openssh-7.2p1-1 (#1312870)

This commit is contained in:
Jakub Jelen 2016-02-19 14:42:33 +01:00
parent 46445f1c7a
commit 13073f8d9c
25 changed files with 430 additions and 1444 deletions

1
.gitignore vendored
View File

@ -20,3 +20,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
/openssh-7.1p1.tar.gz
/openssh-7.1p2.tar.gz
/pam_ssh_agent_auth-0.10.2.tar.bz2
/openssh-7.2p1.tar.gz

View File

@ -117,15 +117,14 @@ diff -up openssh-6.8p1/monitor.h.log-in-chroot openssh-6.8p1/monitor.h
diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
--- openssh-6.8p1/session.c.log-in-chroot 2015-03-18 12:59:29.675022359 +0100
+++ openssh-6.8p1/session.c 2015-03-18 12:59:29.696022308 +0100
@@ -161,6 +161,8 @@ login_cap_t *lc;
@@ -161,6 +161,7 @@ login_cap_t *lc;
static int is_child = 0;
static int in_chroot = 0;
+static int have_dev_log = 1;
+
/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
static char *auth_sock_dir = NULL;
@@ -506,8 +508,8 @@ do_exec_no_pty(Session *s, const char *c
is_child = 1;
@ -150,8 +149,8 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
@@ -780,6 +782,7 @@ do_exec(Session *s, const char *command)
int ret;
const char *forced = NULL;
char session_type[1024], *tty = NULL;
const char *forced = NULL, *tty = NULL;
char session_type[1024];
+ struct stat dev_log_stat;
if (options.adm_forced_command) {
@ -164,7 +163,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
+ have_dev_log = 0;
+ }
+
verbose("Starting session: %s%s%s for %s from %.200s port %d",
verbose("Starting session: %s%s%s for %s from %.200s port %d id %d",
session_type,
tty == NULL ? "" : " on ",
@@ -1678,14 +1685,6 @@ child_close_fds(void)
@ -233,8 +232,8 @@ diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c
fd_set *rset, *wset;
int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
@@ -1515,7 +1515,7 @@ sftp_server_main(int argc, char **argv,
extern char *__progname;
ssh_malloc_init(); /* must be called before any mallocs */
__progname = ssh_get_progname(argv[0]);
- log_init(__progname, log_level, log_facility, log_stderr);
+ log_init_handler(__progname, log_level, log_facility, log_stderr, reset_handler);

View File

@ -115,7 +115,7 @@ index 2871fe9..39b9c08 100644
+ sshd_selinux_change_privsep_preauth_context();
#endif
/* Change our root directory */
/* Demote the child */
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 12c014e..c5ef2ff 100644
--- a/openbsd-compat/port-linux.c

View File

@ -106,9 +106,9 @@ diff -up openssh-7.0p1/sshd_config.5.GSSAPIEnablek5users openssh-7.0p1/sshd_conf
--- openssh-7.0p1/sshd_config.5.GSSAPIEnablek5users 2015-08-12 11:27:44.023407950 +0200
+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:27:44.048407911 +0200
@@ -633,6 +633,12 @@ on logout.
on logout.
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIEnablek5users
+Specifies whether to look at .k5users file for GSSAPI authentication
+access control. Further details are described in

View File

@ -25,8 +25,8 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
+ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -326,6 +330,7 @@ install-files:
$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \

View File

@ -59,8 +59,8 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
+ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o
+ $(LD) -o $@ ssh-keycat.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(SSHLIBS)
+
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -321,6 +325,7 @@ install-files:
$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \

View File

@ -190,8 +190,8 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c
+ if (options->use_kuserok == -1)
+ options->use_kuserok = 1;
if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 ||
kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 ||
assemble_algorithms(options);
@@ -404,7 +407,7 @@ typedef enum {
sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,

View File

@ -47,15 +47,6 @@ diff --git a/session.c b/session.c
index 2bcf818..b5dc144 100644
--- a/session.c
+++ b/session.c
@@ -1532,7 +1532,7 @@ void
do_setusercontext(struct passwd *pw)
{
char *chroot_path, *tmp;
-#ifdef USE_LIBIAF
+#if defined(USE_LIBIAF) || defined(WITH_SELINUX)
int doing_chroot = 0;
#endif
@@ -1538,6 +1538,9 @@ do_setusercontext(struct passwd *pw)
pw->pw_uid);
chroot_path = percent_expand(tmp, "h", pw->pw_dir,
@ -66,22 +57,13 @@ index 2bcf818..b5dc144 100644
safely_chroot(chroot_path, pw->pw_uid);
free(tmp);
free(chroot_path);
@@ -1557,7 +1557,7 @@ do_setusercontext(struct passwd *pw)
/* Make sure we don't attempt to chroot again */
free(options.chroot_directory);
options.chroot_directory = NULL;
-#ifdef USE_LIBIAF
+#if defined(USE_LIBIAF) || defined(WITH_SELINUX)
doing_chroot = 1;
#endif
}
@@ -1565,6 +1568,11 @@ do_setusercontext(struct passwd *pw)
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
+
+#ifdef WITH_SELINUX
+ if (doing_chroot == 0)
+ if (in_chroot == 0)
+ sshd_selinux_copy_context();
+#endif
} else if (options.chroot_directory != NULL &&
@ -119,9 +101,9 @@ index 07f9926..a97f8b7 100644
+ ssh_selinux_change_context("sshd_net_t");
+#endif
+
/* Demote the child */
if (getuid() == 0 || geteuid() == 0) {
/* Change our root directory */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@@ -755,6 +755,9 @@ privsep_postauth(Authctxt *authctxt)
#ifdef DISABLE_FD_PASSING

View File

@ -355,7 +355,7 @@ diff -up openssh-6.8p1/monitor_wrap.h.role-mls openssh-6.8p1/monitor_wrap.h
+++ openssh-6.8p1/monitor_wrap.h 2015-03-18 11:10:32.343936171 +0100
@@ -42,6 +42,9 @@ int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int);
int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *);
void mm_inform_authserv(char *, char *);
+#ifdef WITH_SELINUX
+void mm_inform_authrole(char *);

View File

@ -59,9 +59,9 @@ diff -up openssh-6.8p1/sshconnect.c.set_remote_ipaddr openssh-6.8p1/sshconnect.c
--- openssh-6.8p1/sshconnect.c.set_remote_ipaddr 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/sshconnect.c 2015-03-18 12:40:58.096788804 +0100
@@ -65,6 +65,7 @@
#include "version.h"
#include "authfile.h"
#include "ssherr.h"
#include "authfd.h"
+#include "canohost.h"
char *client_version_string = NULL;

View File

@ -415,7 +415,7 @@ diff -up openssh-6.8p1/sshd.c.coverity openssh-6.8p1/sshd.c
--- openssh-6.8p1/sshd.c.coverity 2015-03-18 17:21:51.893264839 +0100
+++ openssh-6.8p1/sshd.c 2015-03-18 17:21:58.284251454 +0100
@@ -778,8 +778,10 @@ privsep_preauth(Authctxt *authctxt)
if (getuid() == 0 || geteuid() == 0)
privsep_preauth_child();
setproctitle("%s", "[net]");
- if (box != NULL)

View File

@ -92,7 +92,7 @@ diff -up openssh-7.0p1/dh.h.fips openssh-7.0p1/dh.h
@@ -46,6 +46,7 @@ u_int dh_estimate(int);
/* Min and max values from RFC4419. */
#define DH_GRP_MIN 1024
#define DH_GRP_MIN 2048
+#define DH_GRP_MIN_FIPS 2048
#define DH_GRP_MAX 8192
@ -296,18 +296,18 @@ diff -up openssh-7.0p1/Makefile.in.fips openssh-7.0p1/Makefile.in
- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o
- $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o
- $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
@@ -204,7 +204,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
$(LD) -o $@ ssh-cavs.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
- $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)

View File

@ -22,11 +22,11 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o roaming_dummy.o
+ $(LD) -o $@ ssh-cavs.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
+ $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -331,6 +335,8 @@ install-files:
fi

View File

@ -148,8 +148,8 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
LIBOPENSSH_OBJS=\
ssh_api.o \
@@ -112,8 +115,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
sandbox-seccomp-filter.o sandbox-capsicum.o
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
sandbox-solaris.o
-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@ -165,8 +165,8 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
+ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o sshbuf-getput-basic.o ssherr.o
+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o sshbuf-getput-basic.o ssherr.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -311,6 +317,10 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
@ -187,9 +187,9 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
+ $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
+ $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
+ fi
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
install-sysconf:
if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
@@ -356,6 +370,13 @@ install-sysconf:
else \
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
@ -218,9 +218,9 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
regress-prep:
[ -d `pwd`/regress ] || mkdir -p `pwd`/regress
diff -up openssh-6.8p1/configure.ac.ldap openssh-6.8p1/configure.ac
--- openssh-6.8p1/configure.ac.ldap 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/configure.ac 2015-03-18 11:11:29.030801464 +0100

View File

@ -95,9 +95,9 @@ diff -up openssh-7.0p1/kex.c.gsskexalg openssh-7.0p1/kex.c
--- openssh-7.0p1/kex.c.gsskexalg 2015-08-19 12:28:38.078518839 +0200
+++ openssh-7.0p1/kex.c 2015-08-19 12:30:13.249306371 +0200
@@ -50,6 +50,7 @@
#include "misc.h"
#include "dispatch.h"
#include "monitor.h"
#include "roaming.h"
+#include "xmalloc.h"
#include "ssherr.h"
@ -336,9 +336,9 @@ diff -up openssh-7.0p1/ssh_config.5.gsskexalg openssh-7.0p1/ssh_config.5
--- openssh-7.0p1/ssh_config.5.gsskexalg 2015-08-19 12:28:38.028518950 +0200
+++ openssh-7.0p1/ssh_config.5 2015-08-19 12:28:38.082518830 +0200
@@ -786,6 +786,18 @@ command line will be passed untouched to
command line will be passed untouched to the GSSAPI library.
The default is
.Dq no .
This option only applies to protocol version 2 connections using GSSAPI.
+.It Cm GSSAPIKexAlgorithms
+The list of key exchange algorithms that are offered for GSSAPI
+key exchange. Possible values are

View File

@ -199,7 +199,7 @@ index f41960c..e12932f 100644
+ options.fingerprint_hash[0], SSH_FP_RANDOMART);
if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
logit("Host key fingerprint is %s\n%s\n", fp, ra);
logit("Host key fingerprint is %s\n%s", fp, ra);
@@ -964,12 +964,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
else
snprintf(msg1, sizeof(msg1), ".");
@ -295,14 +295,14 @@ index 7751031..82ed92e 100644
goto done;
debug2("input_userauth_pk_ok: fp %s", fp);
@@ -1009,7 +1009,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
int have_sig = 1;
int matched, ret = -1, have_sig = 1;
char *fp;
- if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
return 0;
debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
debug3("%s: %s %s", __func__, key_type(id->key), fp);
@@ -1635,7 +1635,7 @@ userauth_hostbased(Authctxt *authctxt)
goto out;
}
@ -323,10 +323,23 @@ index 1dca3e2..23bff7d 100644
- if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
fatal("%s: sshkey_fingerprint failed", __func__);
fatal("%s: sshkey_fingerprint failed", __progname);
fatal("no matching hostkey found for key %s %s",
--
2.1.0
diff --git a/sshconnect.c b/sshconnect.c
index de7ace6..f16e606 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1262,7 +1262,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
if (sshkey_is_cert(host_key)) {
if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
error("%s: fingerprint CA key: %s",
__func__, ssh_err(r));
r = -1;

View File

@ -1,46 +0,0 @@
diff --git a/readconf.c b/readconf.c
index 374e741..23d74fb 100644
--- a/readconf.c
+++ b/readconf.c
@@ -2229,6 +2229,10 @@ dump_client_config(Options *o, const char *host)
int i;
char vbuf[5];
+ /* This is normally prepared in ssh_kex2 */
+ if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0)
+ fatal("%s: kex_assemble_names failed", __func__);
+
/* Most interesting options first: user, host, port */
dump_cfg_string(oUser, o->user);
dump_cfg_string(oHostName, host);
@@ -2289,7 +2293,7 @@ dump_client_config(Options *o, const char *host)
dump_cfg_string(oBindAddress, o->bind_address);
dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT);
dump_cfg_string(oControlPath, o->control_path);
- dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms ? o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
+ dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
dump_cfg_string(oHostKeyAlias, o->host_key_alias);
dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
diff --git a/servconf.c b/servconf.c
index 04404a4..08c8139 100644
--- a/servconf.c
+++ b/servconf.c
@@ -242,8 +242,6 @@ fill_default_server_options(ServerOptions *options)
options->hostbased_authentication = 0;
if (options->hostbased_uses_name_from_packet_only == -1)
options->hostbased_uses_name_from_packet_only = 0;
- if (options->hostkeyalgorithms == NULL)
- options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
@@ -329,6 +327,8 @@ fill_default_server_options(ServerOptions *options)
kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 ||
kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 ||
kex_assemble_names(KEX_DEFAULT_PK_ALG,
+ &options->hostkeyalgorithms) != 0 ||
+ kex_assemble_names(KEX_DEFAULT_PK_ALG,
&options->hostbased_key_types) != 0 ||
kex_assemble_names(KEX_DEFAULT_PK_ALG,
&options->pubkey_key_types) != 0)

View File

@ -1,532 +0,0 @@
From 1a52b2d612b1d0c2a15dfcdc8da560704909ec72 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Sat, 27 Jul 2013 14:16:52 +0100
Subject: [PATCH] echo --> printf "%s: ERROR... (for consistency)
---
ssh-copy-id | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index ae88e99..516b87f 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -200,7 +200,7 @@ populate_new_ids() {
umask 0177
local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
- echo "mktemp failed" 1>&2
+ printf '%s: ERROR: mktemp failed\n' "$0" >&2
exit 1
fi
trap "rm -f $L_TMP_ID_FILE ${L_TMP_ID_FILE}.pub" EXIT TERM INT QUIT
--
1.9.1
From baebbb9e18e4a1af7554d939710eacb665a24b68 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Wed, 25 Nov 2015 17:05:39 +0100
Subject: [PATCH] Deal with remote user shell being e.g. tcsh (fixes: 2206)
as suggested by Jakub Jelen <jjelen@redhat.com>
---
ssh-copy-id | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 516b87f..6a0447a 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -269,10 +269,8 @@ case "$REMOTE_VERSION" in
*)
# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
populate_new_ids 0
- [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" "
- umask 077 ;
- mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
- if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi" \
+ [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
+ ssh "$@" "exec sh -c 'umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
|| exit 1
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
;;
--
1.9.1
From 35f05e39cda8670b3f6797330a3e521fda509a4c Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Wed, 25 Nov 2015 21:14:00 +0100
Subject: [PATCH] set LogLevel to ensure that it's not set to 'None' (closes:
2214)
As pointed out by Sami Haahtinen <sami@badwolf.fi>,
the LogLevel is set to 'None' we'll not get the
Permission Denied we're looking for.
---
ssh-copy-id | 1 +
1 file changed, 1 insertion(+)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 6a0447a..70d3866 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -215,6 +215,7 @@ populate_new_ids() {
# The point being that if file based, ssh needs the private key, which it cannot
# find if only given the contents of the .pub file in an unrelated tmpfile
ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
+ -o LogLevel=INFO \
-o PreferredAuthentications=publickey \
-o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null
if [ "$?" = "$L_SUCCESS" ] ; then
--
1.9.1
From e129c91dc474d73671304403fafda785df440105 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Wed, 25 Nov 2015 22:30:43 +0100
Subject: [PATCH] set ControlPath=none (closes: 2488)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Thanks to Salvador Fandiño <sfandino@yahoo.com> for the patch
This seems to be the same problem as described in 2195
---
ssh-copy-id | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 70d3866..7df7fad 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -215,6 +215,7 @@ populate_new_ids() {
# The point being that if file based, ssh needs the private key, which it cannot
# find if only given the contents of the .pub file in an unrelated tmpfile
ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
+ -o ControlPath=none \
-o LogLevel=INFO \
-o PreferredAuthentications=publickey \
-o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null
@@ -244,7 +245,7 @@ populate_new_ids() {
printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
}
-REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 |
+REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 |
sed -ne 's/.*remote software version //p')
case "$REMOTE_VERSION" in
--
1.9.1
From 6fa6f1e3dbec32636e77d01228ceecfa3851c7e8 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Wed, 25 Nov 2015 23:24:13 +0100
Subject: [PATCH] add -f (forced) option to install keys unconditionally
(closes: 2110)
Thanks for the patch from Petr Lautrbach <plautrba@redhat.com>
which inspired this.
---
ssh-copy-id | 15 +++++++++++++--
ssh-copy-id.1 | 5 +++++
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 7df7fad..3121171 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -59,7 +59,10 @@ fi
DEFAULT_PUB_ID_FILE=$(ls -t ${HOME}/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
usage () {
- printf 'Usage: %s [-h|-?|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
+ printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
+ printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2
+ printf '\t-n: dry run -- no keys are actually copied\n' >&2
+ printf '\t-h|-?: print this help\n' >&2
exit 1
}
@@ -121,7 +124,7 @@ do
}
shift
;;
- -n|-h|-\?)
+ -f|-n|-h|-\?)
OPT="$1"
OPTARG=
shift
@@ -154,6 +157,9 @@ do
-o|-p)
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'"
;;
+ -f)
+ FORCED=1
+ ;;
-n)
DRY_RUN=1
;;
@@ -194,6 +200,11 @@ fi
populate_new_ids() {
local L_SUCCESS="$1"
+ if [ "$FORCED" ] ; then
+ NEW_IDS=$(eval $GET_ID)
+ return
+ fi
+
# repopulate "$@" inside this function
eval set -- "$SSH_OPTS"
diff --git $1/contrib/ssh-copy-id.1 $1/contrib/ssh-copy-id.1
index 67a59e4..8850cce 100644
--- $1/contrib/ssh-copy-id.1
+++ $1/contrib/ssh-copy-id.1
@@ -29,6 +29,7 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.Nd use locally available keys to authorise logins on a remote machine
.Sh SYNOPSIS
.Nm
+.Op Fl f
.Op Fl n
.Op Fl i Op Ar identity_file
.Op Fl p Ar port
@@ -76,6 +77,10 @@ is used.
Note that this can be used to ensure that the keys copied have the
comment one prefers and/or extra options applied, by ensuring that the
key file has these set as preferred before the copy is attempted.
+.It Fl f
+Forced mode: doesn't check if the keys are present on the remote server.
+This means that it does not need the private key. Of course, this can result
+in more than one copy of the key being installed on the remote system.
.It Fl n
do a dry-run. Instead of installing keys on the remote system simply
prints the key(s) that would have been installed.
--
1.9.1
From ab185eea5a03cdd846c909d83e5dd0a07a44fb54 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Wed, 25 Nov 2015 23:47:06 +0100
Subject: [PATCH] deal with #2331 by suggesting the use of the -f option
---
ssh-copy-id | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 3121171..8666cea 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -250,7 +250,8 @@ populate_new_ids() {
exit 1
fi
if [ -z "$NEW_IDS" ] ; then
- printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n\n' "$0" >&2
+ printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2
+ printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2
exit 0
fi
printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
--
1.9.1
From de78897ada50ed12f4b0c9faa6e935ce82ee49a6 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Thu, 26 Nov 2015 00:25:56 +0100
Subject: [PATCH] handle keys with missing trailing newline (closes: 2350)
---
ssh-copy-id | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 8666cea..362b49b 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -218,7 +218,7 @@ populate_new_ids() {
printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
NEW_IDS=$(
eval $GET_ID | {
- while read ID ; do
+ while read ID || [ "$ID" ] ; do
printf '%s\n' "$ID" > $L_TMP_ID_FILE
# the next line assumes $PRIV_ID_FILE only set if using a single id file - this
--
1.9.1
From 6b903ab99a3f0107bb0dbde748a4372033bab00c Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Thu, 26 Nov 2015 00:36:09 +0100
Subject: [PATCH] add a cd to ensure we're in the remote's home directory
(closes: 2349)
---
ssh-copy-id | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 362b49b..2932936 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -284,7 +284,7 @@ case "$REMOTE_VERSION" in
# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
populate_new_ids 0
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
- ssh "$@" "exec sh -c 'umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
+ ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
|| exit 1
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
;;
--
1.9.1
From 441892cbf4ff96fd96908582b8170f51890b5deb Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Sat, 28 Nov 2015 14:42:36 +0100
Subject: [PATCH] add comment about why the ugly one-line remote command is as
it is
In case anyone looks here for the details:
* tcsh doesn't support multi-line strings,
which is why it's a one-liner.
* tcsh doesn't do 2>&1, and fish doesn't do
'command || command' which is why we're runnig this under
sh (which is very likely to be a POSIX shell on any vaguely
Unix-like system)
* The 'cd' is there to make sure we're in the home dir, because
there was a bug report about having a cd in ~/.bashrc that resulted
in a .ssh being created elsewhere.
* the 'exec' ensures that we're not relying on anything beyond the
(hopefully POSIX) shell that's available as 'sh' on the remote system
---
ssh-copy-id | 1 +
1 file changed, 1 insertion(+)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 2932936..04c03eb 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -283,6 +283,7 @@ case "$REMOTE_VERSION" in
*)
# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
populate_new_ids 0
+ # in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX; 'cd' to be at $HOME; and all on one line, because tcsh.
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
|| exit 1
--
1.9.1
From 8b59b122d321b97badd15c41e1a22863aa922a02 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Sat, 28 Nov 2015 14:46:47 +0100
Subject: [PATCH] with '-f' there's no need to have access to the private key
---
ssh-copy-id | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 04c03eb..d3ff83b 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -80,7 +80,7 @@ use_id_file() {
PUB_ID_FILE="$L_ID_FILE.pub"
fi
- PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
+ [ "$FORCED" ] || PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
# check that the files are readable
for f in $PUB_ID_FILE $PRIV_ID_FILE ; do
--
1.9.1
From 1b931894de0614099255244be789ad097fd0948a Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Sat, 28 Nov 2015 14:47:35 +0100
Subject: [PATCH] if the private key is missing, point out that '-f' might be
what's needed
---
ssh-copy-id | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index d3ff83b..f0b01aa 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -85,7 +85,9 @@ use_id_file() {
# check that the files are readable
for f in $PUB_ID_FILE $PRIV_ID_FILE ; do
ErrMSG=$( { : < $f ; } 2>&1 ) || {
- printf "\n%s: ERROR: failed to open ID file '%s': %s\n\n" "$0" "$f" "$(printf "%s\n" "$ErrMSG" | sed -e 's/.*: *//')"
+ local L_PRIVMSG=""
+ [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)"
+ printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
exit 1
}
done
--
1.9.1
From fd3e8b115e160a1332773cd8e06a3305d0d680ab Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Sat, 28 Nov 2015 21:10:39 +0100
Subject: [PATCH] +INFO message to mitigate the surprise described in #2196
---
ssh-copy-id | 1 +
1 file changed, 1 insertion(+)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index f0b01aa..994194e 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -91,6 +91,7 @@ use_id_file() {
exit 1
}
done
+ printf '%s: INFO: Source of key(s) to be installed: "%s"\n' "$0" $PUB_ID_FILE >&2
GET_ID="cat \"$PUB_ID_FILE\""
}
--
1.9.1
From 783ef08b0a757402aba67313f08f8dbfa9bf85f3 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Mon, 30 Nov 2015 20:46:19 +0100
Subject: [PATCH] deal with $HOME and id filenames that include a space
---
ssh-copy-id | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git $1/contrib/ssh-copy-id $1/contrib/ssh-copy-id
index 994194e..afde8b1 100755
--- $1/contrib/ssh-copy-id
+++ $1/contrib/ssh-copy-id
@@ -56,7 +56,7 @@ then
fi
fi
-DEFAULT_PUB_ID_FILE=$(ls -t ${HOME}/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+DEFAULT_PUB_ID_FILE="$HOME/$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)"
usage () {
printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
@@ -83,15 +83,15 @@ use_id_file() {
[ "$FORCED" ] || PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
# check that the files are readable
- for f in $PUB_ID_FILE $PRIV_ID_FILE ; do
- ErrMSG=$( { : < $f ; } 2>&1 ) || {
+ for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do
+ ErrMSG=$( { : < "$f" ; } 2>&1 ) || {
local L_PRIVMSG=""
[ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)"
printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
exit 1
}
done
- printf '%s: INFO: Source of key(s) to be installed: "%s"\n' "$0" $PUB_ID_FILE >&2
+ printf '%s: INFO: Source of key(s) to be installed: "%s"\n' "$0" "$PUB_ID_FILE" >&2
GET_ID="cat \"$PUB_ID_FILE\""
}
@@ -217,12 +217,13 @@ populate_new_ids() {
printf '%s: ERROR: mktemp failed\n' "$0" >&2
exit 1
fi
- trap "rm -f $L_TMP_ID_FILE ${L_TMP_ID_FILE}.pub" EXIT TERM INT QUIT
+ local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\""
+ trap "$L_CLEANUP" EXIT TERM INT QUIT
printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
NEW_IDS=$(
eval $GET_ID | {
while read ID || [ "$ID" ] ; do
- printf '%s\n' "$ID" > $L_TMP_ID_FILE
+ printf '%s\n' "$ID" > "$L_TMP_ID_FILE"
# the next line assumes $PRIV_ID_FILE only set if using a single id file - this
# assumption will break if we implement the possibility of multiple -i options.
@@ -246,7 +247,7 @@ populate_new_ids() {
done
}
)
- rm -f $L_TMP_ID_FILE* && trap - EXIT TERM INT QUIT
+ eval "$L_CLEANUP" && trap - EXIT TERM INT QUIT
if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then
printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2
--
1.9.1
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index afde8b1..cd52764 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -99,6 +99,8 @@ if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then
GET_ID="ssh-add -L"
fi
+[ "x$SSH_COPY_ID_LEGACY" != "x" ] && FORCED=1
+
while test "$#" -gt 0
do
[ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index 8850cce..62f112d 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -185,6 +185,22 @@ should prove enlightening (N.B. the modern approach is to use the
.Fl W
option, rather than
.Xr nc 1 ) .
+.Sh ENVIRONMENT
+.Bl -tag -width Ds
+.Pp
+.It Pa SSH_COPY_ID_LEGACY
+If the
+.Cm SSH_COPY_ID_LEGACY
+environment variable is set, the
+.Nm
+is run in a legacy mode. In this mode, the
+.Nm
+doesn't check an existence of a private key and doesn't do remote checks
+of the remote server versions or if public keys are already installed
+(equivalent to
+.Fl f
+switch).
+.El
.Sh "SEE ALSO"
.Xr ssh 1 ,
.Xr ssh-agent 1 ,

View File

@ -77,7 +77,7 @@ index 8949fd1..9afb764 100644
+#endif
+
static int is_child = 0;
static int in_chroot = 0;
static int have_dev_log = 1;
@@ -875,6 +879,8 @@ do_exec(Session *s, const char *command)
}

View File

@ -1,387 +0,0 @@
From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
From: "mmcc@openbsd.org" <mmcc@openbsd.org>
Date: Tue, 20 Oct 2015 03:36:35 +0000
Subject: [PATCH] upstream commit
Replace a function-local allocation with stack memory.
ok djm@
Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
---
clientloop.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/clientloop.c b/clientloop.c
index 87ceb3d..1e05cba 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path,
static char proto[512], data[512];
FILE *f;
int got_data = 0, generated = 0, do_unlink = 0, i;
- char *xauthdir, *xauthfile;
+ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
struct stat st;
u_int now, x11_timeout_real;
- xauthdir = xauthfile = NULL;
*_proto = proto;
*_data = data;
proto[0] = data[0] = '\0';
@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
display = xdisplay;
}
if (trusted == 0) {
- xauthdir = xmalloc(PATH_MAX);
- xauthfile = xmalloc(PATH_MAX);
mktemp_proto(xauthdir, PATH_MAX);
/*
* The authentication cookie should briefly outlive
@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
unlink(xauthfile);
rmdir(xauthdir);
}
- free(xauthdir);
- free(xauthfile);
/*
* If we didn't get authentication data, just make up some
--
2.5.0
From ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 13 Jan 2016 23:04:47 +0000
Subject: [PATCH] upstream commit
eliminate fallback from untrusted X11 forwarding to trusted
forwarding when the X server disables the SECURITY extension; Reported by
Thomas Hoger; ok deraadt@
Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
---
clientloop.c | 114 ++++++++++++++++++++++++++++++++++++-----------------------
clientloop.h | 4 +--
mux.c | 22 ++++++------
ssh.c | 23 +++++-------
4 files changed, 93 insertions(+), 70 deletions(-)
diff --git a/clientloop.c b/clientloop.c
index f555451..c0386d5 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -288,6 +288,9 @@ client_x11_display_valid(const char *display)
{
size_t i, dlen;
+ if (display == NULL)
+ return 0;
+
dlen = strlen(display);
for (i = 0; i < dlen; i++) {
if (!isalnum((u_char)display[i]) &&
@@ -301,34 +304,33 @@ client_x11_display_valid(const char *display)
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
#define X11_TIMEOUT_SLACK 60
-void
+int
client_x11_get_proto(const char *display, const char *xauth_path,
u_int trusted, u_int timeout, char **_proto, char **_data)
{
- char cmd[1024];
- char line[512];
- char xdisplay[512];
+ char cmd[1024], line[512], xdisplay[512];
+ char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
static char proto[512], data[512];
FILE *f;
- int got_data = 0, generated = 0, do_unlink = 0, i;
- char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
+ int got_data = 0, generated = 0, do_unlink = 0, i, r;
struct stat st;
u_int now, x11_timeout_real;
*_proto = proto;
*_data = data;
- proto[0] = data[0] = '\0';
+ proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
- if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
- debug("No xauth program.");
- } else if (!client_x11_display_valid(display)) {
- logit("DISPLAY '%s' invalid, falling back to fake xauth data",
+ if (!client_x11_display_valid(display)) {
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
display);
- } else {
- if (display == NULL) {
- debug("x11_get_proto: DISPLAY not set");
- return;
- }
+ return -1;
+ }
+ if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
+ debug("No xauth program.");
+ xauth_path = NULL;
+ }
+
+ if (xauth_path != NULL) {
/*
* Handle FamilyLocal case where $DISPLAY does
* not match an authorization entry. For this we
@@ -337,43 +339,60 @@ client_x11_get_proto(const char *display, const char *xauth_path,
* is not perfect.
*/
if (strncmp(display, "localhost:", 10) == 0) {
- snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
- display + 10);
+ if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
+ display + 10)) < 0 ||
+ (size_t)r >= sizeof(xdisplay)) {
+ error("%s: display name too long", __func__);
+ return -1;
+ }
display = xdisplay;
}
if (trusted == 0) {
- mktemp_proto(xauthdir, PATH_MAX);
/*
+ * Generate an untrusted X11 auth cookie.
+ *
* The authentication cookie should briefly outlive
* ssh's willingness to forward X11 connections to
* avoid nasty fail-open behaviour in the X server.
*/
+ mktemp_proto(xauthdir, sizeof(xauthdir));
+ if (mkdtemp(xauthdir) == NULL) {
+ error("%s: mkdtemp: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+ do_unlink = 1;
+ if ((r = snprintf(xauthfile, sizeof(xauthfile),
+ "%s/xauthfile", xauthdir)) < 0 ||
+ (size_t)r >= sizeof(xauthfile)) {
+ error("%s: xauthfile path too long", __func__);
+ unlink(xauthfile);
+ rmdir(xauthdir);
+ return -1;
+ }
+
if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
x11_timeout_real = UINT_MAX;
else
x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
- if (mkdtemp(xauthdir) != NULL) {
- do_unlink = 1;
- snprintf(xauthfile, PATH_MAX, "%s/xauthfile",
- xauthdir);
- snprintf(cmd, sizeof(cmd),
- "%s -f %s generate %s " SSH_X11_PROTO
- " untrusted timeout %u 2>" _PATH_DEVNULL,
- xauth_path, xauthfile, display,
- x11_timeout_real);
- debug2("x11_get_proto: %s", cmd);
- if (x11_refuse_time == 0) {
- now = monotime() + 1;
- if (UINT_MAX - timeout < now)
- x11_refuse_time = UINT_MAX;
- else
- x11_refuse_time = now + timeout;
- channel_set_x11_refuse_time(
- x11_refuse_time);
- }
- if (system(cmd) == 0)
- generated = 1;
+ if ((r = snprintf(cmd, sizeof(cmd),
+ "%s -f %s generate %s " SSH_X11_PROTO
+ " untrusted timeout %u 2>" _PATH_DEVNULL,
+ xauth_path, xauthfile, display,
+ x11_timeout_real)) < 0 ||
+ (size_t)r >= sizeof(cmd))
+ fatal("%s: cmd too long", __func__);
+ debug2("%s: %s", __func__, cmd);
+ if (x11_refuse_time == 0) {
+ now = monotime() + 1;
+ if (UINT_MAX - timeout < now)
+ x11_refuse_time = UINT_MAX;
+ else
+ x11_refuse_time = now + timeout;
+ channel_set_x11_refuse_time(x11_refuse_time);
}
+ if (system(cmd) == 0)
+ generated = 1;
}
/*
@@ -395,9 +414,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
got_data = 1;
if (f)
pclose(f);
- } else
- error("Warning: untrusted X11 forwarding setup failed: "
- "xauth key data not generated");
+ }
}
if (do_unlink) {
@@ -405,6 +422,13 @@ client_x11_get_proto(const char *display, const char *xauth_path,
rmdir(xauthdir);
}
+ /* Don't fall back to fake X11 data for untrusted forwarding */
+ if (!trusted && !got_data) {
+ error("Warning: untrusted X11 forwarding setup failed: "
+ "xauth key data not generated");
+ return -1;
+ }
+
/*
* If we didn't get authentication data, just make up some
* data. The forwarding code will check the validity of the
@@ -427,6 +451,8 @@ client_x11_get_proto(const char *display, const char *xauth_path,
rnd >>= 8;
}
}
+
+ return 0;
}
/*
diff --git a/clientloop.h b/clientloop.h
index 338d451..f4d4c69 100644
--- a/clientloop.h
+++ b/clientloop.h
@@ -39,7 +39,7 @@
/* Client side main loop for the interactive session. */
int client_loop(int, int, int);
-void client_x11_get_proto(const char *, const char *, u_int, u_int,
+int client_x11_get_proto(const char *, const char *, u_int, u_int,
char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
diff --git a/mux.c b/mux.c
index f9c3af6..6bf53eb 100644
--- a/mux.c
+++ b/mux.c
@@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success, void *arg)
char *proto, *data;
/* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
+ if (client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted, options.forward_x11_timeout,
- &proto, &data);
- /* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication "
- "spoofing.");
- x11_request_forwarding_with_spoofing(id, display, proto,
- data, 1);
- client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
- /* XXX exit_on_forward_failure */
+ &proto, &data) == 0) {
+ /* Request forwarding with authentication spoofing. */
+ debug("Requesting X11 forwarding with authentication "
+ "spoofing.");
+ x11_request_forwarding_with_spoofing(id, display, proto,
+ data, 1);
+ /* XXX exit_on_forward_failure */
+ client_expect_confirm(id, "X11 forwarding",
+ CONFIRM_WARN);
+ }
}
if (cctx->want_agent_fwd && options.forward_agent) {
diff --git a/ssh.c b/ssh.c
index 81704ab..096c5b5 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1626,6 +1626,7 @@ ssh_session(void)
struct winsize ws;
char *cp;
const char *display;
+ char *proto = NULL, *data = NULL;
/* Enable compression if requested. */
if (options.compression) {
@@ -1696,13 +1697,9 @@ ssh_session(void)
display = getenv("DISPLAY");
if (display == NULL && options.forward_x11)
debug("X11 forwarding requested but DISPLAY not set");
- if (options.forward_x11 && display != NULL) {
- char *proto, *data;
- /* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted,
- options.forward_x11_timeout,
- &proto, &data);
+ if (options.forward_x11 && client_x11_get_proto(display,
+ options.xauth_location, options.forward_x11_trusted,
+ options.forward_x11_timeout, &proto, &data) == 0) {
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
@@ -1792,6 +1789,7 @@ ssh_session2_setup(int id, int success, void *arg)
extern char **environ;
const char *display;
int interactive = tty_flag;
+ char *proto = NULL, *data = NULL;
if (!success)
return; /* No need for error message, channels code sens one */
@@ -1799,12 +1797,9 @@ ssh_session2_setup(int id, int success, void *arg)
display = getenv("DISPLAY");
if (display == NULL && options.forward_x11)
debug("X11 forwarding requested but DISPLAY not set");
- if (options.forward_x11 && display != NULL) {
- char *proto, *data;
- /* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted,
- options.forward_x11_timeout, &proto, &data);
+ if (options.forward_x11 && client_x11_get_proto(display,
+ options.xauth_location, options.forward_x11_trusted,
+ options.forward_x11_timeout, &proto, &data) == 0) {
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
--
2.5.0
From 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a Mon Sep 17 00:00:00 2001
From: "millert@openbsd.org" <millert@openbsd.org>
Date: Mon, 1 Feb 2016 21:18:17 +0000
Subject: upstream commit
Avoid ugly "DISPLAY "(null)" invalid; disabling X11
forwarding" message when DISPLAY is not set. This could also result in a
crash on systems with a printf that doesn't handle NULL. OK djm@
Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
---
clientloop.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/clientloop.c b/clientloop.c
index f8f9a3f..f0a08f2 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -318,8 +318,9 @@ client_x11_get_proto(const char *display, const char *xauth_path,
proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
if (!client_x11_display_valid(display)) {
- logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
- display);
+ if (display != NULL)
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
+ display);
return -1;
}
if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
--
cgit v0.11.2

View File

@ -1,6 +1,6 @@
diff -up openssh-7.0p1/audit-bsm.c.audit openssh-7.0p1/audit-bsm.c
--- openssh-7.0p1/audit-bsm.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/audit-bsm.c 2015-08-12 11:33:00.409914290 +0200
diff -up openssh-7.2p1/audit-bsm.c.audit openssh-7.2p1/audit-bsm.c
--- openssh-7.2p1/audit-bsm.c.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/audit-bsm.c 2016-02-12 18:24:34.212825181 +0100
@@ -375,10 +375,23 @@ audit_connection_from(const char *host,
#endif
}
@ -80,9 +80,9 @@ diff -up openssh-7.0p1/audit-bsm.c.audit openssh-7.0p1/audit-bsm.c
+ /* not implemented */
+}
#endif /* BSM */
diff -up openssh-7.0p1/audit.c.audit openssh-7.0p1/audit.c
--- openssh-7.0p1/audit.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/audit.c 2015-08-12 11:33:00.410914289 +0200
diff -up openssh-7.2p1/audit.c.audit openssh-7.2p1/audit.c
--- openssh-7.2p1/audit.c.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/audit.c 2016-02-12 18:24:34.216825179 +0100
@@ -28,6 +28,7 @@
#include <stdarg.h>
@ -280,9 +280,9 @@ diff -up openssh-7.0p1/audit.c.audit openssh-7.0p1/audit.c
}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-7.0p1/audit.h.audit openssh-7.0p1/audit.h
--- openssh-7.0p1/audit.h.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/audit.h 2015-08-12 11:33:00.410914289 +0200
diff -up openssh-7.2p1/audit.h.audit openssh-7.2p1/audit.h
--- openssh-7.2p1/audit.h.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/audit.h 2016-02-12 18:24:34.216825179 +0100
@@ -28,6 +28,7 @@
# define _SSH_AUDIT_H
@ -318,9 +318,9 @@ diff -up openssh-7.0p1/audit.h.audit openssh-7.0p1/audit.h
+void audit_generate_ephemeral_server_key(const char *);
#endif /* _SSH_AUDIT_H */
diff -up openssh-7.0p1/audit-linux.c.audit openssh-7.0p1/audit-linux.c
--- openssh-7.0p1/audit-linux.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/audit-linux.c 2015-08-12 11:33:00.411914287 +0200
diff -up openssh-7.2p1/audit-linux.c.audit openssh-7.2p1/audit-linux.c
--- openssh-7.2p1/audit-linux.c.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/audit-linux.c 2016-02-12 18:24:34.219825178 +0100
@@ -35,13 +35,25 @@
#include "log.h"
@ -712,9 +712,9 @@ diff -up openssh-7.0p1/audit-linux.c.audit openssh-7.0p1/audit-linux.c
+ error("cannot write into audit");
+}
#endif /* USE_LINUX_AUDIT */
diff -up openssh-7.0p1/auditstub.c.audit openssh-7.0p1/auditstub.c
--- openssh-7.0p1/auditstub.c.audit 2015-08-12 11:33:00.411914287 +0200
+++ openssh-7.0p1/auditstub.c 2015-08-12 11:33:00.411914287 +0200
diff -up openssh-7.2p1/auditstub.c.audit openssh-7.2p1/auditstub.c
--- openssh-7.2p1/auditstub.c.audit 2016-02-12 18:24:34.219825178 +0100
+++ openssh-7.2p1/auditstub.c 2016-02-12 18:24:34.219825178 +0100
@@ -0,0 +1,50 @@
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
+
@ -766,9 +766,9 @@ diff -up openssh-7.0p1/auditstub.c.audit openssh-7.0p1/auditstub.c
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
+{
+}
diff -up openssh-7.0p1/auth2.c.audit openssh-7.0p1/auth2.c
--- openssh-7.0p1/auth2.c.audit 2015-08-12 11:33:00.349914384 +0200
+++ openssh-7.0p1/auth2.c 2015-08-12 11:33:00.411914287 +0200
diff -up openssh-7.2p1/auth2.c.audit openssh-7.2p1/auth2.c
--- openssh-7.2p1/auth2.c.audit 2016-02-12 18:24:34.148825205 +0100
+++ openssh-7.2p1/auth2.c 2016-02-12 18:24:34.219825178 +0100
@@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32
} else {
logit("input_userauth_request: invalid user %s", user);
@ -779,9 +779,9 @@ diff -up openssh-7.0p1/auth2.c.audit openssh-7.0p1/auth2.c
}
#ifdef USE_PAM
if (options.use_pam)
diff -up openssh-7.0p1/auth2-hostbased.c.audit openssh-7.0p1/auth2-hostbased.c
--- openssh-7.0p1/auth2-hostbased.c.audit 2015-08-12 11:33:00.303914456 +0200
+++ openssh-7.0p1/auth2-hostbased.c 2015-08-12 11:33:00.412914286 +0200
diff -up openssh-7.2p1/auth2-hostbased.c.audit openssh-7.2p1/auth2-hostbased.c
--- openssh-7.2p1/auth2-hostbased.c.audit 2016-02-12 18:24:34.109825220 +0100
+++ openssh-7.2p1/auth2-hostbased.c 2016-02-12 18:24:34.220825178 +0100
@@ -146,7 +146,7 @@ userauth_hostbased(Authctxt *authctxt)
/* test for allowed key and correct signature */
authenticated = 0;
@ -810,10 +810,10 @@ diff -up openssh-7.0p1/auth2-hostbased.c.audit openssh-7.0p1/auth2-hostbased.c
/* return 1 if given hostkey is allowed */
int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
diff -up openssh-7.0p1/auth2-pubkey.c.audit openssh-7.0p1/auth2-pubkey.c
--- openssh-7.0p1/auth2-pubkey.c.audit 2015-08-12 11:33:00.318914432 +0200
+++ openssh-7.0p1/auth2-pubkey.c 2015-08-12 11:33:00.412914286 +0200
@@ -175,7 +175,7 @@ userauth_pubkey(Authctxt *authctxt)
diff -up openssh-7.2p1/auth2-pubkey.c.audit openssh-7.2p1/auth2-pubkey.c
--- openssh-7.2p1/auth2-pubkey.c.audit 2016-02-12 18:24:34.122825215 +0100
+++ openssh-7.2p1/auth2-pubkey.c 2016-02-12 18:24:34.220825178 +0100
@@ -178,7 +178,7 @@ userauth_pubkey(Authctxt *authctxt)
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
@ -822,7 +822,7 @@ diff -up openssh-7.0p1/auth2-pubkey.c.audit openssh-7.0p1/auth2-pubkey.c
buffer_len(&b))) == 1) {
authenticated = 1;
/* Record the successful key to prevent reuse */
@@ -253,6 +253,18 @@ pubkey_auth_info(Authctxt *authctxt, con
@@ -258,6 +258,18 @@ pubkey_auth_info(Authctxt *authctxt, con
free(extra);
}
@ -841,10 +841,10 @@ diff -up openssh-7.0p1/auth2-pubkey.c.audit openssh-7.0p1/auth2-pubkey.c
/*
* Splits 's' into an argument vector. Handles quoted string and basic
* escape characters (\\, \", \'). Caller must free the argument vector
diff -up openssh-7.0p1/auth.c.audit openssh-7.0p1/auth.c
--- openssh-7.0p1/auth.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/auth.c 2015-08-12 11:33:00.412914286 +0200
@@ -645,9 +645,6 @@ getpwnamallow(const char *user)
diff -up openssh-7.2p1/auth.c.audit openssh-7.2p1/auth.c
--- openssh-7.2p1/auth.c.audit 2016-02-12 18:24:34.148825205 +0100
+++ openssh-7.2p1/auth.c 2016-02-12 18:24:34.220825178 +0100
@@ -646,9 +646,6 @@ getpwnamallow(const char *user)
record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
@ -854,9 +854,9 @@ diff -up openssh-7.0p1/auth.c.audit openssh-7.0p1/auth.c
return (NULL);
}
if (!allowed_user(pw))
diff -up openssh-7.0p1/auth.h.audit openssh-7.0p1/auth.h
--- openssh-7.0p1/auth.h.audit 2015-08-12 11:33:00.302914457 +0200
+++ openssh-7.0p1/auth.h 2015-08-12 11:33:00.412914286 +0200
diff -up openssh-7.2p1/auth.h.audit openssh-7.2p1/auth.h
--- openssh-7.2p1/auth.h.audit 2016-02-12 18:24:34.108825221 +0100
+++ openssh-7.2p1/auth.h 2016-02-12 18:32:46.085636046 +0100
@@ -195,6 +195,7 @@ void abandon_challenge_response(Authctxt
char *expand_authorized_keys(const char *, struct passwd *pw);
@ -868,14 +868,14 @@ diff -up openssh-7.0p1/auth.h.audit openssh-7.0p1/auth.h
@@ -213,6 +214,7 @@ int get_hostkey_index(Key *, int, struc
int ssh1_session_key(BIGNUM *);
int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *,
const u_char *, size_t, u_int);
const u_char *, size_t, const char *, u_int);
+int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff -up openssh-7.0p1/auth-rsa.c.audit openssh-7.0p1/auth-rsa.c
--- openssh-7.0p1/auth-rsa.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/auth-rsa.c 2015-08-12 11:33:00.412914286 +0200
diff -up openssh-7.2p1/auth-rsa.c.audit openssh-7.2p1/auth-rsa.c
--- openssh-7.2p1/auth-rsa.c.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/auth-rsa.c 2016-02-12 18:24:34.221825177 +0100
@@ -95,7 +95,10 @@ auth_rsa_verify_response(Key *key, BIGNU
{
u_char buf[32], mdbuf[16];
@ -912,9 +912,9 @@ diff -up openssh-7.0p1/auth-rsa.c.audit openssh-7.0p1/auth-rsa.c
}
/*
diff -up openssh-7.0p1/cipher.c.audit openssh-7.0p1/cipher.c
--- openssh-7.0p1/cipher.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/cipher.c 2015-08-12 11:33:00.412914286 +0200
diff -up openssh-7.2p1/cipher.c.audit openssh-7.2p1/cipher.c
--- openssh-7.2p1/cipher.c.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/cipher.c 2016-02-12 18:24:34.221825177 +0100
@@ -57,26 +57,6 @@ extern const EVP_CIPHER *evp_ssh1_3des(v
extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
#endif
@ -942,9 +942,9 @@ diff -up openssh-7.0p1/cipher.c.audit openssh-7.0p1/cipher.c
static const struct sshcipher ciphers[] = {
#ifdef WITH_SSH1
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
diff -up openssh-7.0p1/cipher.h.audit openssh-7.0p1/cipher.h
--- openssh-7.0p1/cipher.h.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/cipher.h 2015-08-12 11:33:00.413914284 +0200
diff -up openssh-7.2p1/cipher.h.audit openssh-7.2p1/cipher.h
--- openssh-7.2p1/cipher.h.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/cipher.h 2016-02-12 18:24:34.221825177 +0100
@@ -62,7 +62,26 @@
#define CIPHER_ENCRYPT 1
#define CIPHER_DECRYPT 0
@ -973,9 +973,9 @@ diff -up openssh-7.0p1/cipher.h.audit openssh-7.0p1/cipher.h
struct sshcipher_ctx {
int plaintext;
int encrypt;
diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
--- openssh-7.0p1/kex.c.audit 2015-08-12 11:33:00.351914381 +0200
+++ openssh-7.0p1/kex.c 2015-08-12 11:33:00.413914284 +0200
diff -up openssh-7.2p1/kex.c.audit openssh-7.2p1/kex.c
--- openssh-7.2p1/kex.c.audit 2016-02-12 18:24:34.201825185 +0100
+++ openssh-7.2p1/kex.c 2016-02-12 18:24:34.221825177 +0100
@@ -54,6 +54,7 @@
#include "ssherr.h"
#include "sshbuf.h"
@ -984,7 +984,7 @@ diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -549,8 +550,12 @@ choose_enc(struct sshenc *enc, char *cli
@@ -669,8 +670,12 @@ choose_enc(struct sshenc *enc, char *cli
{
char *name = match_list(client, server, NULL);
@ -998,7 +998,7 @@ diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
if ((enc->cipher = cipher_by_name(name)) == NULL)
return SSH_ERR_INTERNAL_ERROR;
enc->name = name;
@@ -568,8 +573,12 @@ choose_mac(struct ssh *ssh, struct sshma
@@ -688,8 +693,12 @@ choose_mac(struct ssh *ssh, struct sshma
{
char *name = match_list(client, server, NULL);
@ -1012,7 +1012,7 @@ diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
if (mac_setup(mac, name) < 0)
return SSH_ERR_INTERNAL_ERROR;
/* truncate the key */
@@ -586,8 +595,12 @@ choose_comp(struct sshcomp *comp, char *
@@ -706,8 +715,12 @@ choose_comp(struct sshcomp *comp, char *
{
char *name = match_list(client, server, NULL);
@ -1026,7 +1026,7 @@ diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
if (strcmp(name, "zlib@openssh.com") == 0) {
comp->type = COMP_DELAYED;
} else if (strcmp(name, "zlib") == 0) {
@@ -753,6 +766,10 @@ kex_choose_conf(struct ssh *ssh)
@@ -878,6 +891,10 @@ kex_choose_conf(struct ssh *ssh)
dh_need = MAX(dh_need, newkeys->enc.block_size);
dh_need = MAX(dh_need, newkeys->enc.iv_len);
dh_need = MAX(dh_need, newkeys->mac.key_len);
@ -1037,7 +1037,7 @@ diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
}
/* XXX need runden? */
kex->we_need = need;
@@ -928,3 +945,34 @@ dump_digest(char *msg, u_char *digest, i
@@ -1052,3 +1069,34 @@ dump_digest(char *msg, u_char *digest, i
sshbuf_dump_data(digest, len, stderr);
}
#endif
@ -1054,7 +1054,7 @@ diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
+ }
+
+ if (enc->iv) {
+ memset(enc->iv, 0, enc->block_size);
+ memset(enc->iv, 0, enc->iv_len);
+ free(enc->iv);
+ }
+
@ -1072,10 +1072,10 @@ diff -up openssh-7.0p1/kex.c.audit openssh-7.0p1/kex.c
+ memset(&newkeys->comp, 0, sizeof(newkeys->comp));
+}
+
diff -up openssh-7.0p1/kex.h.audit openssh-7.0p1/kex.h
--- openssh-7.0p1/kex.h.audit 2015-08-12 11:33:00.352914379 +0200
+++ openssh-7.0p1/kex.h 2015-08-12 11:33:00.413914284 +0200
@@ -202,6 +202,8 @@ int kexgss_client(struct ssh *);
diff -up openssh-7.2p1/kex.h.audit openssh-7.2p1/kex.h
--- openssh-7.2p1/kex.h.audit 2016-02-12 18:24:34.201825185 +0100
+++ openssh-7.2p1/kex.h 2016-02-12 18:24:34.222825177 +0100
@@ -206,6 +206,8 @@ int kexgss_client(struct ssh *);
int kexgss_server(struct ssh *);
#endif
@ -1084,9 +1084,9 @@ diff -up openssh-7.0p1/kex.h.audit openssh-7.0p1/kex.h
int kex_dh_hash(const char *, const char *,
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
diff -up openssh-7.0p1/key.h.audit openssh-7.0p1/key.h
--- openssh-7.0p1/key.h.audit 2015-08-12 11:33:00.413914284 +0200
+++ openssh-7.0p1/key.h 2015-08-12 11:33:45.908843298 +0200
diff -up openssh-7.2p1/key.h.audit openssh-7.2p1/key.h
--- openssh-7.2p1/key.h.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/key.h 2016-02-12 18:24:34.222825177 +0100
@@ -50,6 +50,7 @@ typedef struct sshkey Key;
#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid
#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid
@ -1095,9 +1095,9 @@ diff -up openssh-7.0p1/key.h.audit openssh-7.0p1/key.h
#define key_type_plain sshkey_type_plain
#define key_curve_name_to_nid sshkey_curve_name_to_nid
#define key_curve_nid_to_bits sshkey_curve_nid_to_bits
diff -up openssh-7.0p1/mac.c.audit openssh-7.0p1/mac.c
--- openssh-7.0p1/mac.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/mac.c 2015-08-12 11:33:00.413914284 +0200
diff -up openssh-7.2p1/mac.c.audit openssh-7.2p1/mac.c
--- openssh-7.2p1/mac.c.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/mac.c 2016-02-12 18:24:34.222825177 +0100
@@ -226,6 +226,20 @@ mac_clear(struct sshmac *mac)
mac->umac_ctx = NULL;
}
@ -1119,9 +1119,9 @@ diff -up openssh-7.0p1/mac.c.audit openssh-7.0p1/mac.c
/* XXX copied from ciphers_valid */
#define MAC_SEP ","
int
diff -up openssh-7.0p1/mac.h.audit openssh-7.0p1/mac.h
--- openssh-7.0p1/mac.h.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/mac.h 2015-08-12 11:33:00.413914284 +0200
diff -up openssh-7.2p1/mac.h.audit openssh-7.2p1/mac.h
--- openssh-7.2p1/mac.h.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/mac.h 2016-02-12 18:24:34.222825177 +0100
@@ -47,5 +47,6 @@ int mac_init(struct sshmac *);
int mac_compute(struct sshmac *, u_int32_t, const u_char *, int,
u_char *, size_t);
@ -1129,30 +1129,30 @@ diff -up openssh-7.0p1/mac.h.audit openssh-7.0p1/mac.h
+void mac_destroy(struct sshmac *);
#endif /* SSHMAC_H */
diff -up openssh-7.0p1/Makefile.in.audit openssh-7.0p1/Makefile.in
--- openssh-7.0p1/Makefile.in.audit 2015-08-12 11:33:00.402914301 +0200
+++ openssh-7.0p1/Makefile.in 2015-08-12 11:33:00.414914283 +0200
@@ -98,7 +98,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \
diff -up openssh-7.2p1/Makefile.in.audit openssh-7.2p1/Makefile.in
--- openssh-7.2p1/Makefile.in.audit 2016-02-12 18:24:34.222825177 +0100
+++ openssh-7.2p1/Makefile.in 2016-02-12 18:33:38.858629492 +0100
@@ -99,7 +99,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
- kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o
+ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o auditstub.o
kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
- platform-pledge.o
+ platform-pledge.o auditstub.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
--- openssh-7.0p1/monitor.c.audit 2015-08-12 11:33:00.378914339 +0200
+++ openssh-7.0p1/monitor.c 2015-08-12 11:33:00.414914283 +0200
@@ -102,6 +102,7 @@
sshconnect.o sshconnect1.o sshconnect2.o mux.o
diff -up openssh-7.2p1/monitor.c.audit openssh-7.2p1/monitor.c
--- openssh-7.2p1/monitor.c.audit 2016-02-12 18:24:34.176825195 +0100
+++ openssh-7.2p1/monitor.c 2016-02-12 18:34:05.184629882 +0100
@@ -101,6 +101,7 @@
#include "compat.h"
#include "ssh2.h"
#include "roaming.h"
#include "authfd.h"
+#include "audit.h"
#include "match.h"
#include "ssherr.h"
@@ -117,6 +118,8 @@ extern Buffer auth_debug;
@@ -116,6 +117,8 @@ extern Buffer auth_debug;
extern int auth_debug_init;
extern Buffer loginmsg;
@ -1161,7 +1161,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
/* State exported from the child */
static struct sshbuf *child_state;
@@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe
@@ -166,6 +169,11 @@ int mm_answer_gss_updatecreds(int, Buffe
#ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *);
int mm_answer_audit_command(int, Buffer *);
@ -1173,7 +1173,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
#endif
static int monitor_read_log(struct monitor *);
@@ -226,6 +234,10 @@ struct mon_table mon_dispatch_proto20[]
@@ -225,6 +233,10 @@ struct mon_table mon_dispatch_proto20[]
#endif
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
@ -1184,7 +1184,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
#endif
#ifdef BSD_AUTH
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
@@ -264,6 +276,11 @@ struct mon_table mon_dispatch_postauth20
@@ -263,6 +275,11 @@ struct mon_table mon_dispatch_postauth20
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
@ -1196,7 +1196,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
#endif
{0, 0, NULL}
};
@@ -296,6 +313,10 @@ struct mon_table mon_dispatch_proto15[]
@@ -295,6 +312,10 @@ struct mon_table mon_dispatch_proto15[]
#endif
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
@ -1207,7 +1207,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
#endif
#endif /* WITH_SSH1 */
{0, 0, NULL}
@@ -309,6 +330,11 @@ struct mon_table mon_dispatch_postauth15
@@ -308,6 +329,11 @@ struct mon_table mon_dispatch_postauth15
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
@ -1219,7 +1219,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
#endif
#endif /* WITH_SSH1 */
{0, 0, NULL}
@@ -1467,9 +1493,11 @@ mm_answer_keyverify(int sock, Buffer *m)
@@ -1464,9 +1490,11 @@ mm_answer_keyverify(int sock, Buffer *m)
Key *key;
u_char *signature, *data, *blob;
u_int signaturelen, datalen, bloblen;
@ -1231,7 +1231,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
blob = buffer_get_string(m, &bloblen);
signature = buffer_get_string(m, &signaturelen);
data = buffer_get_string(m, &datalen);
@@ -1477,6 +1505,8 @@ mm_answer_keyverify(int sock, Buffer *m)
@@ -1474,6 +1502,8 @@ mm_answer_keyverify(int sock, Buffer *m)
if (hostbased_cuser == NULL || hostbased_chost == NULL ||
!monitor_allowed_key(blob, bloblen))
fatal("%s: bad key, not previously allowed", __func__);
@ -1240,7 +1240,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
key = key_from_blob(blob, bloblen);
if (key == NULL)
@@ -1497,7 +1527,17 @@ mm_answer_keyverify(int sock, Buffer *m)
@@ -1494,7 +1524,17 @@ mm_answer_keyverify(int sock, Buffer *m)
if (!valid_data)
fatal("%s: bad signature data blob", __func__);
@ -1259,7 +1259,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
debug3("%s: key %p signature %s",
__func__, key, (verified == 1) ? "verified" : "unverified");
@@ -1558,6 +1598,12 @@ mm_session_close(Session *s)
@@ -1555,6 +1595,12 @@ mm_session_close(Session *s)
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
session_pty_cleanup2(s);
}
@ -1272,7 +1272,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
session_unused(s->self);
}
@@ -1840,6 +1886,8 @@ mm_answer_term(int sock, Buffer *req)
@@ -1837,6 +1883,8 @@ mm_answer_term(int sock, Buffer *req)
sshpam_cleanup();
#endif
@ -1281,7 +1281,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);
@@ -1882,11 +1930,43 @@ mm_answer_audit_command(int socket, Buff
@@ -1879,11 +1927,43 @@ mm_answer_audit_command(int socket, Buff
{
u_int len;
char *cmd;
@ -1326,7 +1326,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
free(cmd);
return (0);
}
@@ -1943,6 +2023,7 @@ monitor_apply_keystate(struct monitor *p
@@ -1940,6 +2020,7 @@ monitor_apply_keystate(struct monitor *p
void
mm_get_keystate(struct monitor *pmonitor)
{
@ -1334,7 +1334,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
debug3("%s: Waiting for new keys", __func__);
if ((child_state = sshbuf_new()) == NULL)
@@ -1950,6 +2031,21 @@ mm_get_keystate(struct monitor *pmonitor
@@ -1947,6 +2028,21 @@ mm_get_keystate(struct monitor *pmonitor
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
child_state);
debug3("%s: GOT new keys", __func__);
@ -1356,7 +1356,7 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
}
@@ -2216,3 +2312,86 @@ mm_answer_gss_updatecreds(int socket, Bu
@@ -2213,3 +2309,86 @@ mm_answer_gss_updatecreds(int socket, Bu
#endif /* GSSAPI */
@ -1443,9 +1443,9 @@ diff -up openssh-7.0p1/monitor.c.audit openssh-7.0p1/monitor.c
+ return 0;
+}
+#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-7.0p1/monitor.h.audit openssh-7.0p1/monitor.h
--- openssh-7.0p1/monitor.h.audit 2015-08-12 11:33:00.378914339 +0200
+++ openssh-7.0p1/monitor.h 2015-08-12 11:33:00.414914283 +0200
diff -up openssh-7.2p1/monitor.h.audit openssh-7.2p1/monitor.h
--- openssh-7.2p1/monitor.h.audit 2016-02-12 18:24:34.177825194 +0100
+++ openssh-7.2p1/monitor.h 2016-02-12 18:24:34.224825176 +0100
@@ -69,7 +69,13 @@ enum monitor_reqtype {
MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107,
MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109,
@ -1461,9 +1461,9 @@ diff -up openssh-7.0p1/monitor.h.audit openssh-7.0p1/monitor.h
};
diff -up openssh-7.0p1/monitor_wrap.c.audit openssh-7.0p1/monitor_wrap.c
--- openssh-7.0p1/monitor_wrap.c.audit 2015-08-12 11:33:00.353914378 +0200
+++ openssh-7.0p1/monitor_wrap.c 2015-08-12 11:33:00.414914283 +0200
diff -up openssh-7.2p1/monitor_wrap.c.audit openssh-7.2p1/monitor_wrap.c
--- openssh-7.2p1/monitor_wrap.c.audit 2016-02-12 18:24:34.151825204 +0100
+++ openssh-7.2p1/monitor_wrap.c 2016-02-12 18:24:34.224825176 +0100
@@ -462,7 +462,7 @@ mm_key_allowed(enum mm_keytype type, cha
*/
@ -1611,9 +1611,9 @@ diff -up openssh-7.0p1/monitor_wrap.c.audit openssh-7.0p1/monitor_wrap.c
+ buffer_free(&m);
+}
+#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-7.0p1/monitor_wrap.h.audit openssh-7.0p1/monitor_wrap.h
--- openssh-7.0p1/monitor_wrap.h.audit 2015-08-12 11:33:00.353914378 +0200
+++ openssh-7.0p1/monitor_wrap.h 2015-08-12 11:33:00.415914281 +0200
diff -up openssh-7.2p1/monitor_wrap.h.audit openssh-7.2p1/monitor_wrap.h
--- openssh-7.2p1/monitor_wrap.h.audit 2016-02-12 18:24:34.152825204 +0100
+++ openssh-7.2p1/monitor_wrap.h 2016-02-12 18:24:34.224825176 +0100
@@ -52,7 +52,8 @@ int mm_key_allowed(enum mm_keytype, char
int mm_user_key_allowed(struct passwd *, Key *, int);
int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
@ -1638,9 +1638,9 @@ diff -up openssh-7.0p1/monitor_wrap.h.audit openssh-7.0p1/monitor_wrap.h
#endif
struct Session;
diff -up openssh-7.0p1/packet.c.audit openssh-7.0p1/packet.c
--- openssh-7.0p1/packet.c.audit 2015-08-12 11:33:00.288914479 +0200
+++ openssh-7.0p1/packet.c 2015-08-12 11:33:00.415914281 +0200
diff -up openssh-7.2p1/packet.c.audit openssh-7.2p1/packet.c
--- openssh-7.2p1/packet.c.audit 2016-02-12 18:24:34.095825226 +0100
+++ openssh-7.2p1/packet.c 2016-02-12 18:43:47.268638489 +0100
@@ -67,6 +67,7 @@
#include "key.h" /* typedefs XXX */
@ -1649,7 +1649,7 @@ diff -up openssh-7.0p1/packet.c.audit openssh-7.0p1/packet.c
#include "crc32.h"
#include "deattack.h"
#include "compat.h"
@@ -449,6 +450,13 @@ ssh_packet_get_connection_out(struct ssh
@@ -456,6 +457,13 @@ ssh_packet_get_connection_out(struct ssh
return ssh->state->connection_out;
}
@ -1663,7 +1663,7 @@ diff -up openssh-7.0p1/packet.c.audit openssh-7.0p1/packet.c
/*
* Returns the IP-address of the remote host as a string. The returned
* string must not be freed.
@@ -479,13 +487,6 @@ ssh_packet_close(struct ssh *ssh)
@@ -500,13 +508,6 @@ ssh_packet_close(struct ssh *ssh)
if (!state->initialized)
return;
state->initialized = 0;
@ -1677,7 +1677,7 @@ diff -up openssh-7.0p1/packet.c.audit openssh-7.0p1/packet.c
sshbuf_free(state->input);
sshbuf_free(state->output);
sshbuf_free(state->outgoing_packet);
@@ -517,14 +518,24 @@ ssh_packet_close(struct ssh *ssh)
@@ -538,12 +539,22 @@ ssh_packet_close(struct ssh *ssh)
inflateEnd(stream);
}
}
@ -1692,10 +1692,8 @@ diff -up openssh-7.0p1/packet.c.audit openssh-7.0p1/packet.c
+ error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r));
+ audit_session_key_free(2);
+ }
if (ssh->remote_ipaddr) {
free(ssh->remote_ipaddr);
ssh->remote_ipaddr = NULL;
}
+ if (state->connection_in == state->connection_out) {
+ shutdown(state->connection_out, SHUT_RDWR);
+ close(state->connection_out);
@ -1706,15 +1704,15 @@ diff -up openssh-7.0p1/packet.c.audit openssh-7.0p1/packet.c
free(ssh->state);
ssh->state = NULL;
}
@@ -944,6 +955,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod
}
if (state->newkeys[mode] != NULL) {
debug("set_newkeys: rekeying");
@@ -968,6 +979,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod
(unsigned long long)state->p_read.blocks,
(unsigned long long)state->p_send.bytes,
(unsigned long long)state->p_send.blocks);
+ audit_session_key_free(mode);
if ((r = cipher_cleanup(cc)) != 0)
return r;
enc = &state->newkeys[mode]->enc;
@@ -2292,6 +2304,75 @@ ssh_packet_get_output(struct ssh *ssh)
@@ -2408,6 +2420,75 @@ ssh_packet_get_output(struct ssh *ssh)
return (void *)ssh->state->output;
}
@ -1787,55 +1785,13 @@ diff -up openssh-7.0p1/packet.c.audit openssh-7.0p1/packet.c
+ }
+}
+
/* XXX TODO update roaming to new API (does not work anyway) */
/*
* Save the state for the real connection, and use a separate state when
@@ -2301,18 +2382,12 @@ void
ssh_packet_backup_state(struct ssh *ssh,
struct ssh *backup_state)
{
- struct ssh *tmp;
-
close(ssh->state->connection_in);
ssh->state->connection_in = -1;
close(ssh->state->connection_out);
ssh->state->connection_out = -1;
- if (backup_state)
- tmp = backup_state;
- else
- tmp = ssh_alloc_session_state();
backup_state = ssh;
- ssh = tmp;
+ ssh = ssh_alloc_session_state();
}
/* XXX FIXME FIXME FIXME */
@@ -2331,9 +2406,7 @@ ssh_packet_restore_state(struct ssh *ssh
backup_state = ssh;
ssh = tmp;
ssh->state->connection_in = backup_state->state->connection_in;
- backup_state->state->connection_in = -1;
ssh->state->connection_out = backup_state->state->connection_out;
- backup_state->state->connection_out = -1;
len = sshbuf_len(backup_state->state->input);
if (len > 0) {
if ((r = sshbuf_putb(ssh->state->input,
@@ -2342,6 +2415,11 @@ ssh_packet_restore_state(struct ssh *ssh
sshbuf_reset(backup_state->state->input);
add_recv_bytes(len);
}
+ backup_state->state->connection_in = -1;
+ backup_state->state->connection_out = -1;
+ packet_destroy_state(backup_state->state);
+ free(backup_state);
+ backup_state = NULL;
}
/* Reset after_authentication and reset compression in post-auth privsep */
diff -up openssh-7.0p1/packet.h.audit openssh-7.0p1/packet.h
--- openssh-7.0p1/packet.h.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/packet.h 2015-08-12 11:33:00.415914281 +0200
@@ -189,7 +189,7 @@ int sshpkt_get_end(struct ssh *ssh);
static int
ssh_packet_set_postauth(struct ssh *ssh)
diff -up openssh-7.2p1/packet.h.audit openssh-7.2p1/packet.h
--- openssh-7.2p1/packet.h.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/packet.h 2016-02-12 18:24:34.226825175 +0100
@@ -186,7 +186,7 @@ int sshpkt_get_end(struct ssh *ssh);
const u_char *sshpkt_ptr(struct ssh *, size_t *lenp);
/* OLD API */
@ -1844,16 +1800,16 @@ diff -up openssh-7.0p1/packet.h.audit openssh-7.0p1/packet.h
#include "opacket.h"
#if !defined(WITH_OPENSSL)
@@ -203,4 +203,5 @@ extern struct ssh *active_state;
@@ -200,4 +200,5 @@ extern struct ssh *active_state;
# undef EC_POINT
#endif
+void packet_destroy_all(int, int);
#endif /* PACKET_H */
diff -up openssh-7.0p1/sandbox-seccomp-filter.c.audit openssh-7.0p1/sandbox-seccomp-filter.c
--- openssh-7.0p1/sandbox-seccomp-filter.c.audit 2015-08-12 11:33:00.394914314 +0200
+++ openssh-7.0p1/sandbox-seccomp-filter.c 2015-08-12 11:33:00.415914281 +0200
@@ -150,6 +150,12 @@ static const struct sock_filter preauth_
diff -up openssh-7.2p1/sandbox-seccomp-filter.c.audit openssh-7.2p1/sandbox-seccomp-filter.c
--- openssh-7.2p1/sandbox-seccomp-filter.c.audit 2016-02-12 18:24:34.193825188 +0100
+++ openssh-7.2p1/sandbox-seccomp-filter.c 2016-02-12 18:24:34.226825175 +0100
@@ -153,6 +153,12 @@ static const struct sock_filter preauth_
#ifdef __NR_gettimeofday
SC_ALLOW(gettimeofday),
#endif
@ -1866,9 +1822,9 @@ diff -up openssh-7.0p1/sandbox-seccomp-filter.c.audit openssh-7.0p1/sandbox-secc
#ifdef __NR_madvise
SC_ALLOW(madvise),
#endif
diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
--- openssh-7.0p1/session.c.audit 2015-08-12 11:33:00.379914337 +0200
+++ openssh-7.0p1/session.c 2015-08-12 11:33:00.416914280 +0200
diff -up openssh-7.2p1/session.c.audit openssh-7.2p1/session.c
--- openssh-7.2p1/session.c.audit 2016-02-12 18:24:34.177825194 +0100
+++ openssh-7.2p1/session.c 2016-02-12 18:24:34.226825175 +0100
@@ -139,7 +139,7 @@ extern int log_stderr;
extern int debug_flag;
extern u_int utmp_len;
@ -1894,7 +1850,7 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
s->ptymaster = ptymaster;
packet_set_interactive(1,
@@ -853,15 +861,19 @@ do_exec(Session *s, const char *command)
get_remote_port());
s->self);
#ifdef SSH_AUDIT_EVENTS
+ if (s->command != NULL || s->command_handle != -1)
@ -1915,7 +1871,7 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
#endif
if (s->ttyfd != -1)
ret = do_exec_pty(s, command);
@@ -1704,7 +1716,10 @@ do_child(Session *s, const char *command
@@ -1695,7 +1707,10 @@ do_child(Session *s, const char *command
int r = 0;
/* remove hostkey from the child's memory */
@ -1927,7 +1883,7 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
/* Force a password change */
if (s->authctxt->force_pwchange) {
@@ -1934,6 +1949,7 @@ session_unused(int id)
@@ -1925,6 +1940,7 @@ session_unused(int id)
sessions[id].ttyfd = -1;
sessions[id].ptymaster = -1;
sessions[id].x11_chanids = NULL;
@ -1935,7 +1891,7 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
sessions[id].next_unused = sessions_first_unused;
sessions_first_unused = id;
}
@@ -2016,6 +2032,19 @@ session_open(Authctxt *authctxt, int cha
@@ -2007,6 +2023,19 @@ session_open(Authctxt *authctxt, int cha
}
Session *
@ -1955,7 +1911,7 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
session_by_tty(char *tty)
{
int i;
@@ -2532,6 +2561,32 @@ session_exit_message(Session *s, int sta
@@ -2523,6 +2552,32 @@ session_exit_message(Session *s, int sta
chan_write_failed(c);
}
@ -1988,8 +1944,8 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
void
session_close(Session *s)
{
@@ -2540,6 +2595,10 @@ session_close(Session *s)
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
@@ -2531,6 +2586,10 @@ session_close(Session *s)
if (s->ttyfd != -1)
session_pty_cleanup(s);
+#ifdef SSH_AUDIT_EVENTS
@ -1999,7 +1955,7 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
free(s->term);
free(s->display);
free(s->x11_chanids);
@@ -2754,6 +2813,15 @@ do_authenticated2(Authctxt *authctxt)
@@ -2745,6 +2804,15 @@ do_authenticated2(Authctxt *authctxt)
server_loop2(authctxt);
}
@ -2015,16 +1971,16 @@ diff -up openssh-7.0p1/session.c.audit openssh-7.0p1/session.c
void
do_cleanup(Authctxt *authctxt)
{
@@ -2802,5 +2870,5 @@ do_cleanup(Authctxt *authctxt)
@@ -2793,5 +2861,5 @@ do_cleanup(Authctxt *authctxt)
* or if running in monitor.
*/
if (!use_privsep || mm_is_monitor())
- session_destroy_all(session_pty_cleanup2);
+ session_destroy_all(do_cleanup_one_session);
}
diff -up openssh-7.0p1/session.h.audit openssh-7.0p1/session.h
--- openssh-7.0p1/session.h.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/session.h 2015-08-12 11:33:00.416914280 +0200
diff -up openssh-7.2p1/session.h.audit openssh-7.2p1/session.h
--- openssh-7.2p1/session.h.audit 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/session.h 2016-02-12 18:24:34.226825175 +0100
@@ -61,6 +61,12 @@ struct Session {
char *name;
char *val;
@ -2049,18 +2005,18 @@ diff -up openssh-7.0p1/session.h.audit openssh-7.0p1/session.h
Session *session_by_tty(char *);
void session_close(Session *);
void do_setusercontext(struct passwd *);
diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
--- openssh-7.0p1/sshd.c.audit 2015-08-12 11:33:00.388914323 +0200
+++ openssh-7.0p1/sshd.c 2015-08-12 11:33:00.417914278 +0200
@@ -122,6 +122,7 @@
diff -up openssh-7.2p1/sshd.c.audit openssh-7.2p1/sshd.c
--- openssh-7.2p1/sshd.c.audit 2016-02-12 18:24:34.189825190 +0100
+++ openssh-7.2p1/sshd.c 2016-02-12 18:44:44.650639338 +0100
@@ -121,6 +121,7 @@
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "roaming.h"
+#include "audit.h"
#include "ssh-sandbox.h"
#include "version.h"
#include "ssherr.h"
@@ -261,7 +262,7 @@ Buffer loginmsg;
@@ -260,7 +261,7 @@ Buffer loginmsg;
struct passwd *privsep_pw = NULL;
/* Prototypes for various functions defined later in this file. */
@ -2069,7 +2025,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
void demote_sensitive_data(void);
#ifdef WITH_SSH1
@@ -282,6 +283,15 @@ close_listen_socks(void)
@@ -281,6 +282,15 @@ close_listen_socks(void)
num_listen_socks = -1;
}
@ -2085,7 +2041,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
static void
close_startup_pipes(void)
{
@@ -561,22 +571,45 @@ sshd_exchange_identification(int sock_in
@@ -560,22 +570,45 @@ sshd_exchange_identification(int sock_in
}
}
@ -2134,7 +2090,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
key_free(sensitive_data.host_certificates[i]);
sensitive_data.host_certificates[i] = NULL;
}
@@ -590,6 +623,8 @@ void
@@ -589,6 +622,8 @@ void
demote_sensitive_data(void)
{
Key *tmp;
@ -2143,7 +2099,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
int i;
if (sensitive_data.server_key) {
@@ -598,13 +633,25 @@ demote_sensitive_data(void)
@@ -597,13 +632,25 @@ demote_sensitive_data(void)
sensitive_data.server_key = tmp;
}
@ -2169,7 +2125,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
}
/* Certs do not need demotion */
}
@@ -676,7 +723,7 @@ privsep_preauth(Authctxt *authctxt)
@@ -675,7 +722,7 @@ privsep_preauth(Authctxt *authctxt)
if (use_privsep == PRIVSEP_ON)
box = ssh_sandbox_init(pmonitor);
@ -2191,7 +2147,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
monitor_child_postauth(pmonitor);
/* NEVERREACHED */
@@ -1292,6 +1345,7 @@ server_accept_loop(int *sock_in, int *so
@@ -1293,6 +1346,7 @@ server_accept_loop(int *sock_in, int *so
if (received_sigterm) {
logit("Received signal %d; terminating.",
(int) received_sigterm);
@ -2199,7 +2155,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
close_listen_socks();
if (options.pid_file != NULL)
unlink(options.pid_file);
@@ -2255,6 +2309,7 @@ main(int ac, char **av)
@@ -2256,6 +2310,7 @@ main(int ac, char **av)
*/
if (use_privsep) {
mm_send_keystate(pmonitor);
@ -2207,7 +2163,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
exit(0);
}
@@ -2300,7 +2355,7 @@ main(int ac, char **av)
@@ -2301,7 +2356,7 @@ main(int ac, char **av)
privsep_postauth(authctxt);
/* the monitor process [priv] will not return */
if (!compat20)
@ -2216,7 +2172,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
}
packet_set_timeout(options.client_alive_interval,
@@ -2314,6 +2369,9 @@ main(int ac, char **av)
@@ -2315,6 +2370,9 @@ main(int ac, char **av)
do_authenticated(authctxt);
/* The connection has been terminated. */
@ -2226,7 +2182,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
packet_get_bytes(&ibytes, &obytes);
verbose("Transferred: sent %llu, received %llu bytes",
(unsigned long long)obytes, (unsigned long long)ibytes);
@@ -2474,6 +2532,10 @@ do_ssh1_kex(void)
@@ -2475,6 +2533,10 @@ do_ssh1_kex(void)
if (cookie[i] != packet_get_char())
packet_disconnect("IP Spoofing check bytes do not match.");
@ -2237,7 +2193,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
debug("Encryption type: %.200s", cipher_name(cipher_type));
/* Get the encrypted integer. */
@@ -2533,7 +2595,7 @@ do_ssh1_kex(void)
@@ -2534,7 +2596,7 @@ do_ssh1_kex(void)
}
/* Destroy the private and public keys. No longer. */
@ -2246,7 +2202,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
if (use_privsep)
mm_ssh1_session_id(session_id);
@@ -2705,6 +2767,16 @@ do_ssh2_kex(void)
@@ -2708,6 +2770,16 @@ do_ssh2_kex(void)
void
cleanup_exit(int i)
{
@ -2263,7 +2219,7 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
if (the_authctxt) {
do_cleanup(the_authctxt);
if (use_privsep && privsep_is_preauth &&
@@ -2716,9 +2788,14 @@ cleanup_exit(int i)
@@ -2719,9 +2791,14 @@ cleanup_exit(int i)
pmonitor->m_pid, strerror(errno));
}
}
@ -2279,10 +2235,10 @@ diff -up openssh-7.0p1/sshd.c.audit openssh-7.0p1/sshd.c
audit_event(SSH_CONNECTION_ABANDON);
#endif
_exit(i);
diff -up openssh-7.0p1/sshkey.c.audit openssh-7.0p1/sshkey.c
--- openssh-7.0p1/sshkey.c.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/sshkey.c 2015-08-12 11:33:00.417914278 +0200
@@ -299,6 +299,33 @@ sshkey_type_is_valid_ca(int type)
diff -up openssh-7.2p1/sshkey.c.audit openssh-7.2p1/sshkey.c
--- openssh-7.2p1/sshkey.c.audit 2016-02-12 18:24:34.157825202 +0100
+++ openssh-7.2p1/sshkey.c 2016-02-12 18:24:34.228825175 +0100
@@ -303,6 +303,33 @@ sshkey_type_is_valid_ca(int type)
}
int
@ -2316,10 +2272,10 @@ diff -up openssh-7.0p1/sshkey.c.audit openssh-7.0p1/sshkey.c
sshkey_is_cert(const struct sshkey *k)
{
if (k == NULL)
diff -up openssh-7.0p1/sshkey.h.audit openssh-7.0p1/sshkey.h
--- openssh-7.0p1/sshkey.h.audit 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/sshkey.h 2015-08-12 11:33:00.417914278 +0200
@@ -132,6 +132,7 @@ u_int sshkey_size(const struct sshkey
diff -up openssh-7.2p1/sshkey.h.audit openssh-7.2p1/sshkey.h
--- openssh-7.2p1/sshkey.h.audit 2016-02-12 18:24:34.157825202 +0100
+++ openssh-7.2p1/sshkey.h 2016-02-12 18:24:34.228825175 +0100
@@ -133,6 +133,7 @@ u_int sshkey_size(const struct sshkey
int sshkey_generate(int type, u_int bits, struct sshkey **keyp);
int sshkey_from_private(const struct sshkey *, struct sshkey **);
int sshkey_type_from_name(const char *);

View File

@ -1,6 +1,6 @@
diff -up openssh-7.0p1/auth2.c.gsskex openssh-7.0p1/auth2.c
--- openssh-7.0p1/auth2.c.gsskex 2015-08-12 11:15:43.625548999 +0200
+++ openssh-7.0p1/auth2.c 2015-08-12 11:15:43.692548892 +0200
diff -up openssh-7.2p1/auth2.c.gsskex openssh-7.2p1/auth2.c
--- openssh-7.2p1/auth2.c.gsskex 2016-02-19 10:01:04.829969345 +0100
+++ openssh-7.2p1/auth2.c 2016-02-19 10:01:04.865969325 +0100
@@ -70,6 +70,7 @@ extern Authmethod method_passwd;
extern Authmethod method_kbdint;
extern Authmethod method_hostbased;
@ -17,9 +17,9 @@ diff -up openssh-7.0p1/auth2.c.gsskex openssh-7.0p1/auth2.c
&method_gssapi,
#endif
&method_passwd,
diff -up openssh-7.0p1/auth2-gss.c.gsskex openssh-7.0p1/auth2-gss.c
--- openssh-7.0p1/auth2-gss.c.gsskex 2015-08-12 11:15:43.624549001 +0200
+++ openssh-7.0p1/auth2-gss.c 2015-08-12 11:15:43.692548892 +0200
diff -up openssh-7.2p1/auth2-gss.c.gsskex openssh-7.2p1/auth2-gss.c
--- openssh-7.2p1/auth2-gss.c.gsskex 2016-02-19 10:01:04.829969345 +0100
+++ openssh-7.2p1/auth2-gss.c 2016-02-19 10:01:04.865969325 +0100
@@ -31,6 +31,7 @@
#include <sys/types.h>
@ -102,10 +102,21 @@ diff -up openssh-7.0p1/auth2-gss.c.gsskex openssh-7.0p1/auth2-gss.c
Authmethod method_gssapi = {
"gssapi-with-mic",
userauth_gssapi,
diff -up openssh-7.0p1/clientloop.c.gsskex openssh-7.0p1/clientloop.c
--- openssh-7.0p1/clientloop.c.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/clientloop.c 2015-08-12 11:15:43.693548890 +0200
@@ -115,6 +115,10 @@
diff -up openssh-7.2p1/auth.c.gsskex openssh-7.2p1/auth.c
--- openssh-7.2p1/auth.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/auth.c 2016-02-19 10:01:04.866969324 +0100
@@ -354,6 +354,7 @@ auth_root_allowed(const char *method)
case PERMIT_NO_PASSWD:
if (strcmp(method, "publickey") == 0 ||
strcmp(method, "hostbased") == 0 ||
+ strcmp(method, "gssapi-keyex") == 0 ||
strcmp(method, "gssapi-with-mic") == 0)
return 1;
break;
diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c
--- openssh-7.2p1/clientloop.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/clientloop.c 2016-02-19 10:01:04.866969324 +0100
@@ -114,6 +114,10 @@
#include "ssherr.h"
#include "hostfile.h"
@ -116,11 +127,14 @@ diff -up openssh-7.0p1/clientloop.c.gsskex openssh-7.0p1/clientloop.c
/* import options */
extern Options options;
@@ -1610,6 +1614,15 @@ client_loop(int have_pty, int escape_cha
@@ -1662,9 +1666,18 @@ client_loop(int have_pty, int escape_cha
break;
/* Do channel operations unless rekeying in progress. */
if (!rekeying) {
- if (!ssh_packet_is_rekeying(active_state))
+ if (!ssh_packet_is_rekeying(active_state)) {
channel_after_select(readset, writeset);
+
+#ifdef GSSAPI
+ if (options.gss_renewal_rekey &&
+ ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
@ -128,14 +142,15 @@ diff -up openssh-7.0p1/clientloop.c.gsskex openssh-7.0p1/clientloop.c
+ need_rekeying = 1;
+ }
+#endif
+ }
+
if (need_rekeying || packet_need_rekeying()) {
debug("need rekeying");
active_state->kex->done = 0;
diff -up openssh-7.0p1/configure.ac.gsskex openssh-7.0p1/configure.ac
--- openssh-7.0p1/configure.ac.gsskex 2015-08-12 11:15:43.675548919 +0200
+++ openssh-7.0p1/configure.ac 2015-08-12 11:15:43.694548889 +0200
@@ -625,6 +625,30 @@ main() { if (NSVersionOfRunTimeLibrary("
/* Buffer input from the connection. */
client_process_net_input(readset);
diff -up openssh-7.2p1/configure.ac.gsskex openssh-7.2p1/configure.ac
--- openssh-7.2p1/configure.ac.gsskex 2016-02-19 10:01:04.857969329 +0100
+++ openssh-7.2p1/configure.ac 2016-02-19 10:01:04.867969323 +0100
@@ -632,6 +632,30 @@ main() { if (NSVersionOfRunTimeLibrary("
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
[Prepend the address family to IP tunnel traffic])
@ -166,9 +181,9 @@ diff -up openssh-7.0p1/configure.ac.gsskex openssh-7.0p1/configure.ac
m4_pattern_allow([AU_IPv])
AC_CHECK_DECL([AU_IPv4], [],
AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
diff -up openssh-7.0p1/gss-genr.c.gsskex openssh-7.0p1/gss-genr.c
--- openssh-7.0p1/gss-genr.c.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/gss-genr.c 2015-08-12 11:15:43.694548889 +0200
diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
--- openssh-7.2p1/gss-genr.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/gss-genr.c 2016-02-19 10:01:04.867969323 +0100
@@ -41,12 +41,167 @@
#include "buffer.h"
#include "log.h"
@ -506,9 +521,9 @@ diff -up openssh-7.0p1/gss-genr.c.gsskex openssh-7.0p1/gss-genr.c
+}
+
#endif /* GSSAPI */
diff -up openssh-7.0p1/gss-serv.c.gsskex openssh-7.0p1/gss-serv.c
--- openssh-7.0p1/gss-serv.c.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/gss-serv.c 2015-08-12 11:15:43.694548889 +0200
diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c
--- openssh-7.2p1/gss-serv.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/gss-serv.c 2016-02-19 10:01:04.867969323 +0100
@@ -45,17 +45,19 @@
#include "session.h"
#include "misc.h"
@ -791,9 +806,9 @@ diff -up openssh-7.0p1/gss-serv.c.gsskex openssh-7.0p1/gss-serv.c
}
#endif
diff -up openssh-7.0p1/gss-serv-krb5.c.gsskex openssh-7.0p1/gss-serv-krb5.c
--- openssh-7.0p1/gss-serv-krb5.c.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/gss-serv-krb5.c 2015-08-12 11:15:43.694548889 +0200
diff -up openssh-7.2p1/gss-serv-krb5.c.gsskex openssh-7.2p1/gss-serv-krb5.c
--- openssh-7.2p1/gss-serv-krb5.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/gss-serv-krb5.c 2016-02-19 10:01:04.867969323 +0100
@@ -121,7 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
krb5_error_code problem;
krb5_principal princ;
@ -921,10 +936,10 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.gsskex openssh-7.0p1/gss-serv-krb5.c
};
#endif /* KRB5 */
diff -up openssh-7.0p1/kex.c.gsskex openssh-7.0p1/kex.c
--- openssh-7.0p1/kex.c.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/kex.c 2015-08-12 11:15:43.695548887 +0200
@@ -55,6 +55,10 @@
diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c
--- openssh-7.2p1/kex.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/kex.c 2016-02-19 10:01:04.868969323 +0100
@@ -54,6 +54,10 @@
#include "sshbuf.h"
#include "digest.h"
@ -935,7 +950,7 @@ diff -up openssh-7.0p1/kex.c.gsskex openssh-7.0p1/kex.c
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256
@@ -95,6 +99,11 @@ static const struct kexalg kexalgs[] = {
@@ -107,6 +111,11 @@ static const struct kexalg kexalgs[] = {
#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
@ -947,7 +962,7 @@ diff -up openssh-7.0p1/kex.c.gsskex openssh-7.0p1/kex.c
{ NULL, -1, -1, -1},
};
@@ -128,6 +137,12 @@ kex_alg_by_name(const char *name)
@@ -140,6 +149,12 @@ kex_alg_by_name(const char *name)
for (k = kexalgs; k->name != NULL; k++) {
if (strcmp(k->name, name) == 0)
return k;
@ -960,9 +975,9 @@ diff -up openssh-7.0p1/kex.c.gsskex openssh-7.0p1/kex.c
}
return NULL;
}
diff -up openssh-7.0p1/kexgssc.c.gsskex openssh-7.0p1/kexgssc.c
--- openssh-7.0p1/kexgssc.c.gsskex 2015-08-12 11:15:43.695548887 +0200
+++ openssh-7.0p1/kexgssc.c 2015-08-12 11:15:43.695548887 +0200
diff -up openssh-7.2p1/kexgssc.c.gsskex openssh-7.2p1/kexgssc.c
--- openssh-7.2p1/kexgssc.c.gsskex 2016-02-19 10:01:04.868969323 +0100
+++ openssh-7.2p1/kexgssc.c 2016-02-19 10:01:04.868969323 +0100
@@ -0,0 +1,338 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@ -1302,9 +1317,9 @@ diff -up openssh-7.0p1/kexgssc.c.gsskex openssh-7.0p1/kexgssc.c
+}
+
+#endif /* GSSAPI */
diff -up openssh-7.0p1/kexgsss.c.gsskex openssh-7.0p1/kexgsss.c
--- openssh-7.0p1/kexgsss.c.gsskex 2015-08-12 11:15:43.695548887 +0200
+++ openssh-7.0p1/kexgsss.c 2015-08-12 11:15:43.695548887 +0200
diff -up openssh-7.2p1/kexgsss.c.gsskex openssh-7.2p1/kexgsss.c
--- openssh-7.2p1/kexgsss.c.gsskex 2016-02-19 10:01:04.868969323 +0100
+++ openssh-7.2p1/kexgsss.c 2016-02-19 10:01:04.868969323 +0100
@@ -0,0 +1,295 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@ -1601,10 +1616,10 @@ diff -up openssh-7.0p1/kexgsss.c.gsskex openssh-7.0p1/kexgsss.c
+ return 0;
+}
+#endif /* GSSAPI */
diff -up openssh-7.0p1/kex.h.gsskex openssh-7.0p1/kex.h
--- openssh-7.0p1/kex.h.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/kex.h 2015-08-12 11:17:44.694354889 +0200
@@ -93,6 +93,11 @@ enum kex_exchange {
diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h
--- openssh-7.2p1/kex.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/kex.h 2016-02-19 10:01:04.868969323 +0100
@@ -92,6 +92,11 @@ enum kex_exchange {
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
KEX_C25519_SHA256,
@ -1616,7 +1631,7 @@ diff -up openssh-7.0p1/kex.h.gsskex openssh-7.0p1/kex.h
KEX_MAX
};
@@ -139,6 +144,12 @@ struct kex {
@@ -140,6 +145,12 @@ struct kex {
u_int flags;
int hash_alg;
int ec_nid;
@ -1629,7 +1644,7 @@ diff -up openssh-7.0p1/kex.h.gsskex openssh-7.0p1/kex.h
char *client_version_string;
char *server_version_string;
char *failed_choice;
@@ -186,6 +197,10 @@ int kexecdh_client(struct ssh *);
@@ -189,6 +200,10 @@ int kexecdh_client(struct ssh *);
int kexecdh_server(struct ssh *);
int kexc25519_client(struct ssh *);
int kexc25519_server(struct ssh *);
@ -1640,9 +1655,9 @@ diff -up openssh-7.0p1/kex.h.gsskex openssh-7.0p1/kex.h
int kex_dh_hash(const char *, const char *,
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
diff -up openssh-7.0p1/Makefile.in.gsskex openssh-7.0p1/Makefile.in
--- openssh-7.0p1/Makefile.in.gsskex 2015-08-12 11:15:43.686548901 +0200
+++ openssh-7.0p1/Makefile.in 2015-08-12 11:15:43.695548887 +0200
diff -up openssh-7.2p1/Makefile.in.gsskex openssh-7.2p1/Makefile.in
--- openssh-7.2p1/Makefile.in.gsskex 2016-02-19 10:01:04.864969325 +0100
+++ openssh-7.2p1/Makefile.in 2016-02-19 10:01:04.868969323 +0100
@@ -90,6 +90,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \
@ -1659,11 +1674,11 @@ diff -up openssh-7.0p1/Makefile.in.gsskex openssh-7.0p1/Makefile.in
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
sftp-server.o sftp-common.o \
roaming_common.o roaming_serv.o \
diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
--- openssh-7.0p1/monitor.c.gsskex 2015-08-12 11:15:43.626548998 +0200
+++ openssh-7.0p1/monitor.c 2015-08-12 11:15:43.696548885 +0200
@@ -160,6 +160,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c
--- openssh-7.2p1/monitor.c.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor.c 2016-02-19 10:01:04.869969322 +0100
@@ -159,6 +159,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
int mm_answer_gss_accept_ctx(int, Buffer *);
int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_checkmic(int, Buffer *);
@ -1672,7 +1687,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
#endif
#ifdef SSH_AUDIT_EVENTS
@@ -240,11 +242,18 @@ struct mon_table mon_dispatch_proto20[]
@@ -239,11 +241,18 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
@ -1691,7 +1706,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
#ifdef WITH_OPENSSL
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
#endif
@@ -359,6 +368,10 @@ monitor_child_preauth(Authctxt *_authctx
@@ -358,6 +367,10 @@ monitor_child_preauth(Authctxt *_authctx
/* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@ -1702,7 +1717,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
} else {
mon_dispatch = mon_dispatch_proto15;
@@ -467,6 +480,10 @@ monitor_child_postauth(struct monitor *p
@@ -466,6 +479,10 @@ monitor_child_postauth(struct monitor *p
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@ -1713,7 +1728,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
} else {
mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -1896,6 +1913,13 @@ monitor_apply_keystate(struct monitor *p
@@ -1893,6 +1910,13 @@ monitor_apply_keystate(struct monitor *p
# endif
#endif /* WITH_OPENSSL */
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@ -1727,7 +1742,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
@@ -1995,6 +2019,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
@@ -1992,6 +2016,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
OM_uint32 major;
u_int len;
@ -1737,7 +1752,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
goid.elements = buffer_get_string(m, &len);
goid.length = len;
@@ -2022,6 +2049,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
@@ -2019,6 +2046,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
OM_uint32 flags = 0; /* GSI needs this */
u_int len;
@ -1747,7 +1762,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
in.value = buffer_get_string(m, &len);
in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
@@ -2039,6 +2069,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
@@ -2036,6 +2066,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@ -1755,7 +1770,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
}
return (0);
}
@@ -2050,6 +2081,9 @@ mm_answer_gss_checkmic(int sock, Buffer
@@ -2047,6 +2078,9 @@ mm_answer_gss_checkmic(int sock, Buffer
OM_uint32 ret;
u_int len;
@ -1765,7 +1780,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len;
mic.value = buffer_get_string(m, &len);
@@ -2076,7 +2110,11 @@ mm_answer_gss_userok(int sock, Buffer *m
@@ -2073,7 +2107,11 @@ mm_answer_gss_userok(int sock, Buffer *m
{
int authenticated;
@ -1778,7 +1793,7 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
buffer_clear(m);
buffer_put_int(m, authenticated);
@@ -2089,5 +2127,73 @@ mm_answer_gss_userok(int sock, Buffer *m
@@ -2086,5 +2124,73 @@ mm_answer_gss_userok(int sock, Buffer *m
/* Monitor loop will terminate if authenticated */
return (authenticated);
}
@ -1852,9 +1867,9 @@ diff -up openssh-7.0p1/monitor.c.gsskex openssh-7.0p1/monitor.c
+
#endif /* GSSAPI */
diff -up openssh-7.0p1/monitor.h.gsskex openssh-7.0p1/monitor.h
--- openssh-7.0p1/monitor.h.gsskex 2015-08-12 11:15:43.626548998 +0200
+++ openssh-7.0p1/monitor.h 2015-08-12 11:15:43.696548885 +0200
diff -up openssh-7.2p1/monitor.h.gsskex openssh-7.2p1/monitor.h
--- openssh-7.2p1/monitor.h.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor.h 2016-02-19 10:01:04.869969322 +0100
@@ -60,6 +60,8 @@ enum monitor_reqtype {
#ifdef WITH_SELINUX
MONITOR_REQ_AUTHROLE = 80,
@ -1864,9 +1879,9 @@ diff -up openssh-7.0p1/monitor.h.gsskex openssh-7.0p1/monitor.h
MONITOR_REQ_PAM_START = 100,
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
diff -up openssh-7.0p1/monitor_wrap.c.gsskex openssh-7.0p1/monitor_wrap.c
--- openssh-7.0p1/monitor_wrap.c.gsskex 2015-08-12 11:15:43.626548998 +0200
+++ openssh-7.0p1/monitor_wrap.c 2015-08-12 11:15:43.697548884 +0200
diff -up openssh-7.2p1/monitor_wrap.c.gsskex openssh-7.2p1/monitor_wrap.c
--- openssh-7.2p1/monitor_wrap.c.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor_wrap.c 2016-02-19 10:01:04.869969322 +0100
@@ -1087,7 +1087,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
}
@ -1927,9 +1942,9 @@ diff -up openssh-7.0p1/monitor_wrap.c.gsskex openssh-7.0p1/monitor_wrap.c
+
#endif /* GSSAPI */
diff -up openssh-7.0p1/monitor_wrap.h.gsskex openssh-7.0p1/monitor_wrap.h
--- openssh-7.0p1/monitor_wrap.h.gsskex 2015-08-12 11:15:43.626548998 +0200
+++ openssh-7.0p1/monitor_wrap.h 2015-08-12 11:15:43.697548884 +0200
diff -up openssh-7.2p1/monitor_wrap.h.gsskex openssh-7.2p1/monitor_wrap.h
--- openssh-7.2p1/monitor_wrap.h.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor_wrap.h 2016-02-19 10:01:04.869969322 +0100
@@ -61,8 +61,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
@ -1942,10 +1957,10 @@ diff -up openssh-7.0p1/monitor_wrap.h.gsskex openssh-7.0p1/monitor_wrap.h
#endif
#ifdef USE_PAM
diff -up openssh-7.0p1/readconf.c.gsskex openssh-7.0p1/readconf.c
--- openssh-7.0p1/readconf.c.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/readconf.c 2015-08-12 11:15:43.697548884 +0200
@@ -147,6 +147,8 @@ typedef enum {
diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c
--- openssh-7.2p1/readconf.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/readconf.c 2016-02-19 10:01:04.870969322 +0100
@@ -148,6 +148,8 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@ -1954,7 +1969,7 @@ diff -up openssh-7.0p1/readconf.c.gsskex openssh-7.0p1/readconf.c
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
@@ -192,10 +194,19 @@ static struct {
@@ -193,10 +195,19 @@ static struct {
{ "afstokenpassing", oUnsupported },
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
@ -1974,7 +1989,7 @@ diff -up openssh-7.0p1/readconf.c.gsskex openssh-7.0p1/readconf.c
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
@@ -894,10 +905,30 @@ parse_time:
@@ -926,10 +937,30 @@ parse_time:
intptr = &options->gss_authentication;
goto parse_flag;
@ -2005,7 +2020,7 @@ diff -up openssh-7.0p1/readconf.c.gsskex openssh-7.0p1/readconf.c
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
@@ -1601,7 +1632,12 @@ initialize_options(Options * options)
@@ -1648,7 +1679,12 @@ initialize_options(Options * options)
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
@ -2018,7 +2033,7 @@ diff -up openssh-7.0p1/readconf.c.gsskex openssh-7.0p1/readconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
@@ -1729,8 +1765,14 @@ fill_default_options(Options * options)
@@ -1777,8 +1813,14 @@ fill_default_options(Options * options)
options->challenge_response_authentication = 1;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@ -2033,9 +2048,9 @@ diff -up openssh-7.0p1/readconf.c.gsskex openssh-7.0p1/readconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
diff -up openssh-7.0p1/readconf.h.gsskex openssh-7.0p1/readconf.h
--- openssh-7.0p1/readconf.h.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/readconf.h 2015-08-12 11:15:43.697548884 +0200
diff -up openssh-7.2p1/readconf.h.gsskex openssh-7.2p1/readconf.h
--- openssh-7.2p1/readconf.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/readconf.h 2016-02-19 10:01:04.870969322 +0100
@@ -45,7 +45,12 @@ typedef struct {
int challenge_response_authentication;
/* Try S/Key or TIS, authentication. */
@ -2049,9 +2064,9 @@ diff -up openssh-7.0p1/readconf.h.gsskex openssh-7.0p1/readconf.h
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
diff -up openssh-7.0p1/regress/cert-hostkey.sh.gsskex openssh-7.0p1/regress/cert-hostkey.sh
--- openssh-7.0p1/regress/cert-hostkey.sh.gsskex 2015-08-12 11:15:43.698548882 +0200
+++ openssh-7.0p1/regress/cert-hostkey.sh 2015-08-12 11:16:52.511438554 +0200
diff -up openssh-7.2p1/regress/cert-hostkey.sh.gsskex openssh-7.2p1/regress/cert-hostkey.sh
--- openssh-7.2p1/regress/cert-hostkey.sh.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/regress/cert-hostkey.sh 2016-02-19 10:01:04.870969322 +0100
@@ -46,7 +46,7 @@ touch $OBJ/host_revoked_plain
touch $OBJ/host_revoked_cert
cp $OBJ/host_ca_key.pub $OBJ/host_revoked_ca
@ -2061,9 +2076,9 @@ diff -up openssh-7.0p1/regress/cert-hostkey.sh.gsskex openssh-7.0p1/regress/cert
# Prepare certificate, plain key and CA KRLs
${SSHKEYGEN} -kf $OBJ/host_krl_empty || fatal "KRL init failed"
diff -up openssh-7.0p1/regress/cert-userkey.sh.gsskex openssh-7.0p1/regress/cert-userkey.sh
--- openssh-7.0p1/regress/cert-userkey.sh.gsskex 2015-08-12 11:15:43.698548882 +0200
+++ openssh-7.0p1/regress/cert-userkey.sh 2015-08-12 11:20:30.110089677 +0200
diff -up openssh-7.2p1/regress/cert-userkey.sh.gsskex openssh-7.2p1/regress/cert-userkey.sh
--- openssh-7.2p1/regress/cert-userkey.sh.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/regress/cert-userkey.sh 2016-02-19 10:01:04.870969322 +0100
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
@ -2073,9 +2088,9 @@ diff -up openssh-7.0p1/regress/cert-userkey.sh.gsskex openssh-7.0p1/regress/cert
kname() {
n=`echo "$1" | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/'`
diff -up openssh-7.0p1/regress/kextype.sh.gsskex openssh-7.0p1/regress/kextype.sh
--- openssh-7.0p1/regress/kextype.sh.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/regress/kextype.sh 2015-08-12 11:15:43.698548882 +0200
diff -up openssh-7.2p1/regress/kextype.sh.gsskex openssh-7.2p1/regress/kextype.sh
--- openssh-7.2p1/regress/kextype.sh.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/regress/kextype.sh 2016-02-19 10:01:04.870969322 +0100
@@ -14,6 +14,9 @@ echo "KexAlgorithms=$KEXOPT" >> $OBJ/ssh
tries="1 2 3 4"
@ -2086,9 +2101,9 @@ diff -up openssh-7.0p1/regress/kextype.sh.gsskex openssh-7.0p1/regress/kextype.s
verbose "kex $k"
for i in $tries; do
${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true
diff -up openssh-7.0p1/regress/rekey.sh.gsskex openssh-7.0p1/regress/rekey.sh
--- openssh-7.0p1/regress/rekey.sh.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/regress/rekey.sh 2015-08-12 11:15:43.698548882 +0200
diff -up openssh-7.2p1/regress/rekey.sh.gsskex openssh-7.2p1/regress/rekey.sh
--- openssh-7.2p1/regress/rekey.sh.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/regress/rekey.sh 2016-02-19 10:01:04.870969322 +0100
@@ -38,6 +38,9 @@ increase_datafile_size 300
opts=""
@ -2109,9 +2124,9 @@ diff -up openssh-7.0p1/regress/rekey.sh.gsskex openssh-7.0p1/regress/rekey.sh
verbose "client rekey $c $kex"
ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c
done
diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
--- openssh-7.0p1/servconf.c.gsskex 2015-08-12 11:15:43.676548918 +0200
+++ openssh-7.0p1/servconf.c 2015-08-12 11:22:32.686893730 +0200
diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
--- openssh-7.2p1/servconf.c.gsskex 2016-02-19 10:01:04.857969329 +0100
+++ openssh-7.2p1/servconf.c 2016-02-19 10:01:04.870969322 +0100
@@ -117,8 +117,10 @@ initialize_server_options(ServerOptions
options->kerberos_ticket_cleanup = -1;
options->kerberos_get_afs_token = -1;
@ -2123,7 +2138,7 @@ diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
@@ -276,10 +278,14 @@ fill_default_server_options(ServerOption
@@ -288,10 +290,14 @@ fill_default_server_options(ServerOption
options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@ -2138,7 +2153,7 @@ diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -415,7 +421,7 @@ typedef enum {
@@ -422,7 +428,7 @@ typedef enum {
sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@ -2147,7 +2162,7 @@ diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
@@ -489,11 +495,17 @@ static struct {
@@ -496,11 +502,17 @@ static struct {
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
@ -2165,7 +2180,7 @@ diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
@@ -1235,6 +1247,10 @@ process_server_config_line(ServerOptions
@@ -1246,6 +1258,10 @@ process_server_config_line(ServerOptions
intptr = &options->gss_authentication;
goto parse_flag;
@ -2176,7 +2191,7 @@ diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
goto parse_flag;
@@ -1243,6 +1259,10 @@ process_server_config_line(ServerOptions
@@ -1254,6 +1270,10 @@ process_server_config_line(ServerOptions
intptr = &options->gss_strict_acceptor;
goto parse_flag;
@ -2187,7 +2202,7 @@ diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
@@ -2255,6 +2275,9 @@ dump_config(ServerOptions *o)
@@ -2274,6 +2294,9 @@ dump_config(ServerOptions *o)
#ifdef GSSAPI
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
@ -2197,9 +2212,9 @@ diff -up openssh-7.0p1/servconf.c.gsskex openssh-7.0p1/servconf.c
#endif
dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
dump_cfg_fmtint(sKbdInteractiveAuthentication,
diff -up openssh-7.0p1/servconf.h.gsskex openssh-7.0p1/servconf.h
--- openssh-7.0p1/servconf.h.gsskex 2015-08-12 11:15:43.676548918 +0200
+++ openssh-7.0p1/servconf.h 2015-08-12 11:15:43.700548879 +0200
diff -up openssh-7.2p1/servconf.h.gsskex openssh-7.2p1/servconf.h
--- openssh-7.2p1/servconf.h.gsskex 2016-02-19 10:01:04.857969329 +0100
+++ openssh-7.2p1/servconf.h 2016-02-19 10:01:04.871969321 +0100
@@ -118,8 +118,10 @@ typedef struct {
int kerberos_get_afs_token; /* If true, try to get AFS token if
* authenticated with Kerberos. */
@ -2211,19 +2226,18 @@ diff -up openssh-7.0p1/servconf.h.gsskex openssh-7.0p1/servconf.h
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
diff -up openssh-7.0p1/ssh_config.5.gsskex openssh-7.0p1/ssh_config.5
--- openssh-7.0p1/ssh_config.5.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/ssh_config.5 2015-08-12 11:15:43.700548879 +0200
@@ -749,11 +749,43 @@ Specifies whether user authentication ba
diff -up openssh-7.2p1/ssh_config.5.gsskex openssh-7.2p1/ssh_config.5
--- openssh-7.2p1/ssh_config.5.gsskex 2016-02-19 10:01:04.871969321 +0100
+++ openssh-7.2p1/ssh_config.5 2016-02-19 10:05:58.630146245 +0100
@@ -824,10 +824,40 @@ The default is
Specifies whether user authentication based on GSSAPI is allowed.
The default is
.Dq no .
Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI may be used. When using
+GSSAPI key exchange the server need not have a host key.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIClientIdentity
+If set, specifies the GSSAPI client identity that ssh should use when
+connecting to the server. The default is unset, which means that the default
@ -2237,8 +2251,6 @@ diff -up openssh-7.0p1/ssh_config.5.gsskex openssh-7.0p1/ssh_config.5
Forward (delegate) credentials to the server.
The default is
.Dq no .
-Note that this option applies to protocol version 2 only.
+Note that this option applies to protocol version 2 connections using GSSAPI.
+.It Cm GSSAPIRenewalForcesRekey
+If set to
+.Dq yes
@ -2255,13 +2267,12 @@ diff -up openssh-7.0p1/ssh_config.5.gsskex openssh-7.0p1/ssh_config.5
+command line will be passed untouched to the GSSAPI library.
+The default is
+.Dq no .
+This option only applies to protocol version 2 connections using GSSAPI.
.It Cm HashKnownHosts
Indicates that
.Xr ssh 1
diff -up openssh-7.0p1/ssh_config.gsskex openssh-7.0p1/ssh_config
--- openssh-7.0p1/ssh_config.gsskex 2015-08-12 11:15:43.667548932 +0200
+++ openssh-7.0p1/ssh_config 2015-08-12 11:15:43.700548879 +0200
diff -up openssh-7.2p1/ssh_config.gsskex openssh-7.2p1/ssh_config
--- openssh-7.2p1/ssh_config.gsskex 2016-02-19 10:01:04.852969332 +0100
+++ openssh-7.2p1/ssh_config 2016-02-19 10:01:04.871969321 +0100
@@ -26,6 +26,8 @@
# HostbasedAuthentication no
# GSSAPIAuthentication no
@ -2271,10 +2282,10 @@ diff -up openssh-7.0p1/ssh_config.gsskex openssh-7.0p1/ssh_config
# BatchMode no
# CheckHostIP yes
# AddressFamily any
diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
--- openssh-7.0p1/sshconnect2.c.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/sshconnect2.c 2015-08-12 11:25:12.486644393 +0200
@@ -160,9 +160,34 @@ ssh_kex2(char *host, struct sockaddr *ho
diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
--- openssh-7.2p1/sshconnect2.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/sshconnect2.c 2016-02-19 10:01:04.872969321 +0100
@@ -161,9 +161,34 @@ ssh_kex2(char *host, struct sockaddr *ho
struct kex *kex;
int r;
@ -2306,10 +2317,10 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
+ }
+#endif
+
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
options.kex_algorithms);
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
@@ -193,6 +218,17 @@ ssh_kex2(char *host, struct sockaddr *ho
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
fatal("%s: kex_names_cat", __func__);
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
@@ -195,6 +220,17 @@ ssh_kex2(char *host, struct sockaddr *ho
order_hostkeyalgs(host, hostaddr, port));
}
@ -2327,7 +2338,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
@@ -210,11 +246,31 @@ ssh_kex2(char *host, struct sockaddr *ho
@@ -212,11 +248,31 @@ ssh_kex2(char *host, struct sockaddr *ho
kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
# endif
#endif
@ -2358,8 +2369,8 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
+
dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
if (options.use_roaming && !kex->roaming) {
@@ -306,6 +362,7 @@ int input_gssapi_token(int type, u_int32
/* remove ext-info from the KEX proposals for rekeying */
@@ -311,6 +367,7 @@ int input_gssapi_token(int type, u_int32
int input_gssapi_hash(int type, u_int32_t, void *);
int input_gssapi_error(int, u_int32_t, void *);
int input_gssapi_errtok(int, u_int32_t, void *);
@ -2367,7 +2378,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
#endif
void userauth(Authctxt *, char *);
@@ -321,6 +378,11 @@ static char *authmethods_get(void);
@@ -326,6 +383,11 @@ static char *authmethods_get(void);
Authmethod authmethods[] = {
#ifdef GSSAPI
@ -2379,7 +2390,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
{"gssapi-with-mic",
userauth_gssapi,
NULL,
@@ -627,19 +689,31 @@ userauth_gssapi(Authctxt *authctxt)
@@ -656,19 +718,31 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
@ -2413,7 +2424,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
ok = 1; /* Mechanism works */
} else {
mech++;
@@ -736,8 +810,8 @@ input_gssapi_response(int type, u_int32_
@@ -765,8 +839,8 @@ input_gssapi_response(int type, u_int32_
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
@ -2424,7 +2435,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context");
@@ -850,6 +924,48 @@ input_gssapi_error(int type, u_int32_t p
@@ -879,6 +953,48 @@ input_gssapi_error(int type, u_int32_t p
free(lang);
return 0;
}
@ -2473,10 +2484,10 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskex openssh-7.0p1/sshconnect2.c
#endif /* GSSAPI */
int
diff -up openssh-7.0p1/sshd.c.gsskex openssh-7.0p1/sshd.c
--- openssh-7.0p1/sshd.c.gsskex 2015-08-12 11:15:43.679548913 +0200
+++ openssh-7.0p1/sshd.c 2015-08-12 11:15:43.702548876 +0200
@@ -1043,8 +1043,9 @@ notify_hostkeys(struct ssh *ssh)
diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c
--- openssh-7.2p1/sshd.c.gsskex 2016-02-19 10:01:04.860969328 +0100
+++ openssh-7.2p1/sshd.c 2016-02-19 10:01:04.872969321 +0100
@@ -974,8 +974,9 @@ notify_hostkeys(struct ssh *ssh)
}
debug3("%s: sent %d hostkeys", __func__, nkeys);
if (nkeys == 0)
@ -2488,7 +2499,7 @@ diff -up openssh-7.0p1/sshd.c.gsskex openssh-7.0p1/sshd.c
sshbuf_free(buf);
}
@@ -1843,10 +1843,13 @@ main(int ac, char **av)
@@ -1845,10 +1846,13 @@ main(int ac, char **av)
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
@ -2502,7 +2513,7 @@ diff -up openssh-7.0p1/sshd.c.gsskex openssh-7.0p1/sshd.c
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
logit("sshd: no hostkeys available -- exiting.");
exit(1);
@@ -2582,6 +2585,48 @@ do_ssh2_kex(void)
@@ -2586,6 +2590,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
list_hostkey_types());
@ -2551,7 +2562,7 @@ diff -up openssh-7.0p1/sshd.c.gsskex openssh-7.0p1/sshd.c
/* start key exchange */
if ((r = kex_setup(active_state, myproposal)) != 0)
fatal("kex_setup: %s", ssh_err(r));
@@ -2596,6 +2641,13 @@ do_ssh2_kex(void)
@@ -2600,6 +2646,13 @@ do_ssh2_kex(void)
# endif
#endif
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@ -2565,23 +2576,22 @@ diff -up openssh-7.0p1/sshd.c.gsskex openssh-7.0p1/sshd.c
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
diff -up openssh-7.0p1/sshd_config.5.gsskex openssh-7.0p1/sshd_config.5
--- openssh-7.0p1/sshd_config.5.gsskex 2015-08-12 11:15:43.677548916 +0200
+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:15:43.702548876 +0200
@@ -621,6 +621,12 @@ Specifies whether user authentication ba
diff -up openssh-7.2p1/sshd_config.5.gsskex openssh-7.2p1/sshd_config.5
--- openssh-7.2p1/sshd_config.5.gsskex 2016-02-19 10:01:04.858969329 +0100
+++ openssh-7.2p1/sshd_config.5 2016-02-19 10:06:26.651172355 +0100
@@ -623,6 +623,11 @@ The default is
Specifies whether user authentication based on GSSAPI is allowed.
The default is
.Dq no .
Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
+doesn't rely on ssh keys to verify host identity.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
.It Cm GSSAPICleanupCredentials
Specifies whether to automatically destroy the user's credentials cache
on logout.
@@ -642,6 +648,11 @@ machine's default store.
@@ -643,6 +648,11 @@ machine's default store.
This facility is provided to assist with operation on multi homed machines.
The default is
.Dq yes .
@ -2593,9 +2603,9 @@ diff -up openssh-7.0p1/sshd_config.5.gsskex openssh-7.0p1/sshd_config.5
.It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication
as a comma-separated pattern list.
diff -up openssh-7.0p1/sshd_config.gsskex openssh-7.0p1/sshd_config
--- openssh-7.0p1/sshd_config.gsskex 2015-08-12 11:15:43.679548913 +0200
+++ openssh-7.0p1/sshd_config 2015-08-12 11:15:43.702548876 +0200
diff -up openssh-7.2p1/sshd_config.gsskex openssh-7.2p1/sshd_config
--- openssh-7.2p1/sshd_config.gsskex 2016-02-19 10:01:04.860969328 +0100
+++ openssh-7.2p1/sshd_config 2016-02-19 10:01:04.873969320 +0100
@@ -91,6 +91,8 @@ ChallengeResponseAuthentication no
# GSSAPI options
GSSAPIAuthentication yes
@ -2605,9 +2615,9 @@ diff -up openssh-7.0p1/sshd_config.gsskex openssh-7.0p1/sshd_config
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
diff -up openssh-7.0p1/ssh-gss.h.gsskex openssh-7.0p1/ssh-gss.h
--- openssh-7.0p1/ssh-gss.h.gsskex 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/ssh-gss.h 2015-08-12 11:15:43.702548876 +0200
diff -up openssh-7.2p1/ssh-gss.h.gsskex openssh-7.2p1/ssh-gss.h
--- openssh-7.2p1/ssh-gss.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/ssh-gss.h 2016-02-19 10:01:04.873969320 +0100
@@ -1,6 +1,6 @@
/* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
/*
@ -2707,21 +2717,20 @@ diff -up openssh-7.0p1/ssh-gss.h.gsskex openssh-7.0p1/ssh-gss.h
#endif /* GSSAPI */
#endif /* _SSH_GSS_H */
diff -up openssh-7.1p1/sshkey.c.gsskex openssh-7.1p1/sshkey.c
--- openssh-7.1p1/sshkey.c.gsskex 2015-09-17 15:54:32.135673460 +0200
+++ openssh-7.1p1/sshkey.c 2015-09-17 15:55:23.014666159 +0200
@@ -112,6 +112,7 @@ static const struct keytype keytypes[] =
diff -up openssh-7.2p1/sshkey.c.gsskex openssh-7.2p1/sshkey.c
--- openssh-7.2p1/sshkey.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/sshkey.c 2016-02-19 10:01:04.874969320 +0100
@@ -115,6 +115,7 @@ static const struct keytype keytypes[] =
# endif /* OPENSSL_HAS_NISTP521 */
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+ { "null", "null", KEY_NULL, 0, 0 },
{ NULL, NULL, -1, -1, 0 }
+ { "null", "null", KEY_NULL, 0, 0, 1 },
{ NULL, NULL, -1, -1, 0, 0 }
};
diff -up openssh-7.1p1/sshkey.h.gsskex openssh-7.1p1/sshkey.h
--- openssh-7.1p1/sshkey.h.gsskex 2015-09-17 15:54:32.135673460 +0200
+++ openssh-7.1p1/sshkey.h 2015-09-17 15:55:45.885662877 +0200
diff -up openssh-7.2p1/sshkey.h.gsskex openssh-7.2p1/sshkey.h
--- openssh-7.2p1/sshkey.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/sshkey.h 2016-02-19 10:01:04.874969320 +0100
@@ -62,6 +62,7 @@ enum sshkey_types {
KEY_DSA_CERT,
KEY_ECDSA_CERT,
@ -2730,15 +2739,3 @@ diff -up openssh-7.1p1/sshkey.h.gsskex openssh-7.1p1/sshkey.h
KEY_UNSPEC
};
diff --git a/auth.c b/auth.c
index 4d1fbbe..5db39c4 100644
--- a/auth.c
+++ b/auth.c
@@ -354,6 +354,7 @@ auth_root_allowed(const char *method)
case PERMIT_NO_PASSWD:
if (strcmp(method, "publickey") == 0 ||
strcmp(method, "hostbased") == 0 ||
+ strcmp(method, "gssapi-keyex") == 0 ||
strcmp(method, "gssapi-with-mic") == 0)
return 1;
break;

View File

@ -65,10 +65,10 @@
%endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 7.1p2
%global openssh_rel 4
%global openssh_ver 7.2p1
%global openssh_rel 1
%global pam_ssh_agent_ver 0.10.2
%global pam_ssh_agent_rel 1
%global pam_ssh_agent_rel 2
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
@ -105,7 +105,7 @@ Patch103: openssh-5.8p1-packet.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
# https://bugzilla.redhat.com/show_bug.cgi?id=1171248
# record pfs= field in CRYPTO_SESSION audit event
Patch200: openssh-6.7p1-audit.patch
Patch200: openssh-7.2p1-audit.patch
# Audit race condition in forked child (#1310684)
Patch201: openssh-7.1p2-audit-race-condition.patch
@ -143,7 +143,7 @@ Patch607: openssh-5.8p2-sigpipe.patch
Patch609: openssh-5.5p1-x11.patch
#?
Patch700: openssh-6.7p1-fips.patch
Patch700: openssh-7.2p1-fips.patch
#?
Patch702: openssh-5.1p1-askpass-progress.patch
#?
@ -168,7 +168,7 @@ Patch714: openssh-6.7p1-kdf-cavs.patch
#http://www.sxw.org.uk/computing/patches/openssh.html
#changed cache storage type - #848228
Patch800: openssh-6.6p1-gsskex.patch
Patch800: openssh-7.2p1-gsskex.patch
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Patch801: openssh-6.6p1-force_krb.patch
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
@ -225,17 +225,9 @@ Patch931: openssh-6.9p1-scp-progressmeter.patch
Patch932: openssh-7.0p1-gssKexAlgorithms.patch
# Possibility to validate legacy systems by more fingerprints (#1249626)(#2439)
Patch933: openssh-7.0p1-show-more-fingerprints.patch
# Brokend HostKeyAlgorthms on server using + sign
# from http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034324.html
Patch934: openssh-7.1p1-hostkeyalgorithms.patch
# Updated version of ssh-copy-id
# http://git.hands.com/ssh-copy-id
Patch935: openssh-7.1p1-ssh-copy-id.patch
# Preserve IUTF8 tty mode flag over ssh connections (#1270248)
# https://bugzilla.mindrot.org/show_bug.cgi?id=2477
Patch936: openssh-7.1p1-iutf8.patch
# CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding
Patch937: openssh-7.1p2-fallback-x11-untrusted.patch
License: BSD
@ -469,10 +461,7 @@ popd
%patch931 -p1 -b .progressmeter
%patch932 -p1 -b .gsskexalg
%patch933 -p1 -b .fingerprint
%patch934 -p1 -b .hostkey
%patch935 -p1 -b .ssh-copy-id
%patch936 -p1 -b .iutf8
%patch937 -p1 -b .x11-fallback
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race
@ -734,8 +723,6 @@ getent passwd sshd >/dev/null || \
%attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %{_mandir}/man1/scp.1*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0755,root,root) %{_bindir}/slogin
%attr(0644,root,root) %{_mandir}/man1/slogin.1*
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
%if ! %{rescue}
%attr(0755,root,root) %{_bindir}/ssh-agent
@ -813,6 +800,9 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Mon Feb 29 2016 Jakub Jelen <jjelen@redhat.com> 7.2p1-1 + 0.10.2-2
- New upstream release (#1312870)
* Wed Feb 24 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-4.1 + 0.10.2-1
- Fix race condition in auditing events when using multiplexing (#1308295)
- Fix X11 forwarding CVE according to upstream

View File

@ -104,3 +104,16 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c.psaa-
goto user_auth_clean_exit;
/* test for correct signature */
diff --git a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
--- a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
+++ b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
@@ -85,7 +85,7 @@ userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
buffer_put_cstring(&b, pkalg);
buffer_put_string(&b, pkblob, blen);
- if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), 0) != 0)
+ if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) != 0)
goto user_auth_clean_exit;
/* test for correct signature */

View File

@ -1,2 +1,2 @@
a212baca7ce11d596bd8dcb222859ace pam_ssh_agent_auth-0.10.2.tar.bz2
4d8547670e2a220d5ef805ad9e47acf2 openssh-7.1p2.tar.gz
b984775f0cfff1f7ff18b8797fce8a28 openssh-7.2p1.tar.gz