tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream commit

Browse Source 
remove options.protocol and client Protocol
configuration knob

ok markus@

Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
This commit is contained in:
djm@openbsd.org 2017-04-30 23:11:45 +00:00 committed by Damien Miller
parent 56912dea6e
commit 99f95ba826
5 changed files with 26 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
compat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compat.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */ /* $OpenBSD: compat.c,v 1.102 2017/04/30 23:11:45 djm Exp $ */
/* /*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
* *
@ -232,8 +232,6 @@ proto_spec(const char *spec)
return ret; return ret;
for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
switch (atoi(p)) { switch (atoi(p)) {
case 1:
break;
case 2: case 2:
ret |= SSH_PROTO_2; ret |= SSH_PROTO_2;
break; break;

57
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.272 2017/04/30 23:10:43 djm Exp $ */ /* $OpenBSD: readconf.c,v 1.273 2017/04/30 23:11:45 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -152,7 +152,7 @@ typedef enum {
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oProtocol, oMacs, oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
oPubkeyAuthentication, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@ -171,7 +171,7 @@ typedef enum {
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
oPubkeyAcceptedKeyTypes, oProxyJump, oPubkeyAcceptedKeyTypes, oProxyJump,
oIgnoredUnknownOption, oDeprecated, oUnsupported oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes; } OpCodes;
/* Textual representations of the tokens. */ /* Textual representations of the tokens. */
@ -181,6 +181,7 @@ static struct {
OpCodes opcode; OpCodes opcode;
} keywords[] = { } keywords[] = {
/* Deprecated options */ /* Deprecated options */
{ "protocol", oIgnore }, /* NB. silently ignored */
{ "fallbacktorsh", oDeprecated }, { "fallbacktorsh", oDeprecated },
{ "globalknownhostsfile2", oDeprecated }, { "globalknownhostsfile2", oDeprecated },
{ "rhostsauthentication", oDeprecated }, { "rhostsauthentication", oDeprecated },
@ -242,7 +243,6 @@ static struct {
{ "cipher", oCipher }, { "cipher", oCipher },
{ "ciphers", oCiphers }, { "ciphers", oCiphers },
{ "macs", oMacs }, { "macs", oMacs },
{ "protocol", oProtocol },
{ "remoteforward", oRemoteForward }, { "remoteforward", oRemoteForward },
{ "localforward", oLocalForward }, { "localforward", oLocalForward },
{ "user", oUser }, { "user", oUser },
@ -866,6 +866,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
case oBadOption: case oBadOption:
/* don't panic, but count bad options */ /* don't panic, but count bad options */
return -1; return -1;
case oIgnore:
return 0;
case oIgnoredUnknownOption: case oIgnoredUnknownOption:
debug("%s line %d: Ignored unknown option \"%s\"", debug("%s line %d: Ignored unknown option \"%s\"",
filename, linenum, keyword); filename, linenum, keyword);
@ -1236,19 +1238,6 @@ parse_keytypes:
*charptr = xstrdup(arg); *charptr = xstrdup(arg);
break; break;
case oProtocol:
intptr = &options->protocol;
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
value = proto_spec(arg);
if (value == SSH_PROTO_UNKNOWN)
fatal("%.200s line %d: Bad protocol spec '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && *intptr == SSH_PROTO_UNKNOWN)
*intptr = value;
break;
case oLogLevel: case oLogLevel:
log_level_ptr = &options->log_level; log_level_ptr = &options->log_level;
arg = strdelim(&s); arg = strdelim(&s);
@ -1827,7 +1816,6 @@ initialize_options(Options * options)
options->macs = NULL; options->macs = NULL;
options->kex_algorithms = NULL; options->kex_algorithms = NULL;
options->hostkeyalgorithms = NULL; options->hostkeyalgorithms = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0; options->num_identity_files = 0;
options->num_certificate_files = 0; options->num_certificate_files = 0;
options->hostname = NULL; options->hostname = NULL;
@ -1984,27 +1972,16 @@ fill_default_options(Options * options)
if (options->cipher == -1) if (options->cipher == -1)
options->cipher = SSH_CIPHER_NOT_SET; options->cipher = SSH_CIPHER_NOT_SET;
/* options->hostkeyalgorithms, default set in myproposals.h */ /* options->hostkeyalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_2;
if (options->add_keys_to_agent == -1) if (options->add_keys_to_agent == -1)
options->add_keys_to_agent = 0; options->add_keys_to_agent = 0;
if (options->num_identity_files == 0) { if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) { add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
add_identity_file(options, "~/", add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
_PATH_SSH_CLIENT_IDENTITY, 0);
}
if (options->protocol & SSH_PROTO_2) {
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_RSA, 0);
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_DSA, 0);
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
add_identity_file(options, "~/", add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
_PATH_SSH_CLIENT_ID_ECDSA, 0);
#endif #endif
add_identity_file(options, "~/", add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ED25519, 0); _PATH_SSH_CLIENT_ID_ED25519, 0);
}
} }
if (options->escape_char == -1) if (options->escape_char == -1)
options->escape_char = '~'; options->escape_char = '~';
@ -2395,17 +2372,6 @@ fmt_intarg(OpCodes code, int val)
return fmt_multistate_int(val, multistate_canonicalizehostname); return fmt_multistate_int(val, multistate_canonicalizehostname);
case oFingerprintHash: case oFingerprintHash:
return ssh_digest_alg_name(val); return ssh_digest_alg_name(val);
case oProtocol:
switch (val) {
case SSH_PROTO_1:
return "1";
case SSH_PROTO_2:
return "2";
case (SSH_PROTO_1|SSH_PROTO_2):
return "2,1";
default:
return "UNKNOWN";
}
default: default:
switch (val) { switch (val) {
case 0: case 0:
@ -2550,7 +2516,6 @@ dump_client_config(Options *o, const char *host)
dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
dump_cfg_fmtint(oProtocol, o->protocol);
dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
dump_cfg_fmtint(oRequestTTY, o->request_tty); dump_cfg_fmtint(oRequestTTY, o->request_tty);

3
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.118 2017/04/28 03:20:27 dtucker Exp $ */ /* $OpenBSD: readconf.h,v 1.119 2017/04/30 23:11:45 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -75,7 +75,6 @@ typedef struct {
char *macs; /* SSH2 macs in order of preference. */ char *macs; /* SSH2 macs in order of preference. */
char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
char *kex_algorithms; /* SSH2 kex methods in order of preference. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */
int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */ char *hostname; /* Real host to connect. */
char *host_key_alias; /* hostname alias for .ssh/known_hosts */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */
char *proxy_command; /* Proxy command for connecting the host. */ char *proxy_command; /* Proxy command for connecting the host. */

6
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.453 2017/04/30 23:10:43 djm Exp $ */ /* $OpenBSD: ssh.c,v 1.454 2017/04/30 23:11:45 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -609,10 +609,10 @@ main(int ac, char **av)
"ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) { switch (opt) {
case '1': case '1':
options.protocol = SSH_PROTO_1; fatal("SSH protocol v.1 is no longer supported");
break; break;
case '2': case '2':
options.protocol = SSH_PROTO_2; /* Ignored */
break; break;
case '4': case '4':
options.address_family = AF_INET; options.address_family = AF_INET;

49
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.274 2017/04/30 23:10:43 djm Exp $ */ /* $OpenBSD: sshconnect.c,v 1.275 2017/04/30 23:11:45 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -549,7 +549,7 @@ ssh_exchange_identification(int timeout_ms)
int remote_major, remote_minor, mismatch; int remote_major, remote_minor, mismatch;
int connection_in = packet_get_connection_in(); int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out(); int connection_out = packet_get_connection_out();
int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0; int client_banner_sent = 0;
u_int i, n; u_int i, n;
size_t len; size_t len;
int fdsetsz, remaining, rc; int fdsetsz, remaining, rc;
@ -559,15 +559,9 @@ ssh_exchange_identification(int timeout_ms)
fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask);
fdset = xcalloc(1, fdsetsz); fdset = xcalloc(1, fdsetsz);
/* enable_compat20();
* If we are SSH2-only then we can send the banner immediately and send_client_banner(connection_out, 0);
* save a round-trip. client_banner_sent = 1;
*/
if (options.protocol == SSH_PROTO_2) {
enable_compat20();
send_client_banner(connection_out, 0);
client_banner_sent = 1;
}
/* Read other side's version identification. */ /* Read other side's version identification. */
remaining = timeout_ms; remaining = timeout_ms;
@ -635,50 +629,27 @@ ssh_exchange_identification(int timeout_ms)
switch (remote_major) { switch (remote_major) {
case 1: case 1:
if (remote_minor == 99 && if (remote_minor == 99)
(options.protocol & SSH_PROTO_2) &&
!(options.protocol & SSH_PROTO_1_PREFERRED)) {
enable_compat20(); enable_compat20();
break; else
}
if (!(options.protocol & SSH_PROTO_1)) {
mismatch = 1; mismatch = 1;
break;
}
if (remote_minor < 3) {
fatal("Remote machine has too old SSH software version.");
} else if (remote_minor == 3 || remote_minor == 4) {
/* We speak 1.3, too. */
enable_compat13();
minor1 = 3;
if (options.forward_agent) {
logit("Agent forwarding disabled for protocol 1.3");
options.forward_agent = 0;
}
}
break; break;
case 2: case 2:
if (options.protocol & SSH_PROTO_2) { enable_compat20();
enable_compat20(); break;
break;
}
/* FALLTHROUGH */
default: default:
mismatch = 1; mismatch = 1;
break; break;
} }
if (mismatch) if (mismatch)
fatal("Protocol major versions differ: %d vs. %d", fatal("Protocol major versions differ: %d vs. %d",
(options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, PROTOCOL_MAJOR_2, remote_major);
remote_major);
if ((datafellows & SSH_BUG_DERIVEKEY) != 0) if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
fatal("Server version \"%.100s\" uses unsafe key agreement; " fatal("Server version \"%.100s\" uses unsafe key agreement; "
"refusing connection", remote_version); "refusing connection", remote_version);
if ((datafellows & SSH_BUG_RSASIGMD5) != 0) if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
logit("Server version \"%.100s\" uses unsafe RSA signature " logit("Server version \"%.100s\" uses unsafe RSA signature "
"scheme; disabling use of RSA keys", remote_version); "scheme; disabling use of RSA keys", remote_version);
if (!client_banner_sent)
send_client_banner(connection_out, minor1);
chop(server_version_string); chop(server_version_string);
} }