20001204
- (bal) More C functions defined in NeXT that are unaccessable without defining -POSIX. - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/03 11:29:04 [compat.c] remove fallback to SSH_BUG_HMAC now that the drafts are updated - markus@cvs.openbsd.org 2000/12/03 11:27:55 [compat.c] correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat - markus@cvs.openbsd.org 2000/12/03 11:15:03 [auth2.c compat.c compat.h sshconnect2.c] support f-secure/ssh.com 2.0.12; ok niels@
This commit is contained in:
parent
b84815880e
commit
d121f61370
16
ChangeLog
16
ChangeLog
|
@ -1,5 +1,19 @@
|
||||||
|
20001204
|
||||||
|
- (bal) More C functions defined in NeXT that are unaccessable without
|
||||||
|
defining -POSIX.
|
||||||
|
- (bal) OpenBSD CVS updates:
|
||||||
|
- markus@cvs.openbsd.org 2000/12/03 11:29:04
|
||||||
|
[compat.c]
|
||||||
|
remove fallback to SSH_BUG_HMAC now that the drafts are updated
|
||||||
|
- markus@cvs.openbsd.org 2000/12/03 11:27:55
|
||||||
|
[compat.c]
|
||||||
|
correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
|
||||||
|
- markus@cvs.openbsd.org 2000/12/03 11:15:03
|
||||||
|
[auth2.c compat.c compat.h sshconnect2.c]
|
||||||
|
support f-secure/ssh.com 2.0.12; ok niels@
|
||||||
|
|
||||||
20001203
|
20001203
|
||||||
- (bal) OpenBSD CVS updates:
|
- (bal) OpenBSD CVS updates:
|
||||||
- markus@cvs.openbsd.org 2000/11/30 22:54:31
|
- markus@cvs.openbsd.org 2000/11/30 22:54:31
|
||||||
[channels.c]
|
[channels.c]
|
||||||
debug->warn if tried to do -R style fwd w/o client requesting this;
|
debug->warn if tried to do -R style fwd w/o client requesting this;
|
||||||
|
|
25
auth2.c
25
auth2.c
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $");
|
RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_OSF_SIA
|
#ifdef HAVE_OSF_SIA
|
||||||
# include <sia.h>
|
# include <sia.h>
|
||||||
|
@ -434,14 +434,27 @@ userauth_pubkey(Authctxt *authctxt)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
have_sig = packet_get_char();
|
have_sig = packet_get_char();
|
||||||
|
if (datafellows & SSH_BUG_PKAUTH) {
|
||||||
|
debug2("userauth_pubkey: SSH_BUG_PKAUTH");
|
||||||
|
/* no explicit pkalg given */
|
||||||
|
pkblob = packet_get_string(&blen);
|
||||||
|
buffer_init(&b);
|
||||||
|
buffer_append(&b, pkblob, blen);
|
||||||
|
/* so we have to extract the pkalg from the pkblob */
|
||||||
|
pkalg = buffer_get_string(&b, &alen);
|
||||||
|
buffer_free(&b);
|
||||||
|
} else {
|
||||||
pkalg = packet_get_string(&alen);
|
pkalg = packet_get_string(&alen);
|
||||||
|
pkblob = packet_get_string(&blen);
|
||||||
|
}
|
||||||
pktype = key_type_from_name(pkalg);
|
pktype = key_type_from_name(pkalg);
|
||||||
if (pktype == KEY_UNSPEC) {
|
if (pktype == KEY_UNSPEC) {
|
||||||
log("bad pkalg %s", pkalg);
|
/* this is perfectly legal */
|
||||||
|
log("userauth_pubkey: unsupported public key algorithm: %s", pkalg);
|
||||||
xfree(pkalg);
|
xfree(pkalg);
|
||||||
|
xfree(pkblob);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
pkblob = packet_get_string(&blen);
|
|
||||||
key = key_from_blob(pkblob, blen);
|
key = key_from_blob(pkblob, blen);
|
||||||
if (key != NULL) {
|
if (key != NULL) {
|
||||||
if (have_sig) {
|
if (have_sig) {
|
||||||
|
@ -457,12 +470,16 @@ userauth_pubkey(Authctxt *authctxt)
|
||||||
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
||||||
buffer_put_cstring(&b, authctxt->user);
|
buffer_put_cstring(&b, authctxt->user);
|
||||||
buffer_put_cstring(&b,
|
buffer_put_cstring(&b,
|
||||||
datafellows & SSH_BUG_PUBKEYAUTH ?
|
datafellows & SSH_BUG_PKSERVICE ?
|
||||||
"ssh-userauth" :
|
"ssh-userauth" :
|
||||||
authctxt->service);
|
authctxt->service);
|
||||||
|
if (datafellows & SSH_BUG_PKAUTH) {
|
||||||
|
buffer_put_char(&b, have_sig);
|
||||||
|
} else {
|
||||||
buffer_put_cstring(&b, "publickey");
|
buffer_put_cstring(&b, "publickey");
|
||||||
buffer_put_char(&b, have_sig);
|
buffer_put_char(&b, have_sig);
|
||||||
buffer_put_cstring(&b, key_ssh_name(key));
|
buffer_put_cstring(&b, key_ssh_name(key));
|
||||||
|
}
|
||||||
buffer_put_string(&b, pkblob, blen);
|
buffer_put_string(&b, pkblob, blen);
|
||||||
#ifdef DEBUG_PK
|
#ifdef DEBUG_PK
|
||||||
buffer_dump(&b);
|
buffer_dump(&b);
|
||||||
|
|
14
compat.c
14
compat.c
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: compat.c,v 1.27 2000/10/31 09:31:58 markus Exp $");
|
RCSID("$OpenBSD: compat.c,v 1.30 2000/12/03 11:29:04 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
|
@ -64,17 +64,19 @@ compat_datafellows(const char *version)
|
||||||
} check[] = {
|
} check[] = {
|
||||||
{ "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID },
|
{ "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID },
|
||||||
{ "MindTerm", 0 },
|
{ "MindTerm", 0 },
|
||||||
{ "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
{ "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||||
SSH_OLD_SESSIONID },
|
SSH_OLD_SESSIONID },
|
||||||
{ "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
{ "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||||
SSH_OLD_SESSIONID|
|
SSH_OLD_SESSIONID|
|
||||||
SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD },
|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
|
||||||
{ "^2\\.[23]\\.0 ", SSH_BUG_HMAC},
|
{ "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||||
|
SSH_OLD_SESSIONID|SSH_BUG_PKAUTH|
|
||||||
|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
|
||||||
|
{ "^2\\.[23]\\.0", SSH_BUG_HMAC},
|
||||||
{ "^2\\.[2-9]\\.", 0 },
|
{ "^2\\.[2-9]\\.", 0 },
|
||||||
{ "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */
|
{ "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */
|
||||||
{ "^3\\.0 SecureCRT", SSH_OLD_SESSIONID},
|
{ "^3\\.0 SecureCRT", SSH_OLD_SESSIONID},
|
||||||
{ "^1\\.7 SecureFX", SSH_OLD_SESSIONID},
|
{ "^1\\.7 SecureFX", SSH_OLD_SESSIONID},
|
||||||
{ "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */
|
|
||||||
{ NULL, 0 }
|
{ NULL, 0 }
|
||||||
};
|
};
|
||||||
/* process table, return first match */
|
/* process table, return first match */
|
||||||
|
|
5
compat.h
5
compat.h
|
@ -21,7 +21,7 @@
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
/* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */
|
/* RCSID("$OpenBSD: compat.h,v 1.12 2000/12/03 11:15:03 markus Exp $"); */
|
||||||
|
|
||||||
#ifndef COMPAT_H
|
#ifndef COMPAT_H
|
||||||
#define COMPAT_H
|
#define COMPAT_H
|
||||||
|
@ -32,10 +32,11 @@
|
||||||
#define SSH_PROTO_2 0x04
|
#define SSH_PROTO_2 0x04
|
||||||
|
|
||||||
#define SSH_BUG_SIGBLOB 0x01
|
#define SSH_BUG_SIGBLOB 0x01
|
||||||
#define SSH_BUG_PUBKEYAUTH 0x02
|
#define SSH_BUG_PKSERVICE 0x02
|
||||||
#define SSH_BUG_HMAC 0x04
|
#define SSH_BUG_HMAC 0x04
|
||||||
#define SSH_BUG_X11FWD 0x08
|
#define SSH_BUG_X11FWD 0x08
|
||||||
#define SSH_OLD_SESSIONID 0x10
|
#define SSH_OLD_SESSIONID 0x10
|
||||||
|
#define SSH_BUG_PKAUTH 0x20
|
||||||
|
|
||||||
void enable_compat13(void);
|
void enable_compat13(void);
|
||||||
void enable_compat20(void);
|
void enable_compat20(void);
|
||||||
|
|
|
@ -37,9 +37,11 @@
|
||||||
pid_t posix_wait(int *status);
|
pid_t posix_wait(int *status);
|
||||||
#define wait(a) posix_wait(a)
|
#define wait(a) posix_wait(a)
|
||||||
|
|
||||||
/* #ifdef POSIX wrapped functions that need defining */
|
/* #ifdef wrapped functions that need defining for clean compiling */
|
||||||
pid_t getppid(void);
|
pid_t getppid(void);
|
||||||
void vhangup(void);
|
void vhangup(void);
|
||||||
|
int innetgr(const char *netgroup, const char *host, const char *user,
|
||||||
|
const char *domain);
|
||||||
|
|
||||||
/* TERMCAP */
|
/* TERMCAP */
|
||||||
int tcgetattr(int fd, struct termios *t);
|
int tcgetattr(int fd, struct termios *t);
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
|
RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
|
@ -647,8 +647,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
int have_sig = 1;
|
int have_sig = 1;
|
||||||
|
|
||||||
|
debug3("sign_and_send_pubkey");
|
||||||
if (key_to_blob(k, &blob, &bloblen) == 0) {
|
if (key_to_blob(k, &blob, &bloblen) == 0) {
|
||||||
/* we cannot handle this key */
|
/* we cannot handle this key */
|
||||||
|
debug3("sign_and_send_pubkey: cannot handle key");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/* data to be signed */
|
/* data to be signed */
|
||||||
|
@ -663,12 +665,16 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
|
||||||
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
||||||
buffer_put_cstring(&b, authctxt->server_user);
|
buffer_put_cstring(&b, authctxt->server_user);
|
||||||
buffer_put_cstring(&b,
|
buffer_put_cstring(&b,
|
||||||
datafellows & SSH_BUG_PUBKEYAUTH ?
|
datafellows & SSH_BUG_PKSERVICE ?
|
||||||
"ssh-userauth" :
|
"ssh-userauth" :
|
||||||
authctxt->service);
|
authctxt->service);
|
||||||
|
if (datafellows & SSH_BUG_PKAUTH) {
|
||||||
|
buffer_put_char(&b, have_sig);
|
||||||
|
} else {
|
||||||
buffer_put_cstring(&b, authctxt->method->name);
|
buffer_put_cstring(&b, authctxt->method->name);
|
||||||
buffer_put_char(&b, have_sig);
|
buffer_put_char(&b, have_sig);
|
||||||
buffer_put_cstring(&b, key_ssh_name(k));
|
buffer_put_cstring(&b, key_ssh_name(k));
|
||||||
|
}
|
||||||
buffer_put_string(&b, blob, bloblen);
|
buffer_put_string(&b, blob, bloblen);
|
||||||
|
|
||||||
/* generate signature */
|
/* generate signature */
|
||||||
|
@ -681,7 +687,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
|
||||||
#ifdef DEBUG_PK
|
#ifdef DEBUG_PK
|
||||||
buffer_dump(&b);
|
buffer_dump(&b);
|
||||||
#endif
|
#endif
|
||||||
if (datafellows & SSH_BUG_PUBKEYAUTH) {
|
if (datafellows & SSH_BUG_PKSERVICE) {
|
||||||
buffer_clear(&b);
|
buffer_clear(&b);
|
||||||
buffer_append(&b, session_id2, session_id2_len);
|
buffer_append(&b, session_id2, session_id2_len);
|
||||||
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
||||||
|
@ -689,6 +695,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
|
||||||
buffer_put_cstring(&b, authctxt->service);
|
buffer_put_cstring(&b, authctxt->service);
|
||||||
buffer_put_cstring(&b, authctxt->method->name);
|
buffer_put_cstring(&b, authctxt->method->name);
|
||||||
buffer_put_char(&b, have_sig);
|
buffer_put_char(&b, have_sig);
|
||||||
|
if (!(datafellows & SSH_BUG_PKAUTH))
|
||||||
buffer_put_cstring(&b, key_ssh_name(k));
|
buffer_put_cstring(&b, key_ssh_name(k));
|
||||||
buffer_put_string(&b, blob, bloblen);
|
buffer_put_string(&b, blob, bloblen);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue