Index: /branches/rel_apv_10_7/usr/click/bin/openssh/Makefile =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/Makefile (revision 39751) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/Makefile (working copy) @@ -1,5 +1,5 @@ ANROOT=${.CURDIR}/../../../../anroot -OPENSSH_FOLDER=openssh-10.0p2 +OPENSSH_FOLDER=openssh-10.1p1 .if defined(UOS_X86) || defined(KYLIN) Index: /branches/rel_apv_10_7/usr/click/bin/openssh/array.patch =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/array.patch (revision 39751) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/array.patch (working copy) @@ -1,17 +1,17 @@ diff --git a/Makefile.in b/Makefile.in -index 4617ceb..a1343d6 100644 +index 760fbaa..2cf60a5 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -74,7 +74,7 @@ MKDIR_P=@MKDIR_P@ +@@ -75,7 +75,7 @@ MKDIR_P=@MKDIR_P@ .SUFFIXES: .lo -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) sshd-auth$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) $(SK_STANDALONE) +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) synconfigd$(EXEEXT) sshd-session$(EXEEXT) sshd-auth$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) $(SK_STANDALONE) - XMSS_OBJS=\ - ssh-xmss.o \ -@@ -183,8 +183,11 @@ MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out + LIBOPENSSH_OBJS=\ + ssh_api.o \ +@@ -176,8 +176,11 @@ MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5 MANTYPE = @MANTYPE@ @@ -25,7 +25,7 @@ PATHSUBS = \ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ -@@ -209,7 +212,8 @@ FIXPATHSCMD = $(SED) $(PATHSUBS) +@@ -201,7 +204,8 @@ FIXPATHSCMD = $(SED) $(PATHSUBS) FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ @UNSUPPORTED_ALGORITHMS@ @@ -35,7 +35,7 @@ $(LIBSSH_OBJS): Makefile.in config.h $(SSHOBJS): Makefile.in config.h -@@ -231,13 +235,16 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) +@@ -223,13 +227,16 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) @@ -56,7 +56,7 @@ scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS) $(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/auth-passwd.c b/auth-passwd.c -index 347d91e..5eb8d36 100644 +index a9d7688..88e5b05 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -56,6 +56,21 @@ @@ -149,7 +149,7 @@ int hostbased_key_allowed(struct ssh *, struct passwd *, const char *, char *, struct sshkey *); diff --git a/auth2.c b/auth2.c -index 67dec88..65caf04 100644 +index b9bb46f..000697a 100644 --- a/auth2.c +++ b/auth2.c @@ -29,6 +29,10 @@ @@ -359,7 +359,7 @@ char * auth2_read_banner(void) { -@@ -284,26 +470,43 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) +@@ -284,25 +470,40 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); @@ -370,7 +370,6 @@ if (authctxt->attempt >= 1024) auth_maxtries_exceeded(ssh); -+ if (authctxt->attempt++ == 0) { - /* setup auth context */ - authctxt->pw = mm_getpwnamallow(ssh, user); @@ -408,11 +407,9 @@ #endif + } } -+ #ifdef USE_PAM if (options.use_pam) - mm_start_pam(ssh); -@@ -339,6 +542,33 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) +@@ -339,6 +540,33 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) authctxt->postponed = 0; authctxt->server_caused_failure = 0; @@ -446,11 +443,7 @@ /* try to authenticate user */ m = authmethod_lookup(authctxt, method); if (m != NULL && authctxt->failures < options.max_authtries) { -@@ -354,9 +584,34 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) - free(service); - free(user); - free(method); -+ +@@ -357,6 +585,30 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) return r; } @@ -481,7 +474,7 @@ void userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method, const char *submethod) -@@ -398,6 +653,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method, +@@ -398,6 +650,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method, /* Log before sending the reply */ auth_log(ssh, authenticated, partial, method, submethod); @@ -489,7 +482,7 @@ /* Update information exposed to session */ if (authenticated || partial) -@@ -436,14 +692,49 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method, +@@ -436,14 +689,49 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method, (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send success packet"); @@ -535,12 +528,12 @@ + } + } + } -+ + } ++ if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS mm_audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES); -@@ -459,6 +750,8 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method, +@@ -459,6 +747,8 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method, (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send failure packet"); @@ -550,10 +543,10 @@ } } diff --git a/configure b/configure -index f68e94a..a930144 100755 +index 74539c8..afa2d99 100644 --- a/configure +++ b/configure -@@ -877,7 +877,7 @@ sbindir='${exec_prefix}/sbin' +@@ -883,7 +883,7 @@ sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' @@ -563,10 +556,10 @@ localstatedir='${prefix}/var' runstatedir='${localstatedir}/run' diff --git a/monitor.c b/monitor.c -index 5966b4f..b8ebe5c 100644 +index a9e854b..8d5e29c 100644 --- a/monitor.c +++ b/monitor.c -@@ -98,6 +98,39 @@ +@@ -88,6 +88,39 @@ #include "sk-api.h" #include "srclimit.h" @@ -606,7 +599,7 @@ #ifdef GSSAPI static Gssctxt *gsscontext = NULL; #endif -@@ -148,6 +181,9 @@ int mm_answer_audit_event(struct ssh *, int, struct sshbuf *); +@@ -141,6 +174,9 @@ int mm_answer_audit_event(struct ssh *, int, struct sshbuf *); int mm_answer_audit_command(struct ssh *, int, struct sshbuf *); #endif @@ -616,7 +609,7 @@ static Authctxt *authctxt; /* local state for key verify */ -@@ -215,6 +251,8 @@ struct mon_table mon_dispatch_proto20[] = { +@@ -209,6 +245,8 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, #endif @@ -625,7 +618,7 @@ {0, 0, NULL} }; -@@ -235,6 +273,148 @@ struct mon_table mon_dispatch_postauth20[] = { +@@ -230,6 +268,148 @@ struct mon_table mon_dispatch_postauth20[] = { struct mon_table *mon_dispatch; @@ -774,7 +767,7 @@ /* Specifies if a certain message is allowed at the moment */ static void monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) -@@ -320,6 +500,8 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) +@@ -316,6 +496,8 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) if (authctxt->pw->pw_uid == 0 && !auth_root_allowed(ssh, auth_method)) authenticated = 0; @@ -783,7 +776,7 @@ #ifdef USE_PAM /* PAM needs to perform account checks after auth */ if (options.use_pam && authenticated) { -@@ -761,10 +943,17 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) +@@ -855,10 +1037,17 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) sshbuf_reset(m); if (pwent == NULL) { @@ -805,7 +798,7 @@ } allowed = 1; -@@ -903,17 +1092,20 @@ int +@@ -997,17 +1186,20 @@ int mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) { static int call_count; @@ -829,16 +822,11 @@ freezero(passwd, plen); sshbuf_reset(m); -@@ -1979,4 +2171,3 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) - return (authenticated); - } - #endif /* GSSAPI */ -- diff --git a/monitor.h b/monitor.h -index fa48fc6..547725a 100644 +index 3f8a9be..d95f49e 100644 --- a/monitor.h +++ b/monitor.h -@@ -63,6 +63,8 @@ enum monitor_reqtype { +@@ -64,6 +64,8 @@ enum monitor_reqtype { MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, @@ -848,10 +836,10 @@ struct ssh; diff --git a/monitor_wrap.c b/monitor_wrap.c -index 5358c77..dde7e71 100644 +index 33494b7..211a1a8 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c -@@ -466,6 +466,8 @@ mm_auth_password(struct ssh *ssh, char *password) +@@ -467,6 +467,8 @@ mm_auth_password(struct ssh *ssh, char *password) if ((m = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); @@ -860,7 +848,7 @@ if ((r = sshbuf_put_cstring(m, password)) != 0) fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m); -@@ -1162,3 +1164,35 @@ server_get_connection_info(struct ssh *ssh, int populate, int use_dns) +@@ -1229,3 +1231,35 @@ server_get_connection_info(struct ssh *ssh, int populate, int use_dns) return &ci; } @@ -898,29 +886,21 @@ +} \ No newline at end of file diff --git a/monitor_wrap.h b/monitor_wrap.h -index e768036..4ef4bd5 100644 +index c872953..1da8d66 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h -@@ -95,9 +95,11 @@ int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); - int mm_bsdauth_respond(void *, u_int, char **); - - /* config / channels glue */ --void server_process_permitopen(struct ssh *); --void server_process_channel_timeouts(struct ssh *ssh); -+void server_process_permitopen(struct ssh *); -+void server_process_channel_timeouts(struct ssh *ssh); +@@ -110,4 +110,6 @@ void server_process_channel_timeouts(struct ssh *ssh); struct connection_info * -- server_get_connection_info(struct ssh *, int, int); -+ server_get_connection_info(struct ssh *, int, int); -+ -+void mm_lock_fastlog(struct ssh *, const char *, int, int); + server_get_connection_info(struct ssh *, int, int); ++void mm_lock_fastlog(struct ssh *, const char *, int, int); ++ #endif /* _MM_WRAP_H_ */ diff --git a/readconf.c b/readconf.c -index 3d9cc6d..7a9da2a 100644 +index d992059..3284c80 100644 --- a/readconf.c +++ b/readconf.c -@@ -169,6 +169,7 @@ typedef enum { +@@ -164,6 +164,7 @@ typedef enum { oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oRemoteCommand, @@ -928,7 +908,7 @@ oVisualHostKey, oKexAlgorithms, oIPQoS, oRequestTTY, oSessionType, oStdinNull, oForkAfterAuthentication, oIgnoreUnknown, oProxyUseFdpass, -@@ -299,6 +300,8 @@ static struct { +@@ -295,6 +296,8 @@ static struct { { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, { "remotecommand", oRemoteCommand }, @@ -937,7 +917,7 @@ { "visualhostkey", oVisualHostKey }, { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, -@@ -1995,6 +1998,11 @@ parse_pubkey_algos: +@@ -2065,6 +2068,11 @@ parse_pubkey_algos: charptr = &options->remote_command; goto parse_command; @@ -949,9 +929,9 @@ case oVisualHostKey: intptr = &options->visual_host_key; goto parse_flag; -@@ -2674,6 +2682,8 @@ initialize_options(Options * options) - options->known_hosts_command = NULL; +@@ -2797,6 +2805,8 @@ initialize_options(Options * options) options->required_rsa_size = -1; + options->warn_weak_crypto = -1; options->enable_escape_commandline = -1; + options->xpassword = NULL; + options->knownhost = 0; @@ -959,11 +939,11 @@ options->tag = NULL; options->channel_timeouts = NULL; diff --git a/readconf.h b/readconf.h -index 9447d5d..2d9a679 100644 +index 942149f..770e9f1 100644 --- a/readconf.h +++ b/readconf.h -@@ -186,6 +186,8 @@ typedef struct { - u_int num_channel_timeouts; +@@ -189,6 +189,8 @@ typedef struct { + char *version_addendum; char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ + char *xpassword; @@ -972,18 +952,18 @@ #define SSH_PUBKEY_AUTH_NO 0x00 diff --git a/servconf.c b/servconf.c -index 89b8413..1207e0a 100644 +index 48ec8c4..573d089 100644 --- a/servconf.c +++ b/servconf.c -@@ -213,6 +213,7 @@ initialize_server_options(ServerOptions *options) +@@ -212,6 +212,7 @@ initialize_server_options(ServerOptions *options) options->channel_timeouts = NULL; options->num_channel_timeouts = 0; options->unused_connection_timeout = -1; + options->synconfig = 0; options->sshd_session_path = NULL; + options->sshd_auth_path = NULL; options->refuse_connection = -1; - } -@@ -549,7 +550,7 @@ typedef enum { +@@ -547,7 +548,7 @@ typedef enum { sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosGetAFSToken, sPasswordAuthentication, @@ -992,7 +972,7 @@ sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, -@@ -661,6 +662,8 @@ static struct { +@@ -659,6 +660,8 @@ static struct { { "skeyauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */ { "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, @@ -1001,7 +981,7 @@ { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, #ifdef DISABLE_LASTLOG -@@ -1395,6 +1398,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, +@@ -1433,6 +1436,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, break; case sListenAddress: @@ -1011,22 +991,24 @@ if (arg == NULL || *arg == '\0') fatal("%s line %d: missing address", diff --git a/servconf.h b/servconf.h -index 5089bc9..0917792 100644 +index 9beb90f..bca3edd 100644 --- a/servconf.h +++ b/servconf.h -@@ -247,6 +247,7 @@ typedef struct { +@@ -247,7 +247,8 @@ typedef struct { u_int num_channel_timeouts; int unused_connection_timeout; +- + int synconfig; - ++ char *sshd_session_path; + char *sshd_auth_path; diff --git a/session.c b/session.c -index c941511..9dff0e9 100644 +index f265fdc..434a619 100644 --- a/session.c +++ b/session.c -@@ -114,6 +114,11 @@ +@@ -110,6 +110,11 @@ #define mm_pty_allocate pty_allocate #endif @@ -1038,9 +1020,9 @@ #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ -@@ -177,6 +182,34 @@ static char *auth_info_file = NULL; +@@ -169,6 +174,34 @@ static char *auth_info_file = NULL; + /* Name and directory of socket for authentication agent forwarding. */ static char *auth_sock_name = NULL; - static char *auth_sock_dir = NULL; +extern int ext_authorize_level; +extern int ext_authenticated; @@ -1073,7 +1055,7 @@ /* removes the agent forwarding socket */ static void -@@ -715,6 +748,11 @@ do_exec(struct ssh *ssh, Session *s, const char *command) +@@ -677,6 +710,11 @@ do_exec(struct ssh *ssh, Session *s, const char *command) ssh_remote_port(ssh), s->self); @@ -1085,7 +1067,7 @@ #ifdef SSH_AUDIT_EVENTS if (command != NULL) mm_audit_run_command(command); -@@ -1010,7 +1048,15 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) +@@ -972,7 +1010,15 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); child_set_env(&env, &envsize, "USER", pw->pw_name); @@ -1102,7 +1084,7 @@ #ifdef _AIX child_set_env(&env, &envsize, "LOGIN", pw->pw_name); #endif -@@ -1558,6 +1604,11 @@ do_child(struct ssh *ssh, Session *s, const char *command) +@@ -1519,6 +1565,11 @@ do_child(struct ssh *ssh, Session *s, const char *command) */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; @@ -1110,15 +1092,15 @@ + if (strcmp(pw->pw_name, "ansync") == 0) { + shell = _PATH_BSHELL; + } -+ ++ /* * Make sure $SHELL points to the shell from the password file, * even if shell is overridden from login.conf diff --git a/ssh.c b/ssh.c -index 0019281..83beb56 100644 +index 3b03108..122e206 100644 --- a/ssh.c +++ b/ssh.c -@@ -174,6 +174,8 @@ static int forward_confirms_pending = -1; +@@ -171,6 +171,8 @@ static int forward_confirms_pending = -1; extern int muxserver_sock; extern u_int muxclient_command; @@ -1127,7 +1109,7 @@ /* Prints a help message to the user. This function never returns. */ static void -@@ -746,7 +748,7 @@ main(int ac, char **av) +@@ -766,7 +768,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" @@ -1136,7 +1118,7 @@ switch (opt) { case '1': fatal("SSH protocol v.1 is no longer supported"); -@@ -879,6 +881,9 @@ main(int ac, char **av) +@@ -899,6 +901,9 @@ main(int ac, char **av) options.gss_authentication = 1; options.gss_deleg_creds = 1; break; @@ -1146,7 +1128,7 @@ case 'i': p = tilde_expand_filename(optarg, getuid()); if (stat(p, &st) == -1) -@@ -1755,8 +1760,12 @@ main(int ac, char **av) +@@ -1832,8 +1837,12 @@ main(int ac, char **av) ssh_signal(SIGCHLD, main_sigchld_handler); /* Log into the remote system. Never returns if the login fails. */ @@ -1162,10 +1144,10 @@ /* We no longer need the private host keys. Clear them now. */ if (sensitive_data.nkeys != 0) { diff --git a/sshconnect.c b/sshconnect.c -index 7cf6b63..e08b0be 100644 +index 912a520..7b29e2b 100644 --- a/sshconnect.c +++ b/sshconnect.c -@@ -69,6 +69,7 @@ +@@ -61,6 +61,7 @@ #include "ssherr.h" #include "authfd.h" #include "kex.h" @@ -1173,7 +1155,7 @@ struct sshkey *previous_host_key = NULL; -@@ -1128,6 +1129,8 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, +@@ -1120,6 +1121,8 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, logit("%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip); @@ -1182,7 +1164,7 @@ else if (!add_host_to_hostfile(user_hostfiles[0], ip, host_key, options.hash_known_hosts)) logit("Failed to add the %s host key for IP " -@@ -1229,7 +1232,9 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, +@@ -1221,7 +1224,9 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, * If in "new" or "off" strict mode, add the key automatically * to the local known_hosts file. */ @@ -1193,7 +1175,7 @@ snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); hostp = hostline; if (options.hash_known_hosts) { -@@ -1250,7 +1255,9 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, +@@ -1242,7 +1247,9 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, hostp = host; } @@ -1204,16 +1186,16 @@ logit("Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]); else -@@ -1614,7 +1621,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, - /* authenticate user */ - debug("Authenticating to %s:%d as '%s'", host, port, server_user); - ssh_kex2(ssh, host, hostaddr, port, cinfo); +@@ -1620,7 +1627,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, + ssh->kex->name != NULL && options.warn_weak_crypto && + !kex_is_pq_from_name(ssh->kex->name)) + warn_nonpq_kex(); - ssh_userauth2(ssh, local_user, server_user, host, sensitive); + ssh_userauth2(ssh, local_user, server_user, host, sensitive, NULL); free(local_user); free(host); } -@@ -1759,3 +1766,29 @@ maybe_add_key_to_agent(const char *authfile, struct sshkey *private, +@@ -1761,3 +1768,29 @@ maybe_add_key_to_agent(const char *authfile, struct sshkey *private, debug("could not add identity to agent: %s (%d)", authfile, r); close(auth_sock); } @@ -1245,20 +1227,20 @@ +} \ No newline at end of file diff --git a/sshconnect.h b/sshconnect.h -index 8b0466f..33c282d 100644 +index 3082701..f35aed9 100644 --- a/sshconnect.h +++ b/sshconnect.h -@@ -86,7 +86,7 @@ void ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short, +@@ -90,7 +90,7 @@ void ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short, const struct ssh_conn_info *); void ssh_userauth2(struct ssh *ssh, const char *, const char *, - char *, Sensitive *); -+ char *, Sensitive *, char *); ++ char *, Sensitive *, char *); int ssh_local_cmd(const char *); diff --git a/sshconnect2.c b/sshconnect2.c -index 11fcdea..bdcd1b9 100644 +index b3679c9..e7521ad 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -337,6 +337,7 @@ struct cauthctxt { @@ -1322,7 +1304,7 @@ #endif authctxt.agent_fd = -1; + authctxt.password = pass ? pass : NULL; -+ ++ if (authctxt.method == NULL) fatal_f("internal error: cannot send userauth none request"); @@ -1336,7 +1318,7 @@ authctxt->method = method; /* reset the per method handler */ -@@ -1043,8 +1045,13 @@ userauth_passwd(struct ssh *ssh) +@@ -1046,8 +1048,13 @@ userauth_passwd(struct ssh *ssh) if (authctxt->attempt_passwd != 1) error("Permission denied, please try again."); @@ -1352,7 +1334,7 @@ if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || -@@ -1055,7 +1062,8 @@ userauth_passwd(struct ssh *ssh) +@@ -1058,7 +1065,8 @@ userauth_passwd(struct ssh *ssh) (r = sshpkt_send(ssh)) != 0) fatal_fr(r, "send packet"); @@ -1363,10 +1345,10 @@ freezero(password, strlen(password)); diff --git a/sshd-session.c b/sshd-session.c -index c64eb29..ee4ab9e 100644 +index 8979f74..cc3fe4c 100644 --- a/sshd-session.c +++ b/sshd-session.c -@@ -109,6 +109,40 @@ +@@ -103,6 +103,40 @@ #include "srclimit.h" #include "dh.h" @@ -1407,7 +1389,7 @@ /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 2) -@@ -828,6 +862,173 @@ set_process_rdomain(struct ssh *ssh, const char *name) +@@ -804,6 +838,173 @@ set_process_rdomain(struct ssh *ssh, const char *name) #endif } @@ -1581,7 +1563,7 @@ /* * Main program for the daemon. */ -@@ -879,7 +1080,7 @@ main(int ac, char **av) +@@ -855,7 +1056,7 @@ main(int ac, char **av) /* Parse command-line arguments. */ while ((opt = getopt(ac, av, @@ -1590,7 +1572,7 @@ switch (opt) { case '4': options.address_family = AF_INET; -@@ -916,6 +1117,9 @@ main(int ac, char **av) +@@ -892,6 +1093,9 @@ main(int ac, char **av) case 'r': /* ignore */ break; @@ -1600,7 +1582,7 @@ case 'R': rexeced_flag = 1; break; -@@ -1035,6 +1239,12 @@ main(int ac, char **av) +@@ -1011,6 +1215,12 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag || debug_flag); @@ -1609,11 +1591,11 @@ + debug("uhi_shared_mem_attach() failed. "); + exit(1); + } -+ ++ /* Fetch our configuration */ if ((cfg = sshbuf_new()) == NULL) fatal("sshbuf_new config buf failed"); -@@ -1317,6 +1527,13 @@ main(int ac, char **av) +@@ -1295,6 +1505,13 @@ main(int ac, char **av) if (options.routing_domain != NULL) set_process_rdomain(ssh, options.routing_domain); @@ -1627,7 +1609,7 @@ #ifdef SSH_AUDIT_EVENTS audit_event(ssh, SSH_AUTH_SUCCESS); #endif -@@ -1363,6 +1580,9 @@ main(int ac, char **av) +@@ -1341,6 +1558,9 @@ main(int ac, char **av) finish_pam(); #endif /* USE_PAM */ @@ -1638,13 +1620,13 @@ mm_audit_event(ssh, SSH_CONNECTION_CLOSE); #endif diff --git a/sshd.c b/sshd.c -index 4a93e29..ff588d8 100644 +index 3c76b60..6892d6a 100644 --- a/sshd.c +++ b/sshd.c -@@ -94,6 +94,14 @@ - #include "addr.h" - #include "srclimit.h" - #include "atomicio.h" +@@ -91,6 +91,15 @@ + #endif + #include "monitor_wrap.h" + +#include +#include +#if defined(__linux__) @@ -1653,10 +1635,11 @@ +#include +#endif +#include - ++ /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) -@@ -140,6 +148,27 @@ struct { + #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 2) +@@ -136,6 +145,27 @@ struct { int have_ssh2_key; } sensitive_data; @@ -1684,7 +1667,7 @@ /* This is set to true when a signal is received. */ static volatile sig_atomic_t received_siginfo = 0; static volatile sig_atomic_t received_sigchld = 0; -@@ -905,6 +934,123 @@ server_listen(void) +@@ -904,6 +934,123 @@ server_listen(void) fatal("Cannot bind any address."); } @@ -1808,7 +1791,7 @@ /* * The main TCP accept loop. Note that, for the non-debug case, returns * from this function are in a forked subprocess. -@@ -927,6 +1073,14 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s, +@@ -926,6 +1073,14 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s, u_char rnd[256]; sigset_t nsigset, osigset; @@ -1823,7 +1806,7 @@ /* pipes connected to unauthenticated child sshd processes */ child_alloc(); startup_pollfd = xcalloc(options.max_startups, sizeof(int)); -@@ -1133,6 +1287,11 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s, +@@ -1133,6 +1288,11 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s, usleep(100 * 1000); continue; } @@ -1835,7 +1818,7 @@ if (unset_nonblock(*newsock) == -1) { close(*newsock); continue; -@@ -1346,7 +1507,7 @@ main(int ac, char **av) +@@ -1348,7 +1508,7 @@ main(int ac, char **av) /* Parse command-line arguments. */ args = argv_assemble(ac, av); /* logged later */ while ((opt = getopt(ac, av, @@ -1844,7 +1827,7 @@ switch (opt) { case '4': options.address_family = AF_INET; -@@ -1386,6 +1547,9 @@ main(int ac, char **av) +@@ -1388,6 +1548,9 @@ main(int ac, char **av) case 'r': logit("-r option is deprecated"); break; Index: /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh (revision 39751) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh (working copy) @@ -1,17 +1,17 @@ #!/usr/bin/env bash -if [ ! -d openssh-10.0p2 ] +if [ ! -d openssh-10.1p1 ] then - if [ -f openssh-10.0p2.tar.gz ] + if [ -f openssh-10.1p1.tar.gz ] then - tar -zxvf openssh-10.0p2.tar.gz - cd openssh-10.0p2 + tar -zxvf openssh-10.1p1.tar.gz + cd openssh-10.1p1 else echo "source tar.gz file not exist!" exit 1 fi else - cd openssh-10.0p2 + cd openssh-10.1p1 fi if [ Makefile -nt configure ] @@ -20,8 +20,10 @@ else patch -p1 < ../array.patch patch -p1 < ../weak_mac.patch - patch -p1 < ../CVE-2023-48795-mitigation.patch - patch -p1 < ../sshd-auth.patch +# patch -p1 < ../CVE-2023-48795-mitigation.patch # OpenSSH 10.1p1 already fixed this, therefore no need for this patch +# patch -p1 < ../sshd-auth.patch # This seems to not work after updating to 10.1p1, therefore using mv function for sshd-auth.c + mv -f ../sshd-auth_patch.c sshd-auth.c + if [ $? -ne 0 ] then echo "array_patch failed!" @@ -29,6 +31,7 @@ fi export LD_LIBRARY_PATH=../../../lib/libopenssl-1.1.1:$LD_LIBRARY_PATH + chmod +x configure ./configure --with-ssl-dir=../../../lib/libopenssl-1.1.1 --prefix=/ca --with-sandbox=no CC='gcc' LDFLAGS='-Wl,-rpath=/ca/lib' CFLAGS='-g -idirafter ../../../../src/sys -idirafter ../../../../../src/sys -idirafter ../../../lib/libuinet-atcp/lib/libuinet/api_include -idirafter ../../../lib/libexauth' if [ $? -ne 0 ] then Index: /branches/rel_apv_10_7/usr/click/bin/openssh/openssh-10.1p1.tar.gz =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/x-gzip Index: /branches/rel_apv_10_7/usr/click/bin/openssh/openssh-10.1p1.tar.gz =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/openssh-10.1p1.tar.gz (revision 39751) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/openssh-10.1p1.tar.gz (working copy) Property changes on: usr/click/bin/openssh/openssh-10.1p1.tar.gz ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +application/x-gzip \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Index: /branches/rel_apv_10_7/usr/click/bin/openssh/sshd-auth.patch =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/sshd-auth.patch (revision 39751) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/sshd-auth.patch (working copy) @@ -1,22 +1,23 @@ diff --git a/sshd-auth.c b/sshd-auth.c +index 9c31515..0ba7cbf 100644 --- a/sshd-auth.c +++ b/sshd-auth.c -@@ -488,7 +488,7 @@ - - /* Parse command-line arguments. */ - while ((opt = getopt(ac, av, -- "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) { -+ "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtVs")) != -1) { - switch (opt) { - case '4': - options.address_family = AF_INET; -@@ -525,6 +525,9 @@ - case 'r': - /* ignore */ - break; -+ case 's': -+ options.synconfig = 1; -+ break; - case 'R': - rexeced_flag = 1; - break; +@@ -480,7 +480,7 @@ main(int ac, char **av) + + /* Parse command-line arguments. */ + while ((opt = getopt(ac, av, +- "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) { ++ "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtVs")) != -1) { + switch (opt) { + case '4': + options.address_family = AF_INET; +@@ -513,6 +513,9 @@ main(int ac, char **av) + case 'r': + /* ignore */ + break; ++ case 's': ++ options.synconfig = 1; ++ break; + case 'R': + rexeced_flag = 1; + break; Index: /branches/rel_apv_10_7/usr/click/bin/openssh/sshd-auth_patch.c =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/sshd-auth_patch.c (revision 0) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/sshd-auth_patch.c (working copy) @@ -0,0 +1,870 @@ +/* $OpenBSD: sshd-auth.c,v 1.9 2025/09/15 04:52:12 djm Exp $ */ +/* + * SSH2 implementation: + * Privilege Separation: + * + * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved. + * Copyright (c) 2002 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#include +#include +#include +#include +#include +#include + +#include "openbsd-compat/sys-tree.h" +#include "openbsd-compat/sys-queue.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef WITH_OPENSSL +#include +#include +#endif + +#include "xmalloc.h" +#include "ssh.h" +#include "ssh2.h" +#include "sshpty.h" +#include "packet.h" +#include "log.h" +#include "sshbuf.h" +#include "misc.h" +#include "match.h" +#include "servconf.h" +#include "uidswap.h" +#include "compat.h" +#include "cipher.h" +#include "digest.h" +#include "sshkey.h" +#include "kex.h" +#include "authfile.h" +#include "pathnames.h" +#include "atomicio.h" +#include "canohost.h" +#include "hostfile.h" +#include "auth.h" +#include "authfd.h" +#include "msg.h" +#include "dispatch.h" +#include "channels.h" +#include "session.h" +#include "monitor.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif +#include "monitor_wrap.h" +#include "auth-options.h" +#include "version.h" +#include "ssherr.h" +#include "sk-api.h" +#include "srclimit.h" +#include "ssh-sandbox.h" +#include "dh.h" + +/* Privsep fds */ +#define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1) +#define PRIVSEP_LOG_FD (STDERR_FILENO + 2) +#define PRIVSEP_MIN_FREE_FD (STDERR_FILENO + 3) + +extern char *__progname; + +/* Server configuration options. */ +ServerOptions options; + +/* Name of the server configuration file. */ +char *config_file_name = _PATH_SERVER_CONFIG_FILE; + +/* + * Debug mode flag. This can be set on the command line. If debug + * mode is enabled, extra debugging output will be sent to the system + * log, the daemon will not go to background, and will exit after processing + * the first connection. + */ +int debug_flag = 0; + +/* Flag indicating that the daemon is being started from inetd. */ +static int inetd_flag = 0; + +/* Saved arguments to main(). */ +static char **saved_argv; +static int saved_argc; + + +/* Daemon's agent connection */ +int auth_sock = -1; +static int have_agent = 0; + +u_int num_hostkeys; +struct sshkey **host_pubkeys; /* all public host keys */ +struct sshkey **host_certificates; /* all public host certificates */ + +/* record remote hostname or ip */ +u_int utmp_len = HOST_NAME_MAX+1; + +/* variables used for privilege separation */ +struct monitor *pmonitor = NULL; +int privsep_is_preauth = 1; +static int privsep_chroot = 1; + +/* global connection state and authentication contexts */ +Authctxt *the_authctxt = NULL; +struct ssh *the_active_state; + +/* global key/cert auth options. XXX move to permanent ssh->authctxt? */ +struct sshauthopt *auth_opts = NULL; + +/* sshd_config buffer */ +struct sshbuf *cfg; + +/* Included files from the configuration file */ +struct include_list includes = TAILQ_HEAD_INITIALIZER(includes); + +/* message to be displayed after login */ +struct sshbuf *loginmsg; + +/* Prototypes for various functions defined later in this file. */ +static void do_ssh2_kex(struct ssh *); + +/* Unprivileged user */ +struct passwd *privsep_pw = NULL; + +#ifndef HAVE_PLEDGE +static struct ssh_sandbox *box; +#endif + +/* XXX stub */ +int +mm_is_monitor(void) +{ + return 0; +} + +static void +privsep_child_demote(void) +{ + gid_t gidset[1]; + +#ifndef HAVE_PLEDGE + if ((box = ssh_sandbox_init(pmonitor)) == NULL) + fatal_f("ssh_sandbox_init failed"); +#endif + /* Demote the child */ + if (privsep_chroot) { + /* Change our root directory */ + if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) + fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, + strerror(errno)); + if (chdir("/") == -1) + fatal("chdir(\"/\"): %s", strerror(errno)); + + /* + * Drop our privileges + * NB. Can't use setusercontext() after chroot. + */ + debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, + (u_int)privsep_pw->pw_gid); + gidset[0] = privsep_pw->pw_gid; + if (setgroups(1, gidset) == -1) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(privsep_pw); + } + + /* sandbox ourselves */ +#ifdef HAVE_PLEDGE + if (pledge("stdio", NULL) == -1) + fatal_f("pledge()"); +#else + ssh_sandbox_child(box); +#endif +} + +static void +append_hostkey_type(struct sshbuf *b, const char *s) +{ + int r; + + if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) { + debug3_f("%s key not permitted by HostkeyAlgorithms", s); + return; + } + if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0) + fatal_fr(r, "sshbuf_putf"); +} + +static char * +list_hostkey_types(void) +{ + struct sshbuf *b; + struct sshkey *key; + char *ret; + u_int i; + + if ((b = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); + for (i = 0; i < options.num_host_key_files; i++) { + key = host_pubkeys[i]; + if (key == NULL) + continue; + switch (key->type) { + case KEY_RSA: + /* for RSA we also support SHA2 signatures */ + append_hostkey_type(b, "rsa-sha2-512"); + append_hostkey_type(b, "rsa-sha2-256"); + /* FALLTHROUGH */ + case KEY_ECDSA: + case KEY_ED25519: + case KEY_ECDSA_SK: + case KEY_ED25519_SK: + append_hostkey_type(b, sshkey_ssh_name(key)); + break; + } + /* If the private key has a cert peer, then list that too */ + key = host_certificates[i]; + if (key == NULL) + continue; + switch (key->type) { + case KEY_RSA_CERT: + /* for RSA we also support SHA2 signatures */ + append_hostkey_type(b, + "rsa-sha2-512-cert-v01@openssh.com"); + append_hostkey_type(b, + "rsa-sha2-256-cert-v01@openssh.com"); + /* FALLTHROUGH */ + case KEY_ECDSA_CERT: + case KEY_ED25519_CERT: + case KEY_ECDSA_SK_CERT: + case KEY_ED25519_SK_CERT: + append_hostkey_type(b, sshkey_ssh_name(key)); + break; + } + } + if ((ret = sshbuf_dup_string(b)) == NULL) + fatal_f("sshbuf_dup_string failed"); + sshbuf_free(b); + debug_f("%s", ret); + return ret; +} + +struct sshkey * +get_hostkey_public_by_type(int type, int nid, struct ssh *ssh) +{ + u_int i; + struct sshkey *key; + + for (i = 0; i < options.num_host_key_files; i++) { + switch (type) { + case KEY_RSA_CERT: + case KEY_ECDSA_CERT: + case KEY_ED25519_CERT: + case KEY_ECDSA_SK_CERT: + case KEY_ED25519_SK_CERT: + key = host_certificates[i]; + break; + default: + key = host_pubkeys[i]; + break; + } + if (key == NULL || key->type != type) + continue; + switch (type) { + case KEY_ECDSA: + case KEY_ECDSA_SK: + case KEY_ECDSA_CERT: + case KEY_ECDSA_SK_CERT: + if (key->ecdsa_nid != nid) + continue; + /* FALLTHROUGH */ + default: + return key; + } + } + return NULL; +} + +/* XXX remove */ +struct sshkey * +get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) +{ + return NULL; +} + +/* XXX remove */ +struct sshkey * +get_hostkey_by_index(int ind) +{ + return NULL; +} + +struct sshkey * +get_hostkey_public_by_index(int ind, struct ssh *ssh) +{ + if (ind < 0 || (u_int)ind >= options.num_host_key_files) + return (NULL); + return host_pubkeys[ind]; +} + +int +get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) +{ + u_int i; + + for (i = 0; i < options.num_host_key_files; i++) { + if (sshkey_is_cert(key)) { + if (key == host_certificates[i] || + (compare && host_certificates[i] && + sshkey_equal(key, host_certificates[i]))) + return (i); + } else { + if (key == host_pubkeys[i] || + (compare && host_pubkeys[i] && + sshkey_equal(key, host_pubkeys[i]))) + return (i); + } + } + return (-1); +} + +static void +usage(void) +{ + fprintf(stderr, "%s, %s\n", SSH_VERSION, SSH_OPENSSL_VERSION); + fprintf(stderr, +"usage: sshd [-46DdeGiqTtV] [-C connection_spec] [-c host_cert_file]\n" +" [-E log_file] [-f config_file] [-g login_grace_time]\n" +" [-h host_key_file] [-o option] [-p port] [-u len]\n" + ); + exit(1); +} + +static void +parse_hostkeys(struct sshbuf *hostkeys) +{ + int r; + u_int num_keys = 0; + struct sshkey *k; + const u_char *cp; + size_t len; + + while (sshbuf_len(hostkeys) != 0) { + if (num_keys > 2048) + fatal_f("too many hostkeys"); + host_pubkeys = xrecallocarray(host_pubkeys, + num_keys, num_keys + 1, sizeof(*host_pubkeys)); + host_certificates = xrecallocarray(host_certificates, + num_keys, num_keys + 1, sizeof(*host_certificates)); + /* public key */ + k = NULL; + if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0) + fatal_fr(r, "extract pubkey"); + if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0) + fatal_fr(r, "parse pubkey"); + host_pubkeys[num_keys] = k; + if (k) + debug2_f("key %u: %s", num_keys, sshkey_ssh_name(k)); + /* certificate */ + k = NULL; + if ((r = sshbuf_get_string_direct(hostkeys, &cp, &len)) != 0) + fatal_fr(r, "extract pubkey"); + if (len != 0 && (r = sshkey_from_blob(cp, len, &k)) != 0) + fatal_fr(r, "parse pubkey"); + host_certificates[num_keys] = k; + if (k) + debug2_f("cert %u: %s", num_keys, sshkey_ssh_name(k)); + num_keys++; + } + num_hostkeys = num_keys; +} + +static void +recv_privsep_state(struct ssh *ssh, struct sshbuf *conf, + uint64_t *timing_secretp) +{ + struct sshbuf *hostkeys; + + debug3_f("begin"); + + mm_get_state(ssh, &includes, conf, NULL, timing_secretp, + &hostkeys, NULL, NULL, NULL, NULL); + parse_hostkeys(hostkeys); + + sshbuf_free(hostkeys); + + debug3_f("done"); +} + +/* + * Main program for the daemon. + */ +int +main(int ac, char **av) +{ + struct ssh *ssh = NULL; + extern char *optarg; + extern int optind; + int r, opt, have_key = 0; + int sock_in = -1, sock_out = -1, rexeced_flag = 0; + char *line; + u_int i; + mode_t new_umask; + Authctxt *authctxt; + struct connection_info *connection_info = NULL; + sigset_t sigmask; + uint64_t timing_secret = 0; + + closefrom(PRIVSEP_MIN_FREE_FD); + sigemptyset(&sigmask); + sigprocmask(SIG_SETMASK, &sigmask, NULL); + +#ifdef HAVE_SECUREWARE + (void)set_auth_parameters(ac, av); +#endif + __progname = ssh_get_progname(av[0]); + + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ + saved_argc = ac; + saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); + for (i = 0; (int)i < ac; i++) + saved_argv[i] = xstrdup(av[i]); + saved_argv[i] = NULL; + + seed_rng(); + +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + compat_init_setproctitle(ac, av); + av = saved_argv; +#endif + + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + + /* Initialize configuration options to their default values. */ + initialize_server_options(&options); + + /* Parse command-line arguments. */ + while ((opt = getopt(ac, av, + "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtVs")) != -1) { + switch (opt) { + case '4': + options.address_family = AF_INET; + break; + case '6': + options.address_family = AF_INET6; + break; + case 'f': + config_file_name = optarg; + break; + case 'c': + servconf_add_hostcert("[command-line]", 0, + &options, optarg); + break; + case 'd': + if (debug_flag == 0) { + debug_flag = 1; + options.log_level = SYSLOG_LEVEL_DEBUG1; + } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) + options.log_level++; + break; + case 'D': + case 'E': + case 'e': + /* ignore */ + break; + case 'i': + inetd_flag = 1; + break; + case 'r': + /* ignore */ + break; + case 's': + options.synconfig = 1; + break; + case 'R': + rexeced_flag = 1; + break; + case 'Q': + /* ignored */ + break; + case 'q': + options.log_level = SYSLOG_LEVEL_QUIET; + break; + case 'b': + /* protocol 1, ignored */ + break; + case 'p': + options.ports_from_cmdline = 1; + if (options.num_ports >= MAX_PORTS) { + fprintf(stderr, "too many ports.\n"); + exit(1); + } + options.ports[options.num_ports++] = a2port(optarg); + if (options.ports[options.num_ports-1] <= 0) { + fprintf(stderr, "Bad port number.\n"); + exit(1); + } + break; + case 'g': + if ((options.login_grace_time = convtime(optarg)) == -1) { + fprintf(stderr, "Invalid login grace time.\n"); + exit(1); + } + break; + case 'k': + /* protocol 1, ignored */ + break; + case 'h': + servconf_add_hostkey("[command-line]", 0, + &options, optarg, 1); + break; + case 't': + case 'T': + case 'G': + fatal("test/dump modes not supported"); + break; + case 'C': + connection_info = server_get_connection_info(ssh, 0, 0); + if (parse_server_match_testspec(connection_info, + optarg) == -1) + exit(1); + break; + case 'u': + utmp_len = (u_int)strtonum(optarg, 0, HOST_NAME_MAX+1+1, NULL); + if (utmp_len > HOST_NAME_MAX+1) { + fprintf(stderr, "Invalid utmp length.\n"); + exit(1); + } + break; + case 'o': + line = xstrdup(optarg); + if (process_server_config_line(&options, line, + "command-line", 0, NULL, NULL, &includes) != 0) + exit(1); + free(line); + break; + case 'V': + fprintf(stderr, "%s, %s\n", + SSH_VERSION, SSH_OPENSSL_VERSION); + exit(0); + default: + usage(); + break; + } + } + + if (!rexeced_flag) + fatal("sshd-auth should not be executed directly"); + +#ifdef WITH_OPENSSL + OpenSSL_add_all_algorithms(); +#endif + + log_init(__progname, + options.log_level == SYSLOG_LEVEL_NOT_SET ? + SYSLOG_LEVEL_INFO : options.log_level, + options.log_facility == SYSLOG_FACILITY_NOT_SET ? + SYSLOG_FACILITY_AUTH : options.log_facility, 1); + + /* XXX can't use monitor_init(); it makes fds */ + pmonitor = xcalloc(1, sizeof(*pmonitor)); + pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; + pmonitor->m_recvfd = PRIVSEP_MONITOR_FD; + pmonitor->m_log_sendfd = PRIVSEP_LOG_FD; + set_log_handler(mm_log_handler, pmonitor); + + /* Check that there are no remaining arguments. */ + if (optind < ac) { + fprintf(stderr, "Extra argument %s.\n", av[optind]); + exit(1); + } + + /* Connection passed by stdin/out */ + if (inetd_flag) { + /* + * NB. must be different fd numbers for the !socket case, + * as packet_connection_is_on_socket() depends on this. + */ + sock_in = dup(STDIN_FILENO); + sock_out = dup(STDOUT_FILENO); + } else { + /* rexec case; accept()ed socket in ancestor listener */ + sock_in = sock_out = dup(STDIN_FILENO); + } + + if (stdfd_devnull(1, 1, 0) == -1) + error("stdfd_devnull failed"); + debug("network sockets: %d, %d", sock_in, sock_out); + + /* + * Register our connection. This turns encryption off because we do + * not have a key. + */ + if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL) + fatal("Unable to create connection"); + the_active_state = ssh; + ssh_packet_set_server(ssh); + pmonitor->m_pkex = &ssh->kex; + + /* Fetch our configuration */ + if ((cfg = sshbuf_new()) == NULL) + fatal("sshbuf_new config buf failed"); + setproctitle("%s", "[session-auth early]"); + recv_privsep_state(ssh, cfg, &timing_secret); + parse_server_config(&options, "rexec", cfg, &includes, NULL, 1); + /* Fill in default values for those options not explicitly set. */ + fill_default_server_options(&options); + options.timing_secret = timing_secret; /* XXX eliminate from unpriv */ + ssh_packet_set_qos(ssh, options.ip_qos_interactive, + options.ip_qos_bulk); + + /* Reinit logging in case config set Level, Facility or Verbose. */ + log_init(__progname, options.log_level, options.log_facility, 1); + set_log_handler(mm_log_handler, pmonitor); + + debug("sshd-auth version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION); + + /* Store privilege separation user for later use if required. */ + privsep_chroot = (getuid() == 0 || geteuid() == 0); + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (privsep_chroot || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { + privsep_pw = pwcopy(privsep_pw); + freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); + privsep_pw->pw_passwd = xstrdup("*"); + } + endpwent(); + +#ifdef WITH_OPENSSL + if (options.moduli_file != NULL) + dh_set_moduli_file(options.moduli_file); +#endif + + if (options.host_key_agent) { + if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) + setenv(SSH_AUTHSOCKET_ENV_NAME, + options.host_key_agent, 1); + if ((r = ssh_get_authentication_socket(NULL)) == 0) + have_agent = 1; + else + error_r(r, "Could not connect to agent \"%s\"", + options.host_key_agent); + } + + if (options.num_host_key_files != num_hostkeys) { + fatal("internal error: hostkeys confused (config %u recvd %u)", + options.num_host_key_files, num_hostkeys); + } + + for (i = 0; i < options.num_host_key_files; i++) { + if (host_pubkeys[i] != NULL) { + have_key = 1; + break; + } + } + if (!have_key) + fatal("internal error: received no hostkeys"); + + /* Ensure that umask disallows at least group and world write */ + new_umask = umask(0077) | 0022; + (void) umask(new_umask); + + /* Initialize the log (it is reinitialized below in case we forked). */ + log_init(__progname, options.log_level, options.log_facility, 1); + set_log_handler(mm_log_handler, pmonitor); + for (i = 0; i < options.num_log_verbose; i++) + log_verbose_add(options.log_verbose[i]); + + /* + * Chdir to the root directory so that the current disk can be + * unmounted if desired. + */ + if (chdir("/") == -1) + error("chdir(\"/\"): %s", strerror(errno)); + + /* This is the child authenticating a new connection. */ + setproctitle("%s", "[session-auth]"); + + /* Executed child processes don't need these. */ + fcntl(sock_out, F_SETFD, FD_CLOEXEC); + fcntl(sock_in, F_SETFD, FD_CLOEXEC); + + ssh_signal(SIGPIPE, SIG_IGN); + ssh_signal(SIGALRM, SIG_DFL); + ssh_signal(SIGHUP, SIG_DFL); + ssh_signal(SIGTERM, SIG_DFL); + ssh_signal(SIGQUIT, SIG_DFL); + ssh_signal(SIGCHLD, SIG_DFL); + + /* Prepare the channels layer */ + channel_init_channels(ssh); + channel_set_af(ssh, options.address_family); + server_process_channel_timeouts(ssh); + server_process_permitopen(ssh); + + ssh_packet_set_nonblocking(ssh); + + /* allocate authentication context */ + authctxt = xcalloc(1, sizeof(*authctxt)); + ssh->authctxt = authctxt; + + /* XXX global for cleanup, access from other modules */ + the_authctxt = authctxt; + + /* Set default key authentication options */ + if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL) + fatal("allocation failed"); + + /* prepare buffer to collect messages to display to user after login */ + if ((loginmsg = sshbuf_new()) == NULL) + fatal("sshbuf_new loginmsg failed"); + auth_debug_reset(); + + /* Enable challenge-response authentication for privilege separation */ + privsep_challenge_enable(); + +#ifdef GSSAPI + /* Cache supported mechanism OIDs for later use */ + ssh_gssapi_prepare_supported_oids(); +#endif + + privsep_child_demote(); + + /* perform the key exchange */ + /* authenticate user and start session */ + do_ssh2_kex(ssh); + do_authentication2(ssh); + + /* + * The unprivileged child now transfers the current keystate and exits. + */ + mm_send_keystate(ssh, pmonitor); + sshauthopt_free(auth_opts); + ssh_packet_clear_keys(ssh); + exit(0); +} + +int +sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, + struct sshkey *pubkey, u_char **signature, size_t *slenp, + const u_char *data, size_t dlen, const char *alg) +{ + if (privkey) { + if (mm_sshkey_sign(ssh, privkey, signature, slenp, + data, dlen, alg, options.sk_provider, NULL, + ssh->compat) < 0) + fatal_f("privkey sign failed"); + } else { + if (mm_sshkey_sign(ssh, pubkey, signature, slenp, + data, dlen, alg, options.sk_provider, NULL, + ssh->compat) < 0) + fatal_f("pubkey sign failed"); + } + return 0; +} + +/* SSH2 key exchange */ +static void +do_ssh2_kex(struct ssh *ssh) +{ + char *hkalgs = NULL, *myproposal[PROPOSAL_MAX]; + const char *compression = NULL; + struct kex *kex; + int r; + + if (options.rekey_limit || options.rekey_interval) + ssh_packet_set_rekey_limits(ssh, options.rekey_limit, + options.rekey_interval); + + if (options.compression == COMP_NONE) + compression = "none"; + hkalgs = list_hostkey_types(); + + kex_proposal_populate_entries(ssh, myproposal, options.kex_algorithms, + options.ciphers, options.macs, compression, hkalgs); + + free(hkalgs); + + /* start key exchange */ + if ((r = kex_setup(ssh, myproposal)) != 0) + fatal_r(r, "kex_setup"); + kex_set_server_sig_algs(ssh, options.pubkey_accepted_algos); + kex = ssh->kex; + +#ifdef WITH_OPENSSL + kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; + kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; + kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +# ifdef OPENSSL_HAS_ECC + kex->kex[KEX_ECDH_SHA2] = kex_gen_server; +# endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + kex->kex[KEX_C25519_SHA256] = kex_gen_server; + kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server; + kex->load_host_public_key=&get_hostkey_public_by_type; + kex->load_host_private_key=&get_hostkey_private_by_type; + kex->host_key_index=&get_hostkey_index; + kex->sign = sshd_hostkey_sign; + + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done); + kex_proposal_free_entries(myproposal); + +#ifdef DEBUG_KEXDH + /* send 1st encrypted/maced/compressed message */ + if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 || + (r = sshpkt_put_cstring(ssh, "markus")) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal_fr(r, "send test"); +#endif + debug("KEX done"); +} + +/* server specific fatal cleanup */ +void +cleanup_exit(int i) +{ + _exit(i); +} Property changes on: usr/click/bin/openssh/sshd-auth_patch.c ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property