rdata_pubkey_algorithm, rdata_digest_type); - else - fprintf(f, "%s IN SSHFP %d %d ", hostname, - rdata_pubkey_algorithm, rdata_digest_type); + for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { + rdata_digest_type = dtype; + if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, + &rdata_digest, &rdata_digest_len, key)) { + if (generic) { + fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", + hostname, DNS_RDATATYPE_SSHFP, + 2 + rdata_digest_len, + rdata_pubkey_algorithm, rdata_digest_type); + } else { + fprintf(f, "%s IN SSHFP %d %d ", hostname, + rdata_pubkey_algorithm, rdata_digest_type); + } + for (i = 0; i < rdata_digest_len; i++) + fprintf(f, "%02x", rdata_digest[i]); + fprintf(f, "\n"); + xfree(rdata_digest); /* from key_fingerprint_raw() */ + success = 1; + } + } - for (i = 0; i < rdata_digest_len; i++) - fprintf(f, "%02x", rdata_digest[i]); - fprintf(f, "\n"); - xfree(rdata_digest); /* from key_fingerprint_raw() */ - success = 1; - } else { - error("export_dns_rr: unsupported algorithm"); + /* No SSHFP record was generated at all */ + if (success == 0) { + error("%s: unsupported algorithm and/or digest_type", __func__); } return success; diff --git a/crypto/openssh/dns.h b/crypto/openssh/dns.h index 90cfd7b..d5f4281 100644 --- a/crypto/openssh/dns.h +++ b/crypto/openssh/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.11 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: dns.h,v 1.12 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -29,14 +29,17 @@ #define DNS_H enum sshfp_types { - SSHFP_KEY_RESERVED, - SSHFP_KEY_RSA, - SSHFP_KEY_DSA + SSHFP_KEY_RESERVED = 0, + SSHFP_KEY_RSA = 1, + SSHFP_KEY_DSA = 2, + SSHFP_KEY_ECDSA = 3 }; enum sshfp_hashes { - SSHFP_HASH_RESERVED, - SSHFP_HASH_SHA1 + SSHFP_HASH_RESERVED = 0, + SSHFP_HASH_SHA1 = 1, + SSHFP_HASH_SHA256 = 2, + SSHFP_HASH_MAX = 3 }; #define DNS_RDATACLASS_IN 1 diff --git a/crypto/openssh/entropy.c b/crypto/openssh/entropy.c index 2d6d3ec..2d483b3 100644 --- a/crypto/openssh/entropy.c +++ b/crypto/openssh/entropy.c @@ -211,9 +211,14 @@ seed_rng(void) #endif /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) + * We match major, minor, fix and status (not patch) for <1.0.0. + * After that, we acceptable compatible fix versions (so we + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed + * within a patch series. */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) + u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; + if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || + (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); diff --git a/crypto/openssh/entropy.h b/crypto/openssh/entropy.h index ec1ebcc..c3d78db 100644 --- a/crypto/openssh/entropy.h +++ b/crypto/openssh/entropy.h @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: entropy.h,v 1.5 2005/09/27 12:46:32 dtucker Exp $ */ +/* $Id: entropy.h,v 1.6 2011/09/09 01:29:41 dtucker Exp $ */ #ifndef _RANDOMS_H #define _RANDOMS_H @@ -30,7 +30,6 @@ #include "buffer.h" void seed_rng(void); -void init_rng(void); void rexec_send_rng_seed(Buffer *); void rexec_recv_rng_seed(Buffer *); diff --git a/crypto/openssh/jpake.c b/crypto/openssh/jpake.c index ac9a4bc..b010daf 100644 --- a/crypto/openssh/jpake.c +++ b/crypto/openssh/jpake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jpake.c,v 1.6 2010/09/20 04:54:07 djm Exp $ */ +/* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -133,7 +133,7 @@ jpake_free(struct jpake_ctx *pctx) #undef JPAKE_BN_CLEAR_FREE #undef JPAKE_BUF_CLEAR_FREE - bzero(pctx, sizeof(pctx)); + bzero(pctx, sizeof(*pctx)); xfree(pctx); } diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index 0e8d5c7..3a30b9b 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -91,7 +91,7 @@ kex_names_valid(const char *names) return 1; } -/* Put algorithm proposal into buffer. */ +/* put algorithm proposal into buffer. */ #ifndef NONE_CIPHER_ENABLED static void #else diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index 498cf5a..7e90997 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.97 2011/05/17 07:13:31 djm Exp $ */ +/* $OpenBSD: key.c,v 1.99 2012/05/23 03:28:28 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -342,6 +342,11 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) case SSH_FP_SHA1: md = EVP_sha1(); break; +#ifdef HAVE_EVP_SHA256 + case SSH_FP_SHA256: + md = EVP_sha256(); + break; +#endif default: fatal("key_fingerprint_raw: bad digest type %d", dgst_type); @@ -1356,11 +1361,6 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) goto out; } - if (kidlen != strlen(key->cert->key_id)) { - error("%s: key ID contains \\0 character", __func__); - goto out; - } - /* Signature is left in the buffer so we can calculate this length */ signed_len = buffer_len(&key->cert->certblob) - buffer_len(b); diff --git a/crypto/openssh/key.h b/crypto/openssh/key.h index ec5ac5e..39e5577 100644 --- a/crypto/openssh/key.h +++ b/crypto/openssh/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */ +/* $OpenBSD: key.h,v 1.34 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -48,7 +48,8 @@ enum types { }; enum fp_type { SSH_FP_SHA1, - SSH_FP_MD5 + SSH_FP_MD5, + SSH_FP_SHA256 }; enum fp_rep { SSH_FP_HEX, diff --git a/crypto/openssh/mac.c b/crypto/openssh/mac.c index eef50f4..9b450e4 100644 --- a/crypto/openssh/mac.c +++ b/crypto/openssh/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.16 2011/08/02 01:22:11 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -44,6 +44,8 @@ #include "umac.h" +#include "openbsd-compat/openssl-compat.h" + #define SSH_EVP 1 /* OpenSSL EVP-based MAC */ #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ @@ -59,9 +61,7 @@ struct { { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, #ifdef HAVE_EVP_SHA256 { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 }, - { "hmac-sha2-256-96", SSH_EVP, EVP_sha256, 96, -1, -1 }, { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 }, - { "hmac-sha2-512-96", SSH_EVP, EVP_sha512, 96, -1, -1 }, #endif { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, @@ -116,6 +116,7 @@ mac_init(Mac *mac) case SSH_EVP: if (mac->evp_md == NULL) return -1; + HMAC_CTX_init(&mac->evp_ctx); HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md); return 0; case SSH_UMAC: diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index b334b25..d354727 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.85 2011/03/29 18:54:17 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.86 2011/09/05 05:59:08 djm Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -942,7 +942,7 @@ static const struct { { "af11", IPTOS_DSCP_AF11 }, { "af12", IPTOS_DSCP_AF12 }, { "af13", IPTOS_DSCP_AF13 }, - { "af14", IPTOS_DSCP_AF21 }, + { "af21", IPTOS_DSCP_AF21 }, { "af22", IPTOS_DSCP_AF22 }, { "af23", IPTOS_DSCP_AF23 }, { "af31", IPTOS_DSCP_AF31 }, diff --git a/crypto/openssh/moduli b/crypto/openssh/moduli index 65d2814..3bb155d 100644 --- a/crypto/openssh/moduli +++ b/crypto/openssh/moduli @@ -1,188 +1,269 @@ -# $OpenBSD: moduli,v 1.4 2008/01/01 08:51:20 dtucker Exp $ +# $OpenBSD: moduli,v 1.7 2012/07/20 00:39:57 dtucker Exp $ # Time Type Tests Tries Size Generator Modulusdiff --git a/crypto/openssh/moduli.c b/crypto/openssh/moduli.c index 2964a8b..5267bb9 100644 --- a/crypto/openssh/moduli.c +++ b/crypto/openssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.22 2010/11/10 01:33:07 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */ /* * Copyright 1994 Phil Karn <karn@qualcomm.com> * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> @@ -39,16 +39,19 @@ #include "includes.h" +#include <sys/param.h> #include <sys/types.h> #include <openssl/bn.h> #include <openssl/dh.h> +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdarg.h> #include <time.h> +#include <unistd.h> #include "xmalloc.h" #include "dh.h" @@ -137,7 +140,8 @@ static u_int32_t largebits, largememory; /* megabytes */ static BIGNUM *largebase; int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, + unsigned long); /* * print moduli out in consistent form, @@ -438,6 +442,52 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) return (ret); } +static void +write_checkpoint(char *cpfile, u_int32_t lineno) +{ + FILE *fp; + char tmp[MAXPATHLEN]; + int r; + + r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile); + if (r == -1 || r >= MAXPATHLEN) { + logit("write_checkpoint: temp pathname too long"); + return; + } + if ((r = mkstemp(tmp)) == -1) { + logit("mkstemp(%s): %s", tmp, strerror(errno)); + return; + } + if ((fp = fdopen(r, "w")) == NULL) { + logit("write_checkpoint: fdopen: %s", strerror(errno)); + close(r); + return; + } + if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0 + && rename(tmp, cpfile) == 0) + debug3("wrote checkpoint line %lu to '%s'", + (unsigned long)lineno, cpfile); + else + logit("failed to write to checkpoint file '%s': %s", cpfile, + strerror(errno)); +} + +static unsigned long +read_checkpoint(char *cpfile) +{ + FILE *fp; + unsigned long lineno = 0; + + if ((fp = fopen(cpfile, "r")) == NULL) + return 0; + if (fscanf(fp, "%lu\n", &lineno) < 1) + logit("Failed to load checkpoint from '%s'", cpfile); + else + logit("Loaded checkpoint from '%s' line %lu", cpfile, lineno); + fclose(fp); + return lineno; +} + /* * perform a Miller-Rabin primality test * on the list of candidates @@ -445,13 +495,15 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) * The result is a list of so-call "safe" primes */ int -prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) +prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, + char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines) { BIGNUM *q, *p, *a; BN_CTX *ctx; char *cp, *lp; u_int32_t count_in = 0, count_out = 0, count_possible = 0; u_int32_t generator_known, in_tests, in_tries, in_type, in_size; + unsigned long last_processed = 0, end_lineno; time_t time_start, time_stop; int res; @@ -472,10 +524,28 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) debug2("%.24s Final %u Miller-Rabin trials (%x generator)", ctime(&time_start), trials, generator_wanted); + if (checkpoint_file != NULL) + last_processed = read_checkpoint(checkpoint_file); + if (start_lineno > last_processed) + last_processed = start_lineno; + if (num_lines == 0) + end_lineno = ULONG_MAX; + else + end_lineno = last_processed + num_lines; + debug2("process line %lu to line %lu", last_processed, end_lineno); + res = 0; lp = xmalloc(QLINESIZE + 1); - while (fgets(lp, QLINESIZE + 1, in) != NULL) { + while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) { count_in++; + if (checkpoint_file != NULL) { + if (count_in <= last_processed) { + debug3("skipping line %u, before checkpoint", + count_in); + continue; + } + write_checkpoint(checkpoint_file, count_in); + } if (strlen(lp) < 14 || *lp == '!' || *lp == '#') { debug2("%10u: comment or short line", count_in); continue; @@ -644,6 +714,9 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) BN_free(q); BN_CTX_free(ctx); + if (checkpoint_file != NULL) + unlink(checkpoint_file); + logit("%.24s Found %u safe primes of %u candidates in %ld seconds", ctime(&time_stop), count_out, count_possible, (long) (time_stop - time_start)); diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index a166fed..e9802a3 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.115 2011/06/23 23:35:42 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.117 2012/06/22 12:30:26 dtucker Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -479,9 +479,6 @@ monitor_child_postauth(struct monitor *pmonitor) for (;;) monitor_read(pmonitor, mon_dispatch, NULL); - - close(pmonitor->m_sendfd); - pmonitor->m_sendfd = -1; } void @@ -507,6 +504,7 @@ monitor_read_log(struct monitor *pmonitor) if (atomicio(read, pmonitor->m_log_recvfd, buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { if (errno == EPIPE) { + buffer_free(&logmsg); debug("%s: child log fd closed", __func__); close(pmonitor->m_log_recvfd); pmonitor->m_log_recvfd = -1; diff --git a/crypto/openssh/mux.c b/crypto/openssh/mux.c index add0e26..5e0e65f 100644 --- a/crypto/openssh/mux.c +++ b/crypto/openssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.29 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.36 2012/07/06 01:37:21 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -316,6 +316,8 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) cctx->term = NULL; cctx->rid = rid; cmd = reserved = NULL; + cctx->env = NULL; + env_len = 0; if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || buffer_get_int_ret(&cctx->want_tty, m) != 0 || buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 || @@ -329,22 +331,23 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) xfree(cmd); if (reserved != NULL) xfree(reserved); + for (j = 0; j < env_len; j++) + xfree(cctx->env[j]); + if (env_len > 0) + xfree(cctx->env); if (cctx->term != NULL) xfree(cctx->term); + xfree(cctx); error("%s: malformed message", __func__); return -1; } xfree(reserved); reserved = NULL; - cctx->env = NULL; - env_len = 0; while (buffer_len(m) > 0) { #define MUX_MAX_ENV_VARS 4096 - if ((cp = buffer_get_string_ret(m, &len)) == NULL) { - xfree(cmd); + if ((cp = buffer_get_string_ret(m, &len)) == NULL) goto malf; - } if (!env_permitted(cp)) { xfree(cp); continue; @@ -415,6 +418,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) xfree(cctx->env); } buffer_free(&cctx->cmd); + xfree(cctx); return 0; } @@ -601,12 +605,16 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) buffer_put_int(&out, MUX_S_REMOTE_PORT); buffer_put_int(&out, fctx->rid); buffer_put_int(&out, rfwd->allocated_port); + channel_update_permitted_opens(rfwd->handle, + rfwd->allocated_port); } else { buffer_put_int(&out, MUX_S_OK); buffer_put_int(&out, fctx->rid); } goto out; } else { + if (rfwd->listen_port == 0) + channel_update_permitted_opens(rfwd->handle, -1); xasprintf(&failmsg, "remote port forwarding failed for " "listen port %d", rfwd->listen_port); } @@ -745,8 +753,9 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } else { struct mux_channel_confirm_ctx *fctx; - if (channel_request_remote_forwarding(fwd.listen_host, - fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) + fwd.handle = channel_request_remote_forwarding(fwd.listen_host, + fwd.listen_port, fwd.connect_host, fwd.connect_port); + if (fwd.handle < 0) goto fail; add_remote_forward(&options, &fwd); fctx = xcalloc(1, sizeof(*fctx)); @@ -777,10 +786,11 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) static int process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) { - Forward fwd; + Forward fwd, *found_fwd; char *fwd_desc = NULL; + const char *error_reason = NULL; u_int ftype; - int ret = 0; + int i, listen_port, ret = 0; fwd.listen_host = fwd.connect_host = NULL; if (buffer_get_int_ret(&ftype, m) != 0 || @@ -802,14 +812,70 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) fwd.connect_host = NULL; } - debug2("%s: channel %d: request %s", __func__, c->self, + debug2("%s: channel %d: request cancel %s", __func__, c->self, (fwd_desc = format_forward(ftype, &fwd))); - /* XXX implement this */ - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, "unimplemented"); + /* make sure this has been requested */ + found_fwd = NULL; + switch (ftype) { + case MUX_FWD_LOCAL: + case MUX_FWD_DYNAMIC: + for (i = 0; i < options.num_local_forwards; i++) { + if (compare_forward(&fwd, + options.local_forwards + i)) { + found_fwd = options.local_forwards + i; + break; + } + } + break; + case MUX_FWD_REMOTE: + for (i = 0; i < options.num_remote_forwards; i++) { + if (compare_forward(&fwd, + options.remote_forwards + i)) { + found_fwd = options.remote_forwards + i; + break; + } + } + break; + } + if (found_fwd == NULL) + error_reason = "port not forwarded"; + else if (ftype == MUX_FWD_REMOTE) { + /* + * This shouldn't fail unless we confused the host/port + * between options.remote_forwards and permitted_opens. + * However, for dynamic allocated listen ports we need + * to lookup the actual listen port. + */ + listen_port = (fwd.listen_port == 0) ? + found_fwd->allocated_port : fwd.listen_port; + if (channel_request_rforward_cancel(fwd.listen_host, + listen_port) == -1) + error_reason = "port not in permitted opens"; + } else { /* local and dynamic forwards */ + /* Ditto */ + if (channel_cancel_lport_listener(fwd.listen_host, + fwd.listen_port, fwd.connect_port, + options.gateway_ports) == -1) + error_reason = "port not found"; + } + + if (error_reason == NULL) { + buffer_put_int(r, MUX_S_OK); + buffer_put_int(r, rid); + + if (found_fwd->listen_host != NULL) + xfree(found_fwd->listen_host); + if (found_fwd->connect_host != NULL) + xfree(found_fwd->connect_host); + found_fwd->listen_host = found_fwd->connect_host = NULL; + found_fwd->listen_port = found_fwd->connect_port = 0; + } else { + buffer_put_int(r, MUX_S_FAILURE); + buffer_put_int(r, rid); + buffer_put_cstring(r, error_reason); + } out: if (fwd_desc != NULL) xfree(fwd_desc); @@ -1135,6 +1201,7 @@ muxserver_listen(void) close(muxserver_sock); muxserver_sock = -1; } + xfree(orig_control_path); xfree(options.control_path); options.control_path = NULL; options.control_master = SSHCTL_MASTER_NO; @@ -1156,7 +1223,6 @@ muxserver_listen(void) } error("ControlSocket %s already exists, disabling multiplexing", orig_control_path); - xfree(orig_control_path); unlink(options.control_path); goto disable_mux_master; } @@ -1537,18 +1603,19 @@ mux_client_request_terminate(int fd) } static int -mux_client_request_forward(int fd, u_int ftype, Forward *fwd) +mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd) { Buffer m; char *e, *fwd_desc; u_int type, rid; fwd_desc = format_forward(ftype, fwd); - debug("Requesting %s", fwd_desc); + debug("Requesting %s %s", + cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); xfree(fwd_desc); buffer_init(&m); - buffer_put_int(&m, MUX_C_OPEN_FWD); + buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); buffer_put_int(&m, muxclient_request_id); buffer_put_int(&m, ftype); buffer_put_cstring(&m, @@ -1577,6 +1644,8 @@ mux_client_request_forward(int fd, u_int ftype, Forward *fwd) case MUX_S_OK: break; case MUX_S_REMOTE_PORT: + if (cancel_flag) + fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__); fwd->allocated_port = buffer_get_int(&m); logit("Allocated port %u for remote forward to %s:%d", fwd->allocated_port, @@ -1606,27 +1675,28 @@ mux_client_request_forward(int fd, u_int ftype, Forward *fwd) } static int -mux_client_request_forwards(int fd) +mux_client_forwards(int fd, int cancel_flag) { - int i; + int i, ret = 0; - debug3("%s: requesting forwardings: %d local, %d remote", __func__, + debug3("%s: %s forwardings: %d local, %d remote", __func__, + cancel_flag ? "cancel" : "request", options.num_local_forwards, options.num_remote_forwards); /* XXX ExitOnForwardingFailure */ for (i = 0; i < options.num_local_forwards; i++) { - if (mux_client_request_forward(fd, + if (mux_client_forward(fd, cancel_flag, options.local_forwards[i].connect_port == 0 ? MUX_FWD_DYNAMIC : MUX_FWD_LOCAL, options.local_forwards + i) != 0) - return -1; + ret = -1; } for (i = 0; i < options.num_remote_forwards; i++) { - if (mux_client_request_forward(fd, MUX_FWD_REMOTE, + if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE, options.remote_forwards + i) != 0) - return -1; + ret = -1; } - return 0; + return ret; } static int @@ -2014,11 +2084,11 @@ muxclient(const char *path) fprintf(stderr, "Exit request sent.\r\n"); exit(0); case SSHMUX_COMMAND_FORWARD: - if (mux_client_request_forwards(sock) != 0) + if (mux_client_forwards(sock, 0) != 0) fatal("%s: master forward request failed", __func__); exit(0); case SSHMUX_COMMAND_OPEN: - if (mux_client_request_forwards(sock) != 0) { + if (mux_client_forwards(sock, 0) != 0) { error("%s: master forward request failed", __func__); return; } @@ -2031,6 +2101,11 @@ muxclient(const char *path) mux_client_request_stop_listening(sock); fprintf(stderr, "Stop listening request sent.\r\n"); exit(0); + case SSHMUX_COMMAND_CANCEL_FWD: + if (mux_client_forwards(sock, 1) != 0) + error("%s: master cancel forward request failed", + __func__); + exit(0); default: fatal("unrecognised muxclient_command %d", muxclient_command); } diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h index e552c5b..876b016 100644 --- a/crypto/openssh/myproposal.h +++ b/crypto/openssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.28 2011/08/02 01:22:11 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */ /* $FreeBSD$ */ /* @@ -83,9 +83,7 @@ #ifdef HAVE_EVP_SHA256 #define SHA2_HMAC_MODES \ "hmac-sha2-256," \ - "hmac-sha2-256-96," \ - "hmac-sha2-512," \ - "hmac-sha2-512-96," + "hmac-sha2-512," #else # define SHA2_HMAC_MODES #endif diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c index 9eedc88..6befc01 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c @@ -76,6 +76,7 @@ static struct wenv { { NL("OS=") }, { NL("PATH=") }, { NL("PATHEXT=") }, + { NL("PROGRAMFILES=") }, { NL("SYSTEMDRIVE=") }, { NL("SYSTEMROOT=") }, { NL("WINDIR=") } diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h index 48f64b7..b4bcd04 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cygwin_util.h,v 1.13 2011/08/17 01:31:09 djm Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.15 2012/08/28 09:57:19 dtucker Exp $ */ /* * Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen@redhat.com> @@ -36,10 +36,18 @@ #undef ERROR +#define WIN32_LEAN_AND_MEAN + #include <windows.h> #include <sys/cygwin.h> #include <io.h> +/* Make sure _WIN32 isn't defined later in the code, otherwise headers from + other packages might get the wrong idea about the target system. */ +#ifdef _WIN32 +#undef _WIN32 +#endif + int binary_open(const char *, int , ...); int check_ntsec(const char *); char **fetch_windows_environment(void); diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index e70c3f9..eac5217 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.19 2010/11/08 22:26:23 tim Exp $ */ +/* $Id: bsd-misc.h,v 1.21 2012/07/03 22:50:10 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> @@ -51,6 +51,9 @@ int setegid(uid_t); const char *strerror(int); #endif +#if !defined(HAVE_SETLINEBUF) +#define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0)) +#endif #ifndef HAVE_UTIMES #ifndef HAVE_STRUCT_TIMEVAL @@ -86,7 +89,7 @@ int tcsendbreak(int, int); #endif #ifndef HAVE_UNSETENV -void unsetenv(const char *); +int unsetenv(const char *); #endif /* wrapper for signal interface */ diff --git a/crypto/openssh/openbsd-compat/getcwd.c b/crypto/openssh/openbsd-compat/getcwd.c index 711cb9c..3edbb9c 100644 --- a/crypto/openssh/openbsd-compat/getcwd.c +++ b/crypto/openssh/openbsd-compat/getcwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp $ */ +/* from OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp */ /* * Copyright (c) 1989, 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/crypto/openssh/openbsd-compat/getgrouplist.c b/crypto/openssh/openbsd-compat/getgrouplist.c index a57d7d3..3afcb92 100644 --- a/crypto/openssh/openbsd-compat/getgrouplist.c +++ b/crypto/openssh/openbsd-compat/getgrouplist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp $ */ +/* from OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp */ /* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c index 9887667..dc6fe05 100644 --- a/crypto/openssh/openbsd-compat/getrrsetbyname.c +++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c @@ -47,7 +47,7 @@ #include "includes.h" -#ifndef HAVE_GETRRSETBYNAME +#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) #include <stdlib.h> #include <string.h> @@ -607,4 +607,4 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) return (n); } -#endif /* !defined(HAVE_GETRRSETBYNAME) */ +#endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */ diff --git a/crypto/openssh/openbsd-compat/glob.c b/crypto/openssh/openbsd-compat/glob.c index 0341225..742b4b9 100644 --- a/crypto/openssh/openbsd-compat/glob.c +++ b/crypto/openssh/openbsd-compat/glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.c,v 1.35 2011/01/12 01:53:14 djm Exp $ */ +/* $OpenBSD: glob.c,v 1.38 2011/09/22 06:27:29 djm Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -66,6 +66,7 @@ #include <dirent.h> #include <ctype.h> #include <errno.h> +#include <limits.h> #include <pwd.h> #include <stdlib.h> #include <string.h> @@ -132,13 +133,22 @@ typedef char Char; #define GLOB_LIMIT_STAT 128 #define GLOB_LIMIT_READDIR 16384 +/* Limit of recursion during matching attempts. */ +#define GLOB_LIMIT_RECUR 64 + struct glob_lim { size_t glim_malloc; size_t glim_stat; size_t glim_readdir; }; +struct glob_path_stat { + char *gps_path; + struct stat *gps_stat; +}; + static int compare(const void *, const void *); +static int compare_gps(const void *, const void *); static int g_Ctoc(const Char *, char *, u_int); static int g_lstat(Char *, struct stat *, glob_t *); static DIR *g_opendir(Char *, glob_t *); @@ -158,7 +168,7 @@ static const Char * static int globexp1(const Char *, glob_t *, struct glob_lim *); static int globexp2(const Char *, const Char *, glob_t *, struct glob_lim *); -static int match(Char *, Char *, Char *); +static int match(Char *, Char *, Char *, int); #ifdef DEBUG static void qprintf(const char *, Char *); #endif @@ -172,6 +182,9 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), Char *bufnext, *bufend, patbuf[MAXPATHLEN]; struct glob_lim limit = { 0, 0, 0 }; + if (strnlen(pattern, PATH_MAX) == PATH_MAX) + return(GLOB_NOMATCH); + patnext = (u_char *) pattern; if (!(flags & GLOB_APPEND)) { pglob->gl_pathc = 0; @@ -548,9 +561,32 @@ glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) else return(GLOB_NOMATCH); } - if (!(pglob->gl_flags & GLOB_NOSORT)) - qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, - pglob->gl_pathc - oldpathc, sizeof(char *), compare); + if (!(pglob->gl_flags & GLOB_NOSORT)) { + if ((pglob->gl_flags & GLOB_KEEPSTAT)) { + /* Keep the paths and stat info synced during sort */ + struct glob_path_stat *path_stat; + int i; + int n = pglob->gl_pathc - oldpathc; + int o = pglob->gl_offs + oldpathc; + + if ((path_stat = calloc(n, sizeof(*path_stat))) == NULL) + return GLOB_NOSPACE; + for (i = 0; i < n; i++) { + path_stat[i].gps_path = pglob->gl_pathv[o + i]; + path_stat[i].gps_stat = pglob->gl_statv[o + i]; + } + qsort(path_stat, n, sizeof(*path_stat), compare_gps); + for (i = 0; i < n; i++) { + pglob->gl_pathv[o + i] = path_stat[i].gps_path; + pglob->gl_statv[o + i] = path_stat[i].gps_stat; + } + free(path_stat); + } else { + qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, + pglob->gl_pathc - oldpathc, sizeof(char *), + compare); + } + } return(0); } @@ -561,6 +597,15 @@ compare(const void *p, const void *q) } static int +compare_gps(const void *_p, const void *_q) +{ + const struct glob_path_stat *p = (const struct glob_path_stat *)_p; + const struct glob_path_stat *q = (const struct glob_path_stat *)_q; + + return(strcmp(p->gps_path, q->gps_path)); +} + +static int glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) { Char pathbuf[MAXPATHLEN]; @@ -697,7 +742,8 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, errno = 0; *pathend++ = SEP; *pathend = EOS; - return(GLOB_NOSPACE); + err = GLOB_NOSPACE; + break; } /* Initial DOT must be matched literally. */ @@ -713,7 +759,7 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, break; } - if (!match(pathend, pattern, restpattern)) { + if (!match(pathend, pattern, restpattern, GLOB_LIMIT_RECUR)) { *pathend = EOS; continue; } @@ -850,19 +896,24 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp, * pattern causes a recursion level. */ static int -match(Char *name, Char *pat, Char *patend) +match(Char *name, Char *pat, Char *patend, int recur) { int ok, negate_range; Char c, k; + if (recur-- == 0) + return(GLOB_NOSPACE); + while (pat < patend) { c = *pat++; switch (c & M_MASK) { case M_ALL: + while (pat < patend && (*pat & M_MASK) == M_ALL) + pat++; /* eat consecutive '*' */ if (pat == patend) return(1); do { - if (match(name, pat, patend)) + if (match(name, pat, patend, recur)) return(1); } while (*name++ != EOS); return(0); diff --git a/crypto/openssh/openbsd-compat/inet_ntop.c b/crypto/openssh/openbsd-compat/inet_ntop.c index e7ca4b7..3259037 100644 --- a/crypto/openssh/openbsd-compat/inet_ntop.c +++ b/crypto/openssh/openbsd-compat/inet_ntop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_ntop.c,v 1.7 2005/08/06 20:30:03 espie Exp $ */ +/* $OpenBSD: inet_ntop.c,v 1.8 2008/12/09 19:38:38 otto Exp $ */ /* Copyright (c) 1996 by Internet Software Consortium. * @@ -57,13 +57,13 @@ static const char *inet_ntop6(const u_char *src, char *dst, size_t size); * Paul Vixie, 1996. */ const char * -inet_ntop(int af, const void *src, char *dst, size_t size) +inet_ntop(int af, const void *src, char *dst, socklen_t size) { switch (af) { case AF_INET: - return (inet_ntop4(src, dst, size)); + return (inet_ntop4(src, dst, (size_t)size)); case AF_INET6: - return (inet_ntop6(src, dst, size)); + return (inet_ntop6(src, dst, (size_t)size)); default: errno = EAFNOSUPPORT; return (NULL); diff --git a/crypto/openssh/openbsd-compat/mktemp.c b/crypto/openssh/openbsd-compat/mktemp.c index 2285c84..4eb52f4 100644 --- a/crypto/openssh/openbsd-compat/mktemp.c +++ b/crypto/openssh/openbsd-compat/mktemp.c @@ -1,34 +1,22 @@ /* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */ /* Changes: Removed mktemp */ -/* $OpenBSD: mktemp.c,v 1.19 2005/08/08 08:05:36 espie Exp $ */ +/* $OpenBSD: mktemp.c,v 1.30 2010/03/21 23:09:30 schwarze Exp $ */ /* - * Copyright (c) 1987, 1993 - * The Regents of the University of California. All rights reserved. + * Copyright (c) 1996-1998, 2008 Theo de Raadt + * Copyright (c) 1997, 2008-2009 Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */ @@ -37,142 +25,117 @@ #include <sys/types.h> #include <sys/stat.h> - +#include <errno.h> #include <fcntl.h> +#include <limits.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> #include <ctype.h> -#include <errno.h> #include <unistd.h> #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) -static int _gettemp(char *, int *, int, int); +#define MKTEMP_NAME 0 +#define MKTEMP_FILE 1 +#define MKTEMP_DIR 2 -int -mkstemps(char *path, int slen) +#define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +#define NUM_CHARS (sizeof(TEMPCHARS) - 1) + +static int +mktemp_internal(char *path, int slen, int mode) { + char *start, *cp, *ep; + const char *tempchars = TEMPCHARS; + unsigned int r, tries; + struct stat sb; + size_t len; int fd; - return (_gettemp(path, &fd, 0, slen) ? fd : -1); + len = strlen(path); + if (len == 0 || slen < 0 || (size_t)slen >= len) { + errno = EINVAL; + return(-1); + } + ep = path + len - slen; + + tries = 1; + for (start = ep; start > path && start[-1] == 'X'; start--) { + if (tries < INT_MAX / NUM_CHARS) + tries *= NUM_CHARS; + } + tries *= 2; + + do { + for (cp = start; cp != ep; cp++) { + r = arc4random_uniform(NUM_CHARS); + *cp = tempchars[r]; + } + + switch (mode) { + case MKTEMP_NAME: + if (lstat(path, &sb) != 0) + return(errno == ENOENT ? 0 : -1); + break; + case MKTEMP_FILE: + fd = open(path, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR); + if (fd != -1 || errno != EEXIST) + return(fd); + break; + case MKTEMP_DIR: + if (mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR) == 0) + return(0); + if (errno != EEXIST) + return(-1); + break; + } + } while (--tries); + + errno = EEXIST; + return(-1); } -int -mkstemp(char *path) -{ - int fd; +#if 0 +char *_mktemp(char *); - return (_gettemp(path, &fd, 0, 0) ? fd : -1); +char * +_mktemp(char *path) +{ + if (mktemp_internal(path, 0, MKTEMP_NAME) == -1) + return(NULL); + return(path); } +__warn_references(mktemp, + "warning: mktemp() possibly used unsafely; consider using mkstemp()"); + char * -mkdtemp(char *path) +mktemp(char *path) { - return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL); + return(_mktemp(path)); } +#endif -static int -_gettemp(path, doopen, domkdir, slen) - char *path; - register int *doopen; - int domkdir; - int slen; +int +mkstemp(char *path) { - register char *start, *trv, *suffp; - struct stat sbuf; - int rval; - pid_t pid; + return(mktemp_internal(path, 0, MKTEMP_FILE)); +} - if (doopen && domkdir) { - errno = EINVAL; - return(0); - } +int +mkstemps(char *path, int slen) +{ + return(mktemp_internal(path, slen, MKTEMP_FILE)); +} - for (trv = path; *trv; ++trv) - ; - trv -= slen; - suffp = trv; - --trv; - if (trv < path) { - errno = EINVAL; - return (0); - } - pid = getpid(); - while (trv >= path && *trv == 'X' && pid != 0) { - *trv-- = (pid % 10) + '0'; - pid /= 10; - } - while (trv >= path && *trv == 'X') { - char c; - - pid = (arc4random() & 0xffff) % (26+26); - if (pid < 26) - c = pid + 'A'; - else - c = (pid - 26) + 'a'; - *trv-- = c; - } - start = trv + 1; - - /* - * check the target directory; if you have six X's and it - * doesn't exist this runs for a *very* long time. - */ - if (doopen || domkdir) { - for (;; --trv) { - if (trv <= path) - break; - if (*trv == '/') { - *trv = '\0'; - rval = stat(path, &sbuf); - *trv = '/'; - if (rval != 0) - return(0); - if (!S_ISDIR(sbuf.st_mode)) { - errno = ENOTDIR; - return(0); - } - break; - } - } - } +char * +mkdtemp(char *path) +{ + int error; - for (;;) { - if (doopen) { - if ((*doopen = - open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0) - return(1); - if (errno != EEXIST) - return(0); - } else if (domkdir) { - if (mkdir(path, 0700) == 0) - return(1); - if (errno != EEXIST) - return(0); - } else if (lstat(path, &sbuf)) - return(errno == ENOENT ? 1 : 0); - - /* tricky little algorithm for backward compatibility */ - for (trv = start;;) { - if (!*trv) - return (0); - if (*trv == 'Z') { - if (trv == suffp) - return (0); - *trv++ = 'a'; - } else { - if (isdigit(*trv)) - *trv = 'a'; - else if (*trv == 'z') /* inc from z to A */ - *trv = 'A'; - else { - if (trv == suffp) - return (0); - ++*trv; - } - break; - } - } - } - /*NOTREACHED*/ + error = mktemp_internal(path, 0, MKTEMP_DIR); + return(error ? NULL : path); } #endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */ diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h index 77c5ed2..807acf6 100644 --- a/crypto/openssh/openbsd-compat/openbsd-compat.h +++ b/crypto/openssh/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.51 2010/10/07 10:25:29 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.52 2011/09/23 01:16:11 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -116,7 +116,7 @@ char *inet_ntoa(struct in_addr in); #endif #ifndef HAVE_INET_NTOP -const char *inet_ntop(int af, const void *src, char *dst, size_t size); +const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); #endif #ifndef HAVE_INET_ATON diff --git a/crypto/openssh/openbsd-compat/openssl-compat.h b/crypto/openssh/openbsd-compat/openssl-compat.h index c5fc24e..a151eff 100644 --- a/crypto/openssh/openbsd-compat/openssl-compat.h +++ b/crypto/openssh/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.19 2011/05/10 01:13:38 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.20 2012/01/17 03:03:39 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> @@ -130,5 +130,10 @@ int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); void ssh_OpenSSL_add_all_algorithms(void); + +# ifndef HAVE_HMAC_CTX_INIT +# define HMAC_CTX_init(a) +# endif + #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ diff --git a/crypto/openssh/openbsd-compat/port-linux.c b/crypto/openssh/openbsd-compat/port-linux.c index ea8dff4..aba7538 100644 --- a/crypto/openssh/openbsd-compat/port-linux.c +++ b/crypto/openssh/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.16 2011/08/29 06:09:57 djm Exp $ */ +/* $Id: port-linux.c,v 1.17 2012/03/08 23:25:18 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> @@ -60,7 +60,7 @@ ssh_selinux_enabled(void) static security_context_t ssh_selinux_getctxbyname(char *pwname) { - security_context_t sc; + security_context_t sc = NULL; char *sename = NULL, *lvl = NULL; int r; @@ -86,6 +86,7 @@ ssh_selinux_getctxbyname(char *pwname) case 0: error("%s: Failed to get default SELinux security " "context for %s", __func__, pwname); + sc = NULL; break; default: fatal("%s: Failed to get default SELinux security " @@ -101,7 +102,7 @@ ssh_selinux_getctxbyname(char *pwname) xfree(lvl); #endif - return (sc); + return sc; } /* Set the execution context to the default for the specified user */ diff --git a/crypto/openssh/openbsd-compat/setenv.c b/crypto/openssh/openbsd-compat/setenv.c index e2a8b6d..373b701 100644 --- a/crypto/openssh/openbsd-compat/setenv.c +++ b/crypto/openssh/openbsd-compat/setenv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: setenv.c,v 1.9 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: setenv.c,v 1.13 2010/08/23 22:31:50 millert Exp $ */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. @@ -31,35 +31,38 @@ /* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ #include "includes.h" + #if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) +#include <errno.h> #include <stdlib.h> #include <string.h> extern char **environ; +static char **lastenv; /* last value of environ */ /* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */ /* * __findenv -- * Returns pointer to value associated with name, if any, else NULL. + * Starts searching within the environmental array at offset. * Sets offset to be the offset of the name/value combination in the - * environmental array, for use by setenv(3) and unsetenv(3). + * environmental array, for use by putenv(3), setenv(3) and unsetenv(3). * Explicitly removes '=' in argument name. + * + * This routine *should* be a static; don't use it. */ static char * -__findenv(const char *name, size_t *offset) +__findenv(const char *name, int len, int *offset) { extern char **environ; - int len, i; + int i; const char *np; char **p, *cp; if (name == NULL || environ == NULL) return (NULL); - for (np = name; *np && *np != '='; ++np) - ; - len = np - name; - for (p = environ; (cp = *p) != NULL; ++p) { + for (p = environ + *offset; (cp = *p) != NULL; ++p) { for (np = name, i = len; i && *cp; i--) if (*cp++ != *np++) break; @@ -71,6 +74,54 @@ __findenv(const char *name, size_t *offset) return (NULL); } +#if 0 /* nothing uses putenv */ +/* + * putenv -- + * Add a name=value string directly to the environmental, replacing + * any current value. + */ +int +putenv(char *str) +{ + char **P, *cp; + size_t cnt; + int offset = 0; + + for (cp = str; *cp && *cp != '='; ++cp) + ; + if (*cp != '=') { + errno = EINVAL; + return (-1); /* missing `=' in string */ + } + + if (__findenv(str, (int)(cp - str), &offset) != NULL) { + environ[offset++] = str; + /* could be set multiple times */ + while (__findenv(str, (int)(cp - str), &offset)) { + for (P = &environ[offset];; ++P) + if (!(*P = *(P + 1))) + break; + } + return (0); + } + + /* create new slot for string */ + for (P = environ; *P != NULL; P++) + ; + cnt = P - environ; + P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2)); + if (!P) + return (-1); + if (lastenv != environ) + memcpy(P, environ, cnt * sizeof(char *)); + lastenv = environ = P; + environ[cnt] = str; + environ[cnt + 1] = NULL; + return (0); +} + +#endif + #ifndef HAVE_SETENV /* * setenv -- @@ -80,24 +131,39 @@ __findenv(const char *name, size_t *offset) int setenv(const char *name, const char *value, int rewrite) { - static char **lastenv; /* last value of environ */ - char *C; - size_t l_value, offset; + char *C, **P; + const char *np; + int l_value, offset = 0; + + for (np = name; *np && *np != '='; ++np) + ; +#ifdef notyet + if (*np) { + errno = EINVAL; + return (-1); /* has `=' in name */ + } +#endif - if (*value == '=') /* no `=' in value */ - ++value; l_value = strlen(value); - if ((C = __findenv(name, &offset))) { /* find if already exists */ + if ((C = __findenv(name, (int)(np - name), &offset)) != NULL) { + int tmpoff = offset + 1; if (!rewrite) return (0); +#if 0 /* XXX - existing entry may not be writable */ if (strlen(C) >= l_value) { /* old larger; copy over */ while ((*C++ = *value++)) ; return (0); } +#endif + /* could be set multiple times */ + while (__findenv(name, (int)(np - name), &tmpoff)) { + for (P = &environ[tmpoff];; ++P) + if (!(*P = *(P + 1))) + break; + } } else { /* create new slot */ size_t cnt; - char **P; for (P = environ; *P != NULL; P++) ; @@ -111,10 +177,8 @@ setenv(const char *name, const char *value, int rewrite) offset = cnt; environ[cnt + 1] = NULL; } - for (C = (char *)name; *C && *C != '='; ++C) - ; /* no `=' in name */ if (!(environ[offset] = /* name + `=' + value */ - malloc((size_t)((int)(C - name) + l_value + 2)))) + malloc((size_t)((int)(np - name) + l_value + 2)))) return (-1); for (C = environ[offset]; (*C = *name++) && *C != '='; ++C) ; @@ -122,6 +186,7 @@ setenv(const char *name, const char *value, int rewrite) ; return (0); } + #endif /* HAVE_SETENV */ #ifndef HAVE_UNSETENV @@ -129,17 +194,33 @@ setenv(const char *name, const char *value, int rewrite) * unsetenv(name) -- * Delete environmental variable "name". */ -void +int unsetenv(const char *name) { char **P; - size_t offset; + const char *np; + int offset = 0; - while (__findenv(name, &offset)) /* if set multiple times */ + if (!name || !*name) { + errno = EINVAL; + return (-1); + } + for (np = name; *np && *np != '='; ++np) + ; + if (*np) { + errno = EINVAL; + return (-1); /* has `=' in name */ + } + + /* could be set multiple times */ + while (__findenv(name, (int)(np - name), &offset)) { for (P = &environ[offset];; ++P) if (!(*P = *(P + 1))) break; + } + return (0); } #endif /* HAVE_UNSETENV */ #endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */ + diff --git a/crypto/openssh/openbsd-compat/sha2.c b/crypto/openssh/openbsd-compat/sha2.c index cf8e0ad6..f5bf74d 100644 --- a/crypto/openssh/openbsd-compat/sha2.c +++ b/crypto/openssh/openbsd-compat/sha2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp $ */ +/* from OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp */ /* * FILE: sha2.c diff --git a/crypto/openssh/openbsd-compat/sha2.h b/crypto/openssh/openbsd-compat/sha2.h index 821f2dd..73e94f1 100644 --- a/crypto/openssh/openbsd-compat/sha2.h +++ b/crypto/openssh/openbsd-compat/sha2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp $ */ +/* OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */ /* * FILE: sha2.h diff --git a/crypto/openssh/openbsd-compat/strlcpy.c b/crypto/openssh/openbsd-compat/strlcpy.c index 679a5b2..b4b1b60 100644 --- a/crypto/openssh/openbsd-compat/strlcpy.c +++ b/crypto/openssh/openbsd-compat/strlcpy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strlcpy.c,v 1.10 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: strlcpy.c,v 1.11 2006/05/05 15:27:38 millert Exp $ */ /* * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> @@ -37,11 +37,11 @@ strlcpy(char *dst, const char *src, size_t siz) size_t n = siz; /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { - do { - if ((*d++ = *s++) == 0) + if (n != 0) { + while (--n != 0) { + if ((*d++ = *s++) == '\0') break; - } while (--n != 0); + } } /* Not enough room in dst, add NUL and traverse rest of src */ diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 8e8a297..6fee80c 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.173 2011/05/06 21:14:05 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.176 2012/01/25 19:40:09 markus Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -246,7 +246,7 @@ packet_set_connection(int fd_in, int fd_out) void packet_set_timeout(int timeout, int count) { - if (timeout == 0 || count == 0) { + if (timeout <= 0 || count <= 0) { active_state->packet_timeout_ms = -1; return; } @@ -436,8 +436,6 @@ packet_connection_af(void) if (getsockname(active_state->connection_out, (struct sockaddr *)&to, &tolen) < 0) return 0; - if (to.ss_family == AF_INET) - return 1; #ifdef IPV4_IN_IPV6 if (to.ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr)) @@ -976,8 +974,10 @@ packet_send2(void) /* during rekeying we can only send key exchange messages */ if (active_state->rekeying) { - if (!((type >= SSH2_MSG_TRANSPORT_MIN) && - (type <= SSH2_MSG_TRANSPORT_MAX))) { + if ((type < SSH2_MSG_TRANSPORT_MIN) || + (type > SSH2_MSG_TRANSPORT_MAX) || + (type == SSH2_MSG_SERVICE_REQUEST) || + (type == SSH2_MSG_SERVICE_ACCEPT)) { debug("enqueue packet: %u", type); p = xmalloc(sizeof(*p)); p->type = type; @@ -1269,6 +1269,7 @@ packet_read_poll2(u_int32_t *seqnr_p) cipher_crypt(&active_state->receive_context, cp, buffer_ptr(&active_state->input), block_size); cp = buffer_ptr(&active_state->incoming_packet); + active_state->packlen = get_u32(cp); if (active_state->packlen < 1 + 4 || active_state->packlen > PACKET_MAX_SIZE) { @@ -1452,12 +1453,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) } } -int -packet_read_poll(void) -{ - return packet_read_poll_seqnr(NULL); -} - /* * Buffers the given amount of input characters. This is intended to be used * together with packet_read_poll. diff --git a/crypto/openssh/packet.h b/crypto/openssh/packet.h index 7cd0c8b..74fffe7 100644 --- a/crypto/openssh/packet.h +++ b/crypto/openssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.56 2011/05/06 21:14:05 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.57 2012/01/25 19:40:09 markus Exp $ */ /* $FreeBSD$ */ /* @@ -59,7 +59,6 @@ void packet_send(void); int packet_read(void); void packet_read_expect(int type); -int packet_read_poll(void); void packet_process_incoming(const char *buf, u_int len); int packet_read_seqnr(u_int32_t *seqnr_p); int packet_read_poll_seqnr(u_int32_t *seqnr_p); diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 35fa2d4..122d76a 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.193 2011/05/24 07:15:47 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -324,6 +324,7 @@ add_remote_forward(Options *options, const Forward *newfwd) fwd->listen_port = newfwd->listen_port; fwd->connect_host = newfwd->connect_host; fwd->connect_port = newfwd->connect_port; + fwd->handle = newfwd->handle; fwd->allocated_port = 0; } @@ -1115,11 +1116,20 @@ parse_int: #endif case oVersionAddendum: - ssh_version_set_addendum(strtok(s, "\n")); - do { - arg = strdelim(&s); - } while (arg != NULL && *arg != '\0'); - break; + if (s == NULL) + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(s, WHITESPACE); + if (*activep && options->version_addendum == NULL) { + if (strcasecmp(s + len, "none") == 0) + options->version_addendum = xstrdup(""); + else if (strchr(s + len, '\r') != NULL) + fatal("%.200s line %d: Invalid argument", + filename, linenum); + else + options->version_addendum = xstrdup(s + len); + } + return 0; case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", @@ -1280,6 +1290,7 @@ initialize_options(Options * options) options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->request_tty = -1; + options->version_addendum = NULL; options->hpn_disabled = -1; options->hpn_buffer_size = -1; options->tcp_rcv_buf_poll = -1; @@ -1458,6 +1469,8 @@ fill_default_options(Options * options) /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ + if (options->version_addendum == NULL) + options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); if (options->hpn_disabled == -1) options->hpn_disabled = 0; if (options->hpn_buffer_size > -1) diff --git a/crypto/openssh/readconf.h b/crypto/openssh/readconf.h index afa5beb..7f76688 100644 --- a/crypto/openssh/readconf.h +++ b/crypto/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.90 2011/05/24 07:15:47 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* @@ -25,6 +25,7 @@ typedef struct { char *connect_host; /* Host to connect. */ int connect_port; /* Port to connect on connect_host. */ int allocated_port; /* Dynamically allocated listen port */ + int handle; /* Handle for dynamic listen ports */ } Forward; /* Data structure for representing option data. */ @@ -135,6 +136,7 @@ typedef struct { int use_roaming; int request_tty; + char *version_addendum; /* Appended to SSH banner */ int hpn_disabled; /* Switch to disable HPN buffer management. */ int hpn_buffer_size; /* User definable size for HPN buffer diff --git a/crypto/openssh/roaming.h b/crypto/openssh/roaming.h index 6bb94cc..da069f8 100644 --- a/crypto/openssh/roaming.h +++ b/crypto/openssh/roaming.h @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming.h,v 1.5 2009/10/24 11:11:58 andreas Exp $ */ +/* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -18,8 +18,9 @@ #ifndef ROAMING_H #define ROAMING_H -#define DEFAULT_ROAMBUF 65536 -#define ROAMING_REQUEST "roaming@appgate.com" +#define DEFAULT_ROAMBUF 65536 +#define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */ +#define ROAMING_REQUEST "roaming@appgate.com" extern int roaming_enabled; extern int resume_in_progress; diff --git a/crypto/openssh/roaming_client.c b/crypto/openssh/roaming_client.c index cea8e73..48009d7 100644 --- a/crypto/openssh/roaming_client.c +++ b/crypto/openssh/roaming_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_client.c,v 1.3 2010/01/18 01:50:27 dtucker Exp $ */ +/* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -72,7 +72,7 @@ roaming_reply(int type, u_int32_t seq, void *ctxt) cookie = packet_get_int64(); key1 = oldkey1 = packet_get_int64(); key2 = oldkey2 = packet_get_int64(); - set_out_buffer_size(packet_get_int() + get_snd_buf_size()); + set_out_buffer_size(packet_get_int() + get_snd_buf_size()); roaming_enabled = 1; } diff --git a/crypto/openssh/roaming_common.c b/crypto/openssh/roaming_common.c index 9adbe56..8d0b605 100644 --- a/crypto/openssh/roaming_common.c +++ b/crypto/openssh/roaming_common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_common.c,v 1.8 2010/01/12 00:59:29 djm Exp $ */ +/* $OpenBSD: roaming_common.c,v 1.9 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -75,6 +75,8 @@ get_recv_buf_size() void set_out_buffer_size(size_t size) { + if (size == 0 || size > MAX_ROAMBUF) + fatal("%s: bad buffer size %lu", __func__, (u_long)size); /* * The buffer size can only be set once and the buffer will live * as long as the session lives. diff --git a/crypto/openssh/sandbox-rlimit.c b/crypto/openssh/sandbox-rlimit.c index 761e928..a0038633 100644 --- a/crypto/openssh/sandbox-rlimit.c +++ b/crypto/openssh/sandbox-rlimit.c @@ -64,9 +64,11 @@ ssh_sandbox_child(struct ssh_sandbox *box) rl_zero.rlim_cur = rl_zero.rlim_max = 0; +#ifndef SANDBOX_SKIP_RLIMIT_FSIZE if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); +#endif if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); diff --git a/crypto/openssh/sandbox-systrace.c b/crypto/openssh/sandbox-systrace.c index 5a39f4f..2d16a62 100644 --- a/crypto/openssh/sandbox-systrace.c +++ b/crypto/openssh/sandbox-systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sandbox-systrace.c,v 1.4 2011/07/29 14:42:45 djm Exp $ */ +/* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */ /* * Copyright (c) 2011 Damien Miller <djm@mindrot.org> * @@ -24,12 +24,14 @@ #include <sys/ioctl.h> #include <sys/syscall.h> #include <sys/socket.h> +#include <sys/wait.h> #include <dev/systrace.h> #include <errno.h> #include <fcntl.h> #include <limits.h> +#include <signal.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -58,6 +60,7 @@ static const struct sandbox_policy preauth_policy[] = { { SYS_madvise, SYSTR_POLICY_PERMIT }, { SYS_mmap, SYSTR_POLICY_PERMIT }, { SYS_mprotect, SYSTR_POLICY_PERMIT }, + { SYS_mquery, SYSTR_POLICY_PERMIT }, { SYS_poll, SYSTR_POLICY_PERMIT }, { SYS_munmap, SYSTR_POLICY_PERMIT }, { SYS_read, SYSTR_POLICY_PERMIT }, @@ -68,26 +71,21 @@ static const struct sandbox_policy preauth_policy[] = { }; struct ssh_sandbox { - int child_sock; - int parent_sock; int systrace_fd; pid_t child_pid; + void (*osigchld)(int); }; struct ssh_sandbox * ssh_sandbox_init(void) { struct ssh_sandbox *box; - int s[2]; debug3("%s: preparing systrace sandbox", __func__); box = xcalloc(1, sizeof(*box)); - if (socketpair(AF_UNIX, SOCK_STREAM, 0, s) == -1) - fatal("%s: socketpair: %s", __func__, strerror(errno)); - box->child_sock = s[0]; - box->parent_sock = s[1]; box->systrace_fd = -1; box->child_pid = 0; + box->osigchld = signal(SIGCHLD, SIG_IGN); return box; } @@ -95,35 +93,38 @@ ssh_sandbox_init(void) void ssh_sandbox_child(struct ssh_sandbox *box) { - char whatever = 0; - - close(box->parent_sock); - /* Signal parent that we are ready */ debug3("%s: ready", __func__); - if (atomicio(vwrite, box->child_sock, &whatever, 1) != 1) - fatal("%s: write: %s", __func__, strerror(errno)); - /* Wait for parent to signal for us to go */ - if (atomicio(read, box->child_sock, &whatever, 1) != 1) - fatal("%s: read: %s", __func__, strerror(errno)); + signal(SIGCHLD, box->osigchld); + if (kill(getpid(), SIGSTOP) != 0) + fatal("%s: kill(%d, SIGSTOP)", __func__, getpid()); debug3("%s: started", __func__); - close(box->child_sock); } static void ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid, const struct sandbox_policy *allowed_syscalls) { - int dev_systrace, i, j, found; - char whatever = 0; + int dev_systrace, i, j, found, status; + pid_t pid; struct systrace_policy policy; + /* Wait for the child to send itself a SIGSTOP */ debug3("%s: wait for child %ld", __func__, (long)child_pid); + do { + pid = waitpid(child_pid, &status, WUNTRACED); + } while (pid == -1 && errno == EINTR); + signal(SIGCHLD, box->osigchld); + if (!WIFSTOPPED(status)) { + if (WIFSIGNALED(status)) + fatal("%s: child terminated with signal %d", + __func__, WTERMSIG(status)); + if (WIFEXITED(status)) + fatal("%s: child exited with status %d", + __func__, WEXITSTATUS(status)); + fatal("%s: child not stopped", __func__); + } + debug3("%s: child %ld stopped", __func__, (long)child_pid); box->child_pid = child_pid; - close(box->child_sock); - /* Wait for child to signal that it is ready */ - if (atomicio(read, box->parent_sock, &whatever, 1) != 1) - fatal("%s: read: %s", __func__, strerror(errno)); - debug3("%s: child %ld ready", __func__, (long)child_pid); /* Set up systracing of child */ if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1) @@ -174,9 +175,8 @@ ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid, /* Signal the child to start running */ debug3("%s: start child %ld", __func__, (long)child_pid); - if (atomicio(vwrite, box->parent_sock, &whatever, 1) != 1) - fatal("%s: write: %s", __func__, strerror(errno)); - close(box->parent_sock); + if (kill(box->child_pid, SIGCONT) != 0) + fatal("%s: kill(%d, SIGCONT)", __func__, box->child_pid); } void diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1 index 4031bd4..e4343c1 100644 --- a/crypto/openssh/scp.1 +++ b/crypto/openssh/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.56 2010/12/09 14:13:32 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.58 2011/09/05 07:01:44 jmc Exp $ .\" -.Dd December 9, 2010 +.Dd September 5 2011 .Dt SCP 1 .Os .Sh NAME @@ -31,7 +31,7 @@ .Oo .Op Ar user No @ .Ar host1 No : -.Oc Ns Ar file1 +.Oc Ar file1 .Sm on .Ar ... .Sm off @@ -140,6 +140,7 @@ For full details of the options listed below, and their possible values, see .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials @@ -152,6 +153,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LogLevel diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index 18b2597..08587b5 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.170 2010/12/09 14:13:33 jmc Exp $ */ +/* $OpenBSD: scp.c,v 1.171 2011/09/09 22:37:01 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -601,12 +601,14 @@ toremote(char *targ, int argc, char **argv) host = cleanhostname(argv[i]); suser = NULL; } - xasprintf(&bp, "%s -f -- %s", cmd, src); + xasprintf(&bp, "%s -f %s%s", cmd, + *src == '-' ? "-- " : "", src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) exit(1); (void) xfree(bp); host = cleanhostname(thost); - xasprintf(&bp, "%s -t -- %s", cmd, targ); + xasprintf(&bp, "%s -t %s%s", cmd, + *targ == '-' ? "-- " : "", targ); if (do_cmd2(host, tuser, bp, remin, remout) < 0) exit(1); (void) xfree(bp); @@ -652,7 +654,8 @@ toremote(char *targ, int argc, char **argv) errs = 1; } else { /* local to remote */ if (remin == -1) { - xasprintf(&bp, "%s -t -- %s", cmd, targ); + xasprintf(&bp, "%s -t %s%s", cmd, + *targ == '-' ? "-- " : "", targ); host = cleanhostname(thost); if (do_cmd(host, tuser, bp, &remin, &remout) < 0) @@ -705,7 +708,8 @@ tolocal(int argc, char **argv) suser = pwd->pw_name; } host = cleanhostname(host); - xasprintf(&bp, "%s -f -- %s", cmd, src); + xasprintf(&bp, "%s -f %s%s", + cmd, *src == '-' ? "-- " : "", src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) { (void) xfree(bp); ++errs; diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 0b7395b..2664880 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -1,4 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.222 2011/06/22 21:57:01 djm Exp $ */ + +/* $OpenBSD: servconf.c,v 1.229 2012/07/13 01:35:21 dtucker Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -47,6 +48,8 @@ __RCSID("$FreeBSD$"); #include "match.h" #include "channels.h" #include "groupaccess.h" +#include "canohost.h" +#include "packet.h" #include "version.h" static void add_listen_addr(ServerOptions *, char *, int); @@ -141,6 +144,7 @@ initialize_server_options(ServerOptions *options) options->authorized_principals_file = NULL; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; + options->version_addendum = NULL; options->hpn_disabled = -1; options->hpn_buffer_size = -1; options->tcp_rcv_buf_poll = -1; @@ -286,6 +290,21 @@ fill_default_server_options(ServerOptions *options) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) options->ip_qos_bulk = IPTOS_THROUGHPUT; + if (options->version_addendum == NULL) + options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); + /* Turn privilege separation on by default */ + if (use_privsep == -1) + use_privsep = PRIVSEP_ON; + +#ifndef HAVE_MMAP + if (use_privsep && options->compression == 1) { + error("This platform does not support both privilege " + "separation and compression"); + error("Compression disabled"); + options->compression = 0; + } +#endif + if (options->hpn_disabled == -1) options->hpn_disabled = 0; if (options->hpn_buffer_size == -1) { @@ -314,23 +333,10 @@ fill_default_server_options(ServerOptions *options) options->hpn_buffer_size = maxlen; else options->hpn_buffer_size *= 1024; - } else + } else { options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; + } } - - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = PRIVSEP_ON; - -#ifndef HAVE_MMAP - if (use_privsep && options->compression == 1) { - error("This platform does not support both privilege " - "separation and compression"); - error("Compression disabled"); - options->compression = 0; - } -#endif - } /* Keyword tokens. */ @@ -363,12 +369,11 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, sIPQoS, + sKexAlgorithms, sIPQoS, sVersionAddendum, sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll, #ifdef NONE_CIPHER_ENABLED sNoneEnabled, #endif - sVersionAddendum, sDeprecated, sUnsupported } ServerOpCodes; @@ -460,10 +465,10 @@ static struct { { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, - { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, - { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, - { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, - { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, + { "allowusers", sAllowUsers, SSHCFG_ALL }, + { "denyusers", sDenyUsers, SSHCFG_ALL }, + { "allowgroups", sAllowGroups, SSHCFG_ALL }, + { "denygroups", sDenyGroups, SSHCFG_ALL }, { "ciphers", sCiphers, SSHCFG_GLOBAL }, { "macs", sMacs, SSHCFG_GLOBAL }, { "protocol", sProtocol, SSHCFG_GLOBAL }, @@ -481,7 +486,7 @@ static struct { { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, - { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, + { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, @@ -493,13 +498,14 @@ static struct { { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { "ipqos", sIPQoS, SSHCFG_ALL }, + { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, + { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { "hpndisabled", sHPNDisabled, SSHCFG_ALL }, { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL }, { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, #ifdef NONE_CIPHER_ENABLED { "noneenabled", sNoneEnabled, SSHCFG_ALL }, #endif - { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { NULL, sBadOption, 0 } }; @@ -588,6 +594,20 @@ add_one_listen_addr(ServerOptions *options, char *addr, int port) options->listen_addrs = aitop; } +struct connection_info * +get_connection_info(int populate, int use_dns) +{ + static struct connection_info ci; + + if (!populate) + return &ci; + ci.host = get_canonical_hostname(use_dns); + ci.address = get_remote_ipaddr(); + ci.laddress = get_local_ipaddr(packet_get_connection_in()); + ci.lport = get_local_port(); + return &ci; +} + /* * The strategy for the Match blocks is that the config file is parsed twice. * @@ -649,20 +669,25 @@ out: return result; } +/* + * All of the attributes on a single Match line are ANDed together, so we need to check every + * attribute and set the result to zero if any attribute does not match. + */ static int -match_cfg_line(char **condition, int line, const char *user, const char *host, - const char *address) +match_cfg_line(char **condition, int line, struct connection_info *ci) { - int result = 1; + int result = 1, port; char *arg, *attrib, *cp = *condition; size_t len; - if (user == NULL) + if (ci == NULL) debug3("checking syntax for 'Match %s'", cp); else - debug3("checking match for '%s' user %s host %s addr %s", cp, - user ? user : "(null)", host ? host : "(null)", - address ? address : "(null)"); + debug3("checking match for '%s' user %s host %s addr %s " + "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", + ci->host ? ci->host : "(null)", + ci->address ? ci->address : "(null)", + ci->laddress ? ci->laddress : "(null)", ci->lport); while ((attrib = strdelim(&cp)) && *attrib != '\0') { if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { @@ -671,37 +696,45 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, } len = strlen(arg); if (strcasecmp(attrib, "user") == 0) { - if (!user) { + if (ci == NULL || ci->user == NULL) { result = 0; continue; } - if (match_pattern_list(user, arg, len, 0) != 1) + if (match_pattern_list(ci->user, arg, len, 0) != 1) result = 0; else debug("user %.100s matched 'User %.100s' at " - "line %d", user, arg, line); + "line %d", ci->user, arg, line); } else if (strcasecmp(attrib, "group") == 0) { - switch (match_cfg_line_group(arg, line, user)) { + if (ci == NULL || ci->user == NULL) { + result = 0; + continue; + } + switch (match_cfg_line_group(arg, line, ci->user)) { case -1: return -1; case 0: result = 0; } } else if (strcasecmp(attrib, "host") == 0) { - if (!host) { + if (ci == NULL || ci->host == NULL) { result = 0; continue; } - if (match_hostname(host, arg, len) != 1) + if (match_hostname(ci->host, arg, len) != 1) result = 0; else debug("connection from %.100s matched 'Host " - "%.100s' at line %d", host, arg, line); + "%.100s' at line %d", ci->host, arg, line); } else if (strcasecmp(attrib, "address") == 0) { - switch (addr_match_list(address, arg)) { + if (ci == NULL || ci->address == NULL) { + result = 0; + continue; + } + switch (addr_match_list(ci->address, arg)) { case 1: debug("connection from %.100s matched 'Address " - "%.100s' at line %d", address, arg, line); + "%.100s' at line %d", ci->address, arg, line); break; case 0: case -1: @@ -710,12 +743,47 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, case -2: return -1; } + } else if (strcasecmp(attrib, "localaddress") == 0){ + if (ci == NULL || ci->laddress == NULL) { + result = 0; + continue; + } + switch (addr_match_list(ci->laddress, arg)) { + case 1: + debug("connection from %.100s matched " + "'LocalAddress %.100s' at line %d", + ci->laddress, arg, line); + break; + case 0: + case -1: + result = 0; + break; + case -2: + return -1; + } + } else if (strcasecmp(attrib, "localport") == 0) { + if ((port = a2port(arg)) == -1) { + error("Invalid LocalPort '%s' on Match line", + arg); + return -1; + } + if (ci == NULL || ci->lport == 0) { + result = 0; + continue; + } + /* TODO support port lists */ + if (port == ci->lport) + debug("connection from %.100s matched " + "'LocalPort %d' at line %d", + ci->laddress, port, line); + else + result = 0; } else { error("Unsupported Match attribute %s", attrib); return -1; } } - if (user != NULL) + if (ci != NULL) debug3("match %sfound", result ? "" : "not "); *condition = cp; return result; @@ -754,16 +822,17 @@ static const struct multistate multistate_gatewayports[] = { { NULL, -1 } }; static const struct multistate multistate_privsep[] = { - { "sandbox", PRIVSEP_SANDBOX }, - { "yes", PRIVSEP_ON }, + { "yes", PRIVSEP_NOSANDBOX }, + { "sandbox", PRIVSEP_ON }, + { "nosandbox", PRIVSEP_NOSANDBOX }, { "no", PRIVSEP_OFF }, { NULL, -1 } }; int process_server_config_line(ServerOptions *options, char *line, - const char *filename, int linenum, int *activep, const char *user, - const char *host, const char *address) + const char *filename, int linenum, int *activep, + struct connection_info *connectinfo) { char *cp, **charptr, *arg, *p; int cmdline = 0, *intptr, value, value2, n; @@ -794,7 +863,7 @@ process_server_config_line(ServerOptions *options, char *line, if (*activep && opcode != sMatch) debug3("%s:%d setting %s %s", filename, linenum, arg, cp); if (*activep == 0 && !(flags & SSHCFG_MATCH)) { - if (user == NULL) { + if (connectinfo == NULL) { fatal("%s line %d: Directive '%s' is not allowed " "within a Match block", filename, linenum, arg); } else { /* this is a directive we have already processed */ @@ -1132,6 +1201,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); + if (!*activep) + continue; options->allow_users[options->num_allow_users++] = xstrdup(arg); } @@ -1142,6 +1213,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_users >= MAX_DENY_USERS) fatal("%s line %d: too many deny users.", filename, linenum); + if (!*activep) + continue; options->deny_users[options->num_deny_users++] = xstrdup(arg); } @@ -1152,6 +1225,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_groups >= MAX_ALLOW_GROUPS) fatal("%s line %d: too many allow groups.", filename, linenum); + if (!*activep) + continue; options->allow_groups[options->num_allow_groups++] = xstrdup(arg); } @@ -1162,7 +1237,10 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_groups >= MAX_DENY_GROUPS) fatal("%s line %d: too many deny groups.", filename, linenum); - options->deny_groups[options->num_deny_groups++] = xstrdup(arg); + if (!*activep) + continue; + options->deny_groups[options->num_deny_groups++] = + xstrdup(arg); } break; @@ -1336,7 +1414,7 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: too many allow env.", filename, linenum); if (!*activep) - break; + continue; options->accept_env[options->num_accept_env++] = xstrdup(arg); } @@ -1365,7 +1443,7 @@ process_server_config_line(ServerOptions *options, char *line, if (cmdline) fatal("Match directive not supported as a command-line " "option"); - value = match_cfg_line(&cp, linenum, user, host, address); + value = match_cfg_line(&cp, linenum, connectinfo); if (value < 0) fatal("%s line %d: Bad Match condition", filename, linenum); @@ -1385,6 +1463,14 @@ process_server_config_line(ServerOptions *options, char *line, } break; } + if (strcmp(arg, "none") == 0) { + if (*activep && n == -1) { + channel_clear_adm_permitted_opens(); + options->num_permitted_opens = 1; + channel_disable_adm_local_opens(); + } + break; + } if (*activep && n == -1) channel_clear_adm_permitted_opens(); for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { @@ -1393,7 +1479,7 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: missing host in PermitOpen", filename, linenum); p = cleanhostname(p); - if (arg == NULL || (port = a2port(arg)) <= 0) + if (arg == NULL || ((port = permitopen_port(arg)) < 0)) fatal("%s line %d: bad port number in " "PermitOpen", filename, linenum); if (*activep && n == -1) @@ -1448,11 +1534,20 @@ process_server_config_line(ServerOptions *options, char *line, break; case sVersionAddendum: - ssh_version_set_addendum(strtok(cp, "\n")); - do { - arg = strdelim(&cp); - } while (arg != NULL && *arg != '\0'); - break; + if (cp == NULL) + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(cp, WHITESPACE); + if (*activep && options->version_addendum == NULL) { + if (strcasecmp(cp + len, "none") == 0) + options->version_addendum = xstrdup(""); + else if (strchr(cp + len, '\r') != NULL) + fatal("%.200s line %d: Invalid argument", + filename, linenum); + else + options->version_addendum = xstrdup(cp + len); + } + return 0; case sHPNDisabled: intptr = &options->hpn_disabled; @@ -1501,8 +1596,9 @@ process_server_config_line(ServerOptions *options, char *line, void load_server_config(const char *filename, Buffer *conf) { - char line[1024], *cp; + char line[4096], *cp; FILE *f; + int lineno = 0; debug2("%s: filename %s", __func__, filename); if ((f = fopen(filename, "r")) == NULL) { @@ -1511,6 +1607,9 @@ load_server_config(const char *filename, Buffer *conf) } buffer_clear(conf); while (fgets(line, sizeof(line), f)) { + lineno++; + if (strlen(line) == sizeof(line) - 1) + fatal("%s line %d too long", filename, lineno); /* * Trim out comments and strip whitespace * NB - preserve newlines, they are needed to reproduce @@ -1528,16 +1627,58 @@ load_server_config(const char *filename, Buffer *conf) } void -parse_server_match_config(ServerOptions *options, const char *user, - const char *host, const char *address) +parse_server_match_config(ServerOptions *options, + struct connection_info *connectinfo) { ServerOptions mo; initialize_server_options(&mo); - parse_server_config(&mo, "reprocess config", &cfg, user, host, address); + parse_server_config(&mo, "reprocess config", &cfg, connectinfo); copy_set_server_options(options, &mo, 0); } +int parse_server_match_testspec(struct connection_info *ci, char *spec) +{ + char *p; + + while ((p = strsep(&spec, ",")) && *p != '\0') { + if (strncmp(p, "addr=", 5) == 0) { + ci->address = xstrdup(p + 5); + } else if (strncmp(p, "host=", 5) == 0) { + ci->host = xstrdup(p + 5); + } else if (strncmp(p, "user=", 5) == 0) { + ci->user = xstrdup(p + 5); + } else if (strncmp(p, "laddr=", 6) == 0) { + ci->laddress = xstrdup(p + 6); + } else if (strncmp(p, "lport=", 6) == 0) { + ci->lport = a2port(p + 6); + if (ci->lport == -1) { + fprintf(stderr, "Invalid port '%s' in test mode" + " specification %s\n", p+6, p); + return -1; + } + } else { + fprintf(stderr, "Invalid test mode specification %s\n", + p); + return -1; + } + } + return 0; +} + +/* + * returns 1 for a complete spec, 0 for partial spec and -1 for an + * empty spec. + */ +int server_match_spec_complete(struct connection_info *ci) +{ + if (ci->user && ci->host && ci->address) + return 1; /* complete */ + if (!ci->user && !ci->host && !ci->address) + return -1; /* empty */ + return 0; /* partial */ +} + /* Helper macros */ #define M_CP_INTOPT(n) do {\ if (src->n != -1) \ @@ -1611,7 +1752,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) void parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, - const char *user, const char *host, const char *address) + struct connection_info *connectinfo) { int active, linenum, bad_options = 0; char *cp, *obuf, *cbuf; @@ -1619,11 +1760,11 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); obuf = cbuf = xstrdup(buffer_ptr(conf)); - active = user ? 0 : 1; + active = connectinfo ? 0 : 1; linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { if (process_server_config_line(options, cp, filename, - linenum++, &active, user, host, address) != 0) + linenum++, &active, connectinfo) != 0) bad_options++; } xfree(obuf); @@ -1835,6 +1976,7 @@ dump_config(ServerOptions *o) dump_cfg_string(sRevokedKeys, o->revoked_keys_file); dump_cfg_string(sAuthorizedPrincipalsFile, o->authorized_principals_file); + dump_cfg_string(sVersionAddendum, o->version_addendum); /* string arguments requiring a lookup */ dump_cfg_string(sLogLevel, log_level_name(o->log_level)); diff --git a/crypto/openssh/servconf.h b/crypto/openssh/servconf.h index 847b92c..8dff83a 100644 --- a/crypto/openssh/servconf.h +++ b/crypto/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.99 2011/06/22 21:57:01 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.103 2012/07/10 02:19:15 djm Exp $ */ /* $FreeBSD$ */ /* @@ -40,7 +40,7 @@ /* use_privsep */ #define PRIVSEP_OFF 0 #define PRIVSEP_ON 1 -#define PRIVSEP_SANDBOX 2 +#define PRIVSEP_NOSANDBOX 2 #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ @@ -168,6 +168,8 @@ typedef struct { char *trusted_user_ca_keys; char *authorized_principals_file; + char *version_addendum; /* Appended to SSH banner */ + int hpn_disabled; /* Disable HPN functionality. */ int hpn_buffer_size; /* Set HPN buffer size - default 2MB.*/ int tcp_rcv_buf_poll; /* Poll TCP rcv window in autotuning @@ -178,6 +180,16 @@ typedef struct { #endif } ServerOptions; +/* Information about the incoming connection as used by Match */ +struct connection_info { + const char *user; + const char *host; /* possibly resolved hostname */ + const char *address; /* remote address */ + const char *laddress; /* local address */ + int lport; /* local port */ +}; + + /* * These are string config options that must be copied between the * Match sub-config and the main config, and must be sent from the @@ -190,17 +202,24 @@ typedef struct { M_CP_STROPT(revoked_keys_file); \ M_CP_STROPT(authorized_principals_file); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ + M_CP_STRARRAYOPT(allow_users, num_allow_users); \ + M_CP_STRARRAYOPT(deny_users, num_deny_users); \ + M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \ + M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ + M_CP_STRARRAYOPT(accept_env, num_accept_env); \ } while (0) +struct connection_info *get_connection_info(int, int); void initialize_server_options(ServerOptions *); void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, - int *, const char *, const char *, const char *); + int *, struct connection_info *); void load_server_config(const char *, Buffer *); void parse_server_config(ServerOptions *, const char *, Buffer *, - const char *, const char *, const char *); -void parse_server_match_config(ServerOptions *, const char *, const char *, - const char *); + struct connection_info *); +void parse_server_match_config(ServerOptions *, struct connection_info *); +int parse_server_match_testspec(struct connection_info *, char *); +int server_match_spec_complete(struct connection_info *); void copy_set_server_options(ServerOptions *, ServerOptions *, int); void dump_config(ServerOptions *); char *derelativise_path(const char *); diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index e74c2c7..33fcfc3 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.160 2011/05/15 08:09:01 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.162 2012/06/20 04:42:58 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -282,9 +282,18 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, { struct timeval tv, *tvp; int ret; + time_t minwait_secs = 0; int client_alive_scheduled = 0; int program_alive_scheduled = 0; + /* Allocate and update select() masks for channel descriptors. */ + channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, + &minwait_secs, 0); + + if (minwait_secs != 0) + max_time_milliseconds = MIN(max_time_milliseconds, + (u_int)minwait_secs * 1000); + /* * if using client_alive, set the max timeout accordingly, * and indicate that this particular timeout was for client @@ -299,9 +308,6 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, max_time_milliseconds = options.client_alive_interval * 1000; } - /* Allocate and update select() masks for channel descriptors. */ - channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, 0); - if (compat20) { #if 0 /* wrong: bad condition XXX */ @@ -727,7 +733,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) /* Wait until all output has been sent to the client. */ drain_output(); - debug("End of interactive session; stdin %ld, stdout (read %ld, " "sent %ld), stderr %ld bytes.", + debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.", stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes); /* Free and clear the buffers. */ diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 0f00813..57a3e18 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.258 2010/11/25 04:10:09 djm Exp $ */ +/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1406,7 +1406,7 @@ do_nologin(struct passwd *pw) struct stat sb; #ifdef HAVE_LOGIN_CAP - if (login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) + if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) return; nl = login_getcapstr(lc, "nologin", def_nl, def_nl); #else @@ -2182,7 +2182,7 @@ session_break_req(Session *s) packet_get_int(); /* ignored */ packet_check_eom(); - if (s->ttyfd == -1 || tcsendbreak(s->ttyfd, 0) < 0) + if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) return 0; return 1; } diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index caa384b..85f2bd4 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.94 2010/12/04 00:18:01 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.97 2012/07/02 12:13:26 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -462,12 +462,12 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, buffer_put_cstring(&msg, path); send_msg(conn, &msg); - buffer_clear(&msg); - handle = get_handle(conn, id, &handle_len, "remote readdir(\"%s\")", path); - if (handle == NULL) + if (handle == NULL) { + buffer_free(&msg); return -1; + } if (dir) { ents = 0; @@ -510,6 +510,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, fx2txt(status)); do_close(conn, handle, handle_len); xfree(handle); + buffer_free(&msg); return(status); } } else if (type != SSH2_FXP_NAME) @@ -756,7 +757,8 @@ do_realpath(struct sftp_conn *conn, char *path) longname = buffer_get_string(&msg, NULL); a = decode_attrib(&msg); - debug3("SSH_FXP_REALPATH %s -> %s", path, filename); + debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, + (unsigned long)a->size); xfree(longname); @@ -805,15 +807,15 @@ do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath) Buffer msg; u_int status, id; - buffer_init(&msg); - - /* Send link request */ - id = conn->msg_id++; if ((conn->exts & SFTP_EXT_HARDLINK) == 0) { error("Server does not support hardlink@openssh.com extension"); return -1; } + buffer_init(&msg); + + /* Send link request */ + id = conn->msg_id++; buffer_put_char(&msg, SSH2_FXP_EXTENDED); buffer_put_int(&msg, id); buffer_put_cstring(&msg, "hardlink@openssh.com"); @@ -889,6 +891,7 @@ do_readlink(struct sftp_conn *conn, char *path) u_int status = buffer_get_int(&msg); error("Couldn't readlink: %s", fx2txt(status)); + buffer_free(&msg); return(NULL); } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", diff --git a/crypto/openssh/sftp-glob.c b/crypto/openssh/sftp-glob.c index cdc2708..06bf157 100644 --- a/crypto/openssh/sftp-glob.c +++ b/crypto/openssh/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.22 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.23 2011/10/04 14:17:32 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -111,7 +111,7 @@ fudge_lstat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_lstat(cur.conn, (char *)path, 0))) + if (!(a = do_lstat(cur.conn, (char *)path, 1))) return(-1); attrib_to_stat(a, st); @@ -124,7 +124,7 @@ fudge_stat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_stat(cur.conn, (char *)path, 0))) + if (!(a = do_stat(cur.conn, (char *)path, 1))) return(-1); attrib_to_stat(a, st); diff --git a/crypto/openssh/sftp.1 b/crypto/openssh/sftp.1 index e703bbf..5ff9e66 100644 --- a/crypto/openssh/sftp.1 +++ b/crypto/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.90 2011/08/07 12:55:30 dtucker Exp $ +.\" $OpenBSD: sftp.1,v 1.91 2011/09/05 05:56:13 djm Exp $ .\" $FreeBSD$ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd August 7, 2011 +.Dd September 5 2011 .Dt SFTP 1 .Os .Sh NAME @@ -195,6 +195,7 @@ For full details of the options listed below, and their possible values, see .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials @@ -207,6 +208,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LogLevel diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index 0fb420a..20fb501 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.132 2010/12/04 00:18:01 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.136 2012/06/22 14:36:33 dtucker Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> @@ -784,7 +784,6 @@ static int do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { - Attrib *a = NULL; char *fname, *lname; glob_t g; int err; @@ -794,7 +793,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, memset(&g, 0, sizeof(g)); if (remote_glob(conn, path, - GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT, NULL, &g) || + GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT|GLOB_NOSORT, + NULL, &g) || (g.gl_pathc && !g.gl_matchc)) { if (g.gl_pathc) globfree(&g); @@ -829,7 +829,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, colspace = width / columns; } - for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) { + for (i = 0; g.gl_pathv[i] && !interrupted; i++) { fname = path_strip(g.gl_pathv[i], strip_path); if (lflag & LS_LONG_VIEW) { if (g.gl_statv[i] == NULL) { @@ -1631,8 +1631,10 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, } list[count] = NULL; - if (count == 0) + if (count == 0) { + xfree(list); return 0; + } /* Complete ambigious command */ tmp = complete_ambiguous(cmd, list, count); @@ -1932,13 +1934,8 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) xfree(dir); } -#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF) - setvbuf(stdout, NULL, _IOLBF, 0); - setvbuf(infile, NULL, _IOLBF, 0); -#else setlinebuf(stdout); setlinebuf(infile); -#endif interactive = !batchmode && isatty(STDIN_FILENO); err = 0; diff --git a/crypto/openssh/ssh-add.1 b/crypto/openssh/ssh-add.1 index 4260cbd..dc6ffaf 100644 --- a/crypto/openssh/ssh-add.1 +++ b/crypto/openssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 28, 2010 +.Dd October 18 2011 .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdLlXx +.Op Fl cDdkLlXx .Op Fl t Ar life .Op Ar .Nm ssh-add @@ -110,6 +110,9 @@ and retry. .It Fl e Ar pkcs11 Remove keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl k +When loading keys into the agent, load plain private keys only and skip +certificates. .It Fl L Lists public key parameters of all identities currently represented by the agent. diff --git a/crypto/openssh/ssh-add.c b/crypto/openssh/ssh-add.c index 6d5e2a9..738644d 100644 --- a/crypto/openssh/ssh-add.c +++ b/crypto/openssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -139,11 +139,11 @@ delete_all(AuthenticationConnection *ac) } static int -add_file(AuthenticationConnection *ac, const char *filename) +add_file(AuthenticationConnection *ac, const char *filename, int key_only) { Key *private, *cert; char *comment = NULL; - char msg[1024], *certpath; + char msg[1024], *certpath = NULL; int fd, perms_ok, ret = -1; Buffer keyblob; @@ -219,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename) fprintf(stderr, "Could not add identity: %s\n", filename); } + /* Skip trying to load the cert if requested */ + if (key_only) + goto out; /* Now try to add the certificate flavour too */ xasprintf(&certpath, "%s-cert.pub", filename); @@ -253,7 +256,8 @@ add_file(AuthenticationConnection *ac, const char *filename) if (confirm != 0) fprintf(stderr, "The user must confirm each use of the key\n"); out: - xfree(certpath); + if (certpath != NULL) + xfree(certpath); xfree(comment); key_free(private); @@ -347,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock) } static int -do_file(AuthenticationConnection *ac, int deleting, char *file) +do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) { if (deleting) { if (delete_file(ac, file) == -1) return -1; } else { - if (add_file(ac, file) == -1) + if (add_file(ac, file, key_only) == -1) return -1; } return 0; @@ -366,12 +370,13 @@ usage(void) fprintf(stderr, "Options:\n"); fprintf(stderr, " -l List fingerprints of all identities.\n"); fprintf(stderr, " -L List public key parameters of all identities.\n"); + fprintf(stderr, " -k Load only keys and not certificates.\n"); + fprintf(stderr, " -c Require confirmation to sign using identities\n"); + fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); fprintf(stderr, " -d Delete identity.\n"); fprintf(stderr, " -D Delete all identities.\n"); fprintf(stderr, " -x Lock agent.\n"); fprintf(stderr, " -X Unlock agent.\n"); - fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); - fprintf(stderr, " -c Require confirmation to sign using identities\n"); fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); } @@ -383,7 +388,7 @@ main(int argc, char **argv) extern int optind; AuthenticationConnection *ac = NULL; char *pkcs11provider = NULL; - int i, ch, deleting = 0, ret = 0; + int i, ch, deleting = 0, ret = 0, key_only = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -400,8 +405,11 @@ main(int argc, char **argv) "Could not open a connection to your authentication agent.\n"); exit(2); } - while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { + while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) { switch (ch) { + case 'k': + key_only = 1; + break; case 'l': case 'L': if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) @@ -467,7 +475,7 @@ main(int argc, char **argv) default_files[i]); if (stat(buf, &st) < 0) continue; - if (do_file(ac, deleting, buf) == -1) + if (do_file(ac, deleting, key_only, buf) == -1) ret = 1; else count++; @@ -476,7 +484,7 @@ main(int argc, char **argv) ret = 1; } else { for (i = 0; i < argc; i++) { - if (do_file(ac, deleting, argv[i]) == -1) + if (do_file(ac, deleting, key_only, argv[i]) == -1) ret = 1; } } diff --git a/crypto/openssh/ssh-ecdsa.c b/crypto/openssh/ssh-ecdsa.c index c8276b4..085468e 100644 --- a/crypto/openssh/ssh-ecdsa.c +++ b/crypto/openssh/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.4 2010/09/10 01:04:10 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.5 2012/01/08 13:17:11 miod Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -145,6 +145,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, buffer_get_bignum2(&bb, sig->s); if (buffer_len(&bb) != 0) fatal("%s: remaining bytes in inner sigblob", __func__); + buffer_free(&bb); /* clean up */ memset(sigblob, 0, len); diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 index 6c55c22..2613083 100644 --- a/crypto/openssh/ssh-keygen.1 +++ b/crypto/openssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.106 2011/04/13 04:09:37 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $ .\" $FreeBSD$ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -36,7 +36,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 13, 2011 +.Dd July 6 2012 .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -105,6 +105,9 @@ .Fl f Ar input_file .Op Fl v .Op Fl a Ar num_trials +.Op Fl J Ar num_lines +.Op Fl j Ar start_line +.Op Fl K Ar checkpt .Op Fl W Ar generator .Nm ssh-keygen .Fl s Ar ca_key @@ -215,7 +218,7 @@ Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, the .Fl b -flag determines they key length by selecting from one of three elliptic +flag determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will fail. @@ -297,6 +300,24 @@ in the format specified by the .Fl m option and print an OpenSSH compatible private (or public) key to stdout. +.It Fl J Ar num_lines +Exit after screening the specified number of lines +while performing DH candidate screening using the +.Fl T +option. +.It Fl j Ar start_line +Start screening at the specified line number +while performing DH candidate screening using the +.Fl T +option. +.It Fl K Ar checkpt +Write the last line processed to the file +.Ar checkpt +while performing DH candidate screening using the +.Fl T +option. +This will be used to skip lines in the input file that have already been +processed if the job is restarted. This option allows importing keys from other software, including several commercial SSH implementations. The default import format is @@ -510,7 +531,7 @@ This may be overridden using the .Fl S option, which specifies a different start point (in hex). .Pp -Once a set of candidates have been generated, they must be tested for +Once a set of candidates have been generated, they must be screened for suitability. This may be performed using the .Fl T diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index 4b6218b..a223ddc 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.210 2011/04/18 00:46:05 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.216 2012/07/06 06:38:03 jmc Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -154,7 +154,8 @@ char hostname[MAXHOSTNAMELEN]; /* moduli.c */ int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, + unsigned long); static void type_bits_valid(int type, u_int32_t *bitsp) @@ -265,6 +266,10 @@ do_convert_to_ssh2(struct passwd *pw, Key *k) u_char *blob; char comment[61]; + if (k->type == KEY_RSA1) { + fprintf(stderr, "version 1 keys are not supported\n"); + exit(1); + } if (key_to_blob(k, &blob, &len) <= 0) { fprintf(stderr, "key_to_blob failed\n"); exit(1); @@ -288,6 +293,7 @@ static void do_convert_to_pkcs8(Key *k) { switch (key_type_plain(k->type)) { + case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) fatal("PEM_write_RSA_PUBKEY failed"); @@ -312,6 +318,7 @@ static void do_convert_to_pem(Key *k) { switch (key_type_plain(k->type)) { + case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); @@ -345,10 +352,6 @@ do_convert_to(struct passwd *pw) exit(1); } } - if (k->type == KEY_RSA1) { - fprintf(stderr, "version 1 keys are not supported\n"); - exit(1); - } switch (convert_format) { case FMT_RFC4716: @@ -857,7 +860,9 @@ do_gen_all_hostkeys(struct passwd *pw) { "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, +#ifdef OPENSSL_HAS_ECC { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, +#endif { NULL, NULL, NULL } }; @@ -1884,6 +1889,9 @@ usage(void) fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); + fprintf(stderr, " -J number Screen this number of moduli lines.\n"); + fprintf(stderr, " -j number Start screening moduli at specified line.\n"); + fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); fprintf(stderr, " -L Print the contents of a certificate.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n"); fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); @@ -1916,6 +1924,7 @@ int main(int argc, char **argv) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; + char *checkpoint = NULL; char out_file[MAXPATHLEN], *rr_hostname = NULL; Key *private, *public; struct passwd *pw; @@ -1924,6 +1933,7 @@ main(int argc, char **argv) u_int32_t memory = 0, generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; int gen_all_hostkeys = 0; + unsigned long start_lineno = 0, lines_to_process = 0; BIGNUM *start = NULL; FILE *f; const char *errstr; @@ -1952,8 +1962,8 @@ main(int argc, char **argv) exit(1); } - while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:" - "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { + while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:" + "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) { switch (opt) { case 'A': gen_all_hostkeys = 1; @@ -1974,6 +1984,12 @@ main(int argc, char **argv) case 'I': cert_key_id = optarg; break; + case 'J': + lines_to_process = strtoul(optarg, NULL, 10); + break; + case 'j': + start_lineno = strtoul(optarg, NULL, 10); + break; case 'R': delete_host = 1; rr_hostname = optarg; @@ -2103,6 +2119,11 @@ main(int argc, char **argv) sizeof(out_file)) fatal("Output filename too long"); break; + case 'K': + if (strlen(optarg) >= MAXPATHLEN) + fatal("Checkpoint filename too long"); + checkpoint = xstrdup(optarg); + break; case 'S': /* XXX - also compare length against bits */ if (BN_hex2bn(&start, optarg) == 0) @@ -2183,6 +2204,8 @@ main(int argc, char **argv) _PATH_HOST_RSA_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname); + n += do_print_resource_record(pw, + _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); if (n == 0) fatal("no keys found."); @@ -2225,7 +2248,8 @@ main(int argc, char **argv) fatal("Couldn't open moduli file \"%s\": %s", out_file, strerror(errno)); } - if (prime_test(in, out, trials, generator_wanted) != 0) + if (prime_test(in, out, trials, generator_wanted, checkpoint, + start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); return (0); } diff --git a/crypto/openssh/ssh-pkcs11-client.c b/crypto/openssh/ssh-pkcs11-client.c index 650c373..82b11da 100644 --- a/crypto/openssh/ssh-pkcs11-client.c +++ b/crypto/openssh/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -123,6 +123,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, buffer_put_int(&msg, 0); xfree(blob); send_msg(&msg); + buffer_clear(&msg); if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) { signature = buffer_get_string(&msg, &slen); @@ -132,6 +133,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, } xfree(signature); } + buffer_free(&msg); return (ret); } diff --git a/crypto/openssh/ssh-pkcs11-helper.c b/crypto/openssh/ssh-pkcs11-helper.c index cd33515..fcb5def 100644 --- a/crypto/openssh/ssh-pkcs11-helper.c +++ b/crypto/openssh/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.3 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.4 2012/07/02 12:13:26 dtucker Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -168,13 +168,13 @@ process_sign(void) { u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; - int ok = -1, flags, ret; + int ok = -1, ret; Key *key, *found; Buffer msg; blob = get_string(&blen); data = get_string(&dlen); - flags = get_int(); /* XXX ignore */ + (void)get_int(); /* XXX ignore flags */ if ((key = key_from_blob(blob, blen)) != NULL) { if ((found = lookup_key(key)) != NULL) { diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 12eb281..7eab76a 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.320 2011/08/02 01:22:11 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.326 2012/06/18 12:17:18 dtucker Exp $ .\" $FreeBSD$ -.Dd August 2, 2011 +.Dd June 18 2012 .Dt SSH 1 .Os .Sh NAME @@ -394,6 +394,8 @@ Valid commands are: (check that the master process is running), .Dq forward (request forwardings without command execution), +.Dq cancel +(cancel forwardings), .Dq exit (request the master to exit), and .Dq stop @@ -420,11 +422,13 @@ For full details of the options listed below, and their possible values, see .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It DynamicForward .It EscapeChar .It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 +.It ForwardX11Timeout .It ForwardX11Trusted .It GatewayPorts .It GlobalKnownHostsFile @@ -439,6 +443,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LocalCommand @@ -503,7 +508,7 @@ from the local machine. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. -IPv6 addresses can be specified by enclosing the address in square braces. +IPv6 addresses can be specified by enclosing the address in square brackets. .Pp By default, the listening socket on the server will be bound to the loopback interface only. @@ -584,8 +589,8 @@ Implies .Fl T , .Cm ExitOnForwardFailure and -.Cm ClearAllForwardings -and works with Protocol version 2 only. +.Cm ClearAllForwardings . +Works with Protocol version 2 only. .It Fl w Xo .Ar local_tun Ns Op : Ns Ar remote_tun .Xc @@ -898,11 +903,20 @@ Currently this allows the addition of port forwardings using the and .Fl D options (see above). -It also allows the cancellation of existing remote port-forwardings -using +It also allows the cancellation of existing port-forwardings +with +.Sm off +.Fl KL Oo Ar bind_address : Oc Ar port +.Sm on +for local, +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port +.Sm on +for remote and .Sm off -.Fl KR Oo Ar bind_address : Oc Ar port . +.Fl KD Oo Ar bind_address : Oc Ar port .Sm on +for dynamic port-forwardings. .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand @@ -1363,7 +1377,7 @@ The file format and configuration options are described in .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys +These files contain the private parts of the host keys and are used for host-based authentication. If protocol version 1 is used, .Nm diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index ed3ab92..c77491b 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.364 2011/08/02 23:15:03 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -379,6 +379,8 @@ main(int ac, char **av) muxclient_command = SSHMUX_COMMAND_TERMINATE; else if (strcmp(optarg, "stop") == 0) muxclient_command = SSHMUX_COMMAND_STOP; + else if (strcmp(optarg, "cancel") == 0) + muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; else fatal("Invalid multiplex command."); break; @@ -436,9 +438,16 @@ main(int ac, char **av) } /* FALLTHROUGH */ case 'V': - fprintf(stderr, "%s, %s\n", - ssh_version_get(options.hpn_disabled), - SSLeay_version(SSLEAY_VERSION)); + if (options.version_addendum && + *options.version_addendum != '\0') + fprintf(stderr, "%s%s %s, %s\n", SSH_RELEASE, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + options.version_addendum, + SSLeay_version(SSLEAY_VERSION)); + else + fprintf(stderr, "%s%s, %s\n", SSH_RELEASE, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + SSLeay_version(SSLEAY_VERSION)); if (opt == 'V') exit(0); break; @@ -648,10 +657,6 @@ main(int ac, char **av) /* Initialize the command to execute on remote host. */ buffer_init(&command); - if (options.request_tty == REQUEST_TTY_YES || - options.request_tty == REQUEST_TTY_FORCE) - tty_flag = 1; - /* * Save the command to execute on the remote host in a buffer. There * is no limit on the length of the command, except by the maximum @@ -659,7 +664,6 @@ main(int ac, char **av) */ if (!ac) { /* No command specified - execute shell on a tty. */ - tty_flag = options.request_tty != REQUEST_TTY_NO; if (subsystem_flag) { fprintf(stderr, "You must specify a subsystem to invoke.\n"); @@ -680,22 +684,6 @@ main(int ac, char **av) fatal("Cannot fork into background without a command " "to execute."); - /* Allocate a tty by default if no command specified. */ - if (buffer_len(&command) == 0) - tty_flag = options.request_tty != REQUEST_TTY_NO; - - /* Force no tty */ - if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0) - tty_flag = 0; - /* Do not allocate a tty if stdin is not a tty. */ - if ((!isatty(fileno(stdin)) || stdin_null_flag) && - options.request_tty != REQUEST_TTY_FORCE) { - if (tty_flag) - logit("Pseudo-terminal will not be allocated because " - "stdin is not a terminal."); - tty_flag = 0; - } - /* * Initialize "log" output. Since we are the client all output * actually goes to stderr. @@ -731,6 +719,26 @@ main(int ac, char **av) /* reinit */ log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); + if (options.request_tty == REQUEST_TTY_YES || + options.request_tty == REQUEST_TTY_FORCE) + tty_flag = 1; + + /* Allocate a tty by default if no command specified. */ + if (buffer_len(&command) == 0) + tty_flag = options.request_tty != REQUEST_TTY_NO; + + /* Force no tty */ + if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0) + tty_flag = 0; + /* Do not allocate a tty if stdin is not a tty. */ + if ((!isatty(fileno(stdin)) || stdin_null_flag) && + options.request_tty != REQUEST_TTY_FORCE) { + if (tty_flag) + logit("Pseudo-terminal will not be allocated because " + "stdin is not a terminal."); + tty_flag = 0; + } + seed_rng(); if (options.user == NULL) @@ -913,17 +921,20 @@ main(int ac, char **av) * Now that we are back to our own permissions, create ~/.ssh * directory if it doesn't already exist. */ - r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, - strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { + if (config == NULL) { + r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, + strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { #ifdef WITH_SELINUX - ssh_selinux_setfscreatecon(buf); + ssh_selinux_setfscreatecon(buf); #endif - if (mkdir(buf, 0700) < 0) - error("Could not create directory '%.200s'.", buf); + if (mkdir(buf, 0700) < 0) + error("Could not create directory '%.200s'.", + buf); #ifdef WITH_SELINUX - ssh_selinux_setfscreatecon(NULL); + ssh_selinux_setfscreatecon(NULL); #endif + } } /* load options.identity_files */ load_public_identity_files(); @@ -1048,11 +1059,17 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); - if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) { - rfwd->allocated_port = packet_get_int(); - logit("Allocated port %u for remote forward to %s:%d", - rfwd->allocated_port, - rfwd->connect_host, rfwd->connect_port); + if (rfwd->listen_port == 0) { + if (type == SSH2_MSG_REQUEST_SUCCESS) { + rfwd->allocated_port = packet_get_int(); + logit("Allocated port %u for remote forward to %s:%d", + rfwd->allocated_port, + rfwd->connect_host, rfwd->connect_port); + channel_update_permitted_opens(rfwd->handle, + rfwd->allocated_port); + } else { + channel_update_permitted_opens(rfwd->handle, -1); + } } if (type == SSH2_MSG_REQUEST_FAILURE) { @@ -1077,25 +1094,26 @@ client_cleanup_stdio_fwd(int id, void *arg) cleanup_exit(0); } -static int -client_setup_stdio_fwd(const char *host_to_connect, u_short port_to_connect) +static void +ssh_init_stdio_forwarding(void) { Channel *c; int in, out; - debug3("client_setup_stdio_fwd %s:%d", host_to_connect, - port_to_connect); + if (stdio_forward_host == NULL) + return; + if (!compat20) + fatal("stdio forwarding require Protocol 2"); - in = dup(STDIN_FILENO); - out = dup(STDOUT_FILENO); - if (in < 0 || out < 0) - fatal("channel_connect_stdio_fwd: dup() in/out failed"); + debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port); - if ((c = channel_connect_stdio_fwd(host_to_connect, port_to_connect, - in, out)) == NULL) - return 0; + if ((in = dup(STDIN_FILENO)) < 0 || + (out = dup(STDOUT_FILENO)) < 0) + fatal("channel_connect_stdio_fwd: dup() in/out failed"); + if ((c = channel_connect_stdio_fwd(stdio_forward_host, + stdio_forward_port, in, out)) == NULL) + fatal("%s: channel_connect_stdio_fwd failed", __func__); channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0); - return 1; } static void @@ -1104,15 +1122,6 @@ ssh_init_forwarding(void) int success = 0; int i; - if (stdio_forward_host != NULL) { - if (!compat20) { - fatal("stdio forwarding require Protocol 2"); - } - if (!client_setup_stdio_fwd(stdio_forward_host, - stdio_forward_port)) - fatal("Failed to connect in stdio forward mode."); - } - /* Initiate local TCP/IP port forwardings. */ for (i = 0; i < options.num_local_forwards; i++) { debug("Local connections to %.200s:%d forwarded to remote " @@ -1144,19 +1153,22 @@ ssh_init_forwarding(void) options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); - if (channel_request_remote_forwarding( + options.remote_forwards[i].handle = + channel_request_remote_forwarding( options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port) < 0) { + options.remote_forwards[i].connect_port); + if (options.remote_forwards[i].handle < 0) { if (options.exit_on_forward_failure) fatal("Could not request remote forwarding."); else logit("Warning: Could not request remote " "forwarding."); + } else { + client_register_global_confirm(ssh_confirm_remote_forward, + &options.remote_forwards[i]); } - client_register_global_confirm(ssh_confirm_remote_forward, - &options.remote_forwards[i]); } /* Initiate tunnel forwarding. */ @@ -1300,6 +1312,7 @@ ssh_session(void) } /* Initiate port forwardings. */ + ssh_init_stdio_forwarding(); ssh_init_forwarding(); /* Execute a local command */ @@ -1381,6 +1394,10 @@ ssh_session2_setup(int id, int success, void *arg) packet_send(); } + /* Tell the packet module whether this is an interactive session. */ + packet_set_interactive(interactive, + options.ip_qos_interactive, options.ip_qos_bulk); + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), NULL, fileno(stdin), &command, environ); } @@ -1479,15 +1496,18 @@ ssh_session2(void) int id = -1; /* XXX should be pre-session */ + if (!options.control_persist) + ssh_init_stdio_forwarding(); ssh_init_forwarding(); /* Start listening for multiplex clients */ muxserver_listen(); /* - * If we are in control persist mode, then prepare to background - * ourselves and have a foreground client attach as a control - * slave. NB. we must save copies of the flags that we override for + * If we are in control persist mode and have a working mux listen + * socket, then prepare to background ourselves and have a foreground + * client attach as a control slave. + * NB. we must save copies of the flags that we override for * the backgrounding, since we defer attachment of the slave until * after the connection is fully established (in particular, * async rfwd replies have been received for ExitOnForwardFailure). @@ -1504,6 +1524,12 @@ ssh_session2(void) need_controlpersist_detach = 1; fork_after_authentication_flag = 1; } + /* + * ControlPersist mux listen socket setup failed, attempt the + * stdio forward setup that we skipped earlier. + */ + if (options.control_persist && muxserver_sock == -1) + ssh_init_stdio_forwarding(); if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 4f7b7a1..1c4e9f0 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -46,4 +46,4 @@ # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com -# VersionAddendum FreeBSD-20111001 +# VersionAddendum FreeBSD-20120901 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 0df39e9..0736be1 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.153 2011/08/02 01:22:11 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $ .\" $FreeBSD$ -.Dd August 2, 2011 +.Dd June 29 2012 .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -613,7 +613,7 @@ offers many different identities. The default is .Dq no . .It Cm IdentityFile -Specifies a file from which the user's DSA, ECDSA or DSA authentication +Specifies a file from which the user's DSA, ECDSA or RSA authentication identity is read. The default is .Pa ~/.ssh/identity @@ -659,7 +659,7 @@ Accepted values are .Dq af11 , .Dq af12 , .Dq af13 , -.Dq af14 , +.Dq af21 , .Dq af22 , .Dq af23 , .Dq af31 , @@ -794,9 +794,8 @@ Multiple algorithms must be comma-separated. The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, -hmac-ripemd160,hmac-sha1-96,hmac-md5-96, -hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512, -hmac-sha2-512-96 +hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, +hmac-sha1-96,hmac-md5-96 .Ed .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. @@ -1217,7 +1216,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20111001 . +.Dq FreeBSD-20120901 . .It Cm VisualHostKey If this flag is set to .Dq yes , diff --git a/crypto/openssh/ssh_namespace.h b/crypto/openssh/ssh_namespace.h index 030cff7..f5935e6 100644 --- a/crypto/openssh/ssh_namespace.h +++ b/crypto/openssh/ssh_namespace.h @@ -7,8 +7,7 @@ * * A list of symbols which need munging is obtained as follows: * - * nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { print "#define " $3 "\t\tssh_" $3 }' - * + * nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { printf("#define %-39s ssh_%s\n", $3, $3) }' | unexpand -a | sort * $FreeBSD$ */ @@ -96,6 +95,7 @@ #define channel_after_select ssh_channel_after_select #define channel_by_id ssh_channel_by_id #define channel_cancel_cleanup ssh_channel_cancel_cleanup +#define channel_cancel_lport_listener ssh_channel_cancel_lport_listener #define channel_cancel_rport_listener ssh_channel_cancel_rport_listener #define channel_clear_adm_permitted_opens ssh_channel_clear_adm_permitted_opens #define channel_clear_permitted_opens ssh_channel_clear_permitted_opens @@ -104,6 +104,7 @@ #define channel_connect_by_listen_address ssh_channel_connect_by_listen_address #define channel_connect_stdio_fwd ssh_channel_connect_stdio_fwd #define channel_connect_to ssh_channel_connect_to +#define channel_disable_adm_local_opens ssh_channel_disable_adm_local_opens #define channel_find_open ssh_channel_find_open #define channel_free ssh_channel_free #define channel_free_all ssh_channel_free_all @@ -145,6 +146,7 @@ #define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener #define channel_still_open ssh_channel_still_open #define channel_stop_listening ssh_channel_stop_listening +#define channel_update_permitted_opens ssh_channel_update_permitted_opens #define check_key_in_hostkeys ssh_check_key_in_hostkeys #define choose_dh ssh_choose_dh #define chop ssh_chop @@ -238,7 +240,6 @@ #define hpdelim ssh_hpdelim #define incoming_stream ssh_incoming_stream #define init_hostkeys ssh_init_hostkeys -#define init_rng ssh_init_rng #define iptos2str ssh_iptos2str #define ipv64_normalise_mapped ssh_ipv64_normalise_mapped #define kex_derive_keys ssh_kex_derive_keys @@ -339,7 +340,6 @@ #define packet_add_padding ssh_packet_add_padding #define packet_backup_state ssh_packet_backup_state #define packet_close ssh_packet_close -#define packet_connection_is_ipv4 ssh_packet_connection_is_ipv4 #define packet_connection_is_on_socket ssh_packet_connection_is_on_socket #define packet_disconnect ssh_packet_disconnect #define packet_get_bignum ssh_packet_get_bignum @@ -382,7 +382,6 @@ #define packet_put_string ssh_packet_put_string #define packet_read ssh_packet_read #define packet_read_expect ssh_packet_read_expect -#define packet_read_poll ssh_packet_read_poll #define packet_read_poll_seqnr ssh_packet_read_poll_seqnr #define packet_read_seqnr ssh_packet_read_seqnr #define packet_remaining ssh_packet_remaining @@ -412,6 +411,7 @@ #define percent_expand ssh_percent_expand #define permanently_drop_suid ssh_permanently_drop_suid #define permanently_set_uid ssh_permanently_set_uid +#define permitopen_port ssh_permitopen_port #define pkcs11_add_provider ssh_pkcs11_add_provider #define pkcs11_del_provider ssh_pkcs11_del_provider #define pkcs11_init ssh_pkcs11_init diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index f073178..0076d11 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -582,10 +582,12 @@ ssh_exchange_identification(int timeout_ms) (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, remote_major); /* Send our own protocol version identification. */ - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s%s%s%s", compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, compat20 ? PROTOCOL_MINOR_2 : minor1, - ssh_version_get(options.hpn_disabled), compat20 ? "\r\n" : "\n"); + SSH_VERSION, options.hpn_disabled ? "" : SSH_VERSION_HPN, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, compat20 ? "\r\n" : "\n"); if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf)) fatal("write: %.100s", strerror(errno)); diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index f451644..c96704f 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.188 2011/05/24 07:15:47 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.189 2012/06/22 12:30:26 dtucker Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -1927,8 +1927,6 @@ authmethod_get(char *authlist) return current; } } - if (name != NULL) - xfree(name); } static char * diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 70d34c7..d3c980a 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.263 2011/08/02 01:22:11 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.266 2012/06/18 12:07:07 dtucker Exp $ .\" $FreeBSD$ -.Dd August 2, 2011 +.Dd June 18 2012 .Dt SSHD 8 .Os .Sh NAME @@ -115,6 +115,8 @@ The connection parameters are supplied as keyword=value pairs. The keywords are .Dq user , .Dq host , +.Dq laddr , +.Dq lport , and .Dq addr . All are required and may be supplied in any order, either with multiple @@ -611,6 +613,9 @@ Multiple options may be applied separated by commas. No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. +A port specification of +.Cm * +matches any port. .It Cm principals="principals" On a .Cm cert-authority @@ -884,7 +889,7 @@ rlogin/rsh. .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys. +These files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that @@ -895,7 +900,7 @@ does not start if these files are group/world-accessible. .It Pa /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_rsa_key.pub -These three files contain the public parts of the host keys. +These files contain the public parts of the host keys. These files should be world-readable but writable only by root. Their contents should match the respective private parts. diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index fa79b63..937ad1e 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.385 2011/06/23 09:34:13 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -251,6 +251,7 @@ int startup_pipe; /* in child */ /* variables used for privilege separation */ int use_privsep = -1; struct monitor *pmonitor = NULL; +int privsep_is_preauth = 1; /* global authentication context */ Authctxt *the_authctxt = NULL; @@ -430,9 +431,12 @@ sshd_exchange_identification(int sock_in, int sock_out) major = PROTOCOL_MAJOR_1; minor = PROTOCOL_MINOR_1; } - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, - ssh_version_get(options.hpn_disabled), newline); - server_version_string = xstrdup(buf); + + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", + major, minor, SSH_VERSION, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); /* Send our protocol version identification. */ if (roaming_atomicio(vwrite, sock_out, server_version_string, @@ -644,7 +648,7 @@ privsep_preauth(Authctxt *authctxt) /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; - if (use_privsep == PRIVSEP_SANDBOX) + if (use_privsep == PRIVSEP_ON) box = ssh_sandbox_init(); pid = fork(); if (pid == -1) { @@ -652,9 +656,9 @@ privsep_preauth(Authctxt *authctxt) } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); + pmonitor->m_pid = pid; if (box != NULL) ssh_sandbox_parent_preauth(box, pid); - pmonitor->m_pid = pid; monitor_child_preauth(authctxt, pmonitor); /* Sync memory */ @@ -662,10 +666,13 @@ privsep_preauth(Authctxt *authctxt) /* Wait for the child's exit status */ while (waitpid(pid, &status, 0) < 0) { - if (errno != EINTR) - fatal("%s: waitpid: %s", __func__, - strerror(errno)); + if (errno == EINTR) + continue; + pmonitor->m_pid = -1; + fatal("%s: waitpid: %s", __func__, strerror(errno)); } + privsep_is_preauth = 0; + pmonitor->m_pid = -1; if (WIFEXITED(status)) { if (WEXITSTATUS(status) != 0) fatal("%s: preauth child exited with status %d", @@ -893,8 +900,14 @@ drop_connection(int startups) static void usage(void) { - fprintf(stderr, "%s, %s\n", - ssh_version_get(0), SSLeay_version(SSLEAY_VERSION)); + if (options.version_addendum && *options.version_addendum != '\0') + fprintf(stderr, "%s%s %s, %s\n", + SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN, + options.version_addendum, SSLeay_version(SSLEAY_VERSION)); + else + fprintf(stderr, "%s%s, %s\n", + SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN, + SSLeay_version(SSLEAY_VERSION)); fprintf(stderr, "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" " [-f config_file] [-g login_grace_time] [-h host_key_file]\n" @@ -1189,7 +1202,10 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) if (*newsock < 0) { if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK) - error("accept: %.100s", strerror(errno)); + error("accept: %.100s", + strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + usleep(100 * 1000); continue; } if (unset_nonblock(*newsock) == -1) { @@ -1335,14 +1351,14 @@ main(int ac, char **av) int opt, i, j, on = 1; int sock_in = -1, sock_out = -1, newsock = -1; const char *remote_ip; - char *test_user = NULL, *test_host = NULL, *test_addr = NULL; int remote_port; - char *line, *p, *cp; + char *line; int config_s[2] = { -1 , -1 }; u_int64_t ibytes, obytes; mode_t new_umask; Key *key; Authctxt *authctxt; + struct connection_info *connection_info = get_connection_info(0, 0); #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); @@ -1464,20 +1480,9 @@ main(int ac, char **av) test_flag = 2; break; case 'C': - cp = optarg; - while ((p = strsep(&cp, ",")) && *p != '\0') { - if (strncmp(p, "addr=", 5) == 0) - test_addr = xstrdup(p + 5); - else if (strncmp(p, "host=", 5) == 0) - test_host = xstrdup(p + 5); - else if (strncmp(p, "user=", 5) == 0) - test_user = xstrdup(p + 5); - else { - fprintf(stderr, "Invalid test " - "mode specification %s\n", p); - exit(1); - } - } + if (parse_server_match_testspec(connection_info, + optarg) == -1) + exit(1); break; case 'u': utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); @@ -1489,7 +1494,7 @@ main(int ac, char **av) case 'o': line = xstrdup(optarg); if (process_server_config_line(&options, line, - "command-line", 0, NULL, NULL, NULL, NULL) != 0) + "command-line", 0, NULL, NULL) != 0) exit(1); xfree(line); break; @@ -1526,7 +1531,7 @@ main(int ac, char **av) * root's environment */ if (getenv("KRB5CCNAME") != NULL) - unsetenv("KRB5CCNAME"); + (void) unsetenv("KRB5CCNAME"); #ifdef _UNICOS /* Cray can define user privs drop all privs now! @@ -1545,13 +1550,10 @@ main(int ac, char **av) * the parameters we need. If we're not doing an extended test, * do not silently ignore connection test params. */ - if (test_flag >= 2 && - (test_user != NULL || test_host != NULL || test_addr != NULL) - && (test_user == NULL || test_host == NULL || test_addr == NULL)) + if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0) fatal("user, host and addr are all required when testing " "Match configs"); - if (test_flag < 2 && (test_user != NULL || test_host != NULL || - test_addr != NULL)) + if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0) fatal("Config test connection parameter (-C) provided without " "test mode (-T)"); @@ -1563,7 +1565,7 @@ main(int ac, char **av) load_server_config(config_file_name, &cfg); parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, - &cfg, NULL, NULL, NULL); + &cfg, NULL); seed_rng(); @@ -1583,7 +1585,11 @@ main(int ac, char **av) exit(1); } - debug("sshd version %.100s", ssh_version_get(options.hpn_disabled)); + debug("sshd version %.100s%.100s%s%.100s", + SSH_RELEASE, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum); /* Store privilege separation user for later use if required. */ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { @@ -1725,9 +1731,8 @@ main(int ac, char **av) } if (test_flag > 1) { - if (test_user != NULL && test_addr != NULL && test_host != NULL) - parse_server_match_config(&options, test_user, - test_host, test_addr); + if (server_match_spec_complete(connection_info) == 1) + parse_server_match_config(&options, connection_info); dump_config(&options); } @@ -2415,8 +2420,16 @@ do_ssh2_kex(void) void cleanup_exit(int i) { - if (the_authctxt) + if (the_authctxt) { do_cleanup(the_authctxt); + if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) { + debug("Killing privsep child %d", pmonitor->m_pid); + if (kill(pmonitor->m_pid, SIGKILL) != 0 && + errno != ESRCH) + error("%s: kill(%d): %s", __func__, + pmonitor->m_pid, strerror(errno)); + } + } #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ if (!use_privsep || mm_is_monitor()) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 31c44b2..48345f5 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ +# $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ # $FreeBSD$ # This is the sshd server system-wide configuration file. See @@ -14,8 +14,6 @@ # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. -#VersionAddendum FreeBSD-20111001 - #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 @@ -55,6 +53,8 @@ # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedPrincipalsFile none + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -103,7 +103,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -113,6 +113,7 @@ AuthorizedKeysFile .ssh/authorized_keys #MaxStartups 10 #PermitTunnel no #ChrootDirectory none +#VersionAddendum FreeBSD-20120901 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 19c615e..ae551ec 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $ .\" $FreeBSD$ -.Dd August 2, 2011 +.Dd June 29 2012 .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -199,7 +199,9 @@ After expansion, is taken to be an absolute path or one relative to the user's home directory. .Pp -The default is not to use a principals file \(en in this case, the username +The default is +.Dq none , +i.e. not to use a principals file \(en in this case, the username of the user must appear in a certificate's principals list for it to be accepted. Note that @@ -520,7 +522,7 @@ Accepted values are .Dq af11 , .Dq af12 , .Dq af13 , -.Dq af14 , +.Dq af21 , .Dq af22 , .Dq af23 , .Dq af31 , @@ -656,9 +658,8 @@ Multiple algorithms must be comma-separated. The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, -hmac-ripemd160,hmac-sha1-96,hmac-md5-96, -hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, -hmac-sha2-512-96 +hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, +hmac-sha1-96,hmac-md5-96 .Ed .It Cm Match Introduces a conditional block. @@ -676,6 +677,8 @@ The available criteria are .Cm User , .Cm Group , .Cm Host , +.Cm LocalAddress , +.Cm LocalPort , and .Cm Address . The match patterns may consist of single entries or comma-separated @@ -704,12 +707,17 @@ Only a subset of keywords may be used on the lines following a .Cm Match keyword. Available keywords are +.Cm AcceptEnv , .Cm AllowAgentForwarding , +.Cm AllowGroups , .Cm AllowTcpForwarding , +.Cm AllowUsers , .Cm AuthorizedKeysFile , .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm ChrootDirectory , +.Cm DenyGroups , +.Cm DenyUsers , .Cm ForceCommand , .Cm GatewayPorts , .Cm GSSAPIAuthentication , @@ -801,6 +809,9 @@ Multiple forwards may be specified by separating them with whitespace. An argument of .Dq any can be used to remove all restrictions and permit any forwarding requests. +An argument of +.Dq none +can be used to prohibit all forwarding requests. By default all port forwarding requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using @@ -1084,7 +1095,7 @@ the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is -.Dq yes . +.Dq sandbox . If .Cm UsePrivilegeSeparation is set to @@ -1092,10 +1103,10 @@ is set to then the pre-authentication unprivileged process is subject to additional restrictions. .It Cm VersionAddendum -Specifies a string to append to the regular version string to identify -OS- or site-specific modifications. +Optionally specifies additional text to append to the SSH protocol banner +sent by the server upon connection. The default is -.Dq FreeBSD-20111001 . +.Dq FreeBSD-20120901 . .It Cm X11DisplayOffset Specifies the first display number available for .Xr sshd 8 Ns 's diff --git a/crypto/openssh/umac.c b/crypto/openssh/umac.c index 92902bc..e78d2cc 100644 --- a/crypto/openssh/umac.c +++ b/crypto/openssh/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.3 2008/05/12 20:52:20 pvalchev Exp $ */ +/* $OpenBSD: umac.c,v 1.4 2011/10/19 10:39:48 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -316,7 +316,7 @@ static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) typedef struct { UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */ - UINT8 data [HASH_BUF_BYTES]; /* Incomming data buffer */ + UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */ int next_data_empty; /* Bookeeping variable for data buffer. */ int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorperated. */ UINT64 state[STREAMS]; /* on-line state */ diff --git a/crypto/openssh/version.c b/crypto/openssh/version.c deleted file mode 100644 index 2f46794..0000000 --- a/crypto/openssh/version.c +++ /dev/null @@ -1,95 +0,0 @@ -/*- - * Copyright (c) 2001 Brian Fundakowski Feldman - * Copyright (c) 2012 Eygene Ryabinkin <rea@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -#include "includes.h" -__RCSID("$FreeBSD$"); - -#include <string.h> - -#include "version.h" -#include "xmalloc.h" - - -static char *version = NULL; -/* NULL means "use default value", empty string means "unset" */ -static const char *addendum = NULL; -static unsigned char update_version = 1; - -/* - * Constructs the version string if it is empty or needs updating. - * - * HPN patch we're running requires both parties - * to have the "hpn" string inside the advertized version - * (see compat.c::compat_datafellows), so we should - * include it to the generated string if HPN is enabled. - */ -const char * -ssh_version_get(int hpn_disabled) -{ - const char *hpn = NULL, *add = NULL; - char *newvers = NULL; - size_t size = 0; - - if (version != NULL && !update_version) - return (version); - - hpn = (hpn_disabled ? NULL : SSH_VERSION_HPN); - add = (addendum == NULL ? SSH_VERSION_ADDENDUM : - (addendum[0] == '\0' ? NULL : addendum)); - - size = strlen(SSH_VERSION_BASE) + (hpn ? strlen(hpn) : 0) + - (add ? strlen(add) + 1 : 0) + 1; - newvers = xmalloc(size); - strcpy(newvers, SSH_VERSION_BASE); - if (hpn) - strcat(newvers, hpn); - if (add) { - strcat(newvers, " "); - strcat(newvers, add); - } - - if (version) - xfree(version); - version = newvers; - update_version = 0; - - return (version); -} - -void -ssh_version_set_addendum(const char *add) -{ - if (add && addendum && !strcmp(add, addendum)) - return; - - if (addendum) - xfree((void *)addendum); - addendum = (add ? xstrdup(add) : xstrdup("")); - - update_version = 1; -} diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 129aad4..5ed6dd2 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,13 +1,10 @@ -/* $OpenBSD: version.h,v 1.62 2011/08/02 23:13:01 djm Exp $ */ +/* $OpenBSD: version.h,v 1.65 2012/07/22 18:19:21 markus Exp $ */ /* $FreeBSD$ */ -#ifndef _VERSION_H_ -#define _VERSION_H_ +#define SSH_VERSION "OpenSSH_6.1" -#define SSH_VERSION_BASE "OpenSSH_5.9p1" -#define SSH_VERSION_ADDENDUM "FreeBSD-20111001" -#define SSH_VERSION_HPN "_hpn13v11" +#define SSH_PORTABLE "p1" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE -const char *ssh_version_get(int hpn_disabled); -void ssh_version_set_addendum(const char *); -#endif /* _VERSION_H_ */ +#define SSH_VERSION_FREEBSD "FreeBSD-20120901" +#define SSH_VERSION_HPN "_hpn13v11" |