From owner-svn-ports-head@freebsd.org  Sat Feb  2 00:54:42 2019
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C05314C7117;
 Sat,  2 Feb 2019 00:54:42 +0000 (UTC)
 (envelope-from swills@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B6C898C23B;
 Sat,  2 Feb 2019 00:54:41 +0000 (UTC)
 (envelope-from swills@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6DCA026DBF;
 Sat,  2 Feb 2019 00:54:41 +0000 (UTC)
 (envelope-from swills@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x120sf21017416;
 Sat, 2 Feb 2019 00:54:41 GMT (envelope-from swills@FreeBSD.org)
Received: (from swills@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x120seOw017412;
 Sat, 2 Feb 2019 00:54:40 GMT (envelope-from swills@FreeBSD.org)
Message-Id: <201902020054.x120seOw017412@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: swills set sender to
 swills@FreeBSD.org using -f
From: Steve Wills <swills@FreeBSD.org>
Date: Sat, 2 Feb 2019 00:54:40 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r491908 - in head/sysutils/tmate: . files
X-SVN-Group: ports-head
X-SVN-Commit-Author: swills
X-SVN-Commit-Paths: in head/sysutils/tmate: . files
X-SVN-Commit-Revision: 491908
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: B6C898C23B
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.998,0];
 NEURAL_HAM_SHORT(-0.96)[-0.964,0];
 NEURAL_HAM_LONG(-1.00)[-0.999,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Feb 2019 00:54:42 -0000

Author: swills
Date: Sat Feb  2 00:54:40 2019
New Revision: 491908
URL: https://svnweb.freebsd.org/changeset/ports/491908

Log:
  sysutils/tmate: support newer ssh key types
  
  While here, add debugging, remove built in server keys

Added:
  head/sysutils/tmate/files/patch-options-table.c   (contents, props changed)
Modified:
  head/sysutils/tmate/Makefile   (contents, props changed)
  head/sysutils/tmate/files/patch-tmate-ssh-client.c   (contents, props changed)

Modified: head/sysutils/tmate/Makefile
==============================================================================
--- head/sysutils/tmate/Makefile	Sat Feb  2 00:54:26 2019	(r491907)
+++ head/sysutils/tmate/Makefile	Sat Feb  2 00:54:40 2019	(r491908)
@@ -2,7 +2,7 @@
 
 PORTNAME=	tmate
 PORTVERSION=	2.2.1
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	sysutils
 
 MAINTAINER=	swills@FreeBSD.org

Added: head/sysutils/tmate/files/patch-options-table.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/tmate/files/patch-options-table.c	Sat Feb  2 00:54:40 2019	(r491908)
@@ -0,0 +1,40 @@
+--- options-table.c.orig	2016-03-29 03:30:07 UTC
++++ options-table.c
+@@ -925,15 +925,34 @@ const struct options_table_entry options_table[] = {
+ 	{ .name = "tmate-server-rsa-fingerprint",
+ 	  .type = OPTIONS_TABLE_STRING,
+ 	  .scope = OPTIONS_TABLE_SERVER,
+-	  .default_str = "af:2d:81:c1:fe:49:70:2d:7f:09:a9:d7:4b:32:e3:be"
++	  .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
+ 	},
+ 
+ 	{ .name = "tmate-server-ecdsa-fingerprint",
+ 	  .type = OPTIONS_TABLE_STRING,
+ 	  .scope = OPTIONS_TABLE_SERVER,
+-	  .default_str = "c7:a1:51:36:d2:bb:35:4b:0a:1a:c0:43:97:74:ea:42"
++	  .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
+ 	},
+-
++	{ .name = "tmate-server-dss-fingerprint",
++	  .type = OPTIONS_TABLE_STRING,
++	  .scope = OPTIONS_TABLE_SERVER,
++	  .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
++	},
++	{ .name = "tmate-server-ed25519-fingerprint",
++	  .type = OPTIONS_TABLE_STRING,
++	  .scope = OPTIONS_TABLE_SERVER,
++	  .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
++	},
++	{ .name = "tmate-server-dss-cert01-fingerprint",
++	  .type = OPTIONS_TABLE_STRING,
++	  .scope = OPTIONS_TABLE_SERVER,
++	  .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
++	},
++	{ .name = "tmate-server-rsa-cert01-fingerprint",
++	  .type = OPTIONS_TABLE_STRING,
++	  .scope = OPTIONS_TABLE_SERVER,
++	  .default_str = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"
++	},
+ 	{ .name = "tmate-display-time",
+ 	  .type = OPTIONS_TABLE_NUMBER,
+ 	  .scope = OPTIONS_TABLE_SESSION,

Modified: head/sysutils/tmate/files/patch-tmate-ssh-client.c
==============================================================================
--- head/sysutils/tmate/files/patch-tmate-ssh-client.c	Sat Feb  2 00:54:26 2019	(r491907)
+++ head/sysutils/tmate/files/patch-tmate-ssh-client.c	Sat Feb  2 00:54:40 2019	(r491908)
@@ -8,3 +8,95 @@
  
  #include "tmate.h"
  #include "window-copy.h"
+@@ -195,6 +196,7 @@ static void on_ssh_client_event(struct tmate_ssh_clien
+ 	ssize_t hash_len;
+ 	char *hash_str;
+ 	const char *server_hash_str;
++	const char *key_type_name;
+ 	int match;
+ 
+ 	int verbosity = SSH_LOG_NOLOG + log_get_level();
+@@ -257,43 +259,80 @@ static void on_ssh_client_event(struct tmate_ssh_clien
+ 		}
+ 
+ 	case SSH_AUTH_SERVER:
++		tmate_debug("Starting SSH_AUTH_SERVER");
+ 		if (ssh_get_publickey(session, &pubkey) < 0)
+ 			tmate_fatal("ssh_get_publickey");
+ 
+-		if (ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hash_len) < 0) {
++		if (ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, &hash, &hash_len) < 0) {
++			tmate_debug("failed to get public key hash");
+ 			kill_ssh_client(client, "Cannot authenticate server");
+ 			return;
+ 		}
++		tmate_debug("got public key hash");
+ 
+ 		hash_str = ssh_get_hexa(hash, hash_len);
+ 		if (!hash_str)
+ 			tmate_fatal("malloc failed");
+ 
+ 		key_type = ssh_key_type(pubkey);
++		key_type_name = ssh_key_type_to_char(key_type);
++		if (key_type_name == NULL) {
++			tmate_debug("failed to get public key type name");
++			return;
++		}
+ 
+ 		switch (key_type) {
+ 		case SSH_KEYTYPE_RSA:
+ 			server_hash_str = options_get_string(global_options,
+ 						"tmate-server-rsa-fingerprint");
++			tmate_debug("found rsa fingerprint");
+ 			break;
+ 		case SSH_KEYTYPE_ECDSA:
+ 			server_hash_str = options_get_string(global_options,
+ 						"tmate-server-ecdsa-fingerprint");
++			tmate_debug("found ecdsa fingerprint");
+ 			break;
++		case SSH_KEYTYPE_DSS:
++			server_hash_str = options_get_string(global_options,
++						"tmate-server-dss-fingerprint");
++			tmate_debug("found dss fingerprint");
++			break;
++		case SSH_KEYTYPE_ED25519:
++			server_hash_str = options_get_string(global_options,
++						"tmate-server-ed25519-fingerprint");
++			tmate_debug("found ed25519 fingerprint");
++			break;
++		case SSH_KEYTYPE_DSS_CERT01:
++			server_hash_str = options_get_string(global_options,
++						"tmate-server-dss-cert01-fingerprint");
++			tmate_debug("found dss_cert01 fingerprint");
++			break;
++		case SSH_KEYTYPE_RSA_CERT01:
++			server_hash_str = options_get_string(global_options,
++						"tmate-server-rsa-cert01-fingerprint");
++			tmate_debug("found rsa_cert01 fingerprint");
++			break;
++		case SSH_KEYTYPE_UNKNOWN:
++			tmate_debug("found unknown fingerprint?");
++			break;
+ 		default:
+ 			server_hash_str = "";
++			tmate_debug("found no fingerprint?");
+ 		}
+ 
+ 		match = !strcmp(hash_str, server_hash_str);
+ 
+ 		ssh_key_free(pubkey);
+ 		ssh_clean_pubkey_hash(&hash);
+-		free(hash_str);
+ 
+ 		if (!match) {
+-			kill_ssh_client(client, "Cannot authenticate server");
++			tmate_debug("Key mismatch: type: %s expected: %s found: %s", key_type_name, server_hash_str, hash_str);
++			kill_ssh_client(client, "Cannot authenticate server: Key mismatch: type: %s expected: %s found: %s", key_type_name, server_hash_str, hash_str);
++			free(hash_str);
+ 			return;
+ 		}
++
++		free(hash_str);
+ 
+ 		/*
+ 		 * At this point, we abort other connection attempts to the