rebase to openssh-7.4p1-1

* Drop unaccepted (unapplying) coverity patches
 * Drop server support for SSH1 (server)
 * Workaround #2641 for systemd
 * UseLogin is gone
 * Drop upstream commit 28652bca
 * Tighten seccomp filter (cache credentials before entering sandbox) (#1395288)
This commit is contained in:
Jakub Jelen 2017-01-02 15:42:13 +01:00
parent 4189cebf7a
commit 6cf9b8e61b
29 changed files with 1777 additions and 2667 deletions

1
.gitignore vendored
View File

@ -23,3 +23,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
/openssh-7.2p1.tar.gz
/openssh-7.2p2.tar.gz
/openssh-7.3p1.tar.gz
/openssh-7.4p1.tar.gz

View File

@ -1,7 +1,8 @@
--- openssh-4.3p2/contrib/gnome-ssh-askpass2.c.grab-info 2006-07-17 15:10:11.000000000 +0200
+++ openssh-4.3p2/contrib/gnome-ssh-askpass2.c 2006-07-17 15:25:04.000000000 +0200
@@ -65,9 +65,12 @@
err = gtk_message_dialog_new(NULL, 0,
diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.grab-info openssh-7.4p1/contrib/gnome-ssh-askpass2.c
--- openssh-7.4p1/contrib/gnome-ssh-askpass2.c.grab-info 2016-12-23 13:31:22.645213115 +0100
+++ openssh-7.4p1/contrib/gnome-ssh-askpass2.c 2016-12-23 13:31:40.997216691 +0100
@@ -65,9 +65,12 @@ report_failed_grab (GtkWidget *parent_wi
err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_CLOSE,
- "Could not grab %s. "
@ -14,5 +15,5 @@
+ "Either close the application which grabs the %s or "
+ "log out and log in again to prevent this from happening.", what, what);
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
TRUE);
gtk_dialog_run(GTK_DIALOG(err));

View File

@ -1,6 +1,6 @@
diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contrib/gnome-ssh-askpass2.c
--- openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress 2008-07-23 19:05:26.000000000 +0200
+++ openssh-5.1p1/contrib/gnome-ssh-askpass2.c 2008-07-23 19:05:26.000000000 +0200
diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress openssh-7.4p1/contrib/gnome-ssh-askpass2.c
--- openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/contrib/gnome-ssh-askpass2.c 2016-12-23 13:31:16.545211926 +0100
@@ -53,6 +53,7 @@
#include <string.h>
#include <unistd.h>
@ -9,7 +9,7 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr
#include <gtk/gtk.h>
#include <gdk/gdkx.h>
@@ -83,13 +84,24 @@ ok_dialog(GtkWidget *entry, gpointer dia
@@ -81,13 +82,24 @@ ok_dialog(GtkWidget *entry, gpointer dia
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
}
@ -30,12 +30,12 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr
const char *failed;
char *passphrase, *local;
int result, grab_tries, grab_server, grab_pointer;
- GtkWidget *dialog, *entry;
+ GtkWidget *dialog, *entry, *progress, *hbox;
- GtkWidget *parent_window, *dialog, *entry;
+ GtkWidget *parent_window, *dialog, *entry, *progress, *hbox;
GdkGrabStatus status;
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
@@ -102,13 +114,31 @@ passphrase_dialog(char *message)
@@ -104,14 +116,32 @@ passphrase_dialog(char *message)
"%s",
message);
@ -45,9 +45,11 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr
+ gtk_widget_show(hbox);
+
entry = gtk_entry_new();
- gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
+ gtk_box_pack_start(GTK_BOX(hbox), entry, TRUE,
FALSE, 0);
gtk_box_pack_start(
- GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
- FALSE, FALSE, 0);
+ GTK_BOX(hbox), entry,
+ TRUE, FALSE, 0);
+ gtk_entry_set_width_chars(GTK_ENTRY(entry), 2);
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
gtk_widget_grab_focus(entry);
@ -68,7 +70,7 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr
gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
@@ -119,6 +149,8 @@ passphrase_dialog(char *message)
@@ -120,6 +150,8 @@ passphrase_dialog(char *message)
gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
g_signal_connect(G_OBJECT(entry), "activate",
G_CALLBACK(ok_dialog), dialog);

View File

@ -1,7 +1,7 @@
diff -up openssh-7.0p1/configure.ac.vendor openssh-7.0p1/configure.ac
--- openssh-7.0p1/configure.ac.vendor 2015-08-12 11:14:54.102628399 +0200
+++ openssh-7.0p1/configure.ac 2015-08-12 11:14:54.129628356 +0200
@@ -4776,6 +4776,12 @@ AC_ARG_WITH([lastlog],
diff -up openssh-7.4p1/configure.ac.vendor openssh-7.4p1/configure.ac
--- openssh-7.4p1/configure.ac.vendor 2016-12-23 13:34:51.681253844 +0100
+++ openssh-7.4p1/configure.ac 2016-12-23 13:34:51.694253847 +0100
@@ -4930,6 +4930,12 @@ AC_ARG_WITH([lastlog],
fi
]
)
@ -14,7 +14,7 @@ diff -up openssh-7.0p1/configure.ac.vendor openssh-7.0p1/configure.ac
dnl lastlog, [uw]tmpx? detection
dnl NOTE: set the paths in the platform section to avoid the
@@ -5038,6 +5044,7 @@ echo " Translate v4 in v6 hack
@@ -5194,6 +5200,7 @@ echo " Translate v4 in v6 hack
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
echo " Privsep sandbox style: $SANDBOX_STYLE"
@ -22,10 +22,10 @@ diff -up openssh-7.0p1/configure.ac.vendor openssh-7.0p1/configure.ac
echo ""
diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c
--- openssh-7.0p1/servconf.c.vendor 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/servconf.c 2015-08-12 11:15:33.201565712 +0200
@@ -149,6 +149,7 @@ initialize_server_options(ServerOptions
diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.vendor 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 13:36:07.555268628 +0100
@@ -143,6 +143,7 @@ initialize_server_options(ServerOptions
options->max_authtries = -1;
options->max_sessions = -1;
options->banner = NULL;
@ -33,7 +33,7 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c
options->use_dns = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
@@ -335,6 +336,8 @@ fill_default_server_options(ServerOption
@@ -325,6 +326,8 @@ fill_default_server_options(ServerOption
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->version_addendum == NULL)
options->version_addendum = xstrdup("");
@ -42,8 +42,8 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c
if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
options->fwd_opts.streamlocal_bind_mask = 0177;
if (options->fwd_opts.streamlocal_bind_unlink == -1)
@@ -407,7 +410,7 @@ typedef enum {
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -402,7 +405,7 @@ typedef enum {
sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
- sBanner, sUseDNS, sHostbasedAuthentication,
@ -51,7 +51,7 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
@@ -529,6 +532,7 @@ static struct {
@@ -528,6 +531,7 @@ static struct {
{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
@ -59,7 +59,7 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
@@ -1389,6 +1393,10 @@ process_server_config_line(ServerOptions
@@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions
multistate_ptr = multistate_privsep;
goto parse_multistate;
@ -70,18 +70,18 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -2266,6 +2274,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sUseLogin, o->use_login);
@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
dump_cfg_fmtint(sCompression, o->compression);
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
diff -up openssh-7.0p1/servconf.h.vendor openssh-7.0p1/servconf.h
--- openssh-7.0p1/servconf.h.vendor 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/servconf.h 2015-08-12 11:14:54.130628355 +0200
@@ -155,6 +155,7 @@ typedef struct {
diff -up openssh-7.4p1/servconf.h.vendor openssh-7.4p1/servconf.h
--- openssh-7.4p1/servconf.h.vendor 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/servconf.h 2016-12-23 13:34:51.694253847 +0100
@@ -149,6 +149,7 @@ typedef struct {
int max_authtries;
int max_sessions;
char *banner; /* SSH-2 banner message */
@ -89,12 +89,12 @@ diff -up openssh-7.0p1/servconf.h.vendor openssh-7.0p1/servconf.h
int use_dns;
int client_alive_interval; /*
* poke the client this often to
diff -up openssh-7.0p1/sshd_config.0.vendor openssh-7.0p1/sshd_config.0
--- openssh-7.0p1/sshd_config.0.vendor 2015-08-12 11:14:54.125628363 +0200
+++ openssh-7.0p1/sshd_config.0 2015-08-12 11:14:54.130628355 +0200
@@ -841,6 +841,11 @@ DESCRIPTION
Defines the number of bits in the ephemeral protocol version 1
server key. The default and minimum value is 1024.
diff -up openssh-7.4p1/sshd_config.0.vendor openssh-7.4p1/sshd_config.0
--- openssh-7.4p1/sshd_config.0.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.0 2016-12-23 13:36:53.146277511 +0100
@@ -792,6 +792,11 @@ DESCRIPTION
ssh-keygen(1). For more information on KRLs, see the KEY
REVOCATION LISTS section in ssh-keygen(1).
+ ShowPatchLevel
+ Specifies whether sshd will display the specific patch level of
@ -104,13 +104,13 @@ diff -up openssh-7.0p1/sshd_config.0.vendor openssh-7.0p1/sshd_config.0
StreamLocalBindMask
Sets the octal file creation mode mask (umask) used when creating
a Unix-domain socket file for local or remote port forwarding.
diff -up openssh-7.0p1/sshd_config.5.vendor openssh-7.0p1/sshd_config.5
--- openssh-7.0p1/sshd_config.5.vendor 2015-08-12 11:14:54.125628363 +0200
+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:14:54.131628353 +0200
@@ -1411,6 +1411,13 @@ This option applies to protocol version
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The default and minimum value is 1024.
diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 13:37:17.482282253 +0100
@@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as
.Xr ssh-keygen 1 .
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd
@ -121,10 +121,10 @@ diff -up openssh-7.0p1/sshd_config.5.vendor openssh-7.0p1/sshd_config.5
.It Cm StreamLocalBindMask
Sets the octal file creation mode mask
.Pq umask
diff -up openssh-7.0p1/sshd_config.vendor openssh-7.0p1/sshd_config
--- openssh-7.0p1/sshd_config.vendor 2015-08-12 11:14:54.125628363 +0200
+++ openssh-7.0p1/sshd_config 2015-08-12 11:14:54.131628353 +0200
@@ -119,6 +119,7 @@ UsePrivilegeSeparation sandbox # Defaul
diff -up openssh-7.4p1/sshd_config.vendor openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.vendor 2016-12-23 13:34:51.690253846 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 13:34:51.695253847 +0100
@@ -105,6 +105,7 @@ X11Forwarding yes
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
@ -132,19 +132,20 @@ diff -up openssh-7.0p1/sshd_config.vendor openssh-7.0p1/sshd_config
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
diff -up openssh-7.0p1/sshd.c.vendor openssh-7.0p1/sshd.c
--- openssh-7.0p1/sshd.c.vendor 2015-08-12 11:14:54.100628403 +0200
+++ openssh-7.0p1/sshd.c 2015-08-12 11:14:54.131628353 +0200
@@ -432,7 +432,7 @@ sshd_exchange_identification(int sock_in
}
diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.vendor 2016-12-23 13:34:51.682253844 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 13:38:32.434296856 +0100
@@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh
char remote_version[256]; /* Must be at least as big as buf. */
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
- major, minor, SSH_VERSION,
+ major, minor, (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
@@ -1749,7 +1749,8 @@ main(int ac, char **av)
@@ -1650,7 +1651,8 @@ main(int ac, char **av)
exit(1);
}

View File

@ -1,7 +1,7 @@
diff -up openssh-6.8p1/log.c.log-in-chroot openssh-6.8p1/log.c
--- openssh-6.8p1/log.c.log-in-chroot 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/log.c 2015-03-18 12:59:29.694022313 +0100
@@ -241,6 +241,11 @@ debug3(const char *fmt,...)
diff -up openssh-7.4p1/log.c.log-in-chroot openssh-7.4p1/log.c
--- openssh-7.4p1/log.c.log-in-chroot 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/log.c 2016-12-23 15:14:33.330168088 +0100
@@ -250,6 +250,11 @@ debug3(const char *fmt,...)
void
log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
{
@ -13,7 +13,7 @@ diff -up openssh-6.8p1/log.c.log-in-chroot openssh-6.8p1/log.c
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
struct syslog_data sdata = SYSLOG_DATA_INIT;
#endif
@@ -264,8 +269,10 @@ log_init(char *av0, LogLevel level, Sysl
@@ -273,8 +278,10 @@ log_init(char *av0, LogLevel level, Sysl
exit(1);
}
@ -26,9 +26,9 @@ diff -up openssh-6.8p1/log.c.log-in-chroot openssh-6.8p1/log.c
log_on_stderr = on_stderr;
if (on_stderr)
diff -up openssh-6.8p1/log.h.log-in-chroot openssh-6.8p1/log.h
--- openssh-6.8p1/log.h.log-in-chroot 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/log.h 2015-03-18 12:59:29.694022313 +0100
diff -up openssh-7.4p1/log.h.log-in-chroot openssh-7.4p1/log.h
--- openssh-7.4p1/log.h.log-in-chroot 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/log.h 2016-12-23 15:14:33.330168088 +0100
@@ -49,6 +49,7 @@ typedef enum {
typedef void (log_handler_fn)(LogLevel, const char *, void *);
@ -37,10 +37,10 @@ diff -up openssh-6.8p1/log.h.log-in-chroot openssh-6.8p1/log.h
void log_change_level(LogLevel);
int log_is_on_stderr(void);
void log_redirect_stderr_to(const char *);
diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c
--- openssh-6.8p1/monitor.c.log-in-chroot 2015-03-18 12:59:29.669022374 +0100
+++ openssh-6.8p1/monitor.c 2015-03-18 13:01:52.894671198 +0100
@@ -357,6 +357,8 @@ monitor_child_preauth(Authctxt *_authctx
diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
--- openssh-7.4p1/monitor.c.log-in-chroot 2016-12-23 15:14:33.311168085 +0100
+++ openssh-7.4p1/monitor.c 2016-12-23 15:16:42.154193100 +0100
@@ -307,6 +307,8 @@ monitor_child_preauth(Authctxt *_authctx
close(pmonitor->m_log_sendfd);
pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
@ -49,7 +49,7 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c
authctxt = _authctxt;
memset(authctxt, 0, sizeof(*authctxt));
@@ -465,6 +467,8 @@ monitor_child_postauth(struct monitor *p
@@ -405,6 +407,8 @@ monitor_child_postauth(struct monitor *p
close(pmonitor->m_recvfd);
pmonitor->m_recvfd = -1;
@ -58,7 +58,7 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c
monitor_set_child_handler(pmonitor->m_pid);
signal(SIGHUP, &monitor_child_handler);
signal(SIGTERM, &monitor_child_handler);
@@ -566,7 +570,7 @@ monitor_read_log(struct monitor *pmonito
@@ -472,7 +476,7 @@ monitor_read_log(struct monitor *pmonito
if (log_level_name(level) == NULL)
fatal("%s: invalid log level %u (corrupted message?)",
__func__, level);
@ -67,9 +67,9 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c
buffer_free(&logmsg);
free(msg);
@@ -1998,13 +2002,28 @@ monitor_init(void)
(ssh_packet_comp_free_func *)mm_zfree);
}
@@ -1719,13 +1723,28 @@ monitor_init(void)
mon = xcalloc(1, sizeof(*mon));
monitor_openfds(mon, 1);
+ mon->m_state = "";
+
@ -98,11 +98,11 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c
}
#ifdef GSSAPI
diff -up openssh-6.8p1/monitor.h.log-in-chroot openssh-6.8p1/monitor.h
--- openssh-6.8p1/monitor.h.log-in-chroot 2015-03-18 12:59:29.695022310 +0100
+++ openssh-6.8p1/monitor.h 2015-03-18 13:02:56.926514197 +0100
diff -up openssh-7.4p1/monitor.h.log-in-chroot openssh-7.4p1/monitor.h
--- openssh-7.4p1/monitor.h.log-in-chroot 2016-12-23 15:14:33.330168088 +0100
+++ openssh-7.4p1/monitor.h 2016-12-23 15:16:28.372190424 +0100
@@ -83,10 +83,11 @@ struct monitor {
struct mm_master *m_zlib;
int m_log_sendfd;
struct kex **m_pkex;
pid_t m_pid;
+ char *m_state;
@ -111,13 +111,13 @@ diff -up openssh-6.8p1/monitor.h.log-in-chroot openssh-6.8p1/monitor.h
struct monitor *monitor_init(void);
-void monitor_reinit(struct monitor *);
+void monitor_reinit(struct monitor *, const char *);
void monitor_sync(struct monitor *);
struct Authctxt;
diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
--- openssh-6.8p1/session.c.log-in-chroot 2015-03-18 12:59:29.675022359 +0100
+++ openssh-6.8p1/session.c 2015-03-18 12:59:29.696022308 +0100
@@ -161,6 +161,7 @@ login_cap_t *lc;
void monitor_child_preauth(struct Authctxt *, struct monitor *);
diff -up openssh-7.4p1/session.c.log-in-chroot openssh-7.4p1/session.c
--- openssh-7.4p1/session.c.log-in-chroot 2016-12-23 15:14:33.319168086 +0100
+++ openssh-7.4p1/session.c 2016-12-23 15:18:18.742211853 +0100
@@ -160,6 +160,7 @@ login_cap_t *lc;
static int is_child = 0;
static int in_chroot = 0;
@ -125,7 +125,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
@@ -506,8 +508,8 @@ do_exec_no_pty(Session *s, const char *c
@@ -365,8 +366,8 @@ do_exec_no_pty(Session *s, const char *c
is_child = 1;
/* Child. Reinitialize the log since the pid has changed. */
@ -136,7 +136,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
/*
* Create a new session and process group since the 4.4BSD
@@ -675,8 +677,8 @@ do_exec_pty(Session *s, const char *comm
@@ -523,8 +524,8 @@ do_exec_pty(Session *s, const char *comm
close(ptymaster);
/* Child. Reinitialize the log because the pid has changed. */
@ -147,7 +147,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -780,6 +782,7 @@ do_exec(Session *s, const char *command)
@@ -619,6 +620,7 @@ do_exec(Session *s, const char *command)
int ret;
const char *forced = NULL, *tty = NULL;
char session_type[1024];
@ -155,7 +155,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
if (options.adm_forced_command) {
original_command = command;
@@ -837,6 +840,10 @@ do_exec(Session *s, const char *command)
@@ -676,6 +678,10 @@ do_exec(Session *s, const char *command)
tty += 5;
}
@ -166,7 +166,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
verbose("Starting session: %s%s%s for %s from %.200s port %d id %d",
session_type,
tty == NULL ? "" : " on ",
@@ -1678,14 +1685,6 @@ child_close_fds(void)
@@ -1486,14 +1492,6 @@ child_close_fds(void)
* descriptors left by system functions. They will be closed later.
*/
endpwent();
@ -181,16 +181,16 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
}
/*
@@ -1831,8 +1830,6 @@ do_child(Session *s, const char *command
@@ -1629,8 +1627,6 @@ do_child(Session *s, const char *command
exit(1);
}
- closefrom(STDERR_FILENO + 1);
-
if (!options.use_login)
do_rc_files(s, shell);
do_rc_files(s, shell);
@@ -1856,9 +1853,17 @@ do_child(Session *s, const char *command
/* restore SIGPIPE for child */
@@ -1653,9 +1649,17 @@ do_child(Session *s, const char *command
argv[i] = NULL;
optind = optreset = 1;
__progname = argv[0];
@ -208,21 +208,21 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c
+
fflush(NULL);
if (options.use_login) {
diff -up openssh-6.8p1/sftp-server-main.c.log-in-chroot openssh-6.8p1/sftp-server-main.c
--- openssh-6.8p1/sftp-server-main.c.log-in-chroot 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/sftp-server-main.c 2015-03-18 12:59:29.696022308 +0100
@@ -47,5 +47,5 @@ main(int argc, char **argv)
return 1;
}
/* Get the last component of the shell name. */
diff -up openssh-7.4p1/sftp.h.log-in-chroot openssh-7.4p1/sftp.h
--- openssh-7.4p1/sftp.h.log-in-chroot 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sftp.h 2016-12-23 15:14:33.331168088 +0100
@@ -97,5 +97,5 @@
- return (sftp_server_main(argc, argv, user_pw));
+ return (sftp_server_main(argc, argv, user_pw, 0));
}
diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c
--- openssh-6.8p1/sftp-server.c.log-in-chroot 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/sftp-server.c 2015-03-18 13:03:52.510377911 +0100
@@ -1502,7 +1502,7 @@ sftp_server_usage(void)
struct passwd;
-int sftp_server_main(int, char **, struct passwd *);
+int sftp_server_main(int, char **, struct passwd *, int);
void sftp_server_cleanup_exit(int) __attribute__((noreturn));
diff -up openssh-7.4p1/sftp-server.c.log-in-chroot openssh-7.4p1/sftp-server.c
--- openssh-7.4p1/sftp-server.c.log-in-chroot 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sftp-server.c 2016-12-23 15:14:33.331168088 +0100
@@ -1497,7 +1497,7 @@ sftp_server_usage(void)
}
int
@ -231,7 +231,7 @@ diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c
{
fd_set *rset, *wset;
int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
@@ -1515,7 +1515,7 @@ sftp_server_main(int argc, char **argv,
@@ -1511,7 +1511,7 @@ sftp_server_main(int argc, char **argv,
ssh_malloc_init(); /* must be called before any mallocs */
__progname = ssh_get_progname(argv[0]);
@ -240,7 +240,7 @@ diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c
pw = pwcopy(user_pw);
@@ -1586,7 +1586,7 @@ sftp_server_main(int argc, char **argv,
@@ -1582,7 +1582,7 @@ sftp_server_main(int argc, char **argv,
}
}
@ -249,20 +249,20 @@ diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c
/*
* On platforms where we can, avoid making /proc/self/{mem,maps}
diff -up openssh-6.8p1/sftp.h.log-in-chroot openssh-6.8p1/sftp.h
--- openssh-6.8p1/sftp.h.log-in-chroot 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/sftp.h 2015-03-18 12:59:29.696022308 +0100
@@ -97,5 +97,5 @@
diff -up openssh-7.4p1/sftp-server-main.c.log-in-chroot openssh-7.4p1/sftp-server-main.c
--- openssh-7.4p1/sftp-server-main.c.log-in-chroot 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sftp-server-main.c 2016-12-23 15:14:33.331168088 +0100
@@ -49,5 +49,5 @@ main(int argc, char **argv)
return 1;
}
struct passwd;
-int sftp_server_main(int, char **, struct passwd *);
+int sftp_server_main(int, char **, struct passwd *, int);
void sftp_server_cleanup_exit(int) __attribute__((noreturn));
diff -up openssh-6.8p1/sshd.c.log-in-chroot openssh-6.8p1/sshd.c
--- openssh-6.8p1/sshd.c.log-in-chroot 2015-03-18 12:59:29.691022320 +0100
+++ openssh-6.8p1/sshd.c 2015-03-18 12:59:29.697022305 +0100
@@ -744,7 +744,7 @@ privsep_postauth(Authctxt *authctxt)
- return (sftp_server_main(argc, argv, user_pw));
+ return (sftp_server_main(argc, argv, user_pw, 0));
}
diff -up openssh-7.4p1/sshd.c.log-in-chroot openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.log-in-chroot 2016-12-23 15:14:33.328168088 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 15:14:33.332168088 +0100
@@ -650,7 +650,7 @@ privsep_postauth(Authctxt *authctxt)
}
/* New socket pair */
@ -271,7 +271,7 @@ diff -up openssh-6.8p1/sshd.c.log-in-chroot openssh-6.8p1/sshd.c
pmonitor->m_pid = fork();
if (pmonitor->m_pid == -1)
@@ -762,6 +762,11 @@ privsep_postauth(Authctxt *authctxt)
@@ -668,6 +668,11 @@ privsep_postauth(Authctxt *authctxt)
close(pmonitor->m_sendfd);
pmonitor->m_sendfd = -1;

View File

@ -1,7 +1,7 @@
diff -up openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.0p1/gss-serv-krb5.c
--- openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users 2015-08-12 11:27:44.022407951 +0200
+++ openssh-7.0p1/gss-serv-krb5.c 2015-08-12 11:27:44.047407912 +0200
@@ -260,7 +260,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
diff -up openssh-7.4p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.4p1/gss-serv-krb5.c
--- openssh-7.4p1/gss-serv-krb5.c.GSSAPIEnablek5users 2016-12-23 15:18:40.615216100 +0100
+++ openssh-7.4p1/gss-serv-krb5.c 2016-12-23 15:18:40.628216102 +0100
@@ -279,7 +279,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
FILE *fp;
char file[MAXPATHLEN];
char line[BUFSIZ] = "";
@ -9,7 +9,7 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.0p1/gss-ser
struct stat st;
struct passwd *pw = the_authctxt->pw;
int found_principal = 0;
@@ -269,7 +268,7 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
@@ -288,7 +287,7 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir);
/* If both .k5login and .k5users DNE, self-login is ok. */
@ -18,27 +18,27 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.0p1/gss-ser
return ssh_krb5_kuserok(krb_context, principal, luser,
k5login_exists);
}
diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c
--- openssh-7.0p1/servconf.c.GSSAPIEnablek5users 2015-08-12 11:27:44.036407930 +0200
+++ openssh-7.0p1/servconf.c 2015-08-12 11:28:49.087306430 +0200
@@ -173,6 +173,7 @@ initialize_server_options(ServerOptions
options->version_addendum = NULL;
diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.GSSAPIEnablek5users 2016-12-23 15:18:40.615216100 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 15:35:36.354401156 +0100
@@ -168,6 +168,7 @@ initialize_server_options(ServerOptions
options->fingerprint_hash = -1;
options->disable_forwarding = -1;
options->use_kuserok = -1;
+ options->enable_k5users = -1;
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -351,6 +352,8 @@ fill_default_server_options(ServerOption
options->fwd_opts.streamlocal_bind_unlink = 0;
if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ if (options->enable_k5users == -1)
+ options->enable_k5users = 0;
@@ -345,6 +346,8 @@ fill_default_server_options(ServerOption
options->disable_forwarding = 0;
if (options->use_kuserok == -1)
options->use_kuserok = 1;
+ if (options->enable_k5users == -1)
+ options->enable_k5users = 0;
@@ -423,7 +426,7 @@ typedef enum {
assemble_algorithms(options);
@@ -418,7 +421,7 @@ typedef enum {
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
@ -47,7 +47,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c
sGssKeyEx, sGssStoreRekey, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
@@ -502,12 +505,14 @@ static struct {
@@ -497,12 +500,14 @@ static struct {
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
{ "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
{ "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
@ -62,7 +62,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c
#endif
{ "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
{ "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
@@ -1680,6 +1685,10 @@ process_server_config_line(ServerOptions
@@ -1653,6 +1658,10 @@ process_server_config_line(ServerOptions
intptr = &options->use_kuserok;
goto parse_flag;
@ -73,7 +73,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c
case sPermitOpen:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
@@ -2035,6 +2044,7 @@ copy_set_server_options(ServerOptions *d
@@ -2026,6 +2035,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk);
M_CP_INTOPT(use_kuserok);
@ -81,7 +81,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
@@ -2317,6 +2327,7 @@ dump_config(ServerOptions *o)
@@ -2320,6 +2330,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
@ -89,10 +89,10 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
diff -up openssh-7.0p1/servconf.h.GSSAPIEnablek5users openssh-7.0p1/servconf.h
--- openssh-7.0p1/servconf.h.GSSAPIEnablek5users 2015-08-12 11:27:44.022407951 +0200
+++ openssh-7.0p1/servconf.h 2015-08-12 11:27:44.048407911 +0200
@@ -180,7 +180,8 @@ typedef struct {
diff -up openssh-7.4p1/servconf.h.GSSAPIEnablek5users openssh-7.4p1/servconf.h
--- openssh-7.4p1/servconf.h.GSSAPIEnablek5users 2016-12-23 15:18:40.616216100 +0100
+++ openssh-7.4p1/servconf.h 2016-12-23 15:18:40.629216102 +0100
@@ -174,7 +174,8 @@ typedef struct {
int num_permitted_opens;
@ -102,26 +102,26 @@ diff -up openssh-7.0p1/servconf.h.GSSAPIEnablek5users openssh-7.0p1/servconf.h
char *chroot_directory;
char *revoked_keys_file;
char *trusted_user_ca_keys;
diff -up openssh-7.0p1/sshd_config.5.GSSAPIEnablek5users openssh-7.0p1/sshd_config.5
--- openssh-7.0p1/sshd_config.5.GSSAPIEnablek5users 2015-08-12 11:27:44.023407950 +0200
+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:27:44.048407911 +0200
@@ -633,6 +633,12 @@ on logout.
diff -up openssh-7.4p1/sshd_config.5.GSSAPIEnablek5users openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.GSSAPIEnablek5users 2016-12-23 15:18:40.630216103 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 15:36:21.607408435 +0100
@@ -628,6 +628,12 @@ Specifies whether to automatically destr
on logout.
The default is
.Dq yes .
.Cm yes .
+.It Cm GSSAPIEnablek5users
+Specifies whether to look at .k5users file for GSSAPI authentication
+access control. Further details are described in
+.Xr ksu 1 .
+The default is
+.Dq no .
.It Cm GSSAPIStrictAcceptorCheck
Determines whether to be strict about the identity of the GSSAPI acceptor
a client authenticates against.
diff -up openssh-7.0p1/sshd_config.GSSAPIEnablek5users openssh-7.0p1/sshd_config
--- openssh-7.0p1/sshd_config.GSSAPIEnablek5users 2015-08-12 11:27:44.023407950 +0200
+++ openssh-7.0p1/sshd_config 2015-08-12 11:27:44.048407911 +0200
@@ -94,6 +94,7 @@ GSSAPIAuthentication yes
+.Cm no .
.It Cm GSSAPIKeyExchange
Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
doesn't rely on ssh keys to verify host identity.
diff -up openssh-7.4p1/sshd_config.GSSAPIEnablek5users openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.GSSAPIEnablek5users 2016-12-23 15:18:40.616216100 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 15:18:40.631216103 +0100
@@ -80,6 +80,7 @@ GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

View File

@ -142,7 +142,7 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
+{
+
+ const struct sshcipher *c;
+ struct sshcipher_ctx cc;
+ struct sshcipher_ctx *cc;
+ char *algo = "aes128-ctr";
+ char *hexkey = NULL;
+ char *hexiv = "00000000000000000000000000000000";
@ -232,11 +232,11 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
+ return 2;
+ }
+
+ cipher_crypt(&cc, 0, outdata, data, datalen, 0, 0);
+ cipher_crypt(cc, 0, outdata, data, datalen, 0, 0);
+
+ free(data);
+
+ cipher_cleanup(&cc);
+ cipher_free(cc);
+
+ for (p = outdata; datalen > 0; ++p, --datalen) {
+ printf("%02X", (unsigned char)*p);

View File

@ -1,8 +1,7 @@
diff --git a/entropy.c b/entropy.c
index 1e9d52a..d24e724 100644
--- a/entropy.c
+++ b/entropy.c
@@ -227,6 +227,9 @@ seed_rng(void)
diff -up openssh-7.4p1/entropy.c.entropy openssh-7.4p1/entropy.c
--- openssh-7.4p1/entropy.c.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/entropy.c 2016-12-23 18:34:27.769753570 +0100
@@ -229,6 +229,9 @@ seed_rng(void)
memset(buf, '\0', sizeof(buf));
#endif /* OPENSSL_PRNG_ONLY */
@ -12,24 +11,31 @@ index 1e9d52a..d24e724 100644
if (RAND_status() != 1)
fatal("PRNG is not seeded");
}
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 843225d..041bbab 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
diff -up openssh-7.4p1/openbsd-compat/Makefile.in.entropy openssh-7.4p1/openbsd-compat/Makefile.in
--- openssh-7.4p1/openbsd-compat/Makefile.in.entropy 2016-12-23 18:34:53.715762155 +0100
+++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 18:35:15.890769493 +0100
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
-PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o
+PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
new file mode 100644
index 0000000..da84bf2
--- /dev/null
+++ b/openbsd-compat/port-linux-prng.c
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy 2016-12-23 18:34:27.747753563 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:34:27.769753570 +0100
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
void oom_adjust_setup(void);
#endif
+void linux_seed(void);
+
#endif /* ! _PORT_LINUX_H */
diff -up openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy openssh-7.4p1/openbsd-compat/port-linux-prng.c
--- openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy 2016-12-23 18:34:27.769753570 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux-prng.c 2016-12-23 18:34:27.769753570 +0100
@@ -0,0 +1,59 @@
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
+
@ -90,11 +96,37 @@ index 0000000..da84bf2
+ fatal ("EOF reading %s", random);
+ }
+}
diff --git a/ssh-add.0 b/ssh-add.0
index f16165a..17d22cf 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -82,6 +82,16 @@ ENVIRONMENT
diff -up openssh-7.4p1/ssh.1.entropy openssh-7.4p1/ssh.1
--- openssh-7.4p1/ssh.1.entropy 2016-12-23 18:34:27.754753565 +0100
+++ openssh-7.4p1/ssh.1 2016-12-23 18:34:27.770753571 +0100
@@ -1441,6 +1441,23 @@ For more information, see the
.Cm PermitUserEnvironment
option in
.Xr sshd_config 5 .
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
diff -up openssh-7.4p1/ssh-add.0.entropy openssh-7.4p1/ssh-add.0
--- openssh-7.4p1/ssh-add.0.entropy 2016-12-19 06:21:21.000000000 +0100
+++ openssh-7.4p1/ssh-add.0 2016-12-23 18:34:27.770753571 +0100
@@ -88,6 +88,16 @@ ENVIRONMENT
Identifies the path of a UNIX-domain socket used to communicate
with the agent.
@ -111,11 +143,10 @@ index f16165a..17d22cf 100644
FILES
~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of
diff --git a/ssh-add.1 b/ssh-add.1
index 04d1840..db883a4 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -170,6 +170,20 @@ to make this work.)
diff -up openssh-7.4p1/ssh-add.1.entropy openssh-7.4p1/ssh-add.1
--- openssh-7.4p1/ssh-add.1.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-add.1 2016-12-23 18:34:27.770753571 +0100
@@ -171,6 +171,20 @@ to make this work.)
Identifies the path of a
.Ux Ns -domain
socket used to communicate with the agent.
@ -136,11 +167,10 @@ index 04d1840..db883a4 100644
.El
.Sh FILES
.Bl -tag -width Ds
diff --git a/ssh-agent.1 b/ssh-agent.1
index d7e791b..7332f0d 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -189,6 +189,24 @@ sockets used to contain the connection to the authentication agent.
diff -up openssh-7.4p1/ssh-agent.1.entropy openssh-7.4p1/ssh-agent.1
--- openssh-7.4p1/ssh-agent.1.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-agent.1 2016-12-23 18:34:27.770753571 +0100
@@ -214,6 +214,24 @@ sockets used to contain the connection t
These sockets should only be readable by the owner.
The sockets should get automatically removed when the agent exits.
.El
@ -165,97 +195,10 @@ index d7e791b..7332f0d 100644
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 276dacc..a09d9b1 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -841,6 +841,24 @@ Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
.Xr moduli 5 .
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
diff --git a/ssh-keysign.8 b/ssh-keysign.8
index 69d0829..02d79f8 100644
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@@ -80,6 +80,24 @@ must be set-uid root if host-based authentication is used.
If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
diff --git a/ssh.1 b/ssh.1
index 4a476c2..410a04a 100644
--- a/ssh.1
+++ b/ssh.1
@@ -1299,6 +1299,23 @@ For more information, see the
.Cm PermitUserEnvironment
option in
.Xr sshd_config 5 .
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.rhosts
diff --git a/sshd.8 b/sshd.8
index cb866b5..adcaaf9 100644
--- a/sshd.8
+++ b/sshd.8
@@ -945,6 +945,24 @@ concurrently for different ports, this contains the process ID of the one
diff -up openssh-7.4p1/sshd.8.entropy openssh-7.4p1/sshd.8
--- openssh-7.4p1/sshd.8.entropy 2016-12-23 18:34:27.755753566 +0100
+++ openssh-7.4p1/sshd.8 2016-12-23 18:34:27.770753571 +0100
@@ -920,6 +920,24 @@ concurrently for different ports, this c
started last).
The content of this file is not sensitive; it can be world-readable.
.El
@ -280,13 +223,59 @@ index cb866b5..adcaaf9 100644
.Sh IPV6
IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
.Sh SEE ALSO
diff -up openssh-6.8p1/openbsd-compat/port-linux.h.coverity openssh-6.8p1/openbsd-compat/port-linux.h
--- openssh-6.8p1/openbsd-compat/port-linux.h.coverity 2015-03-18 17:21:51.861264906 +0100
+++ openssh-6.8p1/openbsd-compat/port-linux.h 2015-03-18 17:21:51.897264831 +0100
@@ -37,4 +37,6 @@ void oom_adjust_restore(void);
void oom_adjust_setup(void);
#endif
+void linux_seed(void);
+
#endif /* ! _PORT_LINUX_H */
diff -up openssh-7.4p1/ssh-keygen.1.entropy openssh-7.4p1/ssh-keygen.1
--- openssh-7.4p1/ssh-keygen.1.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-keygen.1 2016-12-23 18:34:27.770753571 +0100
@@ -848,6 +848,24 @@ Contains Diffie-Hellman groups used for
The file format is described in
.Xr moduli 5 .
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
diff -up openssh-7.4p1/ssh-keysign.8.entropy openssh-7.4p1/ssh-keysign.8
--- openssh-7.4p1/ssh-keysign.8.entropy 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-keysign.8 2016-12-23 18:34:27.770753571 +0100
@@ -80,6 +80,24 @@ must be set-uid root if host-based authe
If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
.El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm /dev/urandom .
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm /dev/random .
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,

View File

@ -1,7 +1,7 @@
diff -up openssh-7.0p1/auth-krb5.c.kuserok openssh-7.0p1/auth-krb5.c
--- openssh-7.0p1/auth-krb5.c.kuserok 2015-08-11 10:57:29.000000000 +0200
+++ openssh-7.0p1/auth-krb5.c 2015-08-12 11:26:21.874536127 +0200
@@ -55,6 +55,21 @@
diff -up openssh-7.4p1/auth-krb5.c.kuserok openssh-7.4p1/auth-krb5.c
--- openssh-7.4p1/auth-krb5.c.kuserok 2016-12-23 14:36:07.640465939 +0100
+++ openssh-7.4p1/auth-krb5.c 2016-12-23 14:36:07.644465936 +0100
@@ -56,6 +56,21 @@
extern ServerOptions options;
@ -23,7 +23,7 @@ diff -up openssh-7.0p1/auth-krb5.c.kuserok openssh-7.0p1/auth-krb5.c
static int
krb5_init(void *context)
{
@@ -158,8 +173,9 @@ auth_krb5_password(Authctxt *authctxt, c
@@ -160,8 +175,9 @@ auth_krb5_password(Authctxt *authctxt, c
if (problem)
goto out;
@ -35,9 +35,9 @@ diff -up openssh-7.0p1/auth-krb5.c.kuserok openssh-7.0p1/auth-krb5.c
problem = -1;
goto out;
}
diff -up openssh-7.0p1/gss-serv-krb5.c.kuserok openssh-7.0p1/gss-serv-krb5.c
--- openssh-7.0p1/gss-serv-krb5.c.kuserok 2015-08-12 11:26:21.868536137 +0200
+++ openssh-7.0p1/gss-serv-krb5.c 2015-08-12 11:26:21.875536126 +0200
diff -up openssh-7.4p1/gss-serv-krb5.c.kuserok openssh-7.4p1/gss-serv-krb5.c
--- openssh-7.4p1/gss-serv-krb5.c.kuserok 2016-12-23 14:36:07.640465939 +0100
+++ openssh-7.4p1/gss-serv-krb5.c 2016-12-23 14:36:07.644465936 +0100
@@ -67,6 +67,7 @@ static int ssh_gssapi_krb5_cmdok(krb5_pr
int);
@ -160,7 +160,7 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.kuserok openssh-7.0p1/gss-serv-krb5.c
retval = 1;
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
name, (char *)client->displayname.value);
@@ -171,9 +270,8 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
@@ -190,9 +289,8 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir);
/* If both .k5login and .k5users DNE, self-login is ok. */
if (!k5login_exists && (access(file, F_OK) == -1)) {
@ -172,28 +172,28 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.kuserok openssh-7.0p1/gss-serv-krb5.c
}
if ((fp = fopen(file, "r")) == NULL) {
int saved_errno = errno;
diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c
--- openssh-7.0p1/servconf.c.kuserok 2015-08-12 11:26:21.865536141 +0200
+++ openssh-7.0p1/servconf.c 2015-08-12 11:27:14.126454598 +0200
@@ -172,6 +172,7 @@ initialize_server_options(ServerOptions
options->ip_qos_bulk = -1;
diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.kuserok 2016-12-23 14:36:07.630465944 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 15:11:52.278133344 +0100
@@ -167,6 +167,7 @@ initialize_server_options(ServerOptions
options->version_addendum = NULL;
options->fingerprint_hash = -1;
options->disable_forwarding = -1;
+ options->use_kuserok = -1;
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -350,6 +351,8 @@ fill_default_server_options(ServerOption
options->fwd_opts.streamlocal_bind_unlink = 0;
if (options->fingerprint_hash == -1)
@@ -342,6 +343,8 @@ fill_default_server_options(ServerOption
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
if (options->disable_forwarding == -1)
options->disable_forwarding = 0;
+ if (options->use_kuserok == -1)
+ options->use_kuserok = 1;
assemble_algorithms(options);
@@ -404,7 +407,7 @@ typedef enum {
sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel,
@@ -399,7 +402,7 @@ typedef enum {
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
- sKerberosGetAFSToken,
@ -201,7 +201,7 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c
sKerberosTgtPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
@@ -483,11 +486,13 @@ static struct {
@@ -478,11 +481,13 @@ static struct {
#else
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
#endif
@ -215,7 +215,7 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c
#endif
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
@@ -1671,6 +1676,10 @@ process_server_config_line(ServerOptions
@@ -1644,6 +1649,10 @@ process_server_config_line(ServerOptions
*activep = value;
break;
@ -226,15 +226,15 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c
case sPermitOpen:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
@@ -2023,6 +2032,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(max_authtries);
@@ -2016,6 +2025,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(client_alive_interval);
M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk);
+ M_CP_INTOPT(use_kuserok);
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
@@ -2304,6 +2314,7 @@ dump_config(ServerOptions *o)
@@ -2309,6 +2319,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
@ -242,10 +242,10 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
diff -up openssh-7.0p1/servconf.h.kuserok openssh-7.0p1/servconf.h
--- openssh-7.0p1/servconf.h.kuserok 2015-08-12 11:26:21.865536141 +0200
+++ openssh-7.0p1/servconf.h 2015-08-12 11:26:21.876536124 +0200
@@ -180,6 +180,7 @@ typedef struct {
diff -up openssh-7.4p1/servconf.h.kuserok openssh-7.4p1/servconf.h
--- openssh-7.4p1/servconf.h.kuserok 2016-12-23 14:36:07.630465944 +0100
+++ openssh-7.4p1/servconf.h 2016-12-23 14:36:07.645465936 +0100
@@ -174,6 +174,7 @@ typedef struct {
int num_permitted_opens;
@ -253,21 +253,21 @@ diff -up openssh-7.0p1/servconf.h.kuserok openssh-7.0p1/servconf.h
char *chroot_directory;
char *revoked_keys_file;
char *trusted_user_ca_keys;
diff -up openssh-7.0p1/sshd_config.5.kuserok openssh-7.0p1/sshd_config.5
--- openssh-7.0p1/sshd_config.5.kuserok 2015-08-12 11:26:21.867536138 +0200
+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:26:21.877536123 +0200
@@ -872,6 +872,10 @@ Specifies whether to automatically destr
diff -up openssh-7.4p1/sshd_config.5.kuserok openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.kuserok 2016-12-23 14:36:07.637465940 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 15:14:03.117162222 +0100
@@ -850,6 +850,10 @@ Specifies whether to automatically destr
file on logout.
The default is
.Dq yes .
.Cm yes .
+.It Cm KerberosUseKuserok
+Specifies whether to look at .k5login file for user's aliases.
+The default is
+.Dq yes .
+.Cm yes .
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
@@ -1116,6 +1120,7 @@ Available keywords are
@@ -1078,6 +1082,7 @@ Available keywords are
.Cm IPQoS ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
@ -275,10 +275,10 @@ diff -up openssh-7.0p1/sshd_config.5.kuserok openssh-7.0p1/sshd_config.5
.Cm MaxAuthTries ,
.Cm MaxSessions ,
.Cm PasswordAuthentication ,
diff -up openssh-7.0p1/sshd_config.kuserok openssh-7.0p1/sshd_config
--- openssh-7.0p1/sshd_config.kuserok 2015-08-12 11:26:21.867536138 +0200
+++ openssh-7.0p1/sshd_config 2015-08-12 11:26:21.876536124 +0200
@@ -87,6 +87,7 @@ ChallengeResponseAuthentication no
diff -up openssh-7.4p1/sshd_config.kuserok openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.kuserok 2016-12-23 14:36:07.631465943 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 14:36:07.646465935 +0100
@@ -73,6 +73,7 @@ ChallengeResponseAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

View File

@ -1,8 +1,18 @@
diff --git a/openbsd-compat/port-linux-sshd.c b/openbsd-compat/port-linux-sshd.c
index c18524e..d04f4ed 100644
--- a/openbsd-compat/port-linux-sshd.c
+++ b/openbsd-compat/port-linux-sshd.c
@@ -409,6 +409,28 @@ sshd_selinux_setup_exec_context(char *pwname)
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.privsep-selinux openssh-7.4p1/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.privsep-selinux 2016-12-23 18:58:52.972122201 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:58:52.974122201 +0100
@@ -23,6 +23,7 @@ void ssh_selinux_setup_pty(char *, const
void ssh_selinux_change_context(const char *);
void ssh_selinux_setfscreatecon(const char *);
+void sshd_selinux_copy_context(void);
void sshd_selinux_setup_exec_context(char *);
#endif
diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux openssh-7.4p1/openbsd-compat/port-linux-sshd.c
--- openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux 2016-12-23 18:58:52.973122201 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux-sshd.c 2016-12-23 18:58:52.974122201 +0100
@@ -419,6 +419,28 @@ sshd_selinux_setup_exec_context(char *pw
debug3("%s: done", __func__);
}
@ -31,23 +41,19 @@ index c18524e..d04f4ed 100644
#endif
#endif
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 8ef6cc4..b18893c 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -25,6 +25,7 @@ void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_change_context(const char *);
void ssh_selinux_setfscreatecon(const char *);
diff -up openssh-7.4p1/session.c.privsep-selinux openssh-7.4p1/session.c
--- openssh-7.4p1/session.c.privsep-selinux 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/session.c 2016-12-23 18:58:52.974122201 +0100
@@ -1331,7 +1331,7 @@ do_setusercontext(struct passwd *pw)
+void sshd_selinux_copy_context(void);
void sshd_selinux_setup_exec_context(char *);
#endif
platform_setusercontext(pw);
diff --git a/session.c b/session.c
index 2bcf818..b5dc144 100644
--- a/session.c
+++ b/session.c
@@ -1538,6 +1538,9 @@ do_setusercontext(struct passwd *pw)
- if (platform_privileged_uidswap()) {
+ if (platform_privileged_uidswap() && (!is_child || !use_privsep)) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
@@ -1361,6 +1361,9 @@ do_setusercontext(struct passwd *pw)
pw->pw_uid);
chroot_path = percent_expand(tmp, "h", pw->pw_dir,
"u", pw->pw_name, (char *)NULL);
@ -57,7 +63,7 @@ index 2bcf818..b5dc144 100644
safely_chroot(chroot_path, pw->pw_uid);
free(tmp);
free(chroot_path);
@@ -1565,6 +1568,11 @@ do_setusercontext(struct passwd *pw)
@@ -1396,6 +1399,11 @@ do_setusercontext(struct passwd *pw)
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
@ -69,7 +75,7 @@ index 2bcf818..b5dc144 100644
} else if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
fatal("server lacks privileges to chroot to ChrootDirectory");
@@ -1588,9 +1588,6 @@ do_pwchange(Session *s)
@@ -1413,9 +1421,6 @@ do_pwchange(Session *s)
if (s->ttyfd != -1) {
fprintf(stderr,
"You must change your password now and login again!\n");
@ -79,7 +85,7 @@ index 2bcf818..b5dc144 100644
#ifdef PASSWD_NEEDS_USERNAME
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
(char *)NULL);
@@ -1826,9 +1835,6 @@ do_child(Session *s, const char *command)
@@ -1625,9 +1630,6 @@ do_child(Session *s, const char *command
argv[i] = NULL;
optind = optreset = 1;
__progname = argv[0];
@ -89,11 +95,10 @@ index 2bcf818..b5dc144 100644
exit(sftp_server_main(i, argv, s->pw));
}
diff --git a/sshd.c b/sshd.c
index 07f9926..a97f8b7 100644
--- a/sshd.c
+++ b/sshd.c
@@ -632,6 +632,10 @@ privsep_preauth_child(void)
diff -up openssh-7.4p1/sshd.c.privsep-selinux openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.privsep-selinux 2016-12-23 18:58:52.973122201 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 18:59:13.808124269 +0100
@@ -540,6 +540,10 @@ privsep_preauth_child(void)
/* Demote the private keys to public keys. */
demote_sensitive_data();
@ -104,26 +109,13 @@ index 07f9926..a97f8b7 100644
/* Demote the child */
if (getuid() == 0 || geteuid() == 0) {
/* Change our root directory */
@@ -755,6 +755,9 @@ privsep_postauth(Authctxt *authctxt)
@@ -633,6 +637,9 @@ privsep_postauth(Authctxt *authctxt)
{
#ifdef DISABLE_FD_PASSING
if (1) {
+#elif defined(WITH_SELINUX)
+ if (options.use_login) {
+ if (0) {
+ /* even root user can be confined by SELinux */
#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
if (authctxt->pw->pw_uid == 0) {
#endif
diff --git a/session.c b/session.c
index 684f867..09048bc 100644
--- a/session.c
+++ b/session.c
@@ -1538,7 +1538,7 @@ do_setusercontext(struct passwd *pw)
platform_setusercontext(pw);
- if (platform_privileged_uidswap()) {
+ if (platform_privileged_uidswap() && (!is_child || !use_privsep)) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {

View File

@ -1,8 +1,7 @@
diff --git a/ssh_config b/ssh_config
index 49a4f6c..3f83c40 100644
--- a/ssh_config
+++ b/ssh_config
@@ -46,3 +46,7 @@
diff -up openssh-7.4p1/ssh_config.redhat openssh-7.4p1/ssh_config
--- openssh-7.4p1/ssh_config.redhat 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh_config 2016-12-23 13:32:00.045220402 +0100
@@ -48,3 +48,7 @@
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
@ -10,9 +9,9 @@ index 49a4f6c..3f83c40 100644
+# To modify the system-wide ssh configuration, create a *.conf file under
+# /etc/ssh/ssh_config.d/ which will be automatically included below
+Include /etc/ssh/ssh_config.d/*.conf
diff --git a/ssh_config_redhat b/ssh_config_redhat
--- /dev/null
+++ b/ssh_config_redhat
diff -up openssh-7.4p1/ssh_config_redhat.redhat openssh-7.4p1/ssh_config_redhat
--- openssh-7.4p1/ssh_config_redhat.redhat 2016-12-23 13:32:00.045220402 +0100
+++ openssh-7.4p1/ssh_config_redhat 2016-12-23 13:32:00.045220402 +0100
@@ -0,0 +1,20 @@
+# Follow system-wide Crypto Poliicy, if defined:
+Include /etc/crypto-policies/back-ends/openssh.txt
@ -34,11 +33,38 @@ diff --git a/ssh_config_redhat b/ssh_config_redhat
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+ SendEnv XMODIFIERS
diff --git a/sshd_config b/sshd_config
index c735429..e68ddee 100644
--- a/sshd_config
+++ b/sshd_config
@@ -10,6 +10,10 @@
diff -up openssh-7.4p1/sshd_config.0.redhat openssh-7.4p1/sshd_config.0
--- openssh-7.4p1/sshd_config.0.redhat 2016-12-19 06:21:22.000000000 +0100
+++ openssh-7.4p1/sshd_config.0 2016-12-23 13:32:00.045220402 +0100
@@ -837,9 +837,9 @@ DESCRIPTION
SyslogFacility
Gives the facility code that is used when logging messages from
- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
- default is AUTH.
+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages
diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.redhat 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 13:32:00.046220403 +0100
@@ -1393,7 +1393,7 @@ By default no subsystems are defined.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
.Xr sshd 8 .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.It Cm TCPKeepAlive
diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.redhat 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 13:33:05.386233133 +0100
@@ -10,21 +10,26 @@
# possible, but leave them commented. Uncommented options override the
# default value.
@ -49,10 +75,8 @@ index c735429..e68ddee 100644
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -21,10 +25,10 @@
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#ListenAddress ::
-#HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
@ -61,9 +85,8 @@ index c735429..e68ddee 100644
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
@@ -36,6 +40,7 @@
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
@ -71,7 +94,7 @@ index c735429..e68ddee 100644
#LogLevel INFO
# Authentication:
@@ -71,9 +76,11 @@ AuthorizedKeysFile .ssh/authorized_keys
@@ -57,9 +62,11 @@ AuthorizedKeysFile .ssh/authorized_keys
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
@ -83,7 +106,7 @@ index c735429..e68ddee 100644
# Kerberos options
#KerberosAuthentication no
@@ -82,8 +89,8 @@ AuthorizedKeysFile .ssh/authorized_keys
@@ -68,8 +75,8 @@ AuthorizedKeysFile .ssh/authorized_keys
#KerberosGetAFSToken no
# GSSAPI options
@ -94,7 +117,7 @@ index c735429..e68ddee 100644
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
@@ -94,12 +101,12 @@ AuthorizedKeysFile .ssh/authorized_keys
@@ -80,12 +87,12 @@ AuthorizedKeysFile .ssh/authorized_keys
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
@ -109,7 +132,7 @@ index c735429..e68ddee 100644
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
@@ -122,6 +129,12 @@ UsePrivilegeSeparation sandbox # Default for new installations.
@@ -108,6 +115,12 @@ AuthorizedKeysFile .ssh/authorized_keys
# no default banner path
#Banner none
@ -122,33 +145,3 @@ index c735429..e68ddee 100644
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
diff --git a/sshd_config.0 b/sshd_config.0
index 413c260..87e7ee7 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -675,9 +675,9 @@ DESCRIPTION
SyslogFacility
Gives the facility code that is used when logging messages from
- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
- default is AUTH.
+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages
diff --git a/sshd_config.5 b/sshd_config.5
index ce71efe..12465c2 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1131,7 +1131,7 @@ Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
.Xr sshd 8 .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.It Cm TCPKeepAlive

View File

@ -1,157 +1,6 @@
diff -up openssh/auth-pam.c.role-mls openssh/auth-pam.c
--- openssh/auth-pam.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth-pam.c 2016-07-26 12:37:48.793593333 +0200
@@ -1095,7 +1095,7 @@ is_pam_session_open(void)
* during the ssh authentication process.
*/
int
-do_pam_putenv(char *name, char *value)
+do_pam_putenv(char *name, const char *value)
{
int ret = 1;
#ifdef HAVE_PAM_PUTENV
diff -up openssh/auth-pam.h.role-mls openssh/auth-pam.h
--- openssh/auth-pam.h.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth-pam.h 2016-07-26 12:37:48.793593333 +0200
@@ -38,7 +38,7 @@ void do_pam_session(void);
void do_pam_set_tty(const char *);
void do_pam_setcred(int );
void do_pam_chauthtok(void);
-int do_pam_putenv(char *, char *);
+int do_pam_putenv(char *, const char *);
char ** fetch_pam_environment(void);
char ** fetch_pam_child_environment(void);
void free_pam_environment(char **);
diff -up openssh/auth.h.role-mls openssh/auth.h
--- openssh/auth.h.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth.h 2016-07-26 12:37:48.793593333 +0200
@@ -62,6 +62,9 @@ struct Authctxt {
char *service;
struct passwd *pw; /* set if 'valid' */
char *style;
+#ifdef WITH_SELINUX
+ char *role;
+#endif
void *kbdintctxt;
char *info; /* Extra info for next auth_log */
#ifdef BSD_AUTH
diff -up openssh/auth1.c.role-mls openssh/auth1.c
--- openssh/auth1.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth1.c 2016-07-26 12:37:48.793593333 +0200
@@ -384,6 +384,9 @@ do_authentication(Authctxt *authctxt)
{
u_int ulen;
char *user, *style = NULL;
+#ifdef WITH_SELINUX
+ char *role=NULL;
+#endif
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
@@ -392,11 +395,24 @@ do_authentication(Authctxt *authctxt)
user = packet_get_cstring(&ulen);
packet_check_eom();
+#ifdef WITH_SELINUX
+ if ((role = strchr(user, '/')) != NULL)
+ *role++ = '\0';
+#endif
+
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
+#ifdef WITH_SELINUX
+ else
+ if (role && (style = strchr(role, ':')) != NULL)
+ *style++ = '\0';
+#endif
authctxt->user = user;
authctxt->style = style;
+#ifdef WITH_SELINUX
+ authctxt->role = role;
+#endif
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
--- openssh/auth2-gss.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth2-gss.c 2016-07-26 12:37:48.794593332 +0200
@@ -255,6 +255,7 @@ input_gssapi_mic(int type, u_int32_t ple
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
int authenticated = 0;
+ char *micuser;
Buffer b;
gss_buffer_desc mic, gssbuf;
u_int len;
@@ -267,7 +268,13 @@ input_gssapi_mic(int type, u_int32_t ple
mic.value = packet_get_string(&len);
mic.length = len;
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+#ifdef WITH_SELINUX
+ if (authctxt->role && (strlen(authctxt->role) > 0))
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
+ else
+#endif
+ micuser = authctxt->user;
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service,
"gssapi-with-mic");
gssbuf.value = buffer_ptr(&b);
@@ -279,6 +286,8 @@ input_gssapi_mic(int type, u_int32_t ple
logit("GSSAPI MIC check failed");
buffer_free(&b);
+ if (micuser != authctxt->user)
+ free(micuser);
free(mic.value);
authctxt->postponed = 0;
diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c
--- openssh/auth2-hostbased.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth2-hostbased.c 2016-07-26 12:37:48.794593332 +0200
@@ -121,7 +121,15 @@ userauth_hostbased(Authctxt *authctxt)
buffer_put_string(&b, session_id2, session_id2_len);
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- buffer_put_cstring(&b, authctxt->user);
+#ifdef WITH_SELINUX
+ if (authctxt->role) {
+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
+ buffer_append(&b, authctxt->user, strlen(authctxt->user));
+ buffer_put_char(&b, '/');
+ buffer_append(&b, authctxt->role, strlen(authctxt->role));
+ } else
+#endif
+ buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b, service);
buffer_put_cstring(&b, "hostbased");
buffer_put_string(&b, pkalg, alen);
diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c
--- openssh/auth2-pubkey.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth2-pubkey.c 2016-07-26 12:37:48.794593332 +0200
@@ -151,9 +151,15 @@ userauth_pubkey(Authctxt *authctxt)
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ xasprintf(&userstyle, "%s%s%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
- authctxt->style ? authctxt->style : "");
+ authctxt->style ? authctxt->style : "",
+#ifdef WITH_SELINUX
+ authctxt->role ? "/" : "",
+ authctxt->role ? authctxt->role : "");
+#else
+ "", "");
+#endif
buffer_put_cstring(&b, userstyle);
free(userstyle);
buffer_put_cstring(&b,
diff -up openssh/auth2.c.role-mls openssh/auth2.c
--- openssh/auth2.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/auth2.c 2016-07-26 12:37:48.794593332 +0200
diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
--- openssh-7.4p1/auth2.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth2.c 2016-12-23 12:19:58.587459379 +0100
@@ -215,6 +215,9 @@ input_userauth_request(int type, u_int32
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
@ -191,9 +40,122 @@ diff -up openssh/auth2.c.role-mls openssh/auth2.c
userauth_banner();
if (auth2_setup_methods_lists(authctxt) != 0)
packet_disconnect("no authentication methods enabled");
diff -up openssh/misc.c.role-mls openssh/misc.c
--- openssh/misc.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/misc.c 2016-07-26 12:37:48.794593332 +0200
diff -up openssh-7.4p1/auth2-gss.c.role-mls openssh-7.4p1/auth2-gss.c
--- openssh-7.4p1/auth2-gss.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth2-gss.c 2016-12-23 12:19:58.586459382 +0100
@@ -255,6 +255,7 @@ input_gssapi_mic(int type, u_int32_t ple
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
int authenticated = 0;
+ char *micuser;
Buffer b;
gss_buffer_desc mic, gssbuf;
u_int len;
@@ -267,7 +268,13 @@ input_gssapi_mic(int type, u_int32_t ple
mic.value = packet_get_string(&len);
mic.length = len;
- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+#ifdef WITH_SELINUX
+ if (authctxt->role && (strlen(authctxt->role) > 0))
+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
+ else
+#endif
+ micuser = authctxt->user;
+ ssh_gssapi_buildmic(&b, micuser, authctxt->service,
"gssapi-with-mic");
gssbuf.value = buffer_ptr(&b);
@@ -279,6 +286,8 @@ input_gssapi_mic(int type, u_int32_t ple
logit("GSSAPI MIC check failed");
buffer_free(&b);
+ if (micuser != authctxt->user)
+ free(micuser);
free(mic.value);
authctxt->postponed = 0;
diff -up openssh-7.4p1/auth2-hostbased.c.role-mls openssh-7.4p1/auth2-hostbased.c
--- openssh-7.4p1/auth2-hostbased.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth2-hostbased.c 2016-12-23 12:19:58.586459382 +0100
@@ -121,7 +121,15 @@ userauth_hostbased(Authctxt *authctxt)
buffer_put_string(&b, session_id2, session_id2_len);
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- buffer_put_cstring(&b, authctxt->user);
+#ifdef WITH_SELINUX
+ if (authctxt->role) {
+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
+ buffer_append(&b, authctxt->user, strlen(authctxt->user));
+ buffer_put_char(&b, '/');
+ buffer_append(&b, authctxt->role, strlen(authctxt->role));
+ } else
+#endif
+ buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b, service);
buffer_put_cstring(&b, "hostbased");
buffer_put_string(&b, pkalg, alen);
diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c
--- openssh-7.4p1/auth2-pubkey.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth2-pubkey.c 2016-12-23 12:19:58.587459379 +0100
@@ -151,9 +151,15 @@ userauth_pubkey(Authctxt *authctxt)
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ xasprintf(&userstyle, "%s%s%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
- authctxt->style ? authctxt->style : "");
+ authctxt->style ? authctxt->style : "",
+#ifdef WITH_SELINUX
+ authctxt->role ? "/" : "",
+ authctxt->role ? authctxt->role : "");
+#else
+ "", "");
+#endif
buffer_put_cstring(&b, userstyle);
free(userstyle);
buffer_put_cstring(&b,
diff -up openssh-7.4p1/auth.h.role-mls openssh-7.4p1/auth.h
--- openssh-7.4p1/auth.h.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth.h 2016-12-23 12:19:43.478510375 +0100
@@ -62,6 +62,9 @@ struct Authctxt {
char *service;
struct passwd *pw; /* set if 'valid' */
char *style;
+#ifdef WITH_SELINUX
+ char *role;
+#endif
void *kbdintctxt;
char *info; /* Extra info for next auth_log */
#ifdef BSD_AUTH
diff -up openssh-7.4p1/auth-pam.c.role-mls openssh-7.4p1/auth-pam.c
--- openssh-7.4p1/auth-pam.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth-pam.c 2016-12-23 12:19:43.477510378 +0100
@@ -1087,7 +1087,7 @@ is_pam_session_open(void)
* during the ssh authentication process.
*/
int
-do_pam_putenv(char *name, char *value)
+do_pam_putenv(char *name, const char *value)
{
int ret = 1;
#ifdef HAVE_PAM_PUTENV
diff -up openssh-7.4p1/auth-pam.h.role-mls openssh-7.4p1/auth-pam.h
--- openssh-7.4p1/auth-pam.h.role-mls 2016-12-23 12:19:43.478510375 +0100
+++ openssh-7.4p1/auth-pam.h 2016-12-23 12:21:44.698101234 +0100
@@ -31,7 +31,7 @@ u_int do_pam_account(void);
void do_pam_session(void);
void do_pam_setcred(int );
void do_pam_chauthtok(void);
-int do_pam_putenv(char *, char *);
+int do_pam_putenv(char *, const char *);
char ** fetch_pam_environment(void);
char ** fetch_pam_child_environment(void);
void free_pam_environment(char **);
diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c
--- openssh-7.4p1/misc.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/misc.c 2016-12-23 12:19:58.587459379 +0100
@@ -432,6 +432,7 @@ char *
colon(char *cp)
{
@ -216,10 +178,10 @@ diff -up openssh/misc.c.role-mls openssh/misc.c
}
return NULL;
}
diff -up openssh/monitor.c.role-mls openssh/monitor.c
--- openssh/monitor.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/monitor.c 2016-07-26 12:44:19.363379490 +0200
@@ -128,6 +128,9 @@ int mm_answer_sign(int, Buffer *);
diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
--- openssh-7.4p1/monitor.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/monitor.c 2016-12-23 12:23:03.503835248 +0100
@@ -127,6 +127,9 @@ int mm_answer_sign(int, Buffer *);
int mm_answer_pwnamallow(int, Buffer *);
int mm_answer_auth2_read_banner(int, Buffer *);
int mm_answer_authserv(int, Buffer *);
@ -229,7 +191,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
int mm_answer_authpassword(int, Buffer *);
int mm_answer_bsdauthquery(int, Buffer *);
int mm_answer_bsdauthrespond(int, Buffer *);
@@ -207,6 +210,9 @@ struct mon_table mon_dispatch_proto20[]
@@ -202,6 +205,9 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@ -239,17 +201,17 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM
@@ -863,6 +869,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
else {
/* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -769,6 +775,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
/* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
+#ifdef WITH_SELINUX
+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
+#endif
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
}
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
#ifdef USE_PAM
@@ -904,6 +913,25 @@ mm_answer_authserv(int sock, Buffer *m)
@@ -810,6 +819,25 @@ mm_answer_authserv(int sock, Buffer *m)
return (0);
}
@ -275,7 +237,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
int
mm_answer_authpassword(int sock, Buffer *m)
{
@@ -1300,7 +1328,7 @@ monitor_valid_userblob(u_char *data, u_i
@@ -1208,7 +1236,7 @@ monitor_valid_userblob(u_char *data, u_i
{
Buffer b;
u_char *p;
@ -284,7 +246,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
u_int len;
int fail = 0;
@@ -1326,6 +1354,8 @@ monitor_valid_userblob(u_char *data, u_i
@@ -1234,6 +1262,8 @@ monitor_valid_userblob(u_char *data, u_i
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
cp = buffer_get_cstring(&b, NULL);
@ -293,7 +255,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
@@ -1361,7 +1391,7 @@ monitor_valid_hostbasedblob(u_char *data
@@ -1269,7 +1299,7 @@ monitor_valid_hostbasedblob(u_char *data
char *chost)
{
Buffer b;
@ -302,7 +264,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
u_int len;
int fail = 0;
@@ -1378,6 +1408,8 @@ monitor_valid_hostbasedblob(u_char *data
@@ -1286,6 +1316,8 @@ monitor_valid_hostbasedblob(u_char *data
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
p = buffer_get_cstring(&b, NULL);
@ -311,9 +273,9 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
diff -up openssh/monitor.h.role-mls openssh/monitor.h
--- openssh/monitor.h.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/monitor.h 2016-07-26 12:37:48.795593331 +0200
diff -up openssh-7.4p1/monitor.h.role-mls openssh-7.4p1/monitor.h
--- openssh-7.4p1/monitor.h.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/monitor.h 2016-12-23 12:19:58.588459376 +0100
@@ -57,6 +57,10 @@ enum monitor_reqtype {
MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
MONITOR_REQ_TERM = 50,
@ -325,10 +287,10 @@ diff -up openssh/monitor.h.role-mls openssh/monitor.h
MONITOR_REQ_PAM_START = 100,
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105,
diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c
--- openssh/monitor_wrap.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/monitor_wrap.c 2016-07-26 12:37:48.795593331 +0200
@@ -346,6 +346,25 @@ mm_inform_authserv(char *service, char *
diff -up openssh-7.4p1/monitor_wrap.c.role-mls openssh-7.4p1/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 12:19:58.588459376 +0100
@@ -345,6 +345,25 @@ mm_inform_authserv(char *service, char *
buffer_free(&m);
}
@ -354,9 +316,9 @@ diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c
/* Do the password authentication */
int
mm_auth_password(Authctxt *authctxt, char *password)
diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h
--- openssh/monitor_wrap.h.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/monitor_wrap.h 2016-07-26 12:37:48.795593331 +0200
diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h
--- openssh-7.4p1/monitor_wrap.h.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/monitor_wrap.h 2016-12-23 12:19:58.588459376 +0100
@@ -42,6 +42,9 @@ int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *);
@ -367,21 +329,90 @@ diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h
struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct Authctxt *, char *);
diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Makefile.in
--- openssh/openbsd-compat/Makefile.in.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/openbsd-compat/Makefile.in 2016-07-26 12:37:48.795593331 +0200
diff -up openssh-7.4p1/openbsd-compat/Makefile.in.role-mls openssh-7.4p1/openbsd-compat/Makefile.in
--- openssh-7.4p1/openbsd-compat/Makefile.in.role-mls 2016-12-23 12:19:58.588459376 +0100
+++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 12:24:06.042643938 +0100
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
-PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
+PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compat/port-linux-sshd.c
--- openssh/openbsd-compat/port-linux-sshd.c.role-mls 2016-07-26 12:37:48.796593331 +0200
+++ openssh/openbsd-compat/port-linux-sshd.c 2016-07-26 12:37:48.796593331 +0200
diff -up openssh-7.4p1/openbsd-compat/port-linux.c.role-mls openssh-7.4p1/openbsd-compat/port-linux.c
--- openssh-7.4p1/openbsd-compat/port-linux.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.c 2016-12-23 12:19:58.590459369 +0100
@@ -101,37 +101,6 @@ ssh_selinux_getctxbyname(char *pwname)
return sc;
}
-/* Set the execution context to the default for the specified user */
-void
-ssh_selinux_setup_exec_context(char *pwname)
-{
- security_context_t user_ctx = NULL;
-
- if (!ssh_selinux_enabled())
- return;
-
- debug3("%s: setting execution context", __func__);
-
- user_ctx = ssh_selinux_getctxbyname(pwname);
- if (setexeccon(user_ctx) != 0) {
- switch (security_getenforce()) {
- case -1:
- fatal("%s: security_getenforce() failed", __func__);
- case 0:
- error("%s: Failed to set SELinux execution "
- "context for %s", __func__, pwname);
- break;
- default:
- fatal("%s: Failed to set SELinux execution context "
- "for %s (in enforcing mode)", __func__, pwname);
- }
- }
- if (user_ctx != NULL)
- freecon(user_ctx);
-
- debug3("%s: done", __func__);
-}
-
/* Set the TTY context for the specified user */
void
ssh_selinux_setup_pty(char *pwname, const char *tty)
@@ -145,7 +114,11 @@ ssh_selinux_setup_pty(char *pwname, cons
debug3("%s: setting TTY context on %s", __func__, tty);
- user_ctx = ssh_selinux_getctxbyname(pwname);
+ if (getexeccon(&user_ctx) != 0) {
+ error("%s: getexeccon: %s", __func__, strerror(errno));
+ goto out;
+ }
+
/* XXX: should these calls fatal() upon failure in enforcing mode? */
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.role-mls openssh-7.4p1/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 12:19:58.591459365 +0100
@@ -20,9 +20,10 @@
#ifdef WITH_SELINUX
int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
-void ssh_selinux_setup_exec_context(char *);
void ssh_selinux_change_context(const char *);
void ssh_selinux_setfscreatecon(const char *);
+
+void sshd_selinux_setup_exec_context(char *);
#endif
#ifdef LINUX_OOM_ADJUST
diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/openbsd-compat/port-linux-sshd.c
--- openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls 2016-12-23 12:19:58.590459369 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux-sshd.c 2016-12-23 12:19:58.590459369 +0100
@@ -0,0 +1,424 @@
+/*
+ * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@ -807,79 +838,10 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
+#endif
+#endif
+
diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/port-linux.c
--- openssh/openbsd-compat/port-linux.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/openbsd-compat/port-linux.c 2016-07-26 12:37:48.796593331 +0200
@@ -103,37 +103,6 @@ ssh_selinux_getctxbyname(char *pwname)
return sc;
}
-/* Set the execution context to the default for the specified user */
-void
-ssh_selinux_setup_exec_context(char *pwname)
-{
- security_context_t user_ctx = NULL;
-
- if (!ssh_selinux_enabled())
- return;
-
- debug3("%s: setting execution context", __func__);
-
- user_ctx = ssh_selinux_getctxbyname(pwname);
- if (setexeccon(user_ctx) != 0) {
- switch (security_getenforce()) {
- case -1:
- fatal("%s: security_getenforce() failed", __func__);
- case 0:
- error("%s: Failed to set SELinux execution "
- "context for %s", __func__, pwname);
- break;
- default:
- fatal("%s: Failed to set SELinux execution context "
- "for %s (in enforcing mode)", __func__, pwname);
- }
- }
- if (user_ctx != NULL)
- freecon(user_ctx);
-
- debug3("%s: done", __func__);
-}
-
/* Set the TTY context for the specified user */
void
ssh_selinux_setup_pty(char *pwname, const char *tty)
@@ -147,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, cons
debug3("%s: setting TTY context on %s", __func__, tty);
- user_ctx = ssh_selinux_getctxbyname(pwname);
+ if (getexeccon(&user_ctx) != 0) {
+ error("%s: getexeccon: %s", __func__, strerror(errno));
+ goto out;
+ }
+
/* XXX: should these calls fatal() upon failure in enforcing mode? */
diff -up openssh/openbsd-compat/port-linux.h.role-mls openssh/openbsd-compat/port-linux.h
--- openssh/openbsd-compat/port-linux.h.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/openbsd-compat/port-linux.h 2016-07-26 12:37:48.796593331 +0200
@@ -22,9 +22,10 @@
#ifdef WITH_SELINUX
int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
-void ssh_selinux_setup_exec_context(char *);
void ssh_selinux_change_context(const char *);
void ssh_selinux_setfscreatecon(const char *);
+
+void sshd_selinux_setup_exec_context(char *);
#endif
#ifdef LINUX_OOM_ADJUST
diff -up openssh/platform.c.role-mls openssh/platform.c
--- openssh/platform.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/platform.c 2016-07-26 12:37:48.796593331 +0200
@@ -186,7 +186,7 @@ platform_setusercontext_post_groups(stru
diff -up openssh-7.4p1/platform.c.role-mls openssh-7.4p1/platform.c
--- openssh-7.4p1/platform.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/platform.c 2016-12-23 12:19:58.591459365 +0100
@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(stru
}
#endif /* HAVE_SETPCRED */
#ifdef WITH_SELINUX
@ -888,10 +850,10 @@ diff -up openssh/platform.c.role-mls openssh/platform.c
#endif
}
diff -up openssh/sshd.c.role-mls openssh/sshd.c
--- openssh/sshd.c.role-mls 2016-07-24 13:50:13.000000000 +0200
+++ openssh/sshd.c 2016-07-26 12:37:48.796593331 +0200
@@ -2295,6 +2295,9 @@ main(int ac, char **av)
diff -up openssh-7.4p1/sshd.c.role-mls openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 12:19:58.591459365 +0100
@@ -2053,6 +2053,9 @@ main(int ac, char **av)
restore_uid();
}
#endif

View File

@ -1,22 +1,7 @@
diff -up openssh-6.8p1/channels.c.coverity openssh-6.8p1/channels.c
--- openssh-6.8p1/channels.c.coverity 2015-03-18 17:21:51.815265002 +0100
+++ openssh-6.8p1/channels.c 2015-03-18 17:21:51.896264833 +0100
@@ -243,11 +243,11 @@ channel_register_fds(Channel *c, int rfd
channel_max_fd = MAX(channel_max_fd, wfd);
channel_max_fd = MAX(channel_max_fd, efd);
- if (rfd != -1)
+ if (rfd >= 0)
fcntl(rfd, F_SETFD, FD_CLOEXEC);
- if (wfd != -1 && wfd != rfd)
+ if (wfd >= 0 && wfd != rfd)
fcntl(wfd, F_SETFD, FD_CLOEXEC);
- if (efd != -1 && efd != rfd && efd != wfd)
+ if (efd >= 0 && efd != rfd && efd != wfd)
fcntl(efd, F_SETFD, FD_CLOEXEC);
c->rfd = rfd;
@@ -265,11 +265,11 @@ channel_register_fds(Channel *c, int rfd
diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
--- openssh-7.4p1/channels.c.coverity 2016-12-23 16:40:26.881788686 +0100
+++ openssh-7.4p1/channels.c 2016-12-23 16:42:36.244818763 +0100
@@ -288,11 +288,11 @@ channel_register_fds(Channel *c, int rfd
/* enable nonblocking mode */
if (nonblock) {
@ -31,10 +16,10 @@ diff -up openssh-6.8p1/channels.c.coverity openssh-6.8p1/channels.c
set_nonblock(efd);
}
}
diff -up openssh-6.8p1/monitor.c.coverity openssh-6.8p1/monitor.c
--- openssh-6.8p1/monitor.c.coverity 2015-03-18 17:21:51.887264852 +0100
+++ openssh-6.8p1/monitor.c 2015-03-18 17:21:51.897264831 +0100
@@ -444,7 +444,7 @@ monitor_child_preauth(Authctxt *_authctx
diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
--- openssh-7.4p1/monitor.c.coverity 2016-12-23 16:40:26.888788688 +0100
+++ openssh-7.4p1/monitor.c 2016-12-23 16:40:26.900788691 +0100
@@ -411,7 +411,7 @@ monitor_child_preauth(Authctxt *_authctx
mm_get_keystate(pmonitor);
/* Drain any buffered messages from the child */
@ -43,10 +28,10 @@ diff -up openssh-6.8p1/monitor.c.coverity openssh-6.8p1/monitor.c
;
close(pmonitor->m_sendfd);
diff -up openssh-6.8p1/monitor_wrap.c.coverity openssh-6.8p1/monitor_wrap.c
--- openssh-6.8p1/monitor_wrap.c.coverity 2015-03-18 17:21:51.888264849 +0100
+++ openssh-6.8p1/monitor_wrap.c 2015-03-18 17:21:51.897264831 +0100
@@ -533,10 +533,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.coverity 2016-12-23 16:40:26.892788689 +0100
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:40:26.900788691 +0100
@@ -525,10 +525,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
error("%s: cannot allocate fds for pty", __func__);
@ -60,9 +45,9 @@ diff -up openssh-6.8p1/monitor_wrap.c.coverity openssh-6.8p1/monitor_wrap.c
return 0;
}
close(tmp1);
diff -up openssh-6.8p1/openbsd-compat/bindresvport.c.coverity openssh-6.8p1/openbsd-compat/bindresvport.c
--- openssh-6.8p1/openbsd-compat/bindresvport.c.coverity 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/openbsd-compat/bindresvport.c 2015-03-18 17:21:51.897264831 +0100
diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c
--- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/openbsd-compat/bindresvport.c 2016-12-23 16:40:26.901788691 +0100
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
struct sockaddr_in6 *in6;
u_int16_t *portp;
@ -72,10 +57,10 @@ diff -up openssh-6.8p1/openbsd-compat/bindresvport.c.coverity openssh-6.8p1/open
int i;
if (sa == NULL) {
diff -up openssh-6.8p1/scp.c.coverity openssh-6.8p1/scp.c
--- openssh-6.8p1/scp.c.coverity 2015-03-18 17:21:51.868264891 +0100
+++ openssh-6.8p1/scp.c 2015-03-18 17:21:58.281251460 +0100
@@ -156,7 +156,7 @@ killchild(int signo)
diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c
--- openssh-7.4p1/scp.c.coverity 2016-12-23 16:40:26.856788681 +0100
+++ openssh-7.4p1/scp.c 2016-12-23 16:40:26.901788691 +0100
@@ -157,7 +157,7 @@ killchild(int signo)
{
if (do_cmd_pid > 1) {
kill(do_cmd_pid, signo ? signo : SIGTERM);
@ -84,10 +69,10 @@ diff -up openssh-6.8p1/scp.c.coverity openssh-6.8p1/scp.c
}
if (signo)
diff -up openssh-6.8p1/servconf.c.coverity openssh-6.8p1/servconf.c
--- openssh-6.8p1/servconf.c.coverity 2015-03-18 17:21:51.893264839 +0100
+++ openssh-6.8p1/servconf.c 2015-03-18 17:21:58.281251460 +0100
@@ -1475,7 +1475,7 @@ process_server_config_line(ServerOptions
diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.coverity 2016-12-23 16:40:26.896788690 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 16:40:26.901788691 +0100
@@ -1547,7 +1547,7 @@ process_server_config_line(ServerOptions
fatal("%s line %d: Missing subsystem name.",
filename, linenum);
if (!*activep) {
@ -96,7 +81,7 @@ diff -up openssh-6.8p1/servconf.c.coverity openssh-6.8p1/servconf.c
break;
}
for (i = 0; i < options->num_subsystems; i++)
@@ -1566,8 +1566,9 @@ process_server_config_line(ServerOptions
@@ -1638,8 +1638,9 @@ process_server_config_line(ServerOptions
if (*activep && *charptr == NULL) {
*charptr = tilde_expand_filename(arg, getuid());
/* increase optional counter */
@ -108,10 +93,10 @@ diff -up openssh-6.8p1/servconf.c.coverity openssh-6.8p1/servconf.c
}
break;
diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c
--- openssh-6.8p1/serverloop.c.coverity 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/serverloop.c 2015-03-18 17:28:45.616436080 +0100
@@ -147,13 +147,13 @@ notify_setup(void)
diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
--- openssh-7.4p1/serverloop.c.coverity 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/serverloop.c 2016-12-23 16:40:26.902788691 +0100
@@ -125,13 +125,13 @@ notify_setup(void)
static void
notify_parent(void)
{
@ -127,7 +112,7 @@ diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c
FD_SET(notify_pipe[0], readset);
}
static void
@@ -161,8 +161,8 @@ notify_done(fd_set *readset)
@@ -139,8 +139,8 @@ notify_done(fd_set *readset)
{
char c;
@ -138,80 +123,7 @@ diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c
debug2("notify_done: reading");
}
@@ -337,7 +337,7 @@ wait_until_can_do_something(fd_set **rea
* If we have buffered data, try to write some of that data
* to the program.
*/
- if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
+ if (fdin >= 0 && buffer_len(&stdin_buffer) > 0)
FD_SET(fdin, *writesetp);
}
notify_prepare(*readsetp);
@@ -477,7 +477,7 @@ process_output(fd_set *writeset)
int len;
/* Write buffered data to program stdin. */
- if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
+ if (!compat20 && fdin >= 0 && FD_ISSET(fdin, writeset)) {
data = buffer_ptr(&stdin_buffer);
dlen = buffer_len(&stdin_buffer);
len = write(fdin, data, dlen);
@@ -590,7 +590,7 @@ server_loop(pid_t pid, int fdin_arg, int
set_nonblock(fdin);
set_nonblock(fdout);
/* we don't have stderr for interactive terminal sessions, see below */
- if (fderr != -1)
+ if (fderr >= 0)
set_nonblock(fderr);
if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
@@ -614,7 +614,7 @@ server_loop(pid_t pid, int fdin_arg, int
max_fd = MAX(connection_in, connection_out);
max_fd = MAX(max_fd, fdin);
max_fd = MAX(max_fd, fdout);
- if (fderr != -1)
+ if (fderr >= 0)
max_fd = MAX(max_fd, fderr);
#endif
@@ -644,7 +644,7 @@ server_loop(pid_t pid, int fdin_arg, int
* If we have received eof, and there is no more pending
* input data, cause a real eof by closing fdin.
*/
- if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
+ if (stdin_eof && fdin >= 0 && buffer_len(&stdin_buffer) == 0) {
if (fdin != fdout)
close(fdin);
else
@@ -740,15 +740,15 @@ server_loop(pid_t pid, int fdin_arg, int
buffer_free(&stderr_buffer);
/* Close the file descriptors. */
- if (fdout != -1)
+ if (fdout >= 0)
close(fdout);
fdout = -1;
fdout_eof = 1;
- if (fderr != -1)
+ if (fderr >= 0)
close(fderr);
fderr = -1;
fderr_eof = 1;
- if (fdin != -1)
+ if (fdin >= 0)
close(fdin);
fdin = -1;
@@ -950,7 +950,7 @@ server_input_window_size(int type, u_int
debug("Window change received.");
packet_check_eom();
- if (fdin != -1)
+ if (fdin >= 0)
pty_change_window_size(fdin, row, col, xpixel, ypixel);
return 0;
}
@@ -1043,7 +1043,7 @@ server_request_tun(void)
@@ -518,7 +518,7 @@ server_request_tun(void)
}
tun = packet_get_int();
@ -220,10 +132,10 @@ diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c
if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
goto done;
tun = forced_tun_device;
diff -up openssh-6.8p1/sftp.c.coverity openssh-6.8p1/sftp.c
--- openssh-6.8p1/sftp.c.coverity 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/sftp.c 2015-03-18 17:21:58.283251456 +0100
@@ -223,7 +223,7 @@ killchild(int signo)
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sftp.c 2016-12-23 16:40:26.903788691 +0100
@@ -224,7 +224,7 @@ killchild(int signo)
{
if (sshpid > 1) {
kill(sshpid, SIGTERM);
@ -232,10 +144,10 @@ diff -up openssh-6.8p1/sftp.c.coverity openssh-6.8p1/sftp.c
}
_exit(1);
diff -up openssh-6.8p1/ssh-agent.c.coverity openssh-6.8p1/ssh-agent.c
--- openssh-6.8p1/ssh-agent.c.coverity 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/ssh-agent.c 2015-03-18 17:21:58.284251454 +0100
@@ -1166,8 +1166,8 @@ main(int ac, char **av)
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
--- openssh-7.4p1/ssh-agent.c.coverity 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-agent.c 2016-12-23 16:40:26.903788691 +0100
@@ -1220,8 +1220,8 @@ main(int ac, char **av)
sanitise_stdfd();
/* drop */
@ -246,10 +158,10 @@ diff -up openssh-6.8p1/ssh-agent.c.coverity openssh-6.8p1/ssh-agent.c
platform_disable_tracing(0); /* strict=no */
diff -up openssh-6.8p1/sshd.c.coverity openssh-6.8p1/sshd.c
--- openssh-6.8p1/sshd.c.coverity 2015-03-18 17:21:51.893264839 +0100
+++ openssh-6.8p1/sshd.c 2015-03-18 17:21:58.284251454 +0100
@@ -778,8 +778,10 @@ privsep_preauth(Authctxt *authctxt)
diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.coverity 2016-12-23 16:40:26.897788690 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 16:40:26.904788692 +0100
@@ -691,8 +691,10 @@ privsep_preauth(Authctxt *authctxt)
privsep_preauth_child();
setproctitle("%s", "[net]");
@ -261,7 +173,7 @@ diff -up openssh-6.8p1/sshd.c.coverity openssh-6.8p1/sshd.c
return 0;
}
@@ -1518,6 +1520,9 @@ server_accept_loop(int *sock_in, int *so
@@ -1386,6 +1388,9 @@ server_accept_loop(int *sock_in, int *so
if (num_listen_socks < 0)
break;
}

View File

@ -1,7 +1,7 @@
diff -up openssh/configure.ac.tcp_wrappers openssh/configure.ac
--- openssh/configure.ac.tcp_wrappers 2015-06-24 11:41:04.519293694 +0200
+++ openssh/configure.ac 2015-06-24 11:41:04.556293600 +0200
@@ -1448,6 +1448,62 @@ AC_ARG_WITH([skey],
diff -up openssh-7.4p1/configure.ac.tcp_wrappers openssh-7.4p1/configure.ac
--- openssh-7.4p1/configure.ac.tcp_wrappers 2016-12-23 15:36:38.745411192 +0100
+++ openssh-7.4p1/configure.ac 2016-12-23 15:36:38.777411197 +0100
@@ -1491,6 +1491,62 @@ AC_ARG_WITH([skey],
]
)
@ -64,7 +64,7 @@ diff -up openssh/configure.ac.tcp_wrappers openssh/configure.ac
# Check whether user wants to use ldns
LDNS_MSG="no"
AC_ARG_WITH(ldns,
@@ -5034,6 +5090,7 @@ echo " KerberosV support
@@ -5214,6 +5270,7 @@ echo " KerberosV support
echo " SELinux support: $SELINUX_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
@ -72,10 +72,10 @@ diff -up openssh/configure.ac.tcp_wrappers openssh/configure.ac
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
diff -up openssh/sshd.8.tcp_wrappers openssh/sshd.8
--- openssh/sshd.8.tcp_wrappers 2015-06-24 11:41:04.527293674 +0200
+++ openssh/sshd.8 2015-06-24 11:41:04.556293600 +0200
@@ -860,6 +860,12 @@ the user's home directory becomes access
diff -up openssh-7.4p1/sshd.8.tcp_wrappers openssh-7.4p1/sshd.8
--- openssh-7.4p1/sshd.8.tcp_wrappers 2016-12-23 15:36:38.759411194 +0100
+++ openssh-7.4p1/sshd.8 2016-12-23 15:36:38.778411197 +0100
@@ -836,6 +836,12 @@ the user's home directory becomes access
This file should be writable only by the user, and need not be
readable by anyone else.
.Pp
@ -88,7 +88,7 @@ diff -up openssh/sshd.8.tcp_wrappers openssh/sshd.8
.It Pa /etc/hosts.equiv
This file is for host-based authentication (see
.Xr ssh 1 ) .
@@ -983,6 +989,7 @@ IPv6 address can be used everywhere wher
@@ -960,6 +966,7 @@ IPv6 address can be used everywhere wher
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
@ -96,10 +96,10 @@ diff -up openssh/sshd.8.tcp_wrappers openssh/sshd.8
.Xr login.conf 5 ,
.Xr moduli 5 ,
.Xr sshd_config 5 ,
diff -up openssh/sshd.c.tcp_wrappers openssh/sshd.c
--- openssh/sshd.c.tcp_wrappers 2015-06-24 11:41:04.549293618 +0200
+++ openssh/sshd.c 2015-06-24 11:41:53.331169536 +0200
@@ -125,6 +125,13 @@
diff -up openssh-7.4p1/sshd.c.tcp_wrappers openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.tcp_wrappers 2016-12-23 15:36:38.772411196 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 15:37:15.032417028 +0100
@@ -123,6 +123,13 @@
#include "version.h"
#include "ssherr.h"
@ -110,10 +110,10 @@ diff -up openssh/sshd.c.tcp_wrappers openssh/sshd.c
+int deny_severity;
+#endif /* LIBWRAP */
+
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
@@ -2158,6 +2165,24 @@ main(int ac, char **av)
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -2012,6 +2019,24 @@ main(int ac, char **av)
#ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port);
#endif

View File

@ -1,8 +1,7 @@
diff --git a/servconf.c b/servconf.c
index ad5869b..0255ed3 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1910,6 +1910,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
diff -up openssh-7.4p1/servconf.c.memory openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.memory 2016-12-23 15:37:48.181422360 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 15:38:30.189429116 +0100
@@ -2006,6 +2006,8 @@ copy_set_server_options(ServerOptions *d
dst->n = src->n; \
} while (0)
@ -10,8 +9,8 @@ index ad5869b..0255ed3 100644
+
M_CP_INTOPT(password_authentication);
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(rsa_authentication);
@@ -1947,8 +1949,10 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(pubkey_authentication);
@@ -2058,8 +2060,10 @@ copy_set_server_options(ServerOptions *d
} while(0)
#define M_CP_STRARRAYOPT(n, num_n) do {\
if (src->num_n != 0) { \

View File

@ -1,23 +1,7 @@
From e1d58c44bd911e5ee4dddb6205e16eb9a03cc736 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 7 Aug 2015 10:18:54 +0200
Subject: [PATCH] Possibility tu specify more fingerprint algorithms on client
side for smother transition
---
clientloop.c | 8 ++++----
readconf.c | 43 +++++++++++++++++++++++++++++--------------
readconf.h | 4 +++-
ssh_config.5 | 4 ++--
sshconnect.c | 48 +++++++++++++++++++++++++++---------------------
sshconnect2.c | 6 +++---
6 files changed, 68 insertions(+), 45 deletions(-)
diff --git a/clientloop.c b/clientloop.c
index 87ceb3d..4553114 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -2194,7 +2194,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
diff -up openssh-7.4p1/clientloop.c.fingerprint openssh-7.4p1/clientloop.c
--- openssh-7.4p1/clientloop.c.fingerprint 2016-12-23 15:38:50.520432387 +0100
+++ openssh-7.4p1/clientloop.c 2016-12-23 15:38:50.564432394 +0100
@@ -2279,7 +2279,7 @@ update_known_hosts(struct hostkeys_updat
if (ctx->keys_seen[i] != 2)
continue;
if ((fp = sshkey_fingerprint(ctx->keys[i],
@ -26,7 +10,7 @@ index 87ceb3d..4553114 100644
fatal("%s: sshkey_fingerprint failed", __func__);
do_log2(loglevel, "Learned new hostkey: %s %s",
sshkey_type(ctx->keys[i]), fp);
@@ -2202,7 +2202,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
@@ -2287,7 +2287,7 @@ update_known_hosts(struct hostkeys_updat
}
for (i = 0; i < ctx->nold; i++) {
if ((fp = sshkey_fingerprint(ctx->old_keys[i],
@ -35,7 +19,7 @@ index 87ceb3d..4553114 100644
fatal("%s: sshkey_fingerprint failed", __func__);
do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
sshkey_type(ctx->old_keys[i]), fp);
@@ -2245,7 +2245,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
@@ -2330,7 +2330,7 @@ update_known_hosts(struct hostkeys_updat
(r = hostfile_replace_entries(options.user_hostfiles[0],
ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,
options.hash_known_hosts, 0,
@ -44,7 +28,7 @@ index 87ceb3d..4553114 100644
error("%s: hostfile_replace_entries failed: %s",
__func__, ssh_err(r));
}
@@ -2358,7 +2358,7 @@ client_input_hostkeys(void)
@@ -2443,7 +2443,7 @@ client_input_hostkeys(void)
error("%s: parse key: %s", __func__, ssh_err(r));
goto out;
}
@ -53,11 +37,10 @@ index 87ceb3d..4553114 100644
SSH_FP_DEFAULT);
debug3("%s: received %s key %s", __func__,
sshkey_type(key), fp);
diff --git a/readconf.c b/readconf.c
index 1d03bdf..6af4c62 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1471,16 +1471,18 @@ parse_keytypes:
diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c
--- openssh-7.4p1/readconf.c.fingerprint 2016-12-23 15:38:50.559432393 +0100
+++ openssh-7.4p1/readconf.c 2016-12-23 15:38:50.565432394 +0100
@@ -1668,16 +1668,18 @@ parse_keytypes:
goto parse_string;
case oFingerprintHash:
@ -86,7 +69,7 @@ index 1d03bdf..6af4c62 100644
break;
case oUpdateHostkeys:
@@ -1673,7 +1675,7 @@ initialize_options(Options * options)
@@ -1905,7 +1907,7 @@ initialize_options(Options * options)
options->canonicalize_fallback_local = -1;
options->canonicalize_hostname = -1;
options->revoked_host_keys = NULL;
@ -95,7 +78,7 @@ index 1d03bdf..6af4c62 100644
options->update_hostkeys = -1;
options->hostbased_key_types = NULL;
options->pubkey_key_types = NULL;
@@ -1851,8 +1853,10 @@ fill_default_options(Options * options)
@@ -2102,8 +2104,10 @@ fill_default_options(Options * options)
options->canonicalize_fallback_local = 1;
if (options->canonicalize_hostname == -1)
options->canonicalize_hostname = SSH_CANONICALISE_NO;
@ -108,7 +91,7 @@ index 1d03bdf..6af4c62 100644
if (options->update_hostkeys == -1)
options->update_hostkeys = 0;
if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
@@ -2189,6 +2193,17 @@ dump_cfg_strarray(OpCodes code, u_int count, char **vals)
@@ -2489,6 +2493,17 @@ dump_cfg_strarray(OpCodes code, u_int co
}
static void
@ -126,7 +109,7 @@ index 1d03bdf..6af4c62 100644
dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
{
u_int i;
@@ -2259,7 +2274,6 @@ dump_client_config(Options *o, const char *host)
@@ -2564,7 +2579,6 @@ dump_client_config(Options *o, const cha
dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
@ -134,7 +117,7 @@ index 1d03bdf..6af4c62 100644
dump_cfg_fmtint(oForwardAgent, o->forward_agent);
dump_cfg_fmtint(oForwardX11, o->forward_x11);
dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
@@ -2328,6 +2342,7 @@ dump_client_config(Options *o, const char *host)
@@ -2634,6 +2648,7 @@ dump_client_config(Options *o, const cha
dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
@ -142,10 +125,9 @@ index 1d03bdf..6af4c62 100644
/* Special cases */
diff --git a/readconf.h b/readconf.h
index bb2d552..d817f92 100644
--- a/readconf.h
+++ b/readconf.h
diff -up openssh-7.4p1/readconf.h.fingerprint openssh-7.4p1/readconf.h
--- openssh-7.4p1/readconf.h.fingerprint 2016-12-23 15:38:50.559432393 +0100
+++ openssh-7.4p1/readconf.h 2016-12-23 15:38:50.565432394 +0100
@@ -21,6 +21,7 @@
#define MAX_SEND_ENV 256
#define SSH_MAX_HOSTS_FILES 32
@ -154,7 +136,7 @@ index bb2d552..d817f92 100644
#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path)
struct allowed_cname {
@@ -146,7 +147,8 @@ typedef struct {
@@ -162,7 +163,8 @@ typedef struct {
char *revoked_host_keys;
@ -164,31 +146,60 @@ index bb2d552..d817f92 100644
int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
diff --git a/ssh_config.5 b/ssh_config.5
index 5b0975f..e8e6458 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -647,13 +647,13 @@ or
The default is
.Dq no .
diff -up openssh-7.4p1/ssh_config.5.fingerprint openssh-7.4p1/ssh_config.5
--- openssh-7.4p1/ssh_config.5.fingerprint 2016-12-23 15:38:50.565432394 +0100
+++ openssh-7.4p1/ssh_config.5 2016-12-23 15:40:03.754444166 +0100
@@ -652,12 +652,13 @@ or
.Cm no
(the default).
.It Cm FingerprintHash
-Specifies the hash algorithm used when displaying key fingerprints.
+Specifies the hash algorithms used when displaying key fingerprints.
Valid options are:
.Dq md5
.Cm md5
and
.Dq sha256 .
The default is
-.Dq sha256 .
+.Dq "sha256 md5".
-.Cm sha256
-(the default).
+.Cm sha256 .
+The default is
+.Cm "sha256 md5".
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
diff --git a/sshconnect.c b/sshconnect.c
index f41960c..e12932f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -920,9 +920,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
diff -up openssh-7.4p1/sshconnect2.c.fingerprint openssh-7.4p1/sshconnect2.c
--- openssh-7.4p1/sshconnect2.c.fingerprint 2016-12-23 15:38:50.561432394 +0100
+++ openssh-7.4p1/sshconnect2.c 2016-12-23 15:38:50.566432394 +0100
@@ -677,7 +677,7 @@ input_userauth_pk_ok(int type, u_int32_t
key->type, pktype);
goto done;
}
- if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
goto done;
debug2("input_userauth_pk_ok: fp %s", fp);
@@ -1172,7 +1172,7 @@ sign_and_send_pubkey(Authctxt *authctxt,
int matched, ret = -1, have_sig = 1;
char *fp;
- if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
return 0;
debug3("%s: %s %s", __func__, key_type(id->key), fp);
@@ -1864,7 +1864,7 @@ userauth_hostbased(Authctxt *authctxt)
goto out;
}
- if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL) {
error("%s: sshkey_fingerprint failed", __func__);
goto out;
diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c
--- openssh-7.4p1/sshconnect.c.fingerprint 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshconnect.c 2016-12-23 15:38:50.566432394 +0100
@@ -922,9 +922,9 @@ check_host_key(char *hostname, struct so
"of known hosts.", type, ip);
} else if (options.visual_host_key) {
fp = sshkey_fingerprint(host_key,
@ -200,7 +211,7 @@ index f41960c..e12932f 100644
if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
logit("Host key fingerprint is %s\n%s", fp, ra);
@@ -964,12 +964,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
@@ -966,12 +966,6 @@ check_host_key(char *hostname, struct so
else
snprintf(msg1, sizeof(msg1), ".");
/* The default */
@ -213,14 +224,14 @@ index f41960c..e12932f 100644
msg2[0] = '\0';
if (options.verify_host_key_dns) {
if (matching_host_key_dns)
@@ -983,16 +977,28 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
@@ -985,16 +979,28 @@ check_host_key(char *hostname, struct so
}
snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be "
- "established%s\n"
- "%s key fingerprint is %s.%s%s\n%s"
+ "established%s\n", host, ip, msg1);
+ for (i = 0; i < options.num_fingerprint_hash; i++) {
+ for (i = 0; i < (u_int) options.num_fingerprint_hash; i++) {
+ fp = sshkey_fingerprint(host_key,
+ options.fingerprint_hash[i], SSH_FP_DEFAULT);
+ ra = sshkey_fingerprint(host_key,
@ -251,7 +262,7 @@ index f41960c..e12932f 100644
if (!confirm(msg))
goto fail;
hostkey_trusted = 1; /* user explicitly confirmed */
@@ -1241,7 +1247,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
@@ -1244,7 +1250,7 @@ verify_host_key(char *host, struct socka
struct sshkey *plain = NULL;
if ((fp = sshkey_fingerprint(host_key,
@ -260,7 +271,16 @@ index f41960c..e12932f 100644
error("%s: fingerprint host key: %s", __func__, ssh_err(r));
r = -1;
goto out;
@@ -1405,9 +1411,9 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
@@ -1252,7 +1258,7 @@ verify_host_key(char *host, struct socka
if (sshkey_is_cert(host_key)) {
if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
error("%s: fingerprint CA key: %s",
__func__, ssh_err(r));
r = -1;
@@ -1432,9 +1438,9 @@ show_other_keys(struct hostkeys *hostkey
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
continue;
fp = sshkey_fingerprint(found->key,
@ -272,7 +292,7 @@ index f41960c..e12932f 100644
if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
logit("WARNING: %s key found for host %s\n"
@@ -1430,7 +1436,7 @@ warn_changed_key(Key *host_key)
@@ -1457,7 +1463,7 @@ warn_changed_key(Key *host_key)
{
char *fp;
@ -281,42 +301,10 @@ index f41960c..e12932f 100644
SSH_FP_DEFAULT);
if (fp == NULL)
fatal("%s: sshkey_fingerprint fail", __func__);
diff --git a/sshconnect2.c b/sshconnect2.c
index 7751031..82ed92e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -589,7 +589,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
key->type, pktype);
goto done;
}
- if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
goto done;
debug2("input_userauth_pk_ok: fp %s", fp);
@@ -1009,7 +1009,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
int matched, ret = -1, have_sig = 1;
char *fp;
- if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL)
return 0;
debug3("%s: %s %s", __func__, key_type(id->key), fp);
@@ -1635,7 +1635,7 @@ userauth_hostbased(Authctxt *authctxt)
goto out;
}
- if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
+ if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0],
SSH_FP_DEFAULT)) == NULL) {
error("%s: sshkey_fingerprint failed", __func__);
goto out;
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 1dca3e2..23bff7d 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -275,7 +275,7 @@ main(int argc, char **argv)
diff -up openssh-7.4p1/ssh-keysign.c.fingerprint openssh-7.4p1/ssh-keysign.c
--- openssh-7.4p1/ssh-keysign.c.fingerprint 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-keysign.c 2016-12-23 15:38:50.566432394 +0100
@@ -285,7 +285,7 @@ main(int argc, char **argv)
}
}
if (!found) {
@ -325,21 +313,3 @@ index 1dca3e2..23bff7d 100644
SSH_FP_DEFAULT)) == NULL)
fatal("%s: sshkey_fingerprint failed", __progname);
fatal("no matching hostkey found for key %s %s",
--
2.1.0
diff --git a/sshconnect.c b/sshconnect.c
index de7ace6..f16e606 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1262,7 +1262,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
if (sshkey_is_cert(host_key)) {
if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
error("%s: fingerprint CA key: %s",
__func__, ssh_err(r));
r = -1;

View File

@ -1,7 +1,7 @@
diff -up openssh-7.1p1/ssh_config.5.gss-docs openssh-7.1p1/ssh_config.5
--- openssh-7.1p1/ssh_config.5.gss-docs 2015-12-10 15:28:47.451966457 +0100
+++ openssh-7.1p1/ssh_config.5 2015-12-10 15:30:28.070738047 +0100
@@ -773,15 +773,26 @@ Note that this option applies to protoco
diff -up openssh-7.4p1/ssh_config.5.gss-docs openssh-7.4p1/ssh_config.5
--- openssh-7.4p1/ssh_config.5.gss-docs 2016-12-23 14:28:34.051714486 +0100
+++ openssh-7.4p1/ssh_config.5 2016-12-23 14:34:24.568522417 +0100
@@ -765,10 +765,19 @@ The default is
If set to
.Dq yes
then renewal of the client's GSSAPI credentials will force the rekeying of the
@ -19,6 +19,11 @@ diff -up openssh-7.1p1/ssh_config.5.gss-docs openssh-7.1p1/ssh_config.5
+For this to work
+.Cm GSSAPIKeyExchange
+needs to be enabled in the server and also used by the client.
.It Cm GSSAPIServerIdentity
If set, specifies the GSSAPI server identity that ssh should expect when
connecting to the server. The default is unset, which means that the
@@ -776,9 +785,11 @@ expected GSSAPI server identity will be
hostname.
.It Cm GSSAPITrustDns
Set to
-.Dq yes to indicate that the DNS is trusted to securely canonicalize
@ -31,10 +36,10 @@ diff -up openssh-7.1p1/ssh_config.5.gss-docs openssh-7.1p1/ssh_config.5
command line will be passed untouched to the GSSAPI library.
The default is
.Dq no .
diff -up openssh-7.1p1/sshd_config.5.gss-docs openssh-7.1p1/sshd_config.5
--- openssh-7.1p1/sshd_config.5.gss-docs 2015-12-10 15:28:47.453966452 +0100
+++ openssh-7.1p1/sshd_config.5 2015-12-10 15:28:47.461966434 +0100
@@ -653,6 +653,10 @@ Controls whether the user's GSSAPI crede
diff -up openssh-7.4p1/sshd_config.5.gss-docs openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.gss-docs 2016-12-23 14:28:34.043714490 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 14:28:34.051714486 +0100
@@ -652,6 +652,10 @@ Controls whether the user's GSSAPI crede
successful connection rekeying. This option can be used to accepted renewed
or updated credentials from a compatible client. The default is
.Dq no .

View File

@ -1,7 +1,7 @@
diff -up openssh-7.3p1/monitor_wrap.c.audit-race openssh-7.3p1/monitor_wrap.c
--- openssh-7.3p1/monitor_wrap.c.audit-race 2016-12-15 14:27:22.376603747 +0100
+++ openssh-7.3p1/monitor_wrap.c 2016-12-15 14:27:22.381603742 +0100
@@ -1256,4 +1256,48 @@ mm_audit_destroy_sensitive_data(const ch
diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.audit-race 2016-12-23 16:35:52.694685771 +0100
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:35:52.697685772 +0100
@@ -1107,4 +1107,48 @@ mm_audit_destroy_sensitive_data(const ch
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
buffer_free(&m);
}
@ -50,10 +50,10 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit-race openssh-7.3p1/monitor_wrap.c
+ pmonitor->m_recvfd = fd;
+}
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-7.3p1/monitor_wrap.h.audit-race openssh-7.3p1/monitor_wrap.h
--- openssh-7.3p1/monitor_wrap.h.audit-race 2016-12-15 14:27:22.376603747 +0100
+++ openssh-7.3p1/monitor_wrap.h 2016-12-15 14:27:22.381603742 +0100
@@ -88,6 +88,8 @@ void mm_audit_unsupported_body(int);
diff -up openssh-7.4p1/monitor_wrap.h.audit-race openssh-7.4p1/monitor_wrap.h
--- openssh-7.4p1/monitor_wrap.h.audit-race 2016-12-23 16:35:52.694685771 +0100
+++ openssh-7.4p1/monitor_wrap.h 2016-12-23 16:35:52.698685772 +0100
@@ -83,6 +83,8 @@ void mm_audit_unsupported_body(int);
void mm_audit_kex_body(int, char *, char *, char *, char *, pid_t, uid_t);
void mm_audit_session_key_free_body(int, pid_t, uid_t);
void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t);
@ -62,10 +62,10 @@ diff -up openssh-7.3p1/monitor_wrap.h.audit-race openssh-7.3p1/monitor_wrap.h
#endif
struct Session;
diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
--- openssh-7.3p1/session.c.audit-race 2016-12-15 14:27:22.378603745 +0100
+++ openssh-7.3p1/session.c 2016-12-15 14:27:22.382603741 +0100
@@ -164,6 +164,10 @@ static Session *sessions = NULL;
diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
--- openssh-7.4p1/session.c.audit-race 2016-12-23 16:35:52.695685771 +0100
+++ openssh-7.4p1/session.c 2016-12-23 16:37:26.339730596 +0100
@@ -162,6 +162,10 @@ static Session *sessions = NULL;
login_cap_t *lc;
#endif
@ -76,8 +76,8 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
static int is_child = 0;
static int in_chroot = 0;
static int have_dev_log = 1;
@@ -457,6 +457,8 @@ do_authenticated1(Authctxt *authctxt)
}
@@ -289,6 +293,8 @@ xauth_valid_string(const char *s)
return 1;
}
+void child_destory_sensitive_data();
@ -85,7 +85,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
#define USE_PIPES 1
/*
* This is called to fork and execute a command when we have no tty. This
@@ -588,6 +592,8 @@ do_exec_no_pty(Session *s, const char *c
@@ -424,6 +430,8 @@ do_exec_no_pty(Session *s, const char *c
cray_init_job(s->pw); /* set up cray jid and tmpdir */
#endif
@ -94,7 +94,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
/* Do processing for the child (exec command etc). */
do_child(s, command);
/* NOTREACHED */
@@ -722,6 +728,9 @@ do_exec_pty(Session *s, const char *comm
@@ -547,6 +555,9 @@ do_exec_pty(Session *s, const char *comm
/* Close the extra descriptor for the pseudo tty. */
close(ttyfd);
@ -102,9 +102,9 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
+ child_destory_sensitive_data();
+
/* record login, etc. similar to login(1) */
#ifndef HAVE_OSF_SIA
if (!(options.use_login && command == NULL)) {
@@ -903,6 +912,8 @@ do_exec(Session *s, const char *command)
#ifdef _UNICOS
cray_init_job(s->pw); /* set up cray jid and tmpdir */
@@ -717,6 +728,8 @@ do_exec(Session *s, const char *command)
}
if (s->command != NULL && s->ptyfd == -1)
s->command_handle = PRIVSEP(audit_run_command(s->command));
@ -113,7 +113,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
#endif
if (s->ttyfd != -1)
ret = do_exec_pty(s, command);
@@ -918,6 +929,20 @@ do_exec(Session *s, const char *command)
@@ -732,6 +745,20 @@ do_exec(Session *s, const char *command)
*/
buffer_clear(&loginmsg);
@ -134,7 +134,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
return ret;
}
@@ -1751,6 +1776,33 @@ child_close_fds(void)
@@ -1538,6 +1565,33 @@ child_close_fds(void)
endpwent();
}
@ -168,7 +168,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c
/*
* Performs common processing for the child, such as setting up the
* environment, closing extra file descriptors, setting the user and group
@@ -1768,12 +1820,6 @@ do_child(Session *s, const char *command
@@ -1554,12 +1608,6 @@ do_child(Session *s, const char *command
struct passwd *pw = s->pw;
int r = 0;

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c
--- openssh-7.2p1/cipher.c.fips 2016-02-12 18:53:56.083665235 +0100
+++ openssh-7.2p1/cipher.c 2016-02-12 18:53:56.090665235 +0100
diff -up openssh-7.4p1/cipher.c.fips openssh-7.4p1/cipher.c
--- openssh-7.4p1/cipher.c.fips 2016-12-23 16:37:49.290741582 +0100
+++ openssh-7.4p1/cipher.c 2016-12-23 16:37:49.300741586 +0100
@@ -39,6 +39,8 @@
#include <sys/types.h>
@ -10,7 +10,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c
#include <string.h>
#include <stdarg.h>
#include <stdio.h>
@@ -99,6 +101,26 @@ static const struct sshcipher ciphers[]
@@ -116,6 +118,20 @@ static const struct sshcipher ciphers[]
{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
};
@ -25,19 +25,13 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c
+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
+#ifdef OPENSSL_HAVE_EVPGCM
+ { "aes128-gcm@openssh.com",
+ SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
+ { "aes256-gcm@openssh.com",
+ SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
+#endif
+ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
+};
+
/*--*/
/* Returns a comma-separated list of supported ciphers. */
@@ -109,7 +131,7 @@ cipher_alg_list(char sep, int auth_only)
@@ -126,7 +142,7 @@ cipher_alg_list(char sep, int auth_only)
size_t nlen, rlen = 0;
const struct sshcipher *c;
@ -46,7 +40,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c
if (c->number != SSH_CIPHER_SSH2)
continue;
if (auth_only && c->auth_len == 0)
@@ -193,7 +215,7 @@ const struct sshcipher *
@@ -222,7 +238,7 @@ const struct sshcipher *
cipher_by_name(const char *name)
{
const struct sshcipher *c;
@ -55,7 +49,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c
if (strcmp(c->name, name) == 0)
return c;
return NULL;
@@ -203,7 +225,7 @@ const struct sshcipher *
@@ -232,7 +248,7 @@ const struct sshcipher *
cipher_by_number(int id)
{
const struct sshcipher *c;
@ -64,7 +58,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c
if (c->number == id)
return c;
return NULL;
@@ -244,7 +266,7 @@ cipher_number(const char *name)
@@ -273,7 +289,7 @@ cipher_number(const char *name)
const struct sshcipher *c;
if (name == NULL)
return -1;
@ -73,9 +67,9 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c
if (strcasecmp(c->name, name) == 0)
return c->number;
return -1;
diff -up openssh-7.2p1/cipher-ctr.c.fips openssh-7.2p1/cipher-ctr.c
--- openssh-7.2p1/cipher-ctr.c.fips 2016-02-12 18:53:56.013665228 +0100
+++ openssh-7.2p1/cipher-ctr.c 2016-02-12 18:53:56.090665235 +0100
diff -up openssh-7.4p1/cipher-ctr.c.fips openssh-7.4p1/cipher-ctr.c
--- openssh-7.4p1/cipher-ctr.c.fips 2016-12-23 16:37:49.225741551 +0100
+++ openssh-7.4p1/cipher-ctr.c 2016-12-23 16:37:49.297741585 +0100
@@ -179,7 +179,8 @@ evp_aes_128_ctr(void)
aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP
@ -86,10 +80,10 @@ diff -up openssh-7.2p1/cipher-ctr.c.fips openssh-7.2p1/cipher-ctr.c
#endif
return (&aes_ctr);
}
diff -up openssh-7.2p1/dh.h.fips openssh-7.2p1/dh.h
--- openssh-7.2p1/dh.h.fips 2016-02-12 18:53:56.090665235 +0100
+++ openssh-7.2p1/dh.h 2016-02-12 18:54:48.425670204 +0100
@@ -49,6 +49,7 @@ u_int dh_estimate(int);
diff -up openssh-7.4p1/dh.h.fips openssh-7.4p1/dh.h
--- openssh-7.4p1/dh.h.fips 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/dh.h 2016-12-23 16:37:49.297741585 +0100
@@ -51,6 +51,7 @@ u_int dh_estimate(int);
* Miniumum increased in light of DH precomputation attacks.
*/
#define DH_GRP_MIN 2048
@ -97,9 +91,9 @@ diff -up openssh-7.2p1/dh.h.fips openssh-7.2p1/dh.h
#define DH_GRP_MAX 8192
/*
diff -up openssh-7.2p1/entropy.c.fips openssh-7.2p1/entropy.c
--- openssh-7.2p1/entropy.c.fips 2016-02-12 18:53:56.005665227 +0100
+++ openssh-7.2p1/entropy.c 2016-02-12 18:53:56.091665235 +0100
diff -up openssh-7.4p1/entropy.c.fips openssh-7.4p1/entropy.c
--- openssh-7.4p1/entropy.c.fips 2016-12-23 16:37:49.219741548 +0100
+++ openssh-7.4p1/entropy.c 2016-12-23 16:37:49.297741585 +0100
@@ -217,6 +217,9 @@ seed_rng(void)
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
@ -110,9 +104,9 @@ diff -up openssh-7.2p1/entropy.c.fips openssh-7.2p1/entropy.c
#ifndef OPENSSL_PRNG_ONLY
if (RAND_status() == 1) {
debug3("RNG is ready, skipping seeding");
diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c
--- openssh-7.2p1/kex.c.fips 2016-02-12 18:53:56.084665234 +0100
+++ openssh-7.2p1/kex.c 2016-02-12 18:53:56.091665235 +0100
diff -up openssh-7.4p1/kex.c.fips openssh-7.4p1/kex.c
--- openssh-7.4p1/kex.c.fips 2016-12-23 16:37:49.290741582 +0100
+++ openssh-7.4p1/kex.c 2016-12-23 16:37:49.300741586 +0100
@@ -35,6 +35,7 @@
#ifdef WITH_OPENSSL
#include <openssl/crypto.h>
@ -121,13 +115,11 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c
#endif
#include "ssh2.h"
@@ -121,6 +122,25 @@ static const struct kexalg kexalgs[] = {
@@ -125,6 +126,23 @@ static const struct kexalg kexalgs[] = {
{ NULL, -1, -1, -1},
};
+static const struct kexalg kexalgs_fips[] = {
+ { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
+ { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
+#ifdef HAVE_EVP_SHA256
+ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
+#endif
@ -147,7 +139,7 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c
char *
kex_alg_list(char sep)
{
@@ -148,7 +168,7 @@ kex_alg_by_name(const char *name)
@@ -152,7 +170,7 @@ kex_alg_by_name(const char *name)
{
const struct kexalg *k;
@ -156,7 +148,7 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c
if (strcmp(k->name, name) == 0)
return k;
#ifdef GSSAPI
@@ -174,7 +194,10 @@ kex_names_valid(const char *names)
@@ -178,7 +196,10 @@ kex_names_valid(const char *names)
for ((p = strsep(&cp, ",")); p && *p != '\0';
(p = strsep(&cp, ","))) {
if (kex_alg_by_name(p) == NULL) {
@ -168,17 +160,17 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c
free(s);
return 0;
}
diff -up openssh-7.2p1/kexgexc.c.fips openssh-7.2p1/kexgexc.c
--- openssh-7.2p1/kexgexc.c.fips 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/kexgexc.c 2016-02-12 18:53:56.091665235 +0100
diff -up openssh-7.4p1/kexgexc.c.fips openssh-7.4p1/kexgexc.c
--- openssh-7.4p1/kexgexc.c.fips 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/kexgexc.c 2016-12-23 16:38:38.727763540 +0100
@@ -28,6 +28,7 @@
#ifdef WITH_OPENSSL
+#include <openssl/fips.h>
#include <sys/param.h>
#include <sys/types.h>
#include <openssl/dh.h>
@@ -63,7 +64,7 @@ kexgex_client(struct ssh *ssh)
nbits = dh_estimate(kex->dh_need * 8);
@ -188,24 +180,24 @@ diff -up openssh-7.2p1/kexgexc.c.fips openssh-7.2p1/kexgexc.c
kex->max = DH_GRP_MAX;
kex->nbits = nbits;
if (datafellows & SSH_BUG_DHGEX_LARGE)
diff -up openssh-7.2p1/kexgexs.c.fips openssh-7.2p1/kexgexs.c
--- openssh-7.2p1/kexgexs.c.fips 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/kexgexs.c 2016-02-12 18:53:56.091665235 +0100
diff -up openssh-7.4p1/kexgexs.c.fips openssh-7.4p1/kexgexs.c
--- openssh-7.4p1/kexgexs.c.fips 2016-12-23 16:37:49.297741585 +0100
+++ openssh-7.4p1/kexgexs.c 2016-12-23 16:39:35.009776626 +0100
@@ -83,9 +83,9 @@ input_kex_dh_gex_request(int type, u_int
kex->nbits = nbits;
kex->min = min;
kex->max = max;
- min = MAX(DH_GRP_MIN, min);
+ min = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
- nbits = MAX(DH_GRP_MIN, nbits);
+ nbits = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, nbits);
nbits = MIN(DH_GRP_MAX, nbits);
- min = MAXIMUM(DH_GRP_MIN, min);
+ min = MAXIMUM(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min);
max = MINIMUM(DH_GRP_MAX, max);
- nbits = MAXIMUM(DH_GRP_MIN, nbits);
+ nbits = MAXIMUM(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, nbits);
nbits = MINIMUM(DH_GRP_MAX, nbits);
if (kex->max < kex->min || kex->nbits < kex->min ||
diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c
--- openssh-7.2p1/mac.c.fips 2016-02-12 18:53:56.084665234 +0100
+++ openssh-7.2p1/mac.c 2016-02-12 18:53:56.091665235 +0100
diff -up openssh-7.4p1/mac.c.fips openssh-7.4p1/mac.c
--- openssh-7.4p1/mac.c.fips 2016-12-23 16:37:49.291741582 +0100
+++ openssh-7.4p1/mac.c 2016-12-23 16:37:49.298741585 +0100
@@ -27,6 +27,8 @@
#include <sys/types.h>
@ -224,7 +216,7 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
{ "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
{ "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
@@ -85,6 +87,24 @@ static const struct macalg macs[] = {
@@ -89,6 +91,24 @@ static const struct macalg macs[] = {
{ NULL, 0, 0, 0, 0, 0, 0 }
};
@ -249,7 +241,7 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c
/* Returns a list of supported MACs separated by the specified char. */
char *
mac_alg_list(char sep)
@@ -93,7 +113,7 @@ mac_alg_list(char sep)
@@ -97,7 +117,7 @@ mac_alg_list(char sep)
size_t nlen, rlen = 0;
const struct macalg *m;
@ -258,7 +250,7 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c
if (ret != NULL)
ret[rlen++] = sep;
nlen = strlen(m->name);
@@ -132,7 +152,7 @@ mac_setup(struct sshmac *mac, char *name
@@ -136,7 +156,7 @@ mac_setup(struct sshmac *mac, char *name
{
const struct macalg *m;
@ -267,10 +259,10 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c
if (strcmp(name, m->name) != 0)
continue;
if (mac != NULL)
diff -up openssh-7.2p1/Makefile.in.fips openssh-7.2p1/Makefile.in
--- openssh-7.2p1/Makefile.in.fips 2016-02-12 18:53:56.085665235 +0100
+++ openssh-7.2p1/Makefile.in 2016-02-12 18:53:56.092665235 +0100
@@ -168,25 +168,25 @@ libssh.a: $(LIBSSH_OBJS)
diff -up openssh-7.4p1/Makefile.in.fips openssh-7.4p1/Makefile.in
--- openssh-7.4p1/Makefile.in.fips 2016-12-23 16:37:49.291741582 +0100
+++ openssh-7.4p1/Makefile.in 2016-12-23 16:37:49.298741585 +0100
@@ -169,25 +169,25 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
@ -302,7 +294,7 @@ diff -up openssh-7.2p1/Makefile.in.fips openssh-7.2p1/Makefile.in
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
@@ -204,7 +204,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
@@ -205,7 +205,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
@ -311,18 +303,16 @@ diff -up openssh-7.2p1/Makefile.in.fips openssh-7.2p1/Makefile.in
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
diff -up openssh-7.2p1/myproposal.h.fips openssh-7.2p1/myproposal.h
--- openssh-7.2p1/myproposal.h.fips 2016-02-12 18:53:56.092665235 +0100
+++ openssh-7.2p1/myproposal.h 2016-02-12 18:55:42.137675304 +0100
@@ -129,6 +129,28 @@
diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h
--- openssh-7.4p1/myproposal.h.fips 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/myproposal.h 2016-12-23 16:37:49.300741586 +0100
@@ -138,6 +138,26 @@
#define KEX_CLIENT_MAC KEX_SERVER_MAC
+#define KEX_DEFAULT_KEX_FIPS \
+ KEX_ECDH_METHODS \
+ KEX_SHA2_METHODS \
+ "diffie-hellman-group-exchange-sha1," \
+ "diffie-hellman-group14-sha1"
+ KEX_SHA2_METHODS
+#define KEX_FIPS_ENCRYPT \
+ "aes128-ctr,aes192-ctr,aes256-ctr," \
+ "aes128-cbc,3des-cbc," \
@ -343,10 +333,31 @@ diff -up openssh-7.2p1/myproposal.h.fips openssh-7.2p1/myproposal.h
#else /* WITH_OPENSSL */
#define KEX_SERVER_KEX \
diff -up openssh-7.2p1/readconf.c.fips openssh-7.2p1/readconf.c
--- openssh-7.2p1/readconf.c.fips 2016-02-12 18:53:56.073665234 +0100
+++ openssh-7.2p1/readconf.c 2016-02-12 18:53:56.092665235 +0100
@@ -1969,9 +1969,12 @@ fill_default_options(Options * options)
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips 2016-12-23 16:37:49.185741531 +0100
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c 2016-12-23 16:37:49.300741586 +0100
@@ -55,6 +55,7 @@
#include "secure_filename.h"
#include "uidswap.h"
#include <unistd.h>
+#include <openssl/crypto.h>
#include "identity.h"
@@ -104,7 +105,8 @@ pamsshagentauth_check_authkeys_file(FILE
found_key = 1;
logit("matching key found: file/command %s, line %lu", file,
linenum);
- fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
+ fp = sshkey_fingerprint(found, FIPS_mode() ? SSH_DIGEST_SHA1 : SSH_DIGEST_MD5,
+ SSH_FP_HEX);
logit("Found matching %s key: %s",
key_type(found), fp);
free(fp);
diff -up openssh-7.4p1/readconf.c.fips openssh-7.4p1/readconf.c
--- openssh-7.4p1/readconf.c.fips 2016-12-23 16:37:49.274741574 +0100
+++ openssh-7.4p1/readconf.c 2016-12-23 16:37:49.298741585 +0100
@@ -2110,9 +2110,12 @@ fill_default_options(Options * options)
}
if (options->update_hostkeys == -1)
options->update_hostkeys = 0;
@ -362,10 +373,23 @@ diff -up openssh-7.2p1/readconf.c.fips openssh-7.2p1/readconf.c
kex_assemble_names(KEX_DEFAULT_PK_ALG,
&options->hostbased_key_types) != 0 ||
kex_assemble_names(KEX_DEFAULT_PK_ALG,
diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c
--- openssh-7.2p1/servconf.c.fips 2016-02-12 18:53:56.068665233 +0100
+++ openssh-7.2p1/servconf.c 2016-02-12 18:56:52.185681954 +0100
@@ -188,9 +188,12 @@ option_clear_or_none(const char *o)
diff -up openssh-7.4p1/sandbox-seccomp-filter.c.fips openssh-7.4p1/sandbox-seccomp-filter.c
--- openssh-7.4p1/sandbox-seccomp-filter.c.fips 2016-12-23 16:37:49.292741583 +0100
+++ openssh-7.4p1/sandbox-seccomp-filter.c 2016-12-23 16:37:49.300741586 +0100
@@ -118,6 +118,9 @@ static const struct sock_filter preauth_
#ifdef __NR_open
SC_DENY(open, EACCES),
#endif
+#ifdef __NR_socket
+ SC_DENY(socket, EACCES),
+#endif
#ifdef __NR_openat
SC_DENY(openat, EACCES),
#endif
diff -up openssh-7.4p1/servconf.c.fips openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.fips 2016-12-23 16:37:49.285741579 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 16:37:49.299741586 +0100
@@ -185,9 +185,12 @@ option_clear_or_none(const char *o)
static void
assemble_algorithms(ServerOptions *o)
{
@ -381,7 +405,7 @@ diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c
kex_assemble_names(KEX_DEFAULT_PK_ALG,
&o->hostkeyalgorithms) != 0 ||
kex_assemble_names(KEX_DEFAULT_PK_ALG,
@@ -2376,8 +2379,10 @@ dump_config(ServerOptions *o)
@@ -2390,8 +2393,10 @@ dump_config(ServerOptions *o)
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
dump_cfg_string(sXAuthLocation, o->xauth_location);
@ -394,7 +418,7 @@ diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c
dump_cfg_string(sBanner, o->banner != NULL ? o->banner : "none");
dump_cfg_string(sForceCommand, o->adm_forced_command);
dump_cfg_string(sChrootDirectory, o->chroot_directory);
@@ -2392,8 +2397,8 @@ dump_config(ServerOptions *o)
@@ -2406,8 +2411,8 @@ dump_config(ServerOptions *o)
dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
dump_cfg_string(sHostKeyAgent, o->host_key_agent);
@ -405,10 +429,10 @@ diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c
--- openssh-7.2p1/ssh.c.fips 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/ssh.c 2016-02-12 18:53:56.093665236 +0100
@@ -75,6 +75,8 @@
diff -up openssh-7.4p1/ssh.c.fips openssh-7.4p1/ssh.c
--- openssh-7.4p1/ssh.c.fips 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh.c 2016-12-23 16:37:49.299741586 +0100
@@ -76,6 +76,8 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#endif
@ -417,7 +441,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
@@ -531,6 +533,14 @@ main(int ac, char **av)
@@ -530,6 +532,14 @@ main(int ac, char **av)
sanitise_stdfd();
__progname = ssh_get_progname(av[0]);
@ -432,7 +456,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c
#ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */
@@ -608,6 +618,9 @@ main(int ac, char **av)
@@ -609,6 +619,9 @@ main(int ac, char **av)
"ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@ -442,7 +466,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c
options.protocol = SSH_PROTO_1;
break;
case '2':
@@ -952,7 +965,6 @@ main(int ac, char **av)
@@ -964,7 +977,6 @@ main(int ac, char **av)
host_arg = xstrdup(host);
#ifdef WITH_OPENSSL
@ -450,7 +474,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c
ERR_load_crypto_strings();
#endif
@@ -1126,6 +1138,10 @@ main(int ac, char **av)
@@ -1175,6 +1187,10 @@ main(int ac, char **av)
seed_rng();
@ -461,7 +485,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c
if (options.user == NULL)
options.user = xstrdup(pw->pw_name);
@@ -1206,6 +1222,12 @@ main(int ac, char **av)
@@ -1263,6 +1279,12 @@ main(int ac, char **av)
timeout_ms = options.connection_timeout * 1000;
@ -474,9 +498,9 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c
/* Open a connection to the remote host. */
if (ssh_connect(host, addrs, &hostaddr, options.port,
options.address_family, options.connection_attempts,
diff -up openssh-7.2p1/sshconnect2.c.fips openssh-7.2p1/sshconnect2.c
--- openssh-7.2p1/sshconnect2.c.fips 2016-02-12 18:53:56.074665234 +0100
+++ openssh-7.2p1/sshconnect2.c 2016-02-12 18:53:56.094665236 +0100
diff -up openssh-7.4p1/sshconnect2.c.fips openssh-7.4p1/sshconnect2.c
--- openssh-7.4p1/sshconnect2.c.fips 2016-12-23 16:37:49.275741574 +0100
+++ openssh-7.4p1/sshconnect2.c 2016-12-23 16:37:49.299741586 +0100
@@ -44,6 +44,8 @@
#include <vis.h>
#endif
@ -486,7 +510,7 @@ diff -up openssh-7.2p1/sshconnect2.c.fips openssh-7.2p1/sshconnect2.c
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
@@ -171,21 +173,26 @@ ssh_kex2(char *host, struct sockaddr *ho
@@ -172,21 +174,26 @@ ssh_kex2(char *host, struct sockaddr *ho
#ifdef GSSAPI
if (options.gss_keyex) {
@ -528,9 +552,9 @@ diff -up openssh-7.2p1/sshconnect2.c.fips openssh-7.2p1/sshconnect2.c
}
}
#endif
diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c
--- openssh-7.2p1/sshd.c.fips 2016-02-12 18:53:56.088665235 +0100
+++ openssh-7.2p1/sshd.c 2016-02-12 18:53:56.094665236 +0100
diff -up openssh-7.4p1/sshd.c.fips openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.fips 2016-12-23 16:37:49.293741583 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 16:37:49.299741586 +0100
@@ -66,6 +66,7 @@
#include <grp.h>
#include <pwd.h>
@ -548,7 +572,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c
#include "openbsd-compat/openssl-compat.h"
#endif
@@ -1555,6 +1558,18 @@ main(int ac, char **av)
@@ -1475,6 +1478,18 @@ main(int ac, char **av)
#endif
__progname = ssh_get_progname(av[0]);
@ -567,7 +591,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
@@ -1707,7 +1722,7 @@ main(int ac, char **av)
@@ -1623,7 +1638,7 @@ main(int ac, char **av)
else
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
@ -576,18 +600,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c
OpenSSL_add_all_algorithms();
#endif
@@ -1906,6 +1921,10 @@ main(int ac, char **av)
sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp);
free(fp);
}
+ if ((options.protocol & SSH_PROTO_1) && FIPS_mode()) {
+ logit("Disabling protocol version 1. Not allowed in the FIPS mode.");
+ options.protocol &= ~SSH_PROTO_1;
+ }
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
@@ -2074,6 +2093,10 @@ main(int ac, char **av)
@@ -1937,6 +1952,10 @@ main(int ac, char **av)
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
@ -598,7 +611,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
if (chdir("/") == -1)
@@ -2695,10 +2718,14 @@ do_ssh2_kex(void)
@@ -2309,10 +2328,14 @@ do_ssh2_kex(void)
if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
orig = NULL;
@ -617,10 +630,10 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c
if (gss && orig)
xasprintf(&newstr, "%s,%s", gss, orig);
diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c
--- openssh-7.2p1/sshkey.c.fips 2016-02-12 18:53:56.089665235 +0100
+++ openssh-7.2p1/sshkey.c 2016-02-12 18:53:56.095665236 +0100
@@ -35,6 +35,7 @@
diff -up openssh-7.4p1/sshkey.c.fips openssh-7.4p1/sshkey.c
--- openssh-7.4p1/sshkey.c.fips 2016-12-23 16:37:49.293741583 +0100
+++ openssh-7.4p1/sshkey.c 2016-12-23 16:37:49.300741586 +0100
@@ -34,6 +34,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/pem.h>
@ -628,7 +641,7 @@ diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c
#endif
#include "crypto_api.h"
@@ -58,6 +58,7 @@
@@ -56,6 +57,7 @@
#include "digest.h"
#define SSHKEY_INTERNAL
#include "sshkey.h"
@ -636,7 +649,7 @@ diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c
#include "match.h"
#include "xmalloc.h"
@@ -1554,6 +1555,8 @@ rsa_generate_private_key(u_int bits, RSA
@@ -1580,6 +1582,8 @@ rsa_generate_private_key(u_int bits, RSA
}
if (!BN_set_word(f4, RSA_F4) ||
!RSA_generate_key_ex(private, bits, f4, NULL)) {
@ -645,85 +658,3 @@ diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
diff --git a/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c b/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
index 688b1b1..a3c1541 100644
--- a/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
+++ b/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
@@ -55,6 +55,7 @@
#include "secure_filename.h"
#include "uidswap.h"
#include <unistd.h>
+#include <openssl/crypto.h>
#include "identity.h"
@@ -104,7 +105,8 @@ pamsshagentauth_check_authkeys_file(FILE * f, char *file, Key * key)
found_key = 1;
logit("matching key found: file/command %s, line %lu", file,
linenum);
- fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
+ fp = sshkey_fingerprint(found, FIPS_mode() ? SSH_DIGEST_SHA1 : SSH_DIGEST_MD5,
+ SSH_FP_HEX);
logit("Found matching %s key: %s",
key_type(found), fp);
free(fp);
diff --git a/cipher.c b/cipher.c
index f282907..51bbffb 100644
--- a/cipher.c
+++ b/cipher.c
@@ -112,12 +112,6 @@ static const struct sshcipher fips_ciphers[] = {
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
-#ifdef OPENSSL_HAVE_EVPGCM
- { "aes128-gcm@openssh.com",
- SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
- { "aes256-gcm@openssh.com",
- SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
-#endif
{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
};
diff --git a/kex.c b/kex.c
index f07a636..4ce5843 100644
--- a/kex.c
+++ b/kex.c
@@ -123,8 +123,6 @@ static const struct kexalg kexalgs[] = {
};
static const struct kexalg kexalgs_fips[] = {
- { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
- { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
#ifdef HAVE_EVP_SHA256
{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
#endif
diff --git a/myproposal.h b/myproposal.h
index 7efe312..bcf2ae1 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -131,9 +131,7 @@
#define KEX_DEFAULT_KEX_FIPS \
KEX_ECDH_METHODS \
- KEX_SHA2_METHODS \
- "diffie-hellman-group-exchange-sha1," \
- "diffie-hellman-group14-sha1"
+ KEX_SHA2_METHODS
#define KEX_FIPS_ENCRYPT \
"aes128-ctr,aes192-ctr,aes256-ctr," \
"aes128-cbc,3des-cbc," \
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index a3975eb..5224084 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -112,6 +112,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_open
SC_DENY(open, EACCES),
#endif
+#ifdef __NR_socket
+ SC_DENY(socket, EACCES),
+#endif
#ifdef __NR_openat
SC_DENY(openat, EACCES),
#endif

View File

@ -1,6 +1,6 @@
diff -up openssh-7.2p1/auth2.c.gsskex openssh-7.2p1/auth2.c
--- openssh-7.2p1/auth2.c.gsskex 2016-02-19 10:01:04.829969345 +0100
+++ openssh-7.2p1/auth2.c 2016-02-19 10:01:04.865969325 +0100
diff -up openssh-7.4p1/auth2.c.gsskex openssh-7.4p1/auth2.c
--- openssh-7.4p1/auth2.c.gsskex 2016-12-23 13:38:53.685300997 +0100
+++ openssh-7.4p1/auth2.c 2016-12-23 13:38:53.725301005 +0100
@@ -70,6 +70,7 @@ extern Authmethod method_passwd;
extern Authmethod method_kbdint;
extern Authmethod method_hostbased;
@ -17,9 +17,9 @@ diff -up openssh-7.2p1/auth2.c.gsskex openssh-7.2p1/auth2.c
&method_gssapi,
#endif
&method_passwd,
diff -up openssh-7.2p1/auth2-gss.c.gsskex openssh-7.2p1/auth2-gss.c
--- openssh-7.2p1/auth2-gss.c.gsskex 2016-02-19 10:01:04.829969345 +0100
+++ openssh-7.2p1/auth2-gss.c 2016-02-19 10:01:04.865969325 +0100
diff -up openssh-7.4p1/auth2-gss.c.gsskex openssh-7.4p1/auth2-gss.c
--- openssh-7.4p1/auth2-gss.c.gsskex 2016-12-23 13:38:53.685300997 +0100
+++ openssh-7.4p1/auth2-gss.c 2016-12-23 13:38:53.725301005 +0100
@@ -31,6 +31,7 @@
#include <sys/types.h>
@ -102,21 +102,10 @@ diff -up openssh-7.2p1/auth2-gss.c.gsskex openssh-7.2p1/auth2-gss.c
Authmethod method_gssapi = {
"gssapi-with-mic",
userauth_gssapi,
diff -up openssh-7.2p1/auth.c.gsskex openssh-7.2p1/auth.c
--- openssh-7.2p1/auth.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/auth.c 2016-02-19 10:01:04.866969324 +0100
@@ -354,6 +354,7 @@ auth_root_allowed(const char *method)
case PERMIT_NO_PASSWD:
if (strcmp(method, "publickey") == 0 ||
strcmp(method, "hostbased") == 0 ||
+ strcmp(method, "gssapi-keyex") == 0 ||
strcmp(method, "gssapi-with-mic") == 0)
return 1;
break;
diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c
--- openssh-7.2p1/clientloop.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/clientloop.c 2016-02-19 10:01:04.866969324 +0100
@@ -114,6 +114,10 @@
diff -up openssh-7.4p1/clientloop.c.gsskex openssh-7.4p1/clientloop.c
--- openssh-7.4p1/clientloop.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/clientloop.c 2016-12-23 13:38:53.725301005 +0100
@@ -113,6 +113,10 @@
#include "ssherr.h"
#include "hostfile.h"
@ -127,7 +116,7 @@ diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c
/* import options */
extern Options options;
@@ -1662,9 +1666,18 @@ client_loop(int have_pty, int escape_cha
@@ -1664,9 +1668,18 @@ client_loop(int have_pty, int escape_cha
break;
/* Do channel operations unless rekeying in progress. */
@ -137,7 +126,7 @@ diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c
+#ifdef GSSAPI
+ if (options.gss_renewal_rekey &&
+ ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
+ ssh_gssapi_credentials_updated(NULL)) {
+ debug("credentials updated - forcing rekey");
+ need_rekeying = 1;
+ }
@ -147,10 +136,10 @@ diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c
/* Buffer input from the connection. */
client_process_net_input(readset);
diff -up openssh-7.2p1/configure.ac.gsskex openssh-7.2p1/configure.ac
--- openssh-7.2p1/configure.ac.gsskex 2016-02-19 10:01:04.857969329 +0100
+++ openssh-7.2p1/configure.ac 2016-02-19 10:01:04.867969323 +0100
@@ -632,6 +632,30 @@ main() { if (NSVersionOfRunTimeLibrary("
diff -up openssh-7.4p1/configure.ac.gsskex openssh-7.4p1/configure.ac
--- openssh-7.4p1/configure.ac.gsskex 2016-12-23 13:38:53.716301003 +0100
+++ openssh-7.4p1/configure.ac 2016-12-23 13:38:53.726301005 +0100
@@ -623,6 +623,30 @@ main() { if (NSVersionOfRunTimeLibrary("
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
[Prepend the address family to IP tunnel traffic])
@ -181,10 +170,10 @@ diff -up openssh-7.2p1/configure.ac.gsskex openssh-7.2p1/configure.ac
m4_pattern_allow([AU_IPv])
AC_CHECK_DECL([AU_IPv4], [],
AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
--- openssh-7.2p1/gss-genr.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/gss-genr.c 2016-02-19 10:01:04.867969323 +0100
@@ -41,12 +41,167 @@
diff -up openssh-7.4p1/gss-genr.c.gsskex openssh-7.4p1/gss-genr.c
--- openssh-7.4p1/gss-genr.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/gss-genr.c 2016-12-23 13:38:53.726301005 +0100
@@ -40,12 +40,167 @@
#include "buffer.h"
#include "log.h"
#include "ssh2.h"
@ -352,7 +341,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
/* Check that the OID in a data stream matches that in the context */
int
ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
@@ -199,7 +354,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de
@@ -198,7 +353,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de
}
ctx->major = gss_init_sec_context(&ctx->minor,
@ -361,7 +350,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
0, NULL, recv_tok, NULL, send_tok, flags, NULL);
@@ -229,8 +384,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
@@ -228,8 +383,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
}
OM_uint32
@ -404,7 +393,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
GSS_C_QOP_DEFAULT, buffer, hash)))
ssh_gssapi_error(ctx);
@@ -238,6 +427,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
@@ -237,6 +426,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
return (ctx->major);
}
@ -424,7 +413,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
void
ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
const char *context)
@@ -251,11 +453,16 @@ ssh_gssapi_buildmic(Buffer *b, const cha
@@ -250,11 +452,16 @@ ssh_gssapi_buildmic(Buffer *b, const cha
}
int
@ -442,7 +431,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
/* RFC 4462 says we MUST NOT do SPNEGO */
if (oid->length == spnego_oid.length &&
@@ -265,6 +472,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
@@ -264,6 +471,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
ssh_gssapi_build_ctx(ctx);
ssh_gssapi_set_oid(*ctx, oid);
major = ssh_gssapi_import_name(*ctx, host);
@ -453,7 +442,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
if (!GSS_ERROR(major)) {
major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
NULL);
@@ -274,10 +485,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
@@ -273,10 +484,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
GSS_C_NO_BUFFER);
}
@ -521,9 +510,9 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c
+}
+
#endif /* GSSAPI */
diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c
--- openssh-7.2p1/gss-serv.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/gss-serv.c 2016-02-19 10:01:04.867969323 +0100
diff -up openssh-7.4p1/gss-serv.c.gsskex openssh-7.4p1/gss-serv.c
--- openssh-7.4p1/gss-serv.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/gss-serv.c 2016-12-23 13:38:53.727301005 +0100
@@ -45,17 +45,19 @@
#include "session.h"
#include "misc.h"
@ -536,9 +525,10 @@ diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c
extern ServerOptions options;
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
- { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
- GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
+ GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, {NULL, NULL, NULL}, 0, 0};
+ { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL,
+ GSS_C_NO_NAME, NULL, {NULL, NULL, NULL, NULL, NULL}, 0, 0};
ssh_gssapi_mech gssapi_null_mech =
- { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
@ -805,9 +795,9 @@ diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c
}
#endif
diff -up openssh-7.2p1/gss-serv-krb5.c.gsskex openssh-7.2p1/gss-serv-krb5.c
--- openssh-7.2p1/gss-serv-krb5.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/gss-serv-krb5.c 2016-02-19 10:01:04.867969323 +0100
diff -up openssh-7.4p1/gss-serv-krb5.c.gsskex openssh-7.4p1/gss-serv-krb5.c
--- openssh-7.4p1/gss-serv-krb5.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/gss-serv-krb5.c 2016-12-23 13:38:53.727301005 +0100
@@ -121,7 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
krb5_error_code problem;
krb5_principal princ;
@ -935,9 +925,9 @@ diff -up openssh-7.2p1/gss-serv-krb5.c.gsskex openssh-7.2p1/gss-serv-krb5.c
};
#endif /* KRB5 */
diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c
--- openssh-7.2p1/kex.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/kex.c 2016-02-19 10:01:04.868969323 +0100
diff -up openssh-7.4p1/kex.c.gsskex openssh-7.4p1/kex.c
--- openssh-7.4p1/kex.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/kex.c 2016-12-23 13:39:56.064313151 +0100
@@ -54,6 +54,10 @@
#include "sshbuf.h"
#include "digest.h"
@ -949,9 +939,9 @@ diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256
@@ -107,6 +111,11 @@ static const struct kexalg kexalgs[] = {
#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
@@ -111,6 +115,11 @@ static const struct kexalg kexalgs[] = {
{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
+#ifdef GSSAPI
+ { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
@ -961,7 +951,7 @@ diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c
{ NULL, -1, -1, -1},
};
@@ -140,6 +149,12 @@ kex_alg_by_name(const char *name)
@@ -144,6 +153,12 @@ kex_alg_by_name(const char *name)
for (k = kexalgs; k->name != NULL; k++) {
if (strcmp(k->name, name) == 0)
return k;
@ -974,9 +964,9 @@ diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c
}
return NULL;
}
diff -up openssh-7.2p1/kexgssc.c.gsskex openssh-7.2p1/kexgssc.c
--- openssh-7.2p1/kexgssc.c.gsskex 2016-02-19 10:01:04.868969323 +0100
+++ openssh-7.2p1/kexgssc.c 2016-02-19 10:01:04.868969323 +0100
diff -up openssh-7.4p1/kexgssc.c.gsskex openssh-7.4p1/kexgssc.c
--- openssh-7.4p1/kexgssc.c.gsskex 2016-12-23 13:38:53.727301005 +0100
+++ openssh-7.4p1/kexgssc.c 2016-12-23 13:38:53.727301005 +0100
@@ -0,0 +1,338 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@ -1316,9 +1306,9 @@ diff -up openssh-7.2p1/kexgssc.c.gsskex openssh-7.2p1/kexgssc.c
+}
+
+#endif /* GSSAPI */
diff -up openssh-7.2p1/kexgsss.c.gsskex openssh-7.2p1/kexgsss.c
--- openssh-7.2p1/kexgsss.c.gsskex 2016-02-19 10:01:04.868969323 +0100
+++ openssh-7.2p1/kexgsss.c 2016-02-19 10:01:04.868969323 +0100
diff -up openssh-7.4p1/kexgsss.c.gsskex openssh-7.4p1/kexgsss.c
--- openssh-7.4p1/kexgsss.c.gsskex 2016-12-23 13:38:53.728301005 +0100
+++ openssh-7.4p1/kexgsss.c 2016-12-23 13:38:53.728301005 +0100
@@ -0,0 +1,297 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@ -1617,10 +1607,10 @@ diff -up openssh-7.2p1/kexgsss.c.gsskex openssh-7.2p1/kexgsss.c
+ return 0;
+}
+#endif /* GSSAPI */
diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h
--- openssh-7.2p1/kex.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/kex.h 2016-02-19 10:01:04.868969323 +0100
@@ -92,6 +92,11 @@ enum kex_exchange {
diff -up openssh-7.4p1/kex.h.gsskex openssh-7.4p1/kex.h
--- openssh-7.4p1/kex.h.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/kex.h 2016-12-23 13:38:53.728301005 +0100
@@ -99,6 +99,11 @@ enum kex_exchange {
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
KEX_C25519_SHA256,
@ -1632,7 +1622,7 @@ diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h
KEX_MAX
};
@@ -140,6 +145,12 @@ struct kex {
@@ -147,6 +152,12 @@ struct kex {
u_int flags;
int hash_alg;
int ec_nid;
@ -1645,7 +1635,7 @@ diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h
char *client_version_string;
char *server_version_string;
char *failed_choice;
@@ -189,6 +200,10 @@ int kexecdh_client(struct ssh *);
@@ -196,6 +207,10 @@ int kexecdh_client(struct ssh *);
int kexecdh_server(struct ssh *);
int kexc25519_client(struct ssh *);
int kexc25519_server(struct ssh *);
@ -1656,10 +1646,10 @@ diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h
int kex_dh_hash(int, const char *, const char *,
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
diff -up openssh/Makefile.in.gsskex openssh/Makefile.in
--- openssh/Makefile.in.gsskex 2016-07-25 14:11:42.978324182 +0200
+++ openssh/Makefile.in 2016-07-25 14:14:15.560289050 +0200
@@ -90,6 +90,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
diff -up openssh-7.4p1/Makefile.in.gsskex openssh-7.4p1/Makefile.in
--- openssh-7.4p1/Makefile.in.gsskex 2016-12-23 13:38:53.723301004 +0100
+++ openssh-7.4p1/Makefile.in 2016-12-23 13:40:32.226320197 +0100
@@ -91,6 +91,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
@ -1667,19 +1657,19 @@ diff -up openssh/Makefile.in.gsskex openssh/Makefile.in
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
ssh-pkcs11.o smult_curve25519_ref.o \
poly1305.o chacha.o cipher-chachapoly.o \
@@ -111,7 +112,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
@@ -112,7 +113,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
monitor.o monitor_wrap.o auth-krb5.o \
- auth2-gss.o gss-serv.o gss-serv-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
sftp-server.o sftp-common.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c
--- openssh-7.2p1/monitor.c.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor.c 2016-02-19 10:01:04.869969322 +0100
@@ -159,6 +159,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
diff -up openssh-7.4p1/monitor.c.gsskex openssh-7.4p1/monitor.c
--- openssh-7.4p1/monitor.c.gsskex 2016-12-23 13:38:53.687300997 +0100
+++ openssh-7.4p1/monitor.c 2016-12-23 13:45:49.347381091 +0100
@@ -160,6 +160,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
int mm_answer_gss_accept_ctx(int, Buffer *);
int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_checkmic(int, Buffer *);
@ -1688,10 +1678,10 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c
#endif
#ifdef SSH_AUDIT_EVENTS
@@ -239,11 +241,18 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
@@ -236,11 +238,18 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
+ {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
#endif
{0, 0, NULL}
@ -1707,29 +1697,29 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c
#ifdef WITH_OPENSSL
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
#endif
@@ -358,6 +367,10 @@ monitor_child_preauth(Authctxt *_authctx
/* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -307,6 +316,10 @@ monitor_child_preauth(Authctxt *_authctx
/* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
+#ifdef GSSAPI
+ /* and for the GSSAPI key exchange */
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
+ /* and for the GSSAPI key exchange */
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
+#endif
} else {
mon_dispatch = mon_dispatch_proto15;
@@ -466,6 +479,10 @@ monitor_child_postauth(struct monitor *p
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
/* The first few requests do not require asynchronous access */
while (!authenticated) {
@@ -406,6 +419,10 @@ monitor_child_postauth(struct monitor *p
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
+#ifdef GSSAPI
+ /* and for the GSSAPI key exchange */
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
+ /* and for the GSSAPI key exchange */
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
+#endif
} else {
mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -1893,6 +1910,13 @@ monitor_apply_keystate(struct monitor *p
if (!no_pty_flag) {
monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
@@ -1633,6 +1650,13 @@ monitor_apply_keystate(struct monitor *p
# endif
#endif /* WITH_OPENSSL */
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@ -1743,27 +1733,25 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
@@ -1992,6 +2016,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
@@ -1712,7 +1736,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer
OM_uint32 major;
u_int len;
- if (!options.gss_authentication)
+ if (!options.gss_authentication && !options.gss_keyex)
+ fatal("In GSSAPI monitor when GSSAPI is disabled");
+
goid.elements = buffer_get_string(m, &len);
goid.length = len;
fatal("%s: GSSAPI authentication not enabled", __func__);
@@ -2019,6 +2046,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
goid.elements = buffer_get_string(m, &len);
@@ -1742,7 +1766,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
OM_uint32 flags = 0; /* GSI needs this */
u_int len;
- if (!options.gss_authentication)
+ if (!options.gss_authentication && !options.gss_keyex)
+ fatal("In GSSAPI monitor when GSSAPI is disabled");
+
fatal("%s: GSSAPI authentication not enabled", __func__);
in.value = buffer_get_string(m, &len);
in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
@@ -2036,6 +2066,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
@@ -1762,6 +1786,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@ -1771,30 +1759,30 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c
}
return (0);
}
@@ -2047,6 +2078,9 @@ mm_answer_gss_checkmic(int sock, Buffer
@@ -1773,7 +1798,7 @@ mm_answer_gss_checkmic(int sock, Buffer
OM_uint32 ret;
u_int len;
- if (!options.gss_authentication)
+ if (!options.gss_authentication && !options.gss_keyex)
+ fatal("In GSSAPI monitor when GSSAPI is disabled");
+
fatal("%s: GSSAPI authentication not enabled", __func__);
gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len;
mic.value = buffer_get_string(m, &len);
@@ -2073,7 +2107,11 @@ mm_answer_gss_userok(int sock, Buffer *m
@@ -1802,10 +1827,11 @@ mm_answer_gss_userok(int sock, Buffer *m
{
int authenticated;
- authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
- if (!options.gss_authentication)
+ if (!options.gss_authentication && !options.gss_keyex)
+ fatal("In GSSAPI monitor when GSSAPI is disabled");
+
+ authenticated = authctxt->valid &&
fatal("%s: GSSAPI authentication not enabled", __func__);
- authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
+ authenticated = authctxt->valid &&
+ ssh_gssapi_userok(authctxt->user, authctxt->pw);
buffer_clear(m);
buffer_put_int(m, authenticated);
@@ -2086,5 +2124,73 @@ mm_answer_gss_userok(int sock, Buffer *m
@@ -1818,5 +1844,73 @@ mm_answer_gss_userok(int sock, Buffer *m
/* Monitor loop will terminate if authenticated */
return (authenticated);
}
@ -1868,9 +1856,9 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c
+
#endif /* GSSAPI */
diff -up openssh-7.2p1/monitor.h.gsskex openssh-7.2p1/monitor.h
--- openssh-7.2p1/monitor.h.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor.h 2016-02-19 10:01:04.869969322 +0100
diff -up openssh-7.4p1/monitor.h.gsskex openssh-7.4p1/monitor.h
--- openssh-7.4p1/monitor.h.gsskex 2016-12-23 13:38:53.687300997 +0100
+++ openssh-7.4p1/monitor.h 2016-12-23 13:38:53.729301005 +0100
@@ -60,6 +60,8 @@ enum monitor_reqtype {
#ifdef WITH_SELINUX
MONITOR_REQ_AUTHROLE = 80,
@ -1880,10 +1868,10 @@ diff -up openssh-7.2p1/monitor.h.gsskex openssh-7.2p1/monitor.h
MONITOR_REQ_PAM_START = 100,
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
diff -up openssh-7.2p1/monitor_wrap.c.gsskex openssh-7.2p1/monitor_wrap.c
--- openssh-7.2p1/monitor_wrap.c.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor_wrap.c 2016-02-19 10:01:04.869969322 +0100
@@ -1087,7 +1087,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
diff -up openssh-7.4p1/monitor_wrap.c.gsskex openssh-7.4p1/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.gsskex 2016-12-23 13:38:53.687300997 +0100
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 13:38:53.729301005 +0100
@@ -943,7 +943,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
}
int
@ -1892,7 +1880,7 @@ diff -up openssh-7.2p1/monitor_wrap.c.gsskex openssh-7.2p1/monitor_wrap.c
{
Buffer m;
int authenticated = 0;
@@ -1104,5 +1104,50 @@ mm_ssh_gssapi_userok(char *user)
@@ -960,5 +960,50 @@ mm_ssh_gssapi_userok(char *user)
debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
return (authenticated);
}
@ -1943,10 +1931,10 @@ diff -up openssh-7.2p1/monitor_wrap.c.gsskex openssh-7.2p1/monitor_wrap.c
+
#endif /* GSSAPI */
diff -up openssh-7.2p1/monitor_wrap.h.gsskex openssh-7.2p1/monitor_wrap.h
--- openssh-7.2p1/monitor_wrap.h.gsskex 2016-02-19 10:01:04.830969345 +0100
+++ openssh-7.2p1/monitor_wrap.h 2016-02-19 10:01:04.869969322 +0100
@@ -61,8 +61,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K
diff -up openssh-7.4p1/monitor_wrap.h.gsskex openssh-7.4p1/monitor_wrap.h
--- openssh-7.4p1/monitor_wrap.h.gsskex 2016-12-23 13:38:53.687300997 +0100
+++ openssh-7.4p1/monitor_wrap.h 2016-12-23 13:38:53.729301005 +0100
@@ -58,8 +58,10 @@ int mm_key_verify(Key *, u_char *, u_int
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
@ -1958,10 +1946,10 @@ diff -up openssh-7.2p1/monitor_wrap.h.gsskex openssh-7.2p1/monitor_wrap.h
#endif
#ifdef USE_PAM
diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c
--- openssh-7.2p1/readconf.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/readconf.c 2016-02-19 10:01:04.870969322 +0100
@@ -148,6 +148,8 @@ typedef enum {
diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c
--- openssh-7.4p1/readconf.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/readconf.c 2016-12-23 13:38:53.730301005 +0100
@@ -160,6 +160,8 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@ -1970,7 +1958,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
@@ -193,10 +195,19 @@ static struct {
@@ -205,10 +207,19 @@ static struct {
{ "afstokenpassing", oUnsupported },
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
@ -1990,7 +1978,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
@@ -926,10 +937,30 @@ parse_time:
@@ -961,10 +972,30 @@ parse_time:
intptr = &options->gss_authentication;
goto parse_flag;
@ -2021,7 +2009,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
@@ -1648,7 +1679,12 @@ initialize_options(Options * options)
@@ -1776,7 +1807,12 @@ initialize_options(Options * options)
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
@ -2034,7 +2022,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
@@ -1777,8 +1813,14 @@ fill_default_options(Options * options)
@@ -1920,8 +1956,14 @@ fill_default_options(Options * options)
options->challenge_response_authentication = 1;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@ -2049,9 +2037,9 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
diff -up openssh-7.2p1/readconf.h.gsskex openssh-7.2p1/readconf.h
--- openssh-7.2p1/readconf.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/readconf.h 2016-02-19 10:01:04.870969322 +0100
diff -up openssh-7.4p1/readconf.h.gsskex openssh-7.4p1/readconf.h
--- openssh-7.4p1/readconf.h.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/readconf.h 2016-12-23 13:38:53.730301005 +0100
@@ -45,7 +45,12 @@ typedef struct {
int challenge_response_authentication;
/* Try S/Key or TIS, authentication. */
@ -2065,9 +2053,9 @@ diff -up openssh-7.2p1/readconf.h.gsskex openssh-7.2p1/readconf.h
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
diff -up openssh/regress/cert-hostkey.sh.gsskex openssh/regress/cert-hostkey.sh
--- openssh/regress/cert-hostkey.sh.gsskex 2016-07-25 14:11:42.986324181 +0200
+++ openssh/regress/cert-hostkey.sh 2016-07-25 14:15:17.784274722 +0200
diff -up openssh-7.4p1/regress/cert-hostkey.sh.gsskex openssh-7.4p1/regress/cert-hostkey.sh
--- openssh-7.4p1/regress/cert-hostkey.sh.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/regress/cert-hostkey.sh 2016-12-23 13:38:53.731301006 +0100
@@ -59,7 +59,7 @@ touch $OBJ/host_revoked_plain
touch $OBJ/host_revoked_cert
cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
@ -2077,9 +2065,9 @@ diff -up openssh/regress/cert-hostkey.sh.gsskex openssh/regress/cert-hostkey.sh
if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
diff -up openssh/regress/cert-userkey.sh.gsskex openssh/regress/cert-userkey.sh
--- openssh/regress/cert-userkey.sh.gsskex 2016-07-25 14:11:42.986324181 +0200
+++ openssh/regress/cert-userkey.sh 2016-07-25 14:15:36.769270354 +0200
diff -up openssh-7.4p1/regress/cert-userkey.sh.gsskex openssh-7.4p1/regress/cert-userkey.sh
--- openssh-7.4p1/regress/cert-userkey.sh.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/regress/cert-userkey.sh 2016-12-23 13:38:53.731301006 +0100
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
@ -2089,9 +2077,9 @@ diff -up openssh/regress/cert-userkey.sh.gsskex openssh/regress/cert-userkey.sh
if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
diff -up openssh/regress/kextype.sh.gsskex openssh/regress/kextype.sh
--- openssh/regress/kextype.sh.gsskex 2016-07-24 13:50:13.000000000 +0200
+++ openssh/regress/kextype.sh 2016-07-25 14:11:42.987324180 +0200
diff -up openssh-7.4p1/regress/kextype.sh.gsskex openssh-7.4p1/regress/kextype.sh
--- openssh-7.4p1/regress/kextype.sh.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/regress/kextype.sh 2016-12-23 13:38:53.731301006 +0100
@@ -14,6 +14,9 @@ echo "KexAlgorithms=$KEXOPT" >> $OBJ/ssh
tries="1 2 3 4"
@ -2102,9 +2090,9 @@ diff -up openssh/regress/kextype.sh.gsskex openssh/regress/kextype.sh
verbose "kex $k"
for i in $tries; do
${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true
diff -up openssh-7.2p1/regress/rekey.sh.gsskex openssh-7.2p1/regress/rekey.sh
--- openssh-7.2p1/regress/rekey.sh.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/regress/rekey.sh 2016-02-19 10:01:04.870969322 +0100
diff -up openssh-7.4p1/regress/rekey.sh.gsskex openssh-7.4p1/regress/rekey.sh
--- openssh-7.4p1/regress/rekey.sh.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/regress/rekey.sh 2016-12-23 13:38:53.731301006 +0100
@@ -38,6 +38,9 @@ increase_datafile_size 300
opts=""
@ -2125,10 +2113,10 @@ diff -up openssh-7.2p1/regress/rekey.sh.gsskex openssh-7.2p1/regress/rekey.sh
verbose "client rekey $c $kex"
ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c
done
diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
--- openssh-7.2p1/servconf.c.gsskex 2016-02-19 10:01:04.857969329 +0100
+++ openssh-7.2p1/servconf.c 2016-02-19 10:01:04.870969322 +0100
@@ -117,8 +117,10 @@ initialize_server_options(ServerOptions
diff -up openssh-7.4p1/servconf.c.gsskex openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.gsskex 2016-12-23 13:38:53.717301003 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 13:38:53.732301006 +0100
@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions
options->kerberos_ticket_cleanup = -1;
options->kerberos_get_afs_token = -1;
options->gss_authentication=-1;
@ -2139,7 +2127,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
@@ -288,10 +290,14 @@ fill_default_server_options(ServerOption
@@ -268,10 +270,14 @@ fill_default_server_options(ServerOption
options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@ -2154,7 +2142,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -422,7 +428,7 @@ typedef enum {
@@ -410,7 +416,7 @@ typedef enum {
sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@ -2163,7 +2151,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
@@ -496,11 +502,17 @@ static struct {
@@ -484,11 +490,17 @@ static struct {
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
@ -2181,7 +2169,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
@@ -1246,6 +1258,10 @@ process_server_config_line(ServerOptions
@@ -1211,6 +1223,10 @@ process_server_config_line(ServerOptions
intptr = &options->gss_authentication;
goto parse_flag;
@ -2192,7 +2180,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
goto parse_flag;
@@ -1254,6 +1270,10 @@ process_server_config_line(ServerOptions
@@ -1219,6 +1235,10 @@ process_server_config_line(ServerOptions
intptr = &options->gss_strict_acceptor;
goto parse_flag;
@ -2203,7 +2191,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
@@ -2274,6 +2294,9 @@ dump_config(ServerOptions *o)
@@ -2257,6 +2277,9 @@ dump_config(ServerOptions *o)
#ifdef GSSAPI
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
@ -2213,10 +2201,10 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c
#endif
dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
dump_cfg_fmtint(sKbdInteractiveAuthentication,
diff -up openssh-7.2p1/servconf.h.gsskex openssh-7.2p1/servconf.h
--- openssh-7.2p1/servconf.h.gsskex 2016-02-19 10:01:04.857969329 +0100
+++ openssh-7.2p1/servconf.h 2016-02-19 10:01:04.871969321 +0100
@@ -118,8 +118,10 @@ typedef struct {
diff -up openssh-7.4p1/servconf.h.gsskex openssh-7.4p1/servconf.h
--- openssh-7.4p1/servconf.h.gsskex 2016-12-23 13:38:53.717301003 +0100
+++ openssh-7.4p1/servconf.h 2016-12-23 13:38:53.732301006 +0100
@@ -112,8 +112,10 @@ typedef struct {
int kerberos_get_afs_token; /* If true, try to get AFS token if
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
@ -2227,31 +2215,26 @@ diff -up openssh-7.2p1/servconf.h.gsskex openssh-7.2p1/servconf.h
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
diff -up openssh-7.2p1/ssh_config.5.gsskex openssh-7.2p1/ssh_config.5
--- openssh-7.2p1/ssh_config.5.gsskex 2016-02-19 10:01:04.871969321 +0100
+++ openssh-7.2p1/ssh_config.5 2016-02-19 10:05:58.630146245 +0100
@@ -824,10 +824,40 @@ The default is
diff -up openssh-7.4p1/ssh_config.5.gsskex openssh-7.4p1/ssh_config.5
--- openssh-7.4p1/ssh_config.5.gsskex 2016-12-23 13:38:53.732301006 +0100
+++ openssh-7.4p1/ssh_config.5 2016-12-23 13:48:00.502331870 +0100
@@ -748,10 +748,40 @@ The default is
Specifies whether user authentication based on GSSAPI is allowed.
The default is
.Dq no .
.Cm no .
+.It Cm GSSAPIClientIdentity
+If set, specifies the GSSAPI client identity that ssh should use when
+connecting to the server. The default is unset, which means that the default
+identity will be used.
.It Cm GSSAPIDelegateCredentials
Forward (delegate) credentials to the server.
The default is
.Cm no .
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI may be used. When using
+GSSAPI key exchange the server need not have a host key.
+The default is
+.Dq no .
+.It Cm GSSAPIClientIdentity
+If set, specifies the GSSAPI client identity that ssh should use when
+connecting to the server. The default is unset, which means that the default
+identity will be used.
+.It Cm GSSAPIServerIdentity
+If set, specifies the GSSAPI server identity that ssh should expect when
+connecting to the server. The default is unset, which means that the
+expected GSSAPI server identity will be determined from the target
+hostname.
.It Cm GSSAPIDelegateCredentials
Forward (delegate) credentials to the server.
The default is
.Dq no .
+.It Cm GSSAPIRenewalForcesRekey
+If set to
+.Dq yes
@ -2260,6 +2243,11 @@ diff -up openssh-7.2p1/ssh_config.5.gsskex openssh-7.2p1/ssh_config.5
+credentials to a session on the server.
+The default is
+.Dq no .
+.It Cm GSSAPIServerIdentity
+If set, specifies the GSSAPI server identity that ssh should expect when
+connecting to the server. The default is unset, which means that the
+expected GSSAPI server identity will be determined from the target
+hostname.
+.It Cm GSSAPITrustDns
+Set to
+.Dq yes to indicate that the DNS is trusted to securely canonicalize
@ -2271,9 +2259,9 @@ diff -up openssh-7.2p1/ssh_config.5.gsskex openssh-7.2p1/ssh_config.5
.It Cm HashKnownHosts
Indicates that
.Xr ssh 1
diff -up openssh-7.2p1/ssh_config.gsskex openssh-7.2p1/ssh_config
--- openssh-7.2p1/ssh_config.gsskex 2016-02-19 10:01:04.852969332 +0100
+++ openssh-7.2p1/ssh_config 2016-02-19 10:01:04.871969321 +0100
diff -up openssh-7.4p1/ssh_config.gsskex openssh-7.4p1/ssh_config
--- openssh-7.4p1/ssh_config.gsskex 2016-12-23 13:38:53.708301001 +0100
+++ openssh-7.4p1/ssh_config 2016-12-23 13:38:53.733301006 +0100
@@ -26,6 +26,8 @@
# HostbasedAuthentication no
# GSSAPIAuthentication no
@ -2283,10 +2271,10 @@ diff -up openssh-7.2p1/ssh_config.gsskex openssh-7.2p1/ssh_config
# BatchMode no
# CheckHostIP yes
# AddressFamily any
diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
--- openssh-7.2p1/sshconnect2.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/sshconnect2.c 2016-02-19 10:01:04.872969321 +0100
@@ -161,9 +161,34 @@ ssh_kex2(char *host, struct sockaddr *ho
diff -up openssh-7.4p1/sshconnect2.c.gsskex openssh-7.4p1/sshconnect2.c
--- openssh-7.4p1/sshconnect2.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshconnect2.c 2016-12-23 13:38:53.733301006 +0100
@@ -162,9 +162,34 @@ ssh_kex2(char *host, struct sockaddr *ho
struct kex *kex;
int r;
@ -2321,7 +2309,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
fatal("%s: kex_names_cat", __func__);
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
@@ -195,6 +220,17 @@ ssh_kex2(char *host, struct sockaddr *ho
@@ -192,6 +217,17 @@ ssh_kex2(char *host, struct sockaddr *ho
order_hostkeyalgs(host, hostaddr, port));
}
@ -2379,7 +2367,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
#endif
void userauth(Authctxt *, char *);
@@ -326,6 +383,11 @@ static char *authmethods_get(void);
@@ -327,6 +384,11 @@ static char *authmethods_get(void);
Authmethod authmethods[] = {
#ifdef GSSAPI
@ -2391,7 +2379,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
{"gssapi-with-mic",
userauth_gssapi,
NULL,
@@ -656,19 +718,31 @@ userauth_gssapi(Authctxt *authctxt)
@@ -652,19 +714,31 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
@ -2425,7 +2413,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
ok = 1; /* Mechanism works */
} else {
mech++;
@@ -765,8 +839,8 @@ input_gssapi_response(int type, u_int32_
@@ -761,8 +835,8 @@ input_gssapi_response(int type, u_int32_
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
@ -2436,7 +2424,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c
if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context");
@@ -879,6 +953,48 @@ input_gssapi_error(int type, u_int32_t p
@@ -875,6 +949,48 @@ input_gssapi_error(int type, u_int32_t p
free(lang);
return 0;
}
@ -2509,21 +2497,17 @@ diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c
sshbuf_free(buf);
}
@@ -1845,10 +1846,13 @@ main(int ac, char **av)
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
@@ -1739,7 +1740,8 @@ main(int ac, char **av)
key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp);
free(fp);
}
+#ifndef GSSAPI
- if (!sensitive_data.have_ssh2_key) {
+ /* The GSSAPI key exchange can run without a host key */
if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
logit("Disabling protocol version 2. Could not load host key");
options.protocol &= ~SSH_PROTO_2;
}
+#endif
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
+ if (!sensitive_data.have_ssh2_key && !options.gss_keyex) {
logit("sshd: no hostkeys available -- exiting.");
exit(1);
@@ -2586,6 +2590,48 @@ do_ssh2_kex(void)
}
@@ -2196,6 +2198,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
list_hostkey_types());
@ -2572,7 +2556,7 @@ diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c
/* start key exchange */
if ((r = kex_setup(active_state, myproposal)) != 0)
fatal("kex_setup: %s", ssh_err(r));
@@ -2600,6 +2646,13 @@ do_ssh2_kex(void)
@@ -2213,6 +2257,13 @@ do_ssh2_kex(void)
# endif
#endif
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@ -2586,25 +2570,25 @@ diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
diff -up openssh-7.2p1/sshd_config.5.gsskex openssh-7.2p1/sshd_config.5
--- openssh-7.2p1/sshd_config.5.gsskex 2016-02-19 10:01:04.858969329 +0100
+++ openssh-7.2p1/sshd_config.5 2016-02-19 10:06:26.651172355 +0100
@@ -623,6 +623,11 @@ The default is
Specifies whether user authentication based on GSSAPI is allowed.
diff -up openssh-7.4p1/sshd_config.5.gsskex openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.gsskex 2016-12-23 13:38:53.734301006 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 13:48:57.825310358 +0100
@@ -628,6 +628,11 @@ Specifies whether to automatically destr
on logout.
The default is
.Dq no .
.Cm yes .
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
+doesn't rely on ssh keys to verify host identity.
+The default is
+.Dq no .
.It Cm GSSAPICleanupCredentials
Specifies whether to automatically destroy the user's credentials cache
on logout.
@@ -643,6 +648,11 @@ machine's default store.
.It Cm GSSAPIStrictAcceptorCheck
Determines whether to be strict about the identity of the GSSAPI acceptor
a client authenticates against.
@@ -642,6 +647,11 @@ machine's default store.
This facility is provided to assist with operation on multi homed machines.
The default is
.Dq yes .
.Cm yes .
+.It Cm GSSAPIStoreCredentialsOnRekey
+Controls whether the user's GSSAPI credentials should be updated following a
+successful connection rekeying. This option can be used to accepted renewed
@ -2613,10 +2597,10 @@ diff -up openssh-7.2p1/sshd_config.5.gsskex openssh-7.2p1/sshd_config.5
.It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication
as a comma-separated pattern list.
diff -up openssh-7.2p1/sshd_config.gsskex openssh-7.2p1/sshd_config
--- openssh-7.2p1/sshd_config.gsskex 2016-02-19 10:01:04.860969328 +0100
+++ openssh-7.2p1/sshd_config 2016-02-19 10:01:04.873969320 +0100
@@ -91,6 +91,8 @@ ChallengeResponseAuthentication no
diff -up openssh-7.4p1/sshd_config.gsskex openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.gsskex 2016-12-23 13:38:53.719301003 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 13:38:53.734301006 +0100
@@ -77,6 +77,8 @@ ChallengeResponseAuthentication no
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
@ -2625,9 +2609,9 @@ diff -up openssh-7.2p1/sshd_config.gsskex openssh-7.2p1/sshd_config
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
diff -up openssh-7.2p1/ssh-gss.h.gsskex openssh-7.2p1/ssh-gss.h
--- openssh-7.2p1/ssh-gss.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/ssh-gss.h 2016-02-19 10:01:04.873969320 +0100
diff -up openssh-7.4p1/ssh-gss.h.gsskex openssh-7.4p1/ssh-gss.h
--- openssh-7.4p1/ssh-gss.h.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-gss.h 2016-12-23 13:38:53.734301006 +0100
@@ -1,6 +1,6 @@
/* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
/*
@ -2727,10 +2711,10 @@ diff -up openssh-7.2p1/ssh-gss.h.gsskex openssh-7.2p1/ssh-gss.h
#endif /* GSSAPI */
#endif /* _SSH_GSS_H */
diff -up openssh-7.2p1/sshkey.c.gsskex openssh-7.2p1/sshkey.c
--- openssh-7.2p1/sshkey.c.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/sshkey.c 2016-02-19 10:01:04.874969320 +0100
@@ -115,6 +115,7 @@ static const struct keytype keytypes[] =
diff -up openssh-7.4p1/sshkey.c.gsskex openssh-7.4p1/sshkey.c
--- openssh-7.4p1/sshkey.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshkey.c 2016-12-23 13:38:53.735301006 +0100
@@ -114,6 +114,7 @@ static const struct keytype keytypes[] =
# endif /* OPENSSL_HAS_NISTP521 */
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
@ -2738,9 +2722,9 @@ diff -up openssh-7.2p1/sshkey.c.gsskex openssh-7.2p1/sshkey.c
{ NULL, NULL, -1, -1, 0, 0 }
};
diff -up openssh-7.2p1/sshkey.h.gsskex openssh-7.2p1/sshkey.h
--- openssh-7.2p1/sshkey.h.gsskex 2016-02-12 11:47:25.000000000 +0100
+++ openssh-7.2p1/sshkey.h 2016-02-19 10:01:04.874969320 +0100
diff -up openssh-7.4p1/sshkey.h.gsskex openssh-7.4p1/sshkey.h
--- openssh-7.4p1/sshkey.h.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshkey.h 2016-12-23 13:38:53.735301006 +0100
@@ -62,6 +62,7 @@ enum sshkey_types {
KEY_DSA_CERT,
KEY_ECDSA_CERT,
@ -2749,11 +2733,18 @@ diff -up openssh-7.2p1/sshkey.h.gsskex openssh-7.2p1/sshkey.h
KEY_UNSPEC
};
diff --git a/auth.c b/auth.c
index e0f7639..a5a346e 100644
--- a/auth.c
+++ b/auth.c
@@ -784,99 +784,6 @@ fakepw(void)
diff -up openssh-7.4p1/auth.c.gsskex openssh-7.4p1/auth.c
--- openssh-7.4p1/auth.c.gsskex 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth.c 2016-12-23 13:38:53.735301006 +0100
@@ -372,6 +372,7 @@ auth_root_allowed(const char *method)
case PERMIT_NO_PASSWD:
if (strcmp(method, "publickey") == 0 ||
strcmp(method, "hostbased") == 0 ||
+ strcmp(method, "gssapi-keyex") == 0 ||
strcmp(method, "gssapi-with-mic") == 0)
return 1;
break;
@@ -795,99 +796,6 @@ fakepw(void)
}
/*
@ -2853,11 +2844,10 @@ index e0f7639..a5a346e 100644
* Return the canonical name of the host in the other side of the current
* connection. The host name is cached, so it is efficient to call this
* several times.
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 80729b3..93a1b04 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -32,6 +32,8 @@
diff -up openssh-7.4p1/openbsd-compat/port-linux.c.gsskex openssh-7.4p1/openbsd-compat/port-linux.c
--- openssh-7.4p1/openbsd-compat/port-linux.c.gsskex 2016-12-23 13:38:53.688300997 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.c 2016-12-23 13:38:53.735301006 +0100
@@ -30,6 +30,8 @@
#include "log.h"
#include "xmalloc.h"
#include "port-linux.h"
@ -2866,7 +2856,7 @@ index 80729b3..93a1b04 100644
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
@@ -286,4 +288,121 @@ oom_adjust_restore(void)
@@ -279,4 +281,121 @@ oom_adjust_restore(void)
return;
}
#endif /* LINUX_OOM_ADJUST */
@ -2988,11 +2978,10 @@ index 80729b3..93a1b04 100644
+ }
+}
#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index e2ca8a1..6c5ac3f 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -18,6 +18,7 @@
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.gsskex openssh-7.4p1/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.gsskex 2016-12-23 13:38:53.712301002 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 13:38:53.735301006 +0100
@@ -16,6 +16,7 @@
#ifndef _PORT_LINUX_H
#define _PORT_LINUX_H
@ -3000,7 +2989,7 @@ index e2ca8a1..6c5ac3f 100644
#ifdef WITH_SELINUX
int ssh_selinux_enabled(void);
@@ -39,4 +40,8 @@ void oom_adjust_setup(void);
@@ -36,4 +37,8 @@ void oom_adjust_setup(void);
void linux_seed(void);
@ -3009,18 +2998,3 @@ index e2ca8a1..6c5ac3f 100644
+
+
#endif /* ! _PORT_LINUX_H */
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 3e6f982..4c2653f 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -213,6 +213,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_write
SC_ALLOW(write),
#endif
+#ifdef __NR_futex
+ SC_ALLOW(futex), /* for GSSAPI Kex */
+#endif
#ifdef __NR_socketcall
SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
#endif

View File

@ -1,14 +1,10 @@
diff --git a/sshd.c b/sshd.c
--- a/sshd.c
+++ b/sshd.c
@@ -1701,6 +1701,14 @@ main(int ac, char **av)
@@ -1701,6 +1701,10 @@ main(int ac, char **av)
parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
&cfg, NULL);
+ /* 'UseLogin yes' is not supported in Fedora */
+ if (options.use_login == 1)
+ logit("WARNING: 'UseLogin yes' is not supported in Fedora and may cause several problems.");
+
+ /* 'UsePAM no' is not supported in Fedora */
+ if (! options.use_pam)
+ logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.");
@ -28,12 +24,3 @@ diff --git a/sshd_config b/sshd_config
UsePAM yes
#AllowAgentForwarding yes
@@ -113,6 +115,8 @@ X11Forwarding yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
+# WARNING: 'UseLogin yes' is not supported in Fedora and may cause several
+# problems.
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no

View File

@ -1,6 +1,6 @@
diff -up openssh-7.2p2/auth2.c.expose-pam openssh-7.2p2/auth2.c
--- openssh-7.2p2/auth2.c.expose-pam 2016-07-18 12:30:12.064783302 +0200
+++ openssh-7.2p2/auth2.c 2016-07-18 12:30:12.124783255 +0200
diff -up openssh-7.4p1/auth2.c.expose-pam openssh-7.4p1/auth2.c
--- openssh-7.4p1/auth2.c.expose-pam 2016-12-23 15:40:26.768447868 +0100
+++ openssh-7.4p1/auth2.c 2016-12-23 15:40:26.818447876 +0100
@@ -310,6 +310,7 @@ userauth_finish(Authctxt *authctxt, int
const char *submethod)
{
@ -28,9 +28,9 @@ diff -up openssh-7.2p2/auth2.c.expose-pam openssh-7.2p2/auth2.c
#ifdef USE_PAM
if (options.use_pam && authenticated) {
if (!PRIVSEP(do_pam_account())) {
diff -up openssh-7.2p2/auth2-gss.c.expose-pam openssh-7.2p2/auth2-gss.c
--- openssh-7.2p2/auth2-gss.c.expose-pam 2016-07-18 12:30:12.123783256 +0200
+++ openssh-7.2p2/auth2-gss.c 2016-07-18 12:32:08.034692086 +0200
diff -up openssh-7.4p1/auth2-gss.c.expose-pam openssh-7.4p1/auth2-gss.c
--- openssh-7.4p1/auth2-gss.c.expose-pam 2016-12-23 15:40:26.769447868 +0100
+++ openssh-7.4p1/auth2-gss.c 2016-12-23 15:40:26.818447876 +0100
@@ -276,6 +276,9 @@ input_gssapi_exchange_complete(int type,
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
authctxt->pw));
@ -51,9 +51,9 @@ diff -up openssh-7.2p2/auth2-gss.c.expose-pam openssh-7.2p2/auth2-gss.c
buffer_free(&b);
if (micuser != authctxt->user)
free(micuser);
diff -up openssh-7.2p2/auth2-hostbased.c.expose-pam openssh-7.2p2/auth2-hostbased.c
--- openssh-7.2p2/auth2-hostbased.c.expose-pam 2016-07-18 12:30:12.027783331 +0200
+++ openssh-7.2p2/auth2-hostbased.c 2016-07-18 12:30:12.124783255 +0200
diff -up openssh-7.4p1/auth2-hostbased.c.expose-pam openssh-7.4p1/auth2-hostbased.c
--- openssh-7.4p1/auth2-hostbased.c.expose-pam 2016-12-23 15:40:26.731447862 +0100
+++ openssh-7.4p1/auth2-hostbased.c 2016-12-23 15:40:26.818447876 +0100
@@ -60,7 +60,7 @@ userauth_hostbased(Authctxt *authctxt)
{
Buffer b;
@ -88,9 +88,9 @@ diff -up openssh-7.2p2/auth2-hostbased.c.expose-pam openssh-7.2p2/auth2-hostbase
buffer_free(&b);
done:
diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c
--- openssh-7.2p2/auth2-pubkey.c.expose-pam 2016-07-18 12:30:12.039783322 +0200
+++ openssh-7.2p2/auth2-pubkey.c 2016-07-18 12:30:12.124783255 +0200
diff -up openssh-7.4p1/auth2-pubkey.c.expose-pam openssh-7.4p1/auth2-pubkey.c
--- openssh-7.4p1/auth2-pubkey.c.expose-pam 2016-12-23 15:40:26.746447864 +0100
+++ openssh-7.4p1/auth2-pubkey.c 2016-12-23 15:40:26.819447876 +0100
@@ -79,7 +79,7 @@ userauth_pubkey(Authctxt *authctxt)
{
Buffer b;
@ -100,7 +100,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
@@ -173,7 +173,8 @@ userauth_pubkey(Authctxt *authctxt)
@@ -177,7 +177,8 @@ userauth_pubkey(Authctxt *authctxt)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
@ -110,7 +110,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c
/* test for correct signature */
authenticated = 0;
@@ -181,9 +182,12 @@ userauth_pubkey(Authctxt *authctxt)
@@ -185,9 +186,12 @@ userauth_pubkey(Authctxt *authctxt)
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1) {
authenticated = 1;
@ -123,7 +123,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c
}
buffer_free(&b);
free(sig);
@@ -224,7 +228,7 @@ done:
@@ -228,7 +232,7 @@ done:
void
pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
{
@ -132,7 +132,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c
va_list ap;
int i;
@@ -234,27 +238,13 @@ pubkey_auth_info(Authctxt *authctxt, con
@@ -238,27 +242,13 @@ pubkey_auth_info(Authctxt *authctxt, con
i = vasprintf(&extra, fmt, ap);
va_end(ap);
if (i < 0 || extra == NULL)
@ -165,9 +165,9 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c
free(extra);
}
diff -up openssh-7.2p2/auth.h.expose-pam openssh-7.2p2/auth.h
--- openssh-7.2p2/auth.h.expose-pam 2016-07-18 12:30:12.077783292 +0200
+++ openssh-7.2p2/auth.h 2016-07-18 12:30:12.123783256 +0200
diff -up openssh-7.4p1/auth.h.expose-pam openssh-7.4p1/auth.h
--- openssh-7.4p1/auth.h.expose-pam 2016-12-23 15:40:26.782447870 +0100
+++ openssh-7.4p1/auth.h 2016-12-23 15:40:26.819447876 +0100
@@ -84,6 +84,9 @@ struct Authctxt {
struct sshkey **prev_userkeys;
@ -178,10 +178,10 @@ diff -up openssh-7.2p2/auth.h.expose-pam openssh-7.2p2/auth.h
};
/*
* Every authentication method has to handle authentication requests for
diff -up openssh-7.2p2/auth-pam.c.expose-pam openssh-7.2p2/auth-pam.c
--- openssh-7.2p2/auth-pam.c.expose-pam 2016-07-18 12:30:12.026783332 +0200
+++ openssh-7.2p2/auth-pam.c 2016-07-18 12:30:12.123783256 +0200
@@ -689,6 +689,11 @@ sshpam_init_ctx(Authctxt *authctxt)
diff -up openssh-7.4p1/auth-pam.c.expose-pam openssh-7.4p1/auth-pam.c
--- openssh-7.4p1/auth-pam.c.expose-pam 2016-12-23 15:40:26.731447862 +0100
+++ openssh-7.4p1/auth-pam.c 2016-12-23 15:40:26.819447876 +0100
@@ -688,6 +688,11 @@ sshpam_init_ctx(Authctxt *authctxt)
return (NULL);
}
@ -193,9 +193,9 @@ diff -up openssh-7.2p2/auth-pam.c.expose-pam openssh-7.2p2/auth-pam.c
ctxt = xcalloc(1, sizeof *ctxt);
/* Start the authentication thread */
diff -up openssh-7.2p2/gss-serv.c.expose-pam openssh-7.2p2/gss-serv.c
--- openssh-7.2p2/gss-serv.c.expose-pam 2016-07-18 12:30:12.124783255 +0200
+++ openssh-7.2p2/gss-serv.c 2016-07-18 12:33:08.835644264 +0200
diff -up openssh-7.4p1/gss-serv.c.expose-pam openssh-7.4p1/gss-serv.c
--- openssh-7.4p1/gss-serv.c.expose-pam 2016-12-23 15:40:26.808447874 +0100
+++ openssh-7.4p1/gss-serv.c 2016-12-23 15:40:26.819447876 +0100
@@ -441,6 +441,16 @@ ssh_gssapi_do_child(char ***envp, u_int
}
@ -213,10 +213,10 @@ diff -up openssh-7.2p2/gss-serv.c.expose-pam openssh-7.2p2/gss-serv.c
int
ssh_gssapi_userok(char *user, struct passwd *pw)
{
diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c
--- openssh-7.2p2/monitor.c.expose-pam 2016-07-18 12:30:12.093783279 +0200
+++ openssh-7.2p2/monitor.c 2016-07-18 12:30:12.124783255 +0200
@@ -349,6 +349,7 @@ monitor_child_preauth(Authctxt *_authctx
diff -up openssh-7.4p1/monitor.c.expose-pam openssh-7.4p1/monitor.c
--- openssh-7.4p1/monitor.c.expose-pam 2016-12-23 15:40:26.794447872 +0100
+++ openssh-7.4p1/monitor.c 2016-12-23 15:41:16.473455863 +0100
@@ -300,6 +300,7 @@ monitor_child_preauth(Authctxt *_authctx
{
struct mon_table *ent;
int authenticated = 0, partial = 0;
@ -224,7 +224,7 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c
debug3("preauth child monitor started");
@@ -386,6 +387,18 @@ monitor_child_preauth(Authctxt *_authctx
@@ -330,6 +331,18 @@ monitor_child_preauth(Authctxt *_authctx
auth_submethod = NULL;
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
@ -242,8 +242,8 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c
+
/* Special handling for multiple required authentications */
if (options.num_auth_methods != 0) {
if (!compat20)
@@ -1498,6 +1511,10 @@ mm_answer_keyverify(int sock, Buffer *m)
if (authenticated &&
@@ -1417,6 +1430,10 @@ mm_answer_keyverify(int sock, Buffer *m)
debug3("%s: key %p signature %s",
__func__, key, (verified == 1) ? "verified" : "unverified");
@ -254,7 +254,7 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c
/* If auth was successful then record key to ensure it isn't reused */
if (verified == 1 && key_blobtype == MM_USERKEY)
auth2_record_userkey(authctxt, key);
@@ -2140,6 +2157,9 @@ mm_answer_gss_userok(int sock, Buffer *m
@@ -1860,6 +1877,9 @@ mm_answer_gss_userok(int sock, Buffer *m
auth_method = "gssapi-with-mic";
@ -264,43 +264,43 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c
/* Monitor loop will terminate if authenticated */
return (authenticated);
}
diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c
--- openssh-7.2p2/servconf.c.expose-pam 2016-07-18 12:30:12.112783264 +0200
+++ openssh-7.2p2/servconf.c 2016-07-18 12:34:38.170574004 +0200
@@ -176,6 +176,7 @@ initialize_server_options(ServerOptions
options->fingerprint_hash = -1;
diff -up openssh-7.4p1/servconf.c.expose-pam openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.expose-pam 2016-12-23 15:40:26.810447875 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 15:44:04.691482920 +0100
@@ -171,6 +171,7 @@ initialize_server_options(ServerOptions
options->disable_forwarding = -1;
options->use_kuserok = -1;
options->enable_k5users = -1;
+ options->expose_auth_methods = -1;
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -374,6 +375,8 @@ fill_default_server_options(ServerOption
options->enable_k5users = 0;
if (options->use_kuserok == -1)
@@ -354,6 +355,8 @@ fill_default_server_options(ServerOption
options->use_kuserok = 1;
if (options->enable_k5users == -1)
options->enable_k5users = 0;
+ if (options->expose_auth_methods == -1)
+ options->expose_auth_methods = EXPOSE_AUTHMETH_NEVER;
assemble_algorithms(options);
@@ -451,6 +454,7 @@ typedef enum {
@@ -439,6 +442,7 @@ typedef enum {
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink,
sAllowStreamLocalForwarding, sFingerprintHash,
sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
+ sExposeAuthenticationMethods,
sDeprecated, sUnsupported
sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;
@@ -606,6 +610,7 @@ static struct {
{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
@@ -595,6 +599,7 @@ static struct {
{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
+ { "exposeauthenticationmethods", sExposeAuthenticationMethods, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -994,6 +999,12 @@ static const struct multistate multistat
@@ -984,6 +989,12 @@ static const struct multistate multistat
{ "local", FORWARD_LOCAL },
{ NULL, -1 }
};
@ -313,7 +313,7 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c
int
process_server_config_line(ServerOptions *options, char *line,
@@ -1918,6 +1929,11 @@ process_server_config_line(ServerOptions
@@ -1902,6 +1913,11 @@ process_server_config_line(ServerOptions
options->fingerprint_hash = value;
break;
@ -323,9 +323,9 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c
+ goto parse_multistate;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@@ -2076,6 +2092,7 @@ copy_set_server_options(ServerOptions *d
case sIgnore:
case sUnsupported:
@@ -2060,6 +2076,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(enable_k5users);
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
@ -333,16 +333,16 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c
/*
* The bind_mask is a mode_t that may be unsigned, so we can't use
@@ -2181,6 +2198,8 @@ fmt_intarg(ServerOpCodes code, int val)
@@ -2176,6 +2193,8 @@ fmt_intarg(ServerOpCodes code, int val)
return fmt_multistate_int(val, multistate_tcpfwd);
case sFingerprintHash:
return ssh_digest_alg_name(val);
+ case sExposeAuthenticationMethods:
+ return fmt_multistate_int(val, multistate_exposeauthmeth);
case sProtocol:
default:
switch (val) {
case SSH_PROTO_1:
@@ -2374,6 +2393,7 @@ dump_config(ServerOptions *o)
case 0:
@@ -2356,6 +2375,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
dump_cfg_fmtint(sGssEnablek5users, o->enable_k5users);
@ -350,9 +350,9 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
diff -up openssh-7.2p2/servconf.h.expose-pam openssh-7.2p2/servconf.h
--- openssh-7.2p2/servconf.h.expose-pam 2016-07-18 12:30:12.112783264 +0200
+++ openssh-7.2p2/servconf.h 2016-07-18 12:30:12.125783254 +0200
diff -up openssh-7.4p1/servconf.h.expose-pam openssh-7.4p1/servconf.h
--- openssh-7.4p1/servconf.h.expose-pam 2016-12-23 15:40:26.810447875 +0100
+++ openssh-7.4p1/servconf.h 2016-12-23 15:40:26.821447876 +0100
@@ -48,6 +48,11 @@
#define FORWARD_LOCAL (1<<1)
#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL)
@ -365,7 +365,7 @@ diff -up openssh-7.2p2/servconf.h.expose-pam openssh-7.2p2/servconf.h
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
@@ -201,6 +206,8 @@ typedef struct {
@@ -195,6 +200,8 @@ typedef struct {
char *auth_methods[MAX_AUTH_METHODS];
int fingerprint_hash;
@ -374,10 +374,10 @@ diff -up openssh-7.2p2/servconf.h.expose-pam openssh-7.2p2/servconf.h
} ServerOptions;
/* Information about the incoming connection as used by Match */
diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c
--- openssh-7.2p2/session.c.expose-pam 2016-07-18 12:30:12.120783258 +0200
+++ openssh-7.2p2/session.c 2016-07-18 12:30:12.125783254 +0200
@@ -1180,6 +1180,12 @@ copy_environment(char **source, char ***
diff -up openssh-7.4p1/session.c.expose-pam openssh-7.4p1/session.c
--- openssh-7.4p1/session.c.expose-pam 2016-12-23 15:40:26.794447872 +0100
+++ openssh-7.4p1/session.c 2016-12-23 15:40:26.821447876 +0100
@@ -997,6 +997,12 @@ copy_environment(char **source, char ***
}
*var_val++ = '\0';
@ -390,7 +390,7 @@ diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c
debug3("Copy environment: %s=%s", var_name, var_val);
child_set_env(env, envsize, var_name, var_val);
@@ -1359,6 +1365,11 @@ do_setup_env(Session *s, const char *she
@@ -1173,6 +1179,11 @@ do_setup_env(Session *s, const char *she
}
#endif /* USE_PAM */
@ -402,7 +402,7 @@ diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c
if (auth_sock_name != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_sock_name);
@@ -2798,6 +2809,9 @@ do_cleanup(Authctxt *authctxt)
@@ -2561,6 +2572,9 @@ do_cleanup(Authctxt *authctxt)
if (authctxt == NULL)
return;
@ -412,10 +412,10 @@ diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c
#ifdef USE_PAM
if (options.use_pam) {
sshpam_cleanup();
diff -up openssh-7.2p2/ssh.1.expose-pam openssh-7.2p2/ssh.1
--- openssh-7.2p2/ssh.1.expose-pam 2016-07-18 12:30:12.112783264 +0200
+++ openssh-7.2p2/ssh.1 2016-07-18 12:30:12.126783253 +0200
@@ -1396,6 +1396,10 @@ server IP address, and server port numbe
diff -up openssh-7.4p1/ssh.1.expose-pam openssh-7.4p1/ssh.1
--- openssh-7.4p1/ssh.1.expose-pam 2016-12-23 15:40:26.810447875 +0100
+++ openssh-7.4p1/ssh.1 2016-12-23 15:40:26.822447877 +0100
@@ -1421,6 +1421,10 @@ server IP address, and server port numbe
This variable contains the original command line if a forced command
is executed.
It can be used to extract the original arguments.
@ -426,13 +426,13 @@ diff -up openssh-7.2p2/ssh.1.expose-pam openssh-7.2p2/ssh.1
.It Ev SSH_TTY
This is set to the name of the tty (path to the device) associated
with the current shell or command.
diff -up openssh-7.2p2/sshd_config.5.expose-pam openssh-7.2p2/sshd_config.5
--- openssh-7.2p2/sshd_config.5.expose-pam 2016-07-18 12:30:12.113783263 +0200
+++ openssh-7.2p2/sshd_config.5 2016-07-18 12:30:12.126783253 +0200
@@ -570,6 +570,21 @@ and finally
See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
diff -up openssh-7.4p1/sshd_config.5.expose-pam openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.expose-pam 2016-12-23 15:40:26.822447877 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 15:45:22.411495421 +0100
@@ -570,6 +570,21 @@ Disables all forwarding features, includ
TCP and StreamLocal.
This option overrides all other forwarding-related options and may
simplify restricted configurations.
+.It Cm ExposeAuthenticationMethods
+When using SSH2, this option controls the exposure of the list of
+successful authentication methods to PAM during the authentication
@ -440,20 +440,20 @@ diff -up openssh-7.2p2/sshd_config.5.expose-pam openssh-7.2p2/sshd_config.5
+.Cm SSH_USER_AUTH
+variable. See the description of this variable for more details.
+Valid options are:
+.Dq never
+.Cm never
+(Do not expose successful authentication methods),
+.Dq pam-only
+.Cm pam-only
+(Only expose them to PAM during authentication, not afterwards),
+.Dq pam-and-env
+.Cm pam-and-env
+(Expose them to PAM and keep them in the shell environment).
+The default is
+.Dq never .
+.Cm never .
.It Cm FingerprintHash
Specifies the hash algorithm used when logging key fingerprints.
Valid options are:
diff -up openssh-7.2p2/ssh-gss.h.expose-pam openssh-7.2p2/ssh-gss.h
--- openssh-7.2p2/ssh-gss.h.expose-pam 2016-07-18 12:30:12.125783254 +0200
+++ openssh-7.2p2/ssh-gss.h 2016-07-18 12:35:01.906555328 +0200
diff -up openssh-7.4p1/ssh-gss.h.expose-pam openssh-7.4p1/ssh-gss.h
--- openssh-7.4p1/ssh-gss.h.expose-pam 2016-12-23 15:40:26.811447875 +0100
+++ openssh-7.4p1/ssh-gss.h 2016-12-23 15:40:26.823447877 +0100
@@ -159,6 +159,7 @@ int ssh_gssapi_server_check_mech(Gssctxt
const char *);
OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
@ -462,10 +462,10 @@ diff -up openssh-7.2p2/ssh-gss.h.expose-pam openssh-7.2p2/ssh-gss.h
OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
void ssh_gssapi_do_child(char ***, u_int *);
void ssh_gssapi_cleanup_creds(void);
diff -up openssh-7.2p2/sshkey.c.expose-pam openssh-7.2p2/sshkey.c
--- openssh-7.2p2/sshkey.c.expose-pam 2016-07-18 12:30:12.071783296 +0200
+++ openssh-7.2p2/sshkey.c 2016-07-18 12:30:12.126783253 +0200
@@ -58,6 +58,7 @@
diff -up openssh-7.4p1/sshkey.c.expose-pam openssh-7.4p1/sshkey.c
--- openssh-7.4p1/sshkey.c.expose-pam 2016-12-23 15:40:26.777447869 +0100
+++ openssh-7.4p1/sshkey.c 2016-12-23 15:40:26.823447877 +0100
@@ -57,6 +57,7 @@
#define SSHKEY_INTERNAL
#include "sshkey.h"
#include "match.h"
@ -473,7 +473,7 @@ diff -up openssh-7.2p2/sshkey.c.expose-pam openssh-7.2p2/sshkey.c
/* openssh private key file format */
#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
@@ -1190,6 +1191,30 @@ sshkey_fingerprint(const struct sshkey *
@@ -1191,6 +1192,30 @@ sshkey_fingerprint(const struct sshkey *
return retval;
}
@ -504,9 +504,9 @@ diff -up openssh-7.2p2/sshkey.c.expose-pam openssh-7.2p2/sshkey.c
#ifdef WITH_SSH1
/*
* Reads a multiple-precision integer in decimal from the buffer, and advances
diff -up openssh-7.2p2/sshkey.h.expose-pam openssh-7.2p2/sshkey.h
--- openssh-7.2p2/sshkey.h.expose-pam 2016-07-18 12:30:12.071783296 +0200
+++ openssh-7.2p2/sshkey.h 2016-07-18 12:30:12.127783252 +0200
diff -up openssh-7.4p1/sshkey.h.expose-pam openssh-7.4p1/sshkey.h
--- openssh-7.4p1/sshkey.h.expose-pam 2016-12-23 15:40:26.777447869 +0100
+++ openssh-7.4p1/sshkey.h 2016-12-23 15:40:26.823447877 +0100
@@ -124,6 +124,7 @@ char *sshkey_fingerprint(const struct s
int, enum sshkey_fp_rep);
int sshkey_fingerprint_raw(const struct sshkey *k,

View File

@ -1,48 +0,0 @@
From 28652bca29046f62c7045e933e6b931de1d16737 Mon Sep 17 00:00:00 2001
From: "markus@openbsd.org" <markus@openbsd.org>
Date: Mon, 19 Sep 2016 19:02:19 +0000
Subject: upstream commit
move inbound NEWKEYS handling to kex layer; otherwise
early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed
with & ok djm@
Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f
---
kex.c | 4 +++-
packet.c | 6 ++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/kex.c b/kex.c
index f4c130f..8800d40 100644
--- a/kex.c
+++ b/kex.c
@@ -425,6 +425,8 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
if ((r = sshpkt_get_end(ssh)) != 0)
return r;
+ if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
+ return r;
kex->done = 1;
sshbuf_reset(kex->peer);
/* sshbuf_reset(kex->my); */
diff --git a/packet.c b/packet.c
index 711091d..fb316ac 100644
--- a/packet.c
+++ b/packet.c
@@ -1907,9 +1907,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
return r;
return SSH_ERR_PROTOCOL_ERROR;
}
- if (*typep == SSH2_MSG_NEWKEYS)
- r = ssh_set_newkeys(ssh, MODE_IN);
- else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
+ if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
r = ssh_packet_enable_delayed_compress(ssh);
else
r = 0;
--
cgit v0.12
0

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
--- openssh-6.6p1/channels.c.x11max 2016-06-27 16:28:49.803631684 +0200
+++ openssh-6.6p1/channels.c 2016-06-27 16:28:49.814631678 +0200
@@ -138,8 +138,8 @@ static int all_opens_permitted = 0;
diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c
--- openssh-7.4p1/channels.c.x11max 2016-12-23 15:46:32.071506625 +0100
+++ openssh-7.4p1/channels.c 2016-12-23 15:46:32.139506636 +0100
@@ -152,8 +152,8 @@ static int all_opens_permitted = 0;
/* -- X11 forwarding */
@ -12,7 +12,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
/* Saved X11 local (client) display. */
static char *x11_saved_display = NULL;
@@ -3445,7 +3445,8 @@ channel_send_window_changes(void)
@@ -4228,7 +4228,8 @@ channel_send_window_changes(void)
*/
int
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
@ -22,7 +22,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
{
Channel *nc = NULL;
int display_number, sock;
@@ -3457,10 +3458,15 @@ x11_create_display_inet(int x11_display_
@@ -4240,10 +4241,15 @@ x11_create_display_inet(int x11_display_
if (chanids == NULL)
return -1;
@ -40,7 +40,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
@@ -3512,7 +3518,7 @@ x11_create_display_inet(int x11_display_
@@ -4295,7 +4301,7 @@ x11_create_display_inet(int x11_display_
if (num_socks > 0)
break;
}
@ -49,7 +49,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
error("Failed to allocate internet-domain X11 display socket.");
return -1;
}
@@ -3658,7 +3664,7 @@ x11_connect_display(void)
@@ -4441,7 +4447,7 @@ x11_connect_display(void)
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
@ -58,7 +58,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
error("%.100s: unknown host. (%s)", buf,
ssh_gai_strerror(gaierr));
@@ -3674,7 +3680,7 @@ x11_connect_display(void)
@@ -4457,7 +4463,7 @@ x11_connect_display(void)
/* Connect it to the display. */
if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
debug2("connect %.100s port %u: %.100s", buf,
@ -67,7 +67,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
close(sock);
continue;
}
@@ -3683,8 +3689,8 @@ x11_connect_display(void)
@@ -4466,8 +4472,8 @@ x11_connect_display(void)
}
freeaddrinfo(aitop);
if (!ai) {
@ -78,10 +78,10 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c
return -1;
}
set_nodelay(sock);
diff -up openssh-6.6p1/channels.h.x11max openssh-6.6p1/channels.h
--- openssh-6.6p1/channels.h.x11max 2016-06-27 16:28:49.814631678 +0200
+++ openssh-6.6p1/channels.h 2016-06-27 16:31:18.925557840 +0200
@@ -281,7 +281,7 @@ int permitopen_port(const char *);
diff -up openssh-7.4p1/channels.h.x11max openssh-7.4p1/channels.h
--- openssh-7.4p1/channels.h.x11max 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/channels.h 2016-12-23 15:46:32.139506636 +0100
@@ -293,7 +293,7 @@ int permitopen_port(const char *);
void channel_set_x11_refuse_time(u_int);
int x11_connect_display(void);
@ -90,10 +90,10 @@ diff -up openssh-6.6p1/channels.h.x11max openssh-6.6p1/channels.h
int x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *,
const char *, int);
diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c
--- openssh-6.6p1/servconf.c.x11max 2016-06-27 16:28:49.808631681 +0200
+++ openssh-6.6p1/servconf.c 2016-06-27 16:30:46.941573678 +0200
@@ -92,6 +92,7 @@ initialize_server_options(ServerOptions
diff -up openssh-7.4p1/servconf.c.x11max openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.x11max 2016-12-23 15:46:32.133506635 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 15:47:27.320519121 +0100
@@ -95,6 +95,7 @@ initialize_server_options(ServerOptions
options->print_lastlog = -1;
options->x11_forwarding = -1;
options->x11_display_offset = -1;
@ -101,7 +101,7 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c
options->x11_use_localhost = -1;
options->permit_tty = -1;
options->permit_user_rc = -1;
@@ -219,6 +220,8 @@ fill_default_server_options(ServerOption
@@ -243,6 +244,8 @@ fill_default_server_options(ServerOption
options->x11_forwarding = 0;
if (options->x11_display_offset == -1)
options->x11_display_offset = 10;
@ -110,16 +110,16 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c
if (options->x11_use_localhost == -1)
options->x11_use_localhost = 1;
if (options->xauth_location == NULL)
@@ -364,7 +367,7 @@ typedef enum {
@@ -419,7 +422,7 @@ typedef enum {
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
- sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
+ sX11Forwarding, sX11DisplayOffset, sX11MaxDisplays, sX11UseLocalhost,
sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
@@ -476,6 +479,7 @@ static struct {
@@ -540,6 +543,7 @@ static struct {
{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
{ "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
@ -127,9 +127,9 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c
{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
@@ -1202,6 +1206,10 @@ process_server_config_line(ServerOptions
intptr = &options->x11_display_offset;
goto parse_int;
@@ -1316,6 +1320,10 @@ process_server_config_line(ServerOptions
*intptr = value;
break;
+ case sX11MaxDisplays:
+ intptr = &options->x11_max_displays;
@ -138,7 +138,7 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c
case sX11UseLocalhost:
intptr = &options->x11_use_localhost;
goto parse_flag;
@@ -1889,6 +1897,7 @@ copy_set_server_options(ServerOptions *d
@@ -2063,6 +2071,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
@ -146,17 +146,17 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c
M_CP_INTOPT(x11_use_localhost);
M_CP_INTOPT(permit_tty);
M_CP_INTOPT(permit_user_rc);
@@ -2106,6 +2115,7 @@ dump_config(ServerOptions *o)
@@ -2315,6 +2324,7 @@ dump_config(ServerOptions *o)
#endif
dump_cfg_int(sLoginGraceTime, o->login_grace_time);
dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
+ dump_cfg_int(sX11MaxDisplays, o->x11_max_displays);
dump_cfg_int(sMaxAuthTries, o->max_authtries);
dump_cfg_int(sMaxSessions, o->max_sessions);
dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
diff -up openssh-6.6p1/servconf.h.x11max openssh-6.6p1/servconf.h
--- openssh-6.6p1/servconf.h.x11max 2016-06-27 16:28:49.809631681 +0200
+++ openssh-6.6p1/servconf.h 2016-06-27 16:28:49.815631678 +0200
diff -up openssh-7.4p1/servconf.h.x11max openssh-7.4p1/servconf.h
--- openssh-7.4p1/servconf.h.x11max 2016-12-23 15:46:32.133506635 +0100
+++ openssh-7.4p1/servconf.h 2016-12-23 15:46:32.140506636 +0100
@@ -55,6 +55,7 @@
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
@ -173,10 +173,10 @@ diff -up openssh-6.6p1/servconf.h.x11max openssh-6.6p1/servconf.h
int x11_use_localhost; /* If true, use localhost for fake X11 server. */
char *xauth_location; /* Location of xauth program */
int permit_tty; /* If false, deny pty allocation */
diff -up openssh-6.6p1/session.c.x11max openssh-6.6p1/session.c
--- openssh-6.6p1/session.c.x11max 2016-06-27 16:28:49.809631681 +0200
+++ openssh-6.6p1/session.c 2016-06-27 16:28:49.815631678 +0200
@@ -2741,8 +2741,9 @@ session_setup_x11fwd(Session *s)
diff -up openssh-7.4p1/session.c.x11max openssh-7.4p1/session.c
--- openssh-7.4p1/session.c.x11max 2016-12-23 15:46:32.136506636 +0100
+++ openssh-7.4p1/session.c 2016-12-23 15:46:32.141506636 +0100
@@ -2518,8 +2518,9 @@ session_setup_x11fwd(Session *s)
return 0;
}
if (x11_create_display_inet(options.x11_display_offset,
@ -188,10 +188,10 @@ diff -up openssh-6.6p1/session.c.x11max openssh-6.6p1/session.c
debug("x11_create_display_inet failed.");
return 0;
}
diff -up openssh-6.6p1/sshd_config.5.x11max openssh-6.6p1/sshd_config.5
--- openssh-6.6p1/sshd_config.5.x11max 2016-06-27 16:28:49.809631681 +0200
+++ openssh-6.6p1/sshd_config.5 2016-06-27 16:32:01.253536879 +0200
@@ -930,6 +930,7 @@ Available keywords are
diff -up openssh-7.4p1/sshd_config.5.x11max openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.x11max 2016-12-23 15:46:32.134506635 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 15:46:32.141506636 +0100
@@ -1133,6 +1133,7 @@ Available keywords are
.Cm StreamLocalBindUnlink ,
.Cm TrustedUserCAKeys ,
.Cm X11DisplayOffset ,
@ -199,7 +199,7 @@ diff -up openssh-6.6p1/sshd_config.5.x11max openssh-6.6p1/sshd_config.5
.Cm X11Forwarding
and
.Cm X11UseLocalHost .
@@ -1339,6 +1340,12 @@ Specifies the first display number avail
@@ -1566,6 +1567,12 @@ Specifies the first display number avail
X11 forwarding.
This prevents sshd from interfering with real X11 servers.
The default is 10.

View File

@ -0,0 +1,12 @@
diff -up openssh-7.4p1/sshd.c.daemon openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.daemon 2017-01-02 15:32:56.618447579 +0100
+++ openssh-7.4p1/sshd.c 2017-01-02 15:33:07.606442751 +0100
@@ -1943,7 +1943,7 @@ main(int ac, char **av)
* terminal, and fork. The original process exits.
*/
already_daemon = daemonized();
- if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) {
+ if (!(debug_flag || inetd_flag || no_daemon_flag /*|| already_daemon*/)) {
if (daemon(0, 0) < 0)
fatal("daemon() failed: %.200s", strerror(errno));

View File

@ -65,10 +65,10 @@
%endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 7.3p1
%global openssh_rel 7
%global openssh_ver 7.4p1
%global openssh_rel 1
%global pam_ssh_agent_ver 0.10.2
%global pam_ssh_agent_rel 4
%global pam_ssh_agent_rel 5
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
@ -223,10 +223,10 @@ Patch939: openssh-7.2p2-s390-closefrom.patch
Patch940: openssh-7.2p2-expose-pam.patch
# Rework SELinux context handling with chroot (#1357860)
Patch942: openssh-7.2p2-chroot-capabilities.patch
# Null dereference in newkeys code (#1380297)
Patch943: openssh-7.3p1-null-deref.patch
# Move MAX_DISPLAYS to a configuration option (#1341302)
Patch944: openssh-7.3p1-x11-max-displays.patch
# Temporary workaround for upstream (#2641)
Patch945: openssh-7.4p1-daemon.patch
License: BSD
@ -459,8 +459,8 @@ popd
%patch939 -p1 -b .s390-dev
%patch940 -p1 -b .expose-pam
%patch942 -p1 -b .chroot-cap
%patch943 -p1 -b .deref
%patch944 -p1 -b .x11max
%patch945 -p1 -b .daemon
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race

View File

@ -1,2 +1,2 @@
a212baca7ce11d596bd8dcb222859ace pam_ssh_agent_auth-0.10.2.tar.bz2
dfadd9f035d38ce5d58a3bf130b86d08 openssh-7.3p1.tar.gz
SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292
SHA512 (pam_ssh_agent_auth-0.10.2.tar.bz2) = b4b9bc4486d873f236f7c54874c996e24f344f889dfda3beadb12b97cbb89078028a103a4a7175cd919fb0a12fd5bcefef50420510ae5eff9252e494e0124b38