openssh-7.8p1-1 + 0.10.3-5

New upstream release including:
 * Dropping entropy patch
 * Remove default support for MD5 fingerprints
 * Porting all the downstream patches and pam_ssh_agent_auth
   to new sshbuf and sshkey API
 * pam_ssh_agent_auth is no longer using MD5 fingerprints
This commit is contained in:
Jakub Jelen 2018-08-24 22:40:20 +02:00
parent 01ba761e18
commit bbf61daf97
41 changed files with 1346 additions and 1921 deletions

2
.gitignore vendored
View File

@ -30,3 +30,5 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
/openssh-7.7p1.tar.gz /openssh-7.7p1.tar.gz
/openssh-7.7p1.tar.gz.asc /openssh-7.7p1.tar.gz.asc
/DJM-GPG-KEY.gpg /DJM-GPG-KEY.gpg
/openssh-7.8p1.tar.gz
/openssh-7.8p1.tar.gz.asc

View File

@ -1,12 +0,0 @@
diff -up openssh-6.8p1/packet.c.packet openssh-6.8p1/packet.c
--- openssh-6.8p1/packet.c.packet 2015-03-18 10:56:32.286930601 +0100
+++ openssh-6.8p1/packet.c 2015-03-18 10:58:38.535629739 +0100
@@ -371,6 +371,8 @@ ssh_packet_connection_is_on_socket(struc
struct sockaddr_storage from, to;
socklen_t fromlen, tolen;
+ if (!state)
+ return 0;
if (state->connection_in == -1 || state->connection_out == -1)
return 0;

View File

@ -4,7 +4,7 @@ diff -up openssh-6.1p1/sshconnect2.c.canohost openssh-6.1p1/sshconnect2.c
@@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt) @@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0; static u_int mech = 0;
OM_uint32 min; OM_uint32 min;
int ok = 0; int r, ok = 0;
- const char *gss_host; - const char *gss_host;
+ const char *gss_host = NULL; + const char *gss_host = NULL;
@ -13,7 +13,7 @@ diff -up openssh-6.1p1/sshconnect2.c.canohost openssh-6.1p1/sshconnect2.c
- else if (options.gss_trust_dns) - else if (options.gss_trust_dns)
+ else if (options.gss_trust_dns) { + else if (options.gss_trust_dns) {
gss_host = get_canonical_hostname(active_state, 1); gss_host = get_canonical_hostname(active_state, 1);
+ if ( strcmp( gss_host, "UNKNOWN" ) == 0 ) + if (strcmp(gss_host, "UNKNOWN") == 0)
+ gss_host = authctxt->host; + gss_host = authctxt->host;
+ } + }
else else

View File

@ -34,7 +34,7 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
options->client_alive_interval = -1; options->client_alive_interval = -1;
options->client_alive_count_max = -1; options->client_alive_count_max = -1;
@@ -325,6 +326,8 @@ fill_default_server_options(ServerOption @@ -325,6 +326,8 @@ fill_default_server_options(ServerOption
options->ip_qos_bulk = IPTOS_THROUGHPUT; options->ip_qos_bulk = IPTOS_DSCP_CS1;
if (options->version_addendum == NULL) if (options->version_addendum == NULL)
options->version_addendum = xstrdup(""); options->version_addendum = xstrdup("");
+ if (options->show_patchlevel == -1) + if (options->show_patchlevel == -1)
@ -71,7 +71,7 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
while ((arg = strdelim(&cp)) && *arg != '\0') { while ((arg = strdelim(&cp)) && *arg != '\0') {
if (match_user(NULL, NULL, NULL, arg) == -1) if (match_user(NULL, NULL, NULL, arg) == -1)
@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o) @@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sCompression, o->compression);
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); + dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
@ -89,28 +89,13 @@ diff -up openssh-7.4p1/servconf.h.vendor openssh-7.4p1/servconf.h
int use_dns; int use_dns;
int client_alive_interval; /* int client_alive_interval; /*
* poke the client this often to * poke the client this often to
diff -up openssh-7.4p1/sshd_config.0.vendor openssh-7.4p1/sshd_config.0
--- openssh-7.4p1/sshd_config.0.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.0 2016-12-23 13:36:53.146277511 +0100
@@ -792,6 +792,11 @@ DESCRIPTION
rdomain(4). If the routing domain is set to %D, then the domain
in which the incoming connection was received will be applied.
+ ShowPatchLevel
+ Specifies whether sshd will display the specific patch level of
+ the binary in the server identification string. The patch level
+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
+
StreamLocalBindMask
Sets the octal file creation mode mask (umask) used when creating
a Unix-domain socket file for local or remote port forwarding.
diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5 diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.vendor 2016-12-23 13:34:51.695253847 +0100 --- openssh-7.4p1/sshd_config.5.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 13:37:17.482282253 +0100 +++ openssh-7.4p1/sshd_config.5 2016-12-23 13:37:17.482282253 +0100
@@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as @@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as
If the routing domain is set to .Cm AcceptEnv
.Cm \&%D , or
then the domain in which the incoming connection was received will be applied. .Cm PermitUserEnvironment .
+.It Cm ShowPatchLevel +.It Cm ShowPatchLevel
+Specifies whether +Specifies whether
+.Nm sshd +.Nm sshd

View File

@ -1,75 +0,0 @@
diff --git a/misc.c b/misc.c
index 874dcc8a..7b7f7a58 100644
--- a/misc.c
+++ b/misc.c
@@ -466,7 +466,7 @@ put_host_port(const char *host, u_short port)
* The delimiter char, if present, is stored in delim.
* If this is the last field, *cp is set to NULL.
*/
-static char *
+char *
hpdelim2(char **cp, char *delim)
{
char *s, *old;
diff --git a/misc.h b/misc.h
index cdafea73..cf9c8f28 100644
--- a/misc.h
+++ b/misc.h
@@ -54,6 +54,7 @@ int set_rdomain(int, const char *);
int a2port(const char *);
int a2tun(const char *, int *);
char *put_host_port(const char *, u_short);
+char *hpdelim2(char **, char *);
char *hpdelim(char **);
char *cleanhostname(char *);
char *colon(char *);
diff --git a/servconf.c b/servconf.c
index 0f0d0906..1679181e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -821,7 +821,7 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
{
u_int i;
int port;
- char *host, *arg, *oarg;
+ char *host, *arg, *oarg, ch;
channel_clear_adm_permitted_opens(ssh);
if (options->num_permitted_opens == 0)
@@ -839,8 +839,8 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
/* Otherwise treat it as a list of permitted host:port */
for (i = 0; i < options->num_permitted_opens; i++) {
oarg = arg = xstrdup(options->permitted_opens[i]);
- host = hpdelim(&arg);
- if (host == NULL)
+ host = hpdelim2(&arg, &ch);
+ if (host == NULL || ch == '/')
fatal("%s: missing host in PermitOpen", __func__);
host = cleanhostname(host);
if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1244,8 +1244,10 @@ process_server_config_line(ServerOptions *options, char *line,
port = 0;
p = arg;
} else {
- p = hpdelim(&arg);
- if (p == NULL)
+ char ch;
+ arg2 = NULL;
+ p = hpdelim2(&arg, &ch);
+ if (p == NULL || ch == '/')
fatal("%s line %d: bad address:port usage",
filename, linenum);
p = cleanhostname(p);
@@ -1815,9 +1817,10 @@ process_server_config_line(ServerOptions *options, char *line,
break;
}
for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
+ char ch;
arg2 = xstrdup(arg);
- p = hpdelim(&arg);
- if (p == NULL)
+ p = hpdelim2(&arg, &ch);
+ if (p == NULL || ch == '/')
fatal("%s line %d: missing host in PermitOpen",
filename, linenum);
p = cleanhostname(p);

View File

@ -34,9 +34,9 @@ diff -up openssh-7.4p1/log.h.log-in-chroot openssh-7.4p1/log.h
void log_init(char *, LogLevel, SyslogFacility, int); void log_init(char *, LogLevel, SyslogFacility, int);
+void log_init_handler(char *, LogLevel, SyslogFacility, int, int); +void log_init_handler(char *, LogLevel, SyslogFacility, int, int);
LogLevel log_level_get(void);
int log_change_level(LogLevel); int log_change_level(LogLevel);
int log_is_on_stderr(void); int log_is_on_stderr(void);
void log_redirect_stderr_to(const char *);
diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
--- openssh-7.4p1/monitor.c.log-in-chroot 2016-12-23 15:14:33.311168085 +0100 --- openssh-7.4p1/monitor.c.log-in-chroot 2016-12-23 15:14:33.311168085 +0100
+++ openssh-7.4p1/monitor.c 2016-12-23 15:16:42.154193100 +0100 +++ openssh-7.4p1/monitor.c 2016-12-23 15:16:42.154193100 +0100
@ -65,7 +65,7 @@ diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
- do_log2(level, "%s [preauth]", msg); - do_log2(level, "%s [preauth]", msg);
+ do_log2(level, "%s [%s]", msg, pmonitor->m_state); + do_log2(level, "%s [%s]", msg, pmonitor->m_state);
buffer_free(&logmsg); sshbuf_free(logmsg);
free(msg); free(msg);
@@ -1719,13 +1723,28 @@ monitor_init(void) @@ -1719,13 +1723,28 @@ monitor_init(void)
mon = xcalloc(1, sizeof(*mon)); mon = xcalloc(1, sizeof(*mon));

View File

@ -7,7 +7,7 @@ index 8f32464..18a2ca4 100644
#include "servconf.h" #include "servconf.h"
#include "port-linux.h" #include "port-linux.h"
+#include "misc.h" +#include "misc.h"
#include "key.h" #include "sshkey.h"
#include "hostfile.h" #include "hostfile.h"
#include "auth.h" #include "auth.h"
@@ -445,7 +446,7 @@ sshd_selinux_setup_exec_context(char *pwname) @@ -445,7 +446,7 @@ sshd_selinux_setup_exec_context(char *pwname)
@ -82,6 +82,14 @@ diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 22ea8ef..1fc963d 100644 index 22ea8ef..1fc963d 100644
--- a/openbsd-compat/port-linux.c --- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c
@@ -26,6 +26,7 @@
#include <stdarg.h>
#include <string.h>
#include <stdio.h>
+#include <stdlib.h>
#include "log.h"
#include "xmalloc.h"
@@ -179,7 +179,7 @@ ssh_selinux_change_context(const char *newname) @@ -179,7 +179,7 @@ ssh_selinux_change_context(const char *newname)
strlcpy(newctx + len, newname, newlen - len); strlcpy(newctx + len, newname, newlen - len);
if ((cx = index(cx + 1, ':'))) if ((cx = index(cx + 1, ':')))

View File

@ -4,7 +4,7 @@ diff -up openssh-7.4p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.4p1/gss-ser
@@ -279,7 +279,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri @@ -279,7 +279,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
FILE *fp; FILE *fp;
char file[MAXPATHLEN]; char file[MAXPATHLEN];
char line[BUFSIZ] = ""; char *line = NULL;
- char kuser[65]; /* match krb5_kuserok() */ - char kuser[65]; /* match krb5_kuserok() */
struct stat st; struct stat st;
struct passwd *pw = the_authctxt->pw; struct passwd *pw = the_authctxt->pw;
@ -44,8 +44,8 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
- sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, - sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+ sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor, + sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
sGssKeyEx, sGssStoreRekey, sAcceptEnv, sPermitTunnel, sGssKeyEx, sGssStoreRekey, sAcceptEnv, sSetEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding, sUsePrivilegeSeparation, sAllowAgentForwarding,
@@ -497,12 +500,14 @@ static struct { @@ -497,12 +500,14 @@ static struct {
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
@ -70,9 +70,9 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
+ intptr = &options->enable_k5users; + intptr = &options->enable_k5users;
+ goto parse_flag; + goto parse_flag;
+ +
case sPermitListen:
case sPermitOpen: case sPermitOpen:
arg = strdelim(&cp); if (opcode == sPermitListen) {
if (!arg || *arg == '\0')
@@ -2026,6 +2035,7 @@ copy_set_server_options(ServerOptions *d @@ -2026,6 +2035,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk); M_CP_INTOPT(ip_qos_bulk);

View File

@ -19,8 +19,8 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
XMSS_OBJS=\ XMSS_OBJS=\
ssh-xmss.o \ ssh-xmss.o \
@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l @@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
$(LD) -o $@ ssh-keycat.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS) $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) + $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)

View File

@ -1,262 +0,0 @@
diff -up openssh-7.4p1/entropy.c.entropy openssh-7.4p1/entropy.c
--- openssh-7.4p1/entropy.c.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/entropy.c 2016-12-23 18:34:27.769753570 +0100
@@ -229,6 +229,9 @@ seed_rng(void)
memset(buf, '\0', sizeof(buf));
#endif /* OPENSSL_PRNG_ONLY */
+#ifdef __linux__
+ linux_seed();
+#endif /* __linux__ */
if (RAND_status() != 1)
fatal("PRNG is not seeded");
}
diff -up openssh-7.4p1/openbsd-compat/Makefile.in.entropy openssh-7.4p1/openbsd-compat/Makefile.in
--- openssh-7.4p1/openbsd-compat/Makefile.in.entropy 2016-12-23 18:34:53.715762155 +0100
+++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 18:35:15.890769493 +0100
@@ -20,7 +20,8 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
port-solaris.o \
port-net.o \
port-uw.o \
- port-linux-sshd.o
+ port-linux-sshd.o \
+ port-linux-prng.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy 2016-12-23 18:34:27.747753563 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:34:27.769753570 +0100
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
void oom_adjust_setup(void);
#endif
+void linux_seed(void);
+
#endif /* ! _PORT_LINUX_H */
diff -up openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy openssh-7.4p1/openbsd-compat/port-linux-prng.c
--- openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy 2016-12-23 18:34:27.769753570 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux-prng.c 2016-12-23 18:34:27.769753570 +0100
@@ -0,0 +1,59 @@
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
+
+/*
+ * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Linux-specific portability code - prng support
+ */
+
+#include "includes.h"
+
+#include <errno.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdio.h>
+#include <openssl/rand.h>
+
+#include "log.h"
+#include "xmalloc.h"
+#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
+#include "servconf.h"
+#include "port-linux.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+
+void
+linux_seed(void)
+{
+ char *env = getenv("SSH_USE_STRONG_RNG");
+ char *random = "/dev/random";
+ size_t len, ienv, randlen = 14;
+
+ if (!env || !strcmp(env, "0"))
+ random = "/dev/urandom";
+ else if ((ienv = atoi(env)) > randlen)
+ randlen = ienv;
+
+ errno = 0;
+ if ((len = RAND_load_file(random, randlen)) != randlen) {
+ if (errno)
+ fatal ("cannot read from %s, %s", random, strerror(errno));
+ else
+ fatal ("EOF reading %s", random);
+ }
+}
diff -up openssh-7.4p1/ssh.1.entropy openssh-7.4p1/ssh.1
--- openssh-7.4p1/ssh.1.entropy 2016-12-23 18:34:27.754753565 +0100
+++ openssh-7.4p1/ssh.1 2016-12-23 18:34:27.770753571 +0100
@@ -1441,6 +1441,23 @@ For more information, see the
.Cm PermitUserEnvironment
option in
.Xr sshd_config 5 .
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
diff -up openssh-7.4p1/ssh-add.1.entropy openssh-7.4p1/ssh-add.1
--- openssh-7.4p1/ssh-add.1.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-add.1 2016-12-23 18:34:27.770753571 +0100
@@ -171,6 +171,20 @@ to make this work.)
Identifies the path of a
.Ux Ns -domain
socket used to communicate with the agent.
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
.El
.Sh FILES
.Bl -tag -width Ds
diff -up openssh-7.4p1/ssh-agent.1.entropy openssh-7.4p1/ssh-agent.1
--- openssh-7.4p1/ssh-agent.1.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-agent.1 2016-12-23 18:34:27.770753571 +0100
@@ -214,6 +214,24 @@ sockets used to contain the connection t
These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
diff -up openssh-7.4p1/sshd.8.entropy openssh-7.4p1/sshd.8
--- openssh-7.4p1/sshd.8.entropy 2016-12-23 18:34:27.755753566 +0100
+++ openssh-7.4p1/sshd.8 2016-12-23 18:34:27.770753571 +0100
@@ -920,6 +920,24 @@ concurrently for different ports, this c
started last).
The content of this file is not sensitive; it can be world-readable.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh IPV6
IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
.Sh SEE ALSO
diff -up openssh-7.4p1/ssh-keygen.1.entropy openssh-7.4p1/ssh-keygen.1
--- openssh-7.4p1/ssh-keygen.1.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-keygen.1 2016-12-23 18:34:27.770753571 +0100
@@ -848,6 +848,24 @@ Contains Diffie-Hellman groups used for
The file format is described in
.Xr moduli 5 .
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
diff -up openssh-7.4p1/ssh-keysign.8.entropy openssh-7.4p1/ssh-keysign.8
--- openssh-7.4p1/ssh-keysign.8.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-keysign.8 2016-12-23 18:34:27.770753571 +0100
@@ -80,6 +80,24 @@ must be set-uid root if host-based authe
If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,

View File

@ -11,9 +11,9 @@ index 413b845..54dd383 100644
+#include <unistd.h> +#include <unistd.h>
#include "xmalloc.h" #include "xmalloc.h"
#include "key.h" #include "sshkey.h"
@@ -45,6 +47,7 @@ @@ -45,6 +47,7 @@
#include "buffer.h"
#include "ssh-gss.h" #include "ssh-gss.h"
+extern Authctxt *the_authctxt; +extern Authctxt *the_authctxt;
@ -66,7 +66,7 @@ index 413b845..54dd383 100644
} else } else
retval = 0; retval = 0;
@@ -110,6 +133,135 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) @@ -110,6 +133,137 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
return retval; return retval;
} }
@ -97,13 +97,14 @@ index 413b845..54dd383 100644
+{ +{
+ FILE *fp; + FILE *fp;
+ char file[MAXPATHLEN]; + char file[MAXPATHLEN];
+ char line[BUFSIZ] = ""; + char *line = NULL;
+ char kuser[65]; /* match krb5_kuserok() */ + char kuser[65]; /* match krb5_kuserok() */
+ struct stat st; + struct stat st;
+ struct passwd *pw = the_authctxt->pw; + struct passwd *pw = the_authctxt->pw;
+ int found_principal = 0; + int found_principal = 0;
+ int ncommands = 0, allcommands = 0; + int ncommands = 0, allcommands = 0;
+ u_long linenum; + u_long linenum;
+ size_t linesize = 0;
+ +
+ snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir); + snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir);
+ /* If both .k5login and .k5users DNE, self-login is ok. */ + /* If both .k5login and .k5users DNE, self-login is ok. */
@ -147,9 +148,9 @@ index 413b845..54dd383 100644
+ k5users_allowed_cmds = xcalloc(++ncommands, + k5users_allowed_cmds = xcalloc(++ncommands,
+ sizeof(*k5users_allowed_cmds)); + sizeof(*k5users_allowed_cmds));
+ +
+ /* Check each line. ksu allows unlimited length lines. We don't. */ + /* Check each line. ksu allows unlimited length lines. */
+ while (!allcommands && read_keyfile_line(fp, file, line, sizeof(line), + while (!allcommands && getline(&line, &linesize, fp) != -1) {
+ &linenum) != -1) { + linenum++;
+ char *token; + char *token;
+ +
+ /* we parse just like ksu, even though we could do better */ + /* we parse just like ksu, even though we could do better */
@ -182,6 +183,7 @@ index 413b845..54dd383 100644
+ } + }
+ } + }
+ } + }
+ free(line);
+ if (k5users_allowed_cmds) { + if (k5users_allowed_cmds) {
+ /* terminate vector */ + /* terminate vector */
+ k5users_allowed_cmds[ncommands-1] = NULL; + k5users_allowed_cmds[ncommands-1] = NULL;

View File

@ -64,8 +64,8 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS) $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
+ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
+ $(LD) -o $@ ssh-keycat.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS) + $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+ +
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)

View File

@ -224,9 +224,9 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
+ intptr = &options->use_kuserok; + intptr = &options->use_kuserok;
+ goto parse_flag; + goto parse_flag;
+ +
case sPermitListen:
case sPermitOpen: case sPermitOpen:
arg = strdelim(&cp); if (opcode == sPermitListen) {
if (!arg || *arg == '\0')
@@ -2016,6 +2025,7 @@ copy_set_server_options(ServerOptions *d @@ -2016,6 +2025,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(client_alive_interval); M_CP_INTOPT(client_alive_interval);
M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_interactive);

View File

@ -54,9 +54,9 @@ diff -up openssh-7.4p1/session.c.privsep-selinux openssh-7.4p1/session.c
if (setusercontext(lc, pw, pw->pw_uid, if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
@@ -1361,6 +1361,9 @@ do_setusercontext(struct passwd *pw) @@ -1361,6 +1361,9 @@ do_setusercontext(struct passwd *pw)
pw->pw_uid); (unsigned long long)pw->pw_uid);
chroot_path = percent_expand(tmp, "h", pw->pw_dir, chroot_path = percent_expand(tmp, "h", pw->pw_dir,
"u", pw->pw_name, (char *)NULL); "u", pw->pw_name, "U", uidstr, (char *)NULL);
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+ sshd_selinux_copy_context(); + sshd_selinux_copy_context();
+#endif +#endif

View File

@ -120,7 +120,7 @@ diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
- while (read(notify_pipe[0], &c, 1) != -1) - while (read(notify_pipe[0], &c, 1) != -1)
+ if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset)) + if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
+ while (read(notify_pipe[0], &c, 1) >= 0) + while (read(notify_pipe[0], &c, 1) >= 0)
debug2("notify_done: reading"); debug2("%s: reading", __func__);
} }
@@ -518,7 +518,7 @@ server_request_tun(void) @@ -518,7 +518,7 @@ server_request_tun(void)

View File

@ -88,8 +88,8 @@ diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
+#include <openssl/bn.h> +#include <openssl/bn.h>
+ +
+#include "xmalloc.h" +#include "xmalloc.h"
+#include "buffer.h" +#include "sshbuf.h"
+#include "key.h" +#include "sshkey.h"
+#include "cipher.h" +#include "cipher.h"
+#include "kex.h" +#include "kex.h"
+#include "packet.h" +#include "packet.h"

View File

@ -157,7 +157,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
ssh-xmss.o \ ssh-xmss.o \
@@ -112,8 +115,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw @@ -112,8 +115,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
sandbox-solaris.o sandbox-solaris.o uidswap.o
-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@ -356,7 +356,7 @@ diff -up openssh-6.8p1/configure.ac.ldap openssh-6.8p1/configure.ac
diff -up openssh-6.8p1/ldap-helper.c.ldap openssh-6.8p1/ldap-helper.c diff -up openssh-6.8p1/ldap-helper.c.ldap openssh-6.8p1/ldap-helper.c
--- openssh-6.8p1/ldap-helper.c.ldap 2015-03-18 11:11:29.030801464 +0100 --- openssh-6.8p1/ldap-helper.c.ldap 2015-03-18 11:11:29.030801464 +0100
+++ openssh-6.8p1/ldap-helper.c 2015-03-18 11:11:29.030801464 +0100 +++ openssh-6.8p1/ldap-helper.c 2015-03-18 11:11:29.030801464 +0100
@@ -0,0 +1,155 @@ @@ -0,0 +1,151 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved. + * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@ -390,6 +390,7 @@ diff -up openssh-6.8p1/ldap-helper.c.ldap openssh-6.8p1/ldap-helper.c
+#include "ldapbody.h" +#include "ldapbody.h"
+#include <string.h> +#include <string.h>
+#include <unistd.h> +#include <unistd.h>
+#include <stdlib.h>
+ +
+static int config_debug = 0; +static int config_debug = 0;
+int config_exclusive_config_file = 0; +int config_exclusive_config_file = 0;
@ -507,11 +508,6 @@ diff -up openssh-6.8p1/ldap-helper.c.ldap openssh-6.8p1/ldap-helper.c
+ ldap_do_close(); + ldap_do_close();
+ return 0; + return 0;
+} +}
+
+/* Ugly hack */
+void *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
+
diff -up openssh-6.8p1/ldap-helper.h.ldap openssh-6.8p1/ldap-helper.h diff -up openssh-6.8p1/ldap-helper.h.ldap openssh-6.8p1/ldap-helper.h
--- openssh-6.8p1/ldap-helper.h.ldap 2015-03-18 11:11:29.031801462 +0100 --- openssh-6.8p1/ldap-helper.h.ldap 2015-03-18 11:11:29.031801462 +0100
+++ openssh-6.8p1/ldap-helper.h 2015-03-18 11:11:29.031801462 +0100 +++ openssh-6.8p1/ldap-helper.h 2015-03-18 11:11:29.031801462 +0100
@ -684,6 +680,7 @@ diff -up openssh-6.8p1/ldapbody.c.ldap openssh-6.8p1/ldapbody.c
+#include "ldapbody.h" +#include "ldapbody.h"
+#include <stdio.h> +#include <stdio.h>
+#include <unistd.h> +#include <unistd.h>
+#include <stdlib.h>
+#include "misc.h" +#include "misc.h"
+ +
+#define LDAPSEARCH_FORMAT "(&(objectclass=%c)(objectclass=ldapPublicKey)(uid=%u)%f)" +#define LDAPSEARCH_FORMAT "(&(objectclass=%c)(objectclass=ldapPublicKey)(uid=%u)%f)"
@ -1188,7 +1185,7 @@ diff -up openssh-6.8p1/ldapbody.h.ldap openssh-6.8p1/ldapbody.h
diff -up openssh-6.8p1/ldapconf.c.ldap openssh-6.8p1/ldapconf.c diff -up openssh-6.8p1/ldapconf.c.ldap openssh-6.8p1/ldapconf.c
--- openssh-6.8p1/ldapconf.c.ldap 2015-03-18 11:11:29.032801460 +0100 --- openssh-6.8p1/ldapconf.c.ldap 2015-03-18 11:11:29.032801460 +0100
+++ openssh-6.8p1/ldapconf.c 2015-03-18 11:11:29.032801460 +0100 +++ openssh-6.8p1/ldapconf.c 2015-03-18 11:11:29.032801460 +0100
@@ -0,0 +1,728 @@ @@ -0,0 +1,729 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/* +/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved. + * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@ -1222,6 +1219,7 @@ diff -up openssh-6.8p1/ldapconf.c.ldap openssh-6.8p1/ldapconf.c
+#include "ldapconf.h" +#include "ldapconf.h"
+#include <unistd.h> +#include <unistd.h>
+#include <string.h> +#include <string.h>
+#include <stdlib.h>
+ +
+/* Keyword tokens. */ +/* Keyword tokens. */
+ +

View File

@ -23,9 +23,9 @@ diff -up openssh-7.0p1/gss-genr.c.gsskexalg openssh-7.0p1/gss-genr.c
ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
- const char *host, const char *client) { - const char *host, const char *client) {
+ const char *host, const char *client, const char *kex) { + const char *host, const char *client, const char *kex) {
Buffer buf; struct sshbuf *buf;
size_t i; size_t i;
int oidpos, enclen; int oidpos, enclen, r;
@@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup @@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
char deroid[2]; char deroid[2];
const EVP_MD *evp_md = EVP_md5(); const EVP_MD *evp_md = EVP_md5();
@ -35,39 +35,44 @@ diff -up openssh-7.0p1/gss-genr.c.gsskexalg openssh-7.0p1/gss-genr.c
if (gss_enc2oid != NULL) { if (gss_enc2oid != NULL) {
for (i = 0; gss_enc2oid[i].encoded != NULL; i++) for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
@@ -113,6 +115,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup @@ -113,6 +115,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
buffer_init(&buf); fatal("%s: sshbuf_new failed", __func__);
oidpos = 0; oidpos = 0;
+ s = cp = xstrdup(kex); + s = cp = xstrdup(kex);
for (i = 0; i < gss_supported->count; i++) { for (i = 0; i < gss_supported->count; i++) {
if (gss_supported->elements[i].length < 128 && if (gss_supported->elements[i].length < 128 &&
(*check)(NULL, &(gss_supported->elements[i]), host, client)) { (*check)(NULL, &(gss_supported->elements[i]), host, client)) {
@@ -131,26 +134,22 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup @@ -131,28 +134,25 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
enclen = __b64_ntop(digest, EVP_MD_size(evp_md), enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
encoded, EVP_MD_size(evp_md) * 2); encoded, EVP_MD_size(evp_md) * 2);
- if (oidpos != 0) - if (oidpos != 0)
- buffer_put_char(&buf, ','); - if ((r = sshbuf_put_u8(buf, ',')) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
- -
- buffer_append(&buf, KEX_GSS_GEX_SHA1_ID, - if ((r = sshbuf_put(buf, KEX_GSS_GEX_SHA1_ID,
- sizeof(KEX_GSS_GEX_SHA1_ID) - 1); - sizeof(KEX_GSS_GEX_SHA1_ID) - 1)) != 0 ||
- buffer_append(&buf, encoded, enclen); - (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
- buffer_put_char(&buf, ','); - (r = sshbuf_put_u8(buf, ',')) != 0 ||
- buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, - (r = sshbuf_put(buf, KEX_GSS_GRP1_SHA1_ID,
- sizeof(KEX_GSS_GRP1_SHA1_ID) - 1); - sizeof(KEX_GSS_GRP1_SHA1_ID) - 1)) != 0 ||
- buffer_append(&buf, encoded, enclen); - (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
- buffer_put_char(&buf, ','); - (r = sshbuf_put_u8(buf, ',')) != 0 ||
- buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID, - (r = sshbuf_put(buf, KEX_GSS_GRP14_SHA1_ID,
- sizeof(KEX_GSS_GRP14_SHA1_ID) - 1); - sizeof(KEX_GSS_GRP14_SHA1_ID) - 1)) != 0 ||
- buffer_append(&buf, encoded, enclen); - (r = sshbuf_put(buf, encoded, enclen)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ cp = strncpy(s, kex, strlen(kex)); + cp = strncpy(s, kex, strlen(kex));
+ for ((p = strsep(&cp, ",")); p && *p != '\0'; + for ((p = strsep(&cp, ",")); p && *p != '\0';
+ (p = strsep(&cp, ","))) { + (p = strsep(&cp, ","))) {
+ if (buffer_len(&buf) != 0) + if (sshbuf_len(buf) != 0)
+ buffer_put_char(&buf, ','); + if ((r = sshbuf_put_u8(buf, ',')) != 0)
+ buffer_append(&buf, p, + fatal("%s: buffer error: %s",
+ strlen(p)); + __func__, ssh_err(r));
+ buffer_append(&buf, encoded, enclen); + if ((r = sshbuf_put(buf, p, strlen(p))) != 0 ||
+ (r = sshbuf_put(buf, encoded, enclen)) != 0)
+ fatal("%s: buffer error: %s",
+ __func__, ssh_err(r));
+ } + }
gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]); gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
@ -104,7 +109,7 @@ diff -up openssh-7.0p1/kex.c.gsskexalg openssh-7.0p1/kex.c
#include "ssherr.h" #include "ssherr.h"
#include "sshbuf.h" #include "sshbuf.h"
@@ -232,6 +232,29 @@ kex_assemble_names(const char *def, char @@ -232,6 +232,29 @@ kex_assemble_names(const char *def, char
return 0; return r;
} }
+/* Validate GSS KEX method name list */ +/* Validate GSS KEX method name list */
@ -139,7 +144,7 @@ diff -up openssh-7.0p1/kex.h.gsskexalg openssh-7.0p1/kex.h
@@ -173,6 +173,7 @@ int kex_names_valid(const char *); @@ -173,6 +173,7 @@ int kex_names_valid(const char *);
char *kex_alg_list(char); char *kex_alg_list(char);
char *kex_names_cat(const char *, const char *); char *kex_names_cat(const char *, const char *);
int kex_assemble_names(const char *, char **); int kex_assemble_names(char **, const char *, const char *);
+int gss_kex_names_valid(const char *); +int gss_kex_names_valid(const char *);
int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
@ -162,7 +167,7 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
- oGssServerIdentity, - oGssServerIdentity,
+ oGssServerIdentity, oGssKexAlgorithms, + oGssServerIdentity, oGssKexAlgorithms,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist, oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts, oHashKnownHosts,
@@ -200,6 +201,7 @@ static struct { @@ -200,6 +201,7 @@ static struct {
{ "gssapiclientidentity", oGssClientIdentity }, { "gssapiclientidentity", oGssClientIdentity },
@ -263,9 +268,9 @@ diff -up openssh-7.0p1/servconf.c.gsskexalg openssh-7.0p1/servconf.c
sHostKeyAlgorithms, sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor, sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
- sGssKeyEx, sGssStoreRekey, sAcceptEnv, sPermitTunnel, - sGssKeyEx, sGssStoreRekey, sAcceptEnv, sSetEnv, sPermitTunnel,
+ sGssKeyEx, sGssStoreRekey, sGssKexAlgorithms, sAcceptEnv, sPermitTunnel, + sGssKeyEx, sGssStoreRekey, sGssKexAlgorithms, sAcceptEnv, sSetEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding, sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate, sHostCertificate,
@@ -506,6 +510,7 @@ static struct { @@ -506,6 +510,7 @@ static struct {
@ -388,7 +393,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskexalg openssh-7.0p1/sshconnect2.c
+This option only applies to protocol version 2 connections using GSSAPI. +This option only applies to protocol version 2 connections using GSSAPI.
.It Cm HostbasedAcceptedKeyTypes .It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication Specifies the key types that will be accepted for hostbased authentication
as a comma-separated pattern list. as a list of comma-separated patterns.
diff -up openssh-7.0p1/ssh-gss.h.gsskexalg openssh-7.0p1/ssh-gss.h diff -up openssh-7.0p1/ssh-gss.h.gsskexalg openssh-7.0p1/ssh-gss.h
--- openssh-7.0p1/ssh-gss.h.gsskexalg 2015-08-19 12:28:38.031518944 +0200 --- openssh-7.0p1/ssh-gss.h.gsskexalg 2015-08-19 12:28:38.031518944 +0200
+++ openssh-7.0p1/ssh-gss.h 2015-08-19 12:28:38.081518832 +0200 +++ openssh-7.0p1/ssh-gss.h 2015-08-19 12:28:38.081518832 +0200

View File

@ -1,324 +0,0 @@
diff -up openssh/clientloop.c.fingerprint openssh/clientloop.c
--- openssh/clientloop.c.fingerprint 2017-09-26 15:21:22.582477729 +0200
+++ openssh/clientloop.c 2017-09-26 15:21:22.620477932 +0200
@@ -1854,7 +1854,7 @@ update_known_hosts(struct hostkeys_updat
if (ctx->keys_seen[i] != 2)
continue;
if ((fp = sshkey_fingerprint(ctx->keys[i],
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
fatal("%s: sshkey_fingerprint failed", __func__);
do_log2(loglevel, "Learned new hostkey: %s %s",
sshkey_type(ctx->keys[i]), fp);
@@ -1862,7 +1862,7 @@ update_known_hosts(struct hostkeys_updat
}
for (i = 0; i < ctx->nold; i++) {
if ((fp = sshkey_fingerprint(ctx->old_keys[i],
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
fatal("%s: sshkey_fingerprint failed", __func__);
do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
sshkey_type(ctx->old_keys[i]), fp);
@@ -1905,7 +1905,7 @@ update_known_hosts(struct hostkeys_updat
(r = hostfile_replace_entries(options.user_hostfiles[0],
ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,
options.hash_known_hosts, 0,
- options.fingerprint_hash)) != 0)
+ options.fingerprint_hash[0])) != 0)
error("%s: hostfile_replace_entries failed: %s",
__func__, ssh_err(r));
}
@@ -2038,7 +2038,7 @@ client_input_hostkeys(void)
error("%s: parse key: %s", __func__, ssh_err(r));
goto out;
}
- fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
SSH_FP_DEFAULT);
debug3("%s: received %s key %s", __func__,
sshkey_type(key), fp);
diff -up openssh/readconf.c.fingerprint openssh/readconf.c
--- openssh/readconf.c.fingerprint 2017-09-26 15:21:22.618477921 +0200
+++ openssh/readconf.c 2017-09-26 15:21:22.621477937 +0200
@@ -1681,16 +1681,18 @@ parse_keytypes:
goto parse_string;
case oFingerprintHash:
- intptr = &options->fingerprint_hash;
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.",
- filename, linenum);
- if ((value = ssh_digest_alg_by_name(arg)) == -1)
- fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
- filename, linenum, arg);
- if (*activep && *intptr == -1)
- *intptr = value;
+ if (*activep && options->num_fingerprint_hash == 0)
+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+ value = ssh_digest_alg_by_name(arg);
+ if (value == -1)
+ fatal("%s line %d: unknown fingerprints algorithm specs: %s.",
+ filename, linenum, arg);
+ if (options->num_fingerprint_hash >= SSH_DIGEST_MAX)
+ fatal("%s line %d: too many fingerprints algorithm specs.",
+ filename, linenum);
+ options->fingerprint_hash[
+ options->num_fingerprint_hash++] = value;
+ }
break;
case oUpdateHostkeys:
@@ -1917,7 +1919,7 @@ initialize_options(Options * options)
options->canonicalize_fallback_local = -1;
options->canonicalize_hostname = -1;
options->revoked_host_keys = NULL;
- options->fingerprint_hash = -1;
+ options->num_fingerprint_hash = 0;
options->update_hostkeys = -1;
options->hostbased_key_types = NULL;
options->pubkey_key_types = NULL;
@@ -2096,8 +2098,10 @@ fill_default_options(Options * options)
options->canonicalize_fallback_local = 1;
if (options->canonicalize_hostname == -1)
options->canonicalize_hostname = SSH_CANONICALISE_NO;
- if (options->fingerprint_hash == -1)
- options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ if (options->num_fingerprint_hash == 0) {
+ options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_SHA256;
+ options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_MD5;
+ }
if (options->update_hostkeys == -1)
options->update_hostkeys = 0;
if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
@@ -2474,6 +2478,17 @@ dump_cfg_strarray(OpCodes code, u_int co
}
static void
+dump_cfg_fmtarray(OpCodes code, u_int count, int *vals)
+{
+ u_int i;
+
+ printf("%s", lookup_opcode_name(code));
+ for (i = 0; i < count; i++)
+ printf(" %s", fmt_intarg(code, vals[i]));
+ printf("\n");
+}
+
+static void
dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
{
u_int i;
@@ -2549,7 +2564,6 @@ dump_client_config(Options *o, const cha
dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
- dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
dump_cfg_fmtint(oForwardAgent, o->forward_agent);
dump_cfg_fmtint(oForwardX11, o->forward_x11);
dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
@@ -2618,6 +2632,7 @@ dump_client_config(Options *o, const cha
dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
+ dump_cfg_fmtarray(oFingerprintHash, o->num_fingerprint_hash, o->fingerprint_hash);
/* Special cases */
diff -up openssh/readconf.h.fingerprint openssh/readconf.h
--- openssh/readconf.h.fingerprint 2017-09-26 15:21:22.618477921 +0200
+++ openssh/readconf.h 2017-09-26 15:21:22.621477937 +0200
@@ -21,6 +21,7 @@
#define MAX_SEND_ENV 256
#define SSH_MAX_HOSTS_FILES 32
#define MAX_CANON_DOMAINS 32
+#define MAX_SSH_DIGESTS 32
#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path)
struct allowed_cname {
@@ -157,7 +158,8 @@ typedef struct {
char *revoked_host_keys;
- int fingerprint_hash;
+ int num_fingerprint_hash;
+ int fingerprint_hash[MAX_SSH_DIGESTS];
int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
diff -up openssh/ssh_config.5.fingerprint openssh/ssh_config.5
--- openssh/ssh_config.5.fingerprint 2017-09-26 15:21:22.618477921 +0200
+++ openssh/ssh_config.5 2017-09-26 15:21:22.621477937 +0200
@@ -624,12 +624,13 @@ or
.Cm no
(the default).
.It Cm FingerprintHash
-Specifies the hash algorithm used when displaying key fingerprints.
+Specifies the hash algorithms used when displaying key fingerprints.
Valid options are:
.Cm md5
and
-.Cm sha256
-(the default).
+.Cm sha256 .
+The default is
+.Cm "sha256 md5".
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
diff -up openssh/sshconnect2.c.fingerprint openssh/sshconnect2.c
--- openssh/sshconnect2.c.fingerprint 2017-09-26 15:21:22.619477926 +0200
+++ openssh/sshconnect2.c 2017-09-26 15:21:50.677628003 +0200
@@ -679,7 +679,7 @@ input_userauth_pk_ok(int type, u_int32_t
key->type, pktype);
goto done;
}
- if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
goto done;
debug2("input_userauth_pk_ok: fp %s", fp);
@@ -1198,7 +1198,7 @@ sign_and_send_pubkey(Authctxt *authctxt,
int matched, ret = -1, have_sig = 1;
char *fp;
- if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
return 0;
debug3("%s: %s %s", __func__, key_type(id->key), fp);
@@ -1620,7 +1620,7 @@ userauth_pubkey(Authctxt *authctxt)
if (id->key != NULL) {
if (try_identity(id)) {
if ((fp = sshkey_fingerprint(id->key,
- options.fingerprint_hash,
+ options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL) {
error("%s: sshkey_fingerprint failed",
__func__);
@@ -1914,7 +1914,7 @@ userauth_hostbased(Authctxt *authctxt)
goto out;
}
- if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL) {
error("%s: sshkey_fingerprint failed", __func__);
goto out;
diff -up openssh/sshconnect.c.fingerprint openssh/sshconnect.c
--- openssh/sshconnect.c.fingerprint 2017-09-25 01:48:10.000000000 +0200
+++ openssh/sshconnect.c 2017-09-26 15:21:22.622477943 +0200
@@ -861,9 +861,9 @@ check_host_key(char *hostname, struct so
"of known hosts.", type, ip);
} else if (options.visual_host_key) {
fp = sshkey_fingerprint(host_key,
- options.fingerprint_hash, SSH_FP_DEFAULT);
+ options.fingerprint_hash[0], SSH_FP_DEFAULT);
ra = sshkey_fingerprint(host_key,
- options.fingerprint_hash, SSH_FP_RANDOMART);
+ options.fingerprint_hash[0], SSH_FP_RANDOMART);
if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
logit("Host key fingerprint is %s\n%s", fp, ra);
@@ -907,12 +907,6 @@ check_host_key(char *hostname, struct so
else
snprintf(msg1, sizeof(msg1), ".");
/* The default */
- fp = sshkey_fingerprint(host_key,
- options.fingerprint_hash, SSH_FP_DEFAULT);
- ra = sshkey_fingerprint(host_key,
- options.fingerprint_hash, SSH_FP_RANDOMART);
- if (fp == NULL || ra == NULL)
- fatal("%s: sshkey_fingerprint fail", __func__);
msg2[0] = '\0';
if (options.verify_host_key_dns) {
if (matching_host_key_dns)
@@ -926,16 +920,28 @@ check_host_key(char *hostname, struct so
}
snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be "
- "established%s\n"
- "%s key fingerprint is %s.%s%s\n%s"
+ "established%s\n", host, ip, msg1);
+ for (i = 0; i < (u_int) options.num_fingerprint_hash; i++) {
+ fp = sshkey_fingerprint(host_key,
+ options.fingerprint_hash[i], SSH_FP_DEFAULT);
+ ra = sshkey_fingerprint(host_key,
+ options.fingerprint_hash[i], SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
+ len = strlen(msg);
+ snprintf(msg+len, sizeof(msg)-len,
+ "%s key fingerprint is %s.%s%s\n%s",
+ type, fp,
+ options.visual_host_key ? "\n" : "",
+ options.visual_host_key ? ra : "",
+ msg2);
+ free(ra);
+ free(fp);
+ }
+ len = strlen(msg);
+ snprintf(msg+len, sizeof(msg)-len,
"Are you sure you want to continue connecting "
- "(yes/no)? ",
- host, ip, msg1, type, fp,
- options.visual_host_key ? "\n" : "",
- options.visual_host_key ? ra : "",
- msg2);
- free(ra);
- free(fp);
+ "(yes/no)? ");
if (!confirm(msg))
goto fail;
hostkey_trusted = 1; /* user explicitly confirmed */
@@ -1192,7 +1198,7 @@ verify_host_key(char *host, struct socka
struct sshkey *plain = NULL;
if ((fp = sshkey_fingerprint(host_key,
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
error("%s: fingerprint host key: %s", __func__, ssh_err(r));
r = -1;
goto out;
@@ -1200,7 +1206,7 @@ verify_host_key(char *host, struct socka
if (sshkey_is_cert(host_key)) {
if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
error("%s: fingerprint CA key: %s",
__func__, ssh_err(r));
r = -1;
@@ -1369,9 +1375,9 @@ show_other_keys(struct hostkeys *hostkey
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
continue;
fp = sshkey_fingerprint(found->key,
- options.fingerprint_hash, SSH_FP_DEFAULT);
+ options.fingerprint_hash[0], SSH_FP_DEFAULT);
ra = sshkey_fingerprint(found->key,
- options.fingerprint_hash, SSH_FP_RANDOMART);
+ options.fingerprint_hash[0], SSH_FP_RANDOMART);
if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
logit("WARNING: %s key found for host %s\n"
@@ -1394,7 +1400,7 @@ warn_changed_key(struct sshkey *host_key
{
char *fp;
- fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
+ fp = sshkey_fingerprint(host_key, options.fingerprint_hash[0],
SSH_FP_DEFAULT);
if (fp == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
diff -up openssh/ssh-keysign.c.fingerprint openssh/ssh-keysign.c
--- openssh/ssh-keysign.c.fingerprint 2017-09-25 01:48:10.000000000 +0200
+++ openssh/ssh-keysign.c 2017-09-26 15:21:22.622477943 +0200
@@ -285,7 +285,7 @@ main(int argc, char **argv)
}
}
if (!found) {
- if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
fatal("%s: sshkey_fingerprint failed", __progname);
fatal("no matching hostkey found for key %s %s",

View File

@ -49,4 +49,4 @@ diff -up openssh-7.4p1/sshd_config.5.gss-docs openssh-7.4p1/sshd_config.5
+needs to be enabled in the server and also used by the client. +needs to be enabled in the server and also used by the client.
.It Cm HostbasedAcceptedKeyTypes .It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication Specifies the key types that will be accepted for hostbased authentication
as a comma-separated pattern list. as a list of comma-separated patterns.

View File

@ -1,20 +1,21 @@
diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.audit-race 2016-12-23 16:35:52.694685771 +0100 --- openssh-7.4p1/monitor_wrap.c.audit-race 2016-12-23 16:35:52.694685771 +0100
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:35:52.697685772 +0100 +++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:35:52.697685772 +0100
@@ -1107,4 +1107,48 @@ mm_audit_destroy_sensitive_data(const ch @@ -1107,4 +1107,50 @@ mm_audit_destroy_sensitive_data(const ch
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, m);
buffer_free(&m); sshbuf_free(m);
} }
+ +
+int mm_forward_audit_messages(int fdin) +int mm_forward_audit_messages(int fdin)
+{ +{
+ u_char buf[4]; + u_char buf[4];
+ u_int blen, msg_len; + u_int blen, msg_len;
+ Buffer m; + struct sshbuf *m;
+ int ret = 0; + int r, ret = 0;
+ +
+ debug3("%s: entering", __func__); + debug3("%s: entering", __func__);
+ buffer_init(&m); + if ((m = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
+ do { + do {
+ blen = atomicio(read, fdin, buf, sizeof(buf)); + blen = atomicio(read, fdin, buf, sizeof(buf));
+ if (blen == 0) /* closed pipe */ + if (blen == 0) /* closed pipe */
@ -28,21 +29,22 @@ diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c
+ msg_len = get_u32(buf); + msg_len = get_u32(buf);
+ if (msg_len > 256 * 1024) + if (msg_len > 256 * 1024)
+ fatal("%s: read: bad msg_len %d", __func__, msg_len); + fatal("%s: read: bad msg_len %d", __func__, msg_len);
+ buffer_clear(&m); + sshbuf_reset(m);
+ buffer_append_space(&m, msg_len); + if ((r = sshbuf_reserve(m, msg_len, NULL)) != 0)
+ if (atomicio(read, fdin, buffer_ptr(&m), msg_len) != msg_len) { + fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (atomicio(read, fdin, sshbuf_mutable_ptr(m), msg_len) != msg_len) {
+ error("%s: Failed to read the the buffer content from the child", __func__); + error("%s: Failed to read the the buffer content from the child", __func__);
+ ret = -1; + ret = -1;
+ break; + break;
+ } + }
+ if (atomicio(vwrite, pmonitor->m_recvfd, buf, blen) != blen || + if (atomicio(vwrite, pmonitor->m_recvfd, buf, blen) != blen ||
+ atomicio(vwrite, pmonitor->m_recvfd, buffer_ptr(&m), msg_len) != msg_len) { + atomicio(vwrite, pmonitor->m_recvfd, sshbuf_mutable_ptr(m), msg_len) != msg_len) {
+ error("%s: Failed to write the message to the monitor", __func__); + error("%s: Failed to write the message to the monitor", __func__);
+ ret = -1; + ret = -1;
+ break; + break;
+ } + }
+ } while (1); + } while (1);
+ buffer_free(&m); + sshbuf_free(m);
+ return ret; + return ret;
+} +}
+void mm_set_monitor_pipe(int fd) +void mm_set_monitor_pipe(int fd)
@ -115,7 +117,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
ret = do_exec_pty(ssh, s, command); ret = do_exec_pty(ssh, s, command);
@@ -732,6 +745,20 @@ do_exec(Session *s, const char *command) @@ -732,6 +745,20 @@ do_exec(Session *s, const char *command)
*/ */
buffer_clear(&loginmsg); sshbuf_reset(loginmsg);
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
+ close(paudit[1]); + close(paudit[1]);

View File

@ -136,7 +136,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c
need > INT_MAX / 2 || 2 * need > pbits) need > INT_MAX / 2 || 2 * need > pbits)
return SSH_ERR_INVALID_ARGUMENT; return SSH_ERR_INVALID_ARGUMENT;
if (need < 256) if (need < 256)
@@ -271,10 +275,11 @@ dh_gen_key(DH *dh, int need) @@ -271,11 +275,11 @@ dh_gen_key(DH *dh, int need)
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
* so double requested need here. * so double requested need here.
*/ */
@ -144,6 +144,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c
- if (DH_generate_key(dh) == 0 || - if (DH_generate_key(dh) == 0 ||
- !dh_pub_is_valid(dh, dh->pub_key)) { - !dh_pub_is_valid(dh, dh->pub_key)) {
- BN_clear_free(dh->priv_key); - BN_clear_free(dh->priv_key);
- dh->priv_key = NULL;
+ DH_set_length(dh, MINIMUM(need * 2, pbits - 1)); + DH_set_length(dh, MINIMUM(need * 2, pbits - 1));
+ if (DH_generate_key(dh) == 0) + if (DH_generate_key(dh) == 0)
+ return SSH_ERR_LIBCRYPTO_ERROR; + return SSH_ERR_LIBCRYPTO_ERROR;
@ -300,8 +301,8 @@ diff -up openssh/gss-genr.c.openssl openssh/gss-genr.c
if (gss_enc2oid != NULL) { if (gss_enc2oid != NULL) {
@@ -113,6 +113,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup @@ -113,6 +113,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
if ((buf = sshbuf_new()) == NULL)
buffer_init(&buf); fatal("%s: sshbuf_new failed", __func__);
+ md = EVP_MD_CTX_new(); + md = EVP_MD_CTX_new();
oidpos = 0; oidpos = 0;
@ -452,7 +453,7 @@ diff -up openssh/kexdhs.c.openssl openssh/kexdhs.c
hash, &hashlen)) != 0) hash, &hashlen)) != 0)
goto out; goto out;
@@ -197,7 +203,7 @@ input_kex_dh_init(int type, u_int32_t se @@ -197,7 +203,7 @@ input_kex_dh_init(int type, u_int32_t se
/* send server hostkey, DH pubkey 'f' and singed H */ /* send server hostkey, DH pubkey 'f' and signed H */
if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
(r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
@ -599,7 +600,7 @@ diff -up openssh/kexgexs.c.openssl openssh/kexgexs.c
hash, &hashlen)) != 0) hash, &hashlen)) != 0)
goto out; goto out;
@@ -227,7 +236,7 @@ input_kex_dh_gex_init(int type, u_int32_ @@ -227,7 +236,7 @@ input_kex_dh_gex_init(int type, u_int32_
/* send server hostkey, DH pubkey 'f' and singed H */ /* send server hostkey, DH pubkey 'f' and signed H */
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
(r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
@ -636,8 +637,8 @@ diff -up openssh/kexgssc.c.openssl openssh/kexgssc.c
} else { } else {
packet_start(SSH2_MSG_KEXGSS_CONTINUE); packet_start(SSH2_MSG_KEXGSS_CONTINUE);
@@ -282,13 +284,14 @@ kexgss_client(struct ssh *ssh) { @@ -282,13 +284,14 @@ kexgss_client(struct ssh *ssh) {
buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
(serverhostkey ? serverhostkey : empty), slen, (serverhostkey ? serverhostkey : empty), slen,
- dh->pub_key, /* e */ - dh->pub_key, /* e */
+ pub_key, /* e */ + pub_key, /* e */
@ -652,7 +653,7 @@ diff -up openssh/kexgssc.c.openssl openssh/kexgssc.c
ssh->kex->hash_alg, ssh->kex->hash_alg,
ssh->kex->client_version_string, ssh->kex->client_version_string,
@@ -297,8 +300,8 @@ kexgss_client(struct ssh *ssh) { @@ -297,8 +300,8 @@ kexgss_client(struct ssh *ssh) {
buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
(serverhostkey ? serverhostkey : empty), slen, (serverhostkey ? serverhostkey : empty), slen,
min, nbits, max, min, nbits, max,
- dh->p, dh->g, - dh->p, dh->g,
@ -695,8 +696,8 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c
switch (ssh->kex->kex_type) { switch (ssh->kex->kex_type) {
case KEX_GSS_GRP1_SHA1: case KEX_GSS_GRP1_SHA1:
@@ -232,7 +235,7 @@ kexgss_server(struct ssh *ssh) @@ -232,7 +235,7 @@ kexgss_server(struct ssh *ssh)
buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
NULL, 0, /* Change this if we start sending host keys */ NULL, 0, /* Change this if we start sending host keys */
- dh_client_pub, dh->pub_key, shared_secret, - dh_client_pub, dh->pub_key, shared_secret,
+ dh_client_pub, pub_key, shared_secret, + dh_client_pub, pub_key, shared_secret,
@ -704,7 +705,7 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c
); );
break; break;
@@ -244,9 +247,9 @@ kexgss_server(struct ssh *ssh) @@ -244,9 +247,9 @@ kexgss_server(struct ssh *ssh)
buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
NULL, 0, NULL, 0,
cmin, nbits, cmax, cmin, nbits, cmax,
- dh->p, dh->g, - dh->p, dh->g,
@ -1241,14 +1242,14 @@ diff -up openssh/monitor.c.openssl openssh/monitor.c
+ const BIGNUM *p, *g; + const BIGNUM *p, *g;
+ +
+ DH_get0_pqg(dh, &p, NULL, &g); + DH_get0_pqg(dh, &p, NULL, &g);
buffer_put_char(m, 1); if ((r = sshbuf_put_u8(m, 1)) != 0 ||
- buffer_put_bignum2(m, dh->p); - (r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
- buffer_put_bignum2(m, dh->g); - (r = sshbuf_put_bignum2(m, dh->g)) != 0)
+ buffer_put_bignum2(m, p); + (r = sshbuf_put_bignum2(m, p)) != 0 ||
+ buffer_put_bignum2(m, g); + (r = sshbuf_put_bignum2(m, g)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
DH_free(dh); DH_free(dh);
}
diff -up openssh/openbsd-compat/openssl-compat.c.openssl openssh/openbsd-compat/openssl-compat.c diff -up openssh/openbsd-compat/openssl-compat.c.openssl openssh/openbsd-compat/openssl-compat.c
--- openssh/openbsd-compat/openssl-compat.c.openssl 2017-09-19 06:26:43.000000000 +0200 --- openssh/openbsd-compat/openssl-compat.c.openssl 2017-09-19 06:26:43.000000000 +0200
+++ openssh/openbsd-compat/openssl-compat.c 2017-09-26 13:19:31.799249709 +0200 +++ openssh/openbsd-compat/openssl-compat.c 2017-09-26 13:19:31.799249709 +0200
@ -1404,17 +1405,6 @@ diff -up openssh/regress/unittests/sshkey/test_sshkey.c.openssl openssh/regress/
TEST_DONE(); TEST_DONE();
TEST_START("equal KEY_DSA/demoted KEY_DSA"); TEST_START("equal KEY_DSA/demoted KEY_DSA");
diff -up openssh/sshconnect2.c.openssl openssh/sshconnect2.c
--- openssh/sshconnect2.c.openssl 2017-09-26 13:19:31.786249629 +0200
+++ openssh/sshconnect2.c 2017-09-26 13:19:31.800249715 +0200
@@ -306,6 +306,7 @@ ssh_kex2(char *host, struct sockaddr *ho
packet_send();
packet_write_wait();
#endif
+ /* XXX free myproposal ?? */
}
/*
diff -up openssh/ssh.c.openssl openssh/ssh.c diff -up openssh/ssh.c.openssl openssh/ssh.c
--- openssh/ssh.c.openssl 2017-09-26 13:19:31.786249629 +0200 --- openssh/ssh.c.openssl 2017-09-26 13:19:31.786249629 +0200
+++ openssh/ssh.c 2017-09-26 13:19:31.800249715 +0200 +++ openssh/ssh.c 2017-09-26 13:19:31.800249715 +0200

View File

@ -10,8 +10,8 @@ diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c
+/* Minimum port number for X11 forwarding */ +/* Minimum port number for X11 forwarding */
+#define X11_PORT_MIN 6000 +#define X11_PORT_MIN 6000
/* /* Per-channel callback for pre/post select() actions */
* Data structure for storing which hosts are permitted for forward requests. typedef void chan_fn(struct ssh *, Channel *c,
@@ -4228,7 +4228,7 @@ channel_send_window_changes(void) @@ -4228,7 +4228,7 @@ channel_send_window_changes(void)
*/ */
int int

View File

@ -91,7 +91,7 @@ index 132df8b5..ed23f06d 100644
+ case KEX_GSS_GRP16_SHA512: + case KEX_GSS_GRP16_SHA512:
kex_dh_hash(ssh->kex->hash_alg, ssh->kex->client_version_string, kex_dh_hash(ssh->kex->hash_alg, ssh->kex->client_version_string,
ssh->kex->server_version_string, ssh->kex->server_version_string,
buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
diff --git a/kexgsss.c b/kexgsss.c diff --git a/kexgsss.c b/kexgsss.c
index 82a715cc..b7da8823 100644 index 82a715cc..b7da8823 100644
--- a/kexgsss.c --- a/kexgsss.c
@ -117,7 +117,7 @@ index 82a715cc..b7da8823 100644
+ case KEX_GSS_GRP16_SHA512: + case KEX_GSS_GRP16_SHA512:
kex_dh_hash(ssh->kex->hash_alg, kex_dh_hash(ssh->kex->hash_alg,
ssh->kex->client_version_string, ssh->kex->server_version_string, ssh->kex->client_version_string, ssh->kex->server_version_string,
buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
diff --git a/monitor.c b/monitor.c diff --git a/monitor.c b/monitor.c
index 17046936..d6bc7ac7 100644 index 17046936..d6bc7ac7 100644
--- a/monitor.c --- a/monitor.c
@ -674,8 +674,8 @@ index ed23f06d..bdb3109a 100644
+ kex_c25519_hash( + kex_c25519_hash(
+ kex->hash_alg, + kex->hash_alg,
+ kex->client_version_string, kex->server_version_string, + kex->client_version_string, kex->server_version_string,
+ buffer_ptr(kex->my), buffer_len(kex->my), + sshbuf_ptr(kex->my), sshbuf_len(kex->my),
+ buffer_ptr(kex->peer), buffer_len(kex->peer), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
+ (serverhostkey ? serverhostkey : empty), slen, + (serverhostkey ? serverhostkey : empty), slen,
+ kex->c25519_client_pubkey, server_pub, + kex->c25519_client_pubkey, server_pub,
+ sshbuf_ptr(c25519_shared_secret), sshbuf_len(c25519_shared_secret), + sshbuf_ptr(c25519_shared_secret), sshbuf_len(c25519_shared_secret),
@ -1008,8 +1008,8 @@ index b7da8823..a7c42803 100644
+ kex_c25519_hash( + kex_c25519_hash(
+ kex->hash_alg, + kex->hash_alg,
+ kex->client_version_string, kex->server_version_string, + kex->client_version_string, kex->server_version_string,
+ buffer_ptr(kex->peer), buffer_len(kex->peer), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
+ buffer_ptr(kex->my), buffer_len(kex->my), + sshbuf_ptr(kex->my), sshbuf_len(kex->my),
+ NULL, 0, + NULL, 0,
+ client_pub, c25519_server_pubkey, + client_pub, c25519_server_pubkey,
+ sshbuf_ptr(c25519_shared_secret), sshbuf_len(c25519_shared_secret), + sshbuf_ptr(c25519_shared_secret), sshbuf_len(c25519_shared_secret),
@ -1117,8 +1117,8 @@ index d6bc7ac7..b11616c8 100644
kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_public_key=&get_hostkey_public_by_type;
@@ -1867,7 +1869,8 @@ mm_answer_gss_sign(int socket, Buffer *m) @@ -1867,7 +1869,8 @@ mm_answer_gss_sign(int socket, Buffer *m)
data.value = buffer_get_string(m, &len); if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
data.length = len; fatal("%s: buffer error: %s", __func__, ssh_err(r));
- if (data.length != 20) - if (data.length != 20)
+ /* Lengths of SHA-1, SHA-256 and SHA-512 hashes that are used */ + /* Lengths of SHA-1, SHA-256 and SHA-512 hashes that are used */
+ if (data.length != 20 && data.length != 32 && data.length != 64) + if (data.length != 20 && data.length != 32 && data.length != 64)

View File

@ -20,8 +20,8 @@ index ca75cc7..6e7de31 100644
+#if defined(__NR_flock) && defined(__s390__) +#if defined(__NR_flock) && defined(__s390__)
+ SC_ALLOW(__NR_flock), + SC_ALLOW(__NR_flock),
+#endif +#endif
#ifdef __NR_getpgid #ifdef __NR_geteuid
SC_ALLOW(__NR_getpgid), SC_ALLOW(__NR_geteuid),
#endif #endif
@@ -178,6 +181,9 @@ static const struct sock_filter preauth_insns[] = { @@ -178,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_gettimeofday #ifdef __NR_gettimeofday
@ -30,8 +30,8 @@ index ca75cc7..6e7de31 100644
+#if defined(__NR_ipc) && defined(__s390__) +#if defined(__NR_ipc) && defined(__s390__)
+ SC_ALLOW(__NR_ipc), + SC_ALLOW(__NR_ipc),
+#endif +#endif
#ifdef __NR_madvise #ifdef __NR_getuid
SC_ALLOW(__NR_madvise), SC_ALLOW(__NR_getuid),
#endif #endif
-- --
1.9.1 1.9.1

View File

@ -77,16 +77,8 @@ diff -up openssh-7.6p1/audit-bsm.c.audit openssh-7.6p1/audit-bsm.c
diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
--- openssh-7.6p1/audit.c.audit 2017-10-02 21:34:26.000000000 +0200 --- openssh-7.6p1/audit.c.audit 2017-10-02 21:34:26.000000000 +0200
+++ openssh-7.6p1/audit.c 2017-10-04 17:18:32.834505048 +0200 +++ openssh-7.6p1/audit.c 2017-10-04 17:18:32.834505048 +0200
@@ -26,6 +26,7 @@
#include <stdarg.h>
#include <string.h>
+#include <unistd.h>
#ifdef SSH_AUDIT_EVENTS
@@ -34,6 +35,12 @@ @@ -34,6 +35,12 @@
#include "key.h" #include "log.h"
#include "hostfile.h" #include "hostfile.h"
#include "auth.h" #include "auth.h"
+#include "ssh-gss.h" +#include "ssh-gss.h"
@ -127,7 +119,7 @@ diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
} }
+void +void
+audit_key(int host_user, int *rv, const Key *key) +audit_key(int host_user, int *rv, const struct sshkey *key)
+{ +{
+ char *fp; + char *fp;
+ +
@ -268,7 +260,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
# define _SSH_AUDIT_H # define _SSH_AUDIT_H
#include "loginrec.h" #include "loginrec.h"
+#include "key.h" +#include "sshkey.h"
enum ssh_audit_event_type { enum ssh_audit_event_type {
SSH_LOGIN_EXCEED_MAXTRIES, SSH_LOGIN_EXCEED_MAXTRIES,
@ -296,7 +288,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
+void audit_end_command(int, const char *); +void audit_end_command(int, const char *);
ssh_audit_event_t audit_classify_auth(const char *); ssh_audit_event_t audit_classify_auth(const char *);
+int audit_keyusage(int, char *, int); +int audit_keyusage(int, char *, int);
+void audit_key(int, int *, const Key *); +void audit_key(int, int *, const struct sshkey *);
+void audit_unsupported(int); +void audit_unsupported(int);
+void audit_kex(int, char *, char *, char *, char *); +void audit_kex(int, char *, char *, char *, char *);
+void audit_unsupported_body(int); +void audit_unsupported_body(int);
@ -313,7 +305,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
#include "log.h" #include "log.h"
#include "audit.h" #include "audit.h"
+#include "key.h" +#include "sshkey.h"
+#include "hostfile.h" +#include "hostfile.h"
+#include "auth.h" +#include "auth.h"
+#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */ +#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
@ -596,8 +588,8 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
+const static char *direction[] = { "from-server", "from-client", "both" }; +const static char *direction[] = { "from-server", "from-client", "both" };
+ +
+void +void
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char *pfs, pid_t pid, +audit_kex_body(int ctos, char *enc, char *mac, char *compress,
+ uid_t uid) + char *pfs, pid_t pid, uid_t uid)
+{ +{
+#ifdef AUDIT_CRYPTO_SESSION +#ifdef AUDIT_CRYPTO_SESSION
+ char buf[AUDIT_LOG_SIZE]; + char buf[AUDIT_LOG_SIZE];
@ -786,11 +778,11 @@ diff -up openssh-7.6p1/auth2-pubkey.c.audit openssh-7.6p1/auth2-pubkey.c
/* test for correct signature */ /* test for correct signature */
authenticated = 0; authenticated = 0;
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
- PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), - PRIVSEP(sshkey_verify(key, sig, slen,
+ PRIVSEP(user_key_verify(key, sig, slen, sshbuf_ptr(b), + PRIVSEP(user_key_verify(key, sig, slen,
sshbuf_len(b), NULL, ssh->compat)) == 0) { sshbuf_ptr(b), sshbuf_len(b),
authenticated = 1; (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
} ssh->compat)) == 0) {
@@ -250,6 +250,19 @@ done: @@ -250,6 +250,19 @@ done:
return authenticated; return authenticated;
} }
@ -882,7 +874,7 @@ diff -up openssh-7.6p1/cipher.c.audit openssh-7.6p1/cipher.c
- -
static const struct sshcipher ciphers[] = { static const struct sshcipher ciphers[] = {
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
{ "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, #ifndef OPENSSL_NO_DES
@@ -409,7 +409,7 @@ cipher_get_length(struct sshcipher_ctx * @@ -409,7 +409,7 @@ cipher_get_length(struct sshcipher_ctx *
void void
cipher_free(struct sshcipher_ctx *cc) cipher_free(struct sshcipher_ctx *cc)
@ -1032,17 +1024,6 @@ diff -up openssh-7.6p1/kex.h.audit openssh-7.6p1/kex.h
int kex_dh_hash(int, const char *, const char *, int kex_dh_hash(int, const char *, const char *,
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
diff -up openssh-7.6p1/key.h.audit openssh-7.6p1/key.h
--- openssh-7.6p1/key.h.audit 2017-10-02 21:34:26.000000000 +0200
+++ openssh-7.6p1/key.h 2017-10-04 17:18:32.836505059 +0200
@@ -43,6 +43,7 @@ typedef struct sshkey Key;
#define key_ssh_name_plain sshkey_ssh_name_plain
#define key_type_from_name sshkey_type_from_name
#define key_is_cert sshkey_is_cert
+#define key_is_private sshkey_is_private
#define key_type_plain sshkey_type_plain
#endif
diff -up openssh-7.6p1/mac.c.audit openssh-7.6p1/mac.c diff -up openssh-7.6p1/mac.c.audit openssh-7.6p1/mac.c
--- openssh-7.6p1/mac.c.audit 2017-10-02 21:34:26.000000000 +0200 --- openssh-7.6p1/mac.c.audit 2017-10-02 21:34:26.000000000 +0200
+++ openssh-7.6p1/mac.c 2017-10-04 17:18:32.836505059 +0200 +++ openssh-7.6p1/mac.c 2017-10-04 17:18:32.836505059 +0200
@ -1102,7 +1083,7 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
#include "ssherr.h" #include "ssherr.h"
@@ -117,6 +118,8 @@ extern Buffer auth_debug; @@ -117,6 +118,8 @@ extern Buffer auth_debug;
extern Buffer loginmsg; extern struct sshbuf *loginmsg;
extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */
+extern void destroy_sensitive_data(int); +extern void destroy_sensitive_data(int);
@ -1112,13 +1093,13 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
@@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe @@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_event(int, struct sshbuf *);
int mm_answer_audit_command(int, Buffer *); int mm_answer_audit_command(int, struct sshbuf *);
+int mm_answer_audit_end_command(int, Buffer *); +int mm_answer_audit_end_command(int, struct sshbuf *);
+int mm_answer_audit_unsupported_body(int, Buffer *); +int mm_answer_audit_unsupported_body(int, struct sshbuf *);
+int mm_answer_audit_kex_body(int, Buffer *); +int mm_answer_audit_kex_body(int, struct sshbuf *);
+int mm_answer_audit_session_key_free_body(int, Buffer *); +int mm_answer_audit_session_key_free_body(int, struct sshbuf *);
+int mm_answer_audit_server_key_free(int, Buffer *); +int mm_answer_audit_server_key_free(int, struct sshbuf *);
#endif #endif
static int monitor_read_log(struct monitor *); static int monitor_read_log(struct monitor *);
@ -1145,16 +1126,18 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
#endif #endif
{0, 0, NULL} {0, 0, NULL}
}; };
@@ -1396,7 +1413,9 @@ mm_answer_keyverify(int sock, struct ssh @@ -1396,8 +1413,10 @@ mm_answer_keyverify(int sock, struct ssh
char *sigalg; char *sigalg;
size_t signaturelen, datalen, bloblen; size_t signaturelen, datalen, bloblen;
int r, ret, valid_data = 0, encoded_ret; int r, ret, valid_data = 0, encoded_ret;
+ int type = 0; + int type = 0;
+ type = buffer_get_int(m); - if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || + if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+ (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
(r = sshbuf_get_string(m, &data, &datalen)) != 0 || (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
@@ -1405,6 +1424,8 @@ mm_answer_keyverify(int sock, struct ssh @@ -1405,6 +1424,8 @@ mm_answer_keyverify(int sock, struct ssh
if (hostbased_cuser == NULL || hostbased_chost == NULL || if (hostbased_cuser == NULL || hostbased_chost == NULL ||
!monitor_allowed_key(blob, bloblen)) !monitor_allowed_key(blob, bloblen))
@ -1213,14 +1196,15 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
while (waitpid(pmonitor->m_pid, &status, 0) == -1) while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR) if (errno != EINTR)
exit(1); exit(1);
@@ -1630,11 +1662,45 @@ mm_answer_audit_command(int socket, Buff @@ -1630,12 +1662,47 @@ mm_answer_audit_command(int socket, Buff
{ {
u_int len;
char *cmd; char *cmd;
int r;
+ Session *s; + Session *s;
debug3("%s entering", __func__); debug3("%s entering", __func__);
cmd = buffer_get_string(m, &len); if ((r = sshbuf_get_cstring(m, &cmd, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ +
/* sanity check command, if so how? */ /* sanity check command, if so how? */
- audit_run_command(cmd); - audit_run_command(cmd);
@ -1232,8 +1216,8 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
+ s->command_handle = audit_run_command(cmd); + s->command_handle = audit_run_command(cmd);
+#endif +#endif
+ +
+ buffer_clear(m); + sshbuf_reset(m);
+ buffer_put_int(m, s->self); + sshbuf_put_u32(m, s->self);
+ +
+ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m); + mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m);
+ +
@ -1241,16 +1225,17 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
+} +}
+ +
+int +int
+mm_answer_audit_end_command(int socket, Buffer *m) +mm_answer_audit_end_command(int socket, struct sshbuf *m)
+{ +{
+ int handle; + int handle, r;
+ u_int len; + size_t len;
+ char *cmd; + u_char *cmd = NULL;
+ Session *s; + Session *s;
+ +
+ debug3("%s entering", __func__); + debug3("%s entering", __func__);
+ handle = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &handle)) != 0 ||
+ cmd = buffer_get_string(m, &len); + (r = sshbuf_get_string(m, &cmd, &len)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ +
+ s = session_by_id(handle); + s = session_by_id(handle);
+ if (s == NULL || s->ttyfd != -1 || s->command == NULL || + if (s == NULL || s->ttyfd != -1 || s->command == NULL ||
@ -1264,7 +1249,7 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
void void
mm_get_keystate(struct monitor *pmonitor) mm_get_keystate(struct monitor *pmonitor)
{ {
+ Buffer m; + struct sshbuf *m;
debug3("%s: Waiting for new keys", __func__); debug3("%s: Waiting for new keys", __func__);
if ((child_state = sshbuf_new()) == NULL) if ((child_state = sshbuf_new()) == NULL)
@ -1274,11 +1259,11 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
debug3("%s: GOT new keys", __func__); debug3("%s: GOT new keys", __func__);
+ +
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
+ buffer_init(&m); + m = sshbuf_new();
+ mm_request_receive_expect(pmonitor->m_sendfd, + mm_request_receive_expect(pmonitor->m_sendfd,
+ MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); + MONITOR_REQ_AUDIT_SESSION_KEY_FREE, m);
+ mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, &m); + mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, m);
+ buffer_free(&m); + sshbuf_free(m);
+#endif +#endif
+ +
+ /* Drain any buffered messages from the child */ + /* Drain any buffered messages from the child */
@ -1288,41 +1273,47 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
} }
@@ -1976,3 +2056,86 @@ mm_answer_gss_updatecreds(int socket, Bu @@ -1976,3 +2056,102 @@ mm_answer_gss_updatecreds(int socket, Bu
#endif /* GSSAPI */ #endif /* GSSAPI */
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
+int +int
+mm_answer_audit_unsupported_body(int sock, Buffer *m) +mm_answer_audit_unsupported_body(int sock, struct sshbuf *m)
+{ +{
+ int what; + int what, r;
+ +
+ what = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &what)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ +
+ audit_unsupported_body(what); + audit_unsupported_body(what);
+ +
+ buffer_clear(m); + sshbuf_reset(m);
+ +
+ mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m); + mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m);
+ return 0; + return 0;
+} +}
+ +
+int +int
+mm_answer_audit_kex_body(int sock, Buffer *m) +mm_answer_audit_kex_body(int sock, struct sshbuf *m)
+{ +{
+ int ctos, len; + int ctos, r;
+ char *cipher, *mac, *compress, *pfs; + char *cipher, *mac, *compress, *pfs;
+ u_int64_t tmp;
+ pid_t pid; + pid_t pid;
+ uid_t uid; + uid_t uid;
+ +
+ ctos = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &ctos)) != 0 ||
+ cipher = buffer_get_string(m, &len); + (r = sshbuf_get_cstring(m, &cipher, NULL)) != 0 ||
+ mac = buffer_get_string(m, &len); + (r = sshbuf_get_cstring(m, &mac, NULL)) != 0 ||
+ compress = buffer_get_string(m, &len); + (r = sshbuf_get_cstring(m, &compress, NULL)) != 0 ||
+ pfs = buffer_get_string(m, &len); + (r = sshbuf_get_cstring(m, &pfs, NULL)) != 0 ||
+ pid = buffer_get_int64(m); + (r = sshbuf_get_u64(m, &tmp)) != 0)
+ uid = buffer_get_int64(m); + fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ pid = (pid_t) tmp;
+ if ((r = sshbuf_get_u64(m, &tmp)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ uid = (pid_t) tmp;
+ +
+ audit_kex_body(ctos, cipher, mac, compress, pfs, pid, uid); + audit_kex_body(ctos, cipher, mac, compress, pfs, pid, uid);
+ +
@ -1330,47 +1321,57 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
+ free(mac); + free(mac);
+ free(compress); + free(compress);
+ free(pfs); + free(pfs);
+ buffer_clear(m); + sshbuf_reset(m);
+ +
+ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m); + mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m);
+ return 0; + return 0;
+} +}
+ +
+int +int
+mm_answer_audit_session_key_free_body(int sock, Buffer *m) +mm_answer_audit_session_key_free_body(int sock, struct sshbuf *m)
+{ +{
+ int ctos; + int ctos, r;
+ u_int64_t tmp;
+ pid_t pid; + pid_t pid;
+ uid_t uid; + uid_t uid;
+ +
+ ctos = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &ctos)) != 0 ||
+ pid = buffer_get_int64(m); + (r = sshbuf_get_u64(m, &tmp)) != 0)
+ uid = buffer_get_int64(m); + fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ pid = (pid_t) tmp;
+ if ((r = sshbuf_get_u64(m, &tmp)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ uid = (uid_t) tmp;
+ +
+ audit_session_key_free_body(ctos, pid, uid); + audit_session_key_free_body(ctos, pid, uid);
+ +
+ buffer_clear(m); + sshbuf_reset(m);
+ +
+ mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); + mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
+ return 0; + return 0;
+} +}
+ +
+int +int
+mm_answer_audit_server_key_free(int sock, Buffer *m) +mm_answer_audit_server_key_free(int sock, struct sshbuf *m)
+{ +{
+ int len; + size_t len, r;
+ char *fp; + char *fp;
+ u_int64_t tmp;
+ pid_t pid; + pid_t pid;
+ uid_t uid; + uid_t uid;
+ +
+ fp = buffer_get_string(m, &len); + if ((r = sshbuf_get_cstring(m, &fp, &len)) != 0 ||
+ pid = buffer_get_int64(m); + (r = sshbuf_get_u64(m, &tmp)) != 0)
+ uid = buffer_get_int64(m); + fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ pid = (pid_t) tmp;
+ if ((r = sshbuf_get_u64(m, &tmp)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ uid = (uid_t) tmp;
+ +
+ audit_destroy_sensitive_data(fp, pid, uid); + audit_destroy_sensitive_data(fp, pid, uid);
+ +
+ free(fp); + free(fp);
+ buffer_clear(m); + sshbuf_reset(m);
+ +
+ return 0; + return 0;
+} +}
@ -1404,15 +1405,17 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
+mm_sshkey_verify(enum mm_keytype type, const struct sshkey *key, const u_char *sig, size_t siglen, +mm_sshkey_verify(enum mm_keytype type, const struct sshkey *key, const u_char *sig, size_t siglen,
const u_char *data, size_t datalen, const char *sigalg, u_int compat) const u_char *data, size_t datalen, const char *sigalg, u_int compat)
{ {
Buffer m; struct sshbuf *m;
@@ -478,6 +478,7 @@ mm_sshkey_verify(const struct sshkey *ke @@ -478,7 +478,8 @@ mm_sshkey_verify(const struct sshkey *ke
return (0);
buffer_init(&m); if ((m = sshbuf_new()) == NULL)
+ buffer_put_int(&m, type); fatal("%s: sshbuf_new failed", __func__);
buffer_put_string(&m, blob, len); - if ((r = sshkey_puts(key, m)) != 0 ||
buffer_put_string(&m, sig, siglen); + if ((r = sshbuf_put_u32(m, type)) != 0 ||
buffer_put_string(&m, data, datalen); + (r = sshkey_puts(key, m)) != 0 ||
(r = sshbuf_put_string(m, sig, siglen)) != 0 ||
(r = sshbuf_put_string(m, data, datalen)) != 0 ||
(r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
@@ -497,6 +498,20 @@ mm_sshkey_verify(const struct sshkey *ke @@ -497,6 +498,20 @@ mm_sshkey_verify(const struct sshkey *ke
return 0; return 0;
} }
@ -1434,27 +1437,29 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
void void
mm_send_keystate(struct monitor *monitor) mm_send_keystate(struct monitor *monitor)
{ {
@@ -874,10 +889,11 @@ mm_audit_event(ssh_audit_event_t event) @@ -874,11 +889,12 @@ mm_audit_event(ssh_audit_event_t event)
buffer_free(&m); sshbuf_free(m);
} }
-void -void
+int +int
mm_audit_run_command(const char *command) mm_audit_run_command(const char *command)
{ {
Buffer m; struct sshbuf *m;
int r;
+ int handle; + int handle;
debug3("%s entering command %s", __func__, command); debug3("%s entering command %s", __func__, command);
@@ -885,6 +901,26 @@ mm_audit_run_command(const char *command @@ -885,6 +901,30 @@ mm_audit_run_command(const char *command
buffer_put_cstring(&m, command); fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, m);
+ +
+ handle = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &handle)) != 0)
+ buffer_free(&m); + fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ sshbuf_free(m);
+ +
+ return (handle); + return (handle);
+} +}
@ -1462,87 +1467,103 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
+void +void
+mm_audit_end_command(int handle, const char *command) +mm_audit_end_command(int handle, const char *command)
+{ +{
+ Buffer m; + int r;
+ struct sshbuf *m;
+ +
+ debug3("%s entering command %s", __func__, command); + debug3("%s entering command %s", __func__, command);
+ +
+ buffer_init(&m); + if ((m = sshbuf_new()) == NULL)
+ buffer_put_int(&m, handle); + fatal("%s: sshbuf_new failed", __func__);
+ buffer_put_cstring(&m, command); + if ((r = sshbuf_put_u32(m, handle)) != 0 ||
+ (r = sshbuf_put_cstring(m, command)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ +
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, m);
buffer_free(&m); sshbuf_free(m);
} }
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
@@ -1020,3 +1056,70 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc @@ -1020,3 +1056,83 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc
return (ok);
}
#endif /* GSSAPI */ #endif /* GSSAPI */
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
+void +void
+mm_audit_unsupported_body(int what) +mm_audit_unsupported_body(int what)
+{ +{
+ Buffer m; + int r;
+ struct sshbuf *m;
+ +
+ buffer_init(&m); + if ((m = sshbuf_new()) == NULL)
+ buffer_put_int(&m, what); + fatal("%s: sshbuf_new failed", __func__);
+ if ((r = sshbuf_put_u32(m, what)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ +
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_UNSUPPORTED, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_UNSUPPORTED,
+ &m); + m);
+ +
+ buffer_free(&m); + sshbuf_free(m);
+} +}
+ +
+void +void
+mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, char *fps, pid_t pid, +mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, char *fps, pid_t pid,
+ uid_t uid) + uid_t uid)
+{ +{
+ Buffer m; + int r;
+ struct sshbuf *m;
+ +
+ buffer_init(&m); + if ((m = sshbuf_new()) == NULL)
+ buffer_put_int(&m, ctos); + fatal("%s: sshbuf_new failed", __func__);
+ buffer_put_cstring(&m, cipher); + if ((r = sshbuf_put_u32(m, ctos)) != 0 ||
+ buffer_put_cstring(&m, (mac ? mac : "<implicit>")); + (r = sshbuf_put_cstring(m, cipher)) != 0 ||
+ buffer_put_cstring(&m, compress); + (r = sshbuf_put_cstring(m, (mac ? mac : "<implicit>"))) != 0 ||
+ buffer_put_cstring(&m, fps); + (r = sshbuf_put_cstring(m, compress)) != 0 ||
+ buffer_put_int64(&m, pid); + (r = sshbuf_put_cstring(m, fps)) != 0 ||
+ buffer_put_int64(&m, uid); + (r = sshbuf_put_u64(m, pid)) != 0 ||
+ (r = sshbuf_put_u64(m, uid)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ +
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
+ &m); + m);
+ +
+ buffer_free(&m); + sshbuf_free(m);
+} +}
+ +
+void +void
+mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) +mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
+{ +{
+ Buffer m; + int r;
+ struct sshbuf *m;
+ +
+ buffer_init(&m); + if ((m = sshbuf_new()) == NULL)
+ buffer_put_int(&m, ctos); + fatal("%s: sshbuf_new failed", __func__);
+ buffer_put_int64(&m, pid); + if ((r = sshbuf_put_u32(m, ctos)) != 0 ||
+ buffer_put_int64(&m, uid); + (r = sshbuf_put_u64(m, pid)) != 0 ||
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); + (r = sshbuf_put_u64(m, uid)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
+ &m); + m);
+ buffer_free(&m); + sshbuf_free(m);
+} +}
+ +
+void +void
+mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) +mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
+{ +{
+ Buffer m; + int r;
+ struct sshbuf *m;
+ +
+ buffer_init(&m); + if ((m = sshbuf_new()) == NULL)
+ buffer_put_cstring(&m, fp); + fatal("%s: sshbuf_new failed", __func__);
+ buffer_put_int64(&m, pid); + if ((r = sshbuf_put_cstring(m, fp)) != 0 ||
+ buffer_put_int64(&m, uid); + (r = sshbuf_put_u64(m, pid)) != 0 ||
+ (r = sshbuf_put_u64(m, uid)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ +
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, m);
+ buffer_free(&m); + sshbuf_free(m);
+} +}
+#endif /* SSH_AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-7.6p1/monitor_wrap.h.audit openssh-7.6p1/monitor_wrap.h diff -up openssh-7.6p1/monitor_wrap.h.audit openssh-7.6p1/monitor_wrap.h
@ -1577,7 +1598,7 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
--- openssh-7.6p1/packet.c.audit 2017-10-04 17:18:32.672504220 +0200 --- openssh-7.6p1/packet.c.audit 2017-10-04 17:18:32.672504220 +0200
+++ openssh-7.6p1/packet.c 2017-10-04 17:25:48.141741390 +0200 +++ openssh-7.6p1/packet.c 2017-10-04 17:25:48.141741390 +0200
@@ -67,6 +67,7 @@ @@ -67,6 +67,7 @@
#include "key.h" /* typedefs XXX */ #include <zlib.h>
#include "xmalloc.h" #include "xmalloc.h"
+#include "audit.h" +#include "audit.h"
@ -1642,9 +1663,9 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
+ close(state->connection_in); + close(state->connection_in);
+ close(state->connection_out); + close(state->connection_out);
+ } + }
free(ssh->local_ipaddr);
ssh->local_ipaddr = NULL;
free(ssh->remote_ipaddr); free(ssh->remote_ipaddr);
ssh->remote_ipaddr = NULL;
free(ssh->state);
@@ -854,6 +863,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod @@ -854,6 +863,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod
(unsigned long long)state->p_read.blocks, (unsigned long long)state->p_read.blocks,
(unsigned long long)state->p_send.bytes, (unsigned long long)state->p_send.bytes,
@ -1685,16 +1706,16 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
+ cipher_free(state->receive_context); + cipher_free(state->receive_context);
+ cipher_free(state->send_context); + cipher_free(state->send_context);
+ +
+ buffer_free(state->input); + sshbuf_free(state->input);
+ state->input = NULL; + state->input = NULL;
+ buffer_free(state->output); + sshbuf_free(state->output);
+ state->output = NULL; + state->output = NULL;
+ buffer_free(state->outgoing_packet); + sshbuf_free(state->outgoing_packet);
+ state->outgoing_packet = NULL; + state->outgoing_packet = NULL;
+ buffer_free(state->incoming_packet); + sshbuf_free(state->incoming_packet);
+ state->incoming_packet = NULL; + state->incoming_packet = NULL;
+ if( state->compression_buffer ) { + if (state->compression_buffer) {
+ buffer_free(state->compression_buffer); + sshbuf_free(state->compression_buffer);
+ state->compression_buffer = NULL; + state->compression_buffer = NULL;
+ } + }
+ newkeys_destroy_and_free(state->newkeys[MODE_IN]); + newkeys_destroy_and_free(state->newkeys[MODE_IN]);
@ -1744,7 +1765,7 @@ diff -up openssh-7.6p1/session.c.audit openssh-7.6p1/session.c
extern int startup_pipe; extern int startup_pipe;
-extern void destroy_sensitive_data(void); -extern void destroy_sensitive_data(void);
+extern void destroy_sensitive_data(int); +extern void destroy_sensitive_data(int);
extern Buffer loginmsg; extern struct sshbuf *loginmsg;
extern struct sshauthopt *auth_opts; extern struct sshauthopt *auth_opts;
char *tun_fwd_ifnames; /* serverloop.c */ char *tun_fwd_ifnames; /* serverloop.c */
@@ -605,6 +605,14 @@ do_exec_pty(struct ssh *ssh, Session *s, @@ -605,6 +605,14 @@ do_exec_pty(struct ssh *ssh, Session *s,
@ -1984,11 +2005,11 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
if (sensitive_data.host_keys[i]) { if (sensitive_data.host_keys[i]) {
+ char *fp; + char *fp;
+ +
+ if (key_is_private(sensitive_data.host_keys[i])) + if (sshkey_is_private(sensitive_data.host_keys[i]))
+ fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX); + fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX);
+ else + else
+ fp = NULL; + fp = NULL;
key_free(sensitive_data.host_keys[i]); sshkey_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL; sensitive_data.host_keys[i] = NULL;
+ if (fp != NULL) { + if (fp != NULL) {
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
@ -2005,13 +2026,13 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
- if (sensitive_data.host_certificates[i]) { - if (sensitive_data.host_certificates[i]) {
+ if (sensitive_data.host_certificates + if (sensitive_data.host_certificates
+ && sensitive_data.host_certificates[i]) { + && sensitive_data.host_certificates[i]) {
key_free(sensitive_data.host_certificates[i]); sshkey_free(sensitive_data.host_certificates[i]);
sensitive_data.host_certificates[i] = NULL; sensitive_data.host_certificates[i] = NULL;
} }
@@ -499,12 +536,30 @@ demote_sensitive_data(void) @@ -499,16 +536,34 @@ demote_sensitive_data(void)
{
struct sshkey *tmp; struct sshkey *tmp;
u_int i; u_int i;
int r;
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
+ pid_t pid; + pid_t pid;
+ uid_t uid; + uid_t uid;
@ -2023,12 +2044,16 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
if (sensitive_data.host_keys[i]) { if (sensitive_data.host_keys[i]) {
+ char *fp; + char *fp;
+ +
+ if (key_is_private(sensitive_data.host_keys[i])) + if (sshkey_is_private(sensitive_data.host_keys[i]))
+ fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX); + fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX);
+ else + else
+ fp = NULL; + fp = NULL;
tmp = key_demote(sensitive_data.host_keys[i]); if ((r = sshkey_demote(sensitive_data.host_keys[i],
key_free(sensitive_data.host_keys[i]); &tmp)) != 0)
fatal("could not demote host %s key: %s",
sshkey_type(sensitive_data.host_keys[i]),
ssh_err(r));
sshkey_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = tmp; sensitive_data.host_keys[i] = tmp;
+ if (fp != NULL) { + if (fp != NULL) {
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS

View File

@ -29,7 +29,7 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
{ {
static RSA_METHOD helper_rsa; static RSA_METHOD helper_rsa;
@@ -152,6 +160,81 @@ wrap_key(RSA *rsa) @@ -152,6 +160,85 @@ wrap_key(RSA *rsa)
return (0); return (0);
} }
@ -38,30 +38,34 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
+pkcs11_ecdsa_private_sign(const unsigned char *from, int flen, +pkcs11_ecdsa_private_sign(const unsigned char *from, int flen,
+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY * ecdsa) + const BIGNUM *inv, const BIGNUM *rp, EC_KEY * ecdsa)
+{ +{
+ Key key; + struct sshkey *key;
+ u_char *blob, *signature = NULL; + u_char *blob, *signature = NULL;
+ u_int blen, slen = 0; + size_t blen, slen = 0;
+ Buffer msg; + struct sshbuf *msg;
+ ECDSA_SIG *ret = NULL; + ECDSA_SIG *ret = NULL;
+ BIGNUM *r = NULL, *s = NULL; + BIGNUM *r = NULL, *s = NULL;
+ int rv;
+ +
+ key.type = KEY_ECDSA; + key = sshkey_new(KEY_ECDSA);
+ key.ecdsa = ecdsa; + key->ecdsa = ecdsa;
+ key.ecdsa_nid = sshkey_ecdsa_key_to_nid(ecdsa); + key->ecdsa_nid = sshkey_ecdsa_key_to_nid(ecdsa);
+ if (key_to_blob(&key, &blob, &blen) == 0) + if (sshkey_to_blob(key, &blob, &blen) == 0)
+ return NULL; + return NULL;
+ buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL)
+ buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST); + fatal("%s: sshbuf_new failed", __func__);
+ buffer_put_string(&msg, blob, blen); + if ((rv = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
+ buffer_put_string(&msg, from, flen); + (rv = sshbuf_put_string(msg, blob, blen)) != 0 ||
+ buffer_put_int(&msg, 0); + (rv = sshbuf_put_string(msg, from, flen)) != 0 ||
+ (rv = sshbuf_put_u32(msg, 0)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(rv));
+ free(blob); + free(blob);
+ send_msg(&msg); + send_msg(msg);
+ buffer_clear(&msg); + sshbuf_reset(msg);
+ +
+ if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) { + if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
+ signature = buffer_get_string(&msg, &slen); + if ((rv = sshbuf_get_string(msg, &signature, &slen)) != 0)
+ if (slen <= (u_int)ECDSA_size(ecdsa)) { + fatal("%s: buffer error: %s", __func__, ssh_err(rv));
+ if (slen <= (size_t)ECDSA_size(ecdsa)) {
+ int nlen = slen / 2; + int nlen = slen / 2;
+ ret = ECDSA_SIG_new(); + ret = ECDSA_SIG_new();
+ r = BN_new(); + r = BN_new();
@ -72,7 +76,7 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
+ } + }
+ free(signature); + free(signature);
+ } + }
+ buffer_free(&msg); + sshbuf_free(msg);
+ return (ret); + return (ret);
+} +}
+ +
@ -112,9 +116,9 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
pkcs11_start_helper(void) pkcs11_start_helper(void)
{ {
@@ -212,7 +281,15 @@ pkcs11_add_provider(char *name, char *pi @@ -212,7 +281,15 @@ pkcs11_add_provider(char *name, char *pi
blob = buffer_get_string(&msg, &blen); __func__, ssh_err(r));
free(buffer_get_string(&msg, NULL)); if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
k = key_from_blob(blob, blen); fatal("%s: bad key: %s", __func__, ssh_err(r));
- wrap_key(k->rsa); - wrap_key(k->rsa);
+ if(k->type == KEY_RSA) { + if(k->type == KEY_RSA) {
+ wrap_rsa_key(k->rsa); + wrap_rsa_key(k->rsa);

View File

@ -17,18 +17,18 @@ index ac959c1f..f8ed1781 100644
rm -f regress/unittests/utf8/test_utf8$(EXEEXT) rm -f regress/unittests/utf8/test_utf8$(EXEEXT)
+ rm -f regress/unittests/pkcs11/*.o + rm -f regress/unittests/pkcs11/*.o
+ rm -f regress/unittests/pkcs11/test_pkcs11$(EXEEXT) + rm -f regress/unittests/pkcs11/test_pkcs11$(EXEEXT)
rm -f regress/misc/kexfuzz/*.o rm -f regress/misc/kexfuzz/*.o
rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT) rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
(cd openbsd-compat && $(MAKE) clean) (cd openbsd-compat && $(MAKE) clean)
@@ -276,6 +278,8 @@ distclean: regressclean @@ -276,6 +278,8 @@ distclean: regressclean
rm -f regress/unittests/match/test_match rm -f regress/unittests/match/test_match
rm -f regress/unittests/utf8/*.o rm -f regress/unittests/utf8/*.o
rm -f regress/unittests/utf8/test_utf8 rm -f regress/unittests/utf8/test_utf8
+ rm -f regress/unittests/pkcs11/*.o + rm -f regress/unittests/pkcs11/*.o
+ rm -f regress/unittests/pkcs11/test_pkcs11 + rm -f regress/unittests/pkcs11/test_pkcs11
rm -f regress/unittests/misc/kexfuzz rm -f regress/misc/kexfuzz/*.o
(cd openbsd-compat && $(MAKE) distclean) rm -f regress/misc/kexfuzz
if test -d pkg ; then \ (cd openbsd-compat && $(MAKE) distclean)
@@ -437,6 +441,7 @@ regress-prep: @@ -437,6 +441,7 @@ regress-prep:
$(MKDIR_P) `pwd`/regress/unittests/kex $(MKDIR_P) `pwd`/regress/unittests/kex
$(MKDIR_P) `pwd`/regress/unittests/match $(MKDIR_P) `pwd`/regress/unittests/match
@ -72,8 +72,8 @@ index ac959c1f..f8ed1781 100644
regress/netcat$(EXEEXT) \ regress/netcat$(EXEEXT) \
+ regress/soft-pkcs11.so \ + regress/soft-pkcs11.so \
regress/check-perm$(EXEEXT) \ regress/check-perm$(EXEEXT) \
regress/mkdtemp$(EXEEXT) \
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
@@ -575,6 +596,7 @@ regress-binaries: regress/modpipe$(EXEEXT) \ @@ -575,6 +596,7 @@ regress-binaries: regress/modpipe$(EXEEXT) \
regress/unittests/kex/test_kex$(EXEEXT) \ regress/unittests/kex/test_kex$(EXEEXT) \
regress/unittests/match/test_match$(EXEEXT) \ regress/unittests/match/test_match$(EXEEXT) \
@ -81,7 +81,7 @@ index ac959c1f..f8ed1781 100644
+ regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \ + regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \
regress/misc/kexfuzz/kexfuzz$(EXEEXT) regress/misc/kexfuzz/kexfuzz$(EXEEXT)
REGRESSTMP = "$(PWD)/regress" tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
diff --git a/authfd.c b/authfd.c diff --git a/authfd.c b/authfd.c
index 1eff7ba9..35153f47 100644 index 1eff7ba9..35153f47 100644
--- a/authfd.c --- a/authfd.c
@ -2717,7 +2717,7 @@ new file mode 100644
index 00000000..e83aca54 index 00000000..e83aca54
--- /dev/null --- /dev/null
+++ b/regress/unittests/pkcs11/tests.c +++ b/regress/unittests/pkcs11/tests.c
@@ -0,0 +1,329 @@ @@ -0,0 +1,330 @@
+/* +/*
+ * Copyright (c) 2017 Red Hat + * Copyright (c) 2017 Red Hat
+ * + *
@ -2743,6 +2743,7 @@ index 00000000..e83aca54
+ +
+#include "../test_helper/test_helper.h" +#include "../test_helper/test_helper.h"
+ +
+#include "sshbuf.h"
+#include "ssh-pkcs11-uri.h" +#include "ssh-pkcs11-uri.h"
+ +
+#define EMPTY_URI compose_uri(NULL, 0, NULL, NULL, NULL, NULL, NULL) +#define EMPTY_URI compose_uri(NULL, 0, NULL, NULL, NULL, NULL, NULL)
@ -3288,12 +3289,12 @@ index a023f5f4..882e8381 100644
key.type = KEY_RSA; key.type = KEY_RSA;
key.rsa = rsa; key.rsa = rsa;
+ key.ecdsa_nid = 0; + key.ecdsa_nid = 0;
if (key_to_blob(&key, &blob, &blen) == 0) if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) {
error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
return -1; return -1;
buffer_init(&msg);
@@ -195,6 +196,8 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp) @@ -195,6 +196,8 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp)
u_int blen; u_int nkeys, i;
Buffer msg; struct sshbuf *msg;
+ debug("%s: called, name = %s", __func__, name); + debug("%s: called, name = %s", __func__, name);
+ +
@ -3301,19 +3302,19 @@ index a023f5f4..882e8381 100644
return (-1); return (-1);
@@ -208,6 +211,7 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp) @@ -208,6 +211,7 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp)
if (recv_msg(&msg) == SSH2_AGENT_IDENTITIES_ANSWER) { if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
nkeys = buffer_get_int(&msg); fatal("%s: buffer error: %s", __func__, ssh_err(r));
*keysp = xcalloc(nkeys, sizeof(Key *)); *keysp = xcalloc(nkeys, sizeof(struct sshkey *));
+ debug("%s: nkeys = %d", __func__, nkeys); + debug("%s: nkeys = %u", __func__, nkeys);
for (i = 0; i < nkeys; i++) { for (i = 0; i < nkeys; i++) {
blob = buffer_get_string(&msg, &blen); /* XXX clean up properly instead of fatal() */
free(buffer_get_string(&msg, NULL)); if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 ||
diff --git a/ssh-pkcs11-uri.c b/ssh-pkcs11-uri.c diff --git a/ssh-pkcs11-uri.c b/ssh-pkcs11-uri.c
new file mode 100644 new file mode 100644
index 00000000..da15c164 index 00000000..da15c164
--- /dev/null --- /dev/null
+++ b/ssh-pkcs11-uri.c +++ b/ssh-pkcs11-uri.c
@@ -0,0 +1,400 @@ @@ -0,0 +1,401 @@
+/* +/*
+ * Copyright (c) 2017 Red Hat + * Copyright (c) 2017 Red Hat
+ * + *
@ -3340,6 +3341,7 @@ index 00000000..da15c164
+#include <string.h> +#include <string.h>
+ +
+#include "sshkey.h" +#include "sshkey.h"
+#include "sshbuf.h"
+#include "log.h" +#include "log.h"
+ +
+#define CRYPTOKI_COMPAT +#define CRYPTOKI_COMPAT
@ -4624,7 +4626,7 @@ index d3619fe2..180eb2e0 100644
+ break; + break;
+ } + }
+#endif +#endif
p = tilde_expand_filename(optarg, original_real_uid); p = tilde_expand_filename(optarg, getuid());
if (stat(p, &st) < 0) if (stat(p, &st) < 0)
fprintf(stderr, "Warning: Identity file %s " fprintf(stderr, "Warning: Identity file %s "
@@ -1999,6 +2007,45 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) @@ -1999,6 +2007,45 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
@ -4656,7 +4658,7 @@ index d3619fe2..180eb2e0 100644
+ (nkeys = pkcs11_add_provider_by_uri(uri, NULL, &keys)) > 0) { + (nkeys = pkcs11_add_provider_by_uri(uri, NULL, &keys)) > 0) {
+ for (i = 0; i < nkeys; i++) { + for (i = 0; i < nkeys; i++) {
+ if (*n_ids >= SSH_MAX_IDENTITY_FILES) { + if (*n_ids >= SSH_MAX_IDENTITY_FILES) {
+ key_free(keys[i]); + sshkey_free(keys[i]);
+ continue; + continue;
+ } + }
+ identity_keys[*n_ids] = keys[i]; + identity_keys[*n_ids] = keys[i];
@ -4674,9 +4676,9 @@ index d3619fe2..180eb2e0 100644
static void static void
load_public_identity_files(struct passwd *pw) load_public_identity_files(struct passwd *pw)
@@ -2011,10 +2058,6 @@ load_public_identity_files(struct passwd *pw) @@ -2011,10 +2058,6 @@ load_public_identity_files(struct passwd *pw)
struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];
char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; char *certificate_files[SSH_MAX_CERTIFICATE_FILES];
struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES];
-#ifdef ENABLE_PKCS11 -#ifdef ENABLE_PKCS11
- struct sshkey **keys; - struct sshkey **keys;
- int nkeys; - int nkeys;
@ -4684,8 +4686,8 @@ index d3619fe2..180eb2e0 100644
n_ids = n_certs = 0; n_ids = n_certs = 0;
memset(identity_files, 0, sizeof(identity_files)); memset(identity_files, 0, sizeof(identity_files));
@@ -2023,35 +2066,48 @@ load_public_identity_files(struct passwd *pw) @@ -2023,32 +2066,46 @@ load_public_identity_files(struct passwd *pw)
memset(certificates, 0, sizeof(certificates)); sizeof(certificate_file_userprovided));
#ifdef ENABLE_PKCS11 #ifdef ENABLE_PKCS11
- if (options.pkcs11_provider != NULL && - if (options.pkcs11_provider != NULL &&
@ -4695,7 +4697,7 @@ index d3619fe2..180eb2e0 100644
- &keys)) > 0) { - &keys)) > 0) {
- for (i = 0; i < nkeys; i++) { - for (i = 0; i < nkeys; i++) {
- if (n_ids >= SSH_MAX_IDENTITY_FILES) { - if (n_ids >= SSH_MAX_IDENTITY_FILES) {
- key_free(keys[i]); - sshkey_free(keys[i]);
- continue; - continue;
- } - }
- identity_keys[n_ids] = keys[i]; - identity_keys[n_ids] = keys[i];
@ -4725,8 +4727,6 @@ index d3619fe2..180eb2e0 100644
+ pkcs11_uri_cleanup(uri); + pkcs11_uri_cleanup(uri);
} }
#endif /* ENABLE_PKCS11 */ #endif /* ENABLE_PKCS11 */
if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("load_public_identity_files: getpwuid failed");
for (i = 0; i < options.num_identity_files; i++) { for (i = 0; i < options.num_identity_files; i++) {
+ char *name = options.identity_files[i]; + char *name = options.identity_files[i];
if (n_ids >= SSH_MAX_IDENTITY_FILES || if (n_ids >= SSH_MAX_IDENTITY_FILES ||
@ -4736,8 +4736,7 @@ index d3619fe2..180eb2e0 100644
options.identity_files[i] = NULL; options.identity_files[i] = NULL;
continue; continue;
} }
- cp = tilde_expand_filename(options.identity_files[i], - cp = tilde_expand_filename(options.identity_files[i], getuid());
- original_real_uid);
+#ifdef ENABLE_PKCS11 +#ifdef ENABLE_PKCS11
+ if (strlen(name) >= strlen(PKCS11_URI_SCHEME) && + if (strlen(name) >= strlen(PKCS11_URI_SCHEME) &&
+ strncmp(name, PKCS11_URI_SCHEME, + strncmp(name, PKCS11_URI_SCHEME,
@ -4748,7 +4747,7 @@ index d3619fe2..180eb2e0 100644
+ continue; + continue;
+ } + }
+#endif /* ENABLE_PKCS11 */ +#endif /* ENABLE_PKCS11 */
+ cp = tilde_expand_filename(name, original_real_uid); + cp = tilde_expand_filename(name, getuid());
filename = percent_expand(cp, "d", pw->pw_dir, filename = percent_expand(cp, "d", pw->pw_dir,
"u", pw->pw_name, "l", thishost, "h", host, "u", pw->pw_name, "l", thishost, "h", host,
"r", options.user, (char *)NULL); "r", options.user, (char *)NULL);

View File

@ -294,7 +294,7 @@ diff -up openssh-7.7p1/Makefile.in.fips openssh-7.7p1/Makefile.in
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -308,9 +308,9 @@ diff -up openssh-7.7p1/Makefile.in.fips openssh-7.7p1/Makefile.in
- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) + $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o
- $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) + $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
@ -380,53 +380,35 @@ diff -up openssh-7.7p1/myproposal.h.fips openssh-7.7p1/myproposal.h
#else /* WITH_OPENSSL */ #else /* WITH_OPENSSL */
#define KEX_SERVER_KEX \ #define KEX_SERVER_KEX \
diff -up openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
--- openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips 2018-08-08 10:08:40.649718516 +0200
+++ openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2018-08-08 10:08:40.823719982 +0200
@@ -55,6 +55,7 @@
#include "secure_filename.h"
#include "uidswap.h"
#include <unistd.h>
+#include <openssl/crypto.h>
#include "identity.h"
@@ -104,7 +105,8 @@ pamsshagentauth_check_authkeys_file(FILE
found_key = 1;
logit("matching key found: file/command %s, line %lu", file,
linenum);
- fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
+ fp = sshkey_fingerprint(found, FIPS_mode() ? SSH_DIGEST_SHA1 : SSH_DIGEST_MD5,
+ SSH_FP_HEX);
logit("Found matching %s key: %s",
sshkey_type(found), fp);
free(fp);
diff -up openssh-7.7p1/readconf.c.fips openssh-7.7p1/readconf.c diff -up openssh-7.7p1/readconf.c.fips openssh-7.7p1/readconf.c
--- openssh-7.7p1/readconf.c.fips 2018-08-08 10:08:40.769719527 +0200 --- openssh-7.7p1/readconf.c.fips 2018-08-08 10:08:40.769719527 +0200
+++ openssh-7.7p1/readconf.c 2018-08-08 10:08:40.824719990 +0200 +++ openssh-7.7p1/readconf.c 2018-08-08 10:08:40.824719990 +0200
@@ -2081,12 +2081,17 @@ fill_default_options(Options * options) @@ -2081,17 +2081,18 @@ fill_default_options(Options * options)
} all_mac = mac_alg_list(',');
if (options->update_hostkeys == -1) all_kex = kex_alg_list(',');
options->update_hostkeys = 0; all_key = sshkey_alg_list(0, 0, 1, ',');
- if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 || -#define ASSEMBLE(what, defaults, all) \
- kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 || +#define ASSEMBLE(what, defaults, fips_defaults, all) \
- kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 || do { \
- kex_assemble_names(KEX_DEFAULT_PK_ALG, if ((r = kex_assemble_names(&options->what, \
+ if (kex_assemble_names((FIPS_mode() ? KEX_FIPS_ENCRYPT - defaults, all)) != 0) \
+ : KEX_CLIENT_ENCRYPT), &options->ciphers) != 0 || + (FIPS_mode() ? fips_defaults : defaults), \
+ kex_assemble_names((FIPS_mode() ? KEX_FIPS_MAC + all)) != 0) \
+ : KEX_CLIENT_MAC), &options->macs) != 0 || fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+ kex_assemble_names((FIPS_mode() ? KEX_DEFAULT_KEX_FIPS } while (0)
+ : KEX_CLIENT_KEX), &options->kex_algorithms) != 0 || - ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
+ kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG - ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
+ : KEX_DEFAULT_PK_ALG), - ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
&options->hostbased_key_types) != 0 || - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
- kex_assemble_names(KEX_DEFAULT_PK_ALG, - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+ kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
+ : KEX_DEFAULT_PK_ALG), + ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
&options->pubkey_key_types) != 0) + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
fatal("%s: kex_assemble_names failed", __func__); + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
+ ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
#undef ASSEMBLE
free(all_cipher);
free(all_mac);
diff -up openssh-7.7p1/sandbox-seccomp-filter.c.fips openssh-7.7p1/sandbox-seccomp-filter.c diff -up openssh-7.7p1/sandbox-seccomp-filter.c.fips openssh-7.7p1/sandbox-seccomp-filter.c
--- openssh-7.7p1/sandbox-seccomp-filter.c.fips 2018-08-08 10:08:40.794719737 +0200 --- openssh-7.7p1/sandbox-seccomp-filter.c.fips 2018-08-08 10:08:40.794719737 +0200
+++ openssh-7.7p1/sandbox-seccomp-filter.c 2018-08-08 10:08:40.824719990 +0200 +++ openssh-7.7p1/sandbox-seccomp-filter.c 2018-08-08 10:08:40.824719990 +0200
@ -443,33 +425,33 @@ diff -up openssh-7.7p1/sandbox-seccomp-filter.c.fips openssh-7.7p1/sandbox-secco
diff -up openssh-7.7p1/servconf.c.fips openssh-7.7p1/servconf.c diff -up openssh-7.7p1/servconf.c.fips openssh-7.7p1/servconf.c
--- openssh-7.7p1/servconf.c.fips 2018-08-08 10:08:40.778719603 +0200 --- openssh-7.7p1/servconf.c.fips 2018-08-08 10:08:40.778719603 +0200
+++ openssh-7.7p1/servconf.c 2018-08-08 10:08:40.824719990 +0200 +++ openssh-7.7p1/servconf.c 2018-08-08 10:08:40.824719990 +0200
@@ -196,14 +196,20 @@ option_clear_or_none(const char *o) @@ -196,17 +196,18 @@ option_clear_or_none(const char *o)
static void all_mac = mac_alg_list(',');
assemble_algorithms(ServerOptions *o) all_kex = kex_alg_list(',');
{ all_key = sshkey_alg_list(0, 0, 1, ',');
- if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || -#define ASSEMBLE(what, defaults, all) \
- kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || +#define ASSEMBLE(what, defaults, fips_defaults, all) \
- kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || do { \
- kex_assemble_names(KEX_DEFAULT_PK_ALG, - if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
+ if (kex_assemble_names((FIPS_mode() ? KEX_FIPS_ENCRYPT + if ((r = kex_assemble_names(&o->what, (FIPS_mode() \
+ : KEX_SERVER_ENCRYPT), &o->ciphers) != 0 || + ? fips_defaults : defaults), all)) != 0) \
+ kex_assemble_names((FIPS_mode() ? KEX_FIPS_MAC fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+ : KEX_SERVER_MAC), &o->macs) != 0 || } while (0)
+ kex_assemble_names((FIPS_mode() ? KEX_DEFAULT_KEX_FIPS - ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
+ : KEX_SERVER_KEX), &o->kex_algorithms) != 0 || - ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
+ kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG - ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
+ : KEX_DEFAULT_PK_ALG), - ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
&o->hostkeyalgorithms) != 0 || - ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
- kex_assemble_names(KEX_DEFAULT_PK_ALG, - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+ kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
+ : KEX_DEFAULT_PK_ALG), + ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
&o->hostbased_key_types) != 0 || + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
- kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) + ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
+ kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
+ : KEX_DEFAULT_PK_ALG), &o->pubkey_key_types) != 0) + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
fatal("kex_assemble_names failed"); #undef ASSEMBLE
} free(all_cipher);
free(all_mac);
diff -up openssh-7.7p1/ssh.c.fips openssh-7.7p1/ssh.c diff -up openssh-7.7p1/ssh.c.fips openssh-7.7p1/ssh.c
--- openssh-7.7p1/ssh.c.fips 2018-08-08 10:08:40.811719881 +0200 --- openssh-7.7p1/ssh.c.fips 2018-08-08 10:08:40.811719881 +0200
+++ openssh-7.7p1/ssh.c 2018-08-08 10:08:40.825719999 +0200 +++ openssh-7.7p1/ssh.c 2018-08-08 10:08:40.825719999 +0200
@ -581,14 +563,14 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
} }
#endif #endif
@@ -322,14 +330,16 @@ ssh_kex2(char *host, struct sockaddr *ho @@ -322,14 +330,16 @@ ssh_kex2(char *host, struct sockaddr *ho
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
if (options.hostkeyalgorithms != NULL) { if (options.hostkeyalgorithms != NULL) {
- if (kex_assemble_names(KEX_DEFAULT_PK_ALG, all_key = sshkey_alg_list(0, 0, 1, ',');
+ if (kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG if (kex_assemble_names(&options.hostkeyalgorithms,
+ : KEX_DEFAULT_PK_ALG), - KEX_DEFAULT_PK_ALG, all_key) != 0)
&options.hostkeyalgorithms) != 0) + (FIPS_mode() ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG),
+ all_key) != 0)
fatal("%s: kex_assemble_namelist", __func__); fatal("%s: kex_assemble_namelist", __func__);
free(all_key);
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal(options.hostkeyalgorithms); compat_pkalg_proposal(options.hostkeyalgorithms);
} else { } else {

View File

@ -148,7 +148,7 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
+ +
#PrintLastLog yes #PrintLastLog yes
#TCPKeepAlive yes #TCPKeepAlive yes
#UseLogin no #PermitUserEnvironment no
@@ -106,6 +126,12 @@ AuthorizedKeysFile .ssh/authorized_keys @@ -106,6 +126,12 @@ AuthorizedKeysFile .ssh/authorized_keys
# no default banner path # no default banner path
#Banner none #Banner none

View File

@ -1,152 +0,0 @@
From 4f60e4f66b5880c9f50ef758e8b7f7a9ae786d21 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 13 Apr 2018 13:13:33 +1000
Subject: [PATCH 1/5] Revert $REGRESSTMP changes.
Revert 3fd2d229 and subsequent changes as they turned out to be a
portability hassle.
---
Makefile.in | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index 04e1c8e53..dd942ee7b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -577,8 +577,6 @@ regress-binaries: regress/modpipe$(EXEEXT) \
regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \
regress/misc/kexfuzz/kexfuzz$(EXEEXT)
-REGRESSTMP = "$(PWD)/regress"
-
tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
BUILDDIR=`pwd`; \
TEST_SSH_SCP="$${BUILDDIR}/scp"; \
@@ -602,7 +600,7 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
.OBJDIR="$${BUILDDIR}/regress" \
.CURDIR="`pwd`" \
BUILDDIR="$${BUILDDIR}" \
- OBJ="$(REGRESSTMP)" \
+ OBJ="$${BUILDDIR}/regress/" \
PATH="$${BUILDDIR}:$${PATH}" \
TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
From b81b2d120e9c8a83489e241620843687758925ad Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 13 Apr 2018 13:38:06 +1000
Subject: [PATCH 2/5] Fix tunnel forwarding broken in 7.7p1
bz2855, ok dtucker@
---
openbsd-compat/port-net.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
index 7050629c3..bb535626f 100644
--- a/openbsd-compat/port-net.c
+++ b/openbsd-compat/port-net.c
@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname)
else
debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
goto failed;
return (fd);
@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname)
goto failed;
}
- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
goto failed;
close(sock);
From 341727df910e12e26ef161508ed76d91c40a61eb Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 9 Apr 2018 23:54:49 +0000
Subject: [PATCH 3/5] upstream: don't kill ssh-agent's listening socket
entriely if we
fail to accept a connection; bz#2837, patch from Lukas Kuster
OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f
---
ssh-agent.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/ssh-agent.c b/ssh-agent.c
index 2a4578b03..68de56ce6 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.229 2018/04/09 23:54:49 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -909,9 +909,8 @@ after_poll(struct pollfd *pfd, size_t npfd)
/* Process events */
switch (sockets[socknum].type) {
case AUTH_SOCKET:
- if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 &&
- handle_socket_read(socknum) != 0)
- close_socket(&sockets[socknum]);
+ if ((pfd[i].revents & (POLLIN|POLLERR)) != 0)
+ handle_socket_read(socknum);
break;
case AUTH_CONNECTION:
if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 &&
From 3402cc607049ac900f6d8574bc2ce657a8cdf4fe Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 13 Apr 2018 13:43:55 +1000
Subject: [PATCH 4/5] Using "==" in shell tests is not portable.
Patch from rsbecker at nexbridge.com.
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 663062bef..2e84d90b7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1398,7 +1398,7 @@ AC_RUN_IFELSE(
)
AC_MSG_RESULT([$func_calloc_0_nonnull])
-if test "x$func_calloc_0_nonnull" == "xyes"; then
+if test "x$func_calloc_0_nonnull" = "xyes"; then
AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
else
AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
From 85fe48fd49f2e81fa30902841b362cfbb7f1933b Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sat, 14 Apr 2018 21:50:41 +0000
Subject: [PATCH 5/5] upstream: don't free the %C expansion, it's used later
for
LocalCommand
OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1
---
ssh.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/ssh.c b/ssh.c
index d3619fe29..9c011dd7e 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1323,7 +1323,6 @@ main(int ac, char **av)
(char *)NULL);
free(cp);
}
- free(conn_hash_hex);
if (config_test) {
dump_client_config(&options, host);

View File

@ -3,7 +3,7 @@ diff --git a/sshd.c b/sshd.c
+++ b/sshd.c +++ b/sshd.c
@@ -1701,6 +1701,10 @@ main(int ac, char **av) @@ -1701,6 +1701,10 @@ main(int ac, char **av)
parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
&cfg, NULL); cfg, NULL);
+ /* 'UsePAM no' is not supported in Fedora */ + /* 'UsePAM no' is not supported in Fedora */
+ if (! options.use_pam) + if (! options.use_pam)

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,72 @@
diff -up openssh/misc.c.config openssh/misc.c
--- openssh/misc.c.config 2018-08-22 13:58:54.922807799 +0200
+++ openssh/misc.c 2018-08-22 13:58:55.000808428 +0200
@@ -485,7 +485,7 @@ put_host_port(const char *host, u_short
* The delimiter char, if present, is stored in delim.
* If this is the last field, *cp is set to NULL.
*/
-static char *
+char *
hpdelim2(char **cp, char *delim)
{
char *s, *old;
diff -up openssh/misc.h.config openssh/misc.h
--- openssh/misc.h.config 2018-08-20 07:57:29.000000000 +0200
+++ openssh/misc.h 2018-08-22 13:58:55.001808436 +0200
@@ -54,6 +54,7 @@ int set_rdomain(int, const char *);
int a2port(const char *);
int a2tun(const char *, int *);
char *put_host_port(const char *, u_short);
+char *hpdelim2(char **, char *);
char *hpdelim(char **);
char *cleanhostname(char *);
char *colon(char *);
diff -up openssh/servconf.c.config openssh/servconf.c
--- openssh/servconf.c.config 2018-08-22 13:58:54.989808340 +0200
+++ openssh/servconf.c 2018-08-22 14:18:49.235443937 +0200
@@ -886,7 +886,7 @@ process_permitopen_list(struct ssh *ssh,
{
u_int i;
int port;
- char *host, *arg, *oarg;
+ char *host, *arg, *oarg, ch;
int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
const char *what = lookup_opcode_name(opcode);
@@ -904,8 +904,8 @@ process_permitopen_list(struct ssh *ssh,
/* Otherwise treat it as a list of permitted host:port */
for (i = 0; i < num_opens; i++) {
oarg = arg = xstrdup(opens[i]);
- host = hpdelim(&arg);
- if (host == NULL)
+ host = hpdelim2(&arg, &ch);
+ if (host == NULL || ch == '/')
fatal("%s: missing host in %s", __func__, what);
host = cleanhostname(host);
if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1323,8 +1323,10 @@ process_server_config_line(ServerOptions
port = 0;
p = arg;
} else {
- p = hpdelim(&arg);
- if (p == NULL)
+ char ch;
+ arg2 = NULL;
+ p = hpdelim2(&arg, &ch);
+ if (p == NULL || ch == '/')
fatal("%s line %d: bad address:port usage",
filename, linenum);
p = cleanhostname(p);
@@ -1965,9 +1967,10 @@ process_server_config_line(ServerOptions
*/
xasprintf(&arg2, "*:%s", arg);
} else {
+ char ch;
arg2 = xstrdup(arg);
- p = hpdelim(&arg);
- if (p == NULL) {
+ p = hpdelim2(&arg, &ch);
+ if (p == NULL || ch == '/') {
fatal("%s line %d: missing host in %s",
filename, linenum,
lookup_opcode_name(opcode));

View File

@ -1,7 +1,7 @@
diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c diff -up openssh/auth2.c.role-mls openssh/auth2.c
--- openssh-7.4p1/auth2.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/auth2.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/auth2.c 2016-12-23 12:19:58.587459379 +0100 +++ openssh/auth2.c 2018-08-22 11:14:56.815430916 +0200
@@ -215,6 +215,9 @@ input_userauth_request(int type, u_int32 @@ -256,6 +256,9 @@ input_userauth_request(int type, u_int32
Authctxt *authctxt = ssh->authctxt; Authctxt *authctxt = ssh->authctxt;
Authmethod *m = NULL; Authmethod *m = NULL;
char *user, *service, *method, *style = NULL; char *user, *service, *method, *style = NULL;
@ -9,9 +9,9 @@ diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
+ char *role = NULL; + char *role = NULL;
+#endif +#endif
int authenticated = 0; int authenticated = 0;
double tstart = monotime_double();
if (authctxt == NULL) @@ -268,6 +271,11 @@ input_userauth_request(int type, u_int32
@@ -226,6 +229,11 @@ input_userauth_request(int type, u_int32
debug("userauth-request for user %s service %s method %s", user, service, method); debug("userauth-request for user %s service %s method %s", user, service, method);
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
@ -23,7 +23,7 @@ diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
if ((style = strchr(user, ':')) != NULL) if ((style = strchr(user, ':')) != NULL)
*style++ = 0; *style++ = 0;
@@ -251,8 +259,15 @@ input_userauth_request(int type, u_int32 @@ -296,8 +304,15 @@ input_userauth_request(int type, u_int32
use_privsep ? " [net]" : ""); use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service); authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL; authctxt->style = style ? xstrdup(style) : NULL;
@ -40,49 +40,48 @@ diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
userauth_banner(); userauth_banner();
if (auth2_setup_methods_lists(authctxt) != 0) if (auth2_setup_methods_lists(authctxt) != 0)
packet_disconnect("no authentication methods enabled"); packet_disconnect("no authentication methods enabled");
diff -up openssh-7.4p1/auth2-gss.c.role-mls openssh-7.4p1/auth2-gss.c diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
--- openssh-7.4p1/auth2-gss.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/auth2-gss.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/auth2-gss.c 2016-12-23 12:19:58.586459382 +0100 +++ openssh/auth2-gss.c 2018-08-22 11:15:42.459799171 +0200
@@ -255,6 +255,7 @@ input_gssapi_mic(int type, u_int32_t ple @@ -281,6 +281,7 @@ input_gssapi_mic(int type, u_int32_t ple
Authctxt *authctxt = ssh->authctxt; Authctxt *authctxt = ssh->authctxt;
Gssctxt *gssctxt; Gssctxt *gssctxt;
int authenticated = 0; int r, authenticated = 0;
+ char *micuser; + char *micuser;
Buffer b; struct sshbuf *b;
gss_buffer_desc mic, gssbuf; gss_buffer_desc mic, gssbuf;
u_int len; const char *displayname;
@@ -267,7 +268,13 @@ input_gssapi_mic(int type, u_int32_t ple @@ -298,7 +299,13 @@ input_gssapi_mic(int type, u_int32_t ple
mic.value = packet_get_string(&len); fatal("%s: sshbuf_new failed", __func__);
mic.value = p;
mic.length = len; mic.length = len;
- ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+ if (authctxt->role && (strlen(authctxt->role) > 0)) + if (authctxt->role && (strlen(authctxt->role) > 0))
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role); + xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
+ else + else
+#endif +#endif
+ micuser = authctxt->user; + micuser = authctxt->user;
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service, + ssh_gssapi_buildmic(b, micuser, authctxt->service,
"gssapi-with-mic"); "gssapi-with-mic");
gssbuf.value = buffer_ptr(&b); if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
@@ -279,6 +286,8 @@ input_gssapi_mic(int type, u_int32_t ple @@ -311,6 +318,8 @@ input_gssapi_mic(int type, u_int32_t ple
logit("GSSAPI MIC check failed"); logit("GSSAPI MIC check failed");
buffer_free(&b); sshbuf_free(b);
+ if (micuser != authctxt->user) + if (micuser != authctxt->user)
+ free(micuser); + free(micuser);
free(mic.value); free(mic.value);
if ((!use_privsep || mm_is_monitor()) && if ((!use_privsep || mm_is_monitor()) &&
diff -up openssh-7.4p1/auth2-hostbased.c.role-mls openssh-7.4p1/auth2-hostbased.c diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c
--- openssh-7.4p1/auth2-hostbased.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/auth2-hostbased.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/auth2-hostbased.c 2016-12-23 12:19:58.586459382 +0100 +++ openssh/auth2-hostbased.c 2018-08-22 11:14:56.816430924 +0200
@@ -121,7 +121,16 @@ userauth_hostbased(Authctxt *authctxt) @@ -123,7 +123,16 @@ userauth_hostbased(struct ssh *ssh)
/* reconstruct packet */ /* reconstruct packet */
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
- (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+ (authctxt->role + (authctxt->role
+ ? ( (r = sshbuf_put_u32(b, strlen(authctxt->user)+strlen(authctxt->role)+1)) != 0 || + ? ( (r = sshbuf_put_u32(b, strlen(authctxt->user)+strlen(authctxt->role)+1)) != 0 ||
@ -91,16 +90,16 @@ diff -up openssh-7.4p1/auth2-hostbased.c.role-mls openssh-7.4p1/auth2-hostbased.
+ (r = sshbuf_put(b, authctxt->role, strlen(authctxt->role))) != 0) + (r = sshbuf_put(b, authctxt->role, strlen(authctxt->role))) != 0)
+ : (r = sshbuf_put_cstring(b, authctxt->user)) != 0) || + : (r = sshbuf_put_cstring(b, authctxt->user)) != 0) ||
+#else +#else
+ (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
+#endif +#endif
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_put_cstring(b, "hostbased")) != 0 || (r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
(r = sshbuf_put_string(b, pkalg, alen)) != 0 || (r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c
--- openssh-7.4p1/auth2-pubkey.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/auth2-pubkey.c.role-mls 2018-08-22 11:14:56.816430924 +0200
+++ openssh-7.4p1/auth2-pubkey.c 2016-12-23 12:19:58.587459379 +0100 +++ openssh/auth2-pubkey.c 2018-08-22 11:17:07.331483958 +0200
@@ -151,9 +151,15 @@ userauth_pubkey(Authctxt *authctxt) @@ -169,9 +169,16 @@ userauth_pubkey(struct ssh *ssh)
__func__, ssh_err(r)); goto done;
} }
/* reconstruct packet */ /* reconstruct packet */
- xasprintf(&userstyle, "%s%s%s", authctxt->user, - xasprintf(&userstyle, "%s%s%s", authctxt->user,
@ -110,17 +109,18 @@ diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c
+ authctxt->style ? authctxt->style : "", + authctxt->style ? authctxt->style : "",
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+ authctxt->role ? "/" : "", + authctxt->role ? "/" : "",
+ authctxt->role ? authctxt->role : ""); + authctxt->role ? authctxt->role : ""
+#else +#else
+ "", ""); + "", ""
+#endif +#endif
+ );
if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, userstyle)) != 0 || (r = sshbuf_put_cstring(b, userstyle)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
diff -up openssh-7.4p1/auth.h.role-mls openssh-7.4p1/auth.h diff -up openssh/auth.h.role-mls openssh/auth.h
--- openssh-7.4p1/auth.h.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/auth.h.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/auth.h 2016-12-23 12:19:43.478510375 +0100 +++ openssh/auth.h 2018-08-22 11:14:56.816430924 +0200
@@ -62,6 +62,9 @@ struct Authctxt { @@ -65,6 +65,9 @@ struct Authctxt {
char *service; char *service;
struct passwd *pw; /* set if 'valid' */ struct passwd *pw; /* set if 'valid' */
char *style; char *style;
@ -130,10 +130,10 @@ diff -up openssh-7.4p1/auth.h.role-mls openssh-7.4p1/auth.h
/* Method lists for multiple authentication */ /* Method lists for multiple authentication */
char **auth_methods; /* modified from server config */ char **auth_methods; /* modified from server config */
diff -up openssh-7.4p1/auth-pam.c.role-mls openssh-7.4p1/auth-pam.c diff -up openssh/auth-pam.c.role-mls openssh/auth-pam.c
--- openssh-7.4p1/auth-pam.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/auth-pam.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/auth-pam.c 2016-12-23 12:19:43.477510378 +0100 +++ openssh/auth-pam.c 2018-08-22 11:14:56.816430924 +0200
@@ -1087,7 +1087,7 @@ is_pam_session_open(void) @@ -1172,7 +1172,7 @@ is_pam_session_open(void)
* during the ssh authentication process. * during the ssh authentication process.
*/ */
int int
@ -142,10 +142,10 @@ diff -up openssh-7.4p1/auth-pam.c.role-mls openssh-7.4p1/auth-pam.c
{ {
int ret = 1; int ret = 1;
#ifdef HAVE_PAM_PUTENV #ifdef HAVE_PAM_PUTENV
diff -up openssh-7.4p1/auth-pam.h.role-mls openssh-7.4p1/auth-pam.h diff -up openssh/auth-pam.h.role-mls openssh/auth-pam.h
--- openssh-7.4p1/auth-pam.h.role-mls 2016-12-23 12:19:43.478510375 +0100 --- openssh/auth-pam.h.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/auth-pam.h 2016-12-23 12:21:44.698101234 +0100 +++ openssh/auth-pam.h 2018-08-22 11:14:56.817430932 +0200
@@ -31,7 +31,7 @@ u_int do_pam_account(void); @@ -33,7 +33,7 @@ u_int do_pam_account(void);
void do_pam_session(struct ssh *); void do_pam_session(struct ssh *);
void do_pam_setcred(int ); void do_pam_setcred(int );
void do_pam_chauthtok(void); void do_pam_chauthtok(void);
@ -154,10 +154,24 @@ diff -up openssh-7.4p1/auth-pam.h.role-mls openssh-7.4p1/auth-pam.h
char ** fetch_pam_environment(void); char ** fetch_pam_environment(void);
char ** fetch_pam_child_environment(void); char ** fetch_pam_child_environment(void);
void free_pam_environment(char **); void free_pam_environment(char **);
diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c diff -up openssh/configure.ac.role-mls openssh/configure.ac
--- openssh-7.4p1/misc.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/configure.ac.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/misc.c 2016-12-23 12:19:58.587459379 +0100 +++ openssh/configure.ac 2018-08-22 11:14:56.820430957 +0200
@@ -432,6 +432,7 @@ char * @@ -4241,10 +4241,7 @@ AC_ARG_WITH([selinux],
LIBS="$LIBS -lselinux"
],
AC_MSG_ERROR([SELinux support requires libselinux library]))
- SSHLIBS="$SSHLIBS $LIBSELINUX"
- SSHDLIBS="$SSHDLIBS $LIBSELINUX"
AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
- LIBS="$save_LIBS"
fi ]
)
AC_SUBST([SSHLIBS])
diff -up openssh/misc.c.role-mls openssh/misc.c
--- openssh/misc.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh/misc.c 2018-08-22 11:14:56.817430932 +0200
@@ -542,6 +542,7 @@ char *
colon(char *cp) colon(char *cp)
{ {
int flag = 0; int flag = 0;
@ -165,7 +179,7 @@ diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c
if (*cp == ':') /* Leading colon is part of file name. */ if (*cp == ':') /* Leading colon is part of file name. */
return NULL; return NULL;
@@ -447,6 +448,13 @@ colon(char *cp) @@ -557,6 +558,13 @@ colon(char *cp)
return (cp); return (cp);
if (*cp == '/') if (*cp == '/')
return NULL; return NULL;
@ -179,20 +193,20 @@ diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c
} }
return NULL; return NULL;
} }
diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c diff -up openssh/monitor.c.role-mls openssh/monitor.c
--- openssh-7.4p1/monitor.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/monitor.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/monitor.c 2016-12-23 12:23:03.503835248 +0100 +++ openssh/monitor.c 2018-08-22 11:19:56.006844867 +0200
@@ -127,6 +127,9 @@ int mm_answer_sign(int, Buffer *); @@ -115,6 +115,9 @@ int mm_answer_sign(int, struct sshbuf *)
int mm_answer_pwnamallow(int, Buffer *); int mm_answer_pwnamallow(int, struct sshbuf *);
int mm_answer_auth2_read_banner(int, Buffer *); int mm_answer_auth2_read_banner(int, struct sshbuf *);
int mm_answer_authserv(int, Buffer *); int mm_answer_authserv(int, struct sshbuf *);
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+int mm_answer_authrole(int, Buffer *); +int mm_answer_authrole(int, struct sshbuf *);
+#endif +#endif
int mm_answer_authpassword(int, Buffer *); int mm_answer_authpassword(int, struct sshbuf *);
int mm_answer_bsdauthquery(int, Buffer *); int mm_answer_bsdauthquery(int, struct sshbuf *);
int mm_answer_bsdauthrespond(int, Buffer *); int mm_answer_bsdauthrespond(int, struct sshbuf *);
@@ -202,6 +205,9 @@ struct mon_table mon_dispatch_proto20[] @@ -189,6 +192,9 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@ -202,7 +216,7 @@ diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM #ifdef USE_PAM
@@ -769,6 +775,9 @@ mm_answer_pwnamallow(int sock, Buffer *m @@ -796,6 +802,9 @@ mm_answer_pwnamallow(int sock, struct ss
/* Allow service/style information on the auth context */ /* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@ -212,19 +226,20 @@ diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
#ifdef USE_PAM #ifdef USE_PAM
@@ -810,6 +819,25 @@ mm_answer_authserv(int sock, Buffer *m) @@ -842,6 +851,26 @@ mm_answer_authserv(int sock, struct sshb
return (0); return (0);
} }
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+int +int
+mm_answer_authrole(int sock, Buffer *m) +mm_answer_authrole(int sock, struct sshbuf *m)
+{ +{
+ int r;
+ monitor_permit_authentications(1); + monitor_permit_authentications(1);
+ +
+ authctxt->role = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
+ debug3("%s: role=%s", + fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ __func__, authctxt->role); + debug3("%s: role=%s", __func__, authctxt->role);
+ +
+ if (strlen(authctxt->role) == 0) { + if (strlen(authctxt->role) == 0) {
+ free(authctxt->role); + free(authctxt->role);
@ -236,48 +251,48 @@ diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
+#endif +#endif
+ +
int int
mm_answer_authpassword(int sock, Buffer *m) mm_answer_authpassword(int sock, struct sshbuf *m)
{ {
@@ -1208,7 +1236,7 @@ monitor_valid_userblob(u_char *data, u_i @@ -1218,7 +1247,7 @@ monitor_valid_userblob(u_char *data, u_i
{ {
Buffer b; struct sshbuf *b;
u_char *p; const u_char *p;
- char *userstyle, *cp; - char *userstyle, *cp;
+ char *userstyle, *r, *cp; + char *userstyle, *s, *cp;
u_int len; size_t len;
int fail = 0; u_char type;
int r, fail = 0;
@@ -1234,6 +1262,8 @@ monitor_valid_userblob(u_char *data, u_i @@ -1251,6 +1280,8 @@ monitor_valid_userblob(u_char *data, u_i
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++; fail++;
cp = buffer_get_cstring(&b, NULL); if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ if ((r = strchr(cp, '/')) != NULL) fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ *r = '\0'; + if ((s = strchr(cp, '/')) != NULL)
+ *s = '\0';
xasprintf(&userstyle, "%s%s%s", authctxt->user, xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "", authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : ""); authctxt->style ? authctxt->style : "");
@@ -1269,7 +1299,7 @@ monitor_valid_hostbasedblob(u_char *data @@ -1286,7 +1317,7 @@ monitor_valid_hostbasedblob(u_char *data
char *chost)
{ {
Buffer b; struct sshbuf *b;
- char *p, *userstyle; const u_char *p;
+ char *p, *r, *userstyle; - char *cp, *userstyle;
u_int len; + char *cp, *s, *userstyle;
int fail = 0; size_t len;
int r, fail = 0;
@@ -1286,6 +1316,8 @@ monitor_valid_hostbasedblob(u_char *data u_char type;
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) @@ -1308,6 +1339,8 @@ monitor_valid_hostbasedblob(u_char *data
fail++; fail++;
p = buffer_get_cstring(&b, NULL); if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ if ((r = strchr(p, '/')) != NULL) fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ *r = '\0'; + if ((s = strchr(p, '/')) != NULL)
+ *s = '\0';
xasprintf(&userstyle, "%s%s%s", authctxt->user, xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "", authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : ""); authctxt->style ? authctxt->style : "");
diff -up openssh-7.4p1/monitor.h.role-mls openssh-7.4p1/monitor.h diff -up openssh/monitor.h.role-mls openssh/monitor.h
--- openssh-7.4p1/monitor.h.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/monitor.h.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/monitor.h 2016-12-23 12:19:58.588459376 +0100 +++ openssh/monitor.h 2018-08-22 11:14:56.818430941 +0200
@@ -57,6 +57,10 @@ enum monitor_reqtype { @@ -55,6 +55,10 @@ enum monitor_reqtype {
MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49, MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
MONITOR_REQ_TERM = 50, MONITOR_REQ_TERM = 50,
@ -288,11 +303,11 @@ diff -up openssh-7.4p1/monitor.h.role-mls openssh-7.4p1/monitor.h
MONITOR_REQ_PAM_START = 100, MONITOR_REQ_PAM_START = 100,
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103, MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105, MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105,
diff -up openssh-7.4p1/monitor_wrap.c.role-mls openssh-7.4p1/monitor_wrap.c diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/monitor_wrap.c.role-mls 2018-08-22 11:14:56.818430941 +0200
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 12:19:58.588459376 +0100 +++ openssh/monitor_wrap.c 2018-08-22 11:21:47.938747968 +0200
@@ -345,6 +345,25 @@ mm_inform_authserv(char *service, char * @@ -390,6 +390,27 @@ mm_inform_authserv(char *service, char *
buffer_free(&m); sshbuf_free(m);
} }
+/* Inform the privileged process about role */ +/* Inform the privileged process about role */
@ -301,28 +316,30 @@ diff -up openssh-7.4p1/monitor_wrap.c.role-mls openssh-7.4p1/monitor_wrap.c
+void +void
+mm_inform_authrole(char *role) +mm_inform_authrole(char *role)
+{ +{
+ Buffer m; + int r;
+ struct sshbuf *m;
+ +
+ debug3("%s entering", __func__); + debug3("%s entering", __func__);
+ +
+ buffer_init(&m); + if ((m = sshbuf_new()) == NULL)
+ buffer_put_cstring(&m, role ? role : ""); + fatal("%s: sshbuf_new failed", __func__);
+ if ((r = sshbuf_put_cstring(m, role ? role : "")) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, m);
+ +
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m); + sshbuf_free(m);
+
+ buffer_free(&m);
+} +}
+#endif +#endif
+ +
/* Do the password authentication */ /* Do the password authentication */
int int
mm_auth_password(struct ssh *ssh, char *password) mm_auth_password(struct ssh *ssh, char *password)
diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h
--- openssh-7.4p1/monitor_wrap.h.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/monitor_wrap.h.role-mls 2018-08-22 11:14:56.818430941 +0200
+++ openssh-7.4p1/monitor_wrap.h 2016-12-23 12:19:58.588459376 +0100 +++ openssh/monitor_wrap.h 2018-08-22 11:22:10.439929513 +0200
@@ -42,6 +42,9 @@ int mm_is_monitor(void); @@ -44,6 +44,9 @@ DH *mm_choose_dh(int, int, int);
int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int, int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
const char *); const char *, u_int compat);
void mm_inform_authserv(char *, char *); void mm_inform_authserv(char *, char *);
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+void mm_inform_authrole(char *); +void mm_inform_authrole(char *);
@ -330,10 +347,10 @@ diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h
struct passwd *mm_getpwnamallow(const char *); struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void); char *mm_auth2_read_banner(void);
int mm_auth_password(struct ssh *, char *); int mm_auth_password(struct ssh *, char *);
diff -up openssh-7.4p1/openbsd-compat/Makefile.in.role-mls openssh-7.4p1/openbsd-compat/Makefile.in diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Makefile.in
--- openssh-7.4p1/openbsd-compat/Makefile.in.role-mls 2016-12-23 12:19:58.588459376 +0100 --- openssh/openbsd-compat/Makefile.in.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 12:24:06.042643938 +0100 +++ openssh/openbsd-compat/Makefile.in 2018-08-22 11:14:56.819430949 +0200
@@ -20,7 +20,8 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf @@ -92,7 +92,8 @@ PORTS= port-aix.o \
port-linux.o \ port-linux.o \
port-solaris.o \ port-solaris.o \
port-net.o \ port-net.o \
@ -343,10 +360,10 @@ diff -up openssh-7.4p1/openbsd-compat/Makefile.in.role-mls openssh-7.4p1/openbsd
.c.o: .c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff -up openssh-7.4p1/openbsd-compat/port-linux.c.role-mls openssh-7.4p1/openbsd-compat/port-linux.c diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/port-linux.c
--- openssh-7.4p1/openbsd-compat/port-linux.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/openbsd-compat/port-linux.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/openbsd-compat/port-linux.c 2016-12-23 12:19:58.590459369 +0100 +++ openssh/openbsd-compat/port-linux.c 2018-08-22 11:14:56.819430949 +0200
@@ -101,37 +101,6 @@ ssh_selinux_getctxbyname(char *pwname) @@ -100,37 +100,6 @@ ssh_selinux_getctxbyname(char *pwname)
return sc; return sc;
} }
@ -397,9 +414,9 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux.c.role-mls openssh-7.4p1/openbs
/* XXX: should these calls fatal() upon failure in enforcing mode? */ /* XXX: should these calls fatal() upon failure in enforcing mode? */
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.role-mls openssh-7.4p1/openbsd-compat/port-linux.h diff -up openssh/openbsd-compat/port-linux.h.role-mls openssh/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/openbsd-compat/port-linux.h.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 12:19:58.591459365 +0100 +++ openssh/openbsd-compat/port-linux.h 2018-08-22 11:14:56.819430949 +0200
@@ -20,9 +20,10 @@ @@ -20,9 +20,10 @@
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
int ssh_selinux_enabled(void); int ssh_selinux_enabled(void);
@ -412,10 +429,10 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux.h.role-mls openssh-7.4p1/openbs
#endif #endif
#ifdef LINUX_OOM_ADJUST #ifdef LINUX_OOM_ADJUST
diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/openbsd-compat/port-linux-sshd.c diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compat/port-linux-sshd.c
--- openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls 2016-12-23 12:19:58.590459369 +0100 --- openssh/openbsd-compat/port-linux-sshd.c.role-mls 2018-08-22 11:14:56.819430949 +0200
+++ openssh-7.4p1/openbsd-compat/port-linux-sshd.c 2016-12-23 12:19:58.590459369 +0100 +++ openssh/openbsd-compat/port-linux-sshd.c 2018-08-22 11:14:56.819430949 +0200
@@ -0,0 +1,424 @@ @@ -0,0 +1,425 @@
+/* +/*
+ * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> + * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
+ * Copyright (c) 2014 Petr Lautrbach <plautrba@redhat.com> + * Copyright (c) 2014 Petr Lautrbach <plautrba@redhat.com>
@ -444,13 +461,14 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/o
+#include <stdarg.h> +#include <stdarg.h>
+#include <string.h> +#include <string.h>
+#include <stdio.h> +#include <stdio.h>
+#include <stdlib.h>
+ +
+#include "log.h" +#include "log.h"
+#include "xmalloc.h" +#include "xmalloc.h"
+#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */ +#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
+#include "servconf.h" +#include "servconf.h"
+#include "port-linux.h" +#include "port-linux.h"
+#include "key.h" +#include "sshkey.h"
+#include "hostfile.h" +#include "hostfile.h"
+#include "auth.h" +#include "auth.h"
+ +
@ -840,10 +858,10 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/o
+#endif +#endif
+#endif +#endif
+ +
diff -up openssh-7.4p1/platform.c.role-mls openssh-7.4p1/platform.c diff -up openssh/platform.c.role-mls openssh/platform.c
--- openssh-7.4p1/platform.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/platform.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/platform.c 2016-12-23 12:19:58.591459365 +0100 +++ openssh/platform.c 2018-08-22 11:14:56.819430949 +0200
@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(stru @@ -183,7 +183,7 @@ platform_setusercontext_post_groups(stru
} }
#endif /* HAVE_SETPCRED */ #endif /* HAVE_SETPCRED */
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
@ -852,10 +870,10 @@ diff -up openssh-7.4p1/platform.c.role-mls openssh-7.4p1/platform.c
#endif #endif
} }
diff -up openssh-7.4p1/sshd.c.role-mls openssh-7.4p1/sshd.c diff -up openssh/sshd.c.role-mls openssh/sshd.c
--- openssh-7.4p1/sshd.c.role-mls 2016-12-19 05:59:41.000000000 +0100 --- openssh/sshd.c.role-mls 2018-08-20 07:57:29.000000000 +0200
+++ openssh-7.4p1/sshd.c 2016-12-23 12:19:58.591459365 +0100 +++ openssh/sshd.c 2018-08-22 11:14:56.820430957 +0200
@@ -2053,6 +2053,9 @@ main(int ac, char **av) @@ -2186,6 +2186,9 @@ main(int ac, char **av)
restore_uid(); restore_uid();
} }
#endif #endif
@ -865,16 +883,3 @@ diff -up openssh-7.4p1/sshd.c.role-mls openssh-7.4p1/sshd.c
#ifdef USE_PAM #ifdef USE_PAM
if (options.use_pam) { if (options.use_pam) {
do_pam_setcred(1); do_pam_setcred(1);
--- openssh/configure.ac.role-mls 2017-09-27 12:54:52.926425979 +0200
+++ openssh/configure.ac 2017-09-27 12:57:06.854224956 +0200
@@ -4158,10 +4158,7 @@
LIBS="$LIBS -lselinux"
],
AC_MSG_ERROR([SELinux support requires libselinux library]))
- SSHLIBS="$SSHLIBS $LIBSELINUX"
- SSHDLIBS="$SSHDLIBS $LIBSELINUX"
AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
- LIBS="$save_LIBS"
fi ]
)
AC_SUBST([SSHLIBS])

View File

@ -65,10 +65,10 @@
%endif %endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 7.7p1 %global openssh_ver 7.8p1
%global openssh_rel 6 %global openssh_rel 1
%global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 4 %global pam_ssh_agent_rel 5
Summary: An open source implementation of SSH protocol version 2 Summary: An open source implementation of SSH protocol version 2
Name: openssh Name: openssh
@ -100,8 +100,6 @@ Patch100: openssh-6.7p1-coverity.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894 #https://bugzilla.mindrot.org/show_bug.cgi?id=1894
#https://bugzilla.redhat.com/show_bug.cgi?id=735889 #https://bugzilla.redhat.com/show_bug.cgi?id=735889
#Patch102: openssh-5.8p1-getaddrinfo.patch #Patch102: openssh-5.8p1-getaddrinfo.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1889
Patch103: openssh-5.8p1-packet.patch
# OpenSSL 1.1.0 compatibility # OpenSSL 1.1.0 compatibility
Patch104: openssh-7.3p1-openssl-1.1.0.patch Patch104: openssh-7.3p1-openssl-1.1.0.patch
@ -129,7 +127,7 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX) #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Patch400: openssh-6.6p1-role-mls.patch Patch400: openssh-7.8p1-role-mls.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=781634 #https://bugzilla.redhat.com/show_bug.cgi?id=781634
Patch404: openssh-6.6p1-privsep-selinux.patch Patch404: openssh-6.6p1-privsep-selinux.patch
@ -157,12 +155,10 @@ Patch702: openssh-5.1p1-askpass-progress.patch
Patch703: openssh-4.3p2-askpass-grab-info.patch Patch703: openssh-4.3p2-askpass-grab-info.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX) #https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
Patch707: openssh-7.7p1-redhat.patch Patch707: openssh-7.7p1-redhat.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
Patch708: openssh-6.6p1-entropy.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX) #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
Patch709: openssh-6.2p1-vendor.patch Patch709: openssh-6.2p1-vendor.patch
# warn users for unsupported UsePAM=no (#757545) # warn users for unsupported UsePAM=no (#757545)
Patch711: openssh-7.2p2-UsePAM-UseLogin-warning.patch Patch711: openssh-7.8p1-UsePAM-warning.patch
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL # make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
Patch712: openssh-6.3p1-ctr-evp-fast.patch Patch712: openssh-6.3p1-ctr-evp-fast.patch
# add cavs test binary for the aes-ctr # add cavs test binary for the aes-ctr
@ -173,7 +169,7 @@ Patch714: openssh-6.7p1-kdf-cavs.patch
#http://www.sxw.org.uk/computing/patches/openssh.html #http://www.sxw.org.uk/computing/patches/openssh.html
#changed cache storage type - #848228 #changed cache storage type - #848228
Patch800: openssh-7.2p1-gsskex.patch Patch800: openssh-7.8p1-gsskex.patch
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html #http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Patch801: openssh-6.6p1-force_krb.patch Patch801: openssh-6.6p1-force_krb.patch
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843) # add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
@ -204,7 +200,7 @@ Patch918: openssh-6.6.1p1-log-in-chroot.patch
# scp file into non-existing directory (#1142223) # scp file into non-existing directory (#1142223)
Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
# Config parser shouldn't accept ip/port syntax (#1130733) # Config parser shouldn't accept ip/port syntax (#1130733)
Patch920: openssh-6.6.1p1-ip-port-config-parser.patch Patch920: openssh-7.8p1-ip-port-config-parser.patch
# apply upstream patch and make sshd -T more consistent (#1187521) # apply upstream patch and make sshd -T more consistent (#1187521)
Patch922: openssh-6.8p1-sshdT-output.patch Patch922: openssh-6.8p1-sshdT-output.patch
# Add sftp option to force mode of created files (#1191055) # Add sftp option to force mode of created files (#1191055)
@ -213,8 +209,6 @@ Patch926: openssh-6.7p1-sftp-force-permission.patch
Patch929: openssh-6.9p1-permit-root-login.patch Patch929: openssh-6.9p1-permit-root-login.patch
# Add GSSAPIKexAlgorithms option for server and client application # Add GSSAPIKexAlgorithms option for server and client application
Patch932: openssh-7.0p1-gssKexAlgorithms.patch Patch932: openssh-7.0p1-gssKexAlgorithms.patch
# Possibility to validate legacy systems by more fingerprints (#1249626)(#2439)
Patch933: openssh-7.0p1-show-more-fingerprints.patch
# make s390 use /dev/ crypto devices -- ignore closefrom # make s390 use /dev/ crypto devices -- ignore closefrom
Patch939: openssh-7.2p2-s390-closefrom.patch Patch939: openssh-7.2p2-s390-closefrom.patch
# Move MAX_DISPLAYS to a configuration option (#1341302) # Move MAX_DISPLAYS to a configuration option (#1341302)
@ -229,8 +223,6 @@ Patch950: openssh-7.5p1-sandbox.patch
Patch951: openssh-7.6p1-pkcs11-uri.patch Patch951: openssh-7.6p1-pkcs11-uri.patch
# PKCS#11 ECDSA keys (upstream #2474, 8th iteration) # PKCS#11 ECDSA keys (upstream #2474, 8th iteration)
Patch952: openssh-7.6p1-pkcs11-ecdsa.patch Patch952: openssh-7.6p1-pkcs11-ecdsa.patch
# Opening tun devices fails + other regressions in OpenSSH v7.7 (#2855, #1567775)
Patch953: openssh-7.7p1-tun-devices.patch
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
@ -326,7 +318,7 @@ Requires: openssh = %{version}-%{release}
Summary: PAM module for authentication with ssh-agent Summary: PAM module for authentication with ssh-agent
Group: System Environment/Base Group: System Environment/Base
Version: %{pam_ssh_agent_ver} Version: %{pam_ssh_agent_ver}
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.1 Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}
License: BSD License: BSD
%description %description
@ -390,7 +382,6 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
%endif %endif
# investigate %patch102 -p1 -b .getaddrinfo # investigate %patch102 -p1 -b .getaddrinfo
%patch103 -p1 -b .packet
%if %{pam_ssh_agent} %if %{pam_ssh_agent}
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -421,7 +412,6 @@ popd
%patch702 -p1 -b .progress %patch702 -p1 -b .progress
%patch703 -p1 -b .grab-info %patch703 -p1 -b .grab-info
%patch707 -p1 -b .redhat %patch707 -p1 -b .redhat
%patch708 -p1 -b .entropy
%patch709 -p1 -b .vendor %patch709 -p1 -b .vendor
%patch711 -p1 -b .log-usepam-no %patch711 -p1 -b .log-usepam-no
%patch712 -p1 -b .evp-ctr %patch712 -p1 -b .evp-ctr
@ -447,7 +437,6 @@ popd
%patch926 -p1 -b .sftp-force-mode %patch926 -p1 -b .sftp-force-mode
%patch929 -p1 -b .root-login %patch929 -p1 -b .root-login
%patch932 -p1 -b .gsskexalg %patch932 -p1 -b .gsskexalg
%patch933 -p1 -b .fingerprint
%patch939 -p1 -b .s390-dev %patch939 -p1 -b .s390-dev
%patch944 -p1 -b .x11max %patch944 -p1 -b .x11max
%patch948 -p1 -b .systemd %patch948 -p1 -b .systemd
@ -456,7 +445,6 @@ popd
%patch950 -p1 -b .sandbox %patch950 -p1 -b .sandbox
%patch951 -p1 -b .pkcs11-uri %patch951 -p1 -b .pkcs11-uri
%patch952 -p1 -b .pkcs11-ecdsa %patch952 -p1 -b .pkcs11-ecdsa
%patch953 -p1 -b .tun-devices
%patch200 -p1 -b .audit %patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race %patch201 -p1 -b .audit-race

View File

@ -1,7 +1,15 @@
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 --- openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c 2017-02-07 14:41:20.483509205 +0100 +++ openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c 2018-08-24 10:22:56.281930322 +0200
@@ -65,8 +65,8 @@ proc_pid_cmdline(char *** inargv) @@ -27,6 +27,7 @@
* or implied, of Jamie Beverly.
*/
+#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
@@ -65,8 +66,8 @@ proc_pid_cmdline(char *** inargv)
case EOF: case EOF:
case '\0': case '\0':
if (len > 0) { if (len > 0) {
@ -12,7 +20,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat
strncpy(argv[count++], argbuf, len); strncpy(argv[count++], argbuf, len);
memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1); memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1);
len = 0; len = 0;
@@ -105,9 +105,9 @@ pamsshagentauth_free_command_line(char * @@ -105,9 +106,9 @@ pamsshagentauth_free_command_line(char *
{ {
size_t i; size_t i;
for (i = 0; i < n_args; i++) for (i = 0; i < n_args; i++)
@ -24,9 +32,43 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat
return; return;
} }
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/identity.h
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat 2017-02-07 14:41:20.479509208 +0100 --- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-02-07 14:41:20.481509206 +0100 +++ openssh/pam_ssh_agent_auth-0.10.3/identity.h 2018-08-24 10:18:05.009393312 +0200
@@ -30,8 +30,8 @@
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "log.h"
-#include "buffer.h"
-#include "key.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "authfd.h"
#include <stdio.h>
@@ -41,7 +41,7 @@ typedef struct idlist Idlist;
struct identity {
TAILQ_ENTRY(identity) next;
AuthenticationConnection *ac; /* set if agent supports key */
- Key *key; /* public/private key */
+ struct sshkey *key; /* public/private key */
char *filename; /* comment for agent-only keys */
int tried;
int isprivate; /* key points to the private key */
diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat 2018-08-24 10:18:05.007393297 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2018-08-24 10:18:32.937612513 +0200
@@ -36,8 +36,8 @@
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "log.h"
-#include "buffer.h"
-#include "key.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "authfd.h"
#include <stdio.h>
#include <openssl/evp.h>
@@ -58,6 +58,8 @@ @@ -58,6 +58,8 @@
#include "get_command_line.h" #include "get_command_line.h"
extern char **environ; extern char **environ;
@ -45,25 +87,48 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
for (i = 0; i < count; i++) { for (i = 0; i < count; i++) {
strcat(buf, (i > 0) ? " '" : "'"); strcat(buf, (i > 0) ? " '" : "'");
strncat(buf, action[i], MAX_LEN_PER_CMDLINE_ARG); strncat(buf, action[i], MAX_LEN_PER_CMDLINE_ARG);
@@ -90,12 +92,12 @@ void @@ -87,21 +89,25 @@ log_action(char ** action, size_t count)
agent_action(Buffer *buf, char ** action, size_t count) }
void
-agent_action(Buffer *buf, char ** action, size_t count)
+agent_action(struct sshbuf *buf, char ** action, size_t count)
{ {
size_t i; size_t i;
- pamsshagentauth_buffer_init(buf); - pamsshagentauth_buffer_init(buf);
+ buffer_init(buf); + int r;
- pamsshagentauth_buffer_put_int(buf, count); - pamsshagentauth_buffer_put_int(buf, count);
+ buffer_put_int(buf, count); + if ((buf = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
+ if ((r = sshbuf_put_u32(buf, count)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
for (i = 0; i < count; i++) { for (i = 0; i < count; i++) {
- pamsshagentauth_buffer_put_cstring(buf, action[i]); - pamsshagentauth_buffer_put_cstring(buf, action[i]);
+ buffer_put_cstring(buf, action[i]); + if ((r = sshbuf_put_cstring(buf, action[i])) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
} }
} }
@@ -119,17 +121,17 @@ pamsshagentauth_session_id2_gen(Buffer *
-void
-pamsshagentauth_session_id2_gen(Buffer * session_id2, const char * user,
+static void
+pamsshagentauth_session_id2_gen(struct sshbuf ** session_id2, const char * user,
const char * ruser, const char * servicename)
{
u_char *cookie = NULL;
@@ -114,22 +116,23 @@ pamsshagentauth_session_id2_gen(Buffer *
char ** reported_argv = NULL;
size_t count = 0;
char * action_logbuf = NULL;
- Buffer action_agentbuf;
+ struct sshbuf *action_agentbuf = NULL;
uint8_t free_logbuf = 0;
char * retc; char * retc;
int32_t reti; int32_t reti;
+ int r;
- rnd = pamsshagentauth_arc4random(); - rnd = pamsshagentauth_arc4random();
+ rnd = arc4random(); + rnd = arc4random();
@ -73,7 +138,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
} }
- cookie = pamsshagentauth_xcalloc(1,cookie_len); - cookie = pamsshagentauth_xcalloc(1,cookie_len);
+ cookie = xcalloc(1,cookie_len); + cookie = xcalloc(1, cookie_len);
for (i = 0; i < cookie_len; i++) { for (i = 0; i < cookie_len; i++) {
if (i % 4 == 0) { if (i % 4 == 0) {
@ -82,21 +147,29 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
} }
cookie[i] = (u_char) rnd; cookie[i] = (u_char) rnd;
rnd >>= 8; rnd >>= 8;
@@ -144,7 +146,7 @@ pamsshagentauth_session_id2_gen(Buffer * @@ -139,12 +141,13 @@ pamsshagentauth_session_id2_gen(Buffer *
if (count > 0) {
free_logbuf = 1;
action_logbuf = log_action(reported_argv, count);
- agent_action(&action_agentbuf, reported_argv, count);
+ agent_action(action_agentbuf, reported_argv, count);
pamsshagentauth_free_command_line(reported_argv, count);
} }
else { else {
action_logbuf = "unknown on this platform"; action_logbuf = "unknown on this platform";
- pamsshagentauth_buffer_init(&action_agentbuf); /* stays empty, means unavailable */ - pamsshagentauth_buffer_init(&action_agentbuf); /* stays empty, means unavailable */
+ buffer_init(&action_agentbuf); /* stays empty, means unavailable */ + if ((action_agentbuf = sshbuf_new()) == NULL) /* stays empty, means unavailable */
+ fatal("%s: sshbuf_new failed", __func__);
} }
/* /*
@@ -161,35 +163,35 @@ pamsshagentauth_session_id2_gen(Buffer * @@ -161,35 +163,39 @@ pamsshagentauth_session_id2_gen(Buffer *
retc = getcwd(pwd, sizeof(pwd) - 1); retc = getcwd(pwd, sizeof(pwd) - 1);
time(&ts); time(&ts);
- pamsshagentauth_buffer_init(session_id2); - pamsshagentauth_buffer_init(session_id2);
+ buffer_init(session_id2); + if ((*session_id2 = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
- pamsshagentauth_buffer_put_int(session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1); - pamsshagentauth_buffer_put_int(session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1);
- /* pamsshagentauth_debug3("cookie: %s", pamsshagentauth_tohex(cookie, cookie_len)); */ - /* pamsshagentauth_debug3("cookie: %s", pamsshagentauth_tohex(cookie, cookie_len)); */
@ -108,49 +181,81 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
- /* pamsshagentauth_debug3("servicename: %s", servicename); */ - /* pamsshagentauth_debug3("servicename: %s", servicename); */
- pamsshagentauth_buffer_put_cstring(session_id2, servicename); - pamsshagentauth_buffer_put_cstring(session_id2, servicename);
- /* pamsshagentauth_debug3("pwd: %s", pwd); */ - /* pamsshagentauth_debug3("pwd: %s", pwd); */
+ buffer_put_int(session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1); - if(retc)
+ /* debug3("cookie: %s", tohex(cookie, cookie_len)); */
+ buffer_put_string(session_id2, cookie, cookie_len);
+ /* debug3("user: %s", user); */
+ buffer_put_cstring(session_id2, user);
+ /* debug3("ruser: %s", ruser); */
+ buffer_put_cstring(session_id2, ruser);
+ /* debug3("servicename: %s", servicename); */
+ buffer_put_cstring(session_id2, servicename);
+ /* debug3("pwd: %s", pwd); */
if(retc)
- pamsshagentauth_buffer_put_cstring(session_id2, pwd); - pamsshagentauth_buffer_put_cstring(session_id2, pwd);
+ buffer_put_cstring(session_id2, pwd); - else
else
- pamsshagentauth_buffer_put_cstring(session_id2, ""); - pamsshagentauth_buffer_put_cstring(session_id2, "");
- /* pamsshagentauth_debug3("action: %s", action_logbuf); */ - /* pamsshagentauth_debug3("action: %s", action_logbuf); */
- pamsshagentauth_buffer_put_string(session_id2, action_agentbuf.buf + action_agentbuf.offset, action_agentbuf.end - action_agentbuf.offset); - pamsshagentauth_buffer_put_string(session_id2, action_agentbuf.buf + action_agentbuf.offset, action_agentbuf.end - action_agentbuf.offset);
+ buffer_put_cstring(session_id2, ""); + if ((r = sshbuf_put_u32(*session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1)) != 0 ||
+ /* debug3("action: %s", action_logbuf); */ + (r = sshbuf_put_string(*session_id2, cookie, cookie_len)) != 0 ||
+ buffer_put_string(session_id2, sshbuf_ptr(&action_agentbuf), sshbuf_len(&action_agentbuf)); + (r = sshbuf_put_cstring(*session_id2, user)) != 0 ||
+ (r = sshbuf_put_cstring(*session_id2, ruser)) != 0 ||
+ (r = sshbuf_put_cstring(*session_id2, servicename)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (retc) {
+ if ((r = sshbuf_put_cstring(*session_id2, pwd)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ } else {
+ if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ }
+ if ((r = sshbuf_put_stringb(*session_id2, action_agentbuf)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (free_logbuf) { if (free_logbuf) {
- pamsshagentauth_xfree(action_logbuf); - pamsshagentauth_xfree(action_logbuf);
- pamsshagentauth_buffer_free(&action_agentbuf); - pamsshagentauth_buffer_free(&action_agentbuf);
+ free(action_logbuf); + free(action_logbuf);
+ buffer_free(&action_agentbuf); + sshbuf_free(action_agentbuf);
} }
- /* pamsshagentauth_debug3("hostname: %s", hostname); */ - /* pamsshagentauth_debug3("hostname: %s", hostname); */
+ /* debug3("hostname: %s", hostname); */ - if(reti >= 0)
if(reti >= 0)
- pamsshagentauth_buffer_put_cstring(session_id2, hostname); - pamsshagentauth_buffer_put_cstring(session_id2, hostname);
+ buffer_put_cstring(session_id2, hostname); - else
else
- pamsshagentauth_buffer_put_cstring(session_id2, ""); - pamsshagentauth_buffer_put_cstring(session_id2, "");
- /* pamsshagentauth_debug3("ts: %ld", ts); */ - /* pamsshagentauth_debug3("ts: %ld", ts); */
- pamsshagentauth_buffer_put_int64(session_id2, (uint64_t) ts); - pamsshagentauth_buffer_put_int64(session_id2, (uint64_t) ts);
+ buffer_put_cstring(session_id2, ""); + /* debug3("hostname: %s", hostname); */
+ if (reti >= 0) {
+ if ((r = sshbuf_put_cstring(*session_id2, hostname)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ } else {
+ if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ }
+ /* debug3("ts: %ld", ts); */ + /* debug3("ts: %ld", ts); */
+ buffer_put_int64(session_id2, (uint64_t) ts); + if ((r = sshbuf_put_u64(*session_id2, (uint64_t) ts)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
free(cookie); free(cookie);
return; return;
@@ -295,29 +297,29 @@ pamsshagentauth_find_authorized_keys(con @@ -278,7 +280,8 @@ ssh_get_authentication_connection_for_ui
pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
auth = xmalloc(sizeof(*auth));
auth->fd = sock;
- buffer_init(&auth->identities);
+ if ((auth->identities = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
auth->howmany = 0;
return auth;
@@ -287,43 +289,42 @@ ssh_get_authentication_connection_for_ui
int
pamsshagentauth_find_authorized_keys(const char * user, const char * ruser, const char * servicename)
{
- Buffer session_id2 = { 0 };
+ struct sshbuf *session_id2 = NULL;
Identity *id;
- Key *key;
+ struct sshkey *key;
AuthenticationConnection *ac;
char *comment;
uint8_t retval = 0;
uid_t uid = getpwnam(ruser)->pw_uid;
OpenSSL_add_all_digests();
- pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
+ pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
if ((ac = ssh_get_authentication_connection_for_uid(uid))) { if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
- pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid); - pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
@ -163,7 +268,8 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
id->key = key; id->key = key;
id->filename = comment; id->filename = comment;
id->ac = ac; id->ac = ac;
if(userauth_pubkey_from_id(ruser, id, &session_id2)) { - if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
+ if(userauth_pubkey_from_id(ruser, id, session_id2)) {
retval = 1; retval = 1;
} }
- pamsshagentauth_xfree(id->filename); - pamsshagentauth_xfree(id->filename);
@ -177,18 +283,20 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
} }
} }
- pamsshagentauth_buffer_free(&session_id2); - pamsshagentauth_buffer_free(&session_id2);
+ buffer_free(&session_id2); + sshbuf_free(session_id2);
ssh_close_authentication_connection(ac); ssh_close_authentication_connection(ac);
} }
else { else {
- pamsshagentauth_verbose("No ssh-agent could be contacted"); - pamsshagentauth_verbose("No ssh-agent could be contacted");
+ verbose("No ssh-agent could be contacted"); + verbose("No ssh-agent could be contacted");
} }
/* pamsshagentauth_xfree(session_id2); */ - /* pamsshagentauth_xfree(session_id2); */
EVP_cleanup(); EVP_cleanup();
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c return retval;
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat 2017-02-07 14:41:20.480509207 +0100 }
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c 2017-02-07 14:44:20.549369019 +0100 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c
--- openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat 2018-08-24 10:18:05.008393305 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c 2018-08-24 10:18:05.009393312 +0200
@@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh, @@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
* a patch 8-) * a patch 8-)
*/ */
@ -276,10 +384,29 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compa
} }
cleanexit: cleanexit:
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c 2017-02-07 14:41:20.484509204 +0100 +++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c 2018-08-24 10:18:05.009393312 +0200
@@ -117,12 +117,12 @@ parse_authorized_key_file(const char *us @@ -66,8 +66,8 @@
#include "xmalloc.h"
#include "match.h"
#include "log.h"
-#include "buffer.h"
-#include "key.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "misc.h"
#include "xmalloc.h"
@@ -77,7 +77,6 @@
#include "pathnames.h"
#include "secure_filename.h"
-#include "identity.h"
#include "pam_user_key_allowed2.h"
extern char *authorized_keys_file;
@@ -117,12 +116,12 @@ parse_authorized_key_file(const char *us
} else { } else {
slash_ptr = strchr(auth_keys_file_buf, '/'); slash_ptr = strchr(auth_keys_file_buf, '/');
if(!slash_ptr) if(!slash_ptr)
@ -294,7 +421,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa
strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len); strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len);
if(!authorized_keys_file_allowed_owner_uid) if(!authorized_keys_file_allowed_owner_uid)
@@ -130,11 +130,11 @@ parse_authorized_key_file(const char *us @@ -130,11 +129,11 @@ parse_authorized_key_file(const char *us
getpwnam(owner_uname)->pw_uid; getpwnam(owner_uname)->pw_uid;
} }
authorized_keys_file = authorized_keys_file =
@ -308,7 +435,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa
percent_expand percent_expand
later, we'd step later, we'd step
on this, so free on this, so free
@@ -150,7 +150,7 @@ parse_authorized_key_file(const char *us @@ -150,13 +149,13 @@ parse_authorized_key_file(const char *us
strncat(hostname, fqdn, strcspn(fqdn, ".")); strncat(hostname, fqdn, strcspn(fqdn, "."));
#endif #endif
authorized_keys_file = authorized_keys_file =
@ -317,38 +444,78 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa
getpwnam(user)->pw_dir, "H", hostname, getpwnam(user)->pw_dir, "H", hostname,
"f", fqdn, "u", user, NULL); "f", fqdn, "u", user, NULL);
} }
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 int
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2017-02-07 14:41:20.484509204 +0100 -pam_user_key_allowed(const char *ruser, Key * key)
@@ -48,11 +48,13 @@ +pam_user_key_allowed(const char *ruser, struct sshkey * key)
#include "buffer.h" {
return
pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h
--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h 2018-08-24 10:18:05.010393320 +0200
@@ -32,7 +32,7 @@
#define _PAM_USER_KEY_ALLOWED_H
#include "identity.h"
-int pam_user_key_allowed(const char *, Key *);
+int pam_user_key_allowed(const char *, struct sshkey *);
void parse_authorized_key_file(const char *, const char *);
#endif
diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2018-08-24 10:18:05.010393320 +0200
@@ -45,44 +45,46 @@
#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "log.h" #include "log.h"
#include "compat.h" #include "compat.h"
-#include "key.h"
+#include "digest.h" +#include "digest.h"
#include "key.h" +#include "sshkey.h"
#include "pathnames.h" #include "pathnames.h"
#include "misc.h" #include "misc.h"
#include "secure_filename.h" #include "secure_filename.h"
#include "uidswap.h" #include "uidswap.h"
-
-#include "identity.h"
+#include <unistd.h> +#include <unistd.h>
#include "identity.h" /* return 1 if user allows given key */
/* Modified slightly from original found in auth2-pubkey.c */
@@ -68,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE static int
-pamsshagentauth_check_authkeys_file(FILE * f, char *file, Key * key)
+pamsshagentauth_check_authkeys_file(FILE * f, char *file, struct sshkey * key)
{
- char line[SSH_MAX_PUBKEY_BYTES];
+ char *line = NULL;
int found_key = 0;
u_long linenum = 0;
- Key *found;
+ struct sshkey *found;
char *fp; char *fp;
+ size_t linesize = 0;
found_key = 0; found_key = 0;
- found = pamsshagentauth_key_new(key->type); - found = pamsshagentauth_key_new(key->type);
+ found = key_new(key->type); + found = sshkey_new(key->type);
while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { - while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+ while ((getline(&line, &linesize, f)) != -1) {
char *cp = NULL; /* *key_options = NULL; */ char *cp = NULL; /* *key_options = NULL; */
@@ -78,11 +80,11 @@ pamsshagentauth_check_authkeys_file(FILE
+ linenum++;
/* Skip leading whitespace, empty and comment lines. */
for(cp = line; *cp == ' ' || *cp == '\t'; cp++);
if(!*cp || *cp == '\n' || *cp == '#') if(!*cp || *cp == '\n' || *cp == '#')
continue; continue;
- if(pamsshagentauth_key_read(found, &cp) != 1) { - if(pamsshagentauth_key_read(found, &cp) != 1) {
+ if(key_read(found, &cp) != 1) { + if (sshkey_read(found, &cp) != 0) {
/* no key? check if there are options for this key */ /* no key? check if there are options for this key */
int quoted = 0; int quoted = 0;
@ -357,20 +524,20 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
/* key_options = cp; */ /* key_options = cp; */
for(; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { for(; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
if(*cp == '\\' && cp[1] == '"') if(*cp == '\\' && cp[1] == '"')
@@ -92,26 +94,26 @@ pamsshagentauth_check_authkeys_file(FILE @@ -92,26 +94,27 @@ pamsshagentauth_check_authkeys_file(FILE
} }
/* Skip remaining whitespace. */ /* Skip remaining whitespace. */
for(; *cp == ' ' || *cp == '\t'; cp++); for(; *cp == ' ' || *cp == '\t'; cp++);
- if(pamsshagentauth_key_read(found, &cp) != 1) { - if(pamsshagentauth_key_read(found, &cp) != 1) {
- pamsshagentauth_verbose("user_key_allowed: advance: '%s'", cp); - pamsshagentauth_verbose("user_key_allowed: advance: '%s'", cp);
+ if(key_read(found, &cp) != 1) { + if(sshkey_read(found, &cp) != 0) {
+ verbose("user_key_allowed: advance: '%s'", cp); + verbose("user_key_allowed: advance: '%s'", cp);
/* still no key? advance to next line */ /* still no key? advance to next line */
continue; continue;
} }
} }
- if(pamsshagentauth_key_equal(found, key)) { - if(pamsshagentauth_key_equal(found, key)) {
+ if(key_equal(found, key)) { + if(sshkey_equal(found, key)) {
found_key = 1; found_key = 1;
- pamsshagentauth_logit("matching key found: file/command %s, line %lu", file, - pamsshagentauth_logit("matching key found: file/command %s, line %lu", file,
+ logit("matching key found: file/command %s, line %lu", file, + logit("matching key found: file/command %s, line %lu", file,
@ -379,23 +546,34 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
- pamsshagentauth_logit("Found matching %s key: %s", - pamsshagentauth_logit("Found matching %s key: %s",
- pamsshagentauth_key_type(found), fp); - pamsshagentauth_key_type(found), fp);
- pamsshagentauth_xfree(fp); - pamsshagentauth_xfree(fp);
+ fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX); + fp = sshkey_fingerprint(found, SSH_DIGEST_SHA256, SSH_FP_BASE64);
+ logit("Found matching %s key: %s", + logit("Found matching %s key: %s",
+ key_type(found), fp); + sshkey_type(found), fp);
+ free(fp); + free(fp);
break; break;
} }
} }
- pamsshagentauth_key_free(found); - pamsshagentauth_key_free(found);
+ key_free(found); + free(line);
+ sshkey_free(found);
if(!found_key) if(!found_key)
- pamsshagentauth_verbose("key not found"); - pamsshagentauth_verbose("key not found");
+ verbose("key not found"); + verbose("key not found");
return found_key; return found_key;
} }
@@ -128,11 +130,11 @@ pamsshagentauth_user_key_allowed2(struct @@ -120,19 +123,19 @@ pamsshagentauth_check_authkeys_file(FILE
char buf[SSH_MAX_PUBKEY_BYTES]; * returns 1 if the key is allowed or 0 otherwise.
*/
int
-pamsshagentauth_user_key_allowed2(struct passwd *pw, Key * key, char *file)
+pamsshagentauth_user_key_allowed2(struct passwd *pw, struct sshkey * key, char *file)
{
FILE *f;
int found_key = 0;
struct stat st;
- char buf[SSH_MAX_PUBKEY_BYTES];
+ char buf[256];
/* Temporarily use the user's uid. */ /* Temporarily use the user's uid. */
- pamsshagentauth_verbose("trying public key file %s", file); - pamsshagentauth_verbose("trying public key file %s", file);
@ -408,7 +586,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
return 0; return 0;
} }
@@ -144,7 +146,7 @@ pamsshagentauth_user_key_allowed2(struct @@ -144,7 +147,7 @@ pamsshagentauth_user_key_allowed2(struct
if(pamsshagentauth_secure_filename(f, file, pw, buf, sizeof(buf)) != 0) { if(pamsshagentauth_secure_filename(f, file, pw, buf, sizeof(buf)) != 0) {
fclose(f); fclose(f);
@ -417,7 +595,16 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
return 0; return 0;
} }
@@ -187,44 +189,44 @@ pamsshagentauth_user_key_command_allowed @@ -160,7 +163,7 @@ pamsshagentauth_user_key_allowed2(struct
int
pamsshagentauth_user_key_command_allowed2(char *authorized_keys_command,
char *authorized_keys_command_user,
- struct passwd *user_pw, Key * key)
+ struct passwd *user_pw, struct sshkey * key)
{
FILE *f;
int ok, found_key = 0;
@@ -187,44 +190,44 @@ pamsshagentauth_user_key_command_allowed
else { else {
pw = getpwnam(authorized_keys_command_user); pw = getpwnam(authorized_keys_command_user);
if(pw == NULL) { if(pw == NULL) {
@ -470,7 +657,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
close(p[0]); close(p[0]);
close(p[1]); close(p[1]);
return 0; return 0;
@@ -234,13 +236,13 @@ pamsshagentauth_user_key_command_allowed @@ -234,13 +237,13 @@ pamsshagentauth_user_key_command_allowed
/* do this before the setresuid so thta they can be logged */ /* do this before the setresuid so thta they can be logged */
if((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { if((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
@ -486,7 +673,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
_exit(1); _exit(1);
} }
#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID) #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
@@ -248,7 +250,7 @@ pamsshagentauth_user_key_command_allowed @@ -248,7 +251,7 @@ pamsshagentauth_user_key_command_allowed
#else #else
if (setgid(pw->pw_gid) != 0 || setegid(pw->pw_gid) != 0) { if (setgid(pw->pw_gid) != 0 || setegid(pw->pw_gid) != 0) {
#endif #endif
@ -495,7 +682,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
strerror(errno)); strerror(errno));
_exit(1); _exit(1);
} }
@@ -258,7 +260,7 @@ pamsshagentauth_user_key_command_allowed @@ -258,7 +261,7 @@ pamsshagentauth_user_key_command_allowed
#else #else
if (setuid(pw->pw_uid) != 0 || seteuid(pw->pw_uid) != 0) { if (setuid(pw->pw_uid) != 0 || seteuid(pw->pw_uid) != 0) {
#endif #endif
@ -504,7 +691,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
strerror(errno)); strerror(errno));
_exit(1); _exit(1);
} }
@@ -270,18 +272,18 @@ pamsshagentauth_user_key_command_allowed @@ -270,18 +273,18 @@ pamsshagentauth_user_key_command_allowed
/* pretty sure this will barf because we are now suid, but since we /* pretty sure this will barf because we are now suid, but since we
should't reach this anyway, I'll leave it here */ should't reach this anyway, I'll leave it here */
@ -526,7 +713,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
close(p[0]); close(p[0]);
/* Don't leave zombie child */ /* Don't leave zombie child */
while(waitpid(pid, NULL, 0) == -1 && errno == EINTR); while(waitpid(pid, NULL, 0) == -1 && errno == EINTR);
@@ -292,22 +294,22 @@ pamsshagentauth_user_key_command_allowed @@ -292,22 +295,22 @@ pamsshagentauth_user_key_command_allowed
while(waitpid(pid, &status, 0) == -1) { while(waitpid(pid, &status, 0) == -1) {
if(errno != EINTR) { if(errno != EINTR) {
@ -553,9 +740,33 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
+ restore_uid(); + restore_uid();
return found_key; return found_key;
} }
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c 2017-02-07 14:41:20.481509206 +0100 +++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h 2018-08-24 10:18:05.010393320 +0200
@@ -32,7 +32,7 @@
#define _PAM_USER_KEY_ALLOWED_H
#include "identity.h"
-int pamsshagentauth_user_key_allowed2(struct passwd *, Key *, char *);
-int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, Key *);
+int pamsshagentauth_user_key_allowed2(struct passwd *, struct sshkey *, char *);
+int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, struct sshkey *);
#endif
diff -up openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c
--- openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c 2018-08-24 10:18:05.010393320 +0200
@@ -53,8 +53,8 @@
#include "xmalloc.h"
#include "match.h"
#include "log.h"
-#include "buffer.h"
-#include "key.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "misc.h"
@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c @@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c
int comparehome = 0; int comparehome = 0;
struct stat st; struct stat st;
@ -586,10 +797,24 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat o
buf); buf);
break; break;
} }
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 --- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2017-02-07 14:41:20.484509204 +0100 +++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2018-08-24 10:22:13.202657025 +0200
@@ -48,6 +48,8 @@ @@ -37,10 +37,11 @@
#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "log.h"
#include "compat.h"
-#include "key.h"
+#include "sshkey.h"
+#include "ssherr.h"
#include "pathnames.h"
#include "misc.h"
#include "secure_filename.h"
@@ -48,54 +48,59 @@
#include "identity.h" #include "identity.h"
#include "pam_user_authorized_keys.h" #include "pam_user_authorized_keys.h"
@ -598,7 +823,22 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
/* extern u_char *session_id2; /* extern u_char *session_id2;
extern uint8_t session_id_len; extern uint8_t session_id_len;
*/ */
@@ -65,37 +67,38 @@ userauth_pubkey_from_id(const char *ruse
int
-userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
+userauth_pubkey_from_id(const char *ruser, Identity * id, struct sshbuf * session_id2)
{
- Buffer b = { 0 };
+ struct sshbuf *b = NULL;
char *pkalg = NULL;
u_char *pkblob = NULL, *sig = NULL;
- u_int blen = 0, slen = 0;
+ size_t blen = 0, slen = 0;
- int authenticated = 0;
+ int r, authenticated = 0;
- pkalg = (char *) key_ssh_name(id->key);
+ pkalg = (char *) sshkey_ssh_name(id->key);
/* first test if this key is even allowed */ /* first test if this key is even allowed */
if(! pam_user_key_allowed(ruser, id->key)) if(! pam_user_key_allowed(ruser, id->key))
@ -607,12 +847,13 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
- if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0) - if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0)
- goto user_auth_clean_exit; - goto user_auth_clean_exit;
+ if(key_to_blob(id->key, &pkblob, &blen) == 0) + if(sshkey_to_blob(id->key, &pkblob, &blen) != 0)
+ goto user_auth_clean_exit_without_buffer; + goto user_auth_clean_exit_without_buffer;
/* construct packet to sign and test */ /* construct packet to sign and test */
- pamsshagentauth_buffer_init(&b); - pamsshagentauth_buffer_init(&b);
+ buffer_init(&b); + if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
- pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset); - pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset);
- pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); - pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST);
@ -622,28 +863,29 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
- pamsshagentauth_buffer_put_char(&b, 1); - pamsshagentauth_buffer_put_char(&b, 1);
- pamsshagentauth_buffer_put_cstring(&b, pkalg); - pamsshagentauth_buffer_put_cstring(&b, pkalg);
- pamsshagentauth_buffer_put_string(&b, pkblob, blen); - pamsshagentauth_buffer_put_string(&b, pkblob, blen);
+ buffer_put_string(&b, sshbuf_ptr(session_id2), sshbuf_len(session_id2)); + if ((r = sshbuf_put_string(b, sshbuf_ptr(session_id2), sshbuf_len(session_id2))) != 0 ||
+ buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); + (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_TRUST_REQUEST)) != 0 ||
+ buffer_put_cstring(&b, ruser); + (r = sshbuf_put_cstring(b, ruser)) != 0 ||
+ buffer_put_cstring(&b, "pam_ssh_agent_auth"); + (r = sshbuf_put_cstring(b, "pam_ssh_agent_auth")) != 0 ||
+ buffer_put_cstring(&b, "publickey"); + (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
+ buffer_put_char(&b, 1); + (r = sshbuf_put_u8(b, 1)) != 0 ||
+ buffer_put_cstring(&b, pkalg); + (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
+ buffer_put_string(&b, pkblob, blen); + (r = sshbuf_put_string(b, pkblob, blen)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0) - if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0)
+ if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0) + if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
goto user_auth_clean_exit; goto user_auth_clean_exit;
/* test for correct signature */ /* test for correct signature */
- if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1) - if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1)
+ if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) + if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) == 0)
authenticated = 1; authenticated = 1;
user_auth_clean_exit: user_auth_clean_exit:
/* if(&b != NULL) */ /* if(&b != NULL) */
- pamsshagentauth_buffer_free(&b); - pamsshagentauth_buffer_free(&b);
+ buffer_free(&b); + sshbuf_free(b);
+ user_auth_clean_exit_without_buffer: + user_auth_clean_exit_without_buffer:
if(sig != NULL) if(sig != NULL)
- pamsshagentauth_xfree(sig); - pamsshagentauth_xfree(sig);
@ -654,9 +896,22 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
return authenticated; return authenticated;
} }
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 --- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c 2017-02-07 14:41:20.484509204 +0100 +++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h 2018-08-24 10:18:05.010393320 +0200
@@ -31,7 +31,7 @@
#ifndef _USERAUTH_PUBKEY_FROM_ID_H
#define _USERAUTH_PUBKEY_FROM_ID_H
-#include <identity.h>
-int userauth_pubkey_from_id(const char *, Identity *, Buffer *);
+#include "identity.h"
+int userauth_pubkey_from_id(const char *, Identity *, struct sshbuf *);
#endif
diff -up openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/uuencode.c
--- openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/uuencode.c 2018-08-24 10:18:05.010393320 +0200
@@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src @@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src
/* and remove trailing whitespace because __b64_pton needs this */ /* and remove trailing whitespace because __b64_pton needs this */
*p = '\0'; *p = '\0';

View File

@ -3,7 +3,7 @@ diff --git a/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c b/pam_ssh_agen
+++ b/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c +++ b/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c
@@ -158,11 +158,12 @@ parse_authorized_key_file(const char *user, @@ -158,11 +158,12 @@ parse_authorized_key_file(const char *user,
int int
pam_user_key_allowed(const char *ruser, Key * key) pam_user_key_allowed(const char *ruser, struct sshkey * key)
{ {
+ struct passwd *pw; + struct passwd *pw;
return return

View File

@ -7,7 +7,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent openssh/pam_ssh
+typedef struct { +typedef struct {
+ int fd; + int fd;
+ Buffer identities; + struct sshbuf *identities;
+ int howmany; + int howmany;
+} AuthenticationConnection; +} AuthenticationConnection;
+ +
@ -18,8 +18,8 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200 --- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-09-27 14:25:49.421739027 +0200 +++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-09-27 14:25:49.421739027 +0200
@@ -39,6 +39,7 @@ @@ -39,6 +39,7 @@
#include "buffer.h" #include "sshbuf.h"
#include "key.h" #include "sshkey.h"
#include "authfd.h" #include "authfd.h"
+#include "ssherr.h" +#include "ssherr.h"
#include <stdio.h> #include <stdio.h>
@ -27,9 +27,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
#include "ssh2.h" #include "ssh2.h"
@@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con @@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con
{ {
Buffer session_id2 = { 0 }; struct sshbuf *session_id2 = NULL;
Identity *id; Identity *id;
- Key *key; - struct sshkey *key;
AuthenticationConnection *ac; AuthenticationConnection *ac;
- char *comment; - char *comment;
uint8_t retval = 0; uint8_t retval = 0;
@ -59,7 +59,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
+ id->key = idlist->keys[i]; + id->key = idlist->keys[i];
+ id->filename = idlist->comments[i]; + id->filename = idlist->comments[i];
id->ac = ac; id->ac = ac;
if(userauth_pubkey_from_id(ruser, id, &session_id2)) { if(userauth_pubkey_from_id(ruser, id, session_id2)) {
retval = 1; retval = 1;
} }
- free(id->filename); - free(id->filename);
@ -69,7 +69,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
break; break;
} }
} }
buffer_free(&session_id2); sshbuf_free(session_id2);
- ssh_close_authentication_connection(ac); - ssh_close_authentication_connection(ac);
+ ssh_free_identitylist(idlist); + ssh_free_identitylist(idlist);
+ ssh_close_authentication_socket(ac->fd); + ssh_close_authentication_socket(ac->fd);
@ -78,91 +78,15 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
} }
else { else {
verbose("No ssh-agent could be contacted"); verbose("No ssh-agent could be contacted");
diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent 2017-09-27 14:26:04.277820716 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2017-09-27 14:26:34.426986497 +0200
@@ -70,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE
char *fp;
found_key = 0;
- found = key_new(key->type);
+ found = sshkey_new(key->type);
while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp = NULL; /* *key_options = NULL; */
@@ -80,7 +80,7 @@ pamsshagentauth_check_authkeys_file(FILE
if(!*cp || *cp == '\n' || *cp == '#')
continue;
- if(key_read(found, &cp) != 1) {
+ if(sshkey_read(found, &cp) != 0) {
/* no key? check if there are options for this key */
int quoted = 0;
@@ -94,24 +94,24 @@ pamsshagentauth_check_authkeys_file(FILE
}
/* Skip remaining whitespace. */
for(; *cp == ' ' || *cp == '\t'; cp++);
- if(key_read(found, &cp) != 1) {
+ if(sshkey_read(found, &cp) != 0) {
verbose("user_key_allowed: advance: '%s'", cp);
/* still no key? advance to next line */
continue;
}
}
- if(key_equal(found, key)) {
+ if(sshkey_equal(found, key)) {
found_key = 1;
logit("matching key found: file/command %s, line %lu", file,
linenum);
fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
logit("Found matching %s key: %s",
- key_type(found), fp);
+ sshkey_type(found), fp);
free(fp);
break;
}
}
- key_free(found);
+ sshkey_free(found);
if(!found_key)
verbose("key not found");
return found_key;
diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200 --- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2017-09-27 14:25:49.422739032 +0200 +++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2017-09-27 14:25:49.422739032 +0200
@@ -57,10 +57,11 @@ extern uint8_t session_id_len;
int
userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
{
- Buffer b = { 0 };
+ Buffer b;
char *pkalg = NULL;
u_char *pkblob = NULL, *sig = NULL;
- u_int blen = 0, slen = 0;
+ u_int blen = 0;
+ size_t slen = 0;
int authenticated = 0;
pkalg = (char *) key_ssh_name(id->key);
@@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse @@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse
buffer_put_cstring(&b, pkalg); (r = sshbuf_put_string(b, pkblob, blen)) != 0)
buffer_put_string(&b, pkblob, blen); fatal("%s: buffer error: %s", __func__, ssh_err(r));
- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0) - if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
+ if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) != 0) + if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
goto user_auth_clean_exit; goto user_auth_clean_exit;
/* test for correct signature */ /* test for correct signature */
diff -up openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
--- openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey 2018-04-04 13:55:02.383899631 +0200
+++ openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2018-04-04 13:58:36.759339845 +0200
@@ -89,7 +89,7 @@ userauth_pubkey_from_id(const char *ruse
goto user_auth_clean_exit;
/* test for correct signature */
- if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+ if(sshkey_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) == 0)
authenticated = 1;
user_auth_clean_exit:

View File

@ -189,8 +189,8 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh-
-pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o -pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o
- $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam - $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam
+pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o +pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o ../uidswap.o
+ $(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam + $(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o ../uidswap.o $(LIBS) -lpam
$(MANPAGES): $(MANPAGES_IN) $(MANPAGES): $(MANPAGES_IN)
pod2man --section=8 --release=v0.10.3 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8 pod2man --section=8 --release=v0.10.3 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8

View File

@ -1,4 +1,4 @@
SHA512 (openssh-7.7p1.tar.gz) = 597252cb48209a0cb98ca1928a67e8d63e4275252f25bc37269204c108f034baade6ba0634e32ae63422fddd280f73096a6b31ad2f2e7a848dde75ca30e14261 SHA512 (openssh-7.8p1.tar.gz) = 8e5b0c8682a9243e4e8b7c374ec989dccd1a752eb6f84e593b67141e8b23dcc8b9a7322b1f7525d18e2ce8830a767d0d9793f997486339db201a57986b910705
SHA512 (openssh-7.7p1.tar.gz.asc) = 9445a589a84538fb0b4eae0f7bf6ce46def51b09254d6fffcc6ed64472f10ccf9e4d5d200387725043039d77ca886e2c8e8f3128e7969c582156fafb0783988d SHA512 (openssh-7.8p1.tar.gz.asc) = 3a7bef84df3c07aa78965a11a6bbd6ca6e5d1e9265ac08871b3e5d304646be651b74f5302a195e86a56e6a83b19d79292e5599c9a9cf6f003a513d4354e8ad2f
SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66 SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66