diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2017-08-03 10:10:20 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2017-08-03 10:10:20 +0000 |
| commit | 343d57711556d429eda777ab259ff924acbd6b34 (patch) | |
| tree | 0c8ee260ab0112046d9f1d588d0c2845ce82f16b | |
| parent | 19ca85510bbe080af3faf5e9ae394608428ac953 (diff) | |
| download | src-343d57711556d429eda777ab259ff924acbd6b34.tar.gz src-343d57711556d429eda777ab259ff924acbd6b34.zip | |
Vendor import of OpenSSH 7.5p1.vendor/openssh/7.5p1
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=321987
svn path=/vendor-crypto/openssh/7.5p1/; revision=321988; tag=vendor/openssh/7.5p1
72 files changed, 2471 insertions, 2616 deletions
diff --git a/ChangeLog b/ChangeLog index d48aba33cfcf..48f648d78fe3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,1174 @@ +commit d38f05dbdd291212bc95ea80648b72b7177e9f4e +Author: Darren Tucker <dtucker@zip.com.au> +Date: Mon Mar 20 13:38:27 2017 +1100 + + Add llabs() implementation. + +commit 72536316a219b7394996a74691a5d4ec197480f7 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 12:23:04 2017 +1100 + + crank version numbers + +commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Mar 20 01:18:59 2017 +0000 + + upstream commit + + openssh-7.5 + + Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 + +commit db84e52fe9cfad57f22e7e23c5fbf00092385129 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 12:07:20 2017 +1100 + + I'm a doofus. + + Unbreak obvious syntax error. + +commit 89f04852db27643717c9c3a2b0dde97ae50099ee +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 11:53:34 2017 +1100 + + on Cygwin, check paths from server for backslashes + + Pointed out by Jann Horn of Google Project Zero + +commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 11:48:34 2017 +1100 + + Yet another synonym for ASCII: "646" + + Used by NetBSD; this unbreaks mprintf() and friends there for the C + locale (caught by dtucker@ and his menagerie of test systems). + +commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 09:58:34 2017 +1100 + + create test mux socket in /tmp + + Creating the socket in $OBJ could blow past the (quite limited) + path limit for Unix domain sockets. As a bandaid for bz#2660, + reported by Colin Watson; ok dtucker@ + +commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Mar 15 07:07:39 2017 +0000 + + upstream commit + + disallow KEXINIT before NEWKEYS; ok djm; report by + vegard.nossum at oracle.com + + Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 + +commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c +Author: Darren Tucker <dtucker@zip.com.au> +Date: Thu Mar 16 14:05:46 2017 +1100 + + Include includes.h for compat bits. + +commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad +Author: Darren Tucker <dtucker@zip.com.au> +Date: Thu Mar 16 13:45:17 2017 +1100 + + Wrap stdint.h in #ifdef HAVE_STDINT_H + +commit 55a1117d7342a0bf8b793250cf314bab6b482b99 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 16 11:22:42 2017 +1100 + + Adapt Cygwin config script to privsep knob removal + + Patch from Corinna Vinschen. + +commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Mar 15 03:52:30 2017 +0000 + + upstream commit + + accidents happen to the best of us; ok djm + + Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 + +commit 25f837646be8c2017c914d34be71ca435dfc0e07 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 15 02:25:09 2017 +0000 + + upstream commit + + fix regression in 7.4: deletion of PKCS#11-hosted keys + would fail unless they were specified by full physical pathname. Report and + fix from Jakub Jelen via bz#2682; ok dtucker@ + + Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 + +commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 15 02:19:09 2017 +0000 + + upstream commit + + Fix segfault when sshd attempts to load RSA1 keys (can + only happen when protocol v.1 support is enabled for the client). Reported by + Jakub Jelen in bz#2686; ok dtucker + + Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 + +commit 66705948c0639a7061a0d0753266da7685badfec +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 14 07:19:07 2017 +0000 + + upstream commit + + Mark the sshd_config UsePrivilegeSeparation option as + deprecated, effectively making privsep mandatory in sandboxing mode. ok + markus@ deraadt@ + + (note: this doesn't remove the !privsep code paths, though that will + happen eventually). + + Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a + +commit f86586b03fe6cd8f595289bde200a94bc2c191af +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 18:26:29 2017 +1100 + + Make seccomp-bpf sandbox work on Linux/X32 + + Allow clock_gettime syscall with X32 bit masked off. Apparently + this is required for at least some kernel versions. bz#2142 + Patch mostly by Colin Watson. ok dtucker@ + +commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 18:01:52 2017 +1100 + + require OpenSSL >=1.0.1 + +commit e3ea335abeab731c68f2b2141bee85a4b0bf680f +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 17:48:43 2017 +1100 + + Remove macro trickery; no binary change + + This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros + prepending __NR_ to the syscall number parameter and just makes + them explicit in the macro invocations. + + No binary change in stripped object file before/after. + +commit 5f1596e11d55539678c41f68aed358628d33d86f +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 13:15:18 2017 +1100 + + support ioctls for ICA crypto card on Linux/s390 + + Based on patch from Eduardo Barretto; ok dtucker@ + +commit b1b22dd0df2668b322dda174e501dccba2cf5c44 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Tue Mar 14 14:19:36 2017 +1100 + + Plumb conversion test into makefile. + +commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 01:20:29 2017 +0000 + + upstream commit + + Add unit test for convtime(). + + Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 + +commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 01:10:07 2017 +0000 + + upstream commit + + Add ASSERT_LONG_* helpers. + + Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 + +commit c6774d21185220c0ba11e8fd204bf0ad1a432071 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 00:55:37 2017 +0000 + + upstream commit + + Fix convtime() overflow test on boundary condition, + spotted by & ok djm. + + Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 + +commit f5746b40cfe6d767c8e128fe50c43274b31cd594 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 00:25:03 2017 +0000 + + upstream commit + + Check for integer overflow when parsing times in + convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ + + Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 + +commit f5907982f42a8d88a430b8a46752cbb7859ba979 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Tue Mar 14 13:38:15 2017 +1100 + + Add a "unit" target to run only unit tests. + +commit 9e96b41682aed793fadbea5ccd472f862179fb02 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 12:24:47 2017 +1100 + + Fix weakness in seccomp-bpf sandbox arg inspection + + Syscall arguments are passed via an array of 64-bit values in struct + seccomp_data, but we were only inspecting the bottom 32 bits and not + even those correctly for BE systems. + + Fortunately, the only case argument inspection was used was in the + socketcall filtering so using this for sandbox escape seems + impossible. + + ok dtucker + +commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Mar 11 23:44:16 2017 +0000 + + upstream commit + + regress tests for loading certificates without public keys; + bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ + + Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 + +commit 1e24552716194db8f2f620587b876158a9ef56ad +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Mar 11 23:40:26 2017 +0000 + + upstream commit + + allow ssh to use certificates accompanied by a private + key file but no corresponding plain *.pub public key. bz#2617 based on patch + from Adam Eijdenberg; ok dtucker@ markus@ + + Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 + +commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e +Author: markus@openbsd.org <markus@openbsd.org> +Date: Sat Mar 11 13:07:35 2017 +0000 + + upstream commit + + Don't count the initial block twice when computing how + many bytes to discard for the work around for the attacks against CBC-mode. + ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL + + Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 + +commit ef653dd5bd5777132d9f9ee356225f9ee3379504 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 07:18:32 2017 +0000 + + upstream commit + + krl.c + + Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 + +commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Mar 12 10:48:14 2017 +1100 + + sync fmt_scaled.c with OpenBSD + + revision 1.13 + date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; + fix signed integer overflow in scan_scaled. Found by Nicolas Iooss + using AFL against ssh_config. ok deraadt@ millert@ + ---------------------------- + revision 1.12 + date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; + fairly simple unsigned char casts for ctype + ok krw + ---------------------------- + revision 1.11 + date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; + make scan_scaled set errno to EINVAL rather than ERANGE if it encounters + an invalid multiplier, like the man page says it should + + "looks sensible" deraadt@, ok ian@ + ---------------------------- + revision 1.10 + date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; + use llabs instead of the home-grown version; and some comment changes + ok ian@, millert@ + ---------------------------- + +commit 894221a63fa061e52e414ca58d47edc5fe645968 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 05:01:13 2017 +0000 + + upstream commit + + When updating hostkeys, accept RSA keys if + HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA + keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms + nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok + dtucker@ + + Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 + +commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:24:55 2017 +0000 + + upstream commit + + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ + + Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 + +commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:52:48 2017 +0000 + + upstream commit + + reword a comment to make it fit 80 columns + + Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 + +commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:27:32 2017 +0000 + + upstream commit + + better match sshd config parser behaviour: fatal() if + line is overlong, increase line buffer to match sshd's; bz#2651 reported by + Don Fong; ok dtucker@ + + Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 + +commit db2597207e69912f2592cd86a1de8e948a9d7ffb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:26:06 2017 +0000 + + upstream commit + + ensure hostname is lower-case before hashing it; + bz#2591 reported by Griff Miller II; ok dtucker@ + + Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 + +commit df9936936c695f85c1038bd706d62edf752aca4b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:24:55 2017 +0000 + + upstream commit + + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ + + Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 + +commit 67eed24bfa7645d88fa0b883745fccb22a0e527e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 04:11:00 2017 +0000 + + upstream commit + + Remove old null check from config dumper. Patch from + jjelen at redhat.com vi bz#2687, ok djm@ + + Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 + +commit 183ba55aaaecca0206184b854ad6155df237adbe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:07:20 2017 +0000 + + upstream commit + + fix regression in 7.4 server-sig-algs, where we were + accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno + Goncalves; ok dtucker@ + + Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 + +commit 66be4fe8c4435af5bbc82998501a142a831f1181 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:53:11 2017 +0000 + + upstream commit + + Check for NULL return value from key_new. Patch from + jjelen at redhat.com via bz#2687, ok djm@ + + Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e + +commit ec2892b5c7fea199914cb3a6afb3af38f84990bf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:52:48 2017 +0000 + + upstream commit + + reword a comment to make it fit 80 columns + + Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 + +commit 7fadbb6da3f4122de689165651eb39985e1cba85 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:48:57 2017 +0000 + + upstream commit + + Check for NULL argument to sshkey_read. Patch from + jjelen at redhat.com via bz#2687, ok djm@ + + Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e + +commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:45:40 2017 +0000 + + upstream commit + + Plug some mem leaks mostly on error paths. From jjelen + at redhat.com via bz#2687, ok djm@ + + Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 + +commit f6edbe9febff8121f26835996b1229b5064d31b7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:24:48 2017 +0000 + + upstream commit + + Plug mem leak on GLOB_NOMATCH case. From jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d + +commit 566b3a46e89a2fda2db46f04f2639e92da64a120 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:22:40 2017 +0000 + + upstream commit + + Plug descriptor leaks of auth_sock. From jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 + +commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:18:24 2017 +0000 + + upstream commit + + correctly hash hosts with a port number. Reported by Josh + Powers in bz#2692; ok dtucker@ + + Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 + +commit 9747b9c742de409633d4753bf1a752cbd211e2d3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:15:58 2017 +0000 + + upstream commit + + don't truncate off \r\n from long stderr lines; bz#2688, + reported by Brian Dyson; ok dtucker@ + + Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 + +commit 4a4b75adac862029a1064577eb5af299b1580cdd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 02:59:51 2017 +0000 + + upstream commit + + Validate digest arg in ssh_digest_final; from jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 + +commit bee0167be2340d8de4bdc1ab1064ec957c85a447 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Fri Mar 10 13:40:18 2017 +1100 + + Check for NULL from malloc. + + Part of bz#2687, from jjelen at redhat.com. + +commit da39b09d43b137a5a3d071b51589e3efb3701238 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Fri Mar 10 13:22:32 2017 +1100 + + If OSX is using launchd, remove screen no. + + Check for socket with and without screen number. From Apple and Jakob + Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ + +commit 8fb15311a011517eb2394bb95a467c209b8b336c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 8 12:07:47 2017 +0000 + + upstream commit + + quote [host]:port in generated ProxyJump commandline; the + [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri + Tirkkonen via bugs@ + + Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 + +commit 18501151cf272a15b5f2c5e777f2e0933633c513 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 6 02:03:20 2017 +0000 + + upstream commit + + Check l->hosts before dereferencing; fixes potential null + pointer deref. ok djm@ + + Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 + +commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 6 00:44:51 2017 +0000 + + upstream commit + + linenum is unsigned long so use %lu in log formats. ok + deraadt@ + + Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 + +commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 3 06:13:11 2017 +0000 + + upstream commit + + fix ssh-keygen -H accidentally corrupting known_hosts that + contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by + hostkeys_foreach() when hostname matching is in use, so we need to look for + the hash marker explicitly. + + Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 + +commit d7abb771bd5a941b26144ba400a34563a1afa589 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 28 06:10:08 2017 +0000 + + upstream commit + + small memleak: free fd_set on connection timeout (though + we are heading to exit anyway). From Tom Rix in bz#2683 + + Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 + +commit 78142e3ab3887e53a968d6e199bcb18daaf2436e +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Feb 27 14:30:33 2017 +0000 + + upstream commit + + errant dot; from klemens nanni + + Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 + +commit 8071a6924c12bb51406a9a64a4b2892675112c87 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 24 03:16:34 2017 +0000 + + upstream commit + + might as well set the listener socket CLOEXEC + + Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 + +commit d5499190559ebe374bcdfa8805408646ceffad64 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Feb 19 00:11:29 2017 +0000 + + upstream commit + + add test cases for C locale; ok schwarze@ + + Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 + +commit 011c8ffbb0275281a0cf330054cf21be10c43e37 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Feb 19 00:10:57 2017 +0000 + + upstream commit + + Add a common nl_langinfo(CODESET) alias for US-ASCII + "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for + non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ + + Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 + +commit 0c4430a19b73058a569573492f55e4c9eeaae67b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 7 23:03:11 2017 +0000 + + upstream commit + + Remove deprecated SSH1 options RSAAuthentication and + RhostsRSAAuthentication from regression test sshd_config. + + Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 + +commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 17 02:32:05 2017 +0000 + + upstream commit + + Do not show rsa1 key type in usage when compiled without + SSH1 support. + + Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 + +commit ecc35893715f969e98fee118481f404772de4132 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 17 02:31:14 2017 +0000 + + upstream commit + + ifdef out "rsa1" from the list of supported keytypes when + compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ + + Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f + +commit 10577c6d96a55b877a960b2d0b75edef1b9945af +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 17 02:04:15 2017 +0000 + + upstream commit + + For ProxyJump/-J, surround host name with brackets to + allow literal IPv6 addresses. From Dick Visser; ok dtucker@ + + Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 + +commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Wed Feb 15 23:38:31 2017 +0000 + + upstream commit + + Fix memory leaks in match_filter_list() error paths. + + ok dtucker@ markus@ + + Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e + +commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 15 01:46:47 2017 +0000 + + upstream commit + + fix division by zero crash in "df" output when server + returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok + dtucker@ + + Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f + +commit bd5d7d239525d595ecea92765334af33a45d9d63 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Sun Feb 12 15:45:15 2017 +1100 + + ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR + + EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out + for the benefit of OpenSSL versions prior to that. + +commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 04:34:50 2017 +0000 + + upstream commit + + bring back r1.34 that was backed out for problems loading + public keys: + + translate OpenSSL error codes to something more + meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ + + with additional fix from Jakub Jelen to solve the backout. + bz#2525 bz#2523 re-ok dtucker@ + + Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 + +commit a287c5ad1e0bf9811c7b9221979b969255076019 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 03:36:40 2017 +0000 + + upstream commit + + Sanitise escape sequences in key comments sent to printf + but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ + + Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e + +commit e40269be388972848aafcca7060111c70aab5b87 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Wed Feb 8 20:32:43 2017 +0000 + + upstream commit + + Avoid printf %s NULL. From semarie@, OK djm@ + + Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c + +commit 5b90709ab8704dafdb31e5651073b259d98352bc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Feb 6 09:22:51 2017 +0000 + + upstream commit + + Restore \r\n newline sequence for server ident string. The CR + got lost in the flensing of SSHv1. Pointed out by Stef Bon + + Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac + +commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:01:42 2017 +0000 + + upstream commit + + unit test for match_filter_list() function; still want a + better name for this... + + Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a + +commit f1a193464a7b77646f0d0cedc929068e4a413ab4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:05:57 2017 +0000 + + upstream commit + + use ssh_packet_set_log_preamble() to include connection + username in packet log messages, e.g. + + Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] + + ok markus@ bz#113 + + Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 + +commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:03:33 2017 +0000 + + upstream commit + + add ssh_packet_set_log_preamble() to allow inclusion of a + preamble string in disconnect messages; ok markus@ + + Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead + +commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:01:19 2017 +0000 + + upstream commit + + support =- for removing methods from algorithms lists, + e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like + it" markus@ + + Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d + +commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 05:05:56 2017 +0000 + + upstream commit + + allow form-feed characters at EOL; bz#2431 ok dtucker@ + + Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 + +commit 523db8540b720c4d21ab0ff6f928476c70c38aab +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 3 16:01:22 2017 +1100 + + prefer to use ldns-config to find libldns + + Should fix bz#2603 - "Build with ldns and without kerberos support + fails if ldns compiled with kerberos support" by including correct + cflags/libs + + ok dtucker@ + +commit c998bf0afa1a01257a53793eba57941182e9e0b7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 3 02:56:00 2017 +0000 + + upstream commit + + Make ssh_packet_set_rekey_limits take u32 for the number of + seconds until rekeying (negative values are rejected at config parse time). + This allows the removal of some casts and a signed vs unsigned comparison + warning. + + rekey_time is cast to int64 for the comparison which is a no-op + on OpenBSD, but should also do the right thing in -portable on + anything still using 32bit time_t (until the system time actually + wraps, anyway). + + some early guidance deraadt@, ok djm@ + + Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c + +commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Thu Feb 2 10:54:25 2017 +0000 + + upstream commit + + In vasnmprintf() return an error if malloc fails and + don't set a function argument to the address of free'd memory. + + ok djm@ + + Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 + +commit 858252fb1d451ebb0969cf9749116c8f0ee42753 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 1 02:59:09 2017 +0000 + + upstream commit + + Return true reason for port forwarding failures where + feasible rather than always "administratively prohibited". bz#2674, ok djm@ + + Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 + +commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jan 30 23:27:39 2017 +0000 + + upstream commit + + Small correction to the known_hosts section on when it is + updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at + sdf.org + + Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 + +commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Fri Feb 3 14:10:34 2017 +1100 + + Remove _XOPEN_SOURCE from wide char detection. + + Having _XOPEN_SOURCE unconditionally causes problems on some platforms + and configurations, notably Solaris 64-bit binaries. It was there for + the benefit of Linux put the required bits in the *-*linux* section. + + Patch from yvoinov at gmail.com. + +commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 05:22:14 2017 +0000 + + upstream commit + + fully unbreak: some $SSH invocations did not have -F + specified and could pick up the ~/.ssh/config of the user running the tests + + Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 + +commit 6956e21fb26652887475fe77ea40d2efcf25908b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 04:54:07 2017 +0000 + + upstream commit + + partially unbreak: was not specifying hostname on some + $SSH invocations + + Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc + +commit 52763dd3fe0a4678dafdf7aeb32286e514130afc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 01:03:00 2017 +0000 + + upstream commit + + revise keys/principals command hang fix (bz#2655) to + consume entire output, avoiding sending SIGPIPE to subprocesses early; ok + dtucker@ + + Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc + +commit 381a2615a154a82c4c53b787f4a564ef894fe9ac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:38:50 2017 +0000 + + upstream commit + + small cleanup post SSHv1 removal: + + remove SSHv1-isms in commented examples + + reorder token table to group deprecated and compile-time conditional tokens + better + + fix config dumping code for some compile-time conditional options that + weren't being correctly skipped (SSHv1 and PKCS#11) + + Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 + +commit 4833d01591b7eb049489d9558b65f5553387ed43 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:34:01 2017 +0000 + + upstream commit + + some explicit NULL tests when dumping configured + forwardings; from Karsten Weiss + + Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d + +commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:32:28 2017 +0000 + + upstream commit + + misplaced braces in test; from Karsten Weiss + + Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae + +commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:32:03 2017 +0000 + + upstream commit + + don't dereference authctxt before testing != NULL, it + causes compilers to make assumptions; from Karsten Weiss + + Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 + +commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:51:16 2017 +0000 + + upstream commit + + use correct ssh-add program; bz#2654, from Colin Watson + + Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 + +commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 02:26:10 2017 +0000 + + upstream commit + + Account for timeouts in the integrity tests as failures. + + If the first test in a series for a given MAC happens to modify the low + bytes of a packet length, then ssh will time out and this will be + interpreted as a test failure. Patch from cjwatson at debian.org via + bz#2658. + + Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 + +commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 02:09:25 2017 +0000 + + upstream commit + + Make forwarding test less racy by using unix domain + sockets instead of TCP ports where possible. Patch from cjwatson at + debian.org via bz#2659. + + Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 + +commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Jan 29 21:35:23 2017 +0000 + + upstream commit + + Fix typo in ~C error message for bad port forward + cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's + bugtracker. + + Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af + +commit 4ba15462ca38883b8a61a1eccc093c79462d5414 +Author: guenther@openbsd.org <guenther@openbsd.org> +Date: Sat Jan 21 11:32:04 2017 +0000 + + upstream commit + + The POSIX APIs that that sockaddrs all ignore the s*_len + field in the incoming socket, so userspace doesn't need to set it unless it + has its own reasons for tracking the size along with the sockaddr. + + ok phessler@ deraadt@ florian@ + + Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 + +commit a1187bd3ef3e4940af849ca953a1b849dae78445 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jan 6 16:28:12 2017 +0000 + + upstream commit + + keep the tokens list sorted; + + Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 + +commit b64077f9767634715402014f509e58decf1e140d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 09:27:52 2017 +0000 + + upstream commit + + fix previous + + Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 + +commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 03:53:58 2017 +0000 + + upstream commit + + show a useful error message when included config files + can't be opened; bz#2653, ok dtucker@ + + Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b + +commit 13bd2e2d622d01dc85d22b94520a5b243d006049 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 03:45:41 2017 +0000 + + upstream commit + + sshd_config is documented to set + GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. + bz#2637 ok dtucker + + Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 + +commit f89b928534c9e77f608806a217d39a2960cc7fd0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 03:41:58 2017 +0000 + + upstream commit + + Avoid confusing error message when attempting to use + ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 + + Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 + +commit 0999533014784579aa6f01c2d3a06e3e8804b680 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 02:34:54 2017 +0000 + + upstream commit + + Re-add '%k' token for AuthorizedKeysCommand which was + lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. + + Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 + +commit 51045869fa084cdd016fdd721ea760417c0a3bf3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 4 05:37:40 2017 +0000 + + upstream commit + + unbreak Unix domain socket forwarding for root; ok + markus@ + + Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 + +commit 58fca12ba967ea5c768653535604e1522d177e44 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Mon Jan 16 09:08:32 2017 +1100 + + Remove LOGIN_PROGRAM. + + UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org + +commit b108ce92aae0ca0376dce9513d953be60e449ae1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 4 02:21:43 2017 +0000 + + upstream commit + + relax PKCS#11 whitelist a bit to allow libexec as well as + lib directories. + + Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 + +commit c7995f296b9222df2846f56ecf61e5ae13d7a53d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 3 05:46:51 2017 +0000 + + upstream commit + + check number of entries in SSH2_FXP_NAME response; avoids + unreachable overflow later. Reported by Jann Horn + + Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f + +commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 30 22:08:02 2016 +0000 + + upstream commit + + fix deadlock when keys/principals command produces a lot of + output and a key is matched early; bz#2655, patch from jboning AT gmail.com + + Upstream-ID: e19456429bf99087ea994432c16d00a642060afe + +commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f +Author: Darren Tucker <dtucker@zip.com.au> +Date: Tue Dec 20 12:16:11 2016 +1100 + + Re-add missing "Prerequisites" header and fix typo + + Patch from HARUYAMA Seigo <haruyama at unixuser org>. + +commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 19 22:35:23 2016 +0000 + + upstream commit + + use standard /bin/sh equality test; from Mike Frysinger + + Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 + commit 4a354fc231174901f2629437c2a6e924a2dd6772 Author: Damien Miller <djm@mindrot.org> Date: Mon Dec 19 15:59:26 2016 +1100 @@ -8221,2046 +9392,3 @@ Date: Wed Mar 11 00:48:39 2015 +0000 add back the changes from rev 1.206, djm reverted this by mistake in rev 1.207 - -commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Mar 20 09:11:59 2015 +1100 - - remove error() accidentally inserted for debugging - - pointed out by Christian Hesse - -commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb -Author: Tim Rice <tim@multitalents.net> -Date: Mon Mar 16 22:49:20 2015 -0700 - - portability fix: Solaris systems may not have a grep that understands -q - -commit 8ef691f7d9ef500257a549d0906d78187490668f -Author: Damien Miller <djm@google.com> -Date: Wed Mar 11 10:35:26 2015 +1100 - - fix compile with clang - -commit 4df590cf8dc799e8986268d62019b487a8ed63ad -Author: Damien Miller <djm@google.com> -Date: Wed Mar 11 10:02:39 2015 +1100 - - make unit tests work for !OPENSSH_HAS_ECC - -commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 7 04:41:48 2015 +0000 - - upstream commit - - unbreak for w/SSH1 (default) case; ok markus@ deraadt@ - -commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f -Author: Damien Miller <djm@mindrot.org> -Date: Thu Mar 5 18:39:20 2015 -0800 - - unbreak hostkeys test for w/ SSH1 case - -commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 6 01:40:56 2015 +0000 - - upstream commit - - fix sshkey_certify() return value for unsupported key types; - ok markus@ deraadt@ - -commit be8f658e550a434eac04256bfbc4289457a24e99 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 15:38:03 2015 -0800 - - update version numbers to match version.h - -commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 4 23:22:35 2015 +0000 - - upstream commit - - make these work with !SSH1; ok markus@ deraadt@ - -commit 2f04af92f036b0c87a23efb259c37da98cd81fe6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 4 21:12:59 2015 +0000 - - upstream commit - - make ssh-add -D work with !SSH1 agent - -commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 00:55:48 2015 -0800 - - netcat needs poll.h portability goop - -commit dad2b1892b4c1b7e58df483a8c5b983c4454e099 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue Mar 3 22:35:19 2015 +0000 - - upstream commit - - make it possible to run tests w/o ssh1 support; ok djm@ - -commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 4 18:53:53 2015 +0000 - - upstream commit - - crank; ok markus, deraadt - -commit bbffb23daa0b002dd9f296e396a9ab8a5866b339 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 3 13:50:27 2015 -0800 - - more --without-ssh1 fixes - -commit 6c2039286f503e2012a58a1d109e389016e7a99b -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 3 13:48:48 2015 -0800 - - fix merge both that broke --without-ssh1 compile - -commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 21:21:13 2015 +0000 - - upstream commit - - add SSH1 Makefile knob to make it easier to build without - SSH1 support; ok markus@ - -commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 20:42:49 2015 +0000 - - upstream commit - - expand __unused to full __attribute__ for better portability - -commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 07:41:27 2015 +1100 - - avoid warning - -commit d1bc844322461f882b4fd2277ba9a8d4966573d2 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 06:31:45 2015 +1100 - - Revert "define __unused to nothing if not already defined" - - This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908. - - Some system headers have objects named __unused - -commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 05:02:45 2015 +1100 - - check for crypt and DES_crypt in openssl block - - fixes builds on systems that use DES_crypt; based on patch - from Roumen Petrov - -commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 04:59:13 2015 +1100 - - define __unused to nothing if not already defined - - fixes builds on BSD/OS - -commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 17:53:40 2015 +0000 - - upstream commit - - reorder logic for better portability; patch from Roumen - Petrov - -commit 68d2dfc464fbcdf8d6387884260f9801f4352393 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 06:48:58 2015 +0000 - - upstream commit - - Allow "ssh -Q protocol-version" to list supported SSH - protocol versions. Useful for detecting builds without SSH v.1 support; idea - and ok markus@ - -commit 39e2f1229562e1195169905607bc12290d21f021 -Author: millert@openbsd.org <millert@openbsd.org> -Date: Sun Mar 1 15:44:40 2015 +0000 - - upstream commit - - Make sure we only call getnameinfo() for AF_INET or AF_INET6 - sockets. getpeername() of a Unix domain socket may return without error on - some systems without actually setting ss_family so getnameinfo() was getting - called with ss_family set to AF_UNSPEC. OK djm@ - -commit e47536ba9692d271b8ad89078abdecf0a1c11707 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Feb 28 08:20:11 2015 -0800 - - portability fixes for regress/netcat.c - - Mostly avoiding "err(1, NULL)" - -commit 02973ad5f6f49d8420e50a392331432b0396c100 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Feb 28 08:05:27 2015 -0800 - - twiddle another test for portability - - from Tom G. Christensen - -commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Feb 27 15:52:49 2015 -0800 - - twiddle test for portability - -commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Feb 26 20:33:22 2015 -0800 - - make regress/netcat.c fd passing (more) portable - -commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea -Author: Damien Miller <djm@mindrot.org> -Date: Thu Feb 26 20:32:58 2015 -0800 - - create OBJ/valgrind-out before running unittests - -commit bd58853102cee739f0e115e6d4b5334332ab1442 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Feb 25 16:58:22 2015 -0800 - - valgrind support - -commit f43d17269194761eded9e89f17456332f4c83824 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Feb 26 20:45:47 2015 +0000 - - upstream commit - - don't printf NULL key comments; reported by Tom Christensen - -commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 25 23:05:47 2015 +0000 - - upstream commit - - zero cmsgbuf before use; we initialise the bits we use - but valgrind still spams warning on it - -commit a63cfa26864b93ab6afefad0b630e5358ed8edfa -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 25 19:54:02 2015 +0000 - - upstream commit - - fix small memory leak when UpdateHostkeys=no - -commit e6b950341dd75baa8526f1862bca39e52f5b879b -Author: Tim Rice <tim@multitalents.net> -Date: Wed Feb 25 09:56:48 2015 -0800 - - Revert "Work around finicky USL linker so netcat will build." - - This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b. - - No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3 - -commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 25 17:29:38 2015 +0000 - - upstream commit - - don't leak validity of user in "too many authentication - failures" disconnect message; reported by Sebastian Reitenbach - -commit 6288e3a935494df12519164f52ca5c8c65fc3ca5 -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Tue Feb 24 15:24:05 2015 +0000 - - upstream commit - - add -v (show ASCII art) to -l's synopsis; ok djm@ - -commit 678e473e2af2e4802f24dd913985864d9ead7fb3 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Feb 26 04:12:58 2015 +1100 - - Remove dependency on xmalloc. - - Remove ssh_get_progname's dependency on xmalloc, which should reduce - link order problems. ok djm@ - -commit 5d5ec165c5b614b03678afdad881f10e25832e46 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Feb 25 15:32:49 2015 +1100 - - Restrict ECDSA and ECDH tests. - - ifdef out some more ECDSA and ECDH tests when built against an OpenSSL - that does not have eliptic curve functionality. - -commit 1734e276d99b17e92d4233fac7aef3a3180aaca7 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Feb 25 13:40:45 2015 +1100 - - Move definition of _NSIG. - - _NSIG is only unsed in one file, so move it there prevent redefinition - warnings reported by Kevin Brott. - -commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Feb 25 13:17:40 2015 +1100 - - Add includes.h for compatibility stuff. - -commit 38806bda6d2e48ad32812b461eebe17672ada771 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 16:50:06 2015 -0800 - - include netdb.h to look for MAXHOSTNAMELEN; ok tim - -commit d1db656021d0cd8c001a6692f772f1de29b67c8b -Author: Tim Rice <tim@multitalents.net> -Date: Tue Feb 24 10:42:08 2015 -0800 - - Work around finicky USL linker so netcat will build. - -commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 09:23:04 2015 -0800 - - include includes.h to avoid build failure on AIX - -commit 13af342458f5064144abbb07e5ac9bbd4eb42567 -Author: Tim Rice <tim@multitalents.net> -Date: Tue Feb 24 07:56:47 2015 -0800 - - Original portability patch from djm@ for platforms missing err.h. - Fix name space clash on Solaris 10. Still more to do for Solaris 10 - to deal with msghdr structure differences. ok djm@ - -commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2 -Author: Tim Rice <tim@multitalents.net> -Date: Mon Feb 23 22:06:56 2015 -0800 - - cleaner way fix dispatch.h portion of commit - a88dd1da119052870bb2654c1a32c51971eade16 - (some systems have sig_atomic_t in signal.h, some in sys/signal.h) - Sounds good to me djm@ - -commit 676c38d7cbe65b76bbfff796861bb6615cc6a596 -Author: Tim Rice <tim@multitalents.net> -Date: Mon Feb 23 21:51:33 2015 -0800 - - portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255 - -commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6 -Author: Tim Rice <tim@multitalents.net> -Date: Mon Feb 23 21:50:34 2015 -0800 - - portablity fix: s/__inline__/inline/ - -commit 4c356308a88d309c796325bb75dce90ca16591d5 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 13:49:31 2015 +1100 - - Wrap stdint.h includes in HAVE_STDINT_H. - -commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 13:43:57 2015 +1100 - - Add AI_NUMERICSERV to fake-rfc2553. - - Our getaddrinfo implementation always returns numeric values already. - -commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 13:39:57 2015 +1100 - - Include OpenSSL's objects.h before bn.h. - - Prevents compile errors on some platforms (at least old GCCs and AIX's - XLC compilers). - -commit dcc8997d116f615195aa7c9ec019fb36c28c6228 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 12:30:59 2015 +1100 - - Convert two macros into functions. - - Convert packet_send_debug and packet_disconnect from macros to - functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with - variadic macros with only one argument so we convert these two into - functions. ok djm@ - -commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 22:21:21 2015 +0000 - - upstream commit - - further silence spurious error message even when -v is - specified (e.g. to get visual host keys); reported by naddy@ - -commit 9af21979c00652029e160295e988dea40758ece2 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 09:04:32 2015 +1100 - - don't include stdint.h unless HAVE_STDINT_H set - -commit 62f678dd51660d6f8aee1da33d3222c5de10a89e -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 09:02:54 2015 +1100 - - nother sys/queue.h -> sys-queue.h fix - - spotted by Tom Christensen - -commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 20:32:15 2015 +0000 - - upstream commit - - fix a race condition by using a mux socket rather than an - ineffectual wait statement - -commit a88dd1da119052870bb2654c1a32c51971eade16 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 06:30:29 2015 +1100 - - various include fixes for portable - -commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 16:55:51 2015 +0000 - - upstream commit - - add an XXX to remind me to improve sshkey_load_public - -commit e94e4b07ef2eaead38b085a60535df9981cdbcdb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 16:55:31 2015 +0000 - - upstream commit - - silence a spurious error message when listing - fingerprints for known_hosts; bz#2342 - -commit f2293a65392b54ac721f66bc0b44462e8d1d81f8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 16:33:25 2015 +0000 - - upstream commit - - fix setting/clearing of TTY raw mode around - UpdateHostKeys=ask confirmation question; reported by Herb Goldman - -commit f2004cd1adf34492eae0a44b1ef84e0e31b06088 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Feb 23 05:04:21 2015 +1100 - - Repair for non-ECC OpenSSL. - - Ifdef out the ECC parts when building with an OpenSSL that doesn't have - it. - -commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Feb 23 03:07:24 2015 +1100 - - Wrap stdint.h includes in ifdefs. - -commit f81f1bbc5b892c8614ea740b1f92735652eb43f0 -Author: Tim Rice <tim@multitalents.net> -Date: Sat Feb 21 18:12:10 2015 -0800 - - out of tree build fix - -commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae -Author: Tim Rice <tim@multitalents.net> -Date: Sat Feb 21 18:08:51 2015 -0800 - - mkdir kex unit test directory so testing out of tree builds works - -commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c -Author: halex@openbsd.org <halex@openbsd.org> -Date: Sat Feb 21 21:46:57 2015 +0000 - - upstream commit - - make "ssh-add -d" properly remove a corresponding - certificate, and also not whine and fail if there is none - - ok djm@ - -commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6 -Author: Damien Miller <djm@mindrot.org> -Date: Sun Feb 22 07:57:27 2015 +1100 - - mkdir hostkey and bitmap unit test directories - -commit bd49da2ef197efac5e38f5399263a8b47990c538 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 20 23:46:01 2015 +0000 - - upstream commit - - sort options useable under Match case-insensitively; prodded - jmc@ - -commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 21 20:51:02 2015 +0000 - - upstream commit - - correct paths to configuration files being written/updated; - they live in $OBJ not cwd; some by Roumen Petrov - -commit 28ba006c1acddff992ae946d0bc0b500b531ba6b -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sat Feb 21 15:41:07 2015 +1100 - - More correct checking of HAVE_DECL_AI_NUMERICSERV. - -commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sat Feb 21 15:10:33 2015 +1100 - - Add null declaration of AI_NUMERICINFO. - - Some platforms (older FreeBSD and DragonFly versions) do have - getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero - in those cases. - -commit 18a208d6a460d707a45916db63a571e805f5db46 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 20 22:40:32 2015 +0000 - - upstream commit - - more options that are available under Match; bz#2353 reported - by calestyo AT scientia.net - -commit 44732de06884238049f285f1455b2181baa7dc82 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 20 22:17:21 2015 +0000 - - upstream commit - - UpdateHostKeys fixes: - - I accidentally changed the format of the hostkeys@openssh.com messages - last week without changing the extension name, and this has been causing - connection failures for people who are running -current. First reported - by sthen@ - - s/hostkeys@openssh.com/hostkeys-00@openssh.com/ - Change the name of the proof message too, and reorder it a little. - - Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY - available to read the response) so disable UpdateHostKeys if it is in - ask mode and ControlPersist is active (and document this) - -commit 13a39414d25646f93e6d355521d832a03aaaffe2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 17 00:14:05 2015 +0000 - - upstream commit - - Regression: I broke logging of public key fingerprints in - 1.46. Pointed out by Pontus Lundkvist - -commit 773dda25e828c4c9a52f7bdce6e1e5924157beab -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jan 30 23:10:17 2015 +1100 - - repair --without-openssl; broken in refactor - -commit e89c780886b23600de1e1c8d74aabd1ff61f43f0 -Author: Damien Miller <djm@google.com> -Date: Tue Feb 17 10:04:55 2015 +1100 - - hook up hostkeys unittest to portable Makefiles - -commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:21:03 2015 +0000 - - upstream commit - - enable hostkeys unit tests - -commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:20:50 2015 +0000 - - upstream commit - - check string/memory compare arguments aren't NULL - -commit ef575ef20d09f20722e26b45dab80b3620469687 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:18:34 2015 +0000 - - upstream commit - - unit tests for hostfile.c code, just hostkeys_foreach so - far - -commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Sat Feb 14 12:43:16 2015 +0000 - - upstream commit - - test server rekey limit - -commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:30:03 2015 +0000 - - upstream commit - - partial backout of: - - revision 1.441 - date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid - : x8klYPZMJSrVlt3O; - Let sshd load public host keys even when private keys are missing. - Allows sshd to advertise additional keys for future key rotation. - Also log fingerprint of hostkeys loaded; ok markus@ - - hostkey updates now require access to the private key, so we can't - load public keys only. The improved log messages (fingerprints of keys - loaded) are kept. - -commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:13:32 2015 +0000 - - upstream commit - - Revise hostkeys@openssh.com hostkey learning extension. - - The client will not ask the server to prove ownership of the private - halves of any hitherto-unseen hostkeys it offers to the client. - - Allow UpdateHostKeys option to take an 'ask' argument to let the - user manually review keys offered. - - ok markus@ - -commit 6c5c949782d86a6e7d58006599c7685bfcd01685 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:08:57 2015 +0000 - - upstream commit - - Refactor hostkeys_foreach() and dependent code Deal with - IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing - changed ok markus@ as part of larger commit - -commit 51b082ccbe633dc970df1d1f4c9c0497115fe721 -Author: miod@openbsd.org <miod@openbsd.org> -Date: Mon Feb 16 18:26:26 2015 +0000 - - upstream commit - - Declare ge25519_base as extern, to prevent it from - becoming a common. Gets us rid of ``lignment 4 of symbol - `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in - mod_ed25519.o'' warnings at link time. - -commit 02db468bf7e3281a8e3c058ced571b38b6407c34 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Feb 13 18:57:00 2015 +0000 - - upstream commit - - make rekey_limit for sshd w/privsep work; ok djm@ - dtucker@ - -commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Feb 12 20:34:19 2015 +0000 - - upstream commit - - Prevent sshd spamming syslog with - "ssh_dispatch_run_fatal: disconnected". ok markus@ - -commit d4c0295d1afc342057ba358237acad6be8af480b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 11 01:20:38 2015 +0000 - - upstream commit - - Some packet error messages show the address of the peer, - but might be generated after the socket to the peer has suffered a TCP reset. - In these cases, getpeername() won't work so cache the address earlier. - - spotted in the wild via deraadt@ and tedu@ - -commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Mon Feb 9 23:22:37 2015 +0000 - - upstream commit - - fix some leaks in error paths ok markus@ - -commit fd36834871d06a03e1ff8d69e41992efa1bbf85f -Author: millert@openbsd.org <millert@openbsd.org> -Date: Fri Feb 6 23:21:59 2015 +0000 - - upstream commit - - SIZE_MAX is standard, we should be using it in preference to - the obsolete SIZE_T_MAX. OK miod@ beck@ - -commit 1910a286d7771eab84c0b047f31c0a17505236fa -Author: millert@openbsd.org <millert@openbsd.org> -Date: Thu Feb 5 12:59:57 2015 +0000 - - upstream commit - - Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@ - -commit ce4f59b2405845584f45e0b3214760eb0008c06c -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Tue Feb 3 08:07:20 2015 +0000 - - upstream commit - - missing ; djm and mlarkin really having great - interactions recently - -commit 5d34aa94938abb12b877a25be51862757f25d54b -Author: halex@openbsd.org <halex@openbsd.org> -Date: Tue Feb 3 00:34:14 2015 +0000 - - upstream commit - - slightly extend the passphrase prompt if running with -c - in order to give the user a chance to notice if unintentionally running - without it - - wording tweak and ok djm@ - -commit cb3bde373e80902c7d5d0db429f85068d19b2918 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 2 22:48:53 2015 +0000 - - upstream commit - - handle PKCS#11 C_Login returning - CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@ - -commit 15ad750e5ec3cc69765b7eba1ce90060e7083399 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 2 07:41:40 2015 +0000 - - upstream commit - - turn UpdateHostkeys off by default until I figure out - mlarkin@'s warning message; requested by deraadt@ - -commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Mon Feb 2 01:57:44 2015 +0000 - - upstream commit - - increasing encounters with difficult DNS setups in - darknets has convinced me UseDNS off by default is better ok djm - -commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 31 20:30:05 2015 +0000 - - upstream commit - - Let sshd load public host keys even when private keys are - missing. Allows sshd to advertise additional keys for future key rotation. - Also log fingerprint of hostkeys loaded; ok markus@ - -commit 46347ed5968f582661e8a70a45f448e0179ca0ab -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 11:43:14 2015 +0000 - - upstream commit - - Add a ssh_config HostbasedKeyType option to control which - host public key types are tried during hostbased authentication. - - This may be used to prevent too many keys being sent to the server, - and blowing past its MaxAuthTries limit. - - bz#2211 based on patch by Iain Morgan; ok markus@ - -commit 802660cb70453fa4d230cb0233bc1bbdf8328de1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 10:44:49 2015 +0000 - - upstream commit - - set a timeout to prevent hangs when talking to busted - servers; ok markus@ - -commit 86936ec245a15c7abe71a0722610998b0a28b194 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 01:11:39 2015 +0000 - - upstream commit - - regression test for 'wildcard CA' serial/key ID revocations - -commit 4509b5d4a4fa645a022635bfa7e86d09b285001f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 01:13:33 2015 +0000 - - upstream commit - - avoid more fatal/exit in the packet.c paths that - ssh-keyscan uses; feedback and "looks good" markus@ - -commit 669aee994348468af8b4b2ebd29b602cf2860b22 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 01:10:33 2015 +0000 - - upstream commit - - permit KRLs that revoke certificates by serial number or - key ID without scoping to a particular CA; ok markus@ - -commit 7a2c368477e26575d0866247d3313da4256cb2b5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 00:59:19 2015 +0000 - - upstream commit - - missing parentheses after if in do_convert_from() broke - private key conversion from other formats some time in 2010; bz#2345 reported - by jjelen AT redhat.com - -commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 00:22:25 2015 +0000 - - upstream commit - - fix ssh protocol 1, spotted by miod@ - -commit 9ce86c926dfa6e0635161b035e3944e611cbccf0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 22:36:00 2015 +0000 - - upstream commit - - update to new API (key_fingerprint => sshkey_fingerprint) - check sshkey_fingerprint return values; ok markus - -commit 9125525c37bf73ad3ee4025520889d2ce9d10f29 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 22:05:31 2015 +0000 - - upstream commit - - avoid fatal() calls in packet code makes ssh-keyscan more - reliable against server failures ok dtucker@ markus@ - -commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 21:15:47 2015 +0000 - - upstream commit - - avoid fatal() calls in packet code makes ssh-keyscan more - reliable against server failures ok dtucker@ markus@ - -commit 1a3d14f6b44a494037c7deab485abe6496bf2c60 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 11:07:25 2015 +0000 - - upstream commit - - remove obsolete comment - -commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639 -Author: okan@openbsd.org <okan@openbsd.org> -Date: Tue Jan 27 12:54:06 2015 +0000 - - upstream commit - - Since r1.2 removed the use of PRI* macros, inttypes.h is - no longer required. - - ok djm@ - -commit 69ff64f69615c2a21c97cb5878a0996c21423257 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:07:43 2015 +1100 - - compile on systems without TCP_MD5SIG (e.g. OSX) - -commit 358964f3082fb90b2ae15bcab07b6105cfad5a43 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:07:25 2015 +1100 - - use ssh-keygen under test rather than system's - -commit a2c95c1bf33ea53038324d1fdd774bc953f98236 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:06:59 2015 +1100 - - OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX - -commit ade31d7b6f608a19b85bee29a7a00b1e636a2919 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:06:23 2015 +1100 - - these need active_state defined to link on OSX - - temporary measure until active_state goes away entirely - -commit e56aa87502f22c5844918c10190e8b4f785f067b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 27 12:01:36 2015 +0000 - - upstream commit - - use printf instead of echo -n to reduce diff against - -portable - -commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Jan 26 13:55:29 2015 +0000 - - upstream commit - - sort previous; - -commit 3076ee7d530d5b16842fac7a6229706c7e5acd26 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 13:36:53 2015 +0000 - - upstream commit - - properly restore umask - -commit d411d395556b73ba1b9e451516a0bd6697c4b03d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 06:12:18 2015 +0000 - - upstream commit - - regression test for host key rotation - -commit fe8a3a51699afbc6407a8fae59b73349d01e49f8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 06:11:28 2015 +0000 - - upstream commit - - adapt to sshkey API tweaks - -commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434 -Author: miod@openbsd.org <miod@openbsd.org> -Date: Sat Jan 24 10:39:21 2015 +0000 - - upstream commit - - Move -lz late in the linker commandline for things to - build on static arches. - -commit 0dad3b806fddb93c475b30853b9be1a25d673a33 -Author: miod@openbsd.org <miod@openbsd.org> -Date: Fri Jan 23 21:21:23 2015 +0000 - - upstream commit - - -Wpointer-sign is supported by gcc 4 only. - -commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 22:58:57 2015 +0000 - - upstream commit - - use SUBDIR to recuse into unit tests; makes "make obj" - actually work - -commit 1d1092bff8db27080155541212b420703f8b9c92 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 12:16:36 2015 +0000 - - upstream commit - - correct description of UpdateHostKeys in ssh_config.5 and - add it to -o lists for ssh, scp and sftp; pointed out by jmc@ - -commit 5104db7cbd6cdd9c5971f4358e74414862fc1022 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 06:10:03 2015 +0000 - - upstream commit - - correctly match ECDSA subtype (== curve) for - offered/recevied host keys. Fixes connection-killing host key mismatches when - a server offers multiple ECDSA keys with different curve type (an extremely - unlikely configuration). - - ok markus, "looks mechanical" deraadt@ - -commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 03:04:45 2015 +0000 - - upstream commit - - Host key rotation support. - - Add a hostkeys@openssh.com protocol extension (global request) for - a server to inform a client of all its available host key after - authentication has completed. The client may record the keys in - known_hosts, allowing it to upgrade to better host key algorithms - and a server to gracefully rotate its keys. - - The client side of this is controlled by a UpdateHostkeys config - option (default on). - - ok markus@ - -commit 60b1825262b1f1e24fc72050b907189c92daf18e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 02:59:11 2015 +0000 - - upstream commit - - small refactor and add some convenience functions; ok - markus - -commit a5a3e3328ddce91e76f71ff479022d53e35c60c9 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Thu Jan 22 21:00:42 2015 +0000 - - upstream commit - - heirarchy -> hierarchy; - -commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Thu Jan 22 20:24:41 2015 +0000 - - upstream commit - - Provide a warning about chroot misuses (which sadly, seem - to have become quite popular because shiny). sshd cannot detect/manage/do - anything about these cases, best we can do is warn in the right spot in the - man page. ok markus - -commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Tue Jan 20 23:14:00 2015 +0000 - - upstream commit - - Reduce use of <sys/param.h> and transition to <limits.h> - throughout. ok djm markus - -commit 57e783c8ba2c0797f93977e83b2a8644a03065d8 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue Jan 20 20:16:21 2015 +0000 - - upstream commit - - kex_setup errors are fatal() - -commit 1d6424a6ff94633c221297ae8f42d54e12a20912 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 08:02:33 2015 +0000 - - upstream commit - - this test would accidentally delete agent.sh if run without - obj/ - -commit 12b5f50777203e12575f1b08568281e447249ed3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 07:56:44 2015 +0000 - - upstream commit - - make this compile with KERBEROS5 enabled - -commit e2cc6bef08941256817d44d146115b3478586ad4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 07:55:33 2015 +0000 - - upstream commit - - fix hostkeys in agent; ok markus@ - -commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 20 10:11:31 2015 +1100 - - fix kex test - -commit c78a578107c7e6dcf5d30a2f34cb6581bef14029 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:45:25 2015 +0000 - - upstream commit - - finally enable the KEX tests I wrote some years ago... - -commit 31821d7217e686667d04935aeec99e1fc4a46e7e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:42:31 2015 +0000 - - upstream commit - - adapt to new error message (SSH_ERR_MAC_INVALID) - -commit d3716ca19e510e95d956ae14d5b367e364bff7f1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 19 17:31:13 2015 +0000 - - upstream commit - - this test was broken in at least two ways, such that it - wasn't checking that a KRL was not excluding valid keys - -commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:32:39 2015 +0000 - - upstream commit - - switch ssh-keyscan from setjmp to multiple ssh transport - layer instances ok djm@ - -commit f582f0e917bb0017b00944783cd5f408bf4b0b5e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:30:23 2015 +0000 - - upstream commit - - add experimental api for packet layer; ok djm@ - -commit 48b3b2ba75181f11fca7f327058a591f4426cade -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:20:20 2015 +0000 - - upstream commit - - store compat flags in struct ssh; ok djm@ - -commit 57d10cbe861a235dd269c74fb2fe248469ecee9d -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:16:15 2015 +0000 - - upstream commit - - adapt kex to sshbuf and struct ssh; ok djm@ - -commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:07:45 2015 +0000 - - upstream commit - - move dispatch to struct ssh; ok djm@ - -commit 091c302829210c41e7f57c3f094c7b9c054306f0 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 19:52:16 2015 +0000 - - upstream commit - - update packet.c & isolate, introduce struct ssh a) switch - packet.c to buffer api and isolate per-connection info into struct ssh b) - (de)serialization of the state is moved from monitor to packet.c c) the old - packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and - integrated into packet.c with and ok djm@ - -commit 4e62cc68ce4ba20245d208b252e74e91d3785b74 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 19 17:35:48 2015 +0000 - - upstream commit - - fix format strings in (disabled) debugging - -commit d85e06245907d49a2cd0cfa0abf59150ad616f42 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 19 06:01:32 2015 +0000 - - upstream commit - - be a bit more careful in these tests to ensure that - known_hosts is clean - -commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 22:00:18 2015 +0000 - - upstream commit - - regression test for known_host file editing using - ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok - markus@ - -commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:54:46 2015 +0000 - - upstream commit - - more and better key tests - - test signatures and verification - test certificate generation - flesh out nested cert test - - removes most of the XXX todo markers - -commit 589e69fd82724cfc9738f128e4771da2e6405d0d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:53:58 2015 +0000 - - upstream commit - - make the signature fuzzing test much more rigorous: - ensure that the fuzzed input cases do not match the original (using new - fuzz_matches_original() function) and check that the verification fails in - each case - -commit 80603c0daa2538c349c1c152405580b164d5475f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:52:44 2015 +0000 - - upstream commit - - add a fuzz_matches_original() function to the fuzzer to - detect fuzz cases that are identical to the original data. Hacky - implementation, but very useful when you need the fuzz to be different, e.g. - when verifying signature - -commit 87d5495bd337e358ad69c524fcb9495208c0750b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:50:55 2015 +0000 - - upstream commit - - better dumps from the fuzzer (shown on errors) - - include the original data as well as the fuzzed copy. - -commit d59ec478c453a3fff05badbbfd96aa856364f2c2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:47:55 2015 +0000 - - upstream commit - - enable hostkey-agent.sh test - -commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 17 18:54:30 2015 +0000 - - upstream commit - - unit test for hostkeys in ssh-agent - -commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Jan 15 23:41:29 2015 +0000 - - upstream commit - - add kex unit tests - -commit d2099dec6da21ae627f6289aedae6bc1d41a22ce -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Mon Jan 19 00:32:54 2015 +0000 - - upstream commit - - djm, your /usr/include tree is old - -commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:51:19 2015 +0000 - - upstream commit - - some feedback from markus@: comment hostkeys_foreach() - context and avoid a member in it. - -commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:49:42 2015 +0000 - - upstream commit - - make ssh-keygen use hostkeys_foreach(). Removes some - horrendous code; ok markus@ - -commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:48:09 2015 +0000 - - upstream commit - - convert load_hostkeys() (hostkey ordering and - known_host matching) to use the new hostkey_foreach() iterator; ok markus - -commit c29811cc480a260e42fd88849fc86a80c1e91038 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:40:23 2015 +0000 - - upstream commit - - introduce hostkeys_foreach() to allow iteration over a - known_hosts file or controlled subset thereof. This will allow us to pull out - some ugly and duplicated code, and will be used to implement hostkey rotation - later. - - feedback and ok markus - -commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Sun Jan 18 14:01:00 2015 +0000 - - upstream commit - - string truncation due to sizeof(size) ok djm markus - -commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 13:33:34 2015 +0000 - - upstream commit - - avoid trailing ',' in host key algorithms - -commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 13:22:28 2015 +0000 - - upstream commit - - infer key length correctly when user specified a fully- - qualified key name instead of using the -b bits option; ok markus@ - -commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 17 18:53:34 2015 +0000 - - upstream commit - - fix hostkeys on ssh agent; found by unit test I'm about - to commit - -commit 369d61f17657b814124268f99c033e4dc6e436c1 -Author: schwarze@openbsd.org <schwarze@openbsd.org> -Date: Fri Jan 16 16:20:23 2015 +0000 - - upstream commit - - garbage collect empty .No macros mandoc warns about - -commit bb8b442d32dbdb8521d610e10d8b248d938bd747 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 16 15:55:07 2015 +0000 - - upstream commit - - regression: incorrect error message on - otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@ - -commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 16 07:19:48 2015 +0000 - - upstream commit - - when hostname canonicalisation is enabled, try to parse - hostnames as addresses before looking them up for canonicalisation. fixes - bz#2074 and avoids needless DNS lookups in some cases; ok markus - -commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Fri Jan 16 06:40:12 2015 +0000 - - upstream commit - - Replace <sys/param.h> with <limits.h> and other less - dirty headers where possible. Annotate <sys/param.h> lines with their - current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, - LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of - MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. - These are the files confirmed through binary verification. ok guenther, - millert, doug (helped with the verification protocol) - -commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Jan 15 21:38:50 2015 +0000 - - upstream commit - - remove xmalloc, switch to sshbuf - -commit e17ac01f8b763e4b83976b9e521e90a280acc097 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Jan 15 21:37:14 2015 +0000 - - upstream commit - - switch to sshbuf - -commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0 -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Thu Jan 15 18:32:54 2015 +0000 - - upstream commit - - handle UMAC128 initialization like UMAC; ok djm@ markus@ - -commit f14564c1f7792446bca143580aef0e7ac25dcdae -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 11:04:36 2015 +0000 - - upstream commit - - fix regression reported by brad@ for passworded keys without - agent present - -commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 22:08:23 2015 +1100 - - make bitmap test compile - -commit d333f89abf7179021e5c3f28673f469abe032062 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 07:36:28 2015 +0000 - - upstream commit - - unit tests for KRL bitmap - -commit 7613f828f49c55ff356007ae9645038ab6682556 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 09:58:21 2015 +0000 - - upstream commit - - re-add comment about full path - -commit 6c43b48b307c41cd656b415621a644074579a578 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 09:54:38 2015 +0000 - - upstream commit - - don't reset to the installed sshd; connect before - reconfigure, too - -commit 771bb47a1df8b69061f09462e78aa0b66cd594bf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 14:51:51 2015 +0000 - - upstream commit - - implement a SIGINFO handler so we can discern a stuck - fuzz test from a merely glacial one; prompted by and ok markus - -commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 08:23:26 2015 +0000 - - upstream commit - - use $SSH instead of installed ssh to allow override; - spotted by markus@ - -commit 0920553d0aee117a596b03ed5b49b280d34a32c5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 07:49:49 2015 +0000 - - upstream commit - - regress test for PubkeyAcceptedKeyTypes; ok markus@ - -commit 27ca1a5c0095eda151934bca39a77e391f875d17 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 20:13:27 2015 +0000 - - upstream commit - - unbreak parsing of pubkey comments; with gerhard; ok - djm/deraadt - -commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 12 11:46:32 2015 +0000 - - upstream commit - - fatal if soft-PKCS11 library is missing rather (rather - than continue and fail with a more cryptic error) - -commit c3554cdd2a1a62434b8161017aa76fa09718a003 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 12 11:12:38 2015 +0000 - - upstream commit - - let this test all supporte key types; pointed out/ok - markus@ - -commit 1129dcfc5a3e508635004bcc05a3574cb7687167 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 09:40:00 2015 +0000 - - upstream commit - - sync ssh-keysign, ssh-keygen and some dependencies to the - new buffer/key API; mostly mechanical, ok markus@ - -commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 07:57:08 2015 +0000 - - upstream commit - - remove commented-out test code now that it has moved to a - proper unit test - -commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 20:54:29 2015 +0000 - - upstream commit - - whitespace - -commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 20:05:27 2015 +0000 - - upstream commit - - move authfd.c and its tentacles to the new buffer/key - API; ok markus@ - -commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 19:33:41 2015 +0000 - - upstream commit - - fix small regression: ssh-agent would return a success - message but an empty signature if asked to sign using an unknown key; ok - markus@ - -commit b03ebe2c22b8166e4f64c37737f4278676e3488d -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 03:08:58 2015 +1100 - - more --without-openssl - - fix some regressions caused by upstream merges - - enable KRLs now that they no longer require BIGNUMs - -commit bc42cc6fe784f36df225c44c93b74830027cb5a2 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 03:08:29 2015 +1100 - - kludge around tun API mismatch betterer - -commit c332110291089b624fa0951fbf2d1ee6de525b9f -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:59:51 2015 +1100 - - some systems lack SO_REUSEPORT - -commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:35:50 2015 +1100 - - fix merge botch - -commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:35:33 2015 +1100 - - unbreak across API change - -commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:30:18 2015 +1100 - - need includes.h for portable OpenSSH - -commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:21:31 2015 +1100 - - support --without-openssl at configure time - - Disables and removes dependency on OpenSSL. Many features don't - work and the set of crypto options is greatly restricted. This - will only work on system with native arc4random or /dev/urandom. - - Considered highly experimental for now. - -commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:28:00 2015 +1100 - - add files missed in last commit - -commit a165bab605f7be55940bb8fae977398e8c96a46d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 15:02:39 2015 +0000 - - upstream commit - - avoid BIGNUM in KRL code by using a simple bitmap; - feedback and ok markus - -commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 13:54:13 2015 +0000 - - upstream commit - - update sftp client and server to new buffer API. pretty - much just mechanical changes; with & ok markus - -commit 139ca81866ec1b219c717d17061e5e7ad1059e2a -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 13:09:09 2015 +0000 - - upstream commit - - switch to sshbuf/sshkey; with & ok djm@ - -commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Jan 14 21:48:18 2015 +1100 - - support --without-openssl at configure time - - Disables and removes dependency on OpenSSL. Many features don't - work and the set of crypto options is greatly restricted. This - will only work on system with native arc4random or /dev/urandom. - - Considered highly experimental for now. - -commit 54924b53af15ccdcbb9f89984512b5efef641a31 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 10:46:28 2015 +0000 - - upstream commit - - avoid an warning for the !OPENSSL case - -commit ae8b463217f7c9b66655bfc3945c050ffdaeb861 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 10:30:34 2015 +0000 - - upstream commit - - swith auth-options to new sshbuf/sshkey; ok djm@ - -commit 540e891191b98b89ee90aacf5b14a4a68635e763 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 10:29:45 2015 +0000 - - upstream commit - - make non-OpenSSL aes-ctr work on sshd w/ privsep; ok - markus@ - -commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 10:24:42 2015 +0000 - - upstream commit - - remove unneeded includes, sync my copyright across files - & whitespace; ok djm@ - -commit 128343bcdb0b60fc826f2733df8cf979ec1627b4 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue Jan 13 19:31:40 2015 +0000 - - upstream commit - - adapt mac.c to ssherr.h return codes (de-fatal) and - simplify dependencies ok djm@ - -commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 19:04:35 2015 +0000 - - upstream commit - - sync changes from libopenssh; prepared by markus@ mostly - debug output tweaks, a couple of error return value changes and some other - minor stuff - -commit 76c0480a85675f03a1376167cb686abed01a3583 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 13 19:38:18 2015 +1100 - - add --without-ssh1 option to configure - - Allows disabling support for SSH protocol 1. - -commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 07:39:19 2015 +0000 - - upstream commit - - add sshd_config HostbasedAcceptedKeyTypes and - PubkeyAcceptedKeyTypes options to allow sshd to control what public key types - will be accepted. Currently defaults to all. Feedback & ok markus@ - -commit 816d1538c24209a93ba0560b27c4fda57c3fff65 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 20:13:27 2015 +0000 - - upstream commit - - unbreak parsing of pubkey comments; with gerhard; ok - djm/deraadt - -commit 0097565f849851812df610b7b6b3c4bd414f6c62 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 19:22:46 2015 +0000 - - upstream commit - - missing error assigment on sshbuf_put_string() - -commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 12 15:18:07 2015 +0000 - - upstream commit - - apparently memcpy(x, NULL, 0) is undefined behaviour - according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls - when length==0; ok markus@ - -commit 905fe30fca82f38213763616d0d26eb6790bde33 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 14:05:19 2015 +0000 - - upstream commit - - free->sshkey_free; ok djm@ - -commit f067cca2bc20c86b110174c3fef04086a7f57b13 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 13:29:27 2015 +0000 - - upstream commit - - allow WITH_OPENSSL w/o WITH_SSH1; ok djm@ - -commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 13:10:58 2015 +0000 - - upstream commit - - adjust for sshkey_load_file() API change - -commit e752c6d547036c602b89e9e704851463bd160e32 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 13:44:36 2015 +0000 - - upstream commit - - fix ssh_config FingerprintHash evaluation order; from Petr - Lautrbach - -commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 10:15:45 2015 +0000 - - upstream commit - - reorder hostbased key attempts to better match the - default hostkey algorithms order in myproposal.h; ok markus@ - -commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 10:14:08 2015 +0000 - - upstream commit - - deprecate key_load_private_pem() and - sshkey_load_private_pem() interfaces. Refactor the generic key loading API to - not require pathnames to be specified (they weren't really used). - - Fixes a few other things en passant: - - Makes ed25519 keys work for hostbased authentication (ssh-keysign - previously used the PEM-only routines). - - Fixes key comment regression bz#2306: key pathnames were being lost as - comment fields. - - ok markus@ - -commit febbe09e4e9aff579b0c5cc1623f756862e4757d -Author: tedu@openbsd.org <tedu@openbsd.org> -Date: Wed Jan 7 18:15:07 2015 +0000 - - upstream commit - - workaround for the Meyer, et al, Bleichenbacher Side - Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm - markus - -commit 5191df927db282d3123ca2f34a04d8d96153911a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Dec 23 22:42:48 2014 +0000 - - upstream commit - - KNF and add a little more debug() - -commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Dec 22 09:26:31 2014 +0000 - - upstream commit - - add fingerprinthash to the options list; - -commit 296ef0560f60980da01d83b9f0e1a5257826536f -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Dec 22 09:24:59 2014 +0000 - - upstream commit - - tweak previous; - -commit 462082eacbd37778a173afb6b84c6f4d898a18b5 -Author: Damien Miller <djm@google.com> -Date: Tue Dec 30 08:16:11 2014 +1100 - - avoid uninitialised free of ldns_res - - If an invalid rdclass was passed to getrrsetbyname() then - this would execute a free on an uninitialised pointer. - OpenSSH only ever calls this with a fixed and valid rdclass. - - Reported by Joshua Rogers - -commit 01b63498801053f131a0740eb9d13faf35d636c8 -Author: Damien Miller <djm@google.com> -Date: Mon Dec 29 18:10:18 2014 +1100 - - pull updated OpenBSD BCrypt PBKDF implementation - - Includes fix for 1 byte output overflow for large key length - requests (not reachable in OpenSSH). - - Pointed out by Joshua Rogers - -commit c528c1b4af2f06712177b3de9b30705752f7cbcb -Author: Damien Miller <djm@google.com> -Date: Tue Dec 23 15:26:13 2014 +1100 - - fix variable name for IPv6 case in construct_utmpx - - patch from writeonce AT midipix.org via bz#2296 - -commit 293cac52dcda123244b2e594d15592e5e481c55e -Author: Damien Miller <djm@google.com> -Date: Mon Dec 22 16:30:42 2014 +1100 - - include and use OpenBSD netcat in regress/ - -commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 09:05:17 2014 +0000 - - upstream commit - - mention ssh -Q feature to list supported { MAC, cipher, - KEX, key } algorithms in more places and include the query string used to - list the relevant information; bz#2288 - -commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Dec 22 08:24:17 2014 +0000 - - upstream commit - - tweak previous; - -commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 08:06:03 2014 +0000 - - upstream commit - - regression test for multiple required pubkey authentication; - ok markus@ - -commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 08:04:23 2014 +0000 - - upstream commit - - correct description of what will happen when a - AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd - will refuse to start) - -commit 161cf419f412446635013ac49e8c660cadc36080 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 07:55:51 2014 +0000 - - upstream commit - - make internal handling of filename arguments of "none" - more consistent with ssh. "none" arguments are now replaced with NULL when - the configuration is finalised. - - Simplifies checking later on (just need to test not-NULL rather than - that + strcmp) and cleans up some inconsistencies. ok markus@ - -commit f69b69b8625be447b8826b21d87713874dac25a6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 07:51:30 2014 +0000 - - upstream commit - - remember which public keys have been used for - authentication and refuse to accept previously-used keys. - - This allows AuthenticationMethods=publickey,publickey to require - that users authenticate using two _different_ pubkeys. - - ok markus@ - -commit 46ac2ed4677968224c4ca825bc98fc68dae183f0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 07:24:11 2014 +0000 - - upstream commit - - fix passing of wildcard forward bind addresses when - connection multiplexing is in use; patch from Sami Hartikainen via bz#2324; - ok dtucker@ - -commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 06:14:29 2014 +0000 - - upstream commit - - make this slightly easier to diff against portable - -commit 0715bcdddbf68953964058f17255bf54734b8737 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 22 13:47:07 2014 +1100 - - add missing regress output file - -commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 02:15:52 2014 +0000 - - upstream commit - - adjust for new SHA256 key fingerprints and - slightly-different MD5 hex fingerprint format - -commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 01:14:49 2014 +0000 - - upstream commit - - poll changes to netcat (usr.bin/netcat.c r1.125) broke - this test; fix it by ensuring more stdio fds are sent to devnull - -commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sun Dec 21 23:35:14 2014 +0000 - - upstream commit - - tweak previous; - -commit b79efde5c3badf5ce4312fe608d8307eade533c5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 21 23:12:42 2014 +0000 - - upstream commit - - document FingerprintHash here too - -commit d16bdd8027dd116afa01324bb071a4016cdc1a75 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 22 10:18:09 2014 +1100 - - missing include for base64 encoding - -commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 21 22:27:55 2014 +0000 - - upstream commit - - Add FingerprintHash option to control algorithm used for - key fingerprints. Default changes from MD5 to SHA256 and format from hex to - base64. - - Feedback and ok naddy@ markus@ - -commit 058f839fe15c51be8b3a844a76ab9a8db550be4f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Dec 18 23:58:04 2014 +0000 - - upstream commit - - don't count partial authentication success as a failure - against MaxAuthTries; ok deraadt@ @@ -1,3 +1,4 @@ +1. Prerequisites ---------------- A C compiler. Any C89 or better compiler should work. Where supported, @@ -231,7 +232,7 @@ manually using the following commands: ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N "" -for each of the types you wish to generate (rsa, dsa or ecdsaa) or +for each of the types you wish to generate (rsa, dsa or ecdsa) or ssh-keygen -A diff --git a/Makefile.in b/Makefile.in index e10f3742a855..5870e9e6e6b9 100644 --- a/Makefile.in +++ b/Makefile.in @@ -236,6 +236,8 @@ clean: regressclean rm -f regress/unittests/sshkey/test_sshkey rm -f regress/unittests/bitmap/*.o rm -f regress/unittests/bitmap/test_bitmap + rm -f regress/unittests/conversion/*.o + rm -f regress/unittests/conversion/test_conversion rm -f regress/unittests/hostkeys/*.o rm -f regress/unittests/hostkeys/test_hostkeys rm -f regress/unittests/kex/*.o @@ -262,6 +264,8 @@ distclean: regressclean rm -f regress/unittests/sshkey/test_sshkey rm -f regress/unittests/bitmap/*.o rm -f regress/unittests/bitmap/test_bitmap + rm -f regress/unittests/conversion/*.o + rm -f regress/unittests/conversion/test_conversion rm -f regress/unittests/hostkeys/*.o rm -f regress/unittests/hostkeys/test_hostkeys rm -f regress/unittests/kex/*.o @@ -426,6 +430,8 @@ regress-prep: mkdir -p `pwd`/regress/unittests/sshkey [ -d `pwd`/regress/unittests/bitmap ] || \ mkdir -p `pwd`/regress/unittests/bitmap + [ -d `pwd`/regress/unittests/conversion ] || \ + mkdir -p `pwd`/regress/unittests/conversion [ -d `pwd`/regress/unittests/hostkeys ] || \ mkdir -p `pwd`/regress/unittests/hostkeys [ -d `pwd`/regress/unittests/kex ] || \ @@ -503,6 +509,16 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ regress/unittests/test_helper/libtest_helper.a \ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) +UNITTESTS_TEST_CONVERSION_OBJS=\ + regress/unittests/conversion/tests.o + +regress/unittests/conversion/test_conversion$(EXEEXT): \ + ${UNITTESTS_TEST_CONVERSION_OBJS} \ + regress/unittests/test_helper/libtest_helper.a libssh.a + $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \ + regress/unittests/test_helper/libtest_helper.a \ + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + UNITTESTS_TEST_KEX_OBJS=\ regress/unittests/kex/tests.o \ regress/unittests/kex/test_kex.o @@ -558,13 +574,14 @@ regress-binaries: regress/modpipe$(EXEEXT) \ regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ regress/unittests/sshkey/test_sshkey$(EXEEXT) \ regress/unittests/bitmap/test_bitmap$(EXEEXT) \ + regress/unittests/conversion/test_conversion$(EXEEXT) \ regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ regress/unittests/kex/test_kex$(EXEEXT) \ regress/unittests/match/test_match$(EXEEXT) \ regress/unittests/utf8/test_utf8$(EXEEXT) \ regress/misc/kexfuzz/kexfuzz$(EXEEXT) -tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS) +tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) BUILDDIR=`pwd`; \ TEST_SSH_SCP="$${BUILDDIR}/scp"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes. +See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/auth-pam.c b/auth-pam.c index 7d8b2926b571..bc8e5e02d834 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -830,6 +830,8 @@ fake_password(const char *wire_password) fatal("%s: password length too long: %zu", __func__, l); ret = malloc(l + 1); + if (ret == NULL) + return NULL; for (i = 0; i < l; i++) ret[i] = junk[i % (sizeof(junk) - 1)]; ret[i] = '\0'; diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 20f3309e1828..3e5706f4dbef 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw, { char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; u_long linenum = 0; - u_int i; + u_int i, found_principal = 0; while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { + /* Always consume entire input */ + if (found_principal) + continue; /* Skip leading whitespace. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; @@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw, if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; - return 1; + found_principal = 1; + continue; } } } - return 0; + return found_principal; } static int @@ -727,6 +731,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) ok = process_principals(f, NULL, pw, cert); + fclose(f); + f = NULL; + if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) goto out; @@ -768,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) char *cp, *key_options = NULL, *fp = NULL; const char *reason = NULL; + /* Always consume entrire file */ + if (found_key) + continue; if (found != NULL) key_free(found); found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); @@ -854,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) file, linenum, key_type(found), fp); free(fp); found_key = 1; - break; + continue; } } if (found != NULL) @@ -1050,6 +1060,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); + fclose(f); + f = NULL; + if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) goto out; @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) static int input_userauth_request(int type, u_int32_t seq, void *ctxt) { + struct ssh *ssh = active_state; /* XXX */ Authctxt *authctxt = ctxt; Authmethod *m = NULL; char *user, *service, *method, *style = NULL; @@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; - debug2("input_userauth_request: setting up authctxt for %s", user); + debug2("%s: setting up authctxt for %s", + __func__, user); } else { - logit("input_userauth_request: invalid user %s", user); + /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_INVALID_USER)); @@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (options.use_pam) PRIVSEP(start_pam(authctxt)); #endif + ssh_packet_set_log_preamble(ssh, "%suser %s", + authctxt->valid ? "authenticating " : "invalid ", user); setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); @@ -292,6 +296,7 @@ void userauth_finish(Authctxt *authctxt, int authenticated, const char *method, const char *submethod) { + struct ssh *ssh = active_state; /* XXX */ char *methods; int partial = 0; @@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, packet_write_wait(); /* now we can break out */ authctxt->success = 1; + ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); } else { /* Allow initial try of "none" auth without failure penalty */ diff --git a/channels.c b/channels.c index bef8ad6aa2b3..d030fcdd9010 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.357 2017/02/01 02:59:09 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -3065,7 +3065,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); c = channel_connect_to_port(host, host_port, - "connected socket", originator_string); + "connected socket", originator_string, NULL, NULL); free(originator_string); free(host); if (c == NULL) { @@ -4026,9 +4026,13 @@ channel_connect_ctx_free(struct channel_connect *cctx) memset(cctx, 0, sizeof(*cctx)); } -/* Return CONNECTING channel to remote host:port or local socket path */ +/* + * Return CONNECTING channel to remote host:port or local socket path, + * passing back the failure reason if appropriate. + */ static Channel * -connect_to(const char *name, int port, char *ctype, char *rname) +connect_to_reason(const char *name, int port, char *ctype, char *rname, + int *reason, const char **errmsg) { struct addrinfo hints; int gaierr; @@ -4069,7 +4073,12 @@ connect_to(const char *name, int port, char *ctype, char *rname) hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", port); - if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) { + if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) + != 0) { + if (errmsg != NULL) + *errmsg = ssh_gai_strerror(gaierr); + if (reason != NULL) + *reason = SSH2_OPEN_CONNECT_FAILED; error("connect_to %.100s: unknown host (%s)", name, ssh_gai_strerror(gaierr)); return NULL; @@ -4092,6 +4101,13 @@ connect_to(const char *name, int port, char *ctype, char *rname) return c; } +/* Return CONNECTING channel to remote host:port or local socket path */ +static Channel * +connect_to(const char *name, int port, char *ctype, char *rname) +{ + return connect_to_reason(name, port, ctype, rname, NULL, NULL); +} + /* * returns either the newly connected channel or the downstream channel * that needs to deal with this connection. @@ -4136,7 +4152,8 @@ channel_connect_by_listen_path(const char *path, char *ctype, char *rname) /* Check if connecting to that port is permitted and connect. */ Channel * -channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname) +channel_connect_to_port(const char *host, u_short port, char *ctype, + char *rname, int *reason, const char **errmsg) { int i, permit, permit_adm = 1; @@ -4161,9 +4178,11 @@ channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname if (!permit || !permit_adm) { logit("Received request to connect to host %.100s port %d, " "but the request was denied.", host, port); + if (reason != NULL) + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; return NULL; } - return connect_to(host, port, ctype, rname); + return connect_to_reason(host, port, ctype, rname, reason, errmsg); } /* Check if connecting to that path is permitted and connect. */ @@ -4354,6 +4373,33 @@ connect_local_xsocket(u_int dnr) return connect_local_xsocket_path(buf); } +#ifdef __APPLE__ +static int +is_path_to_xsocket(const char *display, char *path, size_t pathlen) +{ + struct stat sbuf; + + if (strlcpy(path, display, pathlen) >= pathlen) { + error("%s: display path too long", __func__); + return 0; + } + if (display[0] != '/') + return 0; + if (stat(path, &sbuf) == 0) { + return 1; + } else { + char *dot = strrchr(path, '.'); + if (dot != NULL) { + *dot = '\0'; + if (stat(path, &sbuf) == 0) { + return 1; + } + } + } + return 0; +} +#endif + int x11_connect_display(void) { @@ -4375,15 +4421,22 @@ x11_connect_display(void) * connection to the real X server. */ - /* Check if the display is from launchd. */ #ifdef __APPLE__ - if (strncmp(display, "/tmp/launch", 11) == 0) { - sock = connect_local_xsocket_path(display); - if (sock < 0) - return -1; + /* Check if display is a path to a socket (as set by launchd). */ + { + char path[PATH_MAX]; - /* OK, we now have a connection to the display. */ - return sock; + if (is_path_to_xsocket(display, path, sizeof(path))) { + debug("x11_connect_display: $DISPLAY is launchd"); + + /* Create a socket. */ + sock = connect_local_xsocket_path(path); + if (sock < 0) + return -1; + + /* OK, we now have a connection to the display. */ + return sock; + } } #endif /* diff --git a/channels.h b/channels.h index 09c3c36557df..ce43236d5459 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.120 2016/10/18 17:32:54 dtucker Exp $ */ +/* $OpenBSD: channels.h,v 1.121 2017/02/01 02:59:09 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -275,7 +275,8 @@ void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); -Channel *channel_connect_to_port(const char *, u_short, char *, char *); +Channel *channel_connect_to_port(const char *, u_short, char *, char *, int *, + const char **); Channel *channel_connect_to_path(const char *, char *, char *); Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); Channel *channel_connect_by_listen_address(const char *, u_short, diff --git a/clientloop.c b/clientloop.c index 4289a40812bc..0648162341f7 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -991,7 +991,7 @@ process_cmdline(void) CHANNEL_CANCEL_PORT_STATIC, &options.fwd_opts) > 0; if (!ok) { - logit("Unkown port forwarding."); + logit("Unknown port forwarding."); goto out; } logit("Canceled forwarding."); @@ -2391,6 +2391,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx) } /* + * Returns non-zero if the key is accepted by HostkeyAlgorithms. + * Made slightly less trivial by the multiple RSA signature algorithm names. + */ +static int +key_accepted_by_hostkeyalgs(const struct sshkey *key) +{ + const char *ktype = sshkey_ssh_name(key); + const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? + options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG; + + if (key == NULL || key->type == KEY_UNSPEC) + return 0; + if (key->type == KEY_RSA && + (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || + match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) + return 1; + return match_pattern_list(ktype, hostkeyalgs, 0) == 1; +} + +/* * Handle hostkeys-00@openssh.com global request to inform the client of all * the server's hostkeys. The keys are checked against the user's * HostkeyAlgorithms preference before they are accepted. @@ -2436,10 +2456,7 @@ client_input_hostkeys(void) sshkey_type(key), fp); free(fp); - /* Check that the key is accepted in HostkeyAlgorithms */ - if (match_pattern_list(sshkey_ssh_name(key), - options.hostkeyalgorithms ? options.hostkeyalgorithms : - KEX_DEFAULT_PK_ALG, 0) != 1) { + if (!key_accepted_by_hostkeyalgs(key)) { debug3("%s: %s key not permitted by HostkeyAlgorithms", __func__, sshkey_ssh_name(key)); continue; @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */ +/* $OpenBSD: compat.c,v 1.100 2017/02/03 23:01:19 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -37,6 +37,7 @@ #include "compat.h" #include "log.h" #include "match.h" +#include "kex.h" int compat13 = 0; int compat20 = 0; @@ -250,42 +251,14 @@ proto_spec(const char *spec) return ret; } -/* - * Filters a proposal string, excluding any algorithm matching the 'filter' - * pattern list. - */ -static char * -filter_proposal(char *proposal, const char *filter) -{ - Buffer b; - char *orig_prop, *fix_prop; - char *cp, *tmp; - - buffer_init(&b); - tmp = orig_prop = xstrdup(proposal); - while ((cp = strsep(&tmp, ",")) != NULL) { - if (match_pattern_list(cp, filter, 0) != 1) { - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, cp, strlen(cp)); - } else - debug2("Compat: skipping algorithm \"%s\"", cp); - } - buffer_append(&b, "\0", 1); - fix_prop = xstrdup((char *)buffer_ptr(&b)); - buffer_free(&b); - free(orig_prop); - - return fix_prop; -} - char * compat_cipher_proposal(char *cipher_prop) { if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2("%s: original cipher proposal: %s", __func__, cipher_prop); - cipher_prop = filter_proposal(cipher_prop, "aes*"); + if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL) + fatal("match_filter_list failed"); debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); if (*cipher_prop == '\0') fatal("No supported ciphers found"); @@ -298,7 +271,8 @@ compat_pkalg_proposal(char *pkalg_prop) if (!(datafellows & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2("%s: original public key proposal: %s", __func__, pkalg_prop); - pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); + if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL) + fatal("match_filter_list failed"); debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); if (*pkalg_prop == '\0') fatal("No supported PK algorithms found"); @@ -312,10 +286,14 @@ compat_kex_proposal(char *p) return p; debug2("%s: original KEX proposal: %s", __func__, p); if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) - p = filter_proposal(p, "curve25519-sha256@libssh.org"); + if ((p = match_filter_list(p, + "curve25519-sha256@libssh.org")) == NULL) + fatal("match_filter_list failed"); if ((datafellows & SSH_OLD_DHGEX) != 0) { - p = filter_proposal(p, "diffie-hellman-group-exchange-sha256"); - p = filter_proposal(p, "diffie-hellman-group-exchange-sha1"); + if ((p = match_filter_list(p, + "diffie-hellman-group-exchange-sha256," + "diffie-hellman-group-exchange-sha1")) == NULL) + fatal("match_filter_list failed"); } debug2("%s: compat KEX proposal: %s", __func__, p); if (*p == '\0') diff --git a/config.h.in b/config.h.in index 75e02ab45f52..b65420e4a9dc 100644 --- a/config.h.in +++ b/config.h.in @@ -736,6 +736,9 @@ /* Define to 1 if you have the <linux/seccomp.h> header file. */ #undef HAVE_LINUX_SECCOMP_H +/* Define to 1 if you have the `llabs' function. */ +#undef HAVE_LLABS + /* Define to 1 if you have the <locale.h> header file. */ #undef HAVE_LOCALE_H diff --git a/configure b/configure index ec3a98ffc581..5eaaa392f099 100755 --- a/configure +++ b/configure @@ -647,6 +647,7 @@ COMMENT_OUT_ECC TEST_SSH_ECC LIBEDIT PKGCONFIG +LDNSCONFIG COMMENT_OUT_RSA1 LD PATH_PASSWD_PROG @@ -7593,6 +7594,7 @@ $as_echo "#define USE_BTMP 1" >>confdefs.h use_pie=auto check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h @@ -9958,22 +9960,131 @@ LDNS_MSG="no" # Check whether --with-ldns was given. if test "${with_ldns+set}" = set; then : withval=$with_ldns; - if test "x$withval" != "xno" ; then + ldns="" + if test "x$withval" = "xyes" ; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}ldns-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_LDNSCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $LDNSCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi + ;; +esac +fi +LDNSCONFIG=$ac_cv_path_LDNSCONFIG +if test -n "$LDNSCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5 +$as_echo "$LDNSCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi -$as_echo "#define HAVE_LDNS 1" >>confdefs.h +fi +if test -z "$ac_cv_path_LDNSCONFIG"; then + ac_pt_LDNSCONFIG=$LDNSCONFIG + # Extract the first word of "ldns-config", so it can be a program name with args. +set dummy ldns-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_LDNSCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_LDNSCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS - LIBS="-lldns $LIBS" - LDNS_MSG="yes" + ;; +esac +fi +ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG +if test -n "$ac_pt_LDNSCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5 +$as_echo "$ac_pt_LDNSCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 + if test "x$ac_pt_LDNSCONFIG" = x; then + LDNSCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LDNSCONFIG=$ac_pt_LDNSCONFIG + fi +else + LDNSCONFIG="$ac_cv_path_LDNSCONFIG" +fi + + if test "x$PKGCONFIG" = "xno"; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + LIBS="-lldns $LIBS" + ldns=yes + else + LIBS="$LIBS `$LDNSCONFIG --libs`" + CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" + fi + elif test "x$withval" != "xno" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + LIBS="-lldns $LIBS" + ldns=yes + fi + + # Verify that it works. + if test "x$ldns" = "xyes" ; then + +$as_echo "#define HAVE_LDNS 1" >>confdefs.h + + LDNS_MSG="yes" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 $as_echo_n "checking for ldns support... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <stdio.h> @@ -9996,8 +10107,7 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - fi - + fi fi @@ -10558,6 +10668,7 @@ for ac_func in \ inet_ntoa \ inet_ntop \ innetgr \ + llabs \ login_getcapbool \ md5_crypt \ memmove \ @@ -10637,8 +10748,6 @@ fi done -saved_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_XOPEN_SOURCE" for ac_func in mblen mbtowc nl_langinfo wcwidth do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` @@ -10651,7 +10760,6 @@ _ACEOF fi done -CFLAGS="$saved_CFLAGS" TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5 @@ -12373,8 +12481,8 @@ if ac_fn_c_try_run "$LINENO"; then : ssl_library_ver=`cat conftest.ssllibver` # Check version is supported. case "$ssl_library_ver" in - 0090[0-7]*|009080[0-5]*) - as_fn_error $? "OpenSSL >= 0.9.8f required (have \"$ssl_library_ver\")" "$LINENO" 5 + 10000*|0*) + as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5 ;; *) ;; esac @@ -20282,6 +20390,7 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" +echo " libldns support: $LDNS_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" echo " Solaris privilege support: $SPP_MSG" diff --git a/configure.ac b/configure.ac index eb9f45dcc78c..c2878e3d4415 100644 --- a/configure.ac +++ b/configure.ac @@ -740,6 +740,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) use_pie=auto check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 + dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. + dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" AC_DEFINE([PAM_TTY_KLUDGE], [1], [Work around problematic Linux PAM modules handling of PAM_TTY]) AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], @@ -1471,36 +1474,47 @@ AC_ARG_WITH([skey], LDNS_MSG="no" AC_ARG_WITH(ldns, [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) - LIBS="-lldns $LIBS" - LDNS_MSG="yes" + [ + ldns="" + if test "x$withval" = "xyes" ; then + AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) + if test "x$PKGCONFIG" = "xno"; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + LIBS="-lldns $LIBS" + ldns=yes + else + LIBS="$LIBS `$LDNSCONFIG --libs`" + CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" + fi + elif test "x$withval" != "xno" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + LIBS="-lldns $LIBS" + ldns=yes + fi - AC_MSG_CHECKING([for ldns support]) - AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ + # Verify that it works. + if test "x$ldns" = "xyes" ; then + AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) + LDNS_MSG="yes" + AC_MSG_CHECKING([for ldns support]) + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <ldns/ldns.h> int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } - ]]) - ], - [AC_MSG_RESULT(yes)], + ]]) + ], + [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) ]) - fi - ] -) + fi +]) # Check whether user wants libedit support LIBEDIT_MSG="no" @@ -1703,6 +1717,7 @@ AC_CHECK_FUNCS([ \ inet_ntoa \ inet_ntop \ innetgr \ + llabs \ login_getcapbool \ md5_crypt \ memmove \ @@ -1771,11 +1786,8 @@ AC_CHECK_FUNCS([ \ warn \ ]) -dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE. -saved_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_XOPEN_SOURCE" +dnl Wide character support. AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) -CFLAGS="$saved_CFLAGS" TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} AC_MSG_CHECKING([for utf8 locale support]) @@ -2520,8 +2532,8 @@ if test "x$openssl" = "xyes" ; then ssl_library_ver=`cat conftest.ssllibver` # Check version is supported. case "$ssl_library_ver" in - 0090[[0-7]]*|009080[[0-5]]*) - AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) + 10000*|0*) + AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) ;; *) ;; esac @@ -5083,6 +5095,7 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" +echo " libldns support: $LDNS_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" echo " Solaris privilege support: $SPP_MSG" diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index d934d09b5430..db6aaa08a032 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -63,7 +63,6 @@ sshd_config_configured=no port_number=22 service_name=sshd strictmodes=yes -privsep_used=yes cygwin_value="" user_account= password_value= @@ -140,33 +139,21 @@ sshd_strictmodes() { # ====================================================================== # Routine: sshd_privsep -# MODIFIES: privsep_used +# Try to create ssshd user account # ====================================================================== sshd_privsep() { local ret=0 if [ "${sshd_config_configured}" != "yes" ] then - echo - csih_inform "Privilege separation is set to 'sandbox' by default since" - csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" - csih_inform "to 'yes' or 'no'." - csih_inform "However, using privilege separation requires a non-privileged account" - csih_inform "called 'sshd'." - csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." - if csih_request "Should privilege separation be used?" + if ! csih_create_unprivileged_user sshd then - privsep_used=yes - if ! csih_create_unprivileged_user sshd - then - csih_error_recoverable "Couldn't create user 'sshd'!" - csih_error_recoverable "Privilege separation set to 'no' again!" - csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" - let ++ret - privsep_used=no - fi - else - privsep_used=no + csih_error_recoverable "Could not create user 'sshd'!" + csih_error_recoverable "You will not be able to run an sshd service" + csih_error_recoverable "under a privileged account successfully." + csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" + csih_error_recoverable "manually before trying to run the service!" + let ++ret fi fi return $ret @@ -202,18 +189,6 @@ sshd_config_tweak() { let ++ret fi fi - if [ "${sshd_config_configured}" != "yes" ] - then - /usr/bin/sed -i -e " - s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \ - ${SYSCONFDIR}/sshd_config - if [ $? -ne 0 ] - then - csih_warning "Setting privilege separation failed!" - csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" - let ++ret - fi - fi return $ret } # --- End of sshd_config_tweak --- # @@ -693,7 +668,7 @@ then fi fi -# handle sshd_config (and privsep) +# handle sshd_config csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 then diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 666097c5e619..7de45457a742 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 7.4p1 +%define ver 7.5p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 4c4bbb69cb3e..e62be39d0aac 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 7.4p1 +Version: 7.5p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/digest-openssl.c b/digest-openssl.c index 13b63c2f006d..c55ceb93f9d4 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */ +/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */ /* * Copyright (c) 2013 Damien Miller <djm@mindrot.org> * @@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); u_int l = dlen; - if (dlen > UINT_MAX) + if (digest == NULL || dlen > UINT_MAX) return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; diff --git a/hostfile.c b/hostfile.c index 4548fbab3d80..e23faa9696af 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ +/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -419,19 +419,24 @@ write_host_entry(FILE *f, const char *host, const char *ip, const struct sshkey *key, int store_hash) { int r, success = 0; - char *hashed_host = NULL; + char *hashed_host = NULL, *lhost; + + lhost = xstrdup(host); + lowercase(lhost); if (store_hash) { - if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { + if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { error("%s: host_hash failed", __func__); + free(lhost); return 0; } fprintf(f, "%s ", hashed_host); } else if (ip != NULL) - fprintf(f, "%s,%s ", host, ip); - else - fprintf(f, "%s ", host); - + fprintf(f, "%s,%s ", lhost, ip); + else { + fprintf(f, "%s ", lhost); + } + free(lhost); if ((r = sshkey_write(key, f)) == 0) success = 1; else @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */ +/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -178,7 +178,7 @@ kex_names_valid(const char *names) char * kex_names_cat(const char *a, const char *b) { - char *ret = NULL, *tmp = NULL, *cp, *p; + char *ret = NULL, *tmp = NULL, *cp, *p, *m; size_t len; if (a == NULL || *a == '\0') @@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b) } strlcpy(ret, a, len); for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { - if (match_list(ret, p, NULL) != NULL) + if ((m = match_list(ret, p, NULL)) != NULL) { + free(m); continue; /* Algorithm already present */ + } if (strlcat(ret, ",", len) >= len || strlcat(ret, p, len) >= len) { free(tmp); @@ -211,7 +213,8 @@ kex_names_cat(const char *a, const char *b) /* * Assemble a list of algorithms from a default list and a string from a * configuration file. The user-provided string may begin with '+' to - * indicate that it should be appended to the default. + * indicate that it should be appended to the default or '-' that the + * specified names should be removed. */ int kex_assemble_names(const char *def, char **list) @@ -222,14 +225,18 @@ kex_assemble_names(const char *def, char **list) *list = strdup(def); return 0; } - if (**list != '+') { - return 0; + if (**list == '+') { + if ((ret = kex_names_cat(def, *list + 1)) == NULL) + return SSH_ERR_ALLOC_FAIL; + free(*list); + *list = ret; + } else if (**list == '-') { + if ((ret = match_filter_list(def, *list + 1)) == NULL) + return SSH_ERR_ALLOC_FAIL; + free(*list); + *list = ret; } - if ((ret = kex_names_cat(def, *list + 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - free(*list); - *list = ret; return 0; } @@ -334,7 +341,6 @@ kex_reset_dispatch(struct ssh *ssh) { ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); - ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); } static int @@ -343,7 +349,7 @@ kex_send_ext_info(struct ssh *ssh) int r; char *algs; - if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) + if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || @@ -424,6 +430,7 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt) debug("SSH2_MSG_NEWKEYS received"); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); if ((r = sshpkt_get_end(ssh)) != 0) return r; if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) @@ -538,6 +545,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) goto out; kex->done = 0; kex_reset_dispatch(ssh); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); r = 0; *kexp = kex; out: @@ -646,8 +654,10 @@ choose_enc(struct sshenc *enc, char *client, char *server) if (name == NULL) return SSH_ERR_NO_CIPHER_ALG_MATCH; - if ((enc->cipher = cipher_by_name(name)) == NULL) + if ((enc->cipher = cipher_by_name(name)) == NULL) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } enc->name = name; enc->enabled = 0; enc->iv = NULL; @@ -665,8 +675,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) if (name == NULL) return SSH_ERR_NO_MAC_ALG_MATCH; - if (mac_setup(mac, name) < 0) + if (mac_setup(mac, name) < 0) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } /* truncate the key */ if (ssh->compat & SSH_BUG_HMAC) mac->key_len = 16; @@ -690,6 +702,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { + free(name); return SSH_ERR_INTERNAL_ERROR; } comp->name = name; @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.38 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: krl.c,v 1.39 2017/03/10 07:18:32 dtucker Exp $ */ #include "includes.h" @@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, break; case KRL_SECTION_SIGNATURE: /* Handled above, but still need to stay in synch */ - sshbuf_reset(sect); + sshbuf_free(sect); sect = NULL; if ((r = sshbuf_skip_string(copy)) != 0) goto out; @@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key) debug2("%s: checking KRL %s", __func__, path); r = ssh_krl_check_key(krl, key); out: - close(fd); + if (fd != -1) + close(fd); sshbuf_free(krlbuf); ssh_krl_free(krl); if (r != 0) @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ +/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -453,7 +453,8 @@ do_log(LogLevel level, const char *fmt, va_list args) tmp_handler(level, fmtbuf, log_handler_ctx); log_handler = tmp_handler; } else if (log_on_stderr) { - snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); + snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n", + (int)sizeof msgbuf - 3, fmtbuf); (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); } else { #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.33 2016/11/06 05:46:37 djm Exp $ */ +/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -42,9 +42,11 @@ #include <ctype.h> #include <stdlib.h> #include <string.h> +#include <stdio.h> #include "xmalloc.h" #include "match.h" +#include "misc.h" /* * Returns true if the given string matches the pattern (which may contain ? @@ -145,7 +147,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower) if (subi >= sizeof(sub) - 1) return 0; - /* If the subpattern was terminated by a comma, skip the comma. */ + /* If the subpattern was terminated by a comma, then skip it. */ if (i < len && pattern[i] == ',') i++; @@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower) int match_hostname(const char *host, const char *pattern) { - return match_pattern_list(host, pattern, 1); + char *hostcopy = xstrdup(host); + int r; + + lowercase(hostcopy); + r = match_pattern_list(hostcopy, pattern, 1); + free(hostcopy); + return r; } /* @@ -284,3 +292,35 @@ match_list(const char *client, const char *server, u_int *next) free(s); return NULL; } + +/* + * Filters a comma-separated list of strings, excluding any entry matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_list(const char *proposal, const char *filter) +{ + size_t len = strlen(proposal) + 1; + char *fix_prop = malloc(len); + char *orig_prop = strdup(proposal); + char *cp, *tmp; + + if (fix_prop == NULL || orig_prop == NULL) { + free(orig_prop); + free(fix_prop); + return NULL; + } + + tmp = orig_prop; + *fix_prop = '\0'; + while ((cp = strsep(&tmp, ",")) != NULL) { + if (match_pattern_list(cp, filter, 0) != 1) { + if (*fix_prop != '\0') + strlcat(fix_prop, ",", len); + strlcat(fix_prop, cp, len); + } + } + free(orig_prop); + return fix_prop; +} + @@ -1,4 +1,4 @@ -/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ +/* $OpenBSD: match.h,v 1.17 2017/02/03 23:01:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -20,6 +20,7 @@ int match_hostname(const char *, const char *); int match_host_and_ip(const char *, const char *, const char *); int match_user(const char *, const char *, const char *, const char *); char *match_list(const char *, const char *, u_int *); +char *match_filter_list(const char *, const char *); /* addrmatch.c */ int addr_match_list(const char *, const char *); @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -306,7 +306,7 @@ a2tun(const char *s, int *remote) long convtime(const char *s) { - long total, secs; + long total, secs, multiplier = 1; const char *p; char *endp; @@ -333,23 +333,28 @@ convtime(const char *s) break; case 'm': case 'M': - secs *= MINUTES; + multiplier = MINUTES; break; case 'h': case 'H': - secs *= HOURS; + multiplier = HOURS; break; case 'd': case 'D': - secs *= DAYS; + multiplier = DAYS; break; case 'w': case 'W': - secs *= WEEKS; + multiplier = WEEKS; break; default: return -1; } + if (secs >= LONG_MAX / multiplier) + return -1; + secs *= multiplier; + if (total >= LONG_MAX - secs) + return -1; total += secs; if (total < 0) return -1; diff --git a/monitor.c b/monitor.c index 43f484709b8b..96d22b7e40e9 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -283,6 +283,7 @@ monitor_permit_authentications(int permit) void monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) { + struct ssh *ssh = active_state; /* XXX */ struct mon_table *ent; int authenticated = 0, partial = 0; @@ -356,6 +357,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) debug("%s: %s has been authenticated by privileged process", __func__, authctxt->user); + ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); mm_get_keystate(pmonitor); @@ -695,6 +697,7 @@ mm_answer_sign(int sock, Buffer *m) int mm_answer_pwnamallow(int sock, Buffer *m) { + struct ssh *ssh = active_state; /* XXX */ char *username; struct passwd *pwent; int allowed = 0; @@ -739,6 +742,8 @@ mm_answer_pwnamallow(int sock, Buffer *m) buffer_put_cstring(m, pwent->pw_shell); out: + ssh_packet_set_log_preamble(ssh, "%suser %s", + authctxt->valid ? "authenticating" : "invalid ", authctxt->user); buffer_put_string(m, &options, sizeof(options)); #define M_CP_STROPT(x) do { \ @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.63 2016/10/19 23:21:56 dtucker Exp $ */ +/* $OpenBSD: mux.c,v 1.64 2017/01/21 11:32:04 guenther Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -2161,7 +2161,6 @@ int muxclient(const char *path) { struct sockaddr_un addr; - socklen_t sun_len; int sock; u_int pid; @@ -2185,8 +2184,6 @@ muxclient(const char *path) memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; - sun_len = offsetof(struct sockaddr_un, sun_path) + - strlen(path) + 1; if (strlcpy(addr.sun_path, path, sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) @@ -2196,7 +2193,7 @@ muxclient(const char *path) if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) fatal("%s socket(): %s", __func__, strerror(errno)); - if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) { + if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { switch (muxclient_command) { case SSHMUX_COMMAND_OPEN: case SSHMUX_COMMAND_STDIO_FWD: diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 6f3bc8f1d4f0..cfd73260ae18 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -301,3 +301,11 @@ mbtowc(wchar_t *pwc, const char *s, size_t n) return 1; } #endif + +#ifndef HAVE_LLABS +long long +llabs(long long j) +{ + return (j < 0 ? -j : j); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 6f08b09faaa6..70a538f04e2d 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -135,4 +135,8 @@ void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); void warn(const char *, ...) __attribute__((format(printf, 1, 2))); #endif +#ifndef HAVE_LLABS +long long llabs(long long); +#endif + #endif /* _BSD_MISC_H */ diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c index edd682a49823..e5533b2de90c 100644 --- a/openbsd-compat/fmt_scaled.c +++ b/openbsd-compat/fmt_scaled.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fmt_scaled.c,v 1.9 2007/03/20 03:42:52 tedu Exp $ */ +/* $OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $ */ /* * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. @@ -69,7 +69,7 @@ static long long scale_factors[] = { #define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */ -/** Convert the given input string "scaled" into numeric in "result". +/* Convert the given input string "scaled" into numeric in "result". * Return 0 on success, -1 and errno set on error. */ int @@ -81,7 +81,7 @@ scan_scaled(char *scaled, long long *result) long long scale_fact = 1, whole = 0, fpart = 0; /* Skip leading whitespace */ - while (isascii(*p) && isspace(*p)) + while (isascii((unsigned char)*p) && isspace((unsigned char)*p)) ++p; /* Then at most one leading + or - */ @@ -108,7 +108,8 @@ scan_scaled(char *scaled, long long *result) * (but note that E for Exa might look like e to some!). * Advance 'p' to end, to get scale factor. */ - for (; isascii(*p) && (isdigit(*p) || *p=='.'); ++p) { + for (; isascii((unsigned char)*p) && + (isdigit((unsigned char)*p) || *p=='.'); ++p) { if (*p == '.') { if (fract_digits > 0) { /* oops, more than one '.' */ errno = EINVAL; @@ -124,6 +125,10 @@ scan_scaled(char *scaled, long long *result) /* ignore extra fractional digits */ continue; fract_digits++; /* for later scaling */ + if (fpart >= LLONG_MAX / 10) { + errno = ERANGE; + return -1; + } fpart *= 10; fpart += i; } else { /* normal digit */ @@ -131,6 +136,10 @@ scan_scaled(char *scaled, long long *result) errno = ERANGE; return -1; } + if (whole >= LLONG_MAX / 10) { + errno = ERANGE; + return -1; + } whole *= 10; whole += i; } @@ -150,17 +159,22 @@ scan_scaled(char *scaled, long long *result) /* Validate scale factor, and scale whole and fraction by it. */ for (i = 0; i < SCALE_LENGTH; i++) { - /** Are we there yet? */ + /* Are we there yet? */ if (*p == scale_chars[i] || - *p == tolower(scale_chars[i])) { + *p == tolower((unsigned char)scale_chars[i])) { /* If it ends with alphanumerics after the scale char, bad. */ - if (isalnum(*(p+1))) { + if (isalnum((unsigned char)*(p+1))) { errno = EINVAL; return -1; } scale_fact = scale_factors[i]; + if (whole >= LLONG_MAX / scale_fact) { + errno = ERANGE; + return -1; + } + /* scale whole part */ whole *= scale_fact; @@ -181,7 +195,9 @@ scan_scaled(char *scaled, long long *result) return 0; } } - errno = ERANGE; + + /* Invalid unit or character */ + errno = EINVAL; return -1; } @@ -196,7 +212,7 @@ fmt_scaled(long long number, char *result) unsigned int i; unit_type unit = NONE; - abval = (number < 0LL) ? -number : number; /* no long long_abs yet */ + abval = llabs(number); /* Not every negative long long has a positive representation. * Also check for numbers that are just too darned big to format @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -353,6 +353,25 @@ ssh_packet_get_mux(struct ssh *ssh) } int +ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...) +{ + va_list args; + int r; + + free(ssh->log_preamble); + if (fmt == NULL) + ssh->log_preamble = NULL; + else { + va_start(args, fmt); + r = vasprintf(&ssh->log_preamble, fmt, args); + va_end(args); + if (r < 0 || ssh->log_preamble == NULL) + return SSH_ERR_ALLOC_FAIL; + } + return 0; +} + +int ssh_packet_stop_discard(struct ssh *ssh) { struct session_state *state = ssh->state; @@ -1049,7 +1068,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) /* Time-based rekeying */ if (state->rekey_interval != 0 && - state->rekey_time + state->rekey_interval <= monotime()) + (int64_t)state->rekey_time + state->rekey_interval <= monotime()) return 1; /* Always rekey when MAX_PACKETS sent in either direction */ @@ -1447,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) break; } } - if (r == 0) - return SSH_ERR_CONN_TIMEOUT; + if (r == 0) { + r = SSH_ERR_CONN_TIMEOUT; + goto out; + } /* Read data from the socket. */ len = read(state->connection_in, buf, sizeof(buf)); if (len == 0) { @@ -1829,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (r != SSH_ERR_MAC_INVALID) goto out; logit("Corrupted MAC on input."); - if (need > PACKET_MAX_SIZE) + if (need + block_size > PACKET_MAX_SIZE) return SSH_ERR_INTERNAL_ERROR; return ssh_packet_start_discard(ssh, enc, mac, sshbuf_len(state->incoming_packet), - PACKET_MAX_SIZE - need); + PACKET_MAX_SIZE - need - block_size); } /* Remove MAC from input buffer */ DBG(debug("MAC #%d ok", state->p_read.seqnr)); @@ -2074,27 +2095,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) fatal("%s: %s", __func__, ssh_err(r)); } +static void +fmt_connection_id(struct ssh *ssh, char *s, size_t l) +{ + snprintf(s, l, "%.200s%s%s port %d", + ssh->log_preamble ? ssh->log_preamble : "", + ssh->log_preamble ? " " : "", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); +} + /* * Pretty-print connection-terminating errors and exit. */ void sshpkt_fatal(struct ssh *ssh, const char *tag, int r) { + char remote_id[512]; + + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + switch (r) { case SSH_ERR_CONN_CLOSED: - logdie("Connection closed by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection closed by %s", remote_id); case SSH_ERR_CONN_TIMEOUT: - logdie("Connection %s %.200s port %d timed out", - ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection %s %s timed out", + ssh->state->server_side ? "from" : "to", remote_id); case SSH_ERR_DISCONNECTED: - logdie("Disconnected from %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Disconnected from %s", remote_id); case SSH_ERR_SYSTEM_ERROR: if (errno == ECONNRESET) - logdie("Connection reset by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection reset by %s", remote_id); /* FALLTHROUGH */ case SSH_ERR_NO_CIPHER_ALG_MATCH: case SSH_ERR_NO_MAC_ALG_MATCH: @@ -2102,17 +2132,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) case SSH_ERR_NO_KEX_ALG_MATCH: case SSH_ERR_NO_HOSTKEY_ALG_MATCH: if (ssh && ssh->kex && ssh->kex->failed_choice) { - logdie("Unable to negotiate with %.200s port %d: %s. " - "Their offer: %s", ssh_remote_ipaddr(ssh), - ssh_remote_port(ssh), ssh_err(r), + logdie("Unable to negotiate with %s: %s. " + "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice); } /* FALLTHROUGH */ default: - logdie("%s%sConnection %s %.200s port %d: %s", + logdie("%s%sConnection %s %s: %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); + remote_id, ssh_err(r)); } } @@ -2125,7 +2154,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) void ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) { - char buf[1024]; + char buf[1024], remote_id[512]; va_list args; static int disconnecting = 0; int r; @@ -2138,12 +2167,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) * Format the message. Note that the caller must make sure the * message is of limited size. */ + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); /* Display the error locally */ - logit("Disconnecting: %.100s", buf); + logit("Disconnecting %s: %.100s", remote_id, buf); /* * Send the disconnect message to the other side, and wait @@ -2396,10 +2426,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes) } void -ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) +ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds) { - debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, - (int)seconds); + debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes, + (unsigned int)seconds); ssh->state->rekey_limit = bytes; ssh->state->rekey_interval = seconds; } @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.76 2017/02/03 23:03:33 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -62,6 +62,9 @@ struct ssh { char *local_ipaddr; int local_port; + /* Optional preamble for log messages (e.g. username) */ + char *log_preamble; + /* Dispatcher table */ dispatch_fn *dispatch[DISPATCH_MAX]; /* number of packets to ignore in the dispatcher */ @@ -104,6 +107,8 @@ void ssh_packet_set_server(struct ssh *); void ssh_packet_set_authenticated(struct ssh *); void ssh_packet_set_mux(struct ssh *); int ssh_packet_get_mux(struct ssh *); +int ssh_packet_set_log_preamble(struct ssh *, const char *, ...) + __attribute__((format(printf, 2, 3))); int ssh_packet_log_type(u_char); @@ -154,7 +159,7 @@ int ssh_remote_port(struct ssh *); const char *ssh_local_ipaddr(struct ssh *); int ssh_local_port(struct ssh *); -void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); +void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t); time_t ssh_packet_get_rekey_timeout(struct ssh *); void *ssh_packet_get_input(struct ssh *); diff --git a/pathnames.h b/pathnames.h index f5e11ab15836..a8deb9fc609b 100644 --- a/pathnames.h +++ b/pathnames.h @@ -166,15 +166,6 @@ #define _PATH_LS "ls" #endif -/* path to login program */ -#ifndef LOGIN_PROGRAM -# ifdef LOGIN_PROGRAM_FALLBACK -# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK -# else -# define LOGIN_PROGRAM "/usr/bin/login" -# endif -#endif /* LOGIN_PROGRAM */ - /* Askpass program define */ #ifndef ASKPASS_PROGRAM #define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" diff --git a/readconf.c b/readconf.c index fa3fab8f080b..9d59493f0187 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */ +/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -93,7 +93,7 @@ Host books.com RemoteForward 9999 shadows.cs.hut.fi:9999 - Cipher 3des + Ciphers 3des-cbc Host fascist.blob.com Port 23123 @@ -108,7 +108,7 @@ PublicKeyAuthentication no Host *.su - Cipher none + Ciphers aes128-ctr PasswordAuthentication no Host vpn.fake.com @@ -180,6 +180,44 @@ static struct { const char *name; OpCodes opcode; } keywords[] = { + /* Deprecated options */ + { "fallbacktorsh", oDeprecated }, + { "globalknownhostsfile2", oDeprecated }, + { "rhostsauthentication", oDeprecated }, + { "userknownhostsfile2", oDeprecated }, + { "useroaming", oDeprecated }, + { "usersh", oDeprecated }, + + /* Unsupported options */ + { "afstokenpassing", oUnsupported }, + { "kerberosauthentication", oUnsupported }, + { "kerberostgtpassing", oUnsupported }, + + /* Sometimes-unsupported options */ +#if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, + { "gssapidelegatecredentials", oGssDelegateCreds }, +# else + { "gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, +#endif +#ifdef ENABLE_PKCS11 + { "smartcarddevice", oPKCS11Provider }, + { "pkcs11provider", oPKCS11Provider }, +# else + { "smartcarddevice", oUnsupported }, + { "pkcs11provider", oUnsupported }, +#endif +#ifdef WITH_SSH1 + { "rsaauthentication", oRSAAuthentication }, + { "rhostsrsaauthentication", oRhostsRSAAuthentication }, + { "compressionlevel", oCompressionLevel }, +# else + { "rsaauthentication", oUnsupported }, + { "rhostsrsaauthentication", oUnsupported }, + { "compressionlevel", oUnsupported }, +#endif + { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, { "forwardx11trusted", oForwardX11Trusted }, @@ -188,30 +226,15 @@ static struct { { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, - { "rhostsauthentication", oDeprecated }, { "passwordauthentication", oPasswordAuthentication }, { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, { "kbdinteractivedevices", oKbdInteractiveDevices }, - { "rsaauthentication", oRSAAuthentication }, { "pubkeyauthentication", oPubkeyAuthentication }, { "dsaauthentication", oPubkeyAuthentication }, /* alias */ - { "rhostsrsaauthentication", oRhostsRSAAuthentication }, { "hostbasedauthentication", oHostbasedAuthentication }, { "challengeresponseauthentication", oChallengeResponseAuthentication }, { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ - { "kerberosauthentication", oUnsupported }, - { "kerberostgtpassing", oUnsupported }, - { "afstokenpassing", oUnsupported }, -#if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -#else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -#endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* obsolete */ { "identitiesonly", oIdentitiesOnly }, @@ -233,15 +256,12 @@ static struct { { "match", oMatch }, { "escapechar", oEscapeChar }, { "globalknownhostsfile", oGlobalKnownHostsFile }, - { "globalknownhostsfile2", oDeprecated }, { "userknownhostsfile", oUserKnownHostsFile }, - { "userknownhostsfile2", oDeprecated }, { "connectionattempts", oConnectionAttempts }, { "batchmode", oBatchMode }, { "checkhostip", oCheckHostIP }, { "stricthostkeychecking", oStrictHostKeyChecking }, { "compression", oCompression }, - { "compressionlevel", oCompressionLevel }, { "tcpkeepalive", oTCPKeepAlive }, { "keepalive", oTCPKeepAlive }, /* obsolete */ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, @@ -250,13 +270,6 @@ static struct { { "preferredauthentications", oPreferredAuthentications }, { "hostkeyalgorithms", oHostKeyAlgorithms }, { "bindaddress", oBindAddress }, -#ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, - { "pkcs11provider", oPKCS11Provider }, -#else - { "smartcarddevice", oUnsupported }, - { "pkcs11provider", oUnsupported }, -#endif { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, { "verifyhostkeydns", oVerifyHostKeyDNS }, @@ -277,7 +290,6 @@ static struct { { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, - { "useroaming", oDeprecated }, { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, { "requesttty", oRequestTTY }, @@ -830,11 +842,11 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, activep = &cmdline; } - /* Strip trailing whitespace */ + /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ if ((len = strlen(line)) == 0) return 0; for (len--; len > 0; len--) { - if (strchr(WHITESPACE, line[len]) == NULL) + if (strchr(WHITESPACE "\f", line[len]) == NULL) break; line[len] = '\0'; } @@ -1182,7 +1194,7 @@ parse_int: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->ciphers == NULL) @@ -1193,7 +1205,7 @@ parse_int: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!mac_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->macs == NULL) @@ -1205,7 +1217,8 @@ parse_int: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !kex_names_valid(*arg == '+' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->kex_algorithms == NULL) @@ -1219,7 +1232,8 @@ parse_keytypes: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) + if (*arg != '-' && + !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && *charptr == NULL) @@ -1486,6 +1500,7 @@ parse_keytypes: if (r == GLOB_NOMATCH) { debug("%.200s line %d: include %s matched no " "files",filename, linenum, arg2); + free(arg2); continue; } else if (r != 0 || gl.gl_pathc < 0) fatal("%.200s line %d: glob failed for %s.", @@ -1502,6 +1517,11 @@ parse_keytypes: flags | SSHCONF_CHECKPERM | (oactive ? 0 : SSHCONF_NEVERMATCH), activep, depth + 1); + if (r != 1 && errno != ENOENT) { + fatal("Can't open user config file " + "%.100s: %.100s", gl.gl_pathv[i], + strerror(errno)); + } /* * don't let Match in includes clobber the * containing file's Match state. @@ -1700,7 +1720,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, int flags, int *activep, int depth) { FILE *f; - char line[1024]; + char line[4096]; int linenum; int bad_options = 0; @@ -1730,6 +1750,8 @@ read_config_file_depth(const char *filename, struct passwd *pw, while (fgets(line, sizeof(line), f)) { /* Update line number counter. */ linenum++; + if (strlen(line) == sizeof(line) - 1) + fatal("%s line %d too long", filename, linenum); if (process_config_line_depth(options, pw, host, original_host, line, filename, linenum, activep, flags, depth) != 0) bad_options++; @@ -2446,10 +2468,10 @@ dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds) /* oDynamicForward */ for (i = 0; i < count; i++) { fwd = &fwds[i]; - if (code == oDynamicForward && + if (code == oDynamicForward && fwd->connect_host != NULL && strcmp(fwd->connect_host, "socks") != 0) continue; - if (code == oLocalForward && + if (code == oLocalForward && fwd->connect_host != NULL && strcmp(fwd->connect_host, "socks") == 0) continue; printf("%s", lookup_opcode_name(code)); @@ -2522,8 +2544,10 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); dump_cfg_fmtint(oRequestTTY, o->request_tty); +#ifdef WITH_RSA1 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication); dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication); +#endif dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); @@ -2535,7 +2559,9 @@ dump_client_config(Options *o, const char *host) /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); +#ifdef WITH_SSH1 dump_cfg_int(oCompressionLevel, o->compression_level); +#endif dump_cfg_int(oConnectionAttempts, o->connection_attempts); dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); @@ -2555,7 +2581,9 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oLocalCommand, o->local_command); dump_cfg_string(oLogLevel, log_level_name(o->log_level)); dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); +#ifdef ENABLE_PKCS11 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); +#endif dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); diff --git a/regress/Makefile b/regress/Makefile index c2dba4fdf5ea..b23496b98417 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -222,6 +222,7 @@ unit: $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \ -d ${.CURDIR}/unittests/sshkey/testdata ; \ $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \ + $$V ${.OBJDIR}/unittests/conversion/test_conversion ; \ $$V ${.OBJDIR}/unittests/kex/test_kex ; \ $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ -d ${.CURDIR}/unittests/hostkeys/testdata ; \ diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 91621a59ca19..34bced154f72 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" @@ -32,17 +32,17 @@ if [ $r -ne 0 ]; then else chmod 644 ${SSH_AUTH_SOCK} - ssh-add -l > /dev/null 2>&1 + ${SSHADD} -l > /dev/null 2>&1 r=$? if [ $r -ne 1 ]; then fail "ssh-add failed with $r != 1" fi if test -z "$sudo" ; then # doas - ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null + ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null else # sudo - < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null + < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null fi r=$? if [ $r -lt 2 ]; then diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh index 32a269afa97c..86805e19322b 100644 --- a/regress/allow-deny-users.sh +++ b/regress/allow-deny-users.sh @@ -4,7 +4,7 @@ tid="AllowUsers/DenyUsers" me="$LOGNAME" -if [ "x$me" == "x" ]; then +if [ "x$me" = "x" ]; then me=`whoami` fi other="nobody" diff --git a/regress/cert-file.sh b/regress/cert-file.sh index b184e7feabce..43b8e02014ce 100755 --- a/regress/cert-file.sh +++ b/regress/cert-file.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $ +# $OpenBSD: cert-file.sh,v 1.5 2017/03/11 23:44:16 djm Exp $ # Placed in the Public Domain. tid="ssh with certificates" @@ -17,24 +17,59 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \ fatal "ssh-keygen failed" ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \ fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key3 || \ + fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key4 || \ + fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key5 || \ + fatal "ssh-keygen failed" + # Move the certificate to a different address to better control # when it is offered. ${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ -z $$ -n ${USER} $OBJ/user_key1 || - fail "couldn't sign user_key1 with user_ca_key1" + fatal "couldn't sign user_key1 with user_ca_key1" mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub ${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \ -z $$ -n ${USER} $OBJ/user_key1 || - fail "couldn't sign user_key1 with user_ca_key2" + fatal "couldn't sign user_key1 with user_ca_key2" mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub +${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ + -z $$ -n ${USER} $OBJ/user_key3 || + fatal "couldn't sign user_key3 with user_ca_key1" +rm $OBJ/user_key3.pub # to test use of private key w/o public half. +${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ + -z $$ -n ${USER} $OBJ/user_key4 || + fatal "couldn't sign user_key4 with user_ca_key1" +rm $OBJ/user_key4 $OBJ/user_key4.pub # to test no matching pub/private key case. trace 'try with identity files' opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes" opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2" echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER +# Make a clean config that doesn't have any pre-added identities. +cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config + +# XXX: verify that certificate used was what we expect. Needs exposure of +# keys via enviornment variable or similar. + for p in ${SSH_PROTOCOLS}; do + # Key with no .pub should work - finding the equivalent *-cert.pub. + verbose "protocol $p: identity cert with no plain public file" + ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ + -i $OBJ/user_key3 somehost exit 5$p + [ $? -ne 5$p ] && fail "ssh failed" + + # CertificateFile matching private key with no .pub file should work. + verbose "protocol $p: CertificateFile with no plain public file" + ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ + -oCertificateFile=$OBJ/user_key3-cert.pub \ + -i $OBJ/user_key3 somehost exit 5$p + [ $? -ne 5$p ] && fail "ssh failed" + # Just keys should fail + verbose "protocol $p: plain keys" ${SSH} $opts2 somehost exit 5$p r=$? if [ $r -eq 5$p ]; then @@ -42,6 +77,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Keys with untrusted cert should fail. + verbose "protocol $p: untrusted cert" opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" ${SSH} $opts3 somehost exit 5$p r=$? @@ -50,6 +86,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Good cert with bad key should fail. + verbose "protocol $p: good cert, bad key" opts3="$opts -i $OBJ/user_key2" opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" ${SSH} $opts3 somehost exit 5$p @@ -59,6 +96,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Keys with one trusted cert, should succeed. + verbose "protocol $p: single trusted" opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" ${SSH} $opts3 somehost exit 5$p r=$? @@ -67,6 +105,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Multiple certs and keys, with one trusted cert, should succeed. + verbose "protocol $p: multiple trusted" opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" ${SSH} $opts3 somehost exit 5$p @@ -74,14 +113,6 @@ for p in ${SSH_PROTOCOLS}; do if [ $r -ne 5$p ]; then fail "ssh failed with multiple certs in protocol $p" fi - - #Keys with trusted certificate specified in config options, should succeed. - opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" - ${SSH} $opts3 somehost exit 5$p - r=$? - if [ $r -ne 5$p ]; then - fail "ssh failed with trusted cert in config in protocol $p" - fi done #next, using an agent in combination with the keys diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 2539db9b754b..45c596d7db99 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $ +# $OpenBSD: forwarding.sh,v 1.19 2017/01/30 05:22:14 djm Exp $ # Placed in the Public Domain. tid="local and remote forwarding" @@ -10,8 +10,7 @@ start_sshd base=33 last=$PORT fwd="" -CTL=$OBJ/ctl-sock -rm -f $CTL +CTL=/tmp/openssh.regress.ctl-sock.$$ for j in 0 1 2; do for i in 0 1 2; do @@ -29,7 +28,8 @@ for p in ${SSH_PROTOCOLS}; do q=$p fi trace "start forwarding, fork to background" - ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 + rm -f $CTL + ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 trace "transfer over forwarded channels and check result" ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ @@ -37,7 +37,7 @@ for p in ${SSH_PROTOCOLS}; do test -s ${COPY} || fail "failed copy of ${DATA}" cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost done for p in ${SSH_PROTOCOLS}; do @@ -52,7 +52,7 @@ for d in L R; do -$d ${base}04:127.0.0.1:$PORT \ -oExitOnForwardFailure=yes somehost true if [ $? != 0 ]; then - fail "connection failed, should not" + fatal "connection failed, should not" else # this one should fail ${SSH} -q -$p -F $OBJ/ssh_config \ @@ -75,30 +75,32 @@ for p in ${SSH_PROTOCOLS}; do ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true trace "clear local forward proto $p" - ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ + rm -f $CTL + ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ -oClearAllForwardings=yes somehost sleep 10 if [ $? != 0 ]; then fail "connection failed with cleared local forwarding" else # this one should fail - ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ + ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \ >>$TEST_REGRESS_LOGFILE 2>&1 && \ fail "local forwarding not cleared" fi - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost trace "clear remote forward proto $p" - ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ + rm -f $CTL + ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ -oClearAllForwardings=yes somehost sleep 10 if [ $? != 0 ]; then fail "connection failed with cleared remote forwarding" else # this one should fail - ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ + ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \ >>$TEST_REGRESS_LOGFILE 2>&1 && \ fail "remote forwarding not cleared" fi - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost done for p in 2; do @@ -115,6 +117,7 @@ echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config for p in ${SSH_PROTOCOLS}; do trace "config file: start forwarding, fork to background" + rm -f $CTL ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10 trace "config file: transfer over forwarded channels and check result" @@ -123,21 +126,24 @@ for p in ${SSH_PROTOCOLS}; do test -s ${COPY} || fail "failed copy of ${DATA}" cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" - ${SSH} -S $CTL -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost done for p in 2; do trace "transfer over chained unix domain socket forwards and check result" rm -f $OBJ/unix-[123].fwd - ${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10 - ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10 - ${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10 - ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10 + rm -f $CTL $CTL.[123] + ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10 + ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10 + ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10 + ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10 ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \ somehost cat ${DATA} > ${COPY} test -s ${COPY} || fail "failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" - #wait - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost done diff --git a/regress/integrity.sh b/regress/integrity.sh index 39d310deb09b..1df2924f5f09 100755 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -1,12 +1,10 @@ -# $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $ +# $OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $ # Placed in the Public Domain. tid="integrity" cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak # start at byte 2900 (i.e. after kex) and corrupt at different offsets -# XXX the test hangs if we modify the low bytes of the packet length -# XXX and ssh tries to read... tries=10 startoffset=2900 macs=`${SSH} -Q mac` @@ -27,6 +25,7 @@ for m in $macs; do elen=0 epad=0 emac=0 + etmo=0 ecnt=0 skip=0 for off in `jot $tries $startoffset`; do diff --git a/regress/test-exec.sh b/regress/test-exec.sh index bfa48803b561..dc033cd96203 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -444,12 +444,10 @@ Host * User $USER GlobalKnownHostsFile $OBJ/known_hosts UserKnownHostsFile $OBJ/known_hosts - RSAAuthentication yes PubkeyAuthentication yes ChallengeResponseAuthentication no HostbasedAuthentication no PasswordAuthentication no - RhostsRSAAuthentication no BatchMode yes StrictHostKeyChecking yes LogLevel DEBUG3 diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile index e70b16644311..e975f6ca4160 100644 --- a/regress/unittests/Makefile +++ b/regress/unittests/Makefile @@ -1,5 +1,6 @@ -# $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $ -REGRESS_FAIL_EARLY= yes -SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match +# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $ + +REGRESS_FAIL_EARLY?= yes +SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion .include <bsd.subdir.mk> diff --git a/regress/unittests/conversion/Makefile b/regress/unittests/conversion/Makefile new file mode 100644 index 000000000000..cde97dc28a9a --- /dev/null +++ b/regress/unittests/conversion/Makefile @@ -0,0 +1,10 @@ +# $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $ + +PROG=test_conversion +SRCS=tests.c +REGRESS_TARGETS=run-regress-${PROG} + +run-regress-${PROG}: ${PROG} + env ${TEST_ENV} ./${PROG} + +.include <bsd.regress.mk> diff --git a/regress/unittests/conversion/tests.c b/regress/unittests/conversion/tests.c new file mode 100644 index 000000000000..6dd77ef42548 --- /dev/null +++ b/regress/unittests/conversion/tests.c @@ -0,0 +1,51 @@ +/* $OpenBSD: tests.c,v 1.1 2017/03/14 01:20:29 dtucker Exp $ */ +/* + * Regress test for conversions + * + * Placed in the public domain + */ + +#include "includes.h" + +#include <sys/types.h> +#include <sys/param.h> +#include <stdio.h> +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +#include <stdlib.h> +#include <string.h> + +#include "../test_helper/test_helper.h" + +#include "misc.h" + +void +tests(void) +{ + char buf[1024]; + + TEST_START("conversion_convtime"); + ASSERT_LONG_EQ(convtime("0"), 0); + ASSERT_LONG_EQ(convtime("1"), 1); + ASSERT_LONG_EQ(convtime("1S"), 1); + /* from the examples in the comment above the function */ + ASSERT_LONG_EQ(convtime("90m"), 5400); + ASSERT_LONG_EQ(convtime("1h30m"), 5400); + ASSERT_LONG_EQ(convtime("2d"), 172800); + ASSERT_LONG_EQ(convtime("1w"), 604800); + + /* negative time is not allowed */ + ASSERT_LONG_EQ(convtime("-7"), -1); + ASSERT_LONG_EQ(convtime("-9d"), -1); + + /* overflow */ + snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1); + ASSERT_LONG_EQ(convtime(buf), -1); + + /* overflow with multiplier */ + snprintf(buf, sizeof buf, "%lluM", (unsigned long long)LONG_MAX/60 + 1); + ASSERT_LONG_EQ(convtime(buf), -1); + ASSERT_LONG_EQ(convtime("1000000000000000000000w"), -1); + TEST_DONE(); +} diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c index 7ff319c162ad..e1593367bf3b 100644 --- a/regress/unittests/match/tests.c +++ b/regress/unittests/match/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */ +/* $OpenBSD: tests.c,v 1.4 2017/02/03 23:01:42 djm Exp $ */ /* * Regress test for matching functions * @@ -103,6 +103,25 @@ tests(void) /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */ TEST_DONE(); +#define CHECK_FILTER(string,filter,expected) \ + do { \ + char *result = match_filter_list((string), (filter)); \ + ASSERT_STRING_EQ(result, expected); \ + free(result); \ + } while (0) + + TEST_START("match_filter_list"); + CHECK_FILTER("a,b,c", "", "a,b,c"); + CHECK_FILTER("a,b,c", "a", "b,c"); + CHECK_FILTER("a,b,c", "b", "a,c"); + CHECK_FILTER("a,b,c", "c", "a,b"); + CHECK_FILTER("a,b,c", "a,b", "c"); + CHECK_FILTER("a,b,c", "a,c", "b"); + CHECK_FILTER("a,b,c", "b,c", "a"); + CHECK_FILTER("a,b,c", "a,b,c", ""); + CHECK_FILTER("a,b,c", "b,c", "a"); + CHECK_FILTER("", "a,b,c", ""); + TEST_DONE(); /* * XXX TODO * int match_host_and_ip(const char *, const char *, const char *); diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 26ca26b5e3b7..f855137fb29f 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.c,v 1.6 2015/03/03 20:42:49 djm Exp $ */ +/* $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller <djm@mindrot.org> * @@ -442,6 +442,17 @@ assert_u_int(const char *file, int line, const char *a1, const char *a2, } void +assert_long(const char *file, int line, const char *a1, const char *a2, + long aa1, long aa2, enum test_predicate pred) +{ + TEST_CHECK(aa1, aa2, pred); + test_header(file, line, a1, a2, "LONG", pred); + fprintf(stderr, "%12s = %ld / 0x%lx\n", a1, aa1, aa1); + fprintf(stderr, "%12s = %ld / 0x%lx\n", a2, aa2, aa2); + test_die(); +} + +void assert_long_long(const char *file, int line, const char *a1, const char *a2, long long aa1, long long aa2, enum test_predicate pred) { diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h index 1d9c66986d5d..615b7832b4dc 100644 --- a/regress/unittests/test_helper/test_helper.h +++ b/regress/unittests/test_helper/test_helper.h @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.h,v 1.6 2015/01/18 19:52:44 djm Exp $ */ +/* $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller <djm@mindrot.org> * @@ -67,6 +67,9 @@ void assert_size_t(const char *file, int line, void assert_u_int(const char *file, int line, const char *a1, const char *a2, u_int aa1, u_int aa2, enum test_predicate pred); +void assert_long(const char *file, int line, + const char *a1, const char *a2, + long aa1, long aa2, enum test_predicate pred); void assert_long_long(const char *file, int line, const char *a1, const char *a2, long long aa1, long long aa2, enum test_predicate pred); @@ -110,6 +113,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) #define ASSERT_U_INT_EQ(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) +#define ASSERT_LONG_EQ(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) #define ASSERT_LONG_LONG_EQ(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) #define ASSERT_CHAR_EQ(a1, a2) \ @@ -139,6 +144,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) #define ASSERT_U_INT_NE(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) +#define ASSERT_LONG_NE(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) #define ASSERT_LONG_LONG_NE(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) #define ASSERT_CHAR_NE(a1, a2) \ @@ -166,6 +173,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) #define ASSERT_U_INT_LT(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) +#define ASSERT_LONG_LT(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) #define ASSERT_LONG_LONG_LT(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) #define ASSERT_CHAR_LT(a1, a2) \ @@ -193,6 +202,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) #define ASSERT_U_INT_LE(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) +#define ASSERT_LONG_LE(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) #define ASSERT_LONG_LONG_LE(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) #define ASSERT_CHAR_LE(a1, a2) \ @@ -220,6 +231,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) #define ASSERT_U_INT_GT(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) +#define ASSERT_LONG_GT(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) #define ASSERT_LONG_LONG_GT(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) #define ASSERT_CHAR_GT(a1, a2) \ @@ -247,6 +260,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) #define ASSERT_U_INT_GE(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) +#define ASSERT_LONG_GE(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) #define ASSERT_LONG_LONG_GE(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) #define ASSERT_CHAR_GE(a1, a2) \ diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c index 31f9fe9c3b0c..f0bbca5096f0 100644 --- a/regress/unittests/utf8/tests.c +++ b/regress/unittests/utf8/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */ +/* $OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */ /* * Regress test for the utf8.h *mprintf() API * @@ -15,10 +15,7 @@ #include "utf8.h" -void badarg(void); -void one(const char *, const char *, int, int, int, const char *); - -void +static void badarg(void) { char buf[16]; @@ -33,8 +30,8 @@ badarg(void) TEST_DONE(); } -void -one(const char *name, const char *mbs, int width, +static void +one(int utf8, const char *name, const char *mbs, int width, int wantwidth, int wantlen, const char *wants) { char buf[16]; @@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width, if (wantlen == -2) wantlen = strlen(wants); - (void)strlcpy(buf, "utf8_", sizeof(buf)); + (void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf)); (void)strlcat(buf, name, sizeof(buf)); TEST_START(buf); wp = wantwidth == -2 ? NULL : &width; @@ -65,19 +62,41 @@ tests(void) TEST_DONE(); badarg(); - one("empty", "", 2, 0, 0, ""); - one("ascii", "x", -2, -2, -2, "x"); - one("newline", "a\nb", -2, -2, -2, "a\nb"); - one("cr", "a\rb", -2, -2, -2, "a\rb"); - one("tab", "a\tb", -2, -2, -2, "a\tb"); - one("esc", "\033x", -2, -2, -2, "\\033x"); - one("inv_badbyte", "\377x", -2, -2, -2, "\\377x"); - one("inv_nocont", "\341x", -2, -2, -2, "\\341x"); - one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); - one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); - one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); - one("width_ascii", "123", 2, 2, -1, "12"); - one("width_double", "a\343\201\201", 2, 1, -1, "a"); - one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); - one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); + one(1, "empty", "", 2, 0, 0, ""); + one(1, "ascii", "x", -2, -2, -2, "x"); + one(1, "newline", "a\nb", -2, -2, -2, "a\nb"); + one(1, "cr", "a\rb", -2, -2, -2, "a\rb"); + one(1, "tab", "a\tb", -2, -2, -2, "a\tb"); + one(1, "esc", "\033x", -2, -2, -2, "\\033x"); + one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); + one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); + one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); + one(1, "width_ascii", "123", 2, 2, -1, "12"); + one(1, "width_double", "a\343\201\201", 2, 1, -1, "a"); + one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); + one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); + + TEST_START("C_setlocale"); + loc = setlocale(LC_CTYPE, "C"); + ASSERT_PTR_NE(loc, NULL); + TEST_DONE(); + + badarg(); + one(0, "empty", "", 2, 0, 0, ""); + one(0, "ascii", "x", -2, -2, -2, "x"); + one(0, "newline", "a\nb", -2, -2, -2, "a\nb"); + one(0, "cr", "a\rb", -2, -2, -2, "a\rb"); + one(0, "tab", "a\tb", -2, -2, -2, "a\tb"); + one(0, "esc", "\033x", -2, -2, -2, "\\033x"); + one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); + one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); + one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); + one(0, "width_ascii", "123", 2, 2, -1, "12"); + one(0, "width_double", "a\343\201\201", 2, 1, -1, "a"); + one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343"); + one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201"); } diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 2e1ed2c52727..3a1aedce72c2 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -73,19 +73,35 @@ # define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ +#if __BYTE_ORDER == __LITTLE_ENDIAN +# define ARG_LO_OFFSET 0 +# define ARG_HI_OFFSET sizeof(uint32_t) +#elif __BYTE_ORDER == __BIG_ENDIAN +# define ARG_LO_OFFSET sizeof(uint32_t) +# define ARG_HI_OFFSET 0 +#else +#error "Unknown endianness" +#endif + /* Simple helpers to avoid manual errors (but larger BPF programs). */ #define SC_DENY(_nr, _errno) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) #define SC_ALLOW(_nr) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ - /* load first syscall argument */ \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \ + /* load and test first syscall argument, low word */ \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ - offsetof(struct seccomp_data, args[(_arg_nr)])), \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_arg_val), 0, 1), \ + offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + ((_arg_val) & 0xFFFFFFFF), 0, 3), \ + /* load and test first syscall argument, high word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + (((uint32_t)((uint64_t)(_arg_val) >> 32)) & 0xFFFFFFFF), 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \ /* reload syscall number; all rules expect it in accumulator */ \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ @@ -104,108 +120,122 @@ static const struct sock_filter preauth_insns[] = { /* Syscalls to non-fatally deny */ #ifdef __NR_lstat - SC_DENY(lstat, EACCES), + SC_DENY(__NR_lstat, EACCES), #endif #ifdef __NR_lstat64 - SC_DENY(lstat64, EACCES), + SC_DENY(__NR_lstat64, EACCES), #endif #ifdef __NR_fstat - SC_DENY(fstat, EACCES), + SC_DENY(__NR_fstat, EACCES), #endif #ifdef __NR_fstat64 - SC_DENY(fstat64, EACCES), + SC_DENY(__NR_fstat64, EACCES), #endif #ifdef __NR_open - SC_DENY(open, EACCES), + SC_DENY(__NR_open, EACCES), #endif #ifdef __NR_openat - SC_DENY(openat, EACCES), + SC_DENY(__NR_openat, EACCES), #endif #ifdef __NR_newfstatat - SC_DENY(newfstatat, EACCES), + SC_DENY(__NR_newfstatat, EACCES), #endif #ifdef __NR_stat - SC_DENY(stat, EACCES), + SC_DENY(__NR_stat, EACCES), #endif #ifdef __NR_stat64 - SC_DENY(stat64, EACCES), + SC_DENY(__NR_stat64, EACCES), #endif /* Syscalls to permit */ #ifdef __NR_brk - SC_ALLOW(brk), + SC_ALLOW(__NR_brk), #endif #ifdef __NR_clock_gettime - SC_ALLOW(clock_gettime), + SC_ALLOW(__NR_clock_gettime), #endif #ifdef __NR_close - SC_ALLOW(close), + SC_ALLOW(__NR_close), #endif #ifdef __NR_exit - SC_ALLOW(exit), + SC_ALLOW(__NR_exit), #endif #ifdef __NR_exit_group - SC_ALLOW(exit_group), + SC_ALLOW(__NR_exit_group), #endif #ifdef __NR_getpgid - SC_ALLOW(getpgid), + SC_ALLOW(__NR_getpgid), #endif #ifdef __NR_getpid - SC_ALLOW(getpid), + SC_ALLOW(__NR_getpid), #endif #ifdef __NR_getrandom - SC_ALLOW(getrandom), + SC_ALLOW(__NR_getrandom), #endif #ifdef __NR_gettimeofday - SC_ALLOW(gettimeofday), + SC_ALLOW(__NR_gettimeofday), #endif #ifdef __NR_madvise - SC_ALLOW(madvise), + SC_ALLOW(__NR_madvise), #endif #ifdef __NR_mmap - SC_ALLOW(mmap), + SC_ALLOW(__NR_mmap), #endif #ifdef __NR_mmap2 - SC_ALLOW(mmap2), + SC_ALLOW(__NR_mmap2), #endif #ifdef __NR_mremap - SC_ALLOW(mremap), + SC_ALLOW(__NR_mremap), #endif #ifdef __NR_munmap - SC_ALLOW(munmap), + SC_ALLOW(__NR_munmap), #endif #ifdef __NR__newselect - SC_ALLOW(_newselect), + SC_ALLOW(__NR__newselect), #endif #ifdef __NR_poll - SC_ALLOW(poll), + SC_ALLOW(__NR_poll), #endif #ifdef __NR_pselect6 - SC_ALLOW(pselect6), + SC_ALLOW(__NR_pselect6), #endif #ifdef __NR_read - SC_ALLOW(read), + SC_ALLOW(__NR_read), #endif #ifdef __NR_rt_sigprocmask - SC_ALLOW(rt_sigprocmask), + SC_ALLOW(__NR_rt_sigprocmask), #endif #ifdef __NR_select - SC_ALLOW(select), + SC_ALLOW(__NR_select), #endif #ifdef __NR_shutdown - SC_ALLOW(shutdown), + SC_ALLOW(__NR_shutdown), #endif #ifdef __NR_sigprocmask - SC_ALLOW(sigprocmask), + SC_ALLOW(__NR_sigprocmask), #endif #ifdef __NR_time - SC_ALLOW(time), + SC_ALLOW(__NR_time), #endif #ifdef __NR_write - SC_ALLOW(write), + SC_ALLOW(__NR_write), #endif #ifdef __NR_socketcall - SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), + SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), +#endif +#if defined(__NR_ioctl) && defined(__s390__) + /* Allow ioctls for ICA crypto card on s390 */ + SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK), + SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), + SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), +#endif +#if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT) + /* + * On Linux x32, the clock_gettime VDSO falls back to the + * x86-64 syscall under some circumstances, e.g. + * https://bugs.debian.org/849923 + */ + SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); #endif /* Default deny */ diff --git a/servconf.c b/servconf.c index 795ddbab7b8d..56b831652f53 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -270,7 +270,7 @@ fill_default_server_options(ServerOptions *options) if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; if (options->gss_strict_acceptor == -1) - options->gss_strict_acceptor = 0; + options->gss_strict_acceptor = 1; if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) @@ -535,7 +535,7 @@ static struct { { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, - { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, + { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "permittty", sPermitTTY, SSHCFG_ALL }, @@ -966,6 +966,15 @@ process_server_config_line(ServerOptions *options, char *line, long long val64; const struct multistate *multistate_ptr; + /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ + if ((len = strlen(line)) == 0) + return 0; + for (len--; len > 0; len--) { + if (strchr(WHITESPACE "\f", line[len]) == NULL) + break; + line[len] = '\0'; + } + cp = line; if ((arg = strdelim(&cp)) == NULL) return 0; @@ -1168,7 +1177,8 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) + if (*arg != '-' && + !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && *charptr == NULL) @@ -1364,11 +1374,6 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->disable_forwarding; goto parse_flag; - case sUsePrivilegeSeparation: - intptr = &use_privsep; - multistate_ptr = multistate_privsep; - goto parse_multistate; - case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) @@ -1427,7 +1432,7 @@ process_server_config_line(ServerOptions *options, char *line, arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (options->ciphers == NULL) @@ -1438,7 +1443,7 @@ process_server_config_line(ServerOptions *options, char *line, arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!mac_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 mac spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (options->macs == NULL) @@ -1450,7 +1455,8 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !kex_names_valid(*arg == '+' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (options->kex_algorithms == NULL) @@ -2096,8 +2102,6 @@ fmt_intarg(ServerOpCodes code, int val) return fmt_multistate_int(val, multistate_gatewayports); case sCompression: return fmt_multistate_int(val, multistate_compression); - case sUsePrivilegeSeparation: - return fmt_multistate_int(val, multistate_privsep); case sAllowTcpForwarding: return fmt_multistate_int(val, multistate_tcpfwd); case sAllowStreamLocalForwarding: @@ -2148,8 +2152,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val) static void dump_cfg_string(ServerOpCodes code, const char *val) { - if (val == NULL) - return; printf("%s %s\n", lookup_opcode_name(code), val == NULL ? "none" : val); } @@ -2275,7 +2277,6 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); /* string arguments */ diff --git a/serverloop.c b/serverloop.c index c4e4699da68c..2976f55943b4 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.189 2016/12/14 00:36:34 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -430,7 +430,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt) } static Channel * -server_request_direct_tcpip(void) +server_request_direct_tcpip(int *reason, const char **errmsg) { Channel *c = NULL; char *target, *originator; @@ -449,11 +449,13 @@ server_request_direct_tcpip(void) if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag && !options.disable_forwarding) { c = channel_connect_to_port(target, target_port, - "direct-tcpip", "direct-tcpip"); + "direct-tcpip", "direct-tcpip", reason, errmsg); } else { logit("refused local port forward: " "originator %s port %d, target %s port %d", originator, originator_port, target, target_port); + if (reason != NULL) + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; } free(originator); @@ -468,6 +470,10 @@ server_request_direct_streamlocal(void) Channel *c = NULL; char *target, *originator; u_short originator_port; + struct passwd *pw = the_authctxt->pw; + + if (pw == NULL || !the_authctxt->valid) + fatal("server_input_global_request: no/invalid user"); target = packet_get_string(NULL); originator = packet_get_string(NULL); @@ -480,7 +486,7 @@ server_request_direct_streamlocal(void) /* XXX fine grained permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag && !options.disable_forwarding && - use_privsep) { + (pw->pw_uid == 0 || use_privsep)) { c = channel_connect_to_path(target, "direct-streamlocal@openssh.com", "direct-streamlocal"); } else { @@ -577,7 +583,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; char *ctype; - int rchan; + const char *errmsg = NULL; + int rchan, reason = SSH2_OPEN_CONNECT_FAILED; u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); @@ -591,7 +598,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) if (strcmp(ctype, "session") == 0) { c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { - c = server_request_direct_tcpip(); + c = server_request_direct_tcpip(&reason, &errmsg); } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { c = server_request_direct_streamlocal(); } else if (strcmp(ctype, "tun@openssh.com") == 0) { @@ -614,9 +621,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) debug("server_input_channel_open: failure %s", ctype); packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); - packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); + packet_put_int(reason); if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring("open failed"); + packet_put_cstring(errmsg ? errmsg : "open failed"); packet_put_cstring(""); } packet_send(); @@ -702,6 +709,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) int want_reply; int r, success = 0, allocated_listen_port = 0; struct sshbuf *resp = NULL; + struct passwd *pw = the_authctxt->pw; + + if (pw == NULL || !the_authctxt->valid) + fatal("server_input_global_request: no/invalid user"); rtype = packet_get_string(NULL); want_reply = packet_get_char(); @@ -709,12 +720,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { - struct passwd *pw; struct Forward fwd; - pw = the_authctxt->pw; - if (pw == NULL || !the_authctxt->valid) - fatal("server_input_global_request: no/invalid user"); memset(&fwd, 0, sizeof(fwd)); fwd.listen_host = packet_get_string(NULL); fwd.listen_port = (u_short)packet_get_int(); @@ -762,9 +769,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || options.disable_forwarding || - !use_privsep) { + (pw->pw_uid != 0 && !use_privsep)) { success = 0; - packet_send_debug("Server has disabled port forwarding."); + packet_send_debug("Server has disabled " + "streamlocal forwarding."); } else { /* Start listening on the socket */ success = channel_setup_remote_fwd_listener( diff --git a/sftp-client.c b/sftp-client.c index e65c15c8f728..a6e832270410 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.126 2017/01/03 05:46:51 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -67,6 +67,13 @@ extern int showprogress; /* Maximum depth to descend in directory trees */ #define MAX_DIR_DEPTH 64 +/* Directory separator characters */ +#ifdef HAVE_CYGWIN +# define SFTP_DIRECTORY_CHARS "/\\" +#else /* HAVE_CYGWIN */ +# define SFTP_DIRECTORY_CHARS "/" +#endif /* HAVE_CYGWIN */ + struct sftp_conn { int fd_in; int fd_out; @@ -587,6 +594,8 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, if ((r = sshbuf_get_u32(msg, &count)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (count > SSHBUF_SIZE_MAX) + fatal("%s: nonsensical number of entries", __func__); if (count == 0) break; debug3("Received %d SSH2_FXP_NAME responses", count); @@ -617,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, * These can be used to attack recursive ops * (e.g. send '../../../../etc/passwd') */ - if (strchr(filename, '/') != NULL) { + if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) { error("Server sent suspect path \"%s\" " "during readdir of \"%s\"", filename, path); } else if (dir) { @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */ +/* $OpenBSD: sftp.c,v 1.178 2017/02/15 01:46:47 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -969,23 +969,34 @@ static int do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) { struct sftp_statvfs st; - char s_used[FMT_SCALED_STRSIZE]; - char s_avail[FMT_SCALED_STRSIZE]; - char s_root[FMT_SCALED_STRSIZE]; - char s_total[FMT_SCALED_STRSIZE]; - unsigned long long ffree; + char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE]; + char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE]; + char s_icapacity[16], s_dcapacity[16]; if (do_statvfs(conn, path, &st, 1) == -1) return -1; + if (st.f_files == 0) + strlcpy(s_icapacity, "ERR", sizeof(s_icapacity)); + else { + snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%", + (unsigned long long)(100 * (st.f_files - st.f_ffree) / + st.f_files)); + } + if (st.f_blocks == 0) + strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity)); + else { + snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%", + (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / + st.f_blocks)); + } if (iflag) { - ffree = st.f_files ? (100 * (st.f_files - st.f_ffree) / st.f_files) : 0; printf(" Inodes Used Avail " "(root) %%Capacity\n"); - printf("%11llu %11llu %11llu %11llu %3llu%%\n", + printf("%11llu %11llu %11llu %11llu %s\n", (unsigned long long)st.f_files, (unsigned long long)(st.f_files - st.f_ffree), (unsigned long long)st.f_favail, - (unsigned long long)st.f_ffree, ffree); + (unsigned long long)st.f_ffree, s_icapacity); } else if (hflag) { strlcpy(s_used, "error", sizeof(s_used)); strlcpy(s_avail, "error", sizeof(s_avail)); @@ -996,21 +1007,18 @@ do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) fmt_scaled(st.f_bfree * st.f_frsize, s_root); fmt_scaled(st.f_blocks * st.f_frsize, s_total); printf(" Size Used Avail (root) %%Capacity\n"); - printf("%7sB %7sB %7sB %7sB %3llu%%\n", - s_total, s_used, s_avail, s_root, - (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / - st.f_blocks)); + printf("%7sB %7sB %7sB %7sB %s\n", + s_total, s_used, s_avail, s_root, s_dcapacity); } else { printf(" Size Used Avail " "(root) %%Capacity\n"); - printf("%12llu %12llu %12llu %12llu %3llu%%\n", + printf("%12llu %12llu %12llu %12llu %s\n", (unsigned long long)(st.f_frsize * st.f_blocks / 1024), (unsigned long long)(st.f_frsize * (st.f_blocks - st.f_bfree) / 1024), (unsigned long long)(st.f_frsize * st.f_bavail / 1024), (unsigned long long)(st.f_frsize * st.f_bfree / 1024), - (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / - st.f_blocks)); + s_dcapacity); } return 0; } diff --git a/ssh-agent.c b/ssh-agent.c index 395213553043..b987562b9aa1 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -89,7 +89,7 @@ #endif #ifndef DEFAULT_PKCS11_WHITELIST -# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" +# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" #endif typedef enum { @@ -821,7 +821,7 @@ send: static void process_remove_smartcard_key(SocketEntry *e) { - char *provider = NULL, *pin = NULL; + char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; int r, version, success = 0; Identity *id, *nxt; Idtab *tab; @@ -831,6 +831,13 @@ process_remove_smartcard_key(SocketEntry *e) fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(pin); + if (realpath(provider, canonical_provider) == NULL) { + verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", + provider, strerror(errno)); + goto send; + } + + debug("%s: remove %.100s", __func__, canonical_provider); for (version = 1; version < 3; version++) { tab = idtab_lookup(version); for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { @@ -838,18 +845,19 @@ process_remove_smartcard_key(SocketEntry *e) /* Skip file--based keys */ if (id->provider == NULL) continue; - if (!strcmp(provider, id->provider)) { + if (!strcmp(canonical_provider, id->provider)) { TAILQ_REMOVE(&tab->idlist, id, next); free_identity(id); tab->nentries--; } } } - if (pkcs11_del_provider(provider) == 0) + if (pkcs11_del_provider(canonical_provider) == 0) success = 1; else error("process_remove_smartcard_key:" " pkcs11_del_provider failed"); +send: free(provider); send_status(e, success); } diff --git a/ssh-keygen.c b/ssh-keygen.c index 2a7939bfc6c0..f17af036bbfa 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -37,6 +37,7 @@ #include <string.h> #include <unistd.h> #include <limits.h> +#include <locale.h> #include "xmalloc.h" #include "sshkey.h" @@ -57,6 +58,7 @@ #include "atomicio.h" #include "krl.h" #include "digest.h" +#include "utf8.h" #ifdef WITH_OPENSSL # define DEFAULT_KEY_TYPE_NAME "rsa" @@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) fatal("%s: sshkey_fingerprint failed", __func__); - printf("%u %s %s (%s)\n", sshkey_size(public), fp, + mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); @@ -1082,6 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; char *hashed, *cp, *hosts, *ohosts; int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); + int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM; switch (l->status) { case HKF_STATUS_OK: @@ -1090,11 +1093,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) * Don't hash hosts already already hashed, with wildcard * characters or a CA/revocation marker. */ - if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || - has_wild || l->marker != MRK_NONE) { + if (was_hashed || has_wild || l->marker != MRK_NONE) { fprintf(ctx->out, "%s\n", l->line); if (has_wild && !find_host) { - logit("%s:%ld: ignoring host name " + logit("%s:%lu: ignoring host name " "with wildcard: %.64s", l->path, l->linenum, l->hosts); } @@ -1106,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) */ ohosts = hosts = xstrdup(l->hosts); while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { + lowercase(cp); if ((hashed = host_hash(cp, NULL, 0)) == NULL) fatal("hash_host failed"); fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); @@ -1116,7 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) case HKF_STATUS_INVALID: /* Retain invalid lines, but mark file as invalid. */ ctx->invalid = 1; - logit("%s:%ld: invalid line", l->path, l->linenum); + logit("%s:%lu: invalid line", l->path, l->linenum); /* FALLTHROUGH */ default: fprintf(ctx->out, "%s\n", l->line); @@ -1150,14 +1153,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) */ ctx->found_key = 1; if (!quiet) - printf("# Host %s found: line %ld\n", + printf("# Host %s found: line %lu\n", ctx->host, l->linenum); } return 0; } else if (find_host) { ctx->found_key = 1; if (!quiet) { - printf("# Host %s found: line %ld %s\n", + printf("# Host %s found: line %lu %s\n", ctx->host, l->linenum, l->marker == MRK_CA ? "CA" : (l->marker == MRK_REVOKE ? "REVOKED" : "")); @@ -1166,7 +1169,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) known_hosts_hash(l, ctx); else if (print_fingerprint) { fp = sshkey_fingerprint(l->key, fptype, rep); - printf("%s %s %s %s\n", ctx->host, + mprintf("%s %s %s %s\n", ctx->host, sshkey_type(l->key), fp, l->comment); free(fp); } else @@ -1177,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) /* Retain non-matching hosts when deleting */ if (l->status == HKF_STATUS_INVALID) { ctx->invalid = 1; - logit("%s:%ld: invalid line", l->path, l->linenum); + logit("%s:%lu: invalid line", l->path, l->linenum); } fprintf(ctx->out, "%s\n", l->line); } @@ -1317,7 +1320,7 @@ do_change_passphrase(struct passwd *pw) fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); } if (comment) - printf("Key has comment '%s'\n", comment); + mprintf("Key has comment '%s'\n", comment); /* Ask the new passphrase (twice). */ if (identity_new_passphrase) { @@ -1441,7 +1444,10 @@ do_change_comment(struct passwd *pw) sshkey_free(private); exit(1); } - printf("Key now has comment '%s'\n", comment); + if (comment) + printf("Key now has comment '%s'\n", comment); + else + printf("Key now has no comment\n"); if (identity_comment) { strlcpy(new_comment, identity_comment, sizeof(new_comment)); @@ -2203,11 +2209,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv) exit(ret); } +#ifdef WITH_SSH1 +# define RSA1_USAGE " | rsa1" +#else +# define RSA1_USAGE "" +#endif + static void usage(void) { fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" @@ -2215,7 +2227,7 @@ usage(void) " ssh-keygen -y [-f input_keyfile]\n" " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" - " ssh-keygen -B [-f input_keyfile]\n"); + " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); #ifdef ENABLE_PKCS11 fprintf(stderr, " ssh-keygen -D pkcs11\n"); @@ -2280,6 +2292,8 @@ main(int argc, char **argv) seed_rng(); + msetlocale(); + /* we need this for the home * directory. */ pw = getpwuid(getuid()); if (!pw) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c30d54e628f5..1f95239a37c6 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -321,16 +321,18 @@ keygrab_ssh2(con *c) } static void -keyprint_one(char *host, struct sshkey *key) +keyprint_one(const char *host, struct sshkey *key) { char *hostport; - - if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) - fatal("host_hash failed"); + const char *known_host, *hashed; hostport = put_host_port(host, ssh_port); + lowercase(hostport); + if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) + fatal("host_hash failed"); + known_host = hash_hosts ? hashed : hostport; if (!get_cert) - fprintf(stdout, "%s ", hostport); + fprintf(stdout, "%s ", known_host); sshkey_write(key, stdout); fputs("\n", stdout); free(hostport); @@ -752,10 +754,13 @@ main(int argc, char **argv) tname = strtok(optarg, ","); while (tname) { int type = sshkey_type_from_name(tname); + switch (type) { +#ifdef WITH_SSH1 case KEY_RSA1: get_keytypes |= KT_RSA1; break; +#endif case KEY_DSA: get_keytypes |= KT_DSA; break; @@ -769,7 +774,8 @@ main(int argc, char **argv) get_keytypes |= KT_ED25519; break; case KEY_UNSPEC: - fatal("unknown key type %s", tname); + default: + fatal("Unknown key type \"%s\"", tname); } tname = strtok(NULL, ","); } @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -684,11 +684,11 @@ main(int ac, char **av) else if (strcmp(optarg, "kex") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) - cp = sshkey_alg_list(0, 0, '\n'); + cp = sshkey_alg_list(0, 0, 0, '\n'); else if (strcmp(optarg, "key-cert") == 0) - cp = sshkey_alg_list(1, 0, '\n'); + cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) - cp = sshkey_alg_list(0, 1, '\n'); + cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 cp = xstrdup("1\n2"); @@ -1103,7 +1103,7 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s", + "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, diff --git a/ssh_config.0 b/ssh_config.0 index 4ca9a5ff81f8..ade8e6562013 100644 --- a/ssh_config.0 +++ b/ssh_config.0 @@ -201,7 +201,9 @@ DESCRIPTION preference. Multiple ciphers must be comma-separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be appended to the default set instead of replacing - them. + them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then + the specified ciphers (including wildcards) will be removed from + the default set instead of replacing them. The supported ciphers are: @@ -448,7 +450,10 @@ DESCRIPTION authentication as a comma-separated pattern list. Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be appended to the default set instead - of replacing them. The default for this option is: + of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified key types (including wildcards) + will be removed from the default set instead of replacing them. + The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, @@ -464,8 +469,10 @@ DESCRIPTION Specifies the host key algorithms that the client wants to use in order of preference. Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be - appended to the default set instead of replacing them. The - default for this option is: + appended to the default set instead of replacing them. If the + specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified + key types (including wildcards) will be removed from the default + set instead of replacing them. The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, @@ -591,7 +598,9 @@ DESCRIPTION algorithms must be comma-separated. Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will be appended to the default set instead of replacing them. - The default is: + If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the + specified methods (including wildcards) will be removed from the + default set instead of replacing them. The default is: curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, @@ -644,7 +653,10 @@ DESCRIPTION integrity protection. Multiple algorithms must be comma- separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to the default set - instead of replacing them. + instead of replacing them. If the specified value begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including + wildcards) will be removed from the default set instead of + replacing them. The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac). These are considered safer and @@ -667,7 +679,7 @@ DESCRIPTION machine on each of the machines and the user will get many warnings about changed host keys. However, this option disables host authentication for localhost. The argument to this keyword - must be yes or no. (the default). + must be yes or no (the default). NumberOfPasswordPrompts Specifies the number of password prompts before giving up. The @@ -753,7 +765,10 @@ DESCRIPTION authentication as a comma-separated pattern list. Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key types after it will be appended to the default instead of - replacing it. The default for this option is: + replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified key types (including wildcards) + will be removed from the default set instead of replacing them. + The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, @@ -1074,4 +1089,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.0 October 15, 2016 OpenBSD 6.0 +OpenBSD 6.0 February 27, 2017 OpenBSD 6.0 diff --git a/ssh_config.5 b/ssh_config.5 index 591365f34cb0..532745b2ff48 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.240 2016/10/15 19:56:25 jmc Exp $ -.Dd $Mdocdate: October 15 2016 $ +.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $ +.Dd $Mdocdate: February 27 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -415,6 +415,10 @@ If the specified value begins with a .Sq + character, then the specified ciphers will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified ciphers (including wildcards) will be removed +from the default set instead of replacing them. .Pp The supported ciphers are: .Bd -literal -offset indent @@ -784,6 +788,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -807,6 +815,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -1027,6 +1039,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified methods will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified methods (including wildcards) will be removed +from the default set instead of replacing them. The default is: .Bd -literal -offset indent curve25519-sha256,curve25519-sha256@libssh.org, @@ -1102,6 +1118,10 @@ If the specified value begins with a .Sq + character, then the specified algorithms will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. .Pp The algorithms that contain .Qq -etm @@ -1127,7 +1147,7 @@ However, this option disables host authentication for localhost. The argument to this keyword must be .Cm yes or -.Cm no . +.Cm no (the default). .It Cm NumberOfPasswordPrompts Specifies the number of password prompts before giving up. @@ -1264,6 +1284,10 @@ Alternately if the specified value begins with a .Sq + character, then the key types after it will be appended to the default instead of replacing it. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, diff --git a/sshconnect.c b/sshconnect.c index 96b91ce1ab4b..948b638ad114 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1532,6 +1532,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, if (options.add_keys_to_agent == 2 && !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { debug3("user denied adding this key"); + close(auth_sock); return; } @@ -1540,4 +1541,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, debug("identity added to agent: %s", authfile); else debug("could not add identity to agent: %s (%d)", authfile, r); + close(auth_sock); } diff --git a/sshconnect1.c b/sshconnect1.c index a0453618402b..dc00b4cd04d7 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.80 2017/03/10 03:53:11 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) cookie[i] = packet_get_char(); /* Get the public key. */ - server_key = key_new(KEY_RSA1); + if ((server_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(server_key->rsa->e); packet_get_bignum(server_key->rsa->n); @@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) logit("Warning: This may be due to an old implementation of ssh."); } /* Get the host key. */ - host_key = key_new(KEY_RSA1); + if ((host_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(host_key->rsa->e); packet_get_bignum(host_key->rsa->n); diff --git a/sshconnect2.c b/sshconnect2.c index 103a2b36a7cf..f8a54beea949 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -193,8 +193,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) } if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, - (time_t)options.rekey_interval); + packet_set_rekey_limits(options.rekey_limit, + options.rekey_interval); /* start key exchange */ if ((r = kex_setup(active_state, myproposal)) != 0) @@ -934,14 +934,14 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) Authctxt *authctxt = ctxt; char *info, *lang, *password = NULL, *retype = NULL; char prompt[150]; - const char *host = options.host_key_alias ? options.host_key_alias : - authctxt->host; + const char *host; debug2("input_userauth_passwd_changereq"); if (authctxt == NULL) fatal("input_userauth_passwd_changereq: " "no authentication context"); + host = options.host_key_alias ? options.host_key_alias : authctxt->host; info = packet_get_string(NULL); lang = packet_get_string(NULL); @@ -996,11 +996,11 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) } static const char * -identity_sign_encode(struct identity *id) +key_sign_encode(const struct sshkey *key) { struct ssh *ssh = active_state; - if (id->key->type == KEY_RSA) { + if (key->type == KEY_RSA) { switch (ssh->kex->rsa_sha2) { case 256: return "rsa-sha2-256"; @@ -1008,7 +1008,7 @@ identity_sign_encode(struct identity *id) return "rsa-sha2-512"; } } - return key_ssh_name(id->key); + return key_ssh_name(key); } static int @@ -1017,31 +1017,50 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, { Key *prv; int ret; - const char *alg; - - alg = identity_sign_encode(id); /* the agent supports this key */ - if (id->agent_fd != -1) + if (id->key != NULL && id->agent_fd != -1) return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, - data, datalen, alg, compat); + data, datalen, key_sign_encode(id->key), compat); /* * we have already loaded the private key or * the private key is stored in external hardware */ - if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) - return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg, - compat)); + if (id->key != NULL && + (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) + return (sshkey_sign(id->key, sigp, lenp, data, datalen, + key_sign_encode(id->key), compat)); + /* load the private key from the file */ if ((prv = load_identity_file(id)) == NULL) return SSH_ERR_KEY_NOT_FOUND; - ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); + ret = sshkey_sign(prv, sigp, lenp, data, datalen, + key_sign_encode(prv), compat); sshkey_free(prv); return (ret); } static int +id_filename_matches(Identity *id, Identity *private_id) +{ + const char *suffixes[] = { ".pub", "-cert.pub", NULL }; + size_t len = strlen(id->filename), plen = strlen(private_id->filename); + size_t i, slen; + + if (strcmp(id->filename, private_id->filename) == 0) + return 1; + for (i = 0; suffixes[i]; i++) { + slen = strlen(suffixes[i]); + if (len > slen && plen == len - slen && + strcmp(id->filename + (len - slen), suffixes[i]) == 0 && + memcmp(id->filename, private_id->filename, plen) == 0) + return 1; + } + return 0; +} + +static int sign_and_send_pubkey(Authctxt *authctxt, Identity *id) { Buffer b; @@ -1083,7 +1102,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } else { buffer_put_cstring(&b, authctxt->method->name); buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, identity_sign_encode(id)); + buffer_put_cstring(&b, key_sign_encode(id->key)); } buffer_put_string(&b, blob, bloblen); @@ -1103,6 +1122,24 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) break; } } + /* + * Exact key matches are preferred, but also allow + * filename matches for non-PKCS#11/agent keys that + * didn't load public keys. This supports the case + * of keeping just a private key file and public + * certificate on disk. + */ + if (!matched && !id->isprivate && id->agent_fd == -1 && + (id->key->flags & SSHKEY_FLAG_EXT) == 0) { + TAILQ_FOREACH(private_id, &authctxt->keys, next) { + if (private_id->key == NULL && + id_filename_matches(id, private_id)) { + id = private_id; + matched = 1; + break; + } + } + } if (matched) { debug2("%s: using private key \"%s\"%s for " "certificate", __func__, id->filename, @@ -1181,7 +1218,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) packet_put_cstring(authctxt->method->name); packet_put_char(have_sig); if (!(datafellows & SSH_BUG_PKAUTH)) - packet_put_cstring(identity_sign_encode(id)); + packet_put_cstring(key_sign_encode(id->key)); packet_put_string(blob, bloblen); free(blob); packet_send(); @@ -1632,7 +1669,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); /* send # of sock, data to be signed */ - if ((r = sshbuf_put_u32(b, sock) != 0) || + if ((r = sshbuf_put_u32(b, sock)) != 0 || (r = sshbuf_put_string(b, data, datalen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (ssh_msg_send(to[1], version, b) == -1) @@ -398,8 +398,8 @@ SSH_KNOWN_HOSTS FILE FORMAT The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is maintained - automatically: whenever the user connects from an unknown host, its key - is added to the per-user file. + automatically: whenever the user connects to an unknown host, its key is + added to the per-user file. Each line in these files contains the following fields: markers (optional), hostnames, keytype, base64-encoded key, comment. The fields @@ -623,4 +623,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 6.0 November 30, 2016 OpenBSD 6.0 +OpenBSD 6.0 January 30, 2017 OpenBSD 6.0 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ -.Dd $Mdocdate: November 30 2016 $ +.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $ +.Dd $Mdocdate: January 30 2017 $ .Dt SSHD 8 .Os .Sh NAME @@ -631,7 +631,7 @@ and files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is -maintained automatically: whenever the user connects from an unknown host, +maintained automatically: whenever the user connects to an unknown host, its key is added to the per-user file. .Pp Each line in these files contains the following fields: markers (optional), @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.480 2016/12/09 03:04:29 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.485 2017/03/15 03:52:30 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -362,14 +362,14 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) { u_int i; int remote_major, remote_minor; - char *s, *newline = "\n"; + char *s; char buf[256]; /* Must not be larger than remote_version. */ char remote_version[256]; /* Must be at least as big as buf. */ - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); + options.version_addendum); /* Send our protocol version identification. */ if (atomicio(vwrite, sock_out, server_version_string, @@ -1046,6 +1046,11 @@ server_listen(void) close(listen_sock); continue; } + if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) { + verbose("socket: CLOEXEC: %s", strerror(errno)); + close(listen_sock); + continue; + } /* * Set socket options. * Allow local port reuse in TIME_WAIT. @@ -1670,6 +1675,15 @@ main(int ac, char **av) continue; key = key_load_private(options.host_key_files[i], "", NULL); pubkey = key_load_public(options.host_key_files[i], NULL); + + if ((pubkey != NULL && pubkey->type == KEY_RSA1) || + (key != NULL && key->type == KEY_RSA1)) { + verbose("Ignoring RSA1 key %s", + options.host_key_files[i]); + key_free(key); + key_free(pubkey); + continue; + } if (pubkey == NULL && key != NULL) pubkey = key_demote(key); sensitive_data.host_keys[i] = key; @@ -2154,7 +2168,7 @@ do_ssh2_kex(void) if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits(options.rekey_limit, - (time_t)options.rekey_interval); + options.rekey_interval); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); diff --git a/sshd_config b/sshd_config index 9f09e4a6e7df..4eb2e02e0448 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ +# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -93,7 +93,6 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 diff --git a/sshd_config.0 b/sshd_config.0 index 022c05226c7e..b0160aa87fb9 100644 --- a/sshd_config.0 +++ b/sshd_config.0 @@ -238,7 +238,9 @@ DESCRIPTION Specifies the ciphers allowed. Multiple ciphers must be comma- separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be appended to the default set - instead of replacing them. + instead of replacing them. If the specified value begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) + will be removed from the default set instead of replacing them. The supported ciphers are: @@ -378,7 +380,10 @@ DESCRIPTION authentication as a comma-separated pattern list. Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be appended to the default set instead - of replacing them. The default for this option is: + of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified key types (including wildcards) + will be removed from the default set instead of replacing them. + The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, @@ -503,7 +508,10 @@ DESCRIPTION algorithms must be comma-separated. Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will be appended to the default set instead of replacing them. - The supported algorithms are: + If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the + specified methods (including wildcards) will be removed from the + default set instead of replacing them. The supported algorithms + are: curve25519-sha256 curve25519-sha256@libssh.org @@ -555,7 +563,9 @@ DESCRIPTION protection. Multiple algorithms must be comma-separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to the default set instead of - replacing them. + replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. The algorithms that contain "-etm" calculate the MAC after encryption (encrypt-then-mac). These are considered safer and @@ -751,7 +761,10 @@ DESCRIPTION authentication as a comma-separated pattern list. Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be appended to the default set instead - of replacing them. The default for this option is: + of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified key types (including wildcards) + will be removed from the default set instead of replacing them. + The default for this option is: ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, @@ -891,18 +904,6 @@ DESCRIPTION If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user. The default is no. - UsePrivilegeSeparation - Specifies whether sshd(8) separates privileges by creating an - unprivileged child process to deal with incoming network traffic. - After successful authentication, another process will be created - that has the privilege of the authenticated user. The goal of - privilege separation is to prevent privilege escalation by - containing any corruption within the unprivileged processes. The - argument must be yes, no, or sandbox. If UsePrivilegeSeparation - is set to sandbox then the pre-authentication unprivileged - process is subject to additional restrictions. The default is - sandbox. - VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default @@ -988,12 +989,12 @@ TOKENS %t The key or certificate type. %u The username. - AuthorizedKeysCommand accepts the tokens %%, %f, %h, %t, and %u. + AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, and %u. AuthorizedKeysFile accepts the tokens %%, %h, and %u. - AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %K, %k, %h, - %i, %s, %T, %t, and %u. + AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, + %k, %s, %T, %t, and %u. AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. @@ -1016,4 +1017,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 6.0 November 30, 2016 OpenBSD 6.0 +OpenBSD 6.0 March 14, 2017 OpenBSD 6.0 diff --git a/sshd_config.5 b/sshd_config.5 index 32b29d240760..ac6ccc793fbe 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.239 2016/11/30 03:00:05 djm Exp $ -.Dd $Mdocdate: November 30 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $ +.Dd $Mdocdate: March 14 2017 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -437,6 +437,10 @@ If the specified value begins with a .Sq + character, then the specified ciphers will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified ciphers (including wildcards) will be removed +from the default set instead of replacing them. .Pp The supported ciphers are: .Pp @@ -649,6 +653,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -843,6 +851,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified methods will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified methods (including wildcards) will be removed +from the default set instead of replacing them. The supported algorithms are: .Pp .Bl -item -compact -offset indent @@ -933,6 +945,10 @@ If the specified value begins with a .Sq + character, then the specified algorithms will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. .Pp The algorithms that contain .Qq -etm @@ -1280,6 +1296,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -1474,28 +1494,6 @@ is enabled, you will not be able to run as a non-root user. The default is .Cm no . -.It Cm UsePrivilegeSeparation -Specifies whether -.Xr sshd 8 -separates privileges by creating an unprivileged child process -to deal with incoming network traffic. -After successful authentication, another process will be created that has -the privilege of the authenticated user. -The goal of privilege separation is to prevent privilege -escalation by containing any corruption within the unprivileged processes. -The argument must be -.Cm yes , -.Cm no , -or -.Cm sandbox . -If -.Cm UsePrivilegeSeparation -is set to -.Cm sandbox -then the pre-authentication unprivileged process is subject to additional -restrictions. -The default is -.Cm sandbox . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. @@ -1644,13 +1642,13 @@ The username. .El .Pp .Cm AuthorizedKeysCommand -accepts the tokens %%, %f, %h, %t, and %u. +accepts the tokens %%, %f, %h, %k, %t, and %u. .Pp .Cm AuthorizedKeysFile accepts the tokens %%, %h, and %u. .Pp .Cm AuthorizedPrincipalsCommand -accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u. +accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u. .Pp .Cm AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -89,7 +89,9 @@ static const struct keytype keytypes[] = { { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1, 0 }, #ifdef WITH_OPENSSL +# ifdef WITH_SSH1 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, +# endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, @@ -195,14 +197,16 @@ sshkey_ecdsa_nid_from_name(const char *name) } char * -sshkey_alg_list(int certs_only, int plain_only, char sep) +sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || kt->sigonly) + if (kt->name == NULL) + continue; + if (!include_sigonly && kt->sigonly) continue; if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; @@ -1237,6 +1241,9 @@ sshkey_read(struct sshkey *ret, char **cpp) u_long bits; #endif /* WITH_SSH1 */ + if (ret == NULL) + return SSH_ERR_INVALID_ARGUMENT; + cp = *cpp; switch (ret->type) { @@ -3786,7 +3793,46 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase)) == NULL) { - r = SSH_ERR_KEY_WRONG_PASSPHRASE; + unsigned long pem_err = ERR_peek_last_error(); + int pem_reason = ERR_GET_REASON(pem_err); + + /* + * Translate OpenSSL error codes to determine whether + * passphrase is required/incorrect. + */ + switch (ERR_GET_LIB(pem_err)) { + case ERR_LIB_PEM: + switch (pem_reason) { + case PEM_R_BAD_PASSWORD_READ: + case PEM_R_PROBLEMS_GETTING_PASSWORD: + case PEM_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + default: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + case ERR_LIB_EVP: + switch (pem_reason) { + case EVP_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: +#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR + case EVP_R_PRIVATE_KEY_DECODE_ERROR: +#endif + r = SSH_ERR_INVALID_FORMAT; + goto out; + default: + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + case ERR_LIB_ASN1: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } if (pk->type == EVP_PKEY_RSA && @@ -3860,6 +3906,8 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp) { + int r = SSH_ERR_INTERNAL_ERROR; + if (keyp != NULL) *keyp = NULL; if (commentp != NULL) @@ -3882,9 +3930,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, return sshkey_parse_private2(blob, type, passphrase, keyp, commentp); case KEY_UNSPEC: - if (sshkey_parse_private2(blob, type, passphrase, keyp, - commentp) == 0) - return 0; + r = sshkey_parse_private2(blob, type, passphrase, keyp, + commentp); + /* Do not fallback to PEM parser if only passphrase is wrong. */ + if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE) + return r; #ifdef WITH_OPENSSL return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp); @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *); const char *sshkey_ssh_name(const struct sshkey *); const char *sshkey_ssh_name_plain(const struct sshkey *); int sshkey_names_valid2(const char *, int); -char *sshkey_alg_list(int, int, char); +char *sshkey_alg_list(int, int, int, char); int sshkey_from_blob(const u_char *, size_t, struct sshkey **); int sshkey_fromb(struct sshbuf *, struct sshkey **); @@ -1,4 +1,4 @@ -/* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */ +/* $OpenBSD: utf8.c,v 1.5 2017/02/19 00:10:57 djm Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> * @@ -60,7 +60,8 @@ dangerous_locale(void) { char *loc; loc = nl_langinfo(CODESET); - return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8"); + return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 && + strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0; } static int @@ -116,6 +117,7 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap) sz = strlen(src) + 1; if ((dst = malloc(sz)) == NULL) { free(src); + ret = -1; goto fail; } diff --git a/version.h b/version.h index 269ebcdaffa0..c86e2097c715 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.78 2016/12/19 04:55:51 djm Exp $ */ +/* $OpenBSD: version.h,v 1.79 2017/03/20 01:18:59 djm Exp $ */ -#define SSH_VERSION "OpenSSH_7.4" +#define SSH_VERSION "OpenSSH_7.5" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE |