diff --git a/.gitignore b/.gitignore index a37509f..1be2547 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ openssh-5.5p1-noacss.tar.bz2 pam_ssh_agent_auth-0.9.2.tar.bz2 /openssh-5.6p1-noacss.tar.bz2 /pam_ssh_agent_auth-0.9.2.tar.bz2 +/openssh-5.8p1-noacss.tar.bz2 diff --git a/openssh-4.3p1-fromto-remote.patch b/openssh-4.3p1-fromto-remote.patch deleted file mode 100644 index ccb3d6e..0000000 --- a/openssh-4.3p1-fromto-remote.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- openssh-4.3p2/scp.c.fromto-remote 2006-01-31 12:11:38.000000000 +0100 -+++ openssh-4.3p2/scp.c 2006-04-14 10:09:56.000000000 +0200 -@@ -446,7 +446,11 @@ - addargs(&alist, "-v"); - addargs(&alist, "-x"); - addargs(&alist, "-oClearAllForwardings yes"); -- addargs(&alist, "-n"); -+ if (isatty(fileno(stdin))) { -+ addargs(&alist, "-t"); -+ } else { -+ addargs(&alist, "-n"); -+ } - - *src++ = 0; - if (*src == 0) diff --git a/openssh-4.3p2-gssapi-canohost.patch b/openssh-4.3p2-gssapi-canohost.patch deleted file mode 100644 index 2ad07d5..0000000 --- a/openssh-4.3p2-gssapi-canohost.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -up openssh-5.3p1/sshconnect2.c.canohost openssh-5.3p1/sshconnect2.c ---- openssh-5.3p1/sshconnect2.c.canohost 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.3p1/sshconnect2.c 2009-11-02 11:55:00.000000000 +0100 -@@ -542,6 +542,12 @@ userauth_gssapi(Authctxt *authctxt) - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ char* remotehost = NULL; -+ const char* canonicalhost = get_canonical_hostname(1); -+ if ( strcmp( canonicalhost, "UNKNOWN" ) == 0 ) -+ remotehost = authctxt->host; -+ else -+ remotehost = canonicalhost; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -554,7 +560,7 @@ userauth_gssapi(Authctxt *authctxt) - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], remotehost)) { - ok = 1; /* Mechanism works */ - } else { - mech++; diff --git a/openssh-5.4p1-selinux.patch b/openssh-5.4p1-selinux.patch deleted file mode 100644 index 465811f..0000000 --- a/openssh-5.4p1-selinux.patch +++ /dev/null @@ -1,395 +0,0 @@ -diff -up openssh-5.4p1/auth1.c.selinux openssh-5.4p1/auth1.c ---- openssh-5.4p1/auth1.c.selinux 2010-03-01 15:19:56.000000000 +0100 -+++ openssh-5.4p1/auth1.c 2010-03-01 15:19:57.000000000 +0100 -@@ -384,6 +384,9 @@ do_authentication(Authctxt *authctxt) - { - u_int ulen; - char *user, *style = NULL; -+#ifdef WITH_SELINUX -+ char *role=NULL; -+#endif - - /* Get the name of the user that we wish to log in as. */ - packet_read_expect(SSH_CMSG_USER); -@@ -392,11 +395,25 @@ do_authentication(Authctxt *authctxt) - user = packet_get_string(&ulen); - packet_check_eom(); - -+#ifdef WITH_SELINUX -+ if ((role = strchr(user, '/')) != NULL) -+ *role++ = '\0'; -+#endif -+ - if ((style = strchr(user, ':')) != NULL) - *style++ = '\0'; -+#ifdef WITH_SELINUX -+ else -+ if (role && (style = strchr(role, ':')) != NULL) -+ *style++ = '\0'; -+#endif -+ - - authctxt->user = user; - authctxt->style = style; -+#ifdef WITH_SELINUX -+ authctxt->role = role; -+#endif - - /* Verify that the user is a valid user. */ - if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) -diff -up openssh-5.4p1/auth2.c.selinux openssh-5.4p1/auth2.c ---- openssh-5.4p1/auth2.c.selinux 2009-06-22 08:11:07.000000000 +0200 -+++ openssh-5.4p1/auth2.c 2010-03-01 15:19:57.000000000 +0100 -@@ -216,6 +216,9 @@ input_userauth_request(int type, u_int32 - Authctxt *authctxt = ctxt; - Authmethod *m = NULL; - char *user, *service, *method, *style = NULL; -+#ifdef WITH_SELINUX -+ char *role = NULL; -+#endif - int authenticated = 0; - - if (authctxt == NULL) -@@ -227,6 +230,11 @@ input_userauth_request(int type, u_int32 - debug("userauth-request for user %s service %s method %s", user, service, method); - debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); - -+#ifdef WITH_SELINUX -+ if ((role = strchr(user, '/')) != NULL) -+ *role++ = 0; -+#endif -+ - if ((style = strchr(user, ':')) != NULL) - *style++ = 0; - -@@ -252,8 +260,15 @@ input_userauth_request(int type, u_int32 - use_privsep ? " [net]" : ""); - authctxt->service = xstrdup(service); - authctxt->style = style ? xstrdup(style) : NULL; -- if (use_privsep) -+#ifdef WITH_SELINUX -+ authctxt->role = role ? xstrdup(role) : NULL; -+#endif -+ if (use_privsep) { - mm_inform_authserv(service, style); -+#ifdef WITH_SELINUX -+ mm_inform_authrole(role); -+#endif -+ } - userauth_banner(); - } else if (strcmp(user, authctxt->user) != 0 || - strcmp(service, authctxt->service) != 0) { -diff -up openssh-5.4p1/auth2-gss.c.selinux openssh-5.4p1/auth2-gss.c ---- openssh-5.4p1/auth2-gss.c.selinux 2007-12-02 12:59:45.000000000 +0100 -+++ openssh-5.4p1/auth2-gss.c 2010-03-01 15:19:57.000000000 +0100 -@@ -258,6 +258,7 @@ input_gssapi_mic(int type, u_int32_t ple - Authctxt *authctxt = ctxt; - Gssctxt *gssctxt; - int authenticated = 0; -+ char *micuser; - Buffer b; - gss_buffer_desc mic, gssbuf; - u_int len; -@@ -270,7 +271,13 @@ input_gssapi_mic(int type, u_int32_t ple - mic.value = packet_get_string(&len); - mic.length = len; - -- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, -+#ifdef WITH_SELINUX -+ if (authctxt->role && (strlen(authctxt->role) > 0)) -+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role); -+ else -+#endif -+ micuser = authctxt->user; -+ ssh_gssapi_buildmic(&b, micuser, authctxt->service, - "gssapi-with-mic"); - - gssbuf.value = buffer_ptr(&b); -@@ -282,6 +289,8 @@ input_gssapi_mic(int type, u_int32_t ple - logit("GSSAPI MIC check failed"); - - buffer_free(&b); -+ if (micuser != authctxt->user) -+ xfree(micuser); - xfree(mic.value); - - authctxt->postponed = 0; -diff -up openssh-5.4p1/auth2-hostbased.c.selinux openssh-5.4p1/auth2-hostbased.c ---- openssh-5.4p1/auth2-hostbased.c.selinux 2008-07-17 10:57:19.000000000 +0200 -+++ openssh-5.4p1/auth2-hostbased.c 2010-03-01 15:19:57.000000000 +0100 -@@ -106,7 +106,15 @@ userauth_hostbased(Authctxt *authctxt) - buffer_put_string(&b, session_id2, session_id2_len); - /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); -- buffer_put_cstring(&b, authctxt->user); -+#ifdef WITH_SELINUX -+ if (authctxt->role) { -+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1); -+ buffer_append(&b, authctxt->user, strlen(authctxt->user)); -+ buffer_put_char(&b, '/'); -+ buffer_append(&b, authctxt->role, strlen(authctxt->role)); -+ } else -+#endif -+ buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, service); - buffer_put_cstring(&b, "hostbased"); - buffer_put_string(&b, pkalg, alen); -diff -up openssh-5.4p1/auth2-pubkey.c.selinux openssh-5.4p1/auth2-pubkey.c ---- openssh-5.4p1/auth2-pubkey.c.selinux 2010-02-26 21:55:05.000000000 +0100 -+++ openssh-5.4p1/auth2-pubkey.c 2010-03-01 15:19:57.000000000 +0100 -@@ -119,7 +119,15 @@ userauth_pubkey(Authctxt *authctxt) - } - /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); -- buffer_put_cstring(&b, authctxt->user); -+#ifdef WITH_SELINUX -+ if (authctxt->role) { -+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1); -+ buffer_append(&b, authctxt->user, strlen(authctxt->user)); -+ buffer_put_char(&b, '/'); -+ buffer_append(&b, authctxt->role, strlen(authctxt->role)); -+ } else -+#endif -+ buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, - datafellows & SSH_BUG_PKSERVICE ? - "ssh-userauth" : -diff -up openssh-5.4p1/auth.h.selinux openssh-5.4p1/auth.h ---- openssh-5.4p1/auth.h.selinux 2010-02-26 21:55:05.000000000 +0100 -+++ openssh-5.4p1/auth.h 2010-03-01 15:19:57.000000000 +0100 -@@ -58,6 +58,9 @@ struct Authctxt { - char *service; - struct passwd *pw; /* set if 'valid' */ - char *style; -+#ifdef WITH_SELINUX -+ char *role; -+#endif - void *kbdintctxt; - void *jpake_ctx; - #ifdef BSD_AUTH -diff -up openssh-5.4p1/configure.ac.selinux openssh-5.4p1/configure.ac ---- openssh-5.4p1/configure.ac.selinux 2010-03-01 15:19:57.000000000 +0100 -+++ openssh-5.4p1/configure.ac 2010-03-01 15:21:12.000000000 +0100 -@@ -3358,6 +3358,7 @@ AC_ARG_WITH(selinux, - ], - AC_MSG_ERROR(SELinux support requires libselinux library)) - SSHDLIBS="$SSHDLIBS $LIBSELINUX" -+ LIBS="$LIBS $LIBSELINUX" - AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) - LIBS="$save_LIBS" - fi ] -diff -up openssh-5.4p1/monitor.c.selinux openssh-5.4p1/monitor.c ---- openssh-5.4p1/monitor.c.selinux 2010-02-26 21:55:05.000000000 +0100 -+++ openssh-5.4p1/monitor.c 2010-03-01 15:19:57.000000000 +0100 -@@ -137,6 +137,9 @@ int mm_answer_sign(int, Buffer *); - int mm_answer_pwnamallow(int, Buffer *); - int mm_answer_auth2_read_banner(int, Buffer *); - int mm_answer_authserv(int, Buffer *); -+#ifdef WITH_SELINUX -+int mm_answer_authrole(int, Buffer *); -+#endif - int mm_answer_authpassword(int, Buffer *); - int mm_answer_bsdauthquery(int, Buffer *); - int mm_answer_bsdauthrespond(int, Buffer *); -@@ -213,6 +216,9 @@ struct mon_table mon_dispatch_proto20[] - {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, - {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, - {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, -+#ifdef WITH_SELINUX -+ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, -+#endif - {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, - {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, - #ifdef USE_PAM -@@ -682,6 +688,9 @@ mm_answer_pwnamallow(int sock, Buffer *m - else { - /* Allow service/style information on the auth context */ - monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); -+#ifdef WITH_SELINUX -+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); -+#endif - monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); - } - -@@ -726,6 +735,25 @@ mm_answer_authserv(int sock, Buffer *m) - return (0); - } - -+#ifdef WITH_SELINUX -+int -+mm_answer_authrole(int sock, Buffer *m) -+{ -+ monitor_permit_authentications(1); -+ -+ authctxt->role = buffer_get_string(m, NULL); -+ debug3("%s: role=%s", -+ __func__, authctxt->role); -+ -+ if (strlen(authctxt->role) == 0) { -+ xfree(authctxt->role); -+ authctxt->role = NULL; -+ } -+ -+ return (0); -+} -+#endif -+ - int - mm_answer_authpassword(int sock, Buffer *m) - { -@@ -1104,7 +1132,7 @@ static int - monitor_valid_userblob(u_char *data, u_int datalen) - { - Buffer b; -- char *p; -+ char *p, *r; - u_int len; - int fail = 0; - -@@ -1130,6 +1158,8 @@ monitor_valid_userblob(u_char *data, u_i - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) - fail++; - p = buffer_get_string(&b, NULL); -+ if ((r = strchr(p, '/')) != NULL) -+ *r = '\0'; - if (strcmp(authctxt->user, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - authctxt->user, p); -@@ -1161,7 +1191,7 @@ monitor_valid_hostbasedblob(u_char *data - char *chost) - { - Buffer b; -- char *p; -+ char *p, *r; - u_int len; - int fail = 0; - -@@ -1178,6 +1208,8 @@ monitor_valid_hostbasedblob(u_char *data - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) - fail++; - p = buffer_get_string(&b, NULL); -+ if ((r = strchr(p, '/')) != NULL) -+ *r = '\0'; - if (strcmp(authctxt->user, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - authctxt->user, p); -diff -up openssh-5.4p1/monitor.h.selinux openssh-5.4p1/monitor.h ---- openssh-5.4p1/monitor.h.selinux 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.4p1/monitor.h 2010-03-01 15:19:57.000000000 +0100 -@@ -31,6 +31,9 @@ - enum monitor_reqtype { - MONITOR_REQ_MODULI, MONITOR_ANS_MODULI, - MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV, -+#ifdef WITH_SELINUX -+ MONITOR_REQ_AUTHROLE, -+#endif - MONITOR_REQ_SIGN, MONITOR_ANS_SIGN, - MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM, - MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER, -diff -up openssh-5.4p1/monitor_wrap.c.selinux openssh-5.4p1/monitor_wrap.c ---- openssh-5.4p1/monitor_wrap.c.selinux 2009-06-22 08:11:07.000000000 +0200 -+++ openssh-5.4p1/monitor_wrap.c 2010-03-01 15:19:57.000000000 +0100 -@@ -297,6 +297,25 @@ mm_inform_authserv(char *service, char * - buffer_free(&m); - } - -+/* Inform the privileged process about role */ -+ -+#ifdef WITH_SELINUX -+void -+mm_inform_authrole(char *role) -+{ -+ Buffer m; -+ -+ debug3("%s entering", __func__); -+ -+ buffer_init(&m); -+ buffer_put_cstring(&m, role ? role : ""); -+ -+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m); -+ -+ buffer_free(&m); -+} -+#endif -+ - /* Do the password authentication */ - int - mm_auth_password(Authctxt *authctxt, char *password) -diff -up openssh-5.4p1/monitor_wrap.h.selinux openssh-5.4p1/monitor_wrap.h ---- openssh-5.4p1/monitor_wrap.h.selinux 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.4p1/monitor_wrap.h 2010-03-01 15:19:57.000000000 +0100 -@@ -41,6 +41,9 @@ int mm_is_monitor(void); - DH *mm_choose_dh(int, int, int); - int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); - void mm_inform_authserv(char *, char *); -+#ifdef WITH_SELINUX -+void mm_inform_authrole(char *); -+#endif - struct passwd *mm_getpwnamallow(const char *); - char *mm_auth2_read_banner(void); - int mm_auth_password(struct Authctxt *, char *); -diff -up openssh-5.4p1/openbsd-compat/port-linux.c.selinux openssh-5.4p1/openbsd-compat/port-linux.c ---- openssh-5.4p1/openbsd-compat/port-linux.c.selinux 2010-03-01 05:52:50.000000000 +0100 -+++ openssh-5.4p1/openbsd-compat/port-linux.c 2010-03-01 15:22:19.000000000 +0100 -@@ -32,12 +32,17 @@ - #include "log.h" - #include "xmalloc.h" - #include "port-linux.h" -+#include "key.h" -+#include "hostfile.h" -+#include "auth.h" - - #ifdef WITH_SELINUX - #include - #include - #include - -+extern Authctxt *the_authctxt; -+ - /* Wrapper around is_selinux_enabled() to log its return value once only */ - int - ssh_selinux_enabled(void) -@@ -56,23 +61,36 @@ ssh_selinux_enabled(void) - static security_context_t - ssh_selinux_getctxbyname(char *pwname) - { -- security_context_t sc; -- char *sename = NULL, *lvl = NULL; -- int r; -+ security_context_t sc = NULL; -+ char *sename, *lvl; -+ char *role = NULL; -+ int r = 0; - -+ if (the_authctxt) -+ role=the_authctxt->role; - #ifdef HAVE_GETSEUSERBYNAME -- if (getseuserbyname(pwname, &sename, &lvl) != 0) -- return NULL; -+ if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) { -+ sename = NULL; -+ lvl = NULL; -+ } - #else - sename = pwname; - lvl = NULL; - #endif - -+ if (r == 0) { - #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL -- r = get_default_context_with_level(sename, lvl, NULL, &sc); -+ if (role != NULL && role[0]) -+ r = get_default_context_with_rolelevel(sename, role, lvl, NULL, &sc); -+ else -+ r = get_default_context_with_level(sename, lvl, NULL, &sc); - #else -- r = get_default_context(sename, NULL, &sc); -+ if (role != NULL && role[0]) -+ r = get_default_context_with_role(sename, role, NULL, &sc); -+ else -+ r = get_default_context(sename, NULL, &sc); - #endif -+ } - - if (r != 0) { - switch (security_getenforce()) { diff --git a/openssh-5.6p1-audit.patch b/openssh-5.6p1-audit.patch deleted file mode 100644 index 2232bf1..0000000 --- a/openssh-5.6p1-audit.patch +++ /dev/null @@ -1,276 +0,0 @@ -diff -up openssh-5.6p1/audit-bsm.c.audit openssh-5.6p1/audit-bsm.c ---- openssh-5.6p1/audit-bsm.c.audit 2008-02-25 11:05:04.000000000 +0100 -+++ openssh-5.6p1/audit-bsm.c 2010-10-20 09:15:47.000000000 +0200 -@@ -305,13 +305,13 @@ audit_run_command(const char *command) - } - - void --audit_session_open(const char *ttyn) -+audit_session_open(struct logininfo *li) - { - /* not implemented */ - } - - void --audit_session_close(const char *ttyn) -+audit_session_close(struct logininfo *li) - { - /* not implemented */ - } -diff -up openssh-5.6p1/audit.c.audit openssh-5.6p1/audit.c ---- openssh-5.6p1/audit.c.audit 2006-09-01 07:38:36.000000000 +0200 -+++ openssh-5.6p1/audit.c 2010-10-20 09:15:47.000000000 +0200 -@@ -147,9 +147,9 @@ audit_event(ssh_audit_event_t event) - * within a single connection. - */ - void --audit_session_open(const char *ttyn) -+audit_session_open(struct logininfo *li) - { -- const char *t = ttyn ? ttyn : "(no tty)"; -+ const char *t = li->line ? li->line : "(no tty)"; - - debug("audit session open euid %d user %s tty name %s", geteuid(), - audit_username(), t); -@@ -163,9 +163,9 @@ audit_session_open(const char *ttyn) - * within a single connection. - */ - void --audit_session_close(const char *ttyn) -+audit_session_close(struct logininfo *li) - { -- const char *t = ttyn ? ttyn : "(no tty)"; -+ const char *t = li->line ? li->line : "(no tty)"; - - debug("audit session close euid %d user %s tty name %s", geteuid(), - audit_username(), t); -diff -up openssh-5.6p1/audit.h.audit openssh-5.6p1/audit.h ---- openssh-5.6p1/audit.h.audit 2006-08-05 16:05:10.000000000 +0200 -+++ openssh-5.6p1/audit.h 2010-10-20 09:15:47.000000000 +0200 -@@ -26,6 +26,9 @@ - - #ifndef _SSH_AUDIT_H - # define _SSH_AUDIT_H -+ -+#include "loginrec.h" -+ - enum ssh_audit_event_type { - SSH_LOGIN_EXCEED_MAXTRIES, - SSH_LOGIN_ROOT_DENIED, -@@ -46,8 +49,8 @@ typedef enum ssh_audit_event_type ssh_au - - void audit_connection_from(const char *, int); - void audit_event(ssh_audit_event_t); --void audit_session_open(const char *); --void audit_session_close(const char *); -+void audit_session_open(struct logininfo *); -+void audit_session_close(struct logininfo *); - void audit_run_command(const char *); - ssh_audit_event_t audit_classify_auth(const char *); - -diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit 2010-10-20 09:15:47.000000000 +0200 -+++ openssh-5.6p1/audit-linux.c 2010-10-20 09:15:47.000000000 +0200 -@@ -0,0 +1,120 @@ -+/* $Id: audit-linux.c,v 1.1 jfch Exp $ */ -+ -+/* -+ * Copyright 2010 Red Hat, Inc. All rights reserved. -+ * Use is subject to license terms. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ * Red Hat author: Jan F. Chadima -+ */ -+ -+#include "includes.h" -+#if defined(USE_LINUX_AUDIT) -+#include -+#include -+#include -+ -+#include "log.h" -+#include "audit.h" -+#include "canohost.h" -+ -+const char* audit_username(void); -+ -+int -+linux_audit_record_event(int uid, const char *username, -+ const char *hostname, const char *ip, const char *ttyn, int success) -+{ -+ int audit_fd, rc, saved_errno; -+ -+ audit_fd = audit_open(); -+ if (audit_fd < 0) { -+ if (errno == EINVAL || errno == EPROTONOSUPPORT || -+ errno == EAFNOSUPPORT) -+ return 1; /* No audit support in kernel */ -+ else -+ return 0; /* Must prevent login */ -+ } -+ rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, -+ NULL, "login", username ? username : "(unknown)", -+ username == NULL ? uid : -1, hostname, ip, ttyn, success); -+ saved_errno = errno; -+ close(audit_fd); -+ errno = saved_errno; -+ return (rc >= 0); -+} -+ -+/* Below is the sshd audit API code */ -+ -+void -+audit_connection_from(const char *host, int port) -+{ -+} -+ /* not implemented */ -+ -+void -+audit_run_command(const char *command) -+{ -+ /* not implemented */ -+} -+ -+void -+audit_session_open(struct logininfo *li) -+{ -+ if (linux_audit_record_event(li->uid, NULL, li->hostname, -+ NULL, li->line, 1) == 0) -+ fatal("linux_audit_write_entry failed: %s", strerror(errno)); -+} -+ -+void -+audit_session_close(struct logininfo *li) -+{ -+ /* not implemented */ -+} -+ -+void -+audit_event(ssh_audit_event_t event) -+{ -+ switch(event) { -+ case SSH_AUTH_SUCCESS: -+ case SSH_CONNECTION_CLOSE: -+ case SSH_NOLOGIN: -+ case SSH_LOGIN_EXCEED_MAXTRIES: -+ case SSH_LOGIN_ROOT_DENIED: -+ break; -+ -+ case SSH_AUTH_FAIL_NONE: -+ case SSH_AUTH_FAIL_PASSWD: -+ case SSH_AUTH_FAIL_KBDINT: -+ case SSH_AUTH_FAIL_PUBKEY: -+ case SSH_AUTH_FAIL_HOSTBASED: -+ case SSH_AUTH_FAIL_GSSAPI: -+ case SSH_INVALID_USER: -+ linux_audit_record_event(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0); -+ break; -+ -+ default: -+ debug("%s: unhandled event %d", __func__, event); -+ } -+} -+ -+#endif /* USE_LINUX_AUDIT */ -diff -up openssh-5.6p1/configure.ac.audit openssh-5.6p1/configure.ac ---- openssh-5.6p1/configure.ac.audit 2010-08-16 05:15:23.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-10-20 09:15:47.000000000 +0200 -@@ -1308,7 +1308,7 @@ int main(void) - - AUDIT_MODULE=none - AC_ARG_WITH(audit, -- [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], -+ [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], - [ - AC_MSG_CHECKING(for supported audit module) - case "$withval" in -@@ -1332,10 +1332,18 @@ AC_ARG_WITH(audit, - AC_CHECK_FUNCS(getaudit_addr aug_get_machine) - AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) - ;; -+ linux) -+ AC_MSG_RESULT(linux) -+ AUDIT_MODULE=linux -+ dnl Checks for headers, libs and functions -+ AC_CHECK_HEADERS(libaudit.h) -+ SSHDLIBS="$SSHDLIBS -laudit" -+ AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module]) -+ ;; - debug) - AUDIT_MODULE=debug - AC_MSG_RESULT(debug) -- AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module) -+ AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module]) - ;; - no) - AC_MSG_RESULT(no) -diff -up openssh-5.6p1/defines.h.audit openssh-5.6p1/defines.h ---- openssh-5.6p1/defines.h.audit 2010-04-09 10:13:27.000000000 +0200 -+++ openssh-5.6p1/defines.h 2010-10-20 09:15:47.000000000 +0200 -@@ -566,6 +566,11 @@ struct winsize { - # define CUSTOM_SSH_AUDIT_EVENTS - #endif - -+#ifdef USE_LINUX_AUDIT -+# define SSH_AUDIT_EVENTS -+# define CUSTOM_SSH_AUDIT_EVENTS -+#endif -+ - #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) - # define __func__ __FUNCTION__ - #elif !defined(HAVE___func__) -diff -up openssh-5.6p1/loginrec.c.audit openssh-5.6p1/loginrec.c ---- openssh-5.6p1/loginrec.c.audit 2010-04-09 10:13:27.000000000 +0200 -+++ openssh-5.6p1/loginrec.c 2010-10-20 09:15:47.000000000 +0200 -@@ -468,9 +468,9 @@ login_write(struct logininfo *li) - #endif - #ifdef SSH_AUDIT_EVENTS - if (li->type == LTYPE_LOGIN) -- audit_session_open(li->line); -+ audit_session_open(li); - else if (li->type == LTYPE_LOGOUT) -- audit_session_close(li->line); -+ audit_session_close(li); - #endif - return (0); - } -diff -up openssh-5.6p1/Makefile.in.audit openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.audit 2010-05-12 08:51:39.000000000 +0200 -+++ openssh-5.6p1/Makefile.in 2010-10-20 09:15:47.000000000 +0200 -@@ -81,6 +81,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s - roaming_common.o roaming_client.o - - SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ -+ audit.o audit-bsm.o audit-linux.o platform.o \ - sshpty.o sshlogin.o servconf.o serverloop.o \ - auth.o auth1.o auth2.o auth-options.o session.o \ - auth-chall.o auth2-chall.o groupaccess.o \ -@@ -90,7 +91,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw - auth-krb5.o \ - auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ -- audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \ -+ sftp-server.o sftp-common.o \ - roaming_common.o roaming_serv.o - - MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out diff --git a/openssh-5.6p1-audit1a.patch b/openssh-5.6p1-audit1a.patch deleted file mode 100644 index bbb1ed2..0000000 --- a/openssh-5.6p1-audit1a.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up openssh-5.6p1/audit-linux.c.audit1a openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit1a 2010-12-10 21:47:03.000000000 +0100 -+++ openssh-5.6p1/audit-linux.c 2010-12-10 21:50:31.000000000 +0100 -@@ -59,7 +59,8 @@ linux_audit_record_event(int uid, const - saved_errno = errno; - close(audit_fd); - errno = saved_errno; -- return (rc >= 0); -+ /* do not report error if the error is EPERM and sshd is run as non root user */ -+ return (rc >= 0) || ((rc == -EPERM) && (getuid() != 0)); - } - - /* Below is the sshd audit API code */ diff --git a/openssh-5.6p1-audit4.patch b/openssh-5.6p1-audit4.patch deleted file mode 100644 index bbc9783..0000000 --- a/openssh-5.6p1-audit4.patch +++ /dev/null @@ -1,236 +0,0 @@ -diff -up openssh-5.6p1/audit-bsm.c.audit4 openssh-5.6p1/audit-bsm.c ---- openssh-5.6p1/audit-bsm.c.audit4 2011-01-12 14:01:50.000000000 +0100 -+++ openssh-5.6p1/audit-bsm.c 2011-01-12 14:01:51.000000000 +0100 -@@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char - { - /* not implemented */ - } -+ -+void -+audit_session_key_free_body(int ctos) -+{ -+ /* not implemented */ -+} - #endif /* BSM */ -diff -up openssh-5.6p1/audit.c.audit4 openssh-5.6p1/audit.c ---- openssh-5.6p1/audit.c.audit4 2011-01-12 14:01:50.000000000 +0100 -+++ openssh-5.6p1/audit.c 2011-01-12 14:01:51.000000000 +0100 -@@ -152,6 +152,12 @@ audit_kex(int ctos, char *enc, char *mac - PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); - } - -+void -+audit_session_key_free(int ctos) -+{ -+ PRIVSEP(audit_session_key_free_body(ctos)); -+} -+ - # ifndef CUSTOM_SSH_AUDIT_EVENTS - /* - * Null implementations of audit functions. -@@ -254,5 +260,13 @@ audit_kex_body(int ctos, char *enc, char - debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s", - geteuid(), ctos, enc, mac, compress); - } -+ -+/* -+ * This will be called on succesfull session key discard -+ */ -+audit_session_key_free_body(int ctos) -+{ -+ debug("audit session key discard euid %d direction %d", geteuid(), ctos); -+} - # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/audit.h.audit4 openssh-5.6p1/audit.h ---- openssh-5.6p1/audit.h.audit4 2011-01-12 14:01:50.000000000 +0100 -+++ openssh-5.6p1/audit.h 2011-01-12 14:01:51.000000000 +0100 -@@ -60,5 +60,7 @@ void audit_unsupported(int); - void audit_kex(int, char *, char *, char *); - void audit_unsupported_body(int); - void audit_kex_body(int, char *, char *, char *); -+void audit_session_key_free(int ctos); -+void audit_session_key_free_body(int ctos); - - #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.6p1/audit-linux.c.audit4 openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit4 2011-01-12 14:01:50.000000000 +0100 -+++ openssh-5.6p1/audit-linux.c 2011-01-12 14:04:15.000000000 +0100 -@@ -174,13 +174,14 @@ audit_unsupported_body(int what) - #endif - } - -+const static char *direction[] = { "from-server", "from-client", "both" }; -+ - void - audit_kex_body(int ctos, char *enc, char *mac, char *compress) - { - #ifdef AUDIT_CRYPTO_SESSION - char buf[AUDIT_LOG_SIZE]; - int audit_fd, audit_ok; -- const static char *direction[] = { "from-server", "from-client", "both" }; - Cipher *cipher = cipher_by_name(enc); - - snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d", -@@ -203,4 +204,26 @@ audit_kex_body(int ctos, char *enc, char - #endif - } - -+void -+audit_session_key_free_body(int ctos) -+{ -+ char buf[AUDIT_LOG_SIZE]; -+ int audit_fd, audit_ok; -+ -+ snprintf(buf, sizeof(buf), "destroy kind=session direction=%s", direction[ctos]); -+ audit_fd = audit_open(); -+ if (audit_fd < 0) { -+ if (errno != EINVAL && errno != EPROTONOSUPPORT && -+ errno != EAFNOSUPPORT) -+ error("cannot open audit"); -+ return; -+ } -+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL, -+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1); -+ audit_close(audit_fd); -+ /* do not abort if the error is EPERM and sshd is run as non root user */ -+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) -+ error("cannot write into audit"); -+} -+ - #endif /* USE_LINUX_AUDIT */ -diff -up openssh-5.6p1/auditstub.c.audit4 openssh-5.6p1/auditstub.c ---- openssh-5.6p1/auditstub.c.audit4 2011-01-12 14:01:50.000000000 +0100 -+++ openssh-5.6p1/auditstub.c 2011-01-12 14:01:51.000000000 +0100 -@@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac - { - } - -+void -+audit_session_key_free(int ctos) -+{ -+} -diff -up openssh-5.6p1/monitor.c.audit4 openssh-5.6p1/monitor.c ---- openssh-5.6p1/monitor.c.audit4 2011-01-12 14:01:51.000000000 +0100 -+++ openssh-5.6p1/monitor.c 2011-01-12 14:01:51.000000000 +0100 -@@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *) - int mm_answer_audit_command(int, Buffer *); - int mm_answer_audit_unsupported_body(int, Buffer *); - int mm_answer_audit_kex_body(int, Buffer *); -+int mm_answer_audit_session_key_free_body(int, Buffer *); - #endif - - static Authctxt *authctxt; -@@ -230,6 +231,7 @@ struct mon_table mon_dispatch_proto20[] - {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, -+ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, - #endif - #ifdef BSD_AUTH - {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -268,6 +270,7 @@ struct mon_table mon_dispatch_postauth20 - {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, -+ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, - #endif - {0, 0, NULL} - }; -@@ -301,6 +304,7 @@ struct mon_table mon_dispatch_proto15[] - {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, -+ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, - #endif - {0, 0, NULL} - }; -@@ -314,6 +318,7 @@ struct mon_table mon_dispatch_postauth15 - {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, -+ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, - #endif - {0, 0, NULL} - }; -@@ -2252,4 +2257,18 @@ mm_answer_audit_kex_body(int sock, Buffe - return 0; - } - -+int -+mm_answer_audit_session_key_free_body(int sock, Buffer *m) -+{ -+ int ctos; -+ -+ ctos = buffer_get_int(m); -+ -+ audit_session_key_free_body(ctos); -+ -+ buffer_clear(m); -+ -+ mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); -+ return 0; -+} - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/monitor.h.audit4 openssh-5.6p1/monitor.h ---- openssh-5.6p1/monitor.h.audit4 2011-01-12 14:01:51.000000000 +0100 -+++ openssh-5.6p1/monitor.h 2011-01-12 14:01:51.000000000 +0100 -@@ -68,6 +68,7 @@ enum monitor_reqtype { - MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, - MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, - MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, -+ MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, - }; - - struct mm_master; -diff -up openssh-5.6p1/monitor_wrap.c.audit4 openssh-5.6p1/monitor_wrap.c ---- openssh-5.6p1/monitor_wrap.c.audit4 2011-01-12 14:01:51.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.c 2011-01-12 14:01:51.000000000 +0100 -@@ -1445,4 +1445,17 @@ mm_audit_kex_body(int ctos, char *cipher - - buffer_free(&m); - } -+ -+void -+mm_audit_session_key_free_body(int ctos) -+{ -+ Buffer m; -+ -+ buffer_init(&m); -+ buffer_put_int(&m, ctos); -+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); -+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, -+ &m); -+ buffer_free(&m); -+} - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/monitor_wrap.h.audit4 openssh-5.6p1/monitor_wrap.h ---- openssh-5.6p1/monitor_wrap.h.audit4 2011-01-12 14:01:51.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.h 2011-01-12 14:01:51.000000000 +0100 -@@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t); - void mm_audit_run_command(const char *); - void mm_audit_unsupported_body(int); - void mm_audit_kex_body(int, char *, char *, char *); -+void mm_audit_session_key_free_body(int); - #endif - - struct Session; -diff -up openssh-5.6p1/packet.c.audit4 openssh-5.6p1/packet.c ---- openssh-5.6p1/packet.c.audit4 2010-07-16 05:58:37.000000000 +0200 -+++ openssh-5.6p1/packet.c 2011-01-12 14:01:51.000000000 +0100 -@@ -495,6 +495,7 @@ packet_close(void) - buffer_free(&active_state->compression_buffer); - buffer_compress_uninit(); - } -+ audit_session_key_free(2); - cipher_cleanup(&active_state->send_context); - cipher_cleanup(&active_state->receive_context); - } -@@ -749,6 +750,7 @@ set_newkeys(int mode) - } - if (active_state->newkeys[mode] != NULL) { - debug("set_newkeys: rekeying"); -+ audit_session_key_free(mode); - cipher_cleanup(cc); - enc = &active_state->newkeys[mode]->enc; - mac = &active_state->newkeys[mode]->mac; diff --git a/openssh-5.6p1-audit5.patch b/openssh-5.6p1-audit5.patch deleted file mode 100644 index 4be224a..0000000 --- a/openssh-5.6p1-audit5.patch +++ /dev/null @@ -1,443 +0,0 @@ -diff -up openssh-5.6p1/audit-bsm.c.audit5 openssh-5.6p1/audit-bsm.c ---- openssh-5.6p1/audit-bsm.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/audit-bsm.c 2011-02-07 18:53:53.000000000 +0100 -@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos) - { - /* not implemented */ - } -+ -+void -+audit_destroy_sensitive_data(void) -+{ -+ /* not implemented */ -+} - #endif /* BSM */ -diff -up openssh-5.6p1/audit.c.audit5 openssh-5.6p1/audit.c ---- openssh-5.6p1/audit.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/audit.c 2011-02-07 18:53:53.000000000 +0100 -@@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos) - { - debug("audit session key discard euid %d direction %d", geteuid(), ctos); - } -+ -+/* -+ * This will be called on destroy private part of the server key -+ */ -+void -+audit_destroy_sensitive_data(void) -+{ -+ debug("audit destroy sensitive data euid %d", geteuid()); -+} - # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/audit.h.audit5 openssh-5.6p1/audit.h ---- openssh-5.6p1/audit.h.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/audit.h 2011-02-07 18:53:53.000000000 +0100 -@@ -62,5 +62,6 @@ void audit_unsupported_body(int); - void audit_kex_body(int, char *, char *, char *); - void audit_session_key_free(int ctos); - void audit_session_key_free_body(int ctos); -+void audit_destroy_sensitive_data(void); - - #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.6p1/audit-linux.c.audit5 openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/audit-linux.c 2011-02-07 18:53:53.000000000 +0100 -@@ -226,4 +226,26 @@ audit_session_key_free_body(int ctos) - error("cannot write into audit"); - } - -+void -+audit_destroy_sensitive_data(void) -+{ -+ char buf[AUDIT_LOG_SIZE]; -+ int audit_fd, audit_ok; -+ -+ snprintf(buf, sizeof(buf), "destroy kind=server direction=?"); -+ audit_fd = audit_open(); -+ if (audit_fd < 0) { -+ if (errno != EINVAL && errno != EPROTONOSUPPORT && -+ errno != EAFNOSUPPORT) -+ error("cannot open audit"); -+ return; -+ } -+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL, -+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1); -+ audit_close(audit_fd); -+ /* do not abort if the error is EPERM and sshd is run as non root user */ -+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) -+ error("cannot write into audit"); -+} -+ - #endif /* USE_LINUX_AUDIT */ -diff -up openssh-5.6p1/kex.c.audit5 openssh-5.6p1/kex.c ---- openssh-5.6p1/kex.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/kex.c 2011-02-07 18:53:53.000000000 +0100 -@@ -592,3 +592,34 @@ dump_digest(char *msg, u_char *digest, i - fprintf(stderr, "\n"); - } - #endif -+ -+static void -+enc_destroy(Enc *enc) -+{ -+ if (enc == NULL) -+ return; -+ -+ if (enc->key) { -+ memset(enc->key, 0, enc->key_len); -+ xfree(enc->key); -+ } -+ -+ if (enc->iv) { -+ memset(enc->iv, 0, enc->block_size); -+ xfree(enc->iv); -+ } -+ -+ memset(enc, 0, sizeof(*enc)); -+} -+ -+void -+newkeys_destroy(Newkeys *newkeys) -+{ -+ if (newkeys == NULL) -+ return; -+ -+ enc_destroy(&newkeys->enc); -+ mac_destroy(&newkeys->mac); -+ memset(&newkeys->comp, 0, sizeof(newkeys->comp)); -+} -+ -diff -up openssh-5.6p1/kex.h.audit5 openssh-5.6p1/kex.h ---- openssh-5.6p1/kex.h.audit5 2010-02-26 21:55:05.000000000 +0100 -+++ openssh-5.6p1/kex.h 2011-02-07 18:53:53.000000000 +0100 -@@ -146,6 +146,8 @@ void kexdh_server(Kex *); - void kexgex_client(Kex *); - void kexgex_server(Kex *); - -+void newkeys_destroy(Newkeys *newkeys); -+ - void - kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, - BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); -diff -up openssh-5.6p1/mac.c.audit5 openssh-5.6p1/mac.c ---- openssh-5.6p1/mac.c.audit5 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.6p1/mac.c 2011-02-07 18:53:53.000000000 +0100 -@@ -162,6 +162,20 @@ mac_clear(Mac *mac) - mac->umac_ctx = NULL; - } - -+void -+mac_destroy(Mac *mac) -+{ -+ if (mac == NULL) -+ return; -+ -+ if (mac->key) { -+ memset(mac->key, 0, mac->key_len); -+ xfree(mac->key); -+ } -+ -+ memset(mac, 0, sizeof(*mac)); -+} -+ - /* XXX copied from ciphers_valid */ - #define MAC_SEP "," - int -diff -up openssh-5.6p1/mac.h.audit5 openssh-5.6p1/mac.h ---- openssh-5.6p1/mac.h.audit5 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.6p1/mac.h 2011-02-07 18:53:53.000000000 +0100 -@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); - int mac_init(Mac *); - u_char *mac_compute(Mac *, u_int32_t, u_char *, int); - void mac_clear(Mac *); -+void mac_destroy(Mac *); -diff -up openssh-5.6p1/monitor.c.audit5 openssh-5.6p1/monitor.c ---- openssh-5.6p1/monitor.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/monitor.c 2011-02-07 18:53:53.000000000 +0100 -@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer - int mm_answer_audit_unsupported_body(int, Buffer *); - int mm_answer_audit_kex_body(int, Buffer *); - int mm_answer_audit_session_key_free_body(int, Buffer *); -+int mm_answer_audit_server_key_free(int, Buffer *); - #endif - - static Authctxt *authctxt; -@@ -232,6 +233,7 @@ struct mon_table mon_dispatch_proto20[] - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, - {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, -+ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, - #endif - #ifdef BSD_AUTH - {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -271,6 +273,7 @@ struct mon_table mon_dispatch_postauth20 - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, - {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, -+ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, - #endif - {0, 0, NULL} - }; -@@ -305,6 +308,7 @@ struct mon_table mon_dispatch_proto15[] - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, - {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, -+ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, - #endif - {0, 0, NULL} - }; -@@ -319,6 +323,7 @@ struct mon_table mon_dispatch_postauth15 - {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, - {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, - {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, -+ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, - #endif - {0, 0, NULL} - }; -@@ -2271,4 +2276,15 @@ mm_answer_audit_session_key_free_body(in - mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); - return 0; - } -+ -+int -+mm_answer_audit_server_key_free(int sock, Buffer *m) -+{ -+ audit_destroy_sensitive_data(); -+ -+ buffer_clear(m); -+ -+ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m); -+ return 0; -+} - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/monitor.h.audit5 openssh-5.6p1/monitor.h ---- openssh-5.6p1/monitor.h.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/monitor.h 2011-02-07 18:53:53.000000000 +0100 -@@ -69,6 +69,7 @@ enum monitor_reqtype { - MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, - MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, - MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, -+ MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, - }; - - struct mm_master; -diff -up openssh-5.6p1/monitor_wrap.c.audit5 openssh-5.6p1/monitor_wrap.c ---- openssh-5.6p1/monitor_wrap.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.c 2011-02-07 18:53:53.000000000 +0100 -@@ -1458,4 +1458,16 @@ mm_audit_session_key_free_body(int ctos) - &m); - buffer_free(&m); - } -+ -+void -+mm_audit_destroy_sensitive_data(void) -+{ -+ Buffer m; -+ -+ buffer_init(&m); -+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); -+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, -+ &m); -+ buffer_free(&m); -+} - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/monitor_wrap.h.audit5 openssh-5.6p1/monitor_wrap.h ---- openssh-5.6p1/monitor_wrap.h.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.h 2011-02-07 18:53:53.000000000 +0100 -@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); - void mm_audit_unsupported_body(int); - void mm_audit_kex_body(int, char *, char *, char *); - void mm_audit_session_key_free_body(int); -+void mm_audit_server_key_free_body(void); - #endif - - struct Session; -diff -up openssh-5.6p1/packet.c.audit5 openssh-5.6p1/packet.c ---- openssh-5.6p1/packet.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/packet.c 2011-02-07 18:53:54.000000000 +0100 -@@ -60,6 +60,7 @@ - #include - - #include "xmalloc.h" -+#include "audit.h" - #include "buffer.h" - #include "packet.h" - #include "crc32.h" -@@ -495,9 +496,9 @@ packet_close(void) - buffer_free(&active_state->compression_buffer); - buffer_compress_uninit(); - } -- audit_session_key_free(2); - cipher_cleanup(&active_state->send_context); - cipher_cleanup(&active_state->receive_context); -+ audit_session_key_free(2); - } - - /* Sets remote side protocol flags. */ -@@ -1893,6 +1894,34 @@ packet_get_newkeys(int mode) - return (void *)active_state->newkeys[mode]; - } - -+static void -+packet_destroy_state(struct session_state *state) -+{ -+ if (state == NULL) -+ return; -+ -+ cipher_cleanup(&state->receive_context); -+ cipher_cleanup(&state->send_context); -+ -+ buffer_free(&state->input); -+ buffer_free(&state->output); -+ buffer_free(&state->outgoing_packet); -+ buffer_free(&state->incoming_packet); -+ buffer_free(&state->compression_buffer); -+ newkeys_destroy(state->newkeys[MODE_IN]); -+ newkeys_destroy(state->newkeys[MODE_OUT]); -+ mac_destroy(state->packet_discard_mac); -+// TAILQ_HEAD(, packet) outgoing; -+// memset(state, 0, sizeof(state)); -+} -+ -+void -+packet_destroy_all(void) -+{ -+ packet_destroy_state(active_state); -+ packet_destroy_state(backup_state); -+} -+ - /* - * Save the state for the real connection, and use a separate state when - * resuming a suspended connection. -@@ -1900,18 +1929,12 @@ packet_get_newkeys(int mode) - void - packet_backup_state(void) - { -- struct session_state *tmp; -- - close(active_state->connection_in); - active_state->connection_in = -1; - close(active_state->connection_out); - active_state->connection_out = -1; -- if (backup_state) -- tmp = backup_state; -- else -- tmp = alloc_session_state(); - backup_state = active_state; -- active_state = tmp; -+ active_state = alloc_session_state(); - } - - /* -@@ -1928,9 +1951,7 @@ packet_restore_state(void) - backup_state = active_state; - active_state = tmp; - active_state->connection_in = backup_state->connection_in; -- backup_state->connection_in = -1; - active_state->connection_out = backup_state->connection_out; -- backup_state->connection_out = -1; - len = buffer_len(&backup_state->input); - if (len > 0) { - buf = buffer_ptr(&backup_state->input); -@@ -1938,4 +1959,10 @@ packet_restore_state(void) - buffer_clear(&backup_state->input); - add_recv_bytes(len); - } -+ backup_state->connection_in = -1; -+ backup_state->connection_out = -1; -+ packet_destroy_state(backup_state); -+ xfree(backup_state); -+ backup_state = NULL; - } -+ -diff -up openssh-5.6p1/packet.h.audit5 openssh-5.6p1/packet.h ---- openssh-5.6p1/packet.h.audit5 2009-07-05 23:11:13.000000000 +0200 -+++ openssh-5.6p1/packet.h 2011-02-07 18:53:54.000000000 +0100 -@@ -115,4 +115,5 @@ void packet_restore_state(void); - void *packet_get_input(void); - void *packet_get_output(void); - -+void packet_destroy_all(void); - #endif /* PACKET_H */ -diff -up openssh-5.6p1/session.c.audit5 openssh-5.6p1/session.c ---- openssh-5.6p1/session.c.audit5 2010-06-26 02:00:15.000000000 +0200 -+++ openssh-5.6p1/session.c 2011-02-07 18:53:54.000000000 +0100 -@@ -1677,6 +1677,7 @@ do_child(Session *s, const char *command - - /* remove hostkey from the child's memory */ - destroy_sensitive_data(); -+ PRIVSEP(audit_destroy_sensitive_data()); - - /* Force a password change */ - if (s->authctxt->force_pwchange) { -diff -up openssh-5.6p1/sshd.c.audit5 openssh-5.6p1/sshd.c ---- openssh-5.6p1/sshd.c.audit5 2011-02-07 18:53:53.000000000 +0100 -+++ openssh-5.6p1/sshd.c 2011-02-07 19:08:56.000000000 +0100 -@@ -579,6 +579,7 @@ demote_sensitive_data(void) - } - /* Certs do not need demotion */ - } -+ audit_destroy_sensitive_data(); - - /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ - } -@@ -663,6 +664,8 @@ privsep_preauth(Authctxt *authctxt) - return (0); - } - -+extern Newkeys *current_keys[]; -+ - static void - privsep_postauth(Authctxt *authctxt) - { -@@ -688,6 +691,10 @@ privsep_postauth(Authctxt *authctxt) - verbose("User child is on pid %ld", (long)pmonitor->m_pid); - close(pmonitor->m_recvfd); - buffer_clear(&loginmsg); -+ newkeys_destroy(current_keys[MODE_OUT]); -+ newkeys_destroy(current_keys[MODE_IN]); -+ packet_destroy_all(); -+ audit_session_key_free_body(2); - monitor_child_postauth(pmonitor); - - /* NEVERREACHED */ -@@ -1970,6 +1977,8 @@ main(int ac, char **av) - */ - if (use_privsep) { - mm_send_keystate(pmonitor); -+ packet_destroy_all(); -+ audit_session_key_free(2); - exit(0); - } - -@@ -2011,8 +2020,10 @@ main(int ac, char **av) - if (use_privsep) { - privsep_postauth(authctxt); - /* the monitor process [priv] will not return */ -- if (!compat20) -+ if (!compat20) { - destroy_sensitive_data(); -+ audit_destroy_sensitive_data(); -+ } - } - - packet_set_timeout(options.client_alive_interval, -@@ -2022,6 +2033,9 @@ main(int ac, char **av) - do_authenticated(authctxt); - - /* The connection has been terminated. */ -+ packet_destroy_all(); -+ audit_session_key_free(2); -+ - packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); - packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); - verbose("Transferred: sent %llu, received %llu bytes", obytes, ibytes); -@@ -2249,6 +2263,7 @@ do_ssh1_kex(void) - } - /* Destroy the private and public keys. No longer. */ - destroy_sensitive_data(); -+ audit_destroy_sensitive_data(); - - if (use_privsep) - mm_ssh1_session_id(session_id); diff --git a/openssh-5.6p1-biguid.patch b/openssh-5.6p1-biguid.patch deleted file mode 100644 index 5892008..0000000 --- a/openssh-5.6p1-biguid.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -up openssh-5.6p1/loginrec.c.biguid openssh-5.6p1/loginrec.c ---- openssh-5.6p1/loginrec.c.biguid 2010-11-15 13:19:35.000000000 +0100 -+++ openssh-5.6p1/loginrec.c 2010-11-15 13:19:38.000000000 +0100 -@@ -273,7 +273,7 @@ login_logout(struct logininfo *li) - * try to retrieve lastlog information from wtmp/wtmpx. - */ - unsigned int --login_get_lastlog_time(const int uid) -+login_get_lastlog_time(const uid_t uid) - { - struct logininfo li; - -@@ -297,7 +297,7 @@ login_get_lastlog_time(const int uid) - * 0 on failure (will use OpenSSH's logging facilities for diagnostics) - */ - struct logininfo * --login_get_lastlog(struct logininfo *li, const int uid) -+login_get_lastlog(struct logininfo *li, const uid_t uid) - { - struct passwd *pw; - -@@ -311,7 +311,8 @@ login_get_lastlog(struct logininfo *li, - */ - pw = getpwuid(uid); - if (pw == NULL) -- fatal("%s: Cannot find account for uid %i", __func__, uid); -+ fatal("%s: Cannot find account for uid %ld", __func__, -+ (long)uid); - - /* No MIN_SIZEOF here - we absolutely *must not* truncate the - * username (XXX - so check for trunc!) */ -@@ -335,7 +336,7 @@ login_get_lastlog(struct logininfo *li, - * allocation fails, the program halts. - */ - struct --logininfo *login_alloc_entry(int pid, const char *username, -+logininfo *login_alloc_entry(pid_t pid, const char *username, - const char *hostname, const char *line) - { - struct logininfo *newli; -@@ -363,7 +364,7 @@ login_free_entry(struct logininfo *li) - * Returns: 1 - */ - int --login_init_entry(struct logininfo *li, int pid, const char *username, -+login_init_entry(struct logininfo *li, pid_t pid, const char *username, - const char *hostname, const char *line) - { - struct passwd *pw; -@@ -1496,7 +1497,7 @@ lastlog_openseek(struct logininfo *li, i - - if (S_ISREG(st.st_mode)) { - /* find this uid's offset in the lastlog file */ -- offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); -+ offset = (off_t) ((u_long)li->uid * sizeof(struct lastlog)); - - if (lseek(*fd, offset, SEEK_SET) != offset) { - logit("%s: %s->lseek(): %s", __func__, -diff -up openssh-5.6p1/loginrec.h.biguid openssh-5.6p1/loginrec.h ---- openssh-5.6p1/loginrec.h.biguid 2010-06-22 07:02:39.000000000 +0200 -+++ openssh-5.6p1/loginrec.h 2010-11-15 13:19:38.000000000 +0100 -@@ -63,8 +63,8 @@ struct logininfo { - char progname[LINFO_PROGSIZE]; /* name of program (for PAM) */ - int progname_null; - short int type; /* type of login (LTYPE_*) */ -- int pid; /* PID of login process */ -- int uid; /* UID of this user */ -+ pid_t pid; /* PID of login process */ -+ uid_t uid; /* UID of this user */ - char line[LINFO_LINESIZE]; /* tty/pty name */ - char username[LINFO_NAMESIZE]; /* login username */ - char hostname[LINFO_HOSTSIZE]; /* remote hostname */ -@@ -86,12 +86,12 @@ struct logininfo { - /** 'public' functions */ - - /* construct a new login entry */ --struct logininfo *login_alloc_entry(int pid, const char *username, -+struct logininfo *login_alloc_entry(pid_t pid, const char *username, - const char *hostname, const char *line); - /* free a structure */ - void login_free_entry(struct logininfo *li); - /* fill out a pre-allocated structure with useful information */ --int login_init_entry(struct logininfo *li, int pid, const char *username, -+int login_init_entry(struct logininfo *li, pid_t pid, const char *username, - const char *hostname, const char *line); - /* place the current time in a logininfo struct */ - void login_set_current_time(struct logininfo *li); -@@ -117,9 +117,9 @@ void login_set_addr(struct logininfo *li - * lastlog retrieval functions - */ - /* lastlog *entry* functions fill out a logininfo */ --struct logininfo *login_get_lastlog(struct logininfo *li, const int uid); -+struct logininfo *login_get_lastlog(struct logininfo *li, const uid_t uid); - /* lastlog *time* functions return time_t equivalent (uint) */ --unsigned int login_get_lastlog_time(const int uid); -+unsigned int login_get_lastlog_time(const uid_t uid); - - /* produce various forms of the line filename */ - char *line_fullname(char *dst, const char *src, u_int dstsize); diff --git a/openssh-5.6p1-clientloop.patch b/openssh-5.6p1-clientloop.patch deleted file mode 100644 index 7ccb1e3..0000000 --- a/openssh-5.6p1-clientloop.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssh-5.6p1/clientloop.c.clientloop openssh-5.6p1/clientloop.c ---- openssh-5.6p1/clientloop.c.clientloop 2010-11-24 08:18:10.000000000 +0100 -+++ openssh-5.6p1/clientloop.c 2010-11-24 08:18:11.000000000 +0100 -@@ -1944,7 +1944,7 @@ client_input_channel_req(int type, u_int - } - packet_check_eom(); - } -- if (reply) { -+ if (reply && c != NULL) { - packet_start(success ? - SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); - packet_put_int(c->remote_id); diff --git a/openssh-5.6p1-audit2.patch b/openssh-5.8p1-audit2.patch similarity index 77% rename from openssh-5.6p1-audit2.patch rename to openssh-5.8p1-audit2.patch index 65f5a2b..362d7d3 100644 --- a/openssh-5.6p1-audit2.patch +++ b/openssh-5.8p1-audit2.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.6p1/audit-bsm.c.audit2 openssh-5.6p1/audit-bsm.c ---- openssh-5.6p1/audit-bsm.c.audit2 2010-12-10 21:55:40.000000000 +0100 -+++ openssh-5.6p1/audit-bsm.c 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit2 2011-01-17 11:15:29.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-09 15:50:28.000000000 +0100 @@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -14,9 +14,9 @@ diff -up openssh-5.6p1/audit-bsm.c.audit2 openssh-5.6p1/audit-bsm.c void audit_event(ssh_audit_event_t event) { -diff -up openssh-5.6p1/audit.c.audit2 openssh-5.6p1/audit.c ---- openssh-5.6p1/audit.c.audit2 2010-12-10 21:55:40.000000000 +0100 -+++ openssh-5.6p1/audit.c 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit2 2011-01-17 11:15:30.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-09 15:50:28.000000000 +0100 @@ -111,6 +111,33 @@ audit_event_lookup(ssh_audit_event_t ev) return(event_lookup[i].name); } @@ -69,9 +69,9 @@ diff -up openssh-5.6p1/audit.c.audit2 openssh-5.6p1/audit.c +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/audit.h.audit2 openssh-5.6p1/audit.h ---- openssh-5.6p1/audit.h.audit2 2010-12-10 21:55:40.000000000 +0100 -+++ openssh-5.6p1/audit.h 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit2 2011-01-17 11:15:30.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-09 15:50:28.000000000 +0100 @@ -28,6 +28,7 @@ # define _SSH_AUDIT_H @@ -88,9 +88,9 @@ diff -up openssh-5.6p1/audit.h.audit2 openssh-5.6p1/audit.h +int audit_key(int, int *, const Key *); #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.6p1/audit-linux.c.audit2 openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit2 2010-12-10 21:55:41.000000000 +0100 -+++ openssh-5.6p1/audit-linux.c 2010-12-10 22:16:42.000000000 +0100 +diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit2 2011-01-17 11:15:30.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-09 15:51:45.000000000 +0100 @@ -37,6 +37,8 @@ #include "audit.h" #include "canohost.h" @@ -100,8 +100,8 @@ diff -up openssh-5.6p1/audit-linux.c.audit2 openssh-5.6p1/audit-linux.c const char* audit_username(void); int -@@ -63,6 +65,37 @@ linux_audit_record_event(int uid, const - return (rc >= 0) || ((rc == -EPERM) && (getuid() != 0)); +@@ -68,6 +70,37 @@ linux_audit_record_event(int uid, const + return (rc >= 0); } +int @@ -138,9 +138,9 @@ diff -up openssh-5.6p1/audit-linux.c.audit2 openssh-5.6p1/audit-linux.c /* Below is the sshd audit API code */ void -diff -up openssh-5.6p1/auth2-hostbased.c.audit2 openssh-5.6p1/auth2-hostbased.c ---- openssh-5.6p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 -+++ openssh-5.6p1/auth2-hostbased.c 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c +--- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 ++++ openssh-5.8p1/auth2-hostbased.c 2011-02-09 15:50:28.000000000 +0100 @@ -136,6 +136,18 @@ done: return authenticated; } @@ -160,9 +160,9 @@ diff -up openssh-5.6p1/auth2-hostbased.c.audit2 openssh-5.6p1/auth2-hostbased.c /* return 1 if given hostkey is allowed */ int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, -diff -up openssh-5.6p1/auth2-pubkey.c.audit2 openssh-5.6p1/auth2-pubkey.c ---- openssh-5.6p1/auth2-pubkey.c.audit2 2010-07-02 05:35:19.000000000 +0200 -+++ openssh-5.6p1/auth2-pubkey.c 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c +--- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-09 15:50:28.000000000 +0100 @@ -177,6 +177,18 @@ done: return authenticated; } @@ -182,9 +182,9 @@ diff -up openssh-5.6p1/auth2-pubkey.c.audit2 openssh-5.6p1/auth2-pubkey.c static int match_principals_option(const char *principal_list, struct KeyCert *cert) { -diff -up openssh-5.6p1/auth.h.audit2 openssh-5.6p1/auth.h ---- openssh-5.6p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 -+++ openssh-5.6p1/auth.h 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h +--- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 ++++ openssh-5.8p1/auth.h 2011-02-09 15:50:28.000000000 +0100 @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); @@ -201,9 +201,9 @@ diff -up openssh-5.6p1/auth.h.audit2 openssh-5.6p1/auth.h /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); -diff -up openssh-5.6p1/auth-rsa.c.audit2 openssh-5.6p1/auth-rsa.c ---- openssh-5.6p1/auth-rsa.c.audit2 2010-07-16 05:58:37.000000000 +0200 -+++ openssh-5.6p1/auth-rsa.c 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c +--- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-09 15:53:00.000000000 +0100 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU { u_char buf[32], mdbuf[16]; @@ -214,9 +214,9 @@ diff -up openssh-5.6p1/auth-rsa.c.audit2 openssh-5.6p1/auth-rsa.c + char *fp; +#endif - if (auth_key_is_revoked(key)) - return 0; -@@ -116,12 +119,18 @@ auth_rsa_verify_response(Key *key, BIGNU + /* don't allow short keys */ + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { +@@ -113,12 +116,18 @@ auth_rsa_verify_response(Key *key, BIGNU MD5_Final(mdbuf, &md); /* Verify that the response is the original challenge. */ @@ -240,9 +240,9 @@ diff -up openssh-5.6p1/auth-rsa.c.audit2 openssh-5.6p1/auth-rsa.c } /* -diff -up openssh-5.6p1/monitor.c.audit2 openssh-5.6p1/monitor.c ---- openssh-5.6p1/monitor.c.audit2 2010-08-03 07:50:16.000000000 +0200 -+++ openssh-5.6p1/monitor.c 2010-12-10 21:55:41.000000000 +0100 +diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit2 2010-09-10 03:23:34.000000000 +0200 ++++ openssh-5.8p1/monitor.c 2011-02-09 15:50:28.000000000 +0100 @@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); diff --git a/openssh-5.6p1-audit3.patch b/openssh-5.8p1-audit3.patch similarity index 79% rename from openssh-5.6p1-audit3.patch rename to openssh-5.8p1-audit3.patch index a851ba6..1c7f1a4 100644 --- a/openssh-5.6p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.6p1/audit-bsm.c.audit3 openssh-5.6p1/audit-bsm.c ---- openssh-5.6p1/audit-bsm.c.audit3 2010-12-10 22:17:31.000000000 +0100 -+++ openssh-5.6p1/audit-bsm.c 2010-12-10 22:17:31.000000000 +0100 +diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-09 21:51:19.000000000 +0100 @@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } @@ -18,9 +18,9 @@ diff -up openssh-5.6p1/audit-bsm.c.audit3 openssh-5.6p1/audit-bsm.c + /* not implemented */ +} #endif /* BSM */ -diff -up openssh-5.6p1/audit.c.audit3 openssh-5.6p1/audit.c ---- openssh-5.6p1/audit.c.audit3 2010-12-10 22:17:31.000000000 +0100 -+++ openssh-5.6p1/audit.c 2010-12-10 22:17:31.000000000 +0100 +diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit3 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-09 21:51:19.000000000 +0100 @@ -36,6 +36,8 @@ #include "key.h" #include "hostfile.h" @@ -74,9 +74,9 @@ diff -up openssh-5.6p1/audit.c.audit3 openssh-5.6p1/audit.c +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/audit.h.audit3 openssh-5.6p1/audit.h ---- openssh-5.6p1/audit.h.audit3 2010-12-10 22:17:31.000000000 +0100 -+++ openssh-5.6p1/audit.h 2010-12-10 22:17:31.000000000 +0100 +diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit3 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-09 21:51:19.000000000 +0100 @@ -56,5 +56,9 @@ void audit_run_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); int audit_keyusage(int, const char *, unsigned, char *, int); @@ -87,9 +87,9 @@ diff -up openssh-5.6p1/audit.h.audit3 openssh-5.6p1/audit.h +void audit_kex_body(int, char *, char *, char *); #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.6p1/audit-linux.c.audit3 openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit3 2010-12-10 22:17:31.000000000 +0100 -+++ openssh-5.6p1/audit-linux.c 2010-12-10 22:20:00.000000000 +0100 +diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit3 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-09 21:51:19.000000000 +0100 @@ -36,6 +36,8 @@ #include "log.h" #include "audit.h" @@ -99,7 +99,7 @@ diff -up openssh-5.6p1/audit-linux.c.audit3 openssh-5.6p1/audit-linux.c #define AUDIT_LOG_SIZE 128 -@@ -151,4 +153,54 @@ audit_event(ssh_audit_event_t event) +@@ -156,4 +158,54 @@ audit_event(ssh_audit_event_t event) } } @@ -154,9 +154,9 @@ diff -up openssh-5.6p1/audit-linux.c.audit3 openssh-5.6p1/audit-linux.c +} + #endif /* USE_LINUX_AUDIT */ -diff -up openssh-5.6p1/auditstub.c.audit3 openssh-5.6p1/auditstub.c ---- openssh-5.6p1/auditstub.c.audit3 2010-12-10 22:17:32.000000000 +0100 -+++ openssh-5.6p1/auditstub.c 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c +--- openssh-5.8p1/auditstub.c.audit3 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-09 21:51:19.000000000 +0100 @@ -0,0 +1,39 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -197,9 +197,9 @@ diff -up openssh-5.6p1/auditstub.c.audit3 openssh-5.6p1/auditstub.c +{ +} + -diff -up openssh-5.6p1/cipher.c.audit3 openssh-5.6p1/cipher.c ---- openssh-5.6p1/cipher.c.audit3 2010-09-03 14:54:23.000000000 +0200 -+++ openssh-5.6p1/cipher.c 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c +--- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-09 21:51:19.000000000 +0100 @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); @@ -217,9 +217,9 @@ diff -up openssh-5.6p1/cipher.c.audit3 openssh-5.6p1/cipher.c { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null }, { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, -diff -up openssh-5.6p1/cipher.h.audit3 openssh-5.6p1/cipher.h ---- openssh-5.6p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.6p1/cipher.h 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h +--- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-09 21:51:19.000000000 +0100 @@ -61,7 +61,16 @@ typedef struct Cipher Cipher; typedef struct CipherContext CipherContext; @@ -238,9 +238,9 @@ diff -up openssh-5.6p1/cipher.h.audit3 openssh-5.6p1/cipher.h struct CipherContext { int plaintext; EVP_CIPHER_CTX evp; -diff -up openssh-5.6p1/kex.c.audit3 openssh-5.6p1/kex.c ---- openssh-5.6p1/kex.c.audit3 2010-01-08 06:50:41.000000000 +0100 -+++ openssh-5.6p1/kex.c 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c +--- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 ++++ openssh-5.8p1/kex.c 2011-02-09 21:51:19.000000000 +0100 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "monitor.h" @@ -249,7 +249,7 @@ diff -up openssh-5.6p1/kex.c.audit3 openssh-5.6p1/kex.c #if OPENSSL_VERSION_NUMBER >= 0x00907000L # if defined(HAVE_EVP_SHA256) -@@ -258,9 +259,13 @@ static void +@@ -286,9 +287,13 @@ static void choose_enc(Enc *enc, char *client, char *server) { char *name = match_list(client, server, NULL); @@ -264,7 +264,7 @@ diff -up openssh-5.6p1/kex.c.audit3 openssh-5.6p1/kex.c if ((enc->cipher = cipher_by_name(name)) == NULL) fatal("matching cipher is not supported: %s", name); enc->name = name; -@@ -275,9 +280,13 @@ static void +@@ -303,9 +308,13 @@ static void choose_mac(Mac *mac, char *client, char *server) { char *name = match_list(client, server, NULL); @@ -279,7 +279,7 @@ diff -up openssh-5.6p1/kex.c.audit3 openssh-5.6p1/kex.c if (mac_setup(mac, name) < 0) fatal("unsupported mac %s", name); /* truncate the key */ -@@ -292,8 +301,12 @@ static void +@@ -320,8 +329,12 @@ static void choose_comp(Comp *comp, char *client, char *server) { char *name = match_list(client, server, NULL); @@ -293,7 +293,7 @@ diff -up openssh-5.6p1/kex.c.audit3 openssh-5.6p1/kex.c if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; } else if (strcmp(name, "zlib") == 0) { -@@ -414,6 +427,9 @@ kex_choose_conf(Kex *kex) +@@ -446,6 +459,9 @@ kex_choose_conf(Kex *kex) newkeys->enc.name, newkeys->mac.name, newkeys->comp.name); @@ -303,21 +303,21 @@ diff -up openssh-5.6p1/kex.c.audit3 openssh-5.6p1/kex.c } choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], -diff -up openssh-5.6p1/Makefile.in.audit3 openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.audit3 2010-12-10 22:17:31.000000000 +0100 -+++ openssh-5.6p1/Makefile.in 2010-12-10 22:17:32.000000000 +0100 -@@ -74,7 +74,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b - monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ - kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \ - entropy.o gss-genr.o umac.o jpake.o schnorr.o \ -- ssh-pkcs11.o -+ ssh-pkcs11.o auditstub.o +diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in +--- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-09 21:53:15.000000000 +0100 +@@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b + monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ + kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ + msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \ +- schnorr.o ssh-pkcs11.o ++ schnorr.o ssh-pkcs11.o auditstub.o SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ -diff -up openssh-5.6p1/monitor.c.audit3 openssh-5.6p1/monitor.c ---- openssh-5.6p1/monitor.c.audit3 2010-12-10 22:17:31.000000000 +0100 -+++ openssh-5.6p1/monitor.c 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit3 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-09 21:51:19.000000000 +0100 @@ -89,6 +89,7 @@ #include "ssh2.h" #include "jpake.h" @@ -371,7 +371,7 @@ diff -up openssh-5.6p1/monitor.c.audit3 openssh-5.6p1/monitor.c #endif {0, 0, NULL} }; -@@ -2205,3 +2216,40 @@ mm_answer_jpake_check_confirm(int sock, +@@ -2206,3 +2217,40 @@ mm_answer_jpake_check_confirm(int sock, } #endif /* JPAKE */ @@ -412,9 +412,9 @@ diff -up openssh-5.6p1/monitor.c.audit3 openssh-5.6p1/monitor.c +} + +#endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/monitor.h.audit3 openssh-5.6p1/monitor.h ---- openssh-5.6p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.6p1/monitor.h 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h +--- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-09 21:51:19.000000000 +0100 @@ -66,6 +66,8 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, @@ -424,10 +424,10 @@ diff -up openssh-5.6p1/monitor.h.audit3 openssh-5.6p1/monitor.h }; struct mm_master; -diff -up openssh-5.6p1/monitor_wrap.c.audit3 openssh-5.6p1/monitor_wrap.c ---- openssh-5.6p1/monitor_wrap.c.audit3 2010-03-07 13:05:17.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.c 2010-12-10 22:17:32.000000000 +0100 -@@ -1411,3 +1411,38 @@ mm_jpake_check_confirm(const BIGNUM *k, +diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-09 21:51:19.000000000 +0100 +@@ -1412,3 +1412,38 @@ mm_jpake_check_confirm(const BIGNUM *k, return success; } #endif /* JPAKE */ @@ -466,9 +466,9 @@ diff -up openssh-5.6p1/monitor_wrap.c.audit3 openssh-5.6p1/monitor_wrap.c + buffer_free(&m); +} +#endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.6p1/monitor_wrap.h.audit3 openssh-5.6p1/monitor_wrap.h ---- openssh-5.6p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.h 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-09 21:51:19.000000000 +0100 @@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *); #include "audit.h" void mm_audit_event(ssh_audit_event_t); @@ -478,9 +478,9 @@ diff -up openssh-5.6p1/monitor_wrap.h.audit3 openssh-5.6p1/monitor_wrap.h #endif struct Session; -diff -up openssh-5.6p1/sshd.c.audit3 openssh-5.6p1/sshd.c ---- openssh-5.6p1/sshd.c.audit3 2010-04-16 07:56:22.000000000 +0200 -+++ openssh-5.6p1/sshd.c 2010-12-10 22:17:32.000000000 +0100 +diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-09 21:51:19.000000000 +0100 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" @@ -489,7 +489,7 @@ diff -up openssh-5.6p1/sshd.c.audit3 openssh-5.6p1/sshd.c #include "version.h" #ifdef LIBWRAP -@@ -2177,6 +2178,10 @@ do_ssh1_kex(void) +@@ -2182,6 +2183,10 @@ do_ssh1_kex(void) if (cookie[i] != packet_get_char()) packet_disconnect("IP Spoofing check bytes do not match."); diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch new file mode 100644 index 0000000..1e03de4 --- /dev/null +++ b/openssh-5.8p1-audit4.patch @@ -0,0 +1,445 @@ +diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-09 22:24:22.000000000 +0100 +@@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char + { + /* not implemented */ + } ++ ++void ++audit_session_key_free_body(int ctos) ++{ ++ /* not implemented */ ++} + #endif /* BSM */ +diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-09 22:24:22.000000000 +0100 +@@ -152,6 +152,12 @@ audit_kex(int ctos, char *enc, char *mac + PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); + } + ++void ++audit_session_key_free(int ctos) ++{ ++ PRIVSEP(audit_session_key_free_body(ctos)); ++} ++ + # ifndef CUSTOM_SSH_AUDIT_EVENTS + /* + * Null implementations of audit functions. +@@ -254,5 +260,13 @@ audit_kex_body(int ctos, char *enc, char + debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s", + geteuid(), ctos, enc, mac, compress); + } ++ ++/* ++ * This will be called on succesfull session key discard ++ */ ++audit_session_key_free_body(int ctos) ++{ ++ debug("audit session key discard euid %d direction %d", geteuid(), ctos); ++} + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-09 22:24:22.000000000 +0100 +@@ -60,5 +60,7 @@ void audit_unsupported(int); + void audit_kex(int, char *, char *, char *); + void audit_unsupported_body(int); + void audit_kex_body(int, char *, char *, char *); ++void audit_session_key_free(int ctos); ++void audit_session_key_free_body(int ctos); + + #endif /* _SSH_AUDIT_H */ +diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-09 22:24:22.000000000 +0100 +@@ -179,13 +179,14 @@ audit_unsupported_body(int what) + #endif + } + ++const static char *direction[] = { "from-server", "from-client", "both" }; ++ + void + audit_kex_body(int ctos, char *enc, char *mac, char *compress) + { + #ifdef AUDIT_CRYPTO_SESSION + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; +- const static char *direction[] = { "from-server", "from-client", "both" }; + Cipher *cipher = cipher_by_name(enc); + + snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d", +@@ -208,4 +209,26 @@ audit_kex_body(int ctos, char *enc, char + #endif + } + ++void ++audit_session_key_free_body(int ctos) ++{ ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, audit_ok; ++ ++ snprintf(buf, sizeof(buf), "destroy kind=session direction=%s", direction[ctos]); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno != EINVAL && errno != EPROTONOSUPPORT && ++ errno != EAFNOSUPPORT) ++ error("cannot open audit"); ++ return; ++ } ++ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL, ++ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ error("cannot write into audit"); ++} ++ + #endif /* USE_LINUX_AUDIT */ +diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +--- openssh-5.8p1/auditstub.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-09 22:24:22.000000000 +0100 +@@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac + { + } + ++void ++audit_session_key_free(int ctos) ++{ ++} +diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c +--- openssh-5.8p1/kex.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-09 22:24:22.000000000 +0100 +@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i + fprintf(stderr, "\n"); + } + #endif ++ ++static void ++enc_destroy(Enc *enc) ++{ ++ if (enc == NULL) ++ return; ++ ++ if (enc->key) { ++ memset(enc->key, 0, enc->key_len); ++ xfree(enc->key); ++ } ++ ++ if (enc->iv) { ++ memset(enc->iv, 0, enc->block_size); ++ xfree(enc->iv); ++ } ++ ++ memset(enc, 0, sizeof(*enc)); ++} ++ ++void ++newkeys_destroy(Newkeys *newkeys) ++{ ++ if (newkeys == NULL) ++ return; ++ ++ enc_destroy(&newkeys->enc); ++ mac_destroy(&newkeys->mac); ++ memset(&newkeys->comp, 0, sizeof(newkeys->comp)); ++} ++ +diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h +--- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 ++++ openssh-5.8p1/kex.h 2011-02-09 22:24:22.000000000 +0100 +@@ -156,6 +156,8 @@ void kexgex_server(Kex *); + void kexecdh_client(Kex *); + void kexecdh_server(Kex *); + ++void newkeys_destroy(Newkeys *newkeys); ++ + void + kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, + BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); +diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c +--- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 ++++ openssh-5.8p1/mac.c 2011-02-09 22:24:22.000000000 +0100 +@@ -162,6 +162,20 @@ mac_clear(Mac *mac) + mac->umac_ctx = NULL; + } + ++void ++mac_destroy(Mac *mac) ++{ ++ if (mac == NULL) ++ return; ++ ++ if (mac->key) { ++ memset(mac->key, 0, mac->key_len); ++ xfree(mac->key); ++ } ++ ++ memset(mac, 0, sizeof(*mac)); ++} ++ + /* XXX copied from ciphers_valid */ + #define MAC_SEP "," + int +diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h +--- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 ++++ openssh-5.8p1/mac.h 2011-02-09 22:24:22.000000000 +0100 +@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); + int mac_init(Mac *); + u_char *mac_compute(Mac *, u_int32_t, u_char *, int); + void mac_clear(Mac *); ++void mac_destroy(Mac *); +diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-09 22:24:22.000000000 +0100 +@@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *) + int mm_answer_audit_command(int, Buffer *); + int mm_answer_audit_unsupported_body(int, Buffer *); + int mm_answer_audit_kex_body(int, Buffer *); ++int mm_answer_audit_session_key_free_body(int, Buffer *); + #endif + + static Authctxt *authctxt; +@@ -230,6 +231,7 @@ struct mon_table mon_dispatch_proto20[] + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, + #endif + #ifdef BSD_AUTH + {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, +@@ -268,6 +270,7 @@ struct mon_table mon_dispatch_postauth20 + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, + #endif + {0, 0, NULL} + }; +@@ -301,6 +304,7 @@ struct mon_table mon_dispatch_proto15[] + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, + #endif + {0, 0, NULL} + }; +@@ -314,6 +318,7 @@ struct mon_table mon_dispatch_postauth15 + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, + #endif + {0, 0, NULL} + }; +@@ -2253,4 +2258,18 @@ mm_answer_audit_kex_body(int sock, Buffe + return 0; + } + ++int ++mm_answer_audit_session_key_free_body(int sock, Buffer *m) ++{ ++ int ctos; ++ ++ ctos = buffer_get_int(m); ++ ++ audit_session_key_free_body(ctos); ++ ++ buffer_clear(m); ++ ++ mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); ++ return 0; ++} + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h +--- openssh-5.8p1/monitor.h.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-09 22:24:22.000000000 +0100 +@@ -68,6 +68,7 @@ enum monitor_reqtype { + MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, + MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, + MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, ++ MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, + }; + + struct mm_master; +diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-09 22:24:22.000000000 +0100 +@@ -1446,4 +1446,17 @@ mm_audit_kex_body(int ctos, char *cipher + + buffer_free(&m); + } ++ ++void ++mm_audit_session_key_free_body(int ctos) ++{ ++ Buffer m; ++ ++ buffer_init(&m); ++ buffer_put_int(&m, ctos); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, ++ &m); ++ buffer_free(&m); ++} + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-09 22:24:22.000000000 +0100 +@@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t); + void mm_audit_run_command(const char *); + void mm_audit_unsupported_body(int); + void mm_audit_kex_body(int, char *, char *, char *); ++void mm_audit_session_key_free_body(int); + #endif + + struct Session; +diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c +--- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 ++++ openssh-5.8p1/packet.c 2011-02-09 22:24:22.000000000 +0100 +@@ -497,6 +497,7 @@ packet_close(void) + } + cipher_cleanup(&active_state->send_context); + cipher_cleanup(&active_state->receive_context); ++ audit_session_key_free(2); + } + + /* Sets remote side protocol flags. */ +@@ -756,6 +757,7 @@ set_newkeys(int mode) + } + if (active_state->newkeys[mode] != NULL) { + debug("set_newkeys: rekeying"); ++ audit_session_key_free(mode); + cipher_cleanup(cc); + enc = &active_state->newkeys[mode]->enc; + mac = &active_state->newkeys[mode]->mac; +@@ -1912,6 +1914,34 @@ packet_get_newkeys(int mode) + return (void *)active_state->newkeys[mode]; + } + ++static void ++packet_destroy_state(struct session_state *state) ++{ ++ if (state == NULL) ++ return; ++ ++ cipher_cleanup(&state->receive_context); ++ cipher_cleanup(&state->send_context); ++ ++ buffer_free(&state->input); ++ buffer_free(&state->output); ++ buffer_free(&state->outgoing_packet); ++ buffer_free(&state->incoming_packet); ++ buffer_free(&state->compression_buffer); ++ newkeys_destroy(state->newkeys[MODE_IN]); ++ newkeys_destroy(state->newkeys[MODE_OUT]); ++ mac_destroy(state->packet_discard_mac); ++// TAILQ_HEAD(, packet) outgoing; ++// memset(state, 0, sizeof(state)); ++} ++ ++void ++packet_destroy_all(void) ++{ ++ packet_destroy_state(active_state); ++ packet_destroy_state(backup_state); ++} ++ + /* + * Save the state for the real connection, and use a separate state when + * resuming a suspended connection. +@@ -1919,18 +1949,12 @@ packet_get_newkeys(int mode) + void + packet_backup_state(void) + { +- struct session_state *tmp; +- + close(active_state->connection_in); + active_state->connection_in = -1; + close(active_state->connection_out); + active_state->connection_out = -1; +- if (backup_state) +- tmp = backup_state; +- else +- tmp = alloc_session_state(); + backup_state = active_state; +- active_state = tmp; ++ active_state = alloc_session_state(); + } + + /* +@@ -1947,9 +1971,7 @@ packet_restore_state(void) + backup_state = active_state; + active_state = tmp; + active_state->connection_in = backup_state->connection_in; +- backup_state->connection_in = -1; + active_state->connection_out = backup_state->connection_out; +- backup_state->connection_out = -1; + len = buffer_len(&backup_state->input); + if (len > 0) { + buf = buffer_ptr(&backup_state->input); +@@ -1957,4 +1979,10 @@ packet_restore_state(void) + buffer_clear(&backup_state->input); + add_recv_bytes(len); + } ++ backup_state->connection_in = -1; ++ backup_state->connection_out = -1; ++ packet_destroy_state(backup_state); ++ xfree(backup_state); ++ backup_state = NULL; + } ++ +diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h +--- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-02-09 22:24:22.000000000 +0100 +@@ -125,4 +125,5 @@ void packet_restore_state(void); + void *packet_get_input(void); + void *packet_get_output(void); + ++void packet_destroy_all(void); + #endif /* PACKET_H */ +diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.audit4 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-09 22:24:22.000000000 +0100 +@@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) + return (0); + } + ++extern Newkeys *current_keys[]; ++ + static void + privsep_postauth(Authctxt *authctxt) + { +@@ -688,6 +690,10 @@ privsep_postauth(Authctxt *authctxt) + verbose("User child is on pid %ld", (long)pmonitor->m_pid); + close(pmonitor->m_recvfd); + buffer_clear(&loginmsg); ++ newkeys_destroy(current_keys[MODE_OUT]); ++ newkeys_destroy(current_keys[MODE_IN]); ++ packet_destroy_all(); ++ audit_session_key_free_body(2); + monitor_child_postauth(pmonitor); + + /* NEVERREACHED */ +@@ -1974,6 +1980,8 @@ main(int ac, char **av) + */ + if (use_privsep) { + mm_send_keystate(pmonitor); ++ packet_destroy_all(); ++ audit_session_key_free(2); + exit(0); + } + +@@ -2026,6 +2034,9 @@ main(int ac, char **av) + do_authenticated(authctxt); + + /* The connection has been terminated. */ ++ packet_destroy_all(); ++ audit_session_key_free(2); ++ + packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); + packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); + verbose("Transferred: sent %llu, received %llu bytes", diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch new file mode 100644 index 0000000..17f9cfd --- /dev/null +++ b/openssh-5.8p1-audit5.patch @@ -0,0 +1,215 @@ +diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-09 22:33:51.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-09 22:33:52.000000000 +0100 +@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos) + { + /* not implemented */ + } ++ ++void ++audit_destroy_sensitive_data(void) ++{ ++ /* not implemented */ ++} + #endif /* BSM */ +diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit5 2011-02-09 22:33:51.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-09 22:33:52.000000000 +0100 +@@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos) + { + debug("audit session key discard euid %d direction %d", geteuid(), ctos); + } ++ ++/* ++ * This will be called on destroy private part of the server key ++ */ ++void ++audit_destroy_sensitive_data(void) ++{ ++ debug("audit destroy sensitive data euid %d", geteuid()); ++} + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit5 2011-02-09 22:33:51.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-09 22:33:52.000000000 +0100 +@@ -62,5 +62,6 @@ void audit_unsupported_body(int); + void audit_kex_body(int, char *, char *, char *); + void audit_session_key_free(int ctos); + void audit_session_key_free_body(int ctos); ++void audit_destroy_sensitive_data(void); + + #endif /* _SSH_AUDIT_H */ +diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit5 2011-02-09 22:33:51.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-09 22:33:52.000000000 +0100 +@@ -231,4 +231,26 @@ audit_session_key_free_body(int ctos) + error("cannot write into audit"); + } + ++void ++audit_destroy_sensitive_data(void) ++{ ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, audit_ok; ++ ++ snprintf(buf, sizeof(buf), "destroy kind=server direction=?"); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno != EINVAL && errno != EPROTONOSUPPORT && ++ errno != EAFNOSUPPORT) ++ error("cannot open audit"); ++ return; ++ } ++ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL, ++ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ error("cannot write into audit"); ++} ++ + #endif /* USE_LINUX_AUDIT */ +diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit5 2011-02-09 22:33:52.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-09 22:33:52.000000000 +0100 +@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer + int mm_answer_audit_unsupported_body(int, Buffer *); + int mm_answer_audit_kex_body(int, Buffer *); + int mm_answer_audit_session_key_free_body(int, Buffer *); ++int mm_answer_audit_server_key_free(int, Buffer *); + #endif + + static Authctxt *authctxt; +@@ -232,6 +233,7 @@ struct mon_table mon_dispatch_proto20[] + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, + {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + #ifdef BSD_AUTH + {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, +@@ -271,6 +273,7 @@ struct mon_table mon_dispatch_postauth20 + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, + {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + {0, 0, NULL} + }; +@@ -305,6 +308,7 @@ struct mon_table mon_dispatch_proto15[] + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, + {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + {0, 0, NULL} + }; +@@ -319,6 +323,7 @@ struct mon_table mon_dispatch_postauth15 + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, + {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + {0, 0, NULL} + }; +@@ -2272,4 +2277,15 @@ mm_answer_audit_session_key_free_body(in + mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); + return 0; + } ++ ++int ++mm_answer_audit_server_key_free(int sock, Buffer *m) ++{ ++ audit_destroy_sensitive_data(); ++ ++ buffer_clear(m); ++ ++ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m); ++ return 0; ++} + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h +--- openssh-5.8p1/monitor.h.audit5 2011-02-09 22:33:52.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-09 22:33:52.000000000 +0100 +@@ -69,6 +69,7 @@ enum monitor_reqtype { + MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, + MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, + MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, ++ MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, + }; + + struct mm_master; +diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-09 22:33:52.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-09 22:33:52.000000000 +0100 +@@ -1459,4 +1459,16 @@ mm_audit_session_key_free_body(int ctos) + &m); + buffer_free(&m); + } ++ ++void ++mm_audit_destroy_sensitive_data(void) ++{ ++ Buffer m; ++ ++ buffer_init(&m); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, ++ &m); ++ buffer_free(&m); ++} + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-09 22:33:52.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-09 22:33:52.000000000 +0100 +@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); + void mm_audit_unsupported_body(int); + void mm_audit_kex_body(int, char *, char *, char *); + void mm_audit_session_key_free_body(int); ++void mm_audit_server_key_free_body(void); + #endif + + struct Session; +diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c +--- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-09 22:33:52.000000000 +0100 +@@ -1615,6 +1615,7 @@ do_child(Session *s, const char *command + + /* remove hostkey from the child's memory */ + destroy_sensitive_data(); ++ PRIVSEP(audit_destroy_sensitive_data()); + + /* Force a password change */ + if (s->authctxt->force_pwchange) { +diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.audit5 2011-02-09 22:33:52.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-09 22:33:52.000000000 +0100 +@@ -579,6 +579,7 @@ demote_sensitive_data(void) + } + /* Certs do not need demotion */ + } ++ audit_destroy_sensitive_data(); + + /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ + } +@@ -2023,8 +2024,10 @@ main(int ac, char **av) + if (use_privsep) { + privsep_postauth(authctxt); + /* the monitor process [priv] will not return */ +- if (!compat20) ++ if (!compat20) { + destroy_sensitive_data(); ++ audit_destroy_sensitive_data(); ++ } + } + + packet_set_timeout(options.client_alive_interval, +@@ -2265,6 +2268,7 @@ do_ssh1_kex(void) + } + /* Destroy the private and public keys. No longer. */ + destroy_sensitive_data(); ++ audit_destroy_sensitive_data(); + + if (use_privsep) + mm_ssh1_session_id(session_id); diff --git a/openssh-5.6p1-authorized-keys-command.patch b/openssh-5.8p1-authorized-keys-command.patch similarity index 83% rename from openssh-5.6p1-authorized-keys-command.patch rename to openssh-5.8p1-authorized-keys-command.patch index 3075f34..356adfa 100644 --- a/openssh-5.6p1-authorized-keys-command.patch +++ b/openssh-5.8p1-authorized-keys-command.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c ---- openssh-5.6p1/auth2-pubkey.c.akc 2010-09-03 15:24:51.000000000 +0200 -+++ openssh-5.6p1/auth2-pubkey.c 2010-09-03 15:24:51.000000000 +0200 +diff -up openssh-5.8p1/auth2-pubkey.c.akc openssh-5.8p1/auth2-pubkey.c +--- openssh-5.8p1/auth2-pubkey.c.akc 2011-02-10 13:21:27.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-10 13:21:28.000000000 +0100 @@ -27,6 +27,7 @@ #include @@ -9,7 +9,7 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c #include #include -@@ -264,27 +265,15 @@ match_principals_file(char *file, struct +@@ -268,27 +269,15 @@ match_principals_file(char *file, struct /* return 1 if user allows given key */ static int @@ -38,7 +38,7 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c found_key = 0; found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); -@@ -377,8 +366,6 @@ user_key_allowed2(struct passwd *pw, Key +@@ -381,8 +370,6 @@ user_key_allowed2(struct passwd *pw, Key break; } } @@ -47,7 +47,7 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c key_free(found); if (!found_key) debug2("key not found"); -@@ -440,13 +427,191 @@ user_cert_trusted_ca(struct passwd *pw, +@@ -444,13 +431,191 @@ user_cert_trusted_ca(struct passwd *pw, return ret; } @@ -240,10 +240,10 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c if (auth_key_is_revoked(key)) return 0; if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) -diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac ---- openssh-5.6p1/configure.ac.akc 2010-09-03 15:24:51.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-09-03 15:24:51.000000000 +0200 -@@ -1346,6 +1346,18 @@ AC_ARG_WITH(audit, +diff -up openssh-5.8p1/configure.ac.akc openssh-5.8p1/configure.ac +--- openssh-5.8p1/configure.ac.akc 2011-02-10 13:21:28.000000000 +0100 ++++ openssh-5.8p1/configure.ac 2011-02-10 13:21:28.000000000 +0100 +@@ -1422,6 +1422,18 @@ AC_ARG_WITH(audit, esac ] ) @@ -262,7 +262,7 @@ diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS( \ arc4random \ -@@ -4209,6 +4221,7 @@ echo " Linux audit support +@@ -4325,6 +4337,7 @@ echo " SELinux support echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" @@ -270,10 +270,10 @@ diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" -diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c ---- openssh-5.6p1/servconf.c.akc 2010-09-03 15:24:50.000000000 +0200 -+++ openssh-5.6p1/servconf.c 2010-09-03 15:24:51.000000000 +0200 -@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions +diff -up openssh-5.8p1/servconf.c.akc openssh-5.8p1/servconf.c +--- openssh-5.8p1/servconf.c.akc 2011-02-10 13:21:28.000000000 +0100 ++++ openssh-5.8p1/servconf.c 2011-02-10 13:28:21.000000000 +0100 +@@ -134,6 +134,8 @@ initialize_server_options(ServerOptions options->num_permitted_opens = -1; options->adm_forced_command = NULL; options->chroot_directory = NULL; @@ -282,18 +282,18 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c options->zero_knowledge_password_authentication = -1; options->revoked_keys_file = NULL; options->trusted_user_ca_keys = NULL; -@@ -316,6 +318,7 @@ typedef enum { - sUsePrivilegeSeparation, sAllowAgentForwarding, +@@ -331,6 +333,7 @@ typedef enum { sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sKexAlgorithms, sIPQoS, + sAuthorizedKeysCommand, sAuthorizedKeysCommandRunAs, sDeprecated, sUnsupported } ServerOpCodes; -@@ -439,6 +442,13 @@ static struct { - { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, - { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, +@@ -456,6 +459,13 @@ static struct { { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, + { "ipqos", sIPQoS, SSHCFG_ALL }, +#ifdef WITH_AUTHORIZED_KEYS_COMMAND + { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, + { "authorizedkeyscommandrunas", sAuthorizedKeysCommandRunAs, SSHCFG_ALL }, @@ -304,9 +304,9 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c { NULL, sBadOption, 0 } }; -@@ -1360,6 +1370,20 @@ process_server_config_line(ServerOptions - charptr = &options->revoked_keys_file; - goto parse_filename; +@@ -1406,6 +1416,20 @@ process_server_config_line(ServerOptions + } + break; + case sAuthorizedKeysCommand: + len = strspn(cp, WHITESPACE); @@ -325,7 +325,7 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); -@@ -1453,6 +1477,8 @@ copy_set_server_options(ServerOptions *d +@@ -1499,6 +1523,8 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(gss_authentication); M_CP_INTOPT(rsa_authentication); M_CP_INTOPT(pubkey_authentication); @@ -334,7 +334,7 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); M_CP_INTOPT(hostbased_uses_name_from_packet_only); -@@ -1705,6 +1731,8 @@ dump_config(ServerOptions *o) +@@ -1753,6 +1779,8 @@ dump_config(ServerOptions *o) dump_cfg_string(sRevokedKeys, o->revoked_keys_file); dump_cfg_string(sAuthorizedPrincipalsFile, o->authorized_principals_file); @@ -343,10 +343,10 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c /* string arguments requiring a lookup */ dump_cfg_string(sLogLevel, log_level_name(o->log_level)); -diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h ---- openssh-5.6p1/servconf.h.akc 2010-09-03 15:24:50.000000000 +0200 -+++ openssh-5.6p1/servconf.h 2010-09-03 15:24:51.000000000 +0200 -@@ -158,6 +158,8 @@ typedef struct { +diff -up openssh-5.8p1/servconf.h.akc openssh-5.8p1/servconf.h +--- openssh-5.8p1/servconf.h.akc 2011-02-10 13:21:28.000000000 +0100 ++++ openssh-5.8p1/servconf.h 2011-02-10 13:21:28.000000000 +0100 +@@ -161,6 +161,8 @@ typedef struct { char *revoked_keys_file; char *trusted_user_ca_keys; char *authorized_principals_file; @@ -355,9 +355,9 @@ diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h } ServerOptions; void initialize_server_options(ServerOptions *); -diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0 ---- openssh-5.6p1/sshd_config.0.akc 2010-09-03 15:24:50.000000000 +0200 -+++ openssh-5.6p1/sshd_config.0 2010-09-03 15:27:26.000000000 +0200 +diff -up openssh-5.8p1/sshd_config.0.akc openssh-5.8p1/sshd_config.0 +--- openssh-5.8p1/sshd_config.0.akc 2011-02-10 13:21:28.000000000 +0100 ++++ openssh-5.8p1/sshd_config.0 2011-02-10 13:21:28.000000000 +0100 @@ -71,6 +71,23 @@ DESCRIPTION See PATTERNS in ssh_config(5) for more information on patterns. @@ -382,7 +382,7 @@ diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0 AuthorizedKeysFile Specifies the file that contains the public keys that can be used for user authentication. The format is described in the -@@ -375,7 +392,8 @@ DESCRIPTION +@@ -398,7 +415,8 @@ DESCRIPTION Only a subset of keywords may be used on the lines following a Match keyword. Available keywords are AllowAgentForwarding, @@ -392,10 +392,10 @@ diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0 Banner, ChrootDirectory, ForceCommand, GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication, -diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5 ---- openssh-5.6p1/sshd_config.5.akc 2010-09-03 15:24:50.000000000 +0200 -+++ openssh-5.6p1/sshd_config.5 2010-09-03 15:24:51.000000000 +0200 -@@ -654,6 +654,8 @@ Available keywords are +diff -up openssh-5.8p1/sshd_config.5.akc openssh-5.8p1/sshd_config.5 +--- openssh-5.8p1/sshd_config.5.akc 2011-02-10 13:21:28.000000000 +0100 ++++ openssh-5.8p1/sshd_config.5 2011-02-10 13:21:28.000000000 +0100 +@@ -703,6 +703,8 @@ Available keywords are .Cm AllowAgentForwarding , .Cm AllowTcpForwarding , .Cm AuthorizedKeysFile , @@ -404,7 +404,7 @@ diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5 .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm ChrootDirectory , -@@ -666,6 +668,7 @@ Available keywords are +@@ -715,6 +717,7 @@ Available keywords are .Cm KerberosAuthentication , .Cm MaxAuthTries , .Cm MaxSessions , @@ -412,7 +412,7 @@ diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5 .Cm PasswordAuthentication , .Cm PermitEmptyPasswords , .Cm PermitOpen , -@@ -868,6 +871,20 @@ Specifies a list of revoked public keys. +@@ -917,6 +920,20 @@ Specifies a list of revoked public keys. Keys listed in this file will be refused for public key authentication. Note that if this file is not readable, then public key authentication will be refused for all users. @@ -433,10 +433,10 @@ diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5 .It Cm RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed. -diff -up openssh-5.6p1/sshd_config.akc openssh-5.6p1/sshd_config ---- openssh-5.6p1/sshd_config.akc 2010-09-03 15:24:50.000000000 +0200 -+++ openssh-5.6p1/sshd_config 2010-09-03 15:24:51.000000000 +0200 -@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV +diff -up openssh-5.8p1/sshd_config.akc openssh-5.8p1/sshd_config +--- openssh-5.8p1/sshd_config.akc 2011-02-10 13:21:28.000000000 +0100 ++++ openssh-5.8p1/sshd_config 2011-02-10 13:21:28.000000000 +0100 +@@ -46,6 +46,8 @@ SyslogFacility AUTHPRIV #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys diff --git a/openssh-5.6p1-fips.patch b/openssh-5.8p1-fips.patch similarity index 72% rename from openssh-5.6p1-fips.patch rename to openssh-5.8p1-fips.patch index 41cb742..c1de68d 100644 --- a/openssh-5.6p1-fips.patch +++ b/openssh-5.8p1-fips.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.6p1/audit.c.fips openssh-5.6p1/audit.c ---- openssh-5.6p1/audit.c.fips 2011-01-16 23:45:01.000000000 +0100 -+++ openssh-5.6p1/audit.c 2011-01-16 23:45:59.000000000 +0100 +diff -up openssh-5.8p1/audit.c.fips openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-14 10:10:41.000000000 +0100 @@ -124,7 +124,7 @@ audit_key(int type, int *rv, const Key * "ssh-dsa", "unknown" }; @@ -10,9 +10,9 @@ diff -up openssh-5.6p1/audit.c.fips openssh-5.6p1/audit.c switch(key->type) { case KEY_RSA1: case KEY_RSA: -diff -up openssh-5.6p1/auth2-pubkey.c.fips openssh-5.6p1/auth2-pubkey.c ---- openssh-5.6p1/auth2-pubkey.c.fips 2011-01-16 23:41:58.000000000 +0100 -+++ openssh-5.6p1/auth2-pubkey.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/auth2-pubkey.c.fips openssh-5.8p1/auth2-pubkey.c +--- openssh-5.8p1/auth2-pubkey.c.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-14 10:10:41.000000000 +0100 @@ -36,6 +36,7 @@ #include #include @@ -30,10 +30,10 @@ diff -up openssh-5.6p1/auth2-pubkey.c.fips openssh-5.6p1/auth2-pubkey.c verbose("Found matching %s key: %s", key_type(found), fp); xfree(fp); -diff -up openssh-5.6p1/authfile.c.fips openssh-5.6p1/authfile.c ---- openssh-5.6p1/authfile.c.fips 2010-08-05 05:05:16.000000000 +0200 -+++ openssh-5.6p1/authfile.c 2011-01-16 23:41:59.000000000 +0100 -@@ -146,8 +146,14 @@ key_save_private_rsa1(Key *key, const ch +diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c +--- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100 ++++ openssh-5.8p1/authfile.c 2011-02-14 10:10:41.000000000 +0100 +@@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe /* Allocate space for the private part of the key in the buffer. */ cp = buffer_append_space(&encrypted, buffer_len(&buffer)); @@ -50,8 +50,8 @@ diff -up openssh-5.6p1/authfile.c.fips openssh-5.6p1/authfile.c cipher_crypt(&ciphercontext, cp, buffer_ptr(&buffer), buffer_len(&buffer)); cipher_cleanup(&ciphercontext); -@@ -421,8 +427,14 @@ key_load_private_rsa1(int fd, const char - cp = buffer_append_space(&decrypted, buffer_len(&buffer)); +@@ -447,8 +453,13 @@ key_parse_private_rsa1(Buffer *blob, con + cp = buffer_append_space(&decrypted, buffer_len(blob)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ - cipher_set_key_string(&ciphercontext, cipher, passphrase, @@ -60,17 +60,16 @@ diff -up openssh-5.6p1/authfile.c.fips openssh-5.6p1/authfile.c + CIPHER_DECRYPT) < 0) { + error("cipher_set_key_string failed."); + buffer_free(&decrypted); -+ buffer_free(&buffer); + goto fail; + } + cipher_crypt(&ciphercontext, cp, - buffer_ptr(&buffer), buffer_len(&buffer)); + buffer_ptr(blob), buffer_len(blob)); cipher_cleanup(&ciphercontext); -diff -up openssh-5.6p1/auth-rsa.c.fips openssh-5.6p1/auth-rsa.c ---- openssh-5.6p1/auth-rsa.c.fips 2011-01-16 23:46:11.000000000 +0100 -+++ openssh-5.6p1/auth-rsa.c 2011-01-16 23:46:31.000000000 +0100 -@@ -122,7 +122,7 @@ auth_rsa_verify_response(Key *key, BIGNU +diff -up openssh-5.8p1/auth-rsa.c.fips openssh-5.8p1/auth-rsa.c +--- openssh-5.8p1/auth-rsa.c.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-14 10:10:41.000000000 +0100 +@@ -119,7 +119,7 @@ auth_rsa_verify_response(Key *key, BIGNU rv = timingsafe_bcmp(response, mdbuf, 16) == 0; #ifdef SSH_AUDIT_EVENTS @@ -79,9 +78,9 @@ diff -up openssh-5.6p1/auth-rsa.c.fips openssh-5.6p1/auth-rsa.c if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) { debug("unsuccessful audit"); rv = 0; -diff -up openssh-5.6p1/cipher.c.fips openssh-5.6p1/cipher.c ---- openssh-5.6p1/cipher.c.fips 2011-01-16 23:41:56.000000000 +0100 -+++ openssh-5.6p1/cipher.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c +--- openssh-5.8p1/cipher.c.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-14 10:10:41.000000000 +0100 @@ -40,6 +40,7 @@ #include @@ -166,9 +165,9 @@ diff -up openssh-5.6p1/cipher.c.fips openssh-5.6p1/cipher.c } /* -diff -up openssh-5.6p1/cipher-ctr.c.fips openssh-5.6p1/cipher-ctr.c ---- openssh-5.6p1/cipher-ctr.c.fips 2007-06-14 15:21:33.000000000 +0200 -+++ openssh-5.6p1/cipher-ctr.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c +--- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 ++++ openssh-5.8p1/cipher-ctr.c 2011-02-14 10:10:41.000000000 +0100 @@ -140,7 +140,8 @@ evp_aes_128_ctr(void) aes_ctr.do_cipher = ssh_aes_ctr; #ifndef SSH_OLD_EVP @@ -179,9 +178,9 @@ diff -up openssh-5.6p1/cipher-ctr.c.fips openssh-5.6p1/cipher-ctr.c #endif return (&aes_ctr); } -diff -up openssh-5.6p1/cipher.h.fips openssh-5.6p1/cipher.h ---- openssh-5.6p1/cipher.h.fips 2011-01-16 23:41:56.000000000 +0100 -+++ openssh-5.6p1/cipher.h 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h +--- openssh-5.8p1/cipher.h.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-14 10:10:41.000000000 +0100 @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe const u_char *, u_int, int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); @@ -191,9 +190,9 @@ diff -up openssh-5.6p1/cipher.h.fips openssh-5.6p1/cipher.h u_int cipher_blocksize(const Cipher *); u_int cipher_keylen(const Cipher *); u_int cipher_is_cbc(const Cipher *); -diff -up openssh-5.6p1/mac.c.fips openssh-5.6p1/mac.c ---- openssh-5.6p1/mac.c.fips 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.6p1/mac.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c +--- openssh-5.8p1/mac.c.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-14 10:10:41.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -243,15 +242,15 @@ diff -up openssh-5.6p1/mac.c.fips openssh-5.6p1/mac.c for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { -diff -up openssh-5.6p1/Makefile.in.fips openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.fips 2011-01-16 23:41:58.000000000 +0100 -+++ openssh-5.6p1/Makefile.in 2011-01-16 23:41:59.000000000 +0100 -@@ -142,25 +142,25 @@ libssh.a: $(LIBSSH_OBJS) +diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in +--- openssh-5.8p1/Makefile.in.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-14 10:10:41.000000000 +0100 +@@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) -- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) +- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) ++ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) @@ -278,7 +277,7 @@ diff -up openssh-5.6p1/Makefile.in.fips openssh-5.6p1/Makefile.in ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -@@ -169,7 +169,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l +@@ -172,7 +172,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o @@ -287,10 +286,10 @@ diff -up openssh-5.6p1/Makefile.in.fips openssh-5.6p1/Makefile.in sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -diff -up openssh-5.6p1/myproposal.h.fips openssh-5.6p1/myproposal.h ---- openssh-5.6p1/myproposal.h.fips 2010-04-16 07:56:22.000000000 +0200 -+++ openssh-5.6p1/myproposal.h 2011-01-16 23:41:59.000000000 +0100 -@@ -58,7 +58,12 @@ +diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h +--- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100 ++++ openssh-5.8p1/myproposal.h 2011-02-14 10:10:41.000000000 +0100 +@@ -81,7 +81,12 @@ "hmac-sha1-96,hmac-md5-96" #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" @@ -304,9 +303,9 @@ diff -up openssh-5.6p1/myproposal.h.fips openssh-5.6p1/myproposal.h static char *myproposal[PROPOSAL_MAX] = { KEX_DEFAULT_KEX, -diff -up openssh-5.6p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.6p1/openbsd-compat/bsd-arc4random.c ---- openssh-5.6p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 -+++ openssh-5.6p1/openbsd-compat/bsd-arc4random.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c +--- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-14 10:10:41.000000000 +0100 @@ -39,6 +39,7 @@ static int rc4_ready = 0; static RC4_KEY rc4; @@ -348,9 +347,9 @@ diff -up openssh-5.6p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.6p1/openbs #endif /* !HAVE_ARC4RANDOM */ #ifndef HAVE_ARC4RANDOM_BUF -diff -up openssh-5.6p1/ssh-add.c.fips openssh-5.6p1/ssh-add.c ---- openssh-5.6p1/ssh-add.c.fips 2010-05-21 06:56:47.000000000 +0200 -+++ openssh-5.6p1/ssh-add.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/ssh-add.c.fips openssh-5.8p1/ssh-add.c +--- openssh-5.8p1/ssh-add.c.fips 2010-11-11 04:17:02.000000000 +0100 ++++ openssh-5.8p1/ssh-add.c 2011-02-14 10:10:41.000000000 +0100 @@ -42,6 +42,7 @@ #include @@ -359,7 +358,7 @@ diff -up openssh-5.6p1/ssh-add.c.fips openssh-5.6p1/ssh-add.c #include "openbsd-compat/openssl-compat.h" #include -@@ -277,7 +278,7 @@ list_identities(AuthenticationConnection +@@ -280,7 +281,7 @@ list_identities(AuthenticationConnection key = ssh_get_next_identity(ac, &comment, version)) { had_identities = 1; if (do_fp) { @@ -368,9 +367,9 @@ diff -up openssh-5.6p1/ssh-add.c.fips openssh-5.6p1/ssh-add.c SSH_FP_HEX); printf("%d %s %s (%s)\n", key_size(key), fp, comment, key_type(key)); -diff -up openssh-5.6p1/ssh-agent.c.fips openssh-5.6p1/ssh-agent.c ---- openssh-5.6p1/ssh-agent.c.fips 2010-04-16 07:56:22.000000000 +0200 -+++ openssh-5.6p1/ssh-agent.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/ssh-agent.c.fips openssh-5.8p1/ssh-agent.c +--- openssh-5.8p1/ssh-agent.c.fips 2010-12-01 01:50:35.000000000 +0100 ++++ openssh-5.8p1/ssh-agent.c 2011-02-14 10:10:41.000000000 +0100 @@ -51,6 +51,7 @@ #include @@ -392,10 +391,10 @@ diff -up openssh-5.6p1/ssh-agent.c.fips openssh-5.6p1/ssh-agent.c ret = 0; xfree(p); -diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c ---- openssh-5.6p1/ssh.c.fips 2010-08-16 17:59:31.000000000 +0200 -+++ openssh-5.6p1/ssh.c 2011-01-16 23:41:59.000000000 +0100 -@@ -72,6 +72,8 @@ +diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c +--- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100 ++++ openssh-5.8p1/ssh.c 2011-02-14 10:10:41.000000000 +0100 +@@ -73,6 +73,8 @@ #include #include @@ -404,7 +403,7 @@ diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" -@@ -235,6 +237,10 @@ main(int ac, char **av) +@@ -234,6 +236,10 @@ main(int ac, char **av) sanitise_stdfd(); __progname = ssh_get_progname(av[0]); @@ -415,7 +414,7 @@ diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c init_rng(); /* -@@ -301,6 +307,9 @@ main(int ac, char **av) +@@ -300,6 +306,9 @@ main(int ac, char **av) "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) { switch (opt) { case '1': @@ -425,15 +424,15 @@ diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c options.protocol = SSH_PROTO_1; break; case '2': -@@ -599,7 +608,6 @@ main(int ac, char **av) +@@ -598,7 +607,6 @@ main(int ac, char **av) if (!host) usage(); -- SSLeay_add_all_algorithms(); +- OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* Initialize the command to execute on remote host. */ -@@ -685,6 +693,10 @@ main(int ac, char **av) +@@ -684,6 +692,10 @@ main(int ac, char **av) seed_rng(); @@ -444,7 +443,7 @@ diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c if (options.user == NULL) options.user = xstrdup(pw->pw_name); -@@ -752,6 +764,12 @@ main(int ac, char **av) +@@ -753,6 +765,12 @@ main(int ac, char **av) timeout_ms = options.connection_timeout * 1000; @@ -457,9 +456,9 @@ diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c /* Open a connection to the remote host. */ if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, &timeout_ms, -diff -up openssh-5.6p1/sshconnect2.c.fips openssh-5.6p1/sshconnect2.c ---- openssh-5.6p1/sshconnect2.c.fips 2011-01-16 23:41:59.000000000 +0100 -+++ openssh-5.6p1/sshconnect2.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c +--- openssh-5.8p1/sshconnect2.c.fips 2010-12-01 02:21:51.000000000 +0100 ++++ openssh-5.8p1/sshconnect2.c 2011-02-14 10:10:41.000000000 +0100 @@ -44,6 +44,8 @@ #include #endif @@ -469,7 +468,7 @@ diff -up openssh-5.6p1/sshconnect2.c.fips openssh-5.6p1/sshconnect2.c #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" -@@ -116,6 +118,10 @@ ssh_kex2(char *host, struct sockaddr *ho +@@ -169,6 +171,10 @@ ssh_kex2(char *host, struct sockaddr *ho if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; @@ -480,7 +479,7 @@ diff -up openssh-5.6p1/sshconnect2.c.fips openssh-5.6p1/sshconnect2.c } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); -@@ -131,7 +137,11 @@ ssh_kex2(char *host, struct sockaddr *ho +@@ -184,7 +190,11 @@ ssh_kex2(char *host, struct sockaddr *ho if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; @@ -492,7 +491,7 @@ diff -up openssh-5.6p1/sshconnect2.c.fips openssh-5.6p1/sshconnect2.c if (options.hostkeyalgorithms != NULL) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; -@@ -529,8 +539,8 @@ input_userauth_pk_ok(int type, u_int32_t +@@ -590,8 +600,8 @@ input_userauth_pk_ok(int type, u_int32_t key->type, pktype); goto done; } @@ -503,10 +502,10 @@ diff -up openssh-5.6p1/sshconnect2.c.fips openssh-5.6p1/sshconnect2.c xfree(fp); /* -diff -up openssh-5.6p1/sshconnect.c.fips openssh-5.6p1/sshconnect.c ---- openssh-5.6p1/sshconnect.c.fips 2010-04-18 00:08:21.000000000 +0200 -+++ openssh-5.6p1/sshconnect.c 2011-01-16 23:41:59.000000000 +0100 -@@ -40,6 +40,8 @@ +diff -up openssh-5.8p1/sshconnect.c.fips openssh-5.8p1/sshconnect.c +--- openssh-5.8p1/sshconnect.c.fips 2011-01-16 13:17:59.000000000 +0100 ++++ openssh-5.8p1/sshconnect.c 2011-02-14 10:18:14.000000000 +0100 +@@ -41,6 +41,8 @@ #include #include @@ -515,15 +514,37 @@ diff -up openssh-5.6p1/sshconnect.c.fips openssh-5.6p1/sshconnect.c #include "xmalloc.h" #include "key.h" #include "hostfile.h" -@@ -789,6 +791,7 @@ check_host_key(char *hostname, struct so +@@ -705,6 +707,7 @@ check_host_key(char *hostname, struct so + int len, cancelled_forwarding = 0; + struct hostkeys *host_hostkeys, *ip_hostkeys; + const struct hostkey_entry *host_found, *ip_found; ++ int fips_on = FIPS_mode(); + + /* + * Force accepting of the host key for loopback/localhost. The +@@ -798,10 +801,10 @@ check_host_key(char *hostname, struct so + "key for IP address '%.128s' to the list " + "of known hosts.", type, ip); + } else if (options.visual_host_key) { +- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); +- ra = key_fingerprint(host_key, SSH_FP_MD5, ++ fp = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); ++ ra = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, + SSH_FP_RANDOMART); +- logit("Host key fingerprint is %s\n%s\n", fp, ra); ++ logit("Host key %sfingerprint is %s\n%s\n", fips_on ? "SHA1 " : "", fp, ra); + xfree(ra); + xfree(fp); + } +@@ -830,6 +833,7 @@ check_host_key(char *hostname, struct so goto fail; } else if (options.strict_host_key_checking == 2) { char msg1[1024], msg2[1024]; + int fips_on = FIPS_mode(); - if (show_other_keys(host, host_key)) + if (show_other_keys(host_hostkeys, host_key)) snprintf(msg1, sizeof(msg1), -@@ -797,8 +800,8 @@ check_host_key(char *hostname, struct so +@@ -838,8 +842,8 @@ check_host_key(char *hostname, struct so else snprintf(msg1, sizeof(msg1), "."); /* The default */ @@ -534,7 +555,7 @@ diff -up openssh-5.6p1/sshconnect.c.fips openssh-5.6p1/sshconnect.c SSH_FP_RANDOMART); msg2[0] = '\0'; if (options.verify_host_key_dns) { -@@ -814,10 +817,10 @@ check_host_key(char *hostname, struct so +@@ -855,10 +859,10 @@ check_host_key(char *hostname, struct so snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" @@ -547,33 +568,36 @@ diff -up openssh-5.6p1/sshconnect.c.fips openssh-5.6p1/sshconnect.c options.visual_host_key ? "\n" : "", options.visual_host_key ? ra : "", msg2); -@@ -1151,17 +1154,18 @@ show_key_from_file(const char *file, con - Key *found; +@@ -1208,20 +1212,21 @@ show_other_keys(struct hostkeys *hostkey + int i, ret = 0; char *fp, *ra; - int line, ret; + const struct hostkey_entry *found; + int fips_on = FIPS_mode(); - found = key_new(keytype); - if ((ret = lookup_key_in_hostfile_by_type(file, host, - keytype, found, &line))) { -- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); -- ra = key_fingerprint(found, SSH_FP_MD5, SSH_FP_RANDOMART); -+ fp = key_fingerprint(found, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ ra = key_fingerprint(found, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_RANDOMART); + for (i = 0; type[i] != -1; i++) { + if (type[i] == key->type) + continue; + if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) + continue; +- fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX); +- ra = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_RANDOMART); ++ fp = key_fingerprint(found->key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); ++ ra = key_fingerprint(found->key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_RANDOMART); logit("WARNING: %s key found for host %s\n" - "in %s:%d\n" -- "%s key fingerprint %s.\n%s\n", + "in %s:%lu\n" +- "%s key fingerprint %s.", + "%s key %sfingerprint %s.\n%s\n", - key_type(found), host, file, line, -- key_type(found), fp, ra); + key_type(found->key), + found->host, found->file, found->line, +- key_type(found->key), fp); + key_type(found), fips_on ? "SHA1 ":"", fp, ra); + if (options.visual_host_key) + logit("%s", ra); xfree(ra); - xfree(fp); - } -@@ -1207,8 +1211,9 @@ warn_changed_key(Key *host_key) +@@ -1235,8 +1240,9 @@ static void + warn_changed_key(Key *host_key) { char *fp; - const char *type = key_type(host_key); + int fips_on = FIPS_mode(); - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); @@ -581,20 +605,20 @@ diff -up openssh-5.6p1/sshconnect.c.fips openssh-5.6p1/sshconnect.c error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); -@@ -1216,8 +1221,8 @@ warn_changed_key(Key *host_key) +@@ -1244,8 +1250,8 @@ warn_changed_key(Key *host_key) error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the %s host key has just been changed.", type); + error("It is also possible that a host key has just been changed."); - error("The fingerprint for the %s key sent by the remote host is\n%s.", -- type, fp); +- key_type(host_key), fp); + error("The %sfingerprint for the %s key sent by the remote host is\n%s.", -+ fips_on ? "SHA1 ":"", type, fp); ++ fips_on ? "SHA1 ":"", key_type(host_key), fp); error("Please contact your system administrator."); xfree(fp); -diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c ---- openssh-5.6p1/sshd.c.fips 2011-01-16 23:41:58.000000000 +0100 -+++ openssh-5.6p1/sshd.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-14 10:10:41.000000000 +0100 @@ -76,6 +76,8 @@ #include #include @@ -604,7 +628,7 @@ diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c #include "openbsd-compat/openssl-compat.h" #ifdef HAVE_SECUREWARE -@@ -1309,6 +1311,12 @@ main(int ac, char **av) +@@ -1314,6 +1316,12 @@ main(int ac, char **av) (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); @@ -617,16 +641,16 @@ diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ -@@ -1470,8 +1478,6 @@ main(int ac, char **av) +@@ -1475,8 +1483,6 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); -- SSLeay_add_all_algorithms(); +- OpenSSL_add_all_algorithms(); - /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) -@@ -1589,6 +1595,10 @@ main(int ac, char **av) +@@ -1595,6 +1601,10 @@ main(int ac, char **av) debug("private host key: #%d type %d %s", i, key->type, key_type(key)); } @@ -637,7 +661,7 @@ diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { logit("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; -@@ -1753,6 +1763,10 @@ main(int ac, char **av) +@@ -1759,6 +1769,10 @@ main(int ac, char **av) /* Initialize the random number generator. */ arc4random_stir(); @@ -648,7 +672,7 @@ diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c /* Chdir to the root directory so that the current disk can be unmounted if desired. */ chdir("/"); -@@ -2293,6 +2307,9 @@ do_ssh2_kex(void) +@@ -2305,6 +2319,9 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; @@ -658,7 +682,7 @@ diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); -@@ -2302,6 +2319,9 @@ do_ssh2_kex(void) +@@ -2314,6 +2331,9 @@ do_ssh2_kex(void) if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; @@ -668,9 +692,9 @@ diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c } if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = -diff -up openssh-5.6p1/ssh-keygen.c.fips openssh-5.6p1/ssh-keygen.c ---- openssh-5.6p1/ssh-keygen.c.fips 2011-01-16 23:41:58.000000000 +0100 -+++ openssh-5.6p1/ssh-keygen.c 2011-01-16 23:41:59.000000000 +0100 +diff -up openssh-5.8p1/ssh-keygen.c.fips openssh-5.8p1/ssh-keygen.c +--- openssh-5.8p1/ssh-keygen.c.fips 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/ssh-keygen.c 2011-02-14 10:10:41.000000000 +0100 @@ -21,6 +21,7 @@ #include @@ -679,7 +703,7 @@ diff -up openssh-5.6p1/ssh-keygen.c.fips openssh-5.6p1/ssh-keygen.c #include "openbsd-compat/openssl-compat.h" #include -@@ -692,7 +693,7 @@ do_fingerprint(struct passwd *pw) +@@ -721,7 +722,7 @@ do_fingerprint(struct passwd *pw) enum fp_type fptype; struct stat st; @@ -688,7 +712,7 @@ diff -up openssh-5.6p1/ssh-keygen.c.fips openssh-5.6p1/ssh-keygen.c rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; if (!have_identity) -@@ -2209,14 +2210,15 @@ passphrase_again: +@@ -2253,14 +2254,15 @@ passphrase_again: fclose(f); if (!quiet) { diff --git a/openssh-5.8p1-gssapi-canohost.patch b/openssh-5.8p1-gssapi-canohost.patch new file mode 100644 index 0000000..a8e02fb --- /dev/null +++ b/openssh-5.8p1-gssapi-canohost.patch @@ -0,0 +1,24 @@ +diff -up openssh-5.8p1/sshconnect2.c.canohost openssh-5.8p1/sshconnect2.c +--- openssh-5.8p1/sshconnect2.c.canohost 2011-02-14 15:15:15.000000000 +0100 ++++ openssh-5.8p1/sshconnect2.c 2011-02-14 15:21:45.000000000 +0100 +@@ -697,14 +697,17 @@ userauth_gssapi(Authctxt *authctxt) + static u_int mech = 0; + OM_uint32 min; + int ok = 0; +- const char *gss_host; ++ const char *gss_host = NULL; + + if (options.gss_server_identity) + gss_host = options.gss_server_identity; + else if (options.gss_trust_dns) + gss_host = get_canonical_hostname(1); +- else +- gss_host = authctxt->host; ++ else { ++ gss_host = get_canonical_hostname(1); ++ if ( strcmp( gss_host, "UNKNOWN" ) == 0 ) ++ gss_host = authctxt->host; ++ } + + /* Try one GSSAPI method at a time, rather than sending them all at + * once. */ diff --git a/openssh-5.6p1-gsskex.patch b/openssh-5.8p1-gsskex.patch similarity index 86% rename from openssh-5.6p1-gsskex.patch rename to openssh-5.8p1-gsskex.patch index 53211b0..ca456aa 100644 --- a/openssh-5.6p1-gsskex.patch +++ b/openssh-5.8p1-gsskex.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.6p1/auth2.c.gsskex openssh-5.6p1/auth2.c ---- openssh-5.6p1/auth2.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/auth2.c 2011-01-24 23:51:08.000000000 +0100 +diff -up openssh-5.8p1/auth2.c.gsskex openssh-5.8p1/auth2.c +--- openssh-5.8p1/auth2.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/auth2.c 2011-02-14 14:47:02.000000000 +0100 @@ -69,6 +69,7 @@ extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; @@ -35,9 +35,9 @@ diff -up openssh-5.6p1/auth2.c.gsskex openssh-5.6p1/auth2.c authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS -diff -up openssh-5.6p1/auth2-gss.c.gsskex openssh-5.6p1/auth2-gss.c ---- openssh-5.6p1/auth2-gss.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/auth2-gss.c 2011-01-24 23:51:08.000000000 +0100 +diff -up openssh-5.8p1/auth2-gss.c.gsskex openssh-5.8p1/auth2-gss.c +--- openssh-5.8p1/auth2-gss.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/auth2-gss.c 2011-02-14 14:47:02.000000000 +0100 @@ -1,7 +1,7 @@ /* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */ @@ -137,9 +137,9 @@ diff -up openssh-5.6p1/auth2-gss.c.gsskex openssh-5.6p1/auth2-gss.c Authmethod method_gssapi = { "gssapi-with-mic", userauth_gssapi, -diff -up openssh-5.6p1/auth.h.gsskex openssh-5.6p1/auth.h ---- openssh-5.6p1/auth.h.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/auth.h 2011-01-24 23:51:08.000000000 +0100 +diff -up openssh-5.8p1/auth.h.gsskex openssh-5.8p1/auth.h +--- openssh-5.8p1/auth.h.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-02-14 14:47:02.000000000 +0100 @@ -53,6 +53,7 @@ struct Authctxt { int valid; /* user exists and is allowed to login */ int attempt; @@ -148,10 +148,10 @@ diff -up openssh-5.6p1/auth.h.gsskex openssh-5.6p1/auth.h int force_pwchange; char *user; /* username sent by the client */ char *service; -diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c ---- openssh-5.6p1/auth-krb5.c.gsskex 2009-12-21 00:49:22.000000000 +0100 -+++ openssh-5.6p1/auth-krb5.c 2011-01-24 23:51:08.000000000 +0100 -@@ -170,8 +170,13 @@ auth_krb5_password(Authctxt *authctxt, c +diff -up openssh-5.8p1/auth-krb5.c.gsskex openssh-5.8p1/auth-krb5.c +--- openssh-5.8p1/auth-krb5.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/auth-krb5.c 2011-02-14 14:47:02.000000000 +0100 +@@ -184,8 +184,13 @@ auth_krb5_password(Authctxt *authctxt, c len = strlen(authctxt->krb5_ticket_file) + 6; authctxt->krb5_ccname = xmalloc(len); @@ -165,7 +165,7 @@ diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c #ifdef USE_PAM if (options.use_pam) -@@ -226,15 +231,22 @@ krb5_cleanup_proc(Authctxt *authctxt) +@@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt) #ifndef HEIMDAL krb5_error_code ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { @@ -190,7 +190,7 @@ diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c old_umask = umask(0177); tmpfd = mkstemp(ccname + strlen("FILE:")); umask(old_umask); -@@ -249,6 +261,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_c +@@ -263,6 +275,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_c return errno; } close(tmpfd); @@ -198,10 +198,28 @@ diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c return (krb5_cc_resolve(ctx, ccname, ccache)); } -diff -up openssh-5.6p1/ChangeLog.gssapi.gsskex openssh-5.6p1/ChangeLog.gssapi ---- openssh-5.6p1/ChangeLog.gssapi.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/ChangeLog.gssapi 2011-01-24 23:51:08.000000000 +0100 -@@ -0,0 +1,95 @@ +diff -up openssh-5.8p1/ChangeLog.gssapi.gsskex openssh-5.8p1/ChangeLog.gssapi +--- openssh-5.8p1/ChangeLog.gssapi.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/ChangeLog.gssapi 2011-02-14 14:47:02.000000000 +0100 +@@ -0,0 +1,113 @@ ++20110101 ++ - Finally update for OpenSSH 5.6p1 ++ - Add GSSAPIServerIdentity option from Jim Basney ++ ++20100308 ++ - [ Makefile.in, key.c, key.h ] ++ Updates for OpenSSH 5.4p1 ++ - [ servconf.c ] ++ Include GSSAPI options in the sshd -T configuration dump, and flag ++ some older configuration options as being unsupported. Thanks to Colin ++ Watson. ++ - ++ ++20100124 ++ - [ sshconnect2.c ] ++ Adapt to deal with additional element in Authmethod structure. Thanks to ++ Colin Watson ++ +20090615 + - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c + sshd.c ] @@ -297,9 +315,9 @@ diff -up openssh-5.6p1/ChangeLog.gssapi.gsskex openssh-5.6p1/ChangeLog.gssapi + add support for GssapiTrustDns option for gssapi-with-mic + (from jbasney AT ncsa.uiuc.edu) + -diff -up openssh-5.6p1/clientloop.c.gsskex openssh-5.6p1/clientloop.c ---- openssh-5.6p1/clientloop.c.gsskex 2010-08-03 08:04:46.000000000 +0200 -+++ openssh-5.6p1/clientloop.c 2011-01-24 23:51:08.000000000 +0100 +diff -up openssh-5.8p1/clientloop.c.gsskex openssh-5.8p1/clientloop.c +--- openssh-5.8p1/clientloop.c.gsskex 2011-01-16 13:18:35.000000000 +0100 ++++ openssh-5.8p1/clientloop.c 2011-02-14 14:47:02.000000000 +0100 @@ -111,6 +111,10 @@ #include "msg.h" #include "roaming.h" @@ -311,24 +329,26 @@ diff -up openssh-5.6p1/clientloop.c.gsskex openssh-5.6p1/clientloop.c /* import options */ extern Options options; -@@ -1483,6 +1487,13 @@ client_loop(int have_pty, int escape_cha +@@ -1483,6 +1487,15 @@ client_loop(int have_pty, int escape_cha /* Do channel operations unless rekeying in progress. */ if (!rekeying) { channel_after_select(readset, writeset); + ++#ifdef GSSAPI + if (options.gss_renewal_rekey && + ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { + debug("credentials updated - forcing rekey"); + need_rekeying = 1; + } ++#endif + if (need_rekeying || packet_need_rekeying()) { debug("need rekeying"); xxx_kex->done = 0; -diff -up openssh-5.6p1/configure.ac.gsskex openssh-5.6p1/configure.ac ---- openssh-5.6p1/configure.ac.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/configure.ac 2011-01-24 23:51:09.000000000 +0100 -@@ -477,6 +477,30 @@ main() { if (NSVersionOfRunTimeLibrary(" +diff -up openssh-5.8p1/configure.ac.gsskex openssh-5.8p1/configure.ac +--- openssh-5.8p1/configure.ac.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/configure.ac 2011-02-14 14:47:02.000000000 +0100 +@@ -514,6 +514,30 @@ main() { if (NSVersionOfRunTimeLibrary(" [Use tunnel device compatibility to OpenBSD]) AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic]) @@ -359,9 +379,18 @@ diff -up openssh-5.6p1/configure.ac.gsskex openssh-5.6p1/configure.ac m4_pattern_allow(AU_IPv) AC_CHECK_DECL(AU_IPv4, [], AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records]) -diff -up openssh-5.6p1/gss-genr.c.gsskex openssh-5.6p1/gss-genr.c ---- openssh-5.6p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200 -+++ openssh-5.6p1/gss-genr.c 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/gss-genr.c.gsskex openssh-5.8p1/gss-genr.c +--- openssh-5.8p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200 ++++ openssh-5.8p1/gss-genr.c 2011-02-14 14:47:02.000000000 +0100 +@@ -1,7 +1,7 @@ + /* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */ + + /* +- * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. ++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions @@ -39,12 +39,167 @@ #include "buffer.h" #include "log.h" @@ -700,9 +729,9 @@ diff -up openssh-5.6p1/gss-genr.c.gsskex openssh-5.6p1/gss-genr.c +} + #endif /* GSSAPI */ -diff -up openssh-5.6p1/gss-serv.c.gsskex openssh-5.6p1/gss-serv.c ---- openssh-5.6p1/gss-serv.c.gsskex 2008-05-19 07:05:07.000000000 +0200 -+++ openssh-5.6p1/gss-serv.c 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/gss-serv.c.gsskex openssh-5.8p1/gss-serv.c +--- openssh-5.8p1/gss-serv.c.gsskex 2008-05-19 07:05:07.000000000 +0200 ++++ openssh-5.8p1/gss-serv.c 2011-02-14 14:47:02.000000000 +0100 @@ -1,7 +1,7 @@ /* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ @@ -1016,9 +1045,9 @@ diff -up openssh-5.6p1/gss-serv.c.gsskex openssh-5.6p1/gss-serv.c } #endif -diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c ---- openssh-5.6p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200 -+++ openssh-5.6p1/gss-serv-krb5.c 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/gss-serv-krb5.c.gsskex openssh-5.8p1/gss-serv-krb5.c +--- openssh-5.8p1/gss-serv-krb5.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/gss-serv-krb5.c 2011-02-14 14:47:02.000000000 +0100 @@ -1,7 +1,7 @@ /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ @@ -1028,7 +1057,7 @@ diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions -@@ -120,6 +120,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl +@@ -121,6 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl krb5_principal princ; OM_uint32 maj_status, min_status; int len; @@ -1036,7 +1065,7 @@ diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c if (client->creds == NULL) { debug("No credentials stored"); -@@ -168,11 +169,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl +@@ -169,11 +170,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl return; } @@ -1057,7 +1086,7 @@ diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c #ifdef USE_PAM if (options.use_pam) -@@ -184,6 +190,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl +@@ -185,6 +191,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl return; } @@ -1129,7 +1158,7 @@ diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c ssh_gssapi_mech gssapi_kerberos_mech = { "toWM5Slw5Ew8Mqkay+al2g==", "Kerberos", -@@ -191,7 +262,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { +@@ -192,7 +263,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = { NULL, &ssh_gssapi_krb5_userok, NULL, @@ -1139,9 +1168,9 @@ diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c }; #endif /* KRB5 */ -diff -up openssh-5.6p1/kex.c.gsskex openssh-5.6p1/kex.c ---- openssh-5.6p1/kex.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/kex.c 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/kex.c.gsskex openssh-5.8p1/kex.c +--- openssh-5.8p1/kex.c.gsskex 2011-02-14 14:47:01.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-14 15:09:38.000000000 +0100 @@ -51,6 +51,10 @@ #include "roaming.h" #include "audit.h" @@ -1153,9 +1182,9 @@ diff -up openssh-5.6p1/kex.c.gsskex openssh-5.6p1/kex.c #if OPENSSL_VERSION_NUMBER >= 0x00907000L # if defined(HAVE_EVP_SHA256) # define evp_ssh_sha256 EVP_sha256 -@@ -339,6 +343,20 @@ choose_kex(Kex *k, char *client, char *s - k->kex_type = KEX_DH_GEX_SHA256; - k->evp_md = evp_ssh_sha256(); +@@ -371,6 +375,20 @@ choose_kex(Kex *k, char *client, char *s + k->kex_type = KEX_ECDH_SHA2; + k->evp_md = kex_ecdh_name_to_evpmd(k->name); #endif +#ifdef GSSAPI + } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID, @@ -1174,9 +1203,9 @@ diff -up openssh-5.6p1/kex.c.gsskex openssh-5.6p1/kex.c } else fatal("bad kex alg %s", k->name); } -diff -up openssh-5.6p1/kexgssc.c.gsskex openssh-5.6p1/kexgssc.c ---- openssh-5.6p1/kexgssc.c.gsskex 2011-01-24 23:51:09.000000000 +0100 -+++ openssh-5.6p1/kexgssc.c 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/kexgssc.c.gsskex openssh-5.8p1/kexgssc.c +--- openssh-5.8p1/kexgssc.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/kexgssc.c 2011-02-14 14:47:02.000000000 +0100 @@ -0,0 +1,334 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1512,9 +1541,9 @@ diff -up openssh-5.6p1/kexgssc.c.gsskex openssh-5.6p1/kexgssc.c +} + +#endif /* GSSAPI */ -diff -up openssh-5.6p1/kexgsss.c.gsskex openssh-5.6p1/kexgsss.c ---- openssh-5.6p1/kexgsss.c.gsskex 2011-01-24 23:51:09.000000000 +0100 -+++ openssh-5.6p1/kexgsss.c 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/kexgsss.c.gsskex openssh-5.8p1/kexgsss.c +--- openssh-5.8p1/kexgsss.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/kexgsss.c 2011-02-14 14:47:02.000000000 +0100 @@ -0,0 +1,288 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1804,20 +1833,20 @@ diff -up openssh-5.6p1/kexgsss.c.gsskex openssh-5.6p1/kexgsss.c + ssh_gssapi_rekey_creds(); +} +#endif /* GSSAPI */ -diff -up openssh-5.6p1/kex.h.gsskex openssh-5.6p1/kex.h ---- openssh-5.6p1/kex.h.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/kex.h 2011-01-24 23:52:26.000000000 +0100 -@@ -67,6 +67,9 @@ enum kex_exchange { - KEX_DH_GRP14_SHA1, +diff -up openssh-5.8p1/kex.h.gsskex openssh-5.8p1/kex.h +--- openssh-5.8p1/kex.h.gsskex 2011-02-14 14:47:01.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-02-14 15:10:05.000000000 +0100 +@@ -73,6 +73,9 @@ enum kex_exchange { KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, + KEX_ECDH_SHA2, + KEX_GSS_GRP1_SHA1, + KEX_GSS_GRP14_SHA1, + KEX_GSS_GEX_SHA1, KEX_MAX }; -@@ -123,6 +126,12 @@ struct Kex { +@@ -129,6 +132,12 @@ struct Kex { sig_atomic_t done; int flags; const EVP_MD *evp_md; @@ -1830,70 +1859,73 @@ diff -up openssh-5.6p1/kex.h.gsskex openssh-5.6p1/kex.h char *client_version_string; char *server_version_string; int (*verify_host_key)(Key *); -@@ -148,6 +157,11 @@ void kexgex_server(Kex *); - - void newkeys_destroy(Newkeys *newkeys); +@@ -156,6 +165,11 @@ void kexgex_server(Kex *); + void kexecdh_client(Kex *); + void kexecdh_server(Kex *); +#ifdef GSSAPI +void kexgss_client(Kex *); +void kexgss_server(Kex *); +#endif + + void newkeys_destroy(Newkeys *newkeys); + void - kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, - BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); -diff -up openssh-5.6p1/key.c.gsskex openssh-5.6p1/key.c ---- openssh-5.6p1/key.c.gsskex 2010-07-16 05:58:37.000000000 +0200 -+++ openssh-5.6p1/key.c 2011-01-24 23:51:09.000000000 +0100 -@@ -1020,6 +1020,8 @@ key_type_from_name(char *name) - return KEY_RSA_CERT; - } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { - return KEY_DSA_CERT; +diff -up openssh-5.8p1/key.c.gsskex openssh-5.8p1/key.c +--- openssh-5.8p1/key.c.gsskex 2011-02-04 01:48:34.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-14 14:47:02.000000000 +0100 +@@ -971,6 +971,8 @@ key_ssh_name_from_type_nid(int type, int + } + break; + #endif /* OPENSSL_HAS_ECC */ ++ case KEY_NULL: ++ return "null"; + } + return "ssh-unknown"; + } +@@ -1276,6 +1278,8 @@ key_type_from_name(char *name) + strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) { + return KEY_ECDSA_CERT; + #endif + } else if (strcmp(name, "null") == 0) { + return KEY_NULL; } + debug2("key_type_from_name: unknown key type '%s'", name); - return KEY_UNSPEC; -diff -up openssh-5.6p1/key.h.gsskex openssh-5.6p1/key.h ---- openssh-5.6p1/key.h.gsskex 2010-04-16 07:56:22.000000000 +0200 -+++ openssh-5.6p1/key.h 2011-01-24 23:51:09.000000000 +0100 -@@ -39,6 +39,7 @@ enum types { - KEY_DSA_CERT, +diff -up openssh-5.8p1/key.h.gsskex openssh-5.8p1/key.h +--- openssh-5.8p1/key.h.gsskex 2010-11-05 00:19:49.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-02-14 14:47:02.000000000 +0100 +@@ -44,6 +44,7 @@ enum types { + KEY_ECDSA_CERT, KEY_RSA_CERT_V00, KEY_DSA_CERT_V00, + KEY_NULL, KEY_UNSPEC }; enum fp_type { -diff -up openssh-5.6p1/Makefile.in.gsskex openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/Makefile.in 2011-01-24 23:51:09.000000000 +0100 -@@ -77,11 +77,11 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b - monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ - kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \ - entropy.o gss-genr.o umac.o jpake.o schnorr.o \ -- ssh-pkcs11.o auditstub.o -+ ssh-pkcs11.o auditstub.o kexgssc.o +diff -up openssh-5.8p1/Makefile.in.gsskex openssh-5.8p1/Makefile.in +--- openssh-5.8p1/Makefile.in.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-14 15:08:34.000000000 +0100 +@@ -77,6 +77,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b + atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ + monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ + kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ ++ kexgssc.o \ + msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \ + schnorr.o ssh-pkcs11.o auditstub.o - SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ - sshconnect.o sshconnect1.o sshconnect2.o mux.o \ -- roaming_common.o roaming_client.o -+ roaming_common.o roaming_client.o kexgssc.o - - SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - audit.o audit-bsm.o audit-linux.o platform.o \ -@@ -95,7 +95,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw - auth2-gss.o gss-serv.o gss-serv-krb5.o \ +@@ -93,7 +94,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw + auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \ + monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ + auth-krb5.o \ +- auth2-gss.o gss-serv.o gss-serv-krb5.o \ ++ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ -- roaming_common.o roaming_serv.o -+ roaming_common.o roaming_serv.o kexgsss.o - - MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out - MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5 -diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c ---- openssh-5.6p1/monitor.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/monitor.c 2011-01-24 23:51:09.000000000 +0100 + roaming_common.o roaming_serv.o +diff -up openssh-5.8p1/monitor.c.gsskex openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-14 14:47:02.000000000 +0100 @@ -176,6 +176,8 @@ int mm_answer_gss_setup_ctx(int, Buffer int mm_answer_gss_accept_ctx(int, Buffer *); int mm_answer_gss_userok(int, Buffer *); @@ -1946,10 +1978,10 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c } else { mon_dispatch = mon_dispatch_postauth15; monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); -@@ -1754,6 +1771,13 @@ mm_get_kex(Buffer *m) - kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; +@@ -1755,6 +1772,13 @@ mm_get_kex(Buffer *m) kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; + kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#ifdef GSSAPI + if (options.gss_keyex) { + kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; @@ -1960,7 +1992,7 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c kex->server = 1; kex->hostkey_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m); -@@ -1960,6 +1984,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer +@@ -1961,6 +1985,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer OM_uint32 major; u_int len; @@ -1970,7 +2002,7 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c goid.elements = buffer_get_string(m, &len); goid.length = len; -@@ -1987,6 +2014,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe +@@ -1988,6 +2015,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe OM_uint32 flags = 0; /* GSI needs this */ u_int len; @@ -1980,7 +2012,7 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c in.value = buffer_get_string(m, &len); in.length = len; major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); -@@ -2004,6 +2034,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe +@@ -2005,6 +2035,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); @@ -1988,7 +2020,7 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c } return (0); } -@@ -2015,6 +2046,9 @@ mm_answer_gss_checkmic(int sock, Buffer +@@ -2016,6 +2047,9 @@ mm_answer_gss_checkmic(int sock, Buffer OM_uint32 ret; u_int len; @@ -1998,7 +2030,7 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c gssbuf.value = buffer_get_string(m, &len); gssbuf.length = len; mic.value = buffer_get_string(m, &len); -@@ -2041,7 +2075,11 @@ mm_answer_gss_userok(int sock, Buffer *m +@@ -2042,7 +2076,11 @@ mm_answer_gss_userok(int sock, Buffer *m { int authenticated; @@ -2011,7 +2043,7 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c buffer_clear(m); buffer_put_int(m, authenticated); -@@ -2054,6 +2092,74 @@ mm_answer_gss_userok(int sock, Buffer *m +@@ -2055,6 +2093,74 @@ mm_answer_gss_userok(int sock, Buffer *m /* Monitor loop will terminate if authenticated */ return (authenticated); } @@ -2086,9 +2118,9 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c #endif /* GSSAPI */ #ifdef JPAKE -diff -up openssh-5.6p1/monitor.h.gsskex openssh-5.6p1/monitor.h ---- openssh-5.6p1/monitor.h.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/monitor.h 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/monitor.h.gsskex openssh-5.8p1/monitor.h +--- openssh-5.8p1/monitor.h.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-14 14:47:02.000000000 +0100 @@ -56,6 +56,8 @@ enum monitor_reqtype { MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP, MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK, @@ -2098,10 +2130,10 @@ diff -up openssh-5.6p1/monitor.h.gsskex openssh-5.6p1/monitor.h MONITOR_REQ_PAM_START, MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT, MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, -diff -up openssh-5.6p1/monitor_wrap.c.gsskex openssh-5.6p1/monitor_wrap.c ---- openssh-5.6p1/monitor_wrap.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.c 2011-01-24 23:51:09.000000000 +0100 -@@ -1250,7 +1250,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss +diff -up openssh-5.8p1/monitor_wrap.c.gsskex openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-14 14:47:02.000000000 +0100 +@@ -1251,7 +1251,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss } int @@ -2110,7 +2142,7 @@ diff -up openssh-5.6p1/monitor_wrap.c.gsskex openssh-5.6p1/monitor_wrap.c { Buffer m; int authenticated = 0; -@@ -1267,6 +1267,51 @@ mm_ssh_gssapi_userok(char *user) +@@ -1268,6 +1268,51 @@ mm_ssh_gssapi_userok(char *user) debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); return (authenticated); } @@ -2162,9 +2194,9 @@ diff -up openssh-5.6p1/monitor_wrap.c.gsskex openssh-5.6p1/monitor_wrap.c #endif /* GSSAPI */ #ifdef JPAKE -diff -up openssh-5.6p1/monitor_wrap.h.gsskex openssh-5.6p1/monitor_wrap.h ---- openssh-5.6p1/monitor_wrap.h.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/monitor_wrap.h 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/monitor_wrap.h.gsskex openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-14 14:47:02.000000000 +0100 @@ -60,8 +60,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, @@ -2177,18 +2209,19 @@ diff -up openssh-5.6p1/monitor_wrap.h.gsskex openssh-5.6p1/monitor_wrap.h #endif #ifdef USE_PAM -diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c ---- openssh-5.6p1/readconf.c.gsskex 2010-08-03 08:04:46.000000000 +0200 -+++ openssh-5.6p1/readconf.c 2011-01-24 23:51:09.000000000 +0100 -@@ -127,6 +127,7 @@ typedef enum { +diff -up openssh-5.8p1/readconf.c.gsskex openssh-5.8p1/readconf.c +--- openssh-5.8p1/readconf.c.gsskex 2010-11-20 05:19:38.000000000 +0100 ++++ openssh-5.8p1/readconf.c 2011-02-14 14:47:02.000000000 +0100 +@@ -129,6 +129,8 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, + oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, ++ oGssServerIdentity, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, -@@ -166,10 +167,18 @@ static struct { +@@ -169,10 +171,19 @@ static struct { { "afstokenpassing", oUnsupported }, #if defined(GSSAPI) { "gssapiauthentication", oGssAuthentication }, @@ -2196,6 +2229,7 @@ diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c { "gssapidelegatecredentials", oGssDelegateCreds }, + { "gssapitrustdns", oGssTrustDns }, + { "gssapiclientidentity", oGssClientIdentity }, ++ { "gssapiserveridentity", oGssServerIdentity }, + { "gssapirenewalforcesrekey", oGssRenewalRekey }, #else { "gssapiauthentication", oUnsupported }, @@ -2207,7 +2241,7 @@ diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c #endif { "fallbacktorsh", oDeprecated }, { "usersh", oDeprecated }, -@@ -474,10 +483,26 @@ parse_flag: +@@ -479,10 +490,30 @@ parse_flag: intptr = &options->gss_authentication; goto parse_flag; @@ -2227,6 +2261,10 @@ diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c + charptr = &options->gss_client_identity; + goto parse_string; + ++ case oGssServerIdentity: ++ charptr = &options->gss_server_identity; ++ goto parse_string; ++ + case oGssRenewalRekey: + intptr = &options->gss_renewal_rekey; + goto parse_flag; @@ -2234,7 +2272,7 @@ diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c case oBatchMode: intptr = &options->batch_mode; goto parse_flag; -@@ -1058,7 +1083,11 @@ initialize_options(Options * options) +@@ -1092,7 +1123,12 @@ initialize_options(Options * options) options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; @@ -2243,10 +2281,11 @@ diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c + options->gss_trust_dns = -1; + options->gss_renewal_rekey = -1; + options->gss_client_identity = NULL; ++ options->gss_server_identity = NULL; options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->kbd_interactive_devices = NULL; -@@ -1156,8 +1185,14 @@ fill_default_options(Options * options) +@@ -1193,8 +1229,14 @@ fill_default_options(Options * options) options->challenge_response_authentication = 1; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2261,10 +2300,10 @@ diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -diff -up openssh-5.6p1/readconf.h.gsskex openssh-5.6p1/readconf.h ---- openssh-5.6p1/readconf.h.gsskex 2010-08-03 08:04:46.000000000 +0200 -+++ openssh-5.6p1/readconf.h 2011-01-24 23:51:09.000000000 +0100 -@@ -46,7 +46,11 @@ typedef struct { +diff -up openssh-5.8p1/readconf.h.gsskex openssh-5.8p1/readconf.h +--- openssh-5.8p1/readconf.h.gsskex 2010-11-20 05:19:38.000000000 +0100 ++++ openssh-5.8p1/readconf.h 2011-02-14 14:47:02.000000000 +0100 +@@ -46,7 +46,12 @@ typedef struct { int challenge_response_authentication; /* Try S/Key or TIS, authentication. */ int gss_authentication; /* Try GSS authentication */ @@ -2273,13 +2312,14 @@ diff -up openssh-5.6p1/readconf.h.gsskex openssh-5.6p1/readconf.h + int gss_trust_dns; /* Trust DNS for GSS canonicalization */ + int gss_renewal_rekey; /* Credential renewal forces rekey */ + char *gss_client_identity; /* Principal to initiate GSSAPI with */ ++ char *gss_server_identity; /* GSSAPI target principal */ int password_authentication; /* Try password * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c ---- openssh-5.6p1/servconf.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/servconf.c 2011-01-24 23:51:09.000000000 +0100 -@@ -93,7 +93,10 @@ initialize_server_options(ServerOptions +diff -up openssh-5.8p1/servconf.c.gsskex openssh-5.8p1/servconf.c +--- openssh-5.8p1/servconf.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/servconf.c 2011-02-14 15:11:09.000000000 +0100 +@@ -97,7 +97,10 @@ initialize_server_options(ServerOptions options->kerberos_ticket_cleanup = -1; options->kerberos_get_afs_token = -1; options->gss_authentication=-1; @@ -2290,7 +2330,7 @@ diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; -@@ -218,8 +221,14 @@ fill_default_server_options(ServerOption +@@ -230,8 +233,14 @@ fill_default_server_options(ServerOption options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2305,7 +2345,7 @@ diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -@@ -313,7 +322,9 @@ typedef enum { +@@ -330,7 +339,9 @@ typedef enum { sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, @@ -2316,23 +2356,28 @@ diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, -@@ -377,9 +388,15 @@ static struct { +@@ -397,10 +408,20 @@ static struct { #ifdef GSSAPI { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, ++ { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, + { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, + { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, + { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, #else { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, ++ { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, + { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, + { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, + { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, #endif ++ { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, ++ { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, -@@ -941,10 +958,22 @@ process_server_config_line(ServerOptions + { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, +@@ -963,10 +984,22 @@ process_server_config_line(ServerOptions intptr = &options->gss_authentication; goto parse_flag; @@ -2355,10 +2400,21 @@ diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c case sPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; -diff -up openssh-5.6p1/servconf.h.gsskex openssh-5.6p1/servconf.h ---- openssh-5.6p1/servconf.h.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/servconf.h 2011-01-24 23:51:09.000000000 +0100 -@@ -94,7 +94,10 @@ typedef struct { +@@ -1748,7 +1781,10 @@ dump_config(ServerOptions *o) + #endif + #ifdef GSSAPI + dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); ++ dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); + dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); ++ dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); ++ dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); + #endif + #ifdef JPAKE + dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, +diff -up openssh-5.8p1/servconf.h.gsskex openssh-5.8p1/servconf.h +--- openssh-5.8p1/servconf.h.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/servconf.h 2011-02-14 14:47:02.000000000 +0100 +@@ -97,7 +97,10 @@ typedef struct { int kerberos_get_afs_token; /* If true, try to get AFS token if * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ @@ -2369,10 +2425,10 @@ diff -up openssh-5.6p1/servconf.h.gsskex openssh-5.6p1/servconf.h int password_authentication; /* If true, permit password * authentication. */ int kbd_interactive_authentication; /* If true, permit */ -diff -up openssh-5.6p1/ssh_config.5.gsskex openssh-5.6p1/ssh_config.5 ---- openssh-5.6p1/ssh_config.5.gsskex 2010-08-05 05:03:13.000000000 +0200 -+++ openssh-5.6p1/ssh_config.5 2011-01-24 23:51:09.000000000 +0100 -@@ -509,11 +509,38 @@ Specifies whether user authentication ba +diff -up openssh-5.8p1/ssh_config.5.gsskex openssh-5.8p1/ssh_config.5 +--- openssh-5.8p1/ssh_config.5.gsskex 2010-12-26 04:26:48.000000000 +0100 ++++ openssh-5.8p1/ssh_config.5 2011-02-14 14:47:02.000000000 +0100 +@@ -508,11 +508,43 @@ Specifies whether user authentication ba The default is .Dq no . Note that this option applies to protocol version 2 only. @@ -2386,6 +2442,11 @@ diff -up openssh-5.6p1/ssh_config.5.gsskex openssh-5.6p1/ssh_config.5 +If set, specifies the GSSAPI client identity that ssh should use when +connecting to the server. The default is unset, which means that the default +identity will be used. ++.It Cm GSSAPIServerIdentity ++If set, specifies the GSSAPI server identity that ssh should expect when ++connecting to the server. The default is unset, which means that the ++expected GSSAPI server identity will be determined from the target ++hostname. .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is @@ -2412,9 +2473,9 @@ diff -up openssh-5.6p1/ssh_config.5.gsskex openssh-5.6p1/ssh_config.5 .It Cm HashKnownHosts Indicates that .Xr ssh 1 -diff -up openssh-5.6p1/ssh_config.gsskex openssh-5.6p1/ssh_config ---- openssh-5.6p1/ssh_config.gsskex 2011-01-24 23:51:07.000000000 +0100 -+++ openssh-5.6p1/ssh_config 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/ssh_config.gsskex openssh-5.8p1/ssh_config +--- openssh-5.8p1/ssh_config.gsskex 2011-02-14 14:47:01.000000000 +0100 ++++ openssh-5.8p1/ssh_config 2011-02-14 14:47:02.000000000 +0100 @@ -26,6 +26,8 @@ # HostbasedAuthentication no # GSSAPIAuthentication no @@ -2424,10 +2485,10 @@ diff -up openssh-5.6p1/ssh_config.gsskex openssh-5.6p1/ssh_config # BatchMode no # CheckHostIP yes # AddressFamily any -diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c ---- openssh-5.6p1/sshconnect2.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/sshconnect2.c 2011-01-24 23:51:09.000000000 +0100 -@@ -108,9 +108,34 @@ ssh_kex2(char *host, struct sockaddr *ho +diff -up openssh-5.8p1/sshconnect2.c.gsskex openssh-5.8p1/sshconnect2.c +--- openssh-5.8p1/sshconnect2.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/sshconnect2.c 2011-02-14 14:47:02.000000000 +0100 +@@ -161,9 +161,34 @@ ssh_kex2(char *host, struct sockaddr *ho { Kex *kex; @@ -2462,9 +2523,9 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c if (options.ciphers == (char *)-1) { logit("No valid ciphers for protocol version 2 given, using defaults."); options.ciphers = NULL; -@@ -146,6 +171,17 @@ ssh_kex2(char *host, struct sockaddr *ho - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - options.hostkeyalgorithms; +@@ -206,6 +231,17 @@ ssh_kex2(char *host, struct sockaddr *ho + if (options.kex_algorithms != NULL) + myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; +#ifdef GSSAPI + /* If we've got GSSAPI algorithms, then we also support the @@ -2480,10 +2541,10 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c if (options.rekey_limit) packet_set_rekey_limit((u_int32_t)options.rekey_limit); -@@ -155,10 +191,26 @@ ssh_kex2(char *host, struct sockaddr *ho - kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; +@@ -216,10 +252,30 @@ ssh_kex2(char *host, struct sockaddr *ho kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; + kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +#ifdef GSSAPI + if (options.gss_keyex) { + kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; @@ -2500,14 +2561,18 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c + kex->gss_deleg_creds = options.gss_deleg_creds; + kex->gss_trust_dns = options.gss_trust_dns; + kex->gss_client = options.gss_client_identity; -+ kex->gss_host = gss_host; ++ if (options.gss_server_identity) { ++ kex->gss_host = options.gss_server_identity; ++ } else { ++ kex->gss_host = gss_host; ++ } + } +#endif + xxx_kex = kex; dispatch_run(DISPATCH_BLOCK, &kex->done, kex); -@@ -253,6 +305,7 @@ void input_gssapi_token(int type, u_int3 +@@ -314,6 +370,7 @@ void input_gssapi_token(int type, u_int3 void input_gssapi_hash(int type, u_int32_t, void *); void input_gssapi_error(int, u_int32_t, void *); void input_gssapi_errtok(int, u_int32_t, void *); @@ -2515,7 +2580,7 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c #endif void userauth(Authctxt *, char *); -@@ -268,6 +321,11 @@ static char *authmethods_get(void); +@@ -329,6 +386,11 @@ static char *authmethods_get(void); Authmethod authmethods[] = { #ifdef GSSAPI @@ -2527,26 +2592,19 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c {"gssapi-with-mic", userauth_gssapi, NULL, -@@ -574,25 +632,37 @@ userauth_gssapi(Authctxt *authctxt) +@@ -635,19 +697,31 @@ userauth_gssapi(Authctxt *authctxt) static u_int mech = 0; OM_uint32 min; int ok = 0; -- char* remotehost = NULL; -+ const char* remotehost = NULL; - const char* canonicalhost = get_canonical_hostname(1); + const char *gss_host; + - if ( strcmp( canonicalhost, "UNKNOWN" ) == 0 ) - remotehost = authctxt->host; - else - remotehost = canonicalhost; - -+ if (options.gss_trust_dns) -+// gss_host = get_canonical_hostname(1); -+ gss_host = remotehost; ++ if (options.gss_server_identity) ++ gss_host = options.gss_server_identity; ++ else if (options.gss_trust_dns) ++ gss_host = get_canonical_hostname(1); + else + gss_host = authctxt->host; -+ + /* Try one GSSAPI method at a time, rather than sending them all at * once. */ @@ -2562,13 +2620,13 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c /* My DER encoding requires length<128 */ if (gss_supported->elements[mech].length < 128 && ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], remotehost)) { +- &gss_supported->elements[mech], authctxt->host)) { + &gss_supported->elements[mech], gss_host, -+ options.gss_client_identity)) { ++ options.gss_client_identity)) { ok = 1; /* Mechanism works */ } else { mech++; -@@ -689,8 +759,8 @@ input_gssapi_response(int type, u_int32_ +@@ -744,8 +818,8 @@ input_gssapi_response(int type, u_int32_ { Authctxt *authctxt = ctxt; Gssctxt *gssctxt; @@ -2579,7 +2637,7 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); -@@ -800,6 +870,48 @@ input_gssapi_error(int type, u_int32_t p +@@ -855,6 +929,48 @@ input_gssapi_error(int type, u_int32_t p xfree(msg); xfree(lang); } @@ -2628,21 +2686,21 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c #endif /* GSSAPI */ int -diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c ---- openssh-5.6p1/sshd.c.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/sshd.c 2011-01-24 23:51:09.000000000 +0100 -@@ -130,6 +130,10 @@ int allow_severity; - int deny_severity; - #endif /* LIBWRAP */ +diff -up openssh-5.8p1/sshd.c.gsskex openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-14 15:11:56.000000000 +0100 +@@ -123,6 +123,10 @@ + #include "audit.h" + #include "version.h" +#ifdef USE_SECURITY_SESSION_API +#include +#endif + - #ifndef O_NOCTTY - #define O_NOCTTY 0 - #endif -@@ -1603,10 +1607,13 @@ main(int ac, char **av) + #ifdef LIBWRAP + #include + #include +@@ -1609,10 +1613,13 @@ main(int ac, char **av) logit("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; } @@ -2656,7 +2714,7 @@ diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { logit("sshd: no hostkeys available -- exiting."); exit(1); -@@ -1939,6 +1946,60 @@ main(int ac, char **av) +@@ -1945,6 +1952,60 @@ main(int ac, char **av) /* Log the connection. */ verbose("Connection from %.500s port %d", remote_ip, remote_port); @@ -2717,7 +2775,7 @@ diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is -@@ -2335,12 +2396,61 @@ do_ssh2_kex(void) +@@ -2347,6 +2408,48 @@ do_ssh2_kex(void) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); @@ -2766,9 +2824,10 @@ diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c /* start key exchange */ kex = kex_setup(myproposal); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; - kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; +@@ -2354,6 +2457,13 @@ do_ssh2_kex(void) kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; + kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#ifdef GSSAPI + if (options.gss_keyex) { + kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; @@ -2779,10 +2838,10 @@ diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; -diff -up openssh-5.6p1/sshd_config.5.gsskex openssh-5.6p1/sshd_config.5 ---- openssh-5.6p1/sshd_config.5.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/sshd_config.5 2011-01-24 23:51:09.000000000 +0100 -@@ -424,12 +424,40 @@ Specifies whether user authentication ba +diff -up openssh-5.8p1/sshd_config.5.gsskex openssh-5.8p1/sshd_config.5 +--- openssh-5.8p1/sshd_config.5.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/sshd_config.5 2011-02-14 14:47:02.000000000 +0100 +@@ -423,12 +423,40 @@ Specifies whether user authentication ba The default is .Dq no . Note that this option applies to protocol version 2 only. @@ -2823,10 +2882,10 @@ diff -up openssh-5.6p1/sshd_config.5.gsskex openssh-5.6p1/sshd_config.5 .It Cm HostbasedAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed -diff -up openssh-5.6p1/sshd_config.gsskex openssh-5.6p1/sshd_config ---- openssh-5.6p1/sshd_config.gsskex 2011-01-24 23:51:08.000000000 +0100 -+++ openssh-5.6p1/sshd_config 2011-01-24 23:51:09.000000000 +0100 -@@ -78,6 +78,8 @@ ChallengeResponseAuthentication no +diff -up openssh-5.8p1/sshd_config.gsskex openssh-5.8p1/sshd_config +--- openssh-5.8p1/sshd_config.gsskex 2011-02-14 14:47:02.000000000 +0100 ++++ openssh-5.8p1/sshd_config 2011-02-14 15:12:38.000000000 +0100 +@@ -80,6 +80,8 @@ ChallengeResponseAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes @@ -2835,9 +2894,9 @@ diff -up openssh-5.6p1/sshd_config.gsskex openssh-5.6p1/sshd_config # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -diff -up openssh-5.6p1/ssh-gss.h.gsskex openssh-5.6p1/ssh-gss.h ---- openssh-5.6p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200 -+++ openssh-5.6p1/ssh-gss.h 2011-01-24 23:51:09.000000000 +0100 +diff -up openssh-5.8p1/ssh-gss.h.gsskex openssh-5.8p1/ssh-gss.h +--- openssh-5.8p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200 ++++ openssh-5.8p1/ssh-gss.h 2011-02-14 14:47:02.000000000 +0100 @@ -1,6 +1,6 @@ /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */ /* diff --git a/openssh-5.6p1-kuserok.patch b/openssh-5.8p1-kuserok.patch similarity index 67% rename from openssh-5.6p1-kuserok.patch rename to openssh-5.8p1-kuserok.patch index 7376a85..fcd05d7 100644 --- a/openssh-5.6p1-kuserok.patch +++ b/openssh-5.8p1-kuserok.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.6p1/auth-krb5.c.kuserok openssh-5.6p1/auth-krb5.c ---- openssh-5.6p1/auth-krb5.c.kuserok 2010-11-15 10:08:05.000000000 +0100 -+++ openssh-5.6p1/auth-krb5.c 2010-11-15 10:11:02.000000000 +0100 +diff -up openssh-5.8p1/auth-krb5.c.kuserok openssh-5.8p1/auth-krb5.c +--- openssh-5.8p1/auth-krb5.c.kuserok 2009-12-21 00:49:22.000000000 +0100 ++++ openssh-5.8p1/auth-krb5.c 2011-02-14 09:15:12.000000000 +0100 @@ -54,6 +54,20 @@ extern ServerOptions options; @@ -31,9 +31,9 @@ diff -up openssh-5.6p1/auth-krb5.c.kuserok openssh-5.6p1/auth-krb5.c problem = -1; goto out; } -diff -up openssh-5.6p1/gss-serv-krb5.c.kuserok openssh-5.6p1/gss-serv-krb5.c ---- openssh-5.6p1/gss-serv-krb5.c.kuserok 2010-11-15 10:08:05.000000000 +0100 -+++ openssh-5.6p1/gss-serv-krb5.c 2010-11-15 10:12:35.000000000 +0100 +diff -up openssh-5.8p1/gss-serv-krb5.c.kuserok openssh-5.8p1/gss-serv-krb5.c +--- openssh-5.8p1/gss-serv-krb5.c.kuserok 2006-09-01 07:38:36.000000000 +0200 ++++ openssh-5.8p1/gss-serv-krb5.c 2011-02-14 09:15:12.000000000 +0100 @@ -57,6 +57,7 @@ extern ServerOptions options; #endif @@ -51,18 +51,18 @@ diff -up openssh-5.6p1/gss-serv-krb5.c.kuserok openssh-5.6p1/gss-serv-krb5.c retval = 1; logit("Authorized to %s, krb5 principal %s (krb5_kuserok)", name, (char *)client->displayname.value); -diff -up openssh-5.6p1/servconf.c.kuserok openssh-5.6p1/servconf.c ---- openssh-5.6p1/servconf.c.kuserok 2010-11-15 10:08:05.000000000 +0100 -+++ openssh-5.6p1/servconf.c 2010-11-15 10:08:05.000000000 +0100 -@@ -138,6 +138,7 @@ initialize_server_options(ServerOptions - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; +diff -up openssh-5.8p1/servconf.c.kuserok openssh-5.8p1/servconf.c +--- openssh-5.8p1/servconf.c.kuserok 2011-02-14 09:15:12.000000000 +0100 ++++ openssh-5.8p1/servconf.c 2011-02-14 09:20:22.000000000 +0100 +@@ -142,6 +142,7 @@ initialize_server_options(ServerOptions options->authorized_principals_file = NULL; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; + options->use_kuserok = -1; } void -@@ -286,6 +287,8 @@ fill_default_server_options(ServerOption +@@ -291,6 +292,8 @@ fill_default_server_options(ServerOption if (use_privsep == -1) use_privsep = 1; @@ -71,7 +71,7 @@ diff -up openssh-5.6p1/servconf.c.kuserok openssh-5.6p1/servconf.c #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " -@@ -307,7 +310,7 @@ typedef enum { +@@ -312,7 +315,7 @@ typedef enum { sPermitRootLogin, sLogFacility, sLogLevel, sRhostsRSAAuthentication, sRSAAuthentication, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, @@ -80,7 +80,7 @@ diff -up openssh-5.6p1/servconf.c.kuserok openssh-5.6p1/servconf.c sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, -@@ -377,11 +380,13 @@ static struct { +@@ -381,11 +384,13 @@ static struct { #else { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, #endif @@ -105,15 +105,15 @@ diff -up openssh-5.6p1/servconf.c.kuserok openssh-5.6p1/servconf.c case sPermitOpen: arg = strdelim(&cp); if (!arg || *arg == '\0') -@@ -1525,6 +1534,7 @@ copy_set_server_options(ServerOptions *d - M_CP_INTOPT(x11_use_localhost); - M_CP_INTOPT(max_sessions); +@@ -1544,6 +1553,7 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(max_authtries); + M_CP_INTOPT(ip_qos_interactive); + M_CP_INTOPT(ip_qos_bulk); + M_CP_INTOPT(use_kuserok); M_CP_STROPT(banner); if (preauth) -@@ -1745,6 +1755,7 @@ dump_config(ServerOptions *o) +@@ -1764,6 +1774,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sUseDNS, o->use_dns); dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); @@ -121,9 +121,9 @@ diff -up openssh-5.6p1/servconf.c.kuserok openssh-5.6p1/servconf.c /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); -diff -up openssh-5.6p1/servconf.h.kuserok openssh-5.6p1/servconf.h ---- openssh-5.6p1/servconf.h.kuserok 2010-11-15 10:08:05.000000000 +0100 -+++ openssh-5.6p1/servconf.h 2010-11-15 10:08:05.000000000 +0100 +diff -up openssh-5.8p1/servconf.h.kuserok openssh-5.8p1/servconf.h +--- openssh-5.8p1/servconf.h.kuserok 2011-02-14 09:15:12.000000000 +0100 ++++ openssh-5.8p1/servconf.h 2011-02-14 09:15:12.000000000 +0100 @@ -157,6 +157,7 @@ typedef struct { int num_permitted_opens; @@ -132,10 +132,10 @@ diff -up openssh-5.6p1/servconf.h.kuserok openssh-5.6p1/servconf.h char *chroot_directory; char *revoked_keys_file; char *trusted_user_ca_keys; -diff -up openssh-5.6p1/sshd_config.5.kuserok openssh-5.6p1/sshd_config.5 ---- openssh-5.6p1/sshd_config.5.kuserok 2010-11-15 10:08:05.000000000 +0100 -+++ openssh-5.6p1/sshd_config.5 2010-11-15 10:08:05.000000000 +0100 -@@ -564,6 +564,10 @@ Specifies whether to automatically destr +diff -up openssh-5.8p1/sshd_config.5.kuserok openssh-5.8p1/sshd_config.5 +--- openssh-5.8p1/sshd_config.5.kuserok 2011-02-14 09:15:12.000000000 +0100 ++++ openssh-5.8p1/sshd_config.5 2011-02-14 09:17:11.000000000 +0100 +@@ -574,6 +574,10 @@ Specifies whether to automatically destr file on logout. The default is .Dq yes . @@ -143,10 +143,10 @@ diff -up openssh-5.6p1/sshd_config.5.kuserok openssh-5.6p1/sshd_config.5 +Specifies whether to look at .k5login file for user's aliases. +The default is +.Dq yes . - .It Cm KeyRegenerationInterval - In protocol version 1, the ephemeral server key is automatically regenerated - after this many seconds (if it has been used). -@@ -694,6 +698,7 @@ Available keywords are + .It Cm KexAlgorithms + Specifies the available KEX (Key Exchange) algorithms. + Multiple algorithms must be comma-separated. +@@ -715,6 +719,7 @@ Available keywords are .Cm HostbasedUsesNameFromPacketOnly , .Cm KbdInteractiveAuthentication , .Cm KerberosAuthentication , @@ -154,10 +154,10 @@ diff -up openssh-5.6p1/sshd_config.5.kuserok openssh-5.6p1/sshd_config.5 .Cm MaxAuthTries , .Cm MaxSessions , .Cm PubkeyAuthentication , -diff -up openssh-5.6p1/sshd_config.kuserok openssh-5.6p1/sshd_config ---- openssh-5.6p1/sshd_config.kuserok 2010-11-15 10:08:05.000000000 +0100 -+++ openssh-5.6p1/sshd_config 2010-11-15 10:08:05.000000000 +0100 -@@ -72,6 +72,7 @@ ChallengeResponseAuthentication no +diff -up openssh-5.8p1/sshd_config.kuserok openssh-5.8p1/sshd_config +--- openssh-5.8p1/sshd_config.kuserok 2011-02-14 09:15:12.000000000 +0100 ++++ openssh-5.8p1/sshd_config 2011-02-14 09:15:12.000000000 +0100 +@@ -73,6 +73,7 @@ ChallengeResponseAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no diff --git a/openssh-5.6p1-mls.patch b/openssh-5.8p1-mls.patch similarity index 79% rename from openssh-5.6p1-mls.patch rename to openssh-5.8p1-mls.patch index ee8a8ef..525e6b5 100644 --- a/openssh-5.6p1-mls.patch +++ b/openssh-5.8p1-mls.patch @@ -1,18 +1,7 @@ -diff -up openssh-5.6p1/configure.ac.mls openssh-5.6p1/configure.ac ---- openssh-5.6p1/configure.ac.mls 2010-08-23 12:11:36.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-08-23 12:11:36.000000000 +0200 -@@ -3390,6 +3390,7 @@ AC_ARG_WITH(selinux, - SSHDLIBS="$SSHDLIBS $LIBSELINUX" - LIBS="$LIBS $LIBSELINUX" - AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) -+ AC_CHECK_FUNCS(setkeycreatecon) - LIBS="$save_LIBS" - fi ] - ) -diff -up openssh-5.6p1/misc.c.mls openssh-5.6p1/misc.c ---- openssh-5.6p1/misc.c.mls 2010-08-03 08:05:05.000000000 +0200 -+++ openssh-5.6p1/misc.c 2010-08-23 12:14:16.000000000 +0200 -@@ -424,6 +424,7 @@ char * +diff -up openssh-5.8p1/misc.c.mls openssh-5.8p1/misc.c +--- openssh-5.8p1/misc.c.mls 2011-01-13 02:21:36.000000000 +0100 ++++ openssh-5.8p1/misc.c 2011-02-12 15:05:06.000000000 +0100 +@@ -427,6 +427,7 @@ char * colon(char *cp) { int flag = 0; @@ -20,7 +9,7 @@ diff -up openssh-5.6p1/misc.c.mls openssh-5.6p1/misc.c if (*cp == ':') /* Leading colon is part of file name. */ return NULL; -@@ -439,6 +440,13 @@ colon(char *cp) +@@ -442,6 +443,13 @@ colon(char *cp) return (cp); if (*cp == '/') return NULL; @@ -34,15 +23,10 @@ diff -up openssh-5.6p1/misc.c.mls openssh-5.6p1/misc.c } return NULL; } -diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-compat/port-linux.c ---- openssh-5.6p1/openbsd-compat/port-linux.c.mls 2010-08-23 12:11:36.000000000 +0200 -+++ openssh-5.6p1/openbsd-compat/port-linux.c 2010-08-23 12:11:37.000000000 +0200 -@@ -35,13 +35,24 @@ - #include "key.h" - #include "hostfile.h" - #include "auth.h" -+#include "xmalloc.h" - +diff -up openssh-5.8p1/openbsd-compat/port-linux.c.mls openssh-5.8p1/openbsd-compat/port-linux.c +--- openssh-5.8p1/openbsd-compat/port-linux.c.mls 2011-02-12 15:05:06.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-02-12 15:09:23.000000000 +0100 +@@ -40,13 +40,164 @@ #ifdef WITH_SELINUX #include #include @@ -56,15 +40,10 @@ diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-com +#include +#endif + extern ServerOptions options; extern Authctxt *the_authctxt; -+extern int inetd_flag; -+extern int rexeced_flag; - - /* Wrapper around is_selinux_enabled() to log its return value once only */ - int -@@ -57,17 +68,173 @@ ssh_selinux_enabled(void) - return (enabled); - } + extern int inetd_flag; + extern int rexeced_flag; +/* Send audit message */ +static int @@ -80,8 +59,8 @@ diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-com + rc = -1; + if (audit_fd < 0) { + if (errno == EINVAL || errno == EPROTONOSUPPORT || -+ errno == EAFNOSUPPORT) -+ return 0; /* No audit support in kernel */ ++ errno == EAFNOSUPPORT) ++ return 0; /* No audit support in kernel */ + error("Error connecting to audit system."); + return rc; + } @@ -204,11 +183,17 @@ diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-com +#endif + return 0; + out: -+ freecon(*sc); -+ *sc = NULL; -+ return -1; ++ freecon(*sc); ++ *sc = NULL; ++ return -1; +} + + static void + ssh_selinux_get_role_level(char **role, const char **level) + { +@@ -65,14 +216,16 @@ ssh_selinux_get_role_level(char **role, + } + /* Return the default security context for the given username */ -static security_context_t -ssh_selinux_getctxbyname(char *pwname) @@ -216,33 +201,16 @@ diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-com +ssh_selinux_getctxbyname(char *pwname, + security_context_t *default_sc, security_context_t *user_sc) { -- security_context_t sc = NULL; + security_context_t sc = NULL; char *sename, *lvl; -+ const char *reqlvl = NULL; - char *role = NULL; -- int r = 0; -+ int r = -1; -+ context_t con = NULL; -+ -+ *default_sc = NULL; -+ *user_sc = NULL; -+ if (the_authctxt) { -+ if (the_authctxt->role != NULL) { -+ char *slash; -+ role = xstrdup(the_authctxt->role); -+ if ((slash = strchr(role, '/')) != NULL) { -+ *slash = '\0'; -+ reqlvl = slash + 1; -+ } -+ } -+ } + char *role; + const char *reqlvl; + int r = 0; ++ context_t con; -- if (the_authctxt) -- role=the_authctxt->role; + ssh_selinux_get_role_level(&role, &reqlvl); #ifdef HAVE_GETSEUSERBYNAME - if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) { - sename = NULL; -@@ -75,38 +242,63 @@ ssh_selinux_getctxbyname(char *pwname) +@@ -82,38 +235,63 @@ ssh_selinux_getctxbyname(char *pwname) } #else sename = pwname; @@ -328,29 +296,31 @@ diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-com #ifdef HAVE_GETSEUSERBYNAME if (sename != NULL) -@@ -114,14 +306,20 @@ ssh_selinux_getctxbyname(char *pwname) +@@ -121,8 +299,12 @@ ssh_selinux_getctxbyname(char *pwname) if (lvl != NULL) xfree(lvl); #endif +- +- return (sc); + if (role != NULL) + xfree(role); + if (con) + context_free(con); - -- return (sc); ++ + return (r); } - /* Set the execution context to the default for the specified user */ - void + /* Setup environment variables for pam_selinux */ +@@ -160,6 +342,8 @@ void ssh_selinux_setup_exec_context(char *pwname) { + security_context_t user_ctx = NULL; + int r = 0; + security_context_t default_ctx = NULL; - security_context_t user_ctx = NULL; if (!ssh_selinux_enabled()) -@@ -129,22 +327,45 @@ ssh_selinux_setup_exec_context(char *pwn + return; +@@ -184,22 +368,45 @@ ssh_selinux_setup_exec_context(char *pwn debug3("%s: setting execution context", __func__); @@ -403,7 +373,7 @@ diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-com debug3("%s: done", __func__); } -@@ -162,7 +383,10 @@ ssh_selinux_setup_pty(char *pwname, cons +@@ -217,7 +424,10 @@ ssh_selinux_setup_pty(char *pwname, cons debug3("%s: setting TTY context on %s", __func__, tty); @@ -415,10 +385,10 @@ diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-com /* XXX: should these calls fatal() upon failure in enforcing mode? */ -diff -up openssh-5.6p1/sshd.c.mls openssh-5.6p1/sshd.c ---- openssh-5.6p1/sshd.c.mls 2010-08-23 12:11:36.000000000 +0200 -+++ openssh-5.6p1/sshd.c 2010-08-23 12:11:37.000000000 +0200 -@@ -1997,6 +1997,9 @@ main(int ac, char **av) +diff -up openssh-5.8p1/sshd.c.mls openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.mls 2011-02-12 15:05:05.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-12 15:05:06.000000000 +0100 +@@ -2011,6 +2011,9 @@ main(int ac, char **av) restore_uid(); } #endif diff --git a/openssh-5.4p1-pam_selinux.patch b/openssh-5.8p1-pam_selinux.patch similarity index 79% rename from openssh-5.4p1-pam_selinux.patch rename to openssh-5.8p1-pam_selinux.patch index 6b601da..c8cceea 100644 --- a/openssh-5.4p1-pam_selinux.patch +++ b/openssh-5.8p1-pam_selinux.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.4p1/auth-pam.c.pam_selinux openssh-5.4p1/auth-pam.c ---- openssh-5.4p1/auth-pam.c.pam_selinux 2009-07-12 14:07:21.000000000 +0200 -+++ openssh-5.4p1/auth-pam.c 2010-03-01 15:27:23.000000000 +0100 +diff -up openssh-5.8p1/auth-pam.c.pam_selinux openssh-5.8p1/auth-pam.c +--- openssh-5.8p1/auth-pam.c.pam_selinux 2009-07-12 14:07:21.000000000 +0200 ++++ openssh-5.8p1/auth-pam.c 2011-02-12 10:49:57.000000000 +0100 @@ -1069,7 +1069,7 @@ is_pam_session_open(void) * during the ssh authentication process. */ @@ -10,9 +10,9 @@ diff -up openssh-5.4p1/auth-pam.c.pam_selinux openssh-5.4p1/auth-pam.c { int ret = 1; #ifdef HAVE_PAM_PUTENV -diff -up openssh-5.4p1/auth-pam.h.pam_selinux openssh-5.4p1/auth-pam.h ---- openssh-5.4p1/auth-pam.h.pam_selinux 2004-09-11 14:17:26.000000000 +0200 -+++ openssh-5.4p1/auth-pam.h 2010-03-01 15:27:23.000000000 +0100 +diff -up openssh-5.8p1/auth-pam.h.pam_selinux openssh-5.8p1/auth-pam.h +--- openssh-5.8p1/auth-pam.h.pam_selinux 2004-09-11 14:17:26.000000000 +0200 ++++ openssh-5.8p1/auth-pam.h 2011-02-12 10:49:57.000000000 +0100 @@ -38,7 +38,7 @@ void do_pam_session(void); void do_pam_set_tty(const char *); void do_pam_setcred(int ); @@ -22,9 +22,9 @@ diff -up openssh-5.4p1/auth-pam.h.pam_selinux openssh-5.4p1/auth-pam.h char ** fetch_pam_environment(void); char ** fetch_pam_child_environment(void); void free_pam_environment(char **); -diff -up openssh-5.4p1/openbsd-compat/port-linux.c.pam_selinux openssh-5.4p1/openbsd-compat/port-linux.c ---- openssh-5.4p1/openbsd-compat/port-linux.c.pam_selinux 2010-03-01 15:27:22.000000000 +0100 -+++ openssh-5.4p1/openbsd-compat/port-linux.c 2010-03-01 15:27:53.000000000 +0100 +diff -up openssh-5.8p1/openbsd-compat/port-linux.c.pam_selinux openssh-5.8p1/openbsd-compat/port-linux.c +--- openssh-5.8p1/openbsd-compat/port-linux.c.pam_selinux 2011-02-12 10:49:57.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-02-12 10:55:52.000000000 +0100 @@ -36,6 +36,7 @@ #include "hostfile.h" #include "auth.h" @@ -41,8 +41,8 @@ diff -up openssh-5.4p1/openbsd-compat/port-linux.c.pam_selinux openssh-5.4p1/ope extern Authctxt *the_authctxt; extern int inetd_flag; extern int rexeced_flag; -@@ -211,29 +213,38 @@ get_user_context(const char *sename, con - return -1; +@@ -197,29 +199,38 @@ get_user_context(const char *sename, con + return -1; } +static void @@ -92,7 +92,7 @@ diff -up openssh-5.4p1/openbsd-compat/port-linux.c.pam_selinux openssh-5.4p1/ope #ifdef HAVE_GETSEUSERBYNAME if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) { -@@ -314,6 +325,36 @@ ssh_selinux_getctxbyname(char *pwname, +@@ -300,6 +311,36 @@ ssh_selinux_getctxbyname(char *pwname, return (r); } @@ -129,7 +129,7 @@ diff -up openssh-5.4p1/openbsd-compat/port-linux.c.pam_selinux openssh-5.4p1/ope /* Set the execution context to the default for the specified user */ void ssh_selinux_setup_exec_context(char *pwname) -@@ -325,6 +366,24 @@ ssh_selinux_setup_exec_context(char *pwn +@@ -311,6 +352,24 @@ ssh_selinux_setup_exec_context(char *pwn if (!ssh_selinux_enabled()) return; diff --git a/openssh-5.3p1-randclean.patch b/openssh-5.8p1-randclean.patch similarity index 51% rename from openssh-5.3p1-randclean.patch rename to openssh-5.8p1-randclean.patch index 61a56d1..378f367 100644 --- a/openssh-5.3p1-randclean.patch +++ b/openssh-5.8p1-randclean.patch @@ -1,9 +1,9 @@ -diff -up openssh-5.3p1/entropy.c.randclean openssh-5.3p1/entropy.c ---- openssh-5.3p1/entropy.c.randclean 2010-01-21 09:26:30.000000000 +0100 -+++ openssh-5.3p1/entropy.c 2010-01-21 09:26:37.000000000 +0100 +diff -up openssh-5.8p1/entropy.c.randclean openssh-5.8p1/entropy.c +--- openssh-5.8p1/entropy.c.randclean 2011-01-13 11:05:29.000000000 +0100 ++++ openssh-5.8p1/entropy.c 2011-02-14 00:26:31.000000000 +0100 @@ -159,6 +159,9 @@ init_rng(void) fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); + "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); + /* clean the PRNG status when exiting the program */ + atexit(RAND_cleanup); diff --git a/openssh-5.8p1-selinux-role.patch b/openssh-5.8p1-selinux-role.patch new file mode 100644 index 0000000..f29ad9a --- /dev/null +++ b/openssh-5.8p1-selinux-role.patch @@ -0,0 +1,611 @@ +diff -up openssh-5.8p1/auth1.c.role openssh-5.8p1/auth1.c +--- openssh-5.8p1/auth1.c.role 2010-08-31 14:36:39.000000000 +0200 ++++ openssh-5.8p1/auth1.c 2011-02-12 14:34:11.000000000 +0100 +@@ -384,6 +384,9 @@ do_authentication(Authctxt *authctxt) + { + u_int ulen; + char *user, *style = NULL; ++#ifdef WITH_SELINUX ++ char *role=NULL; ++#endif + + /* Get the name of the user that we wish to log in as. */ + packet_read_expect(SSH_CMSG_USER); +@@ -392,11 +395,24 @@ do_authentication(Authctxt *authctxt) + user = packet_get_cstring(&ulen); + packet_check_eom(); + ++#ifdef WITH_SELINUX ++ if ((role = strchr(user, '/')) != NULL) ++ *role++ = '\0'; ++#endif ++ + if ((style = strchr(user, ':')) != NULL) + *style++ = '\0'; ++#ifdef WITH_SELINUX ++ else ++ if (role && (style = strchr(role, ':')) != NULL) ++ *style++ = '\0'; ++#endif + + authctxt->user = user; + authctxt->style = style; ++#ifdef WITH_SELINUX ++ authctxt->role = role; ++#endif + + /* Verify that the user is a valid user. */ + if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) +diff -up openssh-5.8p1/auth2.c.role openssh-5.8p1/auth2.c +--- openssh-5.8p1/auth2.c.role 2010-08-31 14:36:39.000000000 +0200 ++++ openssh-5.8p1/auth2.c 2011-02-12 14:34:11.000000000 +0100 +@@ -216,6 +216,9 @@ input_userauth_request(int type, u_int32 + Authctxt *authctxt = ctxt; + Authmethod *m = NULL; + char *user, *service, *method, *style = NULL; ++#ifdef WITH_SELINUX ++ char *role = NULL; ++#endif + int authenticated = 0; + + if (authctxt == NULL) +@@ -227,6 +230,11 @@ input_userauth_request(int type, u_int32 + debug("userauth-request for user %s service %s method %s", user, service, method); + debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); + ++#ifdef WITH_SELINUX ++ if ((role = strchr(user, '/')) != NULL) ++ *role++ = 0; ++#endif ++ + if ((style = strchr(user, ':')) != NULL) + *style++ = 0; + +@@ -252,8 +260,15 @@ input_userauth_request(int type, u_int32 + use_privsep ? " [net]" : ""); + authctxt->service = xstrdup(service); + authctxt->style = style ? xstrdup(style) : NULL; +- if (use_privsep) ++#ifdef WITH_SELINUX ++ authctxt->role = role ? xstrdup(role) : NULL; ++#endif ++ if (use_privsep) { + mm_inform_authserv(service, style); ++#ifdef WITH_SELINUX ++ mm_inform_authrole(role); ++#endif ++ } + userauth_banner(); + } else if (strcmp(user, authctxt->user) != 0 || + strcmp(service, authctxt->service) != 0) { +diff -up openssh-5.8p1/auth2-gss.c.role openssh-5.8p1/auth2-gss.c +--- openssh-5.8p1/auth2-gss.c.role 2007-12-02 12:59:45.000000000 +0100 ++++ openssh-5.8p1/auth2-gss.c 2011-02-12 14:34:11.000000000 +0100 +@@ -258,6 +258,7 @@ input_gssapi_mic(int type, u_int32_t ple + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt; + int authenticated = 0; ++ char *micuser; + Buffer b; + gss_buffer_desc mic, gssbuf; + u_int len; +@@ -270,7 +271,13 @@ input_gssapi_mic(int type, u_int32_t ple + mic.value = packet_get_string(&len); + mic.length = len; + +- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, ++#ifdef WITH_SELINUX ++ if (authctxt->role && (strlen(authctxt->role) > 0)) ++ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role); ++ else ++#endif ++ micuser = authctxt->user; ++ ssh_gssapi_buildmic(&b, micuser, authctxt->service, + "gssapi-with-mic"); + + gssbuf.value = buffer_ptr(&b); +@@ -282,6 +289,8 @@ input_gssapi_mic(int type, u_int32_t ple + logit("GSSAPI MIC check failed"); + + buffer_free(&b); ++ if (micuser != authctxt->user) ++ xfree(micuser); + xfree(mic.value); + + authctxt->postponed = 0; +diff -up openssh-5.8p1/auth2-hostbased.c.role openssh-5.8p1/auth2-hostbased.c +--- openssh-5.8p1/auth2-hostbased.c.role 2011-02-12 14:34:10.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-02-12 14:34:11.000000000 +0100 +@@ -106,7 +106,15 @@ userauth_hostbased(Authctxt *authctxt) + buffer_put_string(&b, session_id2, session_id2_len); + /* reconstruct packet */ + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); +- buffer_put_cstring(&b, authctxt->user); ++#ifdef WITH_SELINUX ++ if (authctxt->role) { ++ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1); ++ buffer_append(&b, authctxt->user, strlen(authctxt->user)); ++ buffer_put_char(&b, '/'); ++ buffer_append(&b, authctxt->role, strlen(authctxt->role)); ++ } else ++#endif ++ buffer_put_cstring(&b, authctxt->user); + buffer_put_cstring(&b, service); + buffer_put_cstring(&b, "hostbased"); + buffer_put_string(&b, pkalg, alen); +diff -up openssh-5.8p1/auth2-pubkey.c.role openssh-5.8p1/auth2-pubkey.c +--- openssh-5.8p1/auth2-pubkey.c.role 2011-02-12 14:34:11.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-12 14:34:11.000000000 +0100 +@@ -122,7 +122,15 @@ userauth_pubkey(Authctxt *authctxt) + } + /* reconstruct packet */ + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); +- buffer_put_cstring(&b, authctxt->user); ++#ifdef WITH_SELINUX ++ if (authctxt->role) { ++ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1); ++ buffer_append(&b, authctxt->user, strlen(authctxt->user)); ++ buffer_put_char(&b, '/'); ++ buffer_append(&b, authctxt->role, strlen(authctxt->role)); ++ } else ++#endif ++ buffer_put_cstring(&b, authctxt->user); + buffer_put_cstring(&b, + datafellows & SSH_BUG_PKSERVICE ? + "ssh-userauth" : +diff -up openssh-5.8p1/auth.h.role openssh-5.8p1/auth.h +--- openssh-5.8p1/auth.h.role 2011-02-12 14:34:10.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-02-12 14:34:11.000000000 +0100 +@@ -58,6 +58,9 @@ struct Authctxt { + char *service; + struct passwd *pw; /* set if 'valid' */ + char *style; ++#ifdef WITH_SELINUX ++ char *role; ++#endif + void *kbdintctxt; + void *jpake_ctx; + #ifdef BSD_AUTH +diff -up openssh-5.8p1/auth-pam.c.role openssh-5.8p1/auth-pam.c +--- openssh-5.8p1/auth-pam.c.role 2009-07-12 14:07:21.000000000 +0200 ++++ openssh-5.8p1/auth-pam.c 2011-02-12 14:34:11.000000000 +0100 +@@ -1069,7 +1069,7 @@ is_pam_session_open(void) + * during the ssh authentication process. + */ + int +-do_pam_putenv(char *name, char *value) ++do_pam_putenv(char *name, const char *value) + { + int ret = 1; + #ifdef HAVE_PAM_PUTENV +diff -up openssh-5.8p1/auth-pam.h.role openssh-5.8p1/auth-pam.h +--- openssh-5.8p1/auth-pam.h.role 2004-09-11 14:17:26.000000000 +0200 ++++ openssh-5.8p1/auth-pam.h 2011-02-12 14:34:11.000000000 +0100 +@@ -38,7 +38,7 @@ void do_pam_session(void); + void do_pam_set_tty(const char *); + void do_pam_setcred(int ); + void do_pam_chauthtok(void); +-int do_pam_putenv(char *, char *); ++int do_pam_putenv(char *, const char *); + char ** fetch_pam_environment(void); + char ** fetch_pam_child_environment(void); + void free_pam_environment(char **); +diff -up openssh-5.8p1/monitor.c.role openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.role 2011-02-12 14:34:11.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-12 14:34:11.000000000 +0100 +@@ -138,6 +138,9 @@ int mm_answer_sign(int, Buffer *); + int mm_answer_pwnamallow(int, Buffer *); + int mm_answer_auth2_read_banner(int, Buffer *); + int mm_answer_authserv(int, Buffer *); ++#ifdef WITH_SELINUX ++int mm_answer_authrole(int, Buffer *); ++#endif + int mm_answer_authpassword(int, Buffer *); + int mm_answer_bsdauthquery(int, Buffer *); + int mm_answer_bsdauthrespond(int, Buffer *); +@@ -218,6 +221,9 @@ struct mon_table mon_dispatch_proto20[] + {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, + {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, + {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, ++#ifdef WITH_SELINUX ++ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, ++#endif + {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, + {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, + #ifdef USE_PAM +@@ -703,6 +709,9 @@ mm_answer_pwnamallow(int sock, Buffer *m + else { + /* Allow service/style information on the auth context */ + monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); ++#ifdef WITH_SELINUX ++ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); ++#endif + monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); + } + +@@ -747,6 +756,25 @@ mm_answer_authserv(int sock, Buffer *m) + return (0); + } + ++#ifdef WITH_SELINUX ++int ++mm_answer_authrole(int sock, Buffer *m) ++{ ++ monitor_permit_authentications(1); ++ ++ authctxt->role = buffer_get_string(m, NULL); ++ debug3("%s: role=%s", ++ __func__, authctxt->role); ++ ++ if (strlen(authctxt->role) == 0) { ++ xfree(authctxt->role); ++ authctxt->role = NULL; ++ } ++ ++ return (0); ++} ++#endif ++ + int + mm_answer_authpassword(int sock, Buffer *m) + { +@@ -1112,7 +1140,7 @@ static int + monitor_valid_userblob(u_char *data, u_int datalen) + { + Buffer b; +- char *p; ++ char *p, *r; + u_int len; + int fail = 0; + +@@ -1138,6 +1166,8 @@ monitor_valid_userblob(u_char *data, u_i + if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) + fail++; + p = buffer_get_string(&b, NULL); ++ if ((r = strchr(p, '/')) != NULL) ++ *r = '\0'; + if (strcmp(authctxt->user, p) != 0) { + logit("wrong user name passed to monitor: expected %s != %.100s", + authctxt->user, p); +@@ -1169,7 +1199,7 @@ monitor_valid_hostbasedblob(u_char *data + char *chost) + { + Buffer b; +- char *p; ++ char *p, *r; + u_int len; + int fail = 0; + +@@ -1186,6 +1216,8 @@ monitor_valid_hostbasedblob(u_char *data + if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) + fail++; + p = buffer_get_string(&b, NULL); ++ if ((r = strchr(p, '/')) != NULL) ++ *r = '\0'; + if (strcmp(authctxt->user, p) != 0) { + logit("wrong user name passed to monitor: expected %s != %.100s", + authctxt->user, p); +diff -up openssh-5.8p1/monitor.h.role openssh-5.8p1/monitor.h +--- openssh-5.8p1/monitor.h.role 2011-02-12 14:34:11.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-12 14:34:11.000000000 +0100 +@@ -31,6 +31,9 @@ + enum monitor_reqtype { + MONITOR_REQ_MODULI, MONITOR_ANS_MODULI, + MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV, ++#ifdef WITH_SELINUX ++ MONITOR_REQ_AUTHROLE, ++#endif + MONITOR_REQ_SIGN, MONITOR_ANS_SIGN, + MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM, + MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER, +diff -up openssh-5.8p1/monitor_wrap.c.role openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.role 2011-02-12 14:34:11.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-12 14:34:11.000000000 +0100 +@@ -298,6 +298,25 @@ mm_inform_authserv(char *service, char * + buffer_free(&m); + } + ++/* Inform the privileged process about role */ ++ ++#ifdef WITH_SELINUX ++void ++mm_inform_authrole(char *role) ++{ ++ Buffer m; ++ ++ debug3("%s entering", __func__); ++ ++ buffer_init(&m); ++ buffer_put_cstring(&m, role ? role : ""); ++ ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m); ++ ++ buffer_free(&m); ++} ++#endif ++ + /* Do the password authentication */ + int + mm_auth_password(Authctxt *authctxt, char *password) +diff -up openssh-5.8p1/monitor_wrap.h.role openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.role 2011-02-12 14:34:11.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-12 14:34:11.000000000 +0100 +@@ -41,6 +41,9 @@ int mm_is_monitor(void); + DH *mm_choose_dh(int, int, int); + int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); + void mm_inform_authserv(char *, char *); ++#ifdef WITH_SELINUX ++void mm_inform_authrole(char *); ++#endif + struct passwd *mm_getpwnamallow(const char *); + char *mm_auth2_read_banner(void); + int mm_auth_password(struct Authctxt *, char *); +diff -up openssh-5.8p1/openbsd-compat/Makefile.in.role openssh-5.8p1/openbsd-compat/Makefile.in +--- openssh-5.8p1/openbsd-compat/Makefile.in.role 2010-10-07 13:19:24.000000000 +0200 ++++ openssh-5.8p1/openbsd-compat/Makefile.in 2011-02-12 14:34:11.000000000 +0100 +@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport + + COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o + +-PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o ++PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o + + .c.o: + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< +diff -up openssh-5.8p1/openbsd-compat/port-linux.c.role openssh-5.8p1/openbsd-compat/port-linux.c +--- openssh-5.8p1/openbsd-compat/port-linux.c.role 2011-02-12 14:34:11.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-02-12 14:37:31.000000000 +0100 +@@ -31,48 +31,73 @@ + + #include "log.h" + #include "xmalloc.h" ++#include "servconf.h" + #include "port-linux.h" ++#include "key.h" ++#include "hostfile.h" ++#include "auth.h" + + #ifdef WITH_SELINUX + #include + #include + #include + +-/* Wrapper around is_selinux_enabled() to log its return value once only */ +-int +-ssh_selinux_enabled(void) +-{ +- static int enabled = -1; ++extern ServerOptions options; ++extern Authctxt *the_authctxt; ++extern int inetd_flag; ++extern int rexeced_flag; + +- if (enabled == -1) { +- enabled = (is_selinux_enabled() == 1); +- debug("SELinux support %s", enabled ? "enabled" : "disabled"); ++static void ++ssh_selinux_get_role_level(char **role, const char **level) ++{ ++ *role = NULL; ++ *level = NULL; ++ if (the_authctxt) { ++ if (the_authctxt->role != NULL) { ++ char *slash; ++ *role = xstrdup(the_authctxt->role); ++ if ((slash = strchr(*role, '/')) != NULL) { ++ *slash = '\0'; ++ *level = slash + 1; ++ } ++ } + } +- +- return (enabled); + } + + /* Return the default security context for the given username */ + static security_context_t + ssh_selinux_getctxbyname(char *pwname) + { +- security_context_t sc; +- char *sename = NULL, *lvl = NULL; +- int r; ++ security_context_t sc = NULL; ++ char *sename, *lvl; ++ char *role; ++ const char *reqlvl; ++ int r = 0; + ++ ssh_selinux_get_role_level(&role, &reqlvl); + #ifdef HAVE_GETSEUSERBYNAME +- if (getseuserbyname(pwname, &sename, &lvl) != 0) +- return NULL; ++ if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) { ++ sename = NULL; ++ lvl = NULL; ++ } + #else + sename = pwname; + lvl = NULL; + #endif + ++ if (r == 0) { + #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL +- r = get_default_context_with_level(sename, lvl, NULL, &sc); ++ if (role != NULL && role[0]) ++ r = get_default_context_with_rolelevel(sename, role, lvl, NULL, &sc); ++ else ++ r = get_default_context_with_level(sename, lvl, NULL, &sc); + #else +- r = get_default_context(sename, NULL, &sc); ++ if (role != NULL && role[0]) ++ r = get_default_context_with_role(sename, role, NULL, &sc); ++ else ++ r = get_default_context(sename, NULL, &sc); + #endif ++ } + + if (r != 0) { + switch (security_getenforce()) { +@@ -100,6 +125,36 @@ ssh_selinux_getctxbyname(char *pwname) + return (sc); + } + ++/* Setup environment variables for pam_selinux */ ++static int ++ssh_selinux_setup_pam_variables(void) ++{ ++ const char *reqlvl; ++ char *role; ++ char *use_current; ++ int rv; ++ ++ debug3("%s: setting execution context", __func__); ++ ++ ssh_selinux_get_role_level(&role, &reqlvl); ++ ++ rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : ""); ++ ++ if (inetd_flag && !rexeced_flag) { ++ use_current = "1"; ++ } else { ++ use_current = ""; ++ rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); ++ } ++ ++ rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current); ++ ++ if (role != NULL) ++ xfree(role); ++ ++ return rv; ++} ++ + /* Set the execution context to the default for the specified user */ + void + ssh_selinux_setup_exec_context(char *pwname) +@@ -109,6 +164,24 @@ ssh_selinux_setup_exec_context(char *pwn + if (!ssh_selinux_enabled()) + return; + ++ if (options.use_pam) { ++ /* do not compute context, just setup environment for pam_selinux */ ++ if (ssh_selinux_setup_pam_variables()) { ++ switch (security_getenforce()) { ++ case -1: ++ fatal("%s: security_getenforce() failed", __func__); ++ case 0: ++ error("%s: SELinux PAM variable setup failure. Continuing in permissive mode.", ++ __func__); ++ break; ++ default: ++ fatal("%s: SELinux PAM variable setup failure. Aborting connection.", ++ __func__); ++ } ++ } ++ return; ++ } ++ + debug3("%s: setting execution context", __func__); + + user_ctx = ssh_selinux_getctxbyname(pwname); +@@ -206,21 +279,6 @@ ssh_selinux_change_context(const char *n + xfree(newctx); + } + +-void +-ssh_selinux_setfscreatecon(const char *path) +-{ +- security_context_t context; +- +- if (!ssh_selinux_enabled()) +- return; +- if (path == NULL) { +- setfscreatecon(NULL); +- return; +- } +- if (matchpathcon(path, 0700, &context) == 0) +- setfscreatecon(context); +-} +- + #endif /* WITH_SELINUX */ + + #ifdef LINUX_OOM_ADJUST +diff -up openssh-5.8p1/openbsd-compat/port-linux_part_2.c.role openssh-5.8p1/openbsd-compat/port-linux_part_2.c +--- openssh-5.8p1/openbsd-compat/port-linux_part_2.c.role 2011-02-12 14:34:11.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/port-linux_part_2.c 2011-02-12 14:34:11.000000000 +0100 +@@ -0,0 +1,75 @@ ++/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ ++ ++/* ++ * Copyright (c) 2005 Daniel Walsh ++ * Copyright (c) 2006 Damien Miller ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ */ ++ ++/* ++ * Linux-specific portability code - just SELinux support at present ++ */ ++ ++#include "includes.h" ++ ++#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) ++#include ++#include ++#include ++#include ++ ++#include "log.h" ++#include "xmalloc.h" ++#include "port-linux.h" ++#include "key.h" ++#include "hostfile.h" ++#include "auth.h" ++ ++#ifdef WITH_SELINUX ++#include ++#include ++#include ++ ++/* Wrapper around is_selinux_enabled() to log its return value once only */ ++int ++ssh_selinux_enabled(void) ++{ ++ static int enabled = -1; ++ ++ if (enabled == -1) { ++ enabled = (is_selinux_enabled() == 1); ++ debug("SELinux support %s", enabled ? "enabled" : "disabled"); ++ } ++ ++ return (enabled); ++} ++ ++void ++ssh_selinux_setfscreatecon(const char *path) ++{ ++ security_context_t context; ++ ++ if (!ssh_selinux_enabled()) ++ return; ++ if (path == NULL) { ++ setfscreatecon(NULL); ++ return; ++ } ++ if (matchpathcon(path, 0700, &context) == 0) ++ setfscreatecon(context); ++} ++ ++#endif /* WITH_SELINUX */ ++ ++#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ diff --git a/openssh-5.8p1-selinux.patch b/openssh-5.8p1-selinux.patch new file mode 100644 index 0000000..6967cbd --- /dev/null +++ b/openssh-5.8p1-selinux.patch @@ -0,0 +1,12 @@ +diff -up openssh-5.8p1/openbsd-compat/port-linux.c.selinux openssh-5.8p1/openbsd-compat/port-linux.c +--- openssh-5.8p1/openbsd-compat/port-linux.c.selinux 2011-02-12 09:38:45.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-02-12 09:39:10.000000000 +0100 +@@ -213,7 +213,7 @@ ssh_selinux_setfscreatecon(const char *p + + if (!ssh_selinux_enabled()) + return; +- if (path == NULL) ++ if (path == NULL) { + setfscreatecon(NULL); + return; + } diff --git a/openssh-5.2p1-vendor.patch b/openssh-5.8p1-vendor.patch similarity index 68% rename from openssh-5.2p1-vendor.patch rename to openssh-5.8p1-vendor.patch index f6db132..2e26d58 100644 --- a/openssh-5.2p1-vendor.patch +++ b/openssh-5.8p1-vendor.patch @@ -1,7 +1,7 @@ -diff -up openssh-5.2p1/configure.ac.vendor openssh-5.2p1/configure.ac ---- openssh-5.2p1/configure.ac.vendor 2008-07-23 14:13:22.000000000 +0200 -+++ openssh-5.2p1/configure.ac 2008-07-23 14:13:22.000000000 +0200 -@@ -3890,6 +3890,12 @@ AC_ARG_WITH(lastlog, +diff -up openssh-5.8p1/configure.ac.vendor openssh-5.8p1/configure.ac +--- openssh-5.8p1/configure.ac.vendor 2011-02-04 01:42:14.000000000 +0100 ++++ openssh-5.8p1/configure.ac 2011-02-09 22:39:55.000000000 +0100 +@@ -4097,6 +4097,12 @@ AC_ARG_WITH(lastlog, fi ] ) @@ -14,7 +14,7 @@ diff -up openssh-5.2p1/configure.ac.vendor openssh-5.2p1/configure.ac dnl lastlog, [uw]tmpx? detection dnl NOTE: set the paths in the platform section to avoid the -@@ -4146,6 +4152,7 @@ echo " IP address in \$DISPLAY hac +@@ -4327,6 +4333,7 @@ echo " IP address in \$DISPLAY hac echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" echo " Random number source: $RAND_MSG" @@ -22,10 +22,94 @@ diff -up openssh-5.2p1/configure.ac.vendor openssh-5.2p1/configure.ac if test ! -z "$USE_RAND_HELPER" ; then echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" fi -diff -up openssh-5.2p1/sshd_config.5.vendor openssh-5.2p1/sshd_config.5 ---- openssh-5.2p1/sshd_config.5.vendor 2008-07-23 14:13:22.000000000 +0200 -+++ openssh-5.2p1/sshd_config.5 2008-07-23 14:19:23.000000000 +0200 -@@ -812,6 +812,14 @@ This option applies to protocol version +diff -up openssh-5.8p1/servconf.c.vendor openssh-5.8p1/servconf.c +--- openssh-5.8p1/servconf.c.vendor 2010-11-20 05:19:38.000000000 +0100 ++++ openssh-5.8p1/servconf.c 2011-02-09 22:41:32.000000000 +0100 +@@ -123,6 +123,7 @@ initialize_server_options(ServerOptions + options->max_authtries = -1; + options->max_sessions = -1; + options->banner = NULL; ++ options->show_patchlevel = -1; + options->use_dns = -1; + options->client_alive_interval = -1; + options->client_alive_count_max = -1; +@@ -281,7 +282,9 @@ fill_default_server_options(ServerOption + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) + options->ip_qos_bulk = IPTOS_THROUGHPUT; +- ++ if (options->show_patchlevel == -1) ++ options->show_patchlevel = 0; ++ + /* Turn privilege separation on by default */ + if (use_privsep == -1) + use_privsep = 1; +@@ -319,7 +322,7 @@ typedef enum { + sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, + sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, + sMaxStartups, sMaxAuthTries, sMaxSessions, +- sBanner, sUseDNS, sHostbasedAuthentication, ++ sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication, + sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, + sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, +@@ -432,6 +435,7 @@ static struct { + { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, + { "maxsessions", sMaxSessions, SSHCFG_ALL }, + { "banner", sBanner, SSHCFG_ALL }, ++ { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL }, + { "usedns", sUseDNS, SSHCFG_GLOBAL }, + { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, + { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, +@@ -1086,6 +1090,10 @@ process_server_config_line(ServerOptions + intptr = &use_privsep; + goto parse_flag; + ++ case sShowPatchLevel: ++ intptr = &options->show_patchlevel; ++ goto parse_flag; ++ + case sAllowUsers: + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (options->num_allow_users >= MAX_ALLOW_USERS) +@@ -1726,6 +1734,7 @@ dump_config(ServerOptions *o) + dump_cfg_fmtint(sUseLogin, o->use_login); + dump_cfg_fmtint(sCompression, o->compression); + dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); ++ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); + dump_cfg_fmtint(sUseDNS, o->use_dns); + dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); + dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); +diff -up openssh-5.8p1/servconf.h.vendor openssh-5.8p1/servconf.h +--- openssh-5.8p1/servconf.h.vendor 2010-11-20 05:19:38.000000000 +0100 ++++ openssh-5.8p1/servconf.h 2011-02-09 22:39:55.000000000 +0100 +@@ -134,6 +134,7 @@ typedef struct { + int max_authtries; + int max_sessions; + char *banner; /* SSH-2 banner message */ ++ int show_patchlevel; /* Show vendor patch level to clients */ + int use_dns; + int client_alive_interval; /* + * poke the client this often to +diff -up openssh-5.8p1/sshd_config.0.vendor openssh-5.8p1/sshd_config.0 +--- openssh-5.8p1/sshd_config.0.vendor 2011-02-09 22:39:54.000000000 +0100 ++++ openssh-5.8p1/sshd_config.0 2011-02-09 22:39:55.000000000 +0100 +@@ -535,6 +535,11 @@ DESCRIPTION + Defines the number of bits in the ephemeral protocol version 1 + server key. The minimum value is 512, and the default is 1024. + ++ ShowPatchLevel ++ Specifies whether sshd will display the specific patch level of ++ the binary in the server identification string. The patch level ++ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^]. ++ + StrictModes + Specifies whether sshd(8) should check file modes and ownership + of the user's files and home directory before accepting login. +diff -up openssh-5.8p1/sshd_config.5.vendor openssh-5.8p1/sshd_config.5 +--- openssh-5.8p1/sshd_config.5.vendor 2011-02-09 22:39:54.000000000 +0100 ++++ openssh-5.8p1/sshd_config.5 2011-02-09 22:39:55.000000000 +0100 +@@ -931,6 +931,14 @@ This option applies to protocol version .It Cm ServerKeyBits Defines the number of bits in the ephemeral protocol version 1 server key. The minimum value is 512, and the default is 1024. @@ -40,92 +124,9 @@ diff -up openssh-5.2p1/sshd_config.5.vendor openssh-5.2p1/sshd_config.5 .It Cm StrictModes Specifies whether .Xr sshd 8 -diff -up openssh-5.2p1/servconf.h.vendor openssh-5.2p1/servconf.h ---- openssh-5.2p1/servconf.h.vendor 2008-06-10 15:01:51.000000000 +0200 -+++ openssh-5.2p1/servconf.h 2008-07-23 14:13:22.000000000 +0200 -@@ -126,6 +126,7 @@ typedef struct { - int max_authtries; - int max_sessions; - char *banner; /* SSH-2 banner message */ -+ int show_patchlevel; /* Show vendor patch level to clients */ - int use_dns; - int client_alive_interval; /* - * poke the client this often to -diff -up openssh-5.2p1/servconf.c.vendor openssh-5.2p1/servconf.c ---- openssh-5.2p1/servconf.c.vendor 2008-07-04 05:51:12.000000000 +0200 -+++ openssh-5.2p1/servconf.c 2008-07-23 14:32:27.000000000 +0200 -@@ -117,6 +117,7 @@ initialize_server_options(ServerOptions - options->max_authtries = -1; - options->max_sessions = -1; - options->banner = NULL; -+ options->show_patchlevel = -1; - options->use_dns = -1; - options->client_alive_interval = -1; - options->client_alive_count_max = -1; -@@ -262,6 +263,9 @@ fill_default_server_options(ServerOption - if (options->zero_knowledge_password_authentication == -1) - options->zero_knowledge_password_authentication = 0; - -+ if (options->show_patchlevel == -1) -+ options->show_patchlevel = 0; -+ - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = 1; -@@ -299,7 +303,7 @@ typedef enum { - sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, - sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, - sMaxStartups, sMaxAuthTries, sMaxSessions, -- sBanner, sUseDNS, sHostbasedAuthentication, -+ sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, -@@ -410,6 +414,7 @@ static struct { - { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, - { "maxsessions", sMaxSessions, SSHCFG_ALL }, - { "banner", sBanner, SSHCFG_ALL }, -+ { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL }, - { "usedns", sUseDNS, SSHCFG_GLOBAL }, - { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, - { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, -@@ -1033,6 +1038,10 @@ process_server_config_line(ServerOptions - intptr = &use_privsep; - goto parse_flag; - -+ case sShowPatchLevel: -+ intptr = &options->show_patchlevel; -+ goto parse_flag; -+ - case sAllowUsers: - while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_allow_users >= MAX_ALLOW_USERS) -@@ -1613,6 +1622,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sUseLogin, o->use_login); - dump_cfg_fmtint(sCompression, o->compression); - dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); -+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); - dump_cfg_fmtint(sUseDNS, o->use_dns); - dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); -diff -up openssh-5.2p1/sshd_config.0.vendor openssh-5.2p1/sshd_config.0 ---- openssh-5.2p1/sshd_config.0.vendor 2008-07-23 14:13:22.000000000 +0200 -+++ openssh-5.2p1/sshd_config.0 2008-07-23 14:13:22.000000000 +0200 -@@ -466,6 +466,11 @@ DESCRIPTION - Defines the number of bits in the ephemeral protocol version 1 - server key. The minimum value is 512, and the default is 1024. - -+ ShowPatchLevel -+ Specifies whether sshd will display the specific patch level of -+ the binary in the server identification string. The patch level -+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^]. -+ - StrictModes - Specifies whether sshd(8) should check file modes and ownership - of the user's files and home directory before accepting login. -diff -up openssh-5.2p1/sshd_config.vendor openssh-5.2p1/sshd_config ---- openssh-5.2p1/sshd_config.vendor 2008-07-23 14:13:22.000000000 +0200 -+++ openssh-5.2p1/sshd_config 2008-07-23 14:13:22.000000000 +0200 +diff -up openssh-5.8p1/sshd_config.vendor openssh-5.8p1/sshd_config +--- openssh-5.8p1/sshd_config.vendor 2011-02-09 22:39:54.000000000 +0100 ++++ openssh-5.8p1/sshd_config 2011-02-09 22:39:55.000000000 +0100 @@ -112,6 +112,7 @@ X11Forwarding yes #Compression delayed #ClientAliveInterval 0 @@ -134,10 +135,10 @@ diff -up openssh-5.2p1/sshd_config.vendor openssh-5.2p1/sshd_config #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 -diff -up openssh-5.2p1/sshd.c.vendor openssh-5.2p1/sshd.c ---- openssh-5.2p1/sshd.c.vendor 2008-07-11 09:36:49.000000000 +0200 -+++ openssh-5.2p1/sshd.c 2008-07-23 14:35:43.000000000 +0200 -@@ -416,7 +416,7 @@ sshd_exchange_identification(int sock_in +diff -up openssh-5.8p1/sshd.c.vendor openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.vendor 2011-02-09 22:39:55.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-09 22:39:55.000000000 +0100 +@@ -419,7 +419,7 @@ sshd_exchange_identification(int sock_in minor = PROTOCOL_MINOR_1; } snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, @@ -146,7 +147,7 @@ diff -up openssh-5.2p1/sshd.c.vendor openssh-5.2p1/sshd.c server_version_string = xstrdup(buf); /* Send our protocol version identification. */ -@@ -1484,7 +1484,8 @@ main(int ac, char **av) +@@ -1550,7 +1550,8 @@ main(int ac, char **av) exit(1); } diff --git a/openssh.spec b/openssh.spec index 62fa9d0..e2a1dc2 100644 --- a/openssh.spec +++ b/openssh.spec @@ -70,10 +70,10 @@ %endif # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 -%define openssh_ver 5.6p1 -%define openssh_rel 30 +%define openssh_ver 5.8p1 +%define openssh_rel 1 %define pam_ssh_agent_ver 0.9.2 -%define pam_ssh_agent_rel 29 +%define pam_ssh_agent_rel 30 Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh @@ -96,49 +96,54 @@ Source5: pam_ssh_agent-rmheaders Patch100: openssh-5.6p1-wIm.patch Patch0: openssh-5.6p1-redhat.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1402 -Patch1: openssh-5.6p1-audit.patch -Patch2: openssh-5.6p1-audit1a.patch -Patch3: openssh-5.6p1-audit2.patch -Patch4: openssh-5.6p1-audit3.patch -Patch104: openssh-5.6p1-audit4.patch -Patch105: openssh-5.6p1-audit5.patch +Patch2: openssh-5.8p1-audit2.patch +Patch3: openssh-5.8p1-audit3.patch +Patch4: openssh-5.8p1-audit4.patch +Patch5: openssh-5.8p1-audit5.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 -Patch5: openssh-5.2p1-vendor.patch +Patch9: openssh-5.8p1-vendor.patch +# --- pam_ssh-agent --- Patch10: pam_ssh_agent_auth-0.9-build.patch Patch11: pam_ssh_agent_auth-0.9.2-seteuid.patch -#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 -Patch12: openssh-5.4p1-selinux.patch -Patch13: openssh-5.6p1-mls.patch -Patch18: openssh-5.4p1-pam_selinux.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1663 -Patch20: openssh-5.6p1-authorized-keys-command.patch +Patch20: openssh-5.8p1-authorized-keys-command.patch Patch21: openssh-5.6p1-ldap.patch +#?mail-conf +Patch22: openssh-5.8p1-selinux.patch +#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 +Patch23: openssh-5.8p1-selinux-role.patch +#? +Patch24: openssh-5.8p1-mls.patch +# #https://bugzilla.mindrot.org/show_bug.cgi?id=1614 +# Patch25: openssh-5.6p1-selabel.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1668 -Patch23: openssh-5.6p1-keygen.patch -Patch24: openssh-4.3p1-fromto-remote.patch -#https://bugzilla.mindrot.org/show_bug.cgi?id=1636 -Patch27: openssh-5.1p1-log-in-chroot.patch -Patch30: openssh-5.6p1-exit-deadlock.patch -Patch35: openssh-5.1p1-askpass-progress.patch -Patch38: openssh-4.3p2-askpass-grab-info.patch +Patch30: openssh-5.6p1-keygen.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1644 -Patch44: openssh-5.2p1-allow-ip-opts.patch -Patch49: openssh-4.3p2-gssapi-canohost.patch -Patch62: openssh-5.1p1-scp-manpage.patch -Patch65: openssh-5.6p1-fips.patch -#https://bugzilla.mindrot.org/show_bug.cgi?id=1614 -Patch69: openssh-5.6p1-selabel.patch -Patch71: openssh-5.2p1-edns.patch -Patch73: openssh-5.6p1-gsskex.patch +Patch31: openssh-5.2p1-allow-ip-opts.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1701 -Patch74: openssh-5.3p1-randclean.patch +Patch32: openssh-5.8p1-randclean.patch +# #https://bugzilla.mindrot.org/show_bug.cgi?id=1636 +# Patch33: openssh-5.1p1-log-in-chroot.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1780 -Patch78: openssh-5.6p1-kuserok.patch -Patch79: openssh-5.5p1-x11.patch -#https://bugzilla.mindrot.org/show_bug.cgi?id=1817 -Patch80: openssh-5.6p1-biguid.patch -#https://bugzilla.mindrot.org/show_bug.cgi?id=1842 -Patch81: openssh-5.6p1-clientloop.patch +Patch34: openssh-5.8p1-kuserok.patch +#? +Patch50: openssh-5.8p1-fips.patch +#? +Patch51: openssh-5.5p1-x11.patch +#? +Patch52: openssh-5.6p1-exit-deadlock.patch +#? +Patch53: openssh-5.1p1-askpass-progress.patch +#? +Patch54: openssh-4.3p2-askpass-grab-info.patch +#? +Patch56: openssh-5.2p1-edns.patch +#? +Patch57: openssh-5.1p1-scp-manpage.patch +#http://www.sxw.org.uk/computing/patches/openssh.html +Patch60: openssh-5.8p1-gsskex.patch +#? +Patch61: openssh-5.8p1-gssapi-canohost.patch License: BSD Group: Applications/Internet @@ -278,14 +283,11 @@ The module is most useful for su and sudo service stacks. #Do not enable by default ###%patch100 -p1 -b .wIm %patch0 -p1 -b .redhat -%patch1 -p1 -b .audit -%patch2 -p1 -b .audit1a -%patch3 -p1 -b .audit2 -%patch4 -p1 -b .audit3 -%patch104 -p1 -b .audit4 -%patch105 -p1 -b .audit5 -%patch5 -p1 -b .vendor - +%patch2 -p1 -b .audit2 +%patch3 -p1 -b .audit3 +%patch4 -p1 -b .audit4 +%patch5 -p1 -b .audit5 +%patch9 -p1 -b .vendor %if %{pam_ssh_agent} pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} %patch10 -p1 -b .psaa-build @@ -294,34 +296,27 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} rm -f $(cat %{SOURCE5}) popd %endif - -%if %{WITH_SELINUX} -#SELinux -%patch12 -p1 -b .selinux -%patch13 -p1 -b .mls -%patch18 -p1 -b .pam_selinux -%endif - %patch20 -p1 -b .akc %patch21 -p1 -b .ldap -%patch23 -p1 -b .keygen -%patch24 -p1 -b .fromto-remote -%patch27 -p1 -b .log-chroot -%patch30 -p1 -b .exit-deadlock -%patch35 -p1 -b .progress -%patch38 -p1 -b .grab-info -%patch44 -p1 -b .ip-opts -%patch49 -p1 -b .canohost -%patch62 -p1 -b .manpage -%patch65 -p1 -b .fips -%patch69 -p1 -b .selabel -%patch71 -p1 -b .edns -%patch73 -p1 -b .gsskex -%patch74 -p1 -b .randclean -%patch78 -p1 -b .kuserok -%patch79 -p1 -b .x11 -%patch80 -p1 -b .biguid -%patch81 -p1 -b .clientloop +%if %{WITH_SELINUX} +#SELinux +%patch22 -p1 -b .selinux +%patch23 -p1 -b .role +%patch24 -p1 -b .mls +%endif +%patch30 -p1 -b .keygen +%patch31 -p1 -b .ip-opts +%patch32 -p1 -b .randclean +%patch34 -p1 -b .kuserok +%patch50 -p1 -b .fips +%patch51 -p1 -b .x11 +%patch52 -p1 -b .exit-deadlock +%patch53 -p1 -b .progress +%patch54 -p1 -b .grab-info +%patch56 -p1 -b .edns +%patch57 -p1 -b .manpage +%patch60 -p1 -b .gsskex +%patch61 -p1 -b .canohost autoreconf pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -339,9 +334,13 @@ CFLAGS="$CFLAGS -fPIC" %else CFLAGS="$CFLAGS -fpic" %endif -export CFLAGS SAVE_LDFLAGS="$LDFLAGS" -LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS +LDFLAGS="$LDFLAGS -pie -z relro -z now" + +export CFLAGS +export LDFLAGS + + %endif %if %{kerberos5} if test -r /etc/profile.d/krb5-devel.sh ; then @@ -603,6 +602,9 @@ fi %endif %changelog +* Mon Feb 14 2011 Jan F. Chadima - 5.8p1-1 + 0.9.2-30 +- bump openssh version to 5.8p1 + * Tue Feb 08 2011 Fedora Release Engineering - 5.6p1-30.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/sources b/sources index 0654206..de9e9e4 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -acf3e8e40ca5c8b7174202dbe4c4e76b openssh-5.6p1-noacss.tar.bz2 +9ada688cb55f609e7b360177f25e89bd openssh-5.8p1-noacss.tar.bz2 b68f1c385d7885fbe2c3626bf77aa3d6 pam_ssh_agent_auth-0.9.2.tar.bz2