Merge branch 'vendor/OPENSSH'
authorPeter Avalos <pavalos@dragonflybsd.org>
Fri, 23 Jan 2015 05:54:26 +0000 (21:54 -0800)
committerPeter Avalos <pavalos@dragonflybsd.org>
Fri, 23 Jan 2015 05:54:26 +0000 (21:54 -0800)
44 files changed:
1  2 
crypto/openssh/auth-rh-rsa.c
crypto/openssh/auth-rsa.c
crypto/openssh/auth2-hostbased.c
crypto/openssh/auth2-pubkey.c
crypto/openssh/auth2.c
crypto/openssh/authfile.c
crypto/openssh/authfile.h
crypto/openssh/channels.c
crypto/openssh/channels.h
crypto/openssh/cipher.c
crypto/openssh/clientloop.c
crypto/openssh/compat.c
crypto/openssh/compat.h
crypto/openssh/includes.h
crypto/openssh/kex.c
crypto/openssh/kex.h
crypto/openssh/loginrec.c
crypto/openssh/moduli.5
crypto/openssh/myproposal.h
crypto/openssh/packet.c
crypto/openssh/packet.h
crypto/openssh/pathnames.h
crypto/openssh/progressmeter.c
crypto/openssh/readconf.c
crypto/openssh/readconf.h
crypto/openssh/scp.c
crypto/openssh/servconf.c
crypto/openssh/servconf.h
crypto/openssh/serverloop.c
crypto/openssh/session.c
crypto/openssh/sftp.1
crypto/openssh/sftp.c
crypto/openssh/ssh-agent.c
crypto/openssh/ssh.1
crypto/openssh/ssh.c
crypto/openssh/ssh_config
crypto/openssh/ssh_config.5
crypto/openssh/sshconnect.c
crypto/openssh/sshconnect2.c
crypto/openssh/sshd.8
crypto/openssh/sshd.c
crypto/openssh/sshd_config
crypto/openssh/sshd_config.5
crypto/openssh/sshlogin.c

Simple merge
Simple merge
Simple merge
Simple merge
@@@ -72,13 -72,7 +73,10 @@@ extern Authmethod method_hostbased
  #ifdef GSSAPI
  extern Authmethod method_gssapi;
  #endif
- #ifdef JPAKE
- extern Authmethod method_jpake;
- #endif
  
 +static int log_flag = 0;
 +
 +
  Authmethod *authmethods[] = {
        &method_none,
        &method_pubkey,
@@@ -277,32 -263,8 +279,29 @@@ input_userauth_request(int type, u_int3
                    "(%s,%s) -> (%s,%s)",
                    authctxt->user, authctxt->service, user, service);
        }
 +
 +#ifdef HAVE_LOGIN_CAP
 +        if (authctxt->pw != NULL) {
 +                lc = login_getpwclass(authctxt->pw);
 +                if (lc == NULL)
 +                        lc = login_getclassbyname(NULL, authctxt->pw);
 +                if (!auth_hostok(lc, from_host, from_ip)) {
 +                        logit("Denied connection for %.200s from %.200s [%.200s].",
 +                            authctxt->pw->pw_name, from_host, from_ip);
 +                        packet_disconnect("Sorry, you are not allowed to connect.");
 +                }
 +                if (!auth_timeok(lc, time(NULL))) {
 +                        logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
 +                            authctxt->pw->pw_name, from_host);
 +                        packet_disconnect("Logins not available right now.");
 +                }
 +                login_close(lc);
 +                lc = NULL;
 +        }
 +#endif  /* HAVE_LOGIN_CAP */
 +
        /* reset state */
        auth2_challenge_stop(authctxt);
- #ifdef JPAKE
-       auth2_jpake_stop(authctxt);
- #endif
  
  #ifdef GSSAPI
        /* XXX move to auth2_gssapi_stop() */
@@@ -68,7 -46,8 +46,9 @@@
  #include "rsa.h"
  #include "misc.h"
  #include "atomicio.h"
+ #include "sshbuf.h"
+ #include "ssherr.h"
 +#include "pathnames.h"
  
  #define MAX_KEY_FILE_SIZE     (1024 * 1024)
  
@@@ -794,161 -346,101 +347,211 @@@ sshkey_try_load_public(struct sshkey *k
  }
  
  /* load public key from ssh v1 private or any pubkey file */
- Key *
key_load_public(const char *filename, char **commentp)
+ int
sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
  {
-       Key *pub;
+       struct sshkey *pub = NULL;
        char file[MAXPATHLEN];
+       int r, fd;
  
+       if (keyp != NULL)
+               *keyp = NULL;
+       if (commentp != NULL)
+               *commentp = NULL;
+       if ((fd = open(filename, O_RDONLY)) < 0)
+               goto skip;
+ #ifdef WITH_SSH1
        /* try rsa1 private key */
-       pub = key_load_public_type(KEY_RSA1, filename, commentp);
-       if (pub != NULL)
-               return pub;
+       r = sshkey_load_public_rsa1(fd, filename, keyp, commentp);
+       close(fd);
+       switch (r) {
+       case SSH_ERR_INTERNAL_ERROR:
+       case SSH_ERR_ALLOC_FAIL:
+       case SSH_ERR_INVALID_ARGUMENT:
+       case SSH_ERR_SYSTEM_ERROR:
+       case 0:
+               return r;
+       }
+ #endif /* WITH_SSH1 */
  
+       /* try ssh2 public key */
+       if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
+               return SSH_ERR_ALLOC_FAIL;
+       if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
+               if (keyp != NULL)
+                       *keyp = pub;
+               return 0;
+       }
+       sshkey_free(pub);
+ #ifdef WITH_SSH1
        /* try rsa1 public key */
-       pub = key_new(KEY_RSA1);
-       if (key_try_load_public(pub, filename, commentp) == 1)
-               return pub;
-       key_free(pub);
+       if ((pub = sshkey_new(KEY_RSA1)) == NULL)
+               return SSH_ERR_ALLOC_FAIL;
+       if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
+               if (keyp != NULL)
+                       *keyp = pub;
+               return 0;
+       }
+       sshkey_free(pub);
+ #endif /* WITH_SSH1 */
  
-       /* try ssh2 public key */
-       pub = key_new(KEY_UNSPEC);
-       if (key_try_load_public(pub, filename, commentp) == 1)
-               return pub;
+  skip:
+       /* try .pub suffix */
+       if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
+               return SSH_ERR_ALLOC_FAIL;
+       r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */
        if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
            (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
-           (key_try_load_public(pub, file, commentp) == 1))
-               return pub;
-       key_free(pub);
-       return NULL;
+           (r = sshkey_try_load_public(pub, file, commentp)) == 0) {
+               if (keyp != NULL)
+                       *keyp = pub;
+               return 0;
+       }
+       sshkey_free(pub);
+       return r;
  }
  
 +char *
 +blacklist_filename(const Key *key)
 +{
 +      char *name;
 +
 +      xasprintf(&name, "%s.%s-%u",
 +          _PATH_BLACKLIST, key_type(key), key_size(key));
 +      return name;
 +}
 +
 +/* Scan a blacklist of known-vulnerable keys. */
 +int
 +blacklisted_key(Key *key)
 +{
 +      char *blacklist_file;
 +      int fd = -1;
 +      char *dgst_hex = NULL;
 +      char *dgst_packed = NULL, *p;
 +      int i;
 +      size_t line_len;
 +      struct stat st;
 +      char buf[256];
 +      off_t start, lower, upper;
 +      int ret = 0;
 +
 +      blacklist_file = blacklist_filename(key);
 +      debug("Checking blacklist file %s", blacklist_file);
 +      fd = open(blacklist_file, O_RDONLY);
 +      if (fd < 0)
 +              goto out;
 +
 +      dgst_hex = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
 +      /* Remove all colons */
 +      dgst_packed = xcalloc(1, strlen(dgst_hex) + 1);
 +      for (i = 0, p = dgst_packed; dgst_hex[i]; i++)
 +              if (dgst_hex[i] != ':')
 +                      *p++ = dgst_hex[i];
 +      /* Only compare least-significant 80 bits (to keep the blacklist
 +       * size down)
 +       */
 +      line_len = strlen(dgst_packed + 12);
 +      if (line_len > 32)
 +              goto out;
 +
 +      /* Skip leading comments */
 +      start = 0;
 +      for (;;) {
 +              ssize_t r;
 +              char *newline;
 +
 +              r = atomicio(read, fd, buf, 256);
 +              if (r <= 0)
 +                      goto out;
 +              if (buf[0] != '#')
 +                      break;
 +
 +              newline = memchr(buf, '\n', 256);
 +              if (!newline)
 +                      goto out;
 +              start += newline + 1 - buf;
 +              if (lseek(fd, start, SEEK_SET) < 0)
 +                      goto out;
 +      }
 +
 +      /* Initialise binary search record numbers */
 +      if (fstat(fd, &st) < 0)
 +              goto out;
 +      lower = 0;
 +      upper = (st.st_size - start) / (line_len + 1);
 +
 +      while (lower != upper) {
 +              off_t cur;
 +              char buf[32];
 +              int cmp;
 +
 +              cur = lower + (upper - lower) / 2;
 +
 +              /* Read this line and compare to digest; this is
 +               * overflow-safe since cur < max(off_t) / (line_len + 1) */
 +              if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0)
 +                      break;
 +              if (atomicio(read, fd, buf, line_len) != line_len)
 +                      break;
 +              cmp = memcmp(buf, dgst_packed + 12, line_len);
 +              if (cmp < 0) {
 +                      if (cur == lower)
 +                              break;
 +                      lower = cur;
 +              } else if (cmp > 0) {
 +                      if (cur == upper)
 +                              break;
 +                      upper = cur;
 +              } else {
 +                      debug("Found %s in blacklist", dgst_hex);
 +                      ret = 1;
 +                      break;
 +              }
 +      }
 +
 +out:
 +      if (dgst_packed)
 +              xfree(dgst_packed);
 +      if (dgst_hex)
 +              xfree(dgst_hex);
 +      if (fd >= 0)
 +              close(fd);
 +      xfree(blacklist_file);
 +      return ret;
 +}
 +
  /* Load the certificate associated with the named private key */
- Key *
key_load_cert(const char *filename)
+ int
sshkey_load_cert(const char *filename, struct sshkey **keyp)
  {
-       Key *pub;
-       char *file;
-       pub = key_new(KEY_UNSPEC);
-       xasprintf(&file, "%s-cert.pub", filename);
-       if (key_try_load_public(pub, file, NULL) == 1) {
-               xfree(file);
-               return pub;
+       struct sshkey *pub = NULL;
+       char *file = NULL;
+       int r = SSH_ERR_INTERNAL_ERROR;
+       *keyp = NULL;
+       if (asprintf(&file, "%s-cert.pub", filename) == -1)
+               return SSH_ERR_ALLOC_FAIL;
+       if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
+               goto out;
        }
-       xfree(file);
-       key_free(pub);
-       return NULL;
+       if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
+               goto out;
+       *keyp = pub;
+       pub = NULL;
+       r = 0;
+  out:
+       if (file != NULL)
+               free(file);
+       if (pub != NULL)
+               sshkey_free(pub);
+       return r;
  }
  
  /* Load private key and certificate */
  #ifndef AUTHFILE_H
  #define AUTHFILE_H
  
- int    key_save_private(Key *, const char *, const char *, const char *);
- int    key_load_file(int, const char *, Buffer *);
- Key   *key_load_cert(const char *);
- Key   *key_load_public(const char *, char **);
- Key   *key_load_public_type(int, const char *, char **);
- Key   *key_parse_private(Buffer *, const char *, const char *, char **);
- Key   *key_load_private(const char *, const char *, char **);
- Key   *key_load_private_cert(int, const char *, const char *, int *);
- Key   *key_load_private_type(int, const char *, const char *, char **, int *);
- Key   *key_load_private_pem(int, int, const char *, char **);
- int    key_perm_ok(int, const char *);
- int    key_in_file(Key *, const char *, int);
+ struct sshbuf;
+ struct sshkey;
+ int sshkey_save_private(struct sshkey *, const char *,
+     const char *, const char *, int, const char *, int);
+ int sshkey_load_file(int, const char *, struct sshbuf *);
+ int sshkey_load_cert(const char *, struct sshkey **);
+ int sshkey_load_public(const char *, struct sshkey **, char **);
+ int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
+ int sshkey_load_private_cert(int, const char *, const char *,
+     struct sshkey **, int *);
+ int sshkey_load_private_type(int, const char *, const char *,
+     struct sshkey **, char **, int *);
+ int sshkey_load_private_pem(int, int, const char *, struct sshkey **, char **);
+ int sshkey_perm_ok(int, const char *);
+ int sshkey_in_file(struct sshkey *, const char *, int);
  
 +char  *blacklist_filename(const Key *key);
 +int    blacklisted_key(Key *key);
 +
  #endif
@@@ -2264,9 -2265,9 +2304,9 @@@ channel_output_poll(void
                                        packet_start(SSH2_MSG_CHANNEL_DATA);
                                        packet_put_int(c->remote_id);
                                        packet_put_string(data, dlen);
 -                                      packet_send();
 +                                      packet_length = packet_send();
                                        c->remote_window -= dlen + 4;
-                                       xfree(data);
+                                       free(data);
                                }
                                continue;
                        }
@@@ -2897,14 -2908,10 +2957,14 @@@ channel_setup_fwd_listener_tcpip(int ty
                c = channel_new("port listener", type, sock, sock, -1,
                    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
                    0, "port listener", 1);
 +              else
 +                      c = channel_new("port listener", type, sock, sock, -1,
 +                        hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
 +                        0, "port listener", 1);
                c->path = xstrdup(host);
-               c->host_port = port_to_connect;
+               c->host_port = fwd->connect_port;
                c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
-               if (listen_port == 0 && allocated_listen_port != NULL &&
+               if (fwd->listen_port == 0 && allocated_listen_port != NULL &&
                    !(datafellows & SSH_BUG_DYNAMIC_RPORT))
                        c->listening_port = *allocated_listen_port;
                else
Simple merge
@@@ -163,17 -244,12 +244,13 @@@ ciphers_valid(const char *names
        for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
            (p = strsep(&cp, CIPHER_SEP))) {
                c = cipher_by_name(p);
 -              if (c == NULL || c->number != SSH_CIPHER_SSH2) {
 +              if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
 +c->number != SSH_CIPHER_NONE)) {
-                       debug("bad cipher %s [%s]", p, names);
-                       xfree(cipher_list);
+                       free(cipher_list);
                        return 0;
-               } else {
-                       debug3("cipher ok: %s [%s]", p, names);
                }
        }
-       debug3("ciphers ok: [%s]", names);
-       xfree(cipher_list);
+       free(cipher_list);
        return 1;
  }
  
@@@ -331,14 -519,24 +520,25 @@@ cipher_get_keyiv_len(const struct sshci
        return (ivlen);
  }
  
- void
- cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
+ int
+ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
  {
-       Cipher *c = cc->cipher;
-       int evplen;
+       const struct sshcipher *c = cc->cipher;
+ #ifdef WITH_OPENSSL
+       int evplen;
+ #endif
+       if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
+               if (len != 0)
+                       return SSH_ERR_INVALID_ARGUMENT;
+               return 0;
+       }
+       if ((cc->cipher->flags & CFLAG_NONE) != 0)
+               return 0;
  
        switch (c->number) {
+ #ifdef WITH_OPENSSL
 +      case SSH_CIPHER_NONE:
        case SSH_CIPHER_SSH2:
        case SSH_CIPHER_DES:
        case SSH_CIPHER_BLOWFISH:
                if (c->evptype == evp_aes_128_ctr)
                        ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
                else
+ #endif
+               if (cipher_authlen(c)) {
+                       if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
+                          len, iv))
+                              return SSH_ERR_LIBCRYPTO_ERROR;
+               } else
                        memcpy(iv, cc->evp.iv, len);
                break;
+ #endif
+ #ifdef WITH_SSH1
        case SSH_CIPHER_3DES:
-               ssh1_3des_iv(&cc->evp, 0, iv, 24);
-               break;
+               return ssh1_3des_iv(&cc->evp, 0, iv, 24);
+ #endif
        default:
-               fatal("%s: bad cipher %d", __func__, c->number);
+               return SSH_ERR_INVALID_ARGUMENT;
        }
+       return 0;
  }
  
- void
- cipher_set_keyiv(CipherContext *cc, u_char *iv)
+ int
+ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
  {
-       Cipher *c = cc->cipher;
-       int evplen = 0;
+       const struct sshcipher *c = cc->cipher;
+ #ifdef WITH_OPENSSL
+       int evplen = 0;
+ #endif
+       if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
+               return 0;
+       if ((cc->cipher->flags & CFLAG_NONE) != 0)
+               return 0;
  
        switch (c->number) {
+ #ifdef WITH_OPENSSL
 +      case SSH_CIPHER_NONE:
        case SSH_CIPHER_SSH2:
        case SSH_CIPHER_DES:
        case SSH_CIPHER_BLOWFISH:
Simple merge
@@@ -169,17 -174,9 +174,18 @@@ compat_datafellows(const char *version
        for (i = 0; check[i].pat; i++) {
                if (match_pattern_list(version, check[i].pat,
                    strlen(check[i].pat), 0) == 1) {
-                       debug("match: %s pat %s", version, check[i].pat);
                        datafellows = check[i].bugs;
 +                      /* Check to see if the remote side is OpenSSH and not HPN */
 +                      if(strstr(version,"OpenSSH") != NULL)
 +                      {
 +                              if (strstr(version,"hpn") == NULL)
 +                              {
 +                                      datafellows |= SSH_BUG_LARGEWINDOW;
 +                                      debug("Remote is NON-HPN aware");
 +                              }
 +                      }
+                       debug("match: %s pat %s compat 0x%08x",
+                           version, check[i].pat, datafellows);
                        return;
                }
        }
@@@ -59,7 -59,7 +59,8 @@@
  #define SSH_BUG_RFWD_ADDR     0x02000000
  #define SSH_NEW_OPENSSH               0x04000000
  #define SSH_BUG_DYNAMIC_RPORT 0x08000000
- #define SSH_BUG_LARGEWINDOW     0x10000000
+ #define SSH_BUG_CURVE25519PAD 0x10000000
++#define SSH_BUG_LARGEWINDOW     0x20000000
  
  void     enable_compat13(void);
  void     enable_compat20(void);
Simple merge
@@@ -49,7 -51,7 +51,8 @@@
  #include "dispatch.h"
  #include "monitor.h"
  #include "roaming.h"
 +#include "canohost.h"
+ #include "digest.h"
  
  #if OPENSSL_VERSION_NUMBER >= 0x00907000L
  # if defined(HAVE_EVP_SHA256)
@@@ -407,15 -462,8 +464,15 @@@ kex_choose_conf(Kex *kex
        char **my, **peer;
        char **cprop, **sprop;
        int nenc, nmac, ncomp;
-       u_int mode, ctos, need;
+       u_int mode, ctos, need, dh_need, authlen;
        int first_kex_follows, type;
 +      int log_flag = 0;
 +
 +      int auth_flag;
 +
 +      auth_flag = packet_authentication_state();
 +
 +      debug ("AUTH STATE IS %d", auth_flag);
  
        my   = kex_buf2prop(&kex->my, NULL);
        peer = kex_buf2prop(&kex->peer, &first_kex_follows);
                nenc  = ctos ? PROPOSAL_ENC_ALGS_CTOS  : PROPOSAL_ENC_ALGS_STOC;
                nmac  = ctos ? PROPOSAL_MAC_ALGS_CTOS  : PROPOSAL_MAC_ALGS_STOC;
                ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
-               choose_enc (&newkeys->enc,  cprop[nenc],  sprop[nenc]);
-               choose_mac (&newkeys->mac,  cprop[nmac],  sprop[nmac]);
+               choose_enc(&newkeys->enc, cprop[nenc], sprop[nenc]);
+               /* ignore mac for authenticated encryption */
+               authlen = cipher_authlen(newkeys->enc.cipher);
+               if (authlen == 0)
+                       choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
                choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
 +              debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
 +              if (strcmp(newkeys->enc.name, "none") == 0) {
 +                              debug("Requesting NONE. Authflag is %d", auth_flag);
 +                      if (auth_flag == 1) {
 +                              debug("None requested post authentication.");
 +                      } else {
 +                              fatal("Pre-authentication none cipher requests are not allowed.");
 +                      }
 +              }
                debug("kex: %s %s %s %s",
                    ctos ? "client->server" : "server->client",
                    newkeys->enc.name,
-                   newkeys->mac.name,
+                   authlen == 0 ? newkeys->mac.name : "<implicit>",
                    newkeys->comp.name);
 +              /* client starts withctos = 0 && log flag = 0 and no log*/
 +              /* 2nd client pass ctos=1 and flag = 1 so no log*/
 +              /* server starts with ctos =1 && log_flag = 0 so log */
 +              /* 2nd sever pass ctos = 1 && log flag = 1 so no log*/
 +              /* -cjr*/
 +              if (ctos && !log_flag) {
 +                      logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
 +                            get_remote_ipaddr(),
 +                            get_remote_port(),
 +                            newkeys->enc.name,
 +                            newkeys->mac.name,
 +                            newkeys->comp.name);
 +              }
 +              log_flag = 1;
        }
        choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
        choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
@@@ -139,9 -146,8 +146,10 @@@ struct Kex 
  };
  
  int    kex_names_valid(const char *);
+ char  *kex_alg_list(char);
  
 +void kex_prop2buf(Buffer *, char *proposal[PROPOSAL_MAX]);
 +
  Kex   *kex_setup(char *[PROPOSAL_MAX]);
  void   kex_finish(Kex *);
  
Simple merge
Simple merge
  #define       KEX_DEFAULT_COMP        "none,zlib@openssh.com,zlib"
  #define       KEX_DEFAULT_LANG        ""
  
- static char *myproposal[PROPOSAL_MAX] = {
-       KEX_DEFAULT_KEX,
-       KEX_DEFAULT_PK_ALG,
-       KEX_DEFAULT_ENCRYPT,
-       KEX_DEFAULT_ENCRYPT,
-       KEX_DEFAULT_MAC,
-       KEX_DEFAULT_MAC,
-       KEX_DEFAULT_COMP,
-       KEX_DEFAULT_COMP,
-       KEX_DEFAULT_LANG,
++#define KEX_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT ",none"
 +
+ #define KEX_CLIENT \
+       KEX_CLIENT_KEX, \
+       KEX_DEFAULT_PK_ALG, \
+       KEX_CLIENT_ENCRYPT, \
+       KEX_CLIENT_ENCRYPT, \
+       KEX_CLIENT_MAC, \
+       KEX_CLIENT_MAC, \
+       KEX_DEFAULT_COMP, \
+       KEX_DEFAULT_COMP, \
+       KEX_DEFAULT_LANG, \
        KEX_DEFAULT_LANG
- };
+ #define KEX_SERVER \
+       KEX_SERVER_KEX, \
+       KEX_DEFAULT_PK_ALG, \
+       KEX_SERVER_ENCRYPT, \
+       KEX_SERVER_ENCRYPT, \
+       KEX_SERVER_MAC, \
+       KEX_SERVER_MAC, \
+       KEX_DEFAULT_COMP, \
+       KEX_DEFAULT_COMP, \
+       KEX_DEFAULT_LANG, \
+       KEX_DEFAULT_LANG
@@@ -1003,19 -1037,17 +1039,19 @@@ packet_send2(void
                        memcpy(&active_state->outgoing_packet, &p->payload,
                            sizeof(Buffer));
                        TAILQ_REMOVE(&active_state->outgoing, p, next);
-                       xfree(p);
+                       free(p);
 -                      packet_send2_wrapped();
 +                      packet_length += packet_send2_wrapped();
                }
        }
 +      return(packet_length);
  }
  
 -void
 +int
  packet_send(void)
  {
 +  int packet_len = 0;
        if (compat20)
 -              packet_send2();
 +              packet_len = packet_send2();
        else
                packet_send1();
        DBG(debug("packet_send done"));
@@@ -1897,13 -1964,33 +1982,39 @@@ packet_need_rekeying(void
            (active_state->max_blocks_out &&
                (active_state->p_send.blocks > active_state->max_blocks_out)) ||
            (active_state->max_blocks_in &&
-               (active_state->p_read.blocks > active_state->max_blocks_in));
+               (active_state->p_read.blocks > active_state->max_blocks_in)) ||
+           (active_state->rekey_interval != 0 && active_state->rekey_time +
+                active_state->rekey_interval <= monotime());
+ }
++int
++packet_authentication_state(void)
++{
++      return(active_state->after_authentication);
 +}
 +
  void
- packet_set_rekey_limit(u_int32_t bytes)
+ packet_set_rekey_limits(u_int32_t bytes, time_t seconds)
  {
+       debug3("rekey after %lld bytes, %d seconds", (long long)bytes,
+           (int)seconds);
        active_state->rekey_limit = bytes;
+       active_state->rekey_interval = seconds;
+       /*
+        * We set the time here so that in post-auth privsep slave we count
+        * from the completion of the authentication.
+        */
+       active_state->rekey_time = monotime();
+ }
+ time_t
+ packet_get_rekey_timeout(void)
+ {
+       time_t seconds;
+       seconds = active_state->rekey_time + active_state->rekey_interval -
+           monotime();
+       return (seconds <= 0 ? 1 : seconds);
  }
  
  void
Simple merge
Simple merge
@@@ -66,10 -66,9 +66,11 @@@ static void update_progress_meter(int)
  static time_t start;          /* start progress */
  static time_t last_update;    /* last progress update */
  static char *file;            /* name of the file being transferred */
+ static off_t start_pos;               /* initial position of transfer */
  static off_t end_pos;         /* ending position of transfer */
  static off_t cur_pos;         /* transfer position as of last refresh */
 +static off_t last_pos;
 +static off_t max_delta_pos = 0;
  static volatile off_t *counter;       /* progress counter */
  static long stalled;          /* how long we have been stalled */
  static int bytes_per_second;  /* current speed in bytes per second */
@@@ -130,17 -129,12 +131,17 @@@ refresh_progress_meter(void
        int hours, minutes, seconds;
        int i, len;
        int file_len;
 +      off_t delta_pos;
  
-       transferred = *counter - cur_pos;
+       transferred = *counter - (cur_pos ? cur_pos : start_pos);
        cur_pos = *counter;
-       now = time(NULL);
+       now = monotime();
        bytes_left = end_pos - cur_pos;
  
 +      delta_pos = cur_pos - last_pos;
 +      if (delta_pos > max_delta_pos)
 +              max_delta_pos = delta_pos;
 +
        if (bytes_left > 0)
                elapsed = now - last_update;
        else {
@@@ -136,11 -146,12 +148,14 @@@ typedef enum 
        oSendEnv, oControlPath, oControlMaster, oControlPersist,
        oHashKnownHosts,
        oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-       oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
-       oKexAlgorithms, oIPQoS, oRequestTTY,
-       oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
-       oHPNBufferSize,
-       oDeprecated, oUnsupported
++      oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
++      oNoneEnabled, oNoneSwitch,
+       oVisualHostKey, oUseRoaming,
+       oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+       oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
+       oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
+       oStreamLocalBindMask, oStreamLocalBindUnlink,
+       oIgnoredUnknownOption, oDeprecated, oUnsupported
  } OpCodes;
  
  /* Textual representations of the tokens. */
@@@ -246,18 -257,15 +262,21 @@@ static struct 
        { "kexalgorithms", oKexAlgorithms },
        { "ipqos", oIPQoS },
        { "requesttty", oRequestTTY },
-       { "noneswitch", oNoneSwitch },
 +      { "noneenabled", oNoneEnabled },
++      { "noneswitch", oNoneSwitch },
 +      { "tcprcvbufpoll", oTcpRcvBufPoll },
 +      { "tcprcvbuf", oTcpRcvBuf },
 +      { "hpndisabled", oHPNDisabled },
 +      { "hpnbuffersize", oHPNBufferSize },
+       { "proxyusefdpass", oProxyUseFdpass },
+       { "canonicaldomains", oCanonicalDomains },
+       { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
+       { "canonicalizehostname", oCanonicalizeHostname },
+       { "canonicalizemaxdots", oCanonicalizeMaxDots },
+       { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+       { "streamlocalbindmask", oStreamLocalBindMask },
+       { "streamlocalbindunlink", oStreamLocalBindUnlink },
+       { "ignoreunknown", oIgnoreUnknown },
  
        { NULL, oBadOption }
  };
@@@ -507,40 -877,10 +888,41 @@@ parse_time
                intptr = &options->check_host_ip;
                goto parse_flag;
  
 +      case oNoneEnabled:
 +              intptr = &options->none_enabled;
 +              goto parse_flag;
 +
 +      /* we check to see if the command comes from the */
 +      /* command line or not. If it does then enable it */
 +      /* otherwise fail. NONE should never be a default configuration */
 +      case oNoneSwitch:
 +              if(strcmp(filename,"command-line")==0)
 +              {
 +                  intptr = &options->none_switch;
 +                  goto parse_flag;
 +              } else {
 +                  error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
 +                  error("Continuing...");
 +                  debug("NoneSwitch directive found in %.200s.", filename);
 +                  return 0;
 +              }
 +
 +      case oHPNDisabled:
 +              intptr = &options->hpn_disabled;
 +              goto parse_flag;
 +
 +      case oHPNBufferSize:
 +              intptr = &options->hpn_buffer_size;
 +              goto parse_int;
 +
 +      case oTcpRcvBufPoll:
 +              intptr = &options->tcp_rcv_buf_poll;
 +              goto parse_flag;
 +
        case oVerifyHostKeyDNS:
                intptr = &options->verify_host_key_dns;
-               goto parse_yesnoask;
+               multistate_ptr = multistate_yesnoask;
+               goto parse_multistate;
  
        case oStrictHostKeyChecking:
                intptr = &options->strict_host_key_checking;
@@@ -1256,13 -1602,28 +1655,34 @@@ initialize_options(Options * options
        options->ip_qos_interactive = -1;
        options->ip_qos_bulk = -1;
        options->request_tty = -1;
 +      options->none_switch = -1;
 +      options->none_enabled = -1;
 +      options->hpn_disabled = -1;
 +      options->hpn_buffer_size = -1;
 +      options->tcp_rcv_buf_poll = -1;
 +      options->tcp_rcv_buf = -1;
+       options->proxy_use_fdpass = -1;
+       options->ignored_unknown = NULL;
+       options->num_canonical_domains = 0;
+       options->num_permitted_cnames = 0;
+       options->canonicalize_max_dots = -1;
+       options->canonicalize_fallback_local = -1;
+       options->canonicalize_hostname = -1;
+ }
+ /*
+  * A petite version of fill_default_options() that just fills the options
+  * needed for hostname canonicalization to proceed.
+  */
+ void
+ fill_default_options_for_canonicalization(Options *options)
+ {
+       if (options->canonicalize_max_dots == -1)
+               options->canonicalize_max_dots = 1;
+       if (options->canonicalize_fallback_local == -1)
+               options->canonicalize_fallback_local = 1;
+       if (options->canonicalize_hostname == -1)
+               options->canonicalize_hostname = SSH_CANONICALISE_NO;
  }
  
  /*
@@@ -113,8 -106,7 +110,9 @@@ typedef struct 
  
        int     enable_ssh_keysign;
        int64_t rekey_limit;
 +      int     none_switch;    /* Use none cipher */
 +      int     none_enabled;   /* Allow none to be used */
+       int     rekey_interval;
        int     no_host_authentication_for_localhost;
        int     identities_only;
        int     server_alive_interval;
@@@ -729,9 -747,9 +747,9 @@@ source(int argc, char **argv
        static BUF buffer;
        BUF *bp;
        off_t i, statbytes;
-       size_t amt;
+       size_t amt, nr;
        int fd = -1, haderr, indx;
 -      char *last, *name, buf[2048], encname[MAXPATHLEN];
 +      char *last, *name, buf[16384], encname[MAXPATHLEN];
        int len;
  
        for (indx = 0; indx < argc; ++indx) {
@@@ -912,8 -916,9 +916,9 @@@ sink(int argc, char **argv
        int amt, exists, first, ofd;
        mode_t mode, omode, mask;
        off_t size, statbytes;
+       unsigned long long ull;
        int setimes, targisdir, wrerrno = 0;
 -      char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
 +      char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
        struct timeval tv[2];
  
  #define       atime   tv[0]
@@@ -136,14 -149,11 +150,15 @@@ initialize_server_options(ServerOption
        options->num_permitted_opens = -1;
        options->adm_forced_command = NULL;
        options->chroot_directory = NULL;
-       options->zero_knowledge_password_authentication = -1;
+       options->authorized_keys_command = NULL;
+       options->authorized_keys_command_user = NULL;
+       options->revoked_keys_file = NULL;
+       options->trusted_user_ca_keys = NULL;
+       options->authorized_principals_file = NULL;
 +      options->none_enabled = -1;
 +      options->tcp_rcv_buf_poll = -1;
 +      options->hpn_disabled = -1;
 +      options->hpn_buffer_size = -1;
-       options->revoked_keys_file = NULL;
-       options->trusted_user_ca_keys = NULL;
-       options->authorized_principals_file = NULL;
        options->ip_qos_interactive = -1;
        options->ip_qos_bulk = -1;
        options->version_addendum = NULL;
@@@ -293,45 -306,12 +318,49 @@@ fill_default_server_options(ServerOptio
                options->ip_qos_interactive = IPTOS_LOWDELAY;
        if (options->ip_qos_bulk == -1)
                options->ip_qos_bulk = IPTOS_THROUGHPUT;
 +
 +      if (options->hpn_disabled == -1)
 +              options->hpn_disabled = 0;
 +
 +      if (options->hpn_buffer_size == -1) {
 +              /* option not explicitly set. Now we have to figure out */
 +              /* what value to use */
 +              if (options->hpn_disabled == 1) {
 +                      options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
 +              } else {
 +                      /* get the current RCV size and set it to that */
 +                      /*create a socket but don't connect it */
 +                      /* we use that the get the rcv socket size */
 +                      sock = socket(AF_INET, SOCK_STREAM, 0);
 +                      getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
 +                                 &socksize, &socksizelen);
 +                      close(sock);
 +                      options->hpn_buffer_size = socksize;
 +                      debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
 +
 +              }
 +      } else {
 +              /* we have to do this incase the user sets both values in a contradictory */
 +              /* manner. hpn_disabled overrrides hpn_buffer_size*/
 +              if (options->hpn_disabled <= 0) {
 +                      if (options->hpn_buffer_size == 0)
 +                              options->hpn_buffer_size = 1;
 +                      /* limit the maximum buffer to 64MB */
 +                      if (options->hpn_buffer_size > 64*1024) {
 +                              options->hpn_buffer_size = 64*1024*1024;
 +                      } else {
 +                              options->hpn_buffer_size *= 1024;
 +                      }
 +              } else
 +                      options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
 +      }
 +
        if (options->version_addendum == NULL)
                options->version_addendum = xstrdup("");
+       if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
+               options->fwd_opts.streamlocal_bind_mask = 0177;
+       if (options->fwd_opts.streamlocal_bind_unlink == -1)
+               options->fwd_opts.streamlocal_bind_unlink = 0;
        /* Turn privilege separation on by default */
        if (use_privsep == -1)
                use_privsep = PRIVSEP_NOSANDBOX;
@@@ -363,9 -343,9 +392,9 @@@ typedef enum 
        sListenAddress, sAddressFamily,
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-       sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
 -      sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
++      sPermitTTY, sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
        sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
-       sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+       sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
        sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
        sMaxStartups, sMaxAuthTries, sMaxSessions,
        sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
-       sZeroKnowledgePasswordAuthentication, sHostCertificate,
+       sHostCertificate,
        sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
        sKexAlgorithms, sIPQoS, sVersionAddendum,
 +      sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+       sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+       sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
+       sStreamLocalBindMask, sStreamLocalBindUnlink,
+       sAllowStreamLocalForwarding,
        sDeprecated, sUnsupported
  } ServerOpCodes;
  
@@@ -502,13 -483,15 +534,19 @@@ static struct 
        { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
        { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
        { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
 +      { "noneenabled", sNoneEnabled },
 +      { "hpndisabled", sHPNDisabled },
 +      { "hpnbuffersize", sHPNBufferSize },
 +      { "tcprcvbufpoll", sTcpRcvBufPoll },
        { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
        { "ipqos", sIPQoS, SSHCFG_ALL },
+       { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+       { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
        { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
+       { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
+       { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
+       { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
+       { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
        { NULL, sBadOption, 0 }
  };
  
@@@ -108,9 -118,6 +118,7 @@@ typedef struct 
                                                 * authentication. */
        int     kbd_interactive_authentication; /* If true, permit */
        int     challenge_response_authentication;
-       int     zero_knowledge_password_authentication;
-                                       /* If true, permit jpake auth */
 +      int     permit_blacklisted_keys;        /* If true, permit */
        int     permit_empty_passwd;    /* If false, do not permit empty
                                         * passwords. */
        int     permit_user_env;        /* If true, read ~/.ssh/environment */
@@@ -841,11 -824,11 +840,13 @@@ voi
  server_loop2(Authctxt *authctxt)
  {
        fd_set *readset = NULL, *writeset = NULL;
-       int rekeying = 0, max_fd, nalloc = 0;
+       int rekeying = 0, max_fd;
 +      double start_time, total_time;
+       u_int nalloc = 0;
+       u_int64_t rekey_timeout_ms = 0;
  
        debug("Entering interactive session for SSH2.");
 +      start_time = get_current_time();
  
        mysignal(SIGCHLD, sigchld_handler);
        child_terminated = 0;
@@@ -229,14 -214,11 +214,12 @@@ auth_input_request_forwarding(struct pa
        /* Restore the privileged uid. */
        restore_uid();
  
-       /* Start listening on the socket. */
-       if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
-               error("listen: %.100s", strerror(errno));
+       /* Check for socket/bind/listen failure. */
+       if (sock < 0)
                goto authsock_err;
-       }
  
        /* Allocate a channel for the authentication agent socket. */
 +      /* this shouldn't matter if its hpn or not - cjr */
        nc = channel_new("auth socket",
            SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
            CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
Simple merge
Simple merge
Simple merge
Simple merge
@@@ -579,18 -785,14 +785,18 @@@ main(int ac, char **av
                        break;
                case 'T':
                        options.request_tty = REQUEST_TTY_NO;
 +                      /* ensure that the user doesn't try to backdoor a */
 +                      /* null cipher switch on an interactive session */
 +                      /* so explicitly disable it no matter what */
 +                      options.none_switch=0;
                        break;
                case 'o':
-                       dummy = 1;
                        line = xstrdup(optarg);
-                       if (process_config_line(&options, host ? host : "",
-                           line, "command-line", 0, &dummy) != 0)
+                       if (process_config_line(&options, pw, host ? host : "",
+                           line, "command-line", 0, NULL, SSHCONF_USERCONF)
+                           != 0)
                                exit(255);
-                       xfree(line);
+                       free(line);
                        break;
                case 's':
                        subsystem_flag = 1;
@@@ -40,9 -40,6 +40,9 @@@
  #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
  #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
  #   EscapeChar ~
- #   VersionAddendum DragonFly-20121028
++#   VersionAddendum DragonFly-20150122
 +
 +#   XAuthLocation /usr/local/bin/xauth
  #   Tunnel no
  #   TunnelDevice any:any
  #   PermitLocalCommand no
@@@ -1207,15 -1471,8 +1471,13 @@@ The default i
  .Dq no .
  Note that this option applies to protocol version 2 only.
  .Pp
- See also
- .Sx VERIFYING HOST KEYS
- in
+ See also VERIFYING HOST KEYS in
  .Xr ssh 1 .
- .Dq DragonFly-20121028 .
 +.It Cm VersionAddendum
 +Specifies a string to append to the regular version string to identify
 +OS- or site-specific modifications.
 +The default is
++.Dq DragonFly-20150122 .
  .It Cm VisualHostKey
  If this flag is set to
  .Dq yes ,
@@@ -241,32 -279,49 +304,52 @@@ ssh_create_socket(int privileged, struc
        }
        fcntl(sock, F_SETFD, FD_CLOEXEC);
  
 +      if (options.tcp_rcv_buf > 0)
 +              ssh_set_socket_recvbuf(sock);
 +
        /* Bind the socket to an alternative local IP address */
-       if (options.bind_address == NULL)
+       if (options.bind_address == NULL && !privileged)
                return sock;
  
-       memset(&hints, 0, sizeof(hints));
-       hints.ai_family = ai->ai_family;
-       hints.ai_socktype = ai->ai_socktype;
-       hints.ai_protocol = ai->ai_protocol;
-       hints.ai_flags = AI_PASSIVE;
-       gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
-       if (gaierr) {
-               error("getaddrinfo: %s: %s", options.bind_address,
-                   ssh_gai_strerror(gaierr));
-               close(sock);
-               return -1;
+       if (options.bind_address) {
+               memset(&hints, 0, sizeof(hints));
+               hints.ai_family = ai->ai_family;
+               hints.ai_socktype = ai->ai_socktype;
+               hints.ai_protocol = ai->ai_protocol;
+               hints.ai_flags = AI_PASSIVE;
+               gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+               if (gaierr) {
+                       error("getaddrinfo: %s: %s", options.bind_address,
+                           ssh_gai_strerror(gaierr));
+                       close(sock);
+                       return -1;
+               }
        }
-       if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
-               error("bind: %s: %s", options.bind_address, strerror(errno));
-               close(sock);
-               freeaddrinfo(res);
-               return -1;
+       /*
+        * If we are running as root and want to connect to a privileged
+        * port, bind our own socket to a privileged port.
+        */
+       if (privileged) {
+               PRIV_START;
+               r = bindresvport_sa(sock, res ? res->ai_addr : NULL);
+               PRIV_END;
+               if (r < 0) {
+                       error("bindresvport_sa: af=%d %s", ai->ai_family,
+                           strerror(errno));
+                       goto fail;
+               }
+       } else {
+               if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+                       error("bind: %s: %s", options.bind_address,
+                           strerror(errno));
+  fail:
+                       close(sock);
+                       freeaddrinfo(res);
+                       return -1;
+               }
        }
-       freeaddrinfo(res);
+       if (res != NULL)
+               freeaddrinfo(res);
        return sock;
  }
  
Simple merge
@@@ -408,11 -408,13 +409,14 @@@ Changes to user's home directory
  .It
  If
  .Pa ~/.ssh/rc
- exists, runs it; else if
+ exists and the
+ .Xr sshd_config 5
+ .Cm PermitUserRC
+ option is set, runs it; else if
  .Pa /etc/ssh/sshrc
  exists, runs
 -it; otherwise runs xauth.
 +it; otherwise runs
 +.Xr xauth 1 .
  The
  .Dq rc
  files are given the X11
@@@ -1596,23 -1707,18 +1721,33 @@@ main(int ac, char **av
  
        for (i = 0; i < options.num_host_key_files; i++) {
                key = key_load_private(options.host_key_files[i], "", NULL);
 +              if (key && blacklisted_key(key)) {
 +                      char *fp;
 +                      fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
 +                      if (options.permit_blacklisted_keys)
 +                              error("Host key %s blacklisted (see "
 +                                  "ssh-vulnkey(1)); continuing anyway", fp);
 +                      else
 +                              error("Host key %s blacklisted (see "
 +                                  "ssh-vulnkey(1))", fp);
 +                      xfree(fp);
 +                      if (!options.permit_blacklisted_keys) {
 +                              sensitive_data.host_keys[i] = NULL;
 +                              continue;
 +                      }
 +              }
+               pubkey = key_load_public(options.host_key_files[i], NULL);
                sensitive_data.host_keys[i] = key;
-               if (key == NULL) {
+               sensitive_data.host_pubkeys[i] = pubkey;
+               if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 &&
+                   have_agent) {
+                       debug("will rely on agent for hostkey %s",
+                           options.host_key_files[i]);
+                       keytype = pubkey->type;
+               } else if (key != NULL) {
+                       keytype = key->type;
+               } else {
                        error("Could not load host key: %s",
                            options.host_key_files[i]);
                        sensitive_data.host_keys[i] = NULL;
  #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
  #endif
- #ifdef LIBWRAP
-       allow_severity = options.log_facility|LOG_INFO;
-       deny_severity = options.log_facility|LOG_WARNING;
-       /* Check whether logins are denied from this host. */
-       if (packet_connection_is_on_socket()) {
-               struct request_info req;
-               request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
-               fromhost(&req);
-               if (!hosts_access(&req)) {
-                       debug("Connection refused by tcp wrapper");
-                       refuse(&req);
-                       /* NOTREACHED */
-                       fatal("libwrap refuse returns");
-               }
-       }
- #endif /* LIBWRAP */
  
        /* Log the connection. */
-       verbose("Connection from %.500s port %d", remote_ip, remote_port);
+       verbose("Connection from %s port %d on %s port %d",
+           remote_ip, remote_port,
+           get_local_ipaddr(sock_in), get_local_port());
  
 +      /* set the HPN options for the child */
 +      channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
 +
        /*
         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
@@@ -2333,10 -2446,9 +2487,11 @@@ sshd_hostkey_sign(Key *privkey, Key *pu
  static void
  do_ssh2_kex(void)
  {
+       char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
        Kex *kex;
  
 +      myflag++;
 +      debug ("MYFLAG IS %d", myflag);
        if (options.ciphers != NULL) {
                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
  # possible, but leave them commented.  Uncommented options override the
  # default value.
  
- #VersionAddendum DragonFly-20121028
 +# Note that some of DragonFly's defaults differ from OpenBSD's, and
 +# DragonFly has a few additional options.
 +
++#VersionAddendum DragonFly-20150122
 +
  #Port 22
  #AddressFamily any
  #ListenAddress 0.0.0.0
@@@ -58,10 -55,13 +62,13 @@@ AuthorizedKeysFile .ssh/authorized_key
  
  #AuthorizedPrincipalsFile none
  
+ #AuthorizedKeysCommand none
+ #AuthorizedKeysCommandUser nobody
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 -#RhostsRSAAuthentication no
 +RhostsRSAAuthentication no
  # similar for protocol version 2
 -#HostbasedAuthentication no
 +HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
@@@ -102,9 -99,10 +109,10 @@@ ChallengeResponseAuthentication n
  #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
 -#X11Forwarding no
 +#X11Forwarding yes
  #X11DisplayOffset 10
  #X11UseLocalhost yes
+ #PermitTTY yes
  #PrintMotd yes
  #PrintLastLog yes
  #TCPKeepAlive yes
@@@ -116,11 -114,10 +124,11 @@@ UsePrivilegeSeparation sandbox          # Defau
  #ClientAliveCountMax 3
  #UseDNS yes
  #PidFile /var/run/sshd.pid
- #MaxStartups 10
+ #MaxStartups 10:30:100
  #PermitTunnel no
  #ChrootDirectory none
 -#VersionAddendum none
 +
 +#XAuthLocation /usr/local/bin/xauth
  
  # no default banner path
  #Banner none
@@@ -960,10 -1172,13 +1193,15 @@@ Specifies revoked public keys
  Keys listed in this file will be refused for public key authentication.
  Note that if this file is not readable, then public key authentication will
  be refused for all users.
+ Keys may be specified as a text file, listing one public key per line, or as
+ an OpenSSH Key Revocation List (KRL) as generated by
+ .Xr ssh-keygen 1 .
+ For more information on KRLs, see the KEY REVOCATION LISTS section in
+ .Xr ssh-keygen 1 .
  .It Cm RhostsRSAAuthentication
 -Specifies whether rhosts or /etc/hosts.equiv authentication together
 +Specifies whether rhosts or
 +.Pa /etc/hosts.equiv
 +authentication together
  with successful RSA host authentication is allowed.
  The default is
  .Dq no .
@@@ -1125,7 -1365,7 +1388,7 @@@ restrictions
  Optionally specifies additional text to append to the SSH protocol banner
  sent by the server upon connection.
  The default is
- .Dq DragonFly-20121028 .
 -.Dq none .
++.Dq DragonFly-20150122 .
  .It Cm X11DisplayOffset
  Specifies the first display number available for
  .Xr sshd 8 Ns 's
@@@ -58,8 -58,8 +58,9 @@@
  #include "loginrec.h"
  #include "log.h"
  #include "buffer.h"
+ #include "misc.h"
  #include "servconf.h"
 +#include "sshlogin.h"
  
  extern Buffer loginmsg;
  extern ServerOptions options;