From 50a41ed079629fdcd9a1d2a781b73170422fc73a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 16 Oct 2000 12:14:42 +1100 Subject: [PATCH] - (djm) Sync with OpenBSD: - markus@cvs.openbsd.org 2000/10/14 04:01:15 [cipher.c] debug3 - markus@cvs.openbsd.org 2000/10/14 04:07:23 [scp.c] remove spaces from arguments; from djm@mindrot.org - markus@cvs.openbsd.org 2000/10/14 06:09:46 [ssh.1] Cipher is for SSH-1 only - markus@cvs.openbsd.org 2000/10/14 06:12:09 [servconf.c servconf.h serverloop.c session.c sshd.8] AllowTcpForwarding; from naddy@ - markus@cvs.openbsd.org 2000/10/14 06:16:56 [auth2.c compat.c compat.h sshconnect2.c version.h] OpenSSH_2.3; note that is is not complete, but the version number needs to be changed for interoperability reasons - markus@cvs.openbsd.org 2000/10/14 06:19:45 [auth-rsa.c] do not send RSA challenge if key is not allowed by key-options; from eivind@ThinkSec.com - markus@cvs.openbsd.org 2000/10/15 08:14:01 [rijndael.c session.c] typos; from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2000/10/15 08:18:31 [rijndael.c] typo - Copy manpages back over from OpenBSD - too tedious to wade through diffs --- ChangeLog | 29 +++++++++++++++++++++++++++++ auth-rsa.c | 13 +++++++++---- auth2.c | 8 ++++---- cipher.c | 6 +++--- compat.c | 21 +++++++++++++-------- compat.h | 4 ++-- scp.c | 8 ++++---- servconf.c | 13 +++++++++++-- servconf.h | 3 ++- serverloop.c | 4 +++- session.c | 8 ++++++-- sftp-server.8 | 16 ++++++++-------- ssh.1 | 5 +++-- sshconnect2.c | 10 +++++----- sshd.8 | 8 ++++++++ version.h | 2 +- 16 files changed, 111 insertions(+), 47 deletions(-) diff --git a/ChangeLog b/ChangeLog index 552bcfcaf..74eee27b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,32 @@ +20001016 + - (djm) Sync with OpenBSD: + - markus@cvs.openbsd.org 2000/10/14 04:01:15 + [cipher.c] + debug3 + - markus@cvs.openbsd.org 2000/10/14 04:07:23 + [scp.c] + remove spaces from arguments; from djm@mindrot.org + - markus@cvs.openbsd.org 2000/10/14 06:09:46 + [ssh.1] + Cipher is for SSH-1 only + - markus@cvs.openbsd.org 2000/10/14 06:12:09 + [servconf.c servconf.h serverloop.c session.c sshd.8] + AllowTcpForwarding; from naddy@ + - markus@cvs.openbsd.org 2000/10/14 06:16:56 + [auth2.c compat.c compat.h sshconnect2.c version.h] + OpenSSH_2.3; note that is is not complete, but the version number + needs to be changed for interoperability reasons + - markus@cvs.openbsd.org 2000/10/14 06:19:45 + [auth-rsa.c] + do not send RSA challenge if key is not allowed by key-options; from + eivind@ThinkSec.com + - markus@cvs.openbsd.org 2000/10/15 08:14:01 + [rijndael.c session.c] + typos; from stevesk@sweden.hp.com + - markus@cvs.openbsd.org 2000/10/15 08:18:31 + [rijndael.c] + typo + 20001015 - (djm) Fix ssh2 hang on background processes at logout. diff --git a/auth-rsa.c b/auth-rsa.c index 522f01f84..e8bfa1651 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.31 2000/10/11 19:59:52 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $"); #include "rsa.h" #include "packet.h" @@ -231,6 +231,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) } } else options = NULL; + /* + * If our options do not allow this key to be used, + * do not send challenge. + */ + if (!auth_parse_options(pw, options, linenum)) + continue; /* Parse the key from the line. */ if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { @@ -269,9 +275,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) * Break out of the loop if authentication was successful; * otherwise continue searching. */ - authenticated = auth_parse_options(pw, options, linenum); - if (authenticated) - break; + authenticated = 1; + break; } /* Restore the privileged uid. */ diff --git a/auth2.c b/auth2.c index f34b586d4..60f8f98e6 100644 --- a/auth2.c +++ b/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.19 2000/10/11 20:27:23 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.20 2000/10/14 12:16:56 markus Exp $"); #ifdef HAVE_OSF_SIA # include @@ -442,10 +442,10 @@ userauth_pubkey(Authctxt *authctxt) sig = packet_get_string(&slen); packet_done(); buffer_init(&b); - if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { - buffer_put_string(&b, session_id2, session_id2_len); - } else { + if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); + } else { + buffer_put_string(&b, session_id2, session_id2_len); } /* reconstruct packet */ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); diff --git a/cipher.c b/cipher.c index 226e4256a..b9c1b28ab 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.35 2000/10/13 18:59:13 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.36 2000/10/14 10:01:15 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -488,10 +488,10 @@ ciphers_valid(const char *names) xfree(ciphers); return 0; } else { - debug("cipher ok: %s [%s]", p, names); + debug3("cipher ok: %s [%s]", p, names); } } - debug("ciphers ok: [%s]", names); + debug3("ciphers ok: [%s]", names); xfree(ciphers); return 1; } diff --git a/compat.c b/compat.c index 71d12010c..0e12b77c6 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.24 2000/10/10 20:20:45 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.25 2000/10/14 12:16:56 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -62,13 +62,18 @@ compat_datafellows(const char *version) char *pat; int bugs; } check[] = { - {"^.*MindTerm", 0}, - {"^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC}, - {"^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD}, - {"^2\\.[23]\\.0 ", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING}, - {"^2\\.[2-9]\\.", SSH_COMPAT_SESSIONID_ENCODING}, - {"^2\\.", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING}, - {NULL, 0} + { "^OpenSSH-2\\.[01]", SSH_OLD_SESSIONID }, + { "^OpenSSH_2\\.2", SSH_OLD_SESSIONID }, + { "MindTerm", 0 }, + { "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID }, + { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID| + SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, + { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, + { "^2\\.[2-9]\\.", 0 }, + { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ + { NULL, 0 } }; /* process table, return first match */ for (i = 0; check[i].pat; i++) { diff --git a/compat.h b/compat.h index 5be188b79..f14efafa7 100644 --- a/compat.h +++ b/compat.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.10 2000/09/07 20:27:50 deraadt Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -35,7 +35,7 @@ #define SSH_BUG_PUBKEYAUTH 0x02 #define SSH_BUG_HMAC 0x04 #define SSH_BUG_X11FWD 0x08 -#define SSH_COMPAT_SESSIONID_ENCODING 0x10 +#define SSH_OLD_SESSIONID 0x10 void enable_compat13(void); void enable_compat20(void); diff --git a/scp.c b/scp.c index 8d5a251b5..75e50ce25 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.41 2000/10/11 20:03:27 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.42 2000/10/14 10:07:21 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -266,13 +266,13 @@ main(argc, argv) case 'o': case 'c': case 'i': - addargs("-%c %s", ch, optarg); + addargs("-%c%s", ch, optarg); break; case 'P': - addargs("-p %s", optarg); + addargs("-p%s", optarg); break; case 'B': - addargs("-o Batchmode yes"); + addargs("-oBatchmode yes"); break; case 'p': pflag = 1; diff --git a/servconf.c b/servconf.c index e90defe61..76702a836 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.52 2000/10/11 20:14:39 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.53 2000/10/14 12:12:09 markus Exp $"); #include "ssh.h" #include "servconf.h" @@ -67,6 +67,7 @@ initialize_server_options(ServerOptions *options) #endif options->permit_empty_passwd = -1; options->use_login = -1; + options->allow_tcp_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; options->num_allow_groups = 0; @@ -159,6 +160,8 @@ fill_default_server_options(ServerOptions *options) options->permit_empty_passwd = 0; if (options->use_login == -1) options->use_login = 0; + if (options->allow_tcp_forwarding == -1) + options->allow_tcp_forwarding = 1; if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->gateway_ports == -1) @@ -189,7 +192,8 @@ typedef enum { sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, - sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sUseLogin, sAllowTcpForwarding, + sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile, sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups } ServerOpCodes; @@ -240,6 +244,7 @@ static struct { { "uselogin", sUseLogin }, { "randomseed", sRandomSeedFile }, { "keepalive", sKeepAlives }, + { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, { "allowgroups", sAllowGroups }, @@ -573,6 +578,10 @@ parse_flag: *intptr = (LogLevel) value; break; + case sAllowTcpForwarding: + intptr = &options->allow_tcp_forwarding; + goto parse_flag; + case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) diff --git a/servconf.h b/servconf.h index ef0790c7b..0188b9b89 100644 --- a/servconf.h +++ b/servconf.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: servconf.h,v 1.29 2000/10/11 20:14:39 markus Exp $"); */ +/* RCSID("$OpenBSD: servconf.h,v 1.30 2000/10/14 12:12:09 markus Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H @@ -86,6 +86,7 @@ typedef struct { int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int use_login; /* If true, login(1) is used */ + int allow_tcp_forwarding; unsigned int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; unsigned int num_deny_users; diff --git a/serverloop.c b/serverloop.c index 0c07a2821..d98d74c25 100644 --- a/serverloop.c +++ b/serverloop.c @@ -49,6 +49,8 @@ #include "dispatch.h" #include "auth-options.h" +extern ServerOptions options; + static Buffer stdin_buffer; /* Buffer for stdin data. */ static Buffer stdout_buffer; /* Buffer for stdout data. */ static Buffer stderr_buffer; /* Buffer for stderr data. */ @@ -749,7 +751,7 @@ input_direct_tcpip(void) originator, originator_port, target, target_port); /* XXX check permission */ - if (no_port_forwarding_flag) { + if (no_port_forwarding_flag || !options.allow_tcp_forwarding) { xfree(target); xfree(originator); return -1; diff --git a/session.c b/session.c index 9a213923c..4325ed3a4 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.38 2000/10/11 20:27:23 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -236,7 +236,7 @@ do_authenticated(struct passwd * pw) * by the client telling us, so we can equally well trust the client * not to request anything bogus.) */ - if (!no_port_forwarding_flag) + if (!no_port_forwarding_flag && options.allow_tcp_forwarding) channel_permit_all_opens(); s = session_new(); @@ -388,6 +388,10 @@ do_authenticated(struct passwd * pw) debug("Port forwarding not permitted for this authentication."); break; } + if (!options.allow_tcp_forwarding) { + debug("Port forwarding not permitted."); + break; + } debug("Received TCP/IP port forwarding request."); channel_input_port_forward_request(pw->pw_uid == 0, options.gateway_ports); success = 1; diff --git a/sftp-server.8 b/sftp-server.8 index 2a7ba258b..fb4706c43 100644 --- a/sftp-server.8 +++ b/sftp-server.8 @@ -36,20 +36,20 @@ is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin. .Nm is not intended to be called directly, but from -.Xr sshd 8 +.Xr sshd 8 using the .Cm Subsystem option. See -.Xr sshd 8 +.Xr sshd 8 for more information. -.Sh HISTORY -.Nm -first appeared in OpenBSD 2.8. -.Sh AUTHOR -Markus Friedl .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-keygen 1 , -.Xr sshd 8 , +.Xr sshd 8 +.Sh AUTHOR +Markus Friedl +.Sh HISTORY +.Nm +first appeared in OpenBSD 2.8 . diff --git a/ssh.1 b/ssh.1 index a73a07c65..dac24a43c 100644 --- a/ssh.1 +++ b/ssh.1 @@ -627,7 +627,8 @@ If the option is set to .Dq no , the check will not be executed. .It Cm Cipher -Specifies the cipher to use for encrypting the session. +Specifies the cipher to use for encrypting the session +in protocol version 1 Currently, .Dq blowfish , and @@ -640,7 +641,7 @@ Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The default is -.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . +.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour . .It Cm Compression Specifies whether to use compression. The argument must be diff --git a/sshconnect2.c b/sshconnect2.c index ca459f62c..1f3b5a261 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.25 2000/10/12 09:59:19 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.26 2000/10/14 12:16:56 markus Exp $"); #include #include @@ -657,12 +657,12 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) /* data to be signed */ buffer_init(&b); - if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { - buffer_put_string(&b, session_id2, session_id2_len); - skip = buffer_len(&b); - } else { + if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); skip = session_id2_len; + } else { + buffer_put_string(&b, session_id2, session_id2_len); + skip = buffer_len(&b); } buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, authctxt->server_user); diff --git a/sshd.8 b/sshd.8 index 29ad2144a..a474d2fd1 100644 --- a/sshd.8 +++ b/sshd.8 @@ -303,6 +303,14 @@ wildcards in the patterns. Only group names are valid; a numerical group ID isn't recognized. By default login is allowed regardless of the primary group. .Pp +.It Cm AllowTcpForwarding +Specifies whether TCP forwarding is permitted. +The default is +.Dq yes . +Note that disabling TCP forwarding does not improve security unless +users are also denied shell access, as they can always install their +own forwarders. +.Pp .It Cm AllowUsers This keyword can be followed by a number of user names, separated by spaces. diff --git a/version.h b/version.h index f015025f2..3522a327c 100644 --- a/version.h +++ b/version.h @@ -1 +1 @@ -#define SSH_VERSION "OpenSSH_2.2.0p2" +#define SSH_VERSION "OpenSSH_2.3.0p1"