Merge branch 'vendor/OPENSSH'
authorPeter Avalos <pavalos@dragonflybsd.org>
Tue, 20 Sep 2011 22:50:56 +0000 (15:50 -0700)
committerPeter Avalos <pavalos@dragonflybsd.org>
Tue, 20 Sep 2011 22:50:56 +0000 (15:50 -0700)
30 files changed:
1  2 
crypto/openssh/auth-rsa.c
crypto/openssh/auth2-pubkey.c
crypto/openssh/auth2.c
crypto/openssh/authfile.c
crypto/openssh/authfile.h
crypto/openssh/channels.c
crypto/openssh/channels.h
crypto/openssh/clientloop.c
crypto/openssh/moduli.5
crypto/openssh/myproposal.h
crypto/openssh/packet.c
crypto/openssh/packet.h
crypto/openssh/pathnames.h
crypto/openssh/readconf.c
crypto/openssh/readconf.h
crypto/openssh/servconf.c
crypto/openssh/servconf.h
crypto/openssh/serverloop.c
crypto/openssh/session.c
crypto/openssh/sftp.1
crypto/openssh/ssh-agent.c
crypto/openssh/ssh.1
crypto/openssh/ssh.c
crypto/openssh/ssh_config.5
crypto/openssh/sshconnect.c
crypto/openssh/sshconnect2.c
crypto/openssh/sshd.8
crypto/openssh/sshd.c
crypto/openssh/sshd_config
crypto/openssh/sshd_config.5

Simple merge
@@@ -437,23 -436,9 +437,23 @@@ user_cert_trusted_ca(struct passwd *pw
  int
  user_key_allowed(struct passwd *pw, Key *key)
  {
-       int success;
 +      char *fp;
+       u_int success, i;
        char *file;
  
 +      if (blacklisted_key(key)) {
 +              fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
 +              if (options.permit_blacklisted_keys)
 +                      logit("Public key %s blacklisted (see "
 +                          "ssh-vulnkey(1)); continuing anyway", fp);
 +              else
 +                      logit("Public key %s blacklisted (see "
 +                          "ssh-vulnkey(1))", fp);
 +              xfree(fp);
 +              if (!options.permit_blacklisted_keys)
 +                      return 0;
 +      }
 +
        if (auth_key_is_revoked(key))
                return 0;
        if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
Simple merge
  #include "rsa.h"
  #include "misc.h"
  #include "atomicio.h"
 +#include "pathnames.h"
  
+ #define MAX_KEY_FILE_SIZE     (1024 * 1024)
  /* Version identification string for SSH v1 identity files. */
  static const char authfile_id_string[] =
      "SSH PRIVATE KEY FILE FORMAT 1.1\n";
Simple merge
Simple merge
Simple merge
Simple merge
  .Os
  .Sh NAME
  .Nm moduli
- .Nd Diffie Hellman moduli
+ .Nd Diffie-Hellman moduli
  .Sh DESCRIPTION
  The
 -.Pa /etc/moduli
 +.Pa /etc/ssh/moduli
- file contains prime numbers and generators for use by 
+ file contains prime numbers and generators for use by
  .Xr sshd 8
  in the Diffie-Hellman Group Exchange key exchange method.
  .Pp
@@@ -105,18 -104,17 +104,17 @@@ The recommended generator for use with 
  The modulus itself in hexadecimal.
  .El
  .Pp
- When performing Diffie Hellman Group Exchange,
+ When performing Diffie-Hellman Group Exchange,
  .Xr sshd 8
  first estimates the size of the modulus required to produce enough
- Diffie Hellman output to sufficiently key the selected symmetric cipher.
+ Diffie-Hellman output to sufficiently key the selected symmetric cipher.
  .Xr sshd 8
  then randomly selects a modulus from
 -.Fa /etc/moduli
 +.Fa /etc/ssh/moduli
  that best meets the size requirement.
- .Pp
  .Sh SEE ALSO
  .Xr ssh-keygen 1 ,
- .Xr sshd 8 ,
+ .Xr sshd 8
  .Rs
  .%R RFC 4419
  .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
        "arcfour256,arcfour128," \
        "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
        "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
 +#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
 +      ",none"
+ #ifdef HAVE_EVP_SHA256
+ #define       SHA2_HMAC_MODES \
+       "hmac-sha2-256," \
+       "hmac-sha2-256-96," \
+       "hmac-sha2-512," \
+       "hmac-sha2-512-96,"
+ #else
+ # define SHA2_HMAC_MODES
+ #endif
  #define       KEX_DEFAULT_MAC \
-       "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
+       "hmac-md5," \
+       "hmac-sha1," \
+       "umac-64@openssh.com," \
+       SHA2_HMAC_MODES \
+       "hmac-ripemd160," \
        "hmac-ripemd160@openssh.com," \
-       "hmac-sha1-96,hmac-md5-96"
+       "hmac-sha1-96," \
+       "hmac-md5-96"
  #define       KEX_DEFAULT_COMP        "none,zlib@openssh.com,zlib"
  #define       KEX_DEFAULT_LANG        ""
  
Simple merge
Simple merge
Simple merge
@@@ -137,9 -134,7 +137,9 @@@ typedef enum 
        oHashKnownHosts,
        oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
        oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
-       oKexAlgorithms, oIPQoS,
+       oKexAlgorithms, oIPQoS, oRequestTTY,
 +      oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
 +      oHPNBufferSize,
        oDeprecated, oUnsupported
  } OpCodes;
  
@@@ -251,12 -245,7 +251,13 @@@ static struct 
  #endif
        { "kexalgorithms", oKexAlgorithms },
        { "ipqos", oIPQoS },
+       { "requesttty", oRequestTTY },
 +      { "noneenabled", oNoneEnabled },
 +      { "tcprcvbufpoll", oTcpRcvBufPoll },
 +      { "tcprcvbuf", oTcpRcvBuf },
 +      { "noneswitch", oNoneSwitch },
 +      { "hpndisabled", oHPNDisabled },
 +      { "hpnbuffersize", oHPNBufferSize },
  
        { NULL, oBadOption }
  };
@@@ -1211,12 -1201,7 +1255,13 @@@ initialize_options(Options * options
        options->zero_knowledge_password_authentication = -1;
        options->ip_qos_interactive = -1;
        options->ip_qos_bulk = -1;
+       options->request_tty = -1;
 +      options->none_switch = -1;
 +      options->none_enabled = -1;
 +      options->hpn_disabled = -1;
 +      options->hpn_buffer_size = -1;
 +      options->tcp_rcv_buf_poll = -1;
 +      options->tcp_rcv_buf = -1;
  }
  
  /*
Simple merge
@@@ -295,45 -278,9 +291,45 @@@ fill_default_server_options(ServerOptio
        if (options->ip_qos_bulk == -1)
                options->ip_qos_bulk = IPTOS_THROUGHPUT;
  
 +      if (options->hpn_disabled == -1)
 +              options->hpn_disabled = 0;
 +
 +      if (options->hpn_buffer_size == -1) {
 +              /* option not explicitly set. Now we have to figure out */
 +              /* what value to use */
 +              if (options->hpn_disabled == 1) {
 +                      options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
 +              } else {
 +                      /* get the current RCV size and set it to that */
 +                      /*create a socket but don't connect it */
 +                      /* we use that the get the rcv socket size */
 +                      sock = socket(AF_INET, SOCK_STREAM, 0);
 +                      getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
 +                                 &socksize, &socksizelen);
 +                      close(sock);
 +                      options->hpn_buffer_size = socksize;
 +                      debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
 +
 +              }
 +      } else {
 +              /* we have to do this incase the user sets both values in a contradictory */
 +              /* manner. hpn_disabled overrrides hpn_buffer_size*/
 +              if (options->hpn_disabled <= 0) {
 +                      if (options->hpn_buffer_size == 0)
 +                              options->hpn_buffer_size = 1;
 +                      /* limit the maximum buffer to 64MB */
 +                      if (options->hpn_buffer_size > 64*1024) {
 +                              options->hpn_buffer_size = 64*1024*1024;
 +                      } else {
 +                              options->hpn_buffer_size *= 1024;
 +                      }
 +              } else
 +                      options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
 +      }
 +
        /* Turn privilege separation on by default */
        if (use_privsep == -1)
-               use_privsep = 1;
+               use_privsep = PRIVSEP_ON;
  
  #ifndef HAVE_MMAP
        if (use_privsep && options->compression == 1) {
@@@ -490,9 -434,8 +486,9 @@@ static struct 
        { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
        { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
        { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
-       { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL },
+       { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
        { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
 +      { "versionaddendum", sVersionAddendum , SSHCFG_GLOBAL },
        { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
        { "permittunnel", sPermitTunnel, SSHCFG_ALL },
        { "match", sMatch, SSHCFG_ALL },
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge
@@@ -541,7 -573,10 +573,14 @@@ main(int ac, char **av
                        break;
                case 'N':
                        no_shell_flag = 1;
-                       no_tty_flag = 1;
+                       options.request_tty = REQUEST_TTY_NO;
+                       break;
+               case 'T':
+                       options.request_tty = REQUEST_TTY_NO;
++                      /* ensure that the user doesn't try to backdoor a */
++                      /* null cipher switch on an interactive session */
++                      /* so explicitly disable it no matter what */
++                      options.none_switch=0;
                        break;
                case 'o':
                        dummy = 1;
Simple merge
Simple merge
Simple merge
Simple merge
Simple merge
@@@ -7,14 -7,9 +7,14 @@@
  
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
- # possible, but leave them commented.  Uncommented options change a
+ # possible, but leave them commented.  Uncommented options override the
  # default value.
  
 +# Note that some of DragonFly's defaults differ from OpenBSD's, and
 +# DragonFly has a few additional options.
 +
 +#VersionAddendum DragonFly-20110408
 +
  #Port 22
  #AddressFamily any
  #ListenAddress 0.0.0.0
@@@ -50,13 -44,15 +50,16 @@@ PermitRootLogin without-passwor
  
  #RSAAuthentication yes
  #PubkeyAuthentication yes
- #AuthorizedKeysFile   .ssh/authorized_keys
 +#PermitBlacklistedKeys no
+ # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+ # but this is overridden so installations will only check .ssh/authorized_keys
+ AuthorizedKeysFile    .ssh/authorized_keys
  
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 -#RhostsRSAAuthentication no
 +RhostsRSAAuthentication no
  # similar for protocol version 2
 -#HostbasedAuthentication no
 +HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
@@@ -1101,11 -1073,12 +1104,17 @@@ The goal of privilege separation is to 
  escalation by containing any corruption within the unprivileged processes.
  The default is
  .Dq yes .
+ If
+ .Cm UsePrivilegeSeparation
+ is set to
+ .Dq sandbox
+ then the pre-authentication unprivileged process is subject to additional
+ restrictions.
 +.It Cm VersionAddendum
 +Specifies a string to append to the regular version string to identify
 +OS- or site-specific modifications.
 +The default is
 +.Dq DragonFly-20110408 .
  .It Cm X11DisplayOffset
  Specifies the first display number available for
  .Xr sshd 8 Ns 's