Upgrade OpenSSH 3.0 to OpenSSH 3.0.1 Apply by doing: cd /usr/src patch -p0 < 002_ssh.patch cd usr.bin/ssh make obj make cleandir make depend make && make install Index: usr.bin/ssh/Makefile.inc =================================================================== RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v retrieving revision 1.19 retrieving revision 1.21 diff -u -r1.19 -r1.21 --- usr.bin/ssh/Makefile.inc 29 Jul 2001 14:00:07 -0000 1.19 +++ usr.bin/ssh/Makefile.inc 30 Oct 2001 20:32:31 -0000 1.21 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.19 2001/07/29 14:00:07 markus Exp $ +# $OpenBSD: Makefile.inc,v 1.21 2001/10/30 20:32:31 markus Exp $ CFLAGS+= -I${.CURDIR}/.. Index: usr.bin/ssh/auth-krb5.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth-krb5.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- usr.bin/ssh/auth-krb5.c 26 Jun 2001 16:15:23 -0000 1.1 +++ usr.bin/ssh/auth-krb5.c 12 Nov 2001 01:47:09 -0000 1.2 @@ -2,7 +2,7 @@ * Kerberos v5 authentication and ticket-passing routines. * * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $ - * $OpenBSD: auth-krb5.c,v 1.1 2001/06/26 16:15:23 dugsong Exp $ + * $OpenBSD: auth-krb5.c,v 1.2 2001/11/12 01:47:09 dugsong Exp $ */ #include "includes.h" @@ -52,8 +52,9 @@ krb5_principal server; krb5_data reply; krb5_ticket *ticket; - int fd; - + int fd, ret; + + ret = 0; server = NULL; ticket = NULL; reply.length = 0; @@ -107,7 +108,8 @@ packet_put_string((char *) reply.data, reply.length); packet_send(); packet_write_wait(); - + + ret = 1; err: if (server) krb5_free_principal(authctxt->krb5_ctx, server); @@ -116,12 +118,11 @@ if (reply.length) xfree(reply.data); - if (problem) { + if (problem) debug("Kerberos v5 authentication failed: %s", krb5_get_err_text(authctxt->krb5_ctx, problem)); - return (0); - } - return (1); + + return (ret); } int Index: usr.bin/ssh/auth-rh-rsa.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth-rh-rsa.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- usr.bin/ssh/auth-rh-rsa.c 23 Jun 2001 03:04:42 -0000 1.25 +++ usr.bin/ssh/auth-rh-rsa.c 7 Nov 2001 22:41:51 -0000 1.26 @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.25 2001/06/23 03:04:42 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -24,7 +24,6 @@ #include "hostfile.h" #include "pathnames.h" #include "auth.h" -#include "tildexpand.h" #include "canohost.h" /* Index: usr.bin/ssh/auth.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth.c,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- usr.bin/ssh/auth.c 3 Oct 2001 10:01:20 -0000 1.28 +++ usr.bin/ssh/auth.c 8 Nov 2001 20:02:24 -0000 1.29 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.28 2001/10/03 10:01:20 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.29 2001/11/08 20:02:24 markus Exp $"); #include @@ -156,7 +156,7 @@ authmsg, method, authctxt->valid ? "" : "illegal user ", - authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, + authctxt->user, get_remote_ipaddr(), get_remote_port(), info); Index: usr.bin/ssh/auth2.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth2.c,v retrieving revision 1.71 retrieving revision 1.72 diff -u -r1.71 -r1.72 --- usr.bin/ssh/auth2.c 27 Sep 2001 15:31:17 -0000 1.71 +++ usr.bin/ssh/auth2.c 7 Nov 2001 22:41:51 -0000 1.72 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.71 2001/09/27 15:31:17 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.72 2001/11/07 22:41:51 markus Exp $"); #include @@ -50,7 +50,6 @@ #include "misc.h" #include "hostfile.h" #include "canohost.h" -#include "tildexpand.h" #include "match.h" /* import */ Index: usr.bin/ssh/channels.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/channels.h,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- usr.bin/ssh/channels.h 10 Oct 2001 22:18:47 -0000 1.50 +++ usr.bin/ssh/channels.h 7 Nov 2001 22:53:21 -0000 1.51 @@ -32,7 +32,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: channels.h,v 1.50 2001/10/10 22:18:47 markus Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.51 2001/11/07 22:53:21 markus Exp $"); */ #ifndef CHANNEL_H #define CHANNEL_H @@ -56,7 +56,7 @@ #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ #define SSH_CHANNEL_MAX_TYPE 15 -#define SSH_CHANNEL_PATH_LEN 30 +#define SSH_CHANNEL_PATH_LEN 256 struct Channel; typedef struct Channel Channel; Index: usr.bin/ssh/clientloop.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v retrieving revision 1.84 retrieving revision 1.87 diff -u -r1.84 -r1.87 --- usr.bin/ssh/clientloop.c 11 Oct 2001 15:24:00 -0000 1.84 +++ usr.bin/ssh/clientloop.c 9 Nov 2001 18:59:23 -0000 1.87 @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.84 2001/10/11 15:24:00 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.87 2001/11/09 18:59:23 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -346,8 +346,8 @@ if (session_closed && !channel_still_open() && !packet_have_data_to_write()) { /* clear mask since we did not call select() */ - memset(*readsetp, 0, *maxfdp); - memset(*writesetp, 0, *maxfdp); + memset(*readsetp, 0, *nallocp); + memset(*writesetp, 0, *nallocp); return; } else { FD_SET(connection_in, *readsetp); @@ -375,8 +375,8 @@ * We have to return, because the mainloop checks for the flags * set by the signal handlers. */ - memset(*readsetp, 0, *maxfdp); - memset(*writesetp, 0, *maxfdp); + memset(*readsetp, 0, *nallocp); + memset(*writesetp, 0, *nallocp); if (errno == EINTR) return; @@ -522,36 +522,19 @@ continue; case '&': - /* XXX does not work yet with proto 2 */ - if (compat20) - continue; /* * Detach the program (continue to serve connections, * but put in background and no more new connections). */ - if (!stdin_eof) { - /* - * Sending SSH_CMSG_EOF alone does not always appear - * to be enough. So we try to send an EOF character - * first. - */ - packet_start(SSH_CMSG_STDIN_DATA); - packet_put_string("\004", 1); - packet_send(); - /* Close stdin. */ - stdin_eof = 1; - if (buffer_len(bin) == 0) { - packet_start(SSH_CMSG_EOF); - packet_send(); - } - } /* Restore tty modes. */ leave_raw_mode(); /* Stop listening for new connections. */ - channel_close_all(); /* proto1 only XXXX */ + channel_stop_listening(); - printf("%c& [backgrounded]\n", escape_char); + snprintf(string, sizeof string, + "%c& [backgrounded]\n", escape_char); + buffer_append(berr, string, strlen(string)); /* Fork into background. */ pid = fork(); @@ -564,7 +547,27 @@ exit(0); } /* The child continues serving connections. */ - continue; /*XXX ? */ + if (compat20) { + buffer_append(bin, "\004", 1); + /* fake EOF on stdin */ + return -1; + } else if (!stdin_eof) { + /* + * Sending SSH_CMSG_EOF alone does not always appear + * to be enough. So we try to send an EOF character + * first. + */ + packet_start(SSH_CMSG_STDIN_DATA); + packet_put_string("\004", 1); + packet_send(); + /* Close stdin. */ + stdin_eof = 1; + if (buffer_len(bin) == 0) { + packet_start(SSH_CMSG_EOF); + packet_send(); + } + } + continue; case '?': snprintf(string, sizeof string, @@ -820,7 +823,6 @@ signal(SIGINT, signal_handler); signal(SIGQUIT, signal_handler); signal(SIGTERM, signal_handler); - signal(SIGPIPE, SIG_IGN); if (have_pty) signal(SIGWINCH, window_change_handler); Index: usr.bin/ssh/packet.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/packet.c,v retrieving revision 1.70 retrieving revision 1.72 diff -u -r1.70 -r1.72 --- usr.bin/ssh/packet.c 27 Sep 2001 11:59:37 -0000 1.70 +++ usr.bin/ssh/packet.c 10 Nov 2001 13:37:20 -0000 1.72 @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.70 2001/09/27 11:59:37 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.72 2001/11/10 13:37:20 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -115,6 +115,9 @@ /* Session key information for Encryption and MAC */ Newkeys *newkeys[MODE_MAX]; +/* roundup current message to extra_pad bytes */ +static u_char extra_pad = 0; + /* * Sets the descriptors used for communication. Disables encryption until * packet_set_encryption_key is called. @@ -485,9 +488,10 @@ { static u_int32_t seqnr = 0; u_char type, *ucp, *macbuf = NULL; + u_char padlen, pad; char *cp; u_int packet_length = 0; - u_int i, padlen, len; + u_int i, len; u_int32_t rand = 0; Enc *enc = NULL; Mac *mac = NULL; @@ -533,6 +537,15 @@ padlen = block_size - (len % block_size); if (padlen < 4) padlen += block_size; + if (extra_pad) { + /* will wrap if extra_pad+padlen > 255 */ + extra_pad = roundup(extra_pad, block_size); + pad = extra_pad - ((len + padlen) % extra_pad); + debug("packet_send2: adding %d (len %d padlen %d extra_pad %d)", + pad, len, padlen, extra_pad); + padlen += pad; + extra_pad = 0; + } buffer_append_space(&outgoing_packet, &cp, padlen); if (enc && enc->cipher->number != SSH_CIPHER_NONE) { /* random padding */ @@ -1232,6 +1245,13 @@ return s; } +/* roundup current message to pad bytes */ +void +packet_add_padding(u_char pad) +{ + extra_pad = pad; +} + /* * 9.2. Ignored Data Message * @@ -1243,41 +1263,6 @@ * required to send them. This message can be used as an additional * protection measure against advanced traffic analysis techniques. */ -/* size of current + ignore message should be n*sumlen bytes (w/o mac) */ -void -packet_inject_ignore(int sumlen) -{ - int blocksize, padlen, have, need, nb, mini, nbytes; - Enc *enc = NULL; - - if (compat20 == 0) - return; - - have = buffer_len(&outgoing_packet); - debug2("packet_inject_ignore: current %d", have); - if (newkeys[MODE_OUT] != NULL) - enc = &newkeys[MODE_OUT]->enc; - blocksize = enc ? enc->cipher->block_size : 8; - padlen = blocksize - (have % blocksize); - if (padlen < 4) - padlen += blocksize; - have += padlen; - have /= blocksize; /* # of blocks for current message */ - - nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */ - mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */ - need = nb - (have % nb); /* blocks for ignore */ - if (need <= mini) - need += nb; - nbytes = (need - mini) * blocksize; /* size of ignore payload */ - debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d", - blocksize, have, nb, mini, need); - - /* enqueue current message and append a ignore message */ - packet_send(); - packet_send_ignore(nbytes); -} - void packet_send_ignore(int nbytes) { Index: usr.bin/ssh/packet.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/packet.h,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- usr.bin/ssh/packet.h 26 Jun 2001 17:27:24 -0000 1.25 +++ usr.bin/ssh/packet.h 7 Nov 2001 16:03:17 -0000 1.26 @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: packet.h,v 1.25 2001/06/26 17:27:24 markus Exp $"); */ +/* RCSID("$OpenBSD: packet.h,v 1.26 2001/11/07 16:03:17 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -63,7 +63,7 @@ int packet_connection_is_ipv4(void); int packet_remaining(void); void packet_send_ignore(int); -void packet_inject_ignore(int); +void packet_add_padding(u_char); void tty_make_modes(int, struct termios *); void tty_parse_modes(int, int *); Index: usr.bin/ssh/readpass.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/readpass.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- usr.bin/ssh/readpass.c 14 Jul 2001 15:10:16 -0000 1.22 +++ usr.bin/ssh/readpass.c 8 Nov 2001 10:51:08 -0000 1.23 @@ -32,7 +32,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.22 2001/07/14 15:10:16 stevesk Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.23 2001/11/08 10:51:08 markus Exp $"); #include @@ -47,7 +47,7 @@ { pid_t pid; size_t len; - char *nl, *pass; + char *pass; int p[2], status; char buf[1024]; @@ -73,16 +73,15 @@ fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); } close(p[1]); - len = read(p[0], buf, sizeof buf); + len = read(p[0], buf, sizeof buf -1); close(p[0]); while (waitpid(pid, &status, 0) < 0) if (errno != EINTR) break; if (len <= 1) return xstrdup(""); - nl = strchr(buf, '\n'); - if (nl) - *nl = '\0'; + buf[len] = '\0'; + buf[strcspn(buf, "\r\n")] = '\0'; pass = xstrdup(buf); memset(buf, 0, sizeof(buf)); return pass; Index: usr.bin/ssh/servconf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.89 retrieving revision 1.91 diff -u -r1.89 -r1.91 --- usr.bin/ssh/servconf.c 16 Aug 2001 19:18:34 -0000 1.89 +++ usr.bin/ssh/servconf.c 12 Nov 2001 18:17:07 -0000 1.91 @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.89 2001/08/16 19:18:34 jakob Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.91 2001/11/12 18:17:07 markus Exp $"); #if defined(KRB4) || defined(KRB5) #include @@ -210,10 +210,15 @@ options->client_alive_interval = 0; if (options->client_alive_count_max == -1) options->client_alive_count_max = 3; + if (options->authorized_keys_file2 == NULL) { + /* authorized_keys_file2 falls back to authorized_keys_file */ + if (options->authorized_keys_file != NULL) + options->authorized_keys_file2 = options->authorized_keys_file; + else + options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; + } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - if (options->authorized_keys_file2 == NULL) - options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; } /* Keyword tokens. */ Index: usr.bin/ssh/serverloop.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/serverloop.c,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- usr.bin/ssh/serverloop.c 10 Oct 2001 22:18:47 -0000 1.82 +++ usr.bin/ssh/serverloop.c 9 Nov 2001 18:59:23 -0000 1.83 @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.82 2001/10/10 22:18:47 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.83 2001/11/09 18:59:23 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -272,8 +272,8 @@ ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); if (ret == -1) { - memset(*readsetp, 0, *maxfdp); - memset(*writesetp, 0, *maxfdp); + memset(*readsetp, 0, *nallocp); + memset(*writesetp, 0, *nallocp); if (errno != EINTR) error("select: %.100s", strerror(errno)); } else if (ret == 0 && client_alive_scheduled) Index: usr.bin/ssh/ssh-dss.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh-dss.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- usr.bin/ssh/ssh-dss.c 17 Sep 2001 19:27:15 -0000 1.8 +++ usr.bin/ssh/ssh-dss.c 7 Nov 2001 22:10:28 -0000 1.9 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.8 2001/09/17 19:27:15 stevesk Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.9 2001/11/07 22:10:28 markus Exp $"); #include #include @@ -138,17 +138,19 @@ if (strcmp("ssh-dss", ktype) != 0) { error("ssh_dss_verify: cannot handle type %s", ktype); buffer_free(&b); + xfree(ktype); return -1; } + xfree(ktype); sigblob = buffer_get_string(&b, &len); rlen = buffer_len(&b); + buffer_free(&b); if(rlen != 0) { - error("remaining bytes in signature %d", rlen); - buffer_free(&b); + error("ssh_dss_verify: " + "remaining bytes in signature %d", rlen); + xfree(sigblob); return -1; } - buffer_free(&b); - xfree(ktype); } if (len != SIGBLOB_LEN) { Index: usr.bin/ssh/ssh-keygen.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.1,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- usr.bin/ssh/ssh-keygen.1 5 Sep 2001 06:23:07 -0000 1.49 +++ usr.bin/ssh/ssh-keygen.1 25 Oct 2001 21:14:32 -0000 1.50 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.49 2001/09/05 06:23:07 deraadt Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.50 2001/10/25 21:14:32 markus Exp $ .\" .\" -*- nroff -*- .\" @@ -147,6 +147,7 @@ The default is 1024 bits. .It Fl c Requests changing the comment in the private and public key files. +This operation is only supported for RSA1 keys. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. .It Fl e @@ -168,7 +169,11 @@ This option allows importing keys from several commercial SSH implementations. .It Fl l -Show fingerprint of specified private or public key file. +Show fingerprint of specified public key file. +Private RSA1 keys are also supported. +For RSA and DSA keys +.Nm +tries to find the matching public key file and prints its fingerprint. .It Fl p Requests changing the passphrase of a private key file instead of creating a new private key. Index: usr.bin/ssh/ssh-keygen.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- usr.bin/ssh/ssh-keygen.c 28 Sep 2001 12:07:09 -0000 1.82 +++ usr.bin/ssh/ssh-keygen.c 25 Oct 2001 21:14:32 -0000 1.83 @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.82 2001/09/28 12:07:09 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.83 2001/10/25 21:14:32 markus Exp $"); #include #include @@ -611,7 +611,7 @@ fclose(f); } if (invalid) { - printf("%s is not a valid key file.\n", identity_file); + printf("%s is not a public key file.\n", identity_file); exit(1); } exit(0); Index: usr.bin/ssh/ssh-rsa.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh-rsa.c,v retrieving revision 1.10 retrieving revision 1.13 diff -u -r1.10 -r1.13 --- usr.bin/ssh/ssh-rsa.c 17 Sep 2001 19:27:15 -0000 1.10 +++ usr.bin/ssh/ssh-rsa.c 10 Nov 2001 13:22:42 -0000 1.13 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.10 2001/09/17 19:27:15 stevesk Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.13 2001/11/10 13:22:42 markus Exp $"); #include #include @@ -54,6 +54,10 @@ error("ssh_rsa_sign: no RSA key"); return -1; } + if (datafellows & SSH_BUG_SIGBLOB) { + error("ssh_rsa_sign: SSH_BUG_SIGBLOB not supported"); + return -1; + } nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); @@ -124,6 +128,10 @@ error("ssh_rsa_verify: no RSA key"); return -1; } + if (datafellows & SSH_BUG_SIGBLOB) { + error("ssh_rsa_verify: SSH_BUG_SIGBLOB not supported"); + return -1; + } if (BN_num_bits(key->rsa->n) < 768) { error("ssh_rsa_verify: n too small: %d bits", BN_num_bits(key->rsa->n)); @@ -143,14 +151,14 @@ rlen = buffer_len(&b); buffer_free(&b); if(rlen != 0) { - xfree(sigblob); error("ssh_rsa_verify: remaining bytes in signature %d", rlen); + xfree(sigblob); return -1; } nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { - xfree(sigblob); error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); + xfree(sigblob); return -1; } dlen = evp_md->md_size; Index: usr.bin/ssh/ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.139 retrieving revision 1.141 diff -u -r1.139 -r1.141 --- usr.bin/ssh/ssh.1 1 Oct 2001 21:51:16 -0000 1.139 +++ usr.bin/ssh/ssh.1 8 Nov 2001 17:49:53 -0000 1.141 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.139 2001/10/01 21:51:16 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.141 2001/11/08 17:49:53 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -294,7 +294,7 @@ List forwarded connections .It Cm ~& Background ssh at logout when waiting for forwarded connection / X11 sessions -to terminate (protocol version 1 only) +to terminate .It Cm ~? Display a list of escape characters .It Cm ~R @@ -1389,6 +1389,15 @@ values that are not specified in the user's configuration file, and for those users who do not have a configuration file. This file must be world-readable. +.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key +These three files contain the private parts of the host keys +and are used for +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication . +Since they are readable only by root +.Nm +must be setuid root if these authentication methods are desired. .It Pa $HOME/.rhosts This file is used in .Pa \&.rhosts Index: usr.bin/ssh/ssh.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.c,v retrieving revision 1.147 retrieving revision 1.149 diff -u -r1.147 -r1.149 --- usr.bin/ssh/ssh.c 8 Oct 2001 19:05:05 -0000 1.147 +++ usr.bin/ssh/ssh.c 24 Oct 2001 08:51:35 -0000 1.149 @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.147 2001/10/08 19:05:05 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.149 2001/10/24 08:51:35 markus Exp $"); #include #include @@ -123,14 +123,6 @@ /* socket address the host resolves to */ struct sockaddr_storage hostaddr; -/* - * Flag to indicate that we have received a window change signal which has - * not yet been processed. This will cause a message indicating the new - * window size to be sent to the server a little later. This is volatile - * because this is updated in a signal handler. - */ -volatile int received_window_change_signal = 0; - /* Private host keys. */ struct { Key **keys; @@ -739,6 +731,8 @@ tilde_expand_filename(options.system_hostfile2, original_real_uid); options.user_hostfile2 = tilde_expand_filename(options.user_hostfile2, original_real_uid); + + signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ /* Log into the remote system. This never returns if the login fails. */ ssh_login(sensitive_data.keys, sensitive_data.nkeys, Index: usr.bin/ssh/sshconnect2.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v retrieving revision 1.83 retrieving revision 1.85 diff -u -r1.83 -r1.85 --- usr.bin/ssh/sshconnect2.c 6 Oct 2001 11:18:19 -0000 1.83 +++ usr.bin/ssh/sshconnect2.c 7 Nov 2001 16:03:17 -0000 1.85 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.85 2001/11/07 16:03:17 markus Exp $"); #include #include @@ -460,7 +460,7 @@ packet_put_cstring(password); memset(password, 0, strlen(password)); xfree(password); - packet_inject_ignore(64); + packet_add_padding(64); packet_send(); return 1; } @@ -817,7 +817,7 @@ } packet_done(); /* done with parsing incoming message. */ - packet_inject_ignore(64); + packet_add_padding(64); packet_send(); } @@ -836,16 +836,6 @@ u_int blen, slen; int ok, i, len, found = 0; - p = get_local_name(packet_get_connection_in()); - if (p == NULL) { - error("userauth_hostbased: cannot get local ipaddr/name"); - return 0; - } - len = strlen(p) + 2; - chost = xmalloc(len); - strlcpy(chost, p, len); - strlcat(chost, ".", len); - debug2("userauth_hostbased: chost %s", chost); /* check for a useful key */ for (i = 0; i < authctxt->nkeys; i++) { private = authctxt->keys[i]; @@ -857,14 +847,26 @@ } } if (!found) { - xfree(chost); + debug("userauth_hostbased: no more client hostkeys"); return 0; } if (key_to_blob(private, &blob, &blen) == 0) { key_free(private); - xfree(chost); return 0; } + /* figure out a name for the client host */ + p = get_local_name(packet_get_connection_in()); + if (p == NULL) { + error("userauth_hostbased: cannot get local ipaddr/name"); + key_free(private); + return 0; + } + len = strlen(p) + 2; + chost = xmalloc(len); + strlcpy(chost, p, len); + strlcat(chost, ".", len); + debug2("userauth_hostbased: chost %s", chost); + service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; pkalg = xstrdup(key_ssh_name(private)); @@ -882,7 +884,6 @@ #ifdef DEBUG_PK buffer_dump(&b); #endif - debug2("xxx: chost %s", chost); ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); key_free(private); buffer_free(&b); Index: usr.bin/ssh/sshd.8 =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.153 retrieving revision 1.154 diff -u -r1.153 -r1.154 --- usr.bin/ssh/sshd.8 27 Sep 2001 17:53:24 -0000 1.153 +++ usr.bin/ssh/sshd.8 7 Nov 2001 22:12:01 -0000 1.154 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.153 2001/09/27 17:53:24 camield Exp $ +.\" $OpenBSD: sshd.8,v 1.154 2001/11/07 22:12:01 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -402,11 +402,11 @@ .Nm will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from -.Cm Keepalive +.Cm KeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by -.Cm Keepalive +.Cm KeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. .Pp Index: usr.bin/ssh/sshd.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd.c,v retrieving revision 1.206 retrieving revision 1.209 diff -u -r1.206 -r1.209 --- usr.bin/ssh/sshd.c 2 Oct 2001 22:56:09 -0000 1.206 +++ usr.bin/ssh/sshd.c 10 Nov 2001 13:19:45 -0000 1.209 @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.206 2001/10/02 22:56:09 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.209 2001/11/10 13:19:45 markus Exp $"); #include #include @@ -328,7 +328,7 @@ /* Send our protocol version identification. */ if (atomicio(write, sock_out, server_version_string, strlen(server_version_string)) != strlen(server_version_string)) { - log("Could not write ident string to %s.", get_remote_ipaddr()); + log("Could not write ident string to %s", get_remote_ipaddr()); fatal_cleanup(); } @@ -336,7 +336,7 @@ memset(buf, 0, sizeof(buf)); for (i = 0; i < sizeof(buf) - 1; i++) { if (atomicio(read, sock_in, &buf[i], 1) != 1) { - log("Did not receive identification string from %s.", + log("Did not receive identification string from %s", get_remote_ipaddr()); fatal_cleanup(); } @@ -1106,9 +1106,8 @@ remote_port = get_remote_port(); remote_ip = get_remote_ipaddr(); - /* Check whether logins are denied from this host. */ #ifdef LIBWRAP - /* XXX LIBWRAP noes not know about IPv6 */ + /* Check whether logins are denied from this host. */ { struct request_info req; @@ -1116,13 +1115,14 @@ fromhost(&req); if (!hosts_access(&req)) { + debug("Connection refused by tcp wrapper"); refuse(&req); - close(sock_in); - close(sock_out); + /* NOTREACHED */ + fatal("libwrap refuse returns"); } -/*XXX IPv6 verbose("Connection from %.500s port %d", eval_client(&req), remote_port); */ } #endif /* LIBWRAP */ + /* Log the connection. */ verbose("Connection from %.500s port %d", remote_ip, remote_port); @@ -1149,7 +1149,7 @@ if (remote_port >= IPPORT_RESERVED || remote_port < IPPORT_RESERVED / 2) { debug("Rhosts Authentication disabled, " - "originating port not trusted."); + "originating port %d not trusted.", remote_port); options.rhosts_authentication = 0; } #if defined(KRB4) && !defined(KRB5) Index: usr.bin/ssh/version.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/version.h,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- usr.bin/ssh/version.h 15 Oct 2001 16:10:50 -0000 1.25 +++ usr.bin/ssh/version.h 13 Nov 2001 09:03:57 -0000 1.26 @@ -1,3 +1,3 @@ -/* $OpenBSD: version.h,v 1.25 2001/10/15 16:10:50 deraadt Exp $ */ +/* $OpenBSD: version.h,v 1.26 2001/11/13 09:03:57 markus Exp $ */ -#define SSH_VERSION "OpenSSH_3.0" +#define SSH_VERSION "OpenSSH_3.0.1"