tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 16:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream commit

Browse Source 
restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.

remove a few server-side pre-auth compression bits that escaped

adjust wording of Compression directive in sshd_config(5)

pointed out by naddy@ ok markus@

Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
This commit is contained in:
djm@openbsd.org 2016-09-28 20:32:42 +00:00 committed by Damien Miller
parent 80d1c963b4
commit 4577adead6
6 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */ /* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* *
@ -684,8 +684,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
return SSH_ERR_NO_COMPRESS_ALG_MATCH; return SSH_ERR_NO_COMPRESS_ALG_MATCH;
if (strcmp(name, "zlib@openssh.com") == 0) { if (strcmp(name, "zlib@openssh.com") == 0) {
comp->type = COMP_DELAYED; comp->type = COMP_DELAYED;
} else if (strcmp(name, "zlib") == 0) {
comp->type = COMP_ZLIB;
} else if (strcmp(name, "none") == 0) { } else if (strcmp(name, "none") == 0) {
comp->type = COMP_NONE; comp->type = COMP_NONE;
} else { } else {

5
kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.79 2016/09/22 21:15:41 djm Exp $ */ /* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -64,8 +64,7 @@
#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
#define COMP_NONE 0 #define COMP_NONE 0
#define COMP_ZLIB 1 #define COMP_DELAYED 1
#define COMP_DELAYED 2
#define CURVE25519_SIZE 32 #define CURVE25519_SIZE 32

7
packet.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */ /* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -965,9 +965,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
/* explicit_bzero(enc->iv, enc->block_size); /* explicit_bzero(enc->iv, enc->block_size);
explicit_bzero(enc->key, enc->key_len); explicit_bzero(enc->key, enc->key_len);
explicit_bzero(mac->key, mac->key_len); */ explicit_bzero(mac->key, mac->key_len); */
if ((comp->type == COMP_ZLIB || if (comp->type == COMP_DELAYED && state->after_authentication &&
(comp->type == COMP_DELAYED && comp->enabled == 0) {
state->after_authentication)) && comp->enabled == 0) {
if ((r = ssh_packet_init_compression(ssh)) < 0) if ((r = ssh_packet_init_compression(ssh)) < 0)
return r; return r;
if (mode == MODE_OUT) { if (mode == MODE_OUT) {

4
servconf.c
View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */ /* $OpenBSD: servconf.c,v 1.297 2016/09/28 20:32:42 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -920,8 +920,8 @@ static const struct multistate multistate_permitrootlogin[] = {
{ NULL, -1 } { NULL, -1 }
}; };
static const struct multistate multistate_compression[] = { static const struct multistate multistate_compression[] = {
{ "delayed", COMP_DELAYED },
{ "yes", COMP_DELAYED }, { "yes", COMP_DELAYED },
{ "delayed", COMP_DELAYED },
{ "no", COMP_NONE }, { "no", COMP_NONE },
{ NULL, -1 } { NULL, -1 }
}; };

4
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved.
@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
compat_cipher_proposal(options.ciphers); compat_cipher_proposal(options.ciphers);
myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
"zlib@openssh.com,none" : "none,zlib@openssh.com"; "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
if (options.hostkeyalgorithms != NULL) { if (options.hostkeyalgorithms != NULL) {

12
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.235 2016/09/22 19:19:01 jmc Exp $ .\" $OpenBSD: sshd_config.5,v 1.236 2016/09/28 20:32:42 djm Exp $
.Dd $Mdocdate: September 22 2016 $ .Dd $Mdocdate: September 28 2016 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -529,15 +529,17 @@ channel to request a response from the client.
The default The default
is 0, indicating that these messages will not be sent to the client. is 0, indicating that these messages will not be sent to the client.
.It Cm Compression .It Cm Compression
Specifies whether compression is allowed, or delayed until Specifies whether compression is enabled after
the user has authenticated successfully. the user has authenticated successfully.
The argument must be The argument must be
.Dq yes , .Dq yes ,
.Dq delayed , .Dq delayed
(a legacy synonym for
.Dq yes )
or or
.Dq no . .Dq no .
The default is The default is
.Dq delayed . .Dq yes .
.It Cm DenyGroups .It Cm DenyGroups
This keyword can be followed by a list of group name patterns, separated This keyword can be followed by a list of group name patterns, separated
by spaces. by spaces.