From owner-svn-src-all@FreeBSD.ORG Wed Oct 5 22:08:18 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12AA41065673; Wed, 5 Oct 2011 22:08:18 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id F3CF98FC0C; Wed, 5 Oct 2011 22:08:17 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p95M8HBY030582; Wed, 5 Oct 2011 22:08:17 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p95M8H3C030566; Wed, 5 Oct 2011 22:08:17 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201110052208.p95M8H3C030566@svn.freebsd.org> From: Dag-Erling Smorgrav Date: Wed, 5 Oct 2011 22:08:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r226046 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/usr.sbin/sshd X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2011 22:08:18 -0000 Author: des Date: Wed Oct 5 22:08:17 2011 New Revision: 226046 URL: http://svn.freebsd.org/changeset/base/226046 Log: Upgrade to OpenSSH 5.9p1. MFC after: 3 months Added: head/crypto/openssh/sandbox-darwin.c - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-darwin.c head/crypto/openssh/sandbox-null.c - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-null.c head/crypto/openssh/sandbox-rlimit.c - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-rlimit.c head/crypto/openssh/sandbox-systrace.c - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-systrace.c head/crypto/openssh/ssh-sandbox.h - copied unchanged from r225834, vendor-crypto/openssh/dist/ssh-sandbox.h Deleted: head/crypto/openssh/WARNING.RNG head/crypto/openssh/ssh-rand-helper.8 head/crypto/openssh/ssh-rand-helper.c Modified: head/crypto/openssh/ChangeLog head/crypto/openssh/INSTALL head/crypto/openssh/PROTOCOL.mux head/crypto/openssh/README head/crypto/openssh/aclocal.m4 head/crypto/openssh/audit-linux.c (contents, props changed) head/crypto/openssh/auth-rsa.c head/crypto/openssh/auth-skey.c head/crypto/openssh/auth.c head/crypto/openssh/auth.h head/crypto/openssh/auth2-gss.c head/crypto/openssh/auth2-pubkey.c head/crypto/openssh/auth2.c head/crypto/openssh/authfd.c head/crypto/openssh/authfile.c head/crypto/openssh/authfile.h head/crypto/openssh/channels.c head/crypto/openssh/channels.h head/crypto/openssh/clientloop.c head/crypto/openssh/clientloop.h head/crypto/openssh/config.guess head/crypto/openssh/config.h head/crypto/openssh/config.h.in head/crypto/openssh/defines.h head/crypto/openssh/entropy.c head/crypto/openssh/gss-serv.c head/crypto/openssh/key.c head/crypto/openssh/log.c head/crypto/openssh/log.h head/crypto/openssh/mac.c head/crypto/openssh/misc.c head/crypto/openssh/misc.h head/crypto/openssh/moduli.5 head/crypto/openssh/monitor.c head/crypto/openssh/monitor.h head/crypto/openssh/monitor_wrap.c head/crypto/openssh/monitor_wrap.h head/crypto/openssh/mux.c head/crypto/openssh/myproposal.h head/crypto/openssh/openbsd-compat/bsd-cygwin_util.c head/crypto/openssh/openbsd-compat/bsd-cygwin_util.h head/crypto/openssh/openbsd-compat/openssl-compat.c head/crypto/openssh/openbsd-compat/openssl-compat.h head/crypto/openssh/openbsd-compat/port-linux.c head/crypto/openssh/openbsd-compat/port-linux.h head/crypto/openssh/packet.c head/crypto/openssh/packet.h head/crypto/openssh/pathnames.h head/crypto/openssh/readconf.c head/crypto/openssh/readconf.h head/crypto/openssh/servconf.c head/crypto/openssh/servconf.h head/crypto/openssh/serverloop.c head/crypto/openssh/session.c head/crypto/openssh/sftp-server.c head/crypto/openssh/sftp.1 head/crypto/openssh/ssh-add.c head/crypto/openssh/ssh-agent.c head/crypto/openssh/ssh-keygen.1 head/crypto/openssh/ssh-keygen.c head/crypto/openssh/ssh-keyscan.c head/crypto/openssh/ssh-keysign.c head/crypto/openssh/ssh-pkcs11-helper.c head/crypto/openssh/ssh-pkcs11.c head/crypto/openssh/ssh.1 head/crypto/openssh/ssh.c head/crypto/openssh/ssh_config head/crypto/openssh/ssh_config.5 head/crypto/openssh/ssh_namespace.h head/crypto/openssh/sshconnect.c head/crypto/openssh/sshconnect2.c head/crypto/openssh/sshd.8 head/crypto/openssh/sshd.c head/crypto/openssh/sshd_config head/crypto/openssh/sshd_config.5 head/crypto/openssh/version.h head/secure/usr.sbin/sshd/Makefile Directory Properties: head/crypto/openssh/ (props changed) head/crypto/openssh/bufec.c (props changed) head/crypto/openssh/kexecdh.c (props changed) head/crypto/openssh/kexecdhc.c (props changed) head/crypto/openssh/kexecdhs.c (props changed) head/crypto/openssh/openbsd-compat/charclass.h (props changed) head/crypto/openssh/openbsd-compat/sha2.c (props changed) head/crypto/openssh/openbsd-compat/sha2.h (props changed) head/crypto/openssh/openbsd-compat/strptime.c (props changed) head/crypto/openssh/openbsd-compat/timingsafe_bcmp.c (props changed) head/crypto/openssh/ssh-ecdsa.c (props changed) Modified: head/crypto/openssh/ChangeLog ============================================================================== --- head/crypto/openssh/ChangeLog Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/ChangeLog Wed Oct 5 22:08:17 2011 (r226046) @@ -1,13 +1,463 @@ -20110403 +20110906 + - (djm) [README version.h] Correct version + - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon + - (djm) Respin OpenSSH-5.9p1 release + +20110905 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Prepare for 5.8p2 release. - - (djm) [version.h] crank version - - Release 5.8p2 - -20110329 - - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds - noticed by tmraz AT redhat.com - + [contrib/suse/openssh.spec] Update version numbers. + +20110904 + - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal + regress errors for the sandbox to warnings. ok tim dtucker + - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations + ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen + support. + +20110829 + - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting + to switch SELinux context away from unconfined_t, based on patch from + Jan Chadima; bz#1919 ok dtucker@ + +20110827 + - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. + +20110818 + - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze + +20110817 + - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for + OpenSSL 0.9.7. ok djm + - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] + binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen + - (djm) [configure.ac] error out if the host lacks the necessary bits for + an explicitly requested sandbox type + - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by + bisson AT archlinux.org + - (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 + [regress/cfgmatch.sh] + use OBJ to find test configs, patch from Tim Rice + - markus@cvs.openbsd.org 2011/06/30 22:44:43 + [regress/connect-privsep.sh] + test with sandbox enabled; ok djm@ + - djm@cvs.openbsd.org 2011/08/02 01:23:41 + [regress/cipher-speed.sh regress/try-ciphers.sh] + add SHA256/SHA512 based HMAC modes + - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 + MAC tests for platforms that hack EVP_SHA2 support + +20110812 + - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context + change error by reporting old and new context names Patch from + jchadima at redhat. + - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] + [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES + init scrips from imorgan AT nas.nasa.gov; bz#1920 + - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the + identify file contained whitespace. bz#1828 patch from gwenael.lambrouin + AT gmail.com; ok dtucker@ + +20110807 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2008/06/26 06:59:39 + [moduli.5] + tweak previous; + - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 + [moduli.5] + "Diffie-Hellman" is the usual spelling for the cryptographic protocol + first published by Whitfield Diffie and Martin Hellman in 1976. + ok jmc@ + - jmc@cvs.openbsd.org 2010/10/14 20:41:28 + [moduli.5] + probabalistic -> probabilistic; from naddy + - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 + [sftp.1] + typo, fix from Laurent Gautrot + +20110805 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/23 23:35:42 + [monitor.c] + ignore EINTR errors from poll() + - tedu@cvs.openbsd.org 2011/07/06 18:09:21 + [authfd.c] + bzero the agent address. the kernel was for a while very cranky about + these things. evne though that's fixed, always good to initialize + memory. ok deraadt djm + - djm@cvs.openbsd.org 2011/07/29 14:42:45 + [sandbox-systrace.c] + fail open(2) with EPERM rather than SIGKILLing the whole process. libc + will call open() to do strerror() when NLS is enabled; + feedback and ok markus@ + - markus@cvs.openbsd.org 2011/08/01 19:18:15 + [gss-serv.c] + prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); + report Adam Zabrock; ok djm@, deraadt@ + - djm@cvs.openbsd.org 2011/08/02 01:22:11 + [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] + Add new SHA256 and SHA512 based HMAC modes from + http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt + Patch from mdb AT juniper.net; feedback and ok markus@ + - djm@cvs.openbsd.org 2011/08/02 23:13:01 + [version.h] + crank now, release later + - djm@cvs.openbsd.org 2011/08/02 23:15:03 + [ssh.c] + typo in comment + +20110624 + - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for + Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing + markus@ + +20110623 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/22 21:47:28 + [servconf.c] + reuse the multistate option arrays to pretty-print options for "sshd -T" + - djm@cvs.openbsd.org 2011/06/22 21:57:01 + [servconf.c servconf.h sshd.c sshd_config.5] + [configure.ac Makefile.in] + introduce sandboxing of the pre-auth privsep child using systrace(4). + + This introduces a new "UsePrivilegeSeparation=sandbox" option for + sshd_config that applies mandatory restrictions on the syscalls the + privsep child can perform. This prevents a compromised privsep child + from being used to attack other hosts (by opening sockets and proxying) + or probing local kernel attack surface. + + The sandbox is implemented using systrace(4) in unsupervised "fast-path" + mode, where a list of permitted syscalls is supplied. Any syscall not + on the list results in SIGKILL being sent to the privsep child. Note + that this requires a kernel with the new SYSTR_POLICY_KILL option. + + UsePrivilegeSeparation=sandbox will become the default in the future + so please start testing it now. + + feedback dtucker@; ok markus@ + - djm@cvs.openbsd.org 2011/06/22 22:08:42 + [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] + hook up a channel confirm callback to warn the user then requested X11 + forwarding was refused by the server; ok markus@ + - djm@cvs.openbsd.org 2011/06/23 09:34:13 + [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] + [sandbox-null.c] + rename sandbox.h => ssh-sandbox.h to make things easier for portable + - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support + setrlimit(2) + +20110620 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/04 00:10:26 + [ssh_config.5] + explain IdentifyFile's semantics a little better, prompted by bz#1898 + ok dtucker jmc + - markus@cvs.openbsd.org 2011/06/14 22:49:18 + [authfile.c] + make sure key_parse_public/private_rsa1() no longer consumes its input + buffer. fixes ssh-add for passphrase-protected ssh1-keys; + noted by naddy@; ok djm@ + - djm@cvs.openbsd.org 2011/06/17 21:44:31 + [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] + make the pre-auth privsep slave log via a socketpair shared with the + monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ + - djm@cvs.openbsd.org 2011/06/17 21:46:16 + [sftp-server.c] + the protocol version should be unsigned; bz#1913 reported by mb AT + smartftp.com + - djm@cvs.openbsd.org 2011/06/17 21:47:35 + [servconf.c] + factor out multi-choice option parsing into a parse_multistate label + and some support structures; ok dtucker@ + - djm@cvs.openbsd.org 2011/06/17 21:57:25 + [clientloop.c] + setproctitle for a mux master that has been gracefully stopped; + bz#1911 from Bert.Wesarg AT googlemail.com + +20110603 + - (dtucker) [README version.h contrib/caldera/openssh.spec + contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version + bumps from the 5.8p2 branch into HEAD. ok djm. + - (tim) [configure.ac defines.h] Run test program to detect system mail + directory. Add --with-maildir option to override. Fixed OpenServer 6 + getting it wrong. Fixed many systems having MAIL=/var/mail//username + ok dtucker + - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair + unconditionally in other places and the survey data we have does not show + any systems that use it. "nuke it" djm@ + - (djm) [configure.ac] enable setproctitle emulation for OS X + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/03 00:54:38 + [ssh.c] + bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg + AT googlemail.com; ok dtucker@ + NB. includes additional portability code to enable setproctitle emulation + on platforms that don't support it. + - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 + [ssh-agent.c] + Check current parent process ID against saved one to determine if the parent + has exited, rather than attempting to send a zero signal, since the latter + won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn + Gillmor, ok djm@ + - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 + [regress/dynamic-forward.sh] + back out revs 1.6 and 1.5 since it's not reliable + - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 + [regress/dynamic-forward.sh] + work around startup and teardown races; caught by deraadt + - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 + [regress/dynamic-forward.sh] + Retry establishing the port forwarding after a small delay, should make + the tests less flaky when the previous test is slow to shut down and free + up the port. + - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. + +20110529 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/05/23 03:30:07 + [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] + [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] + allow AuthorizedKeysFile to specify multiple files, separated by spaces. + Bring back authorized_keys2 as a default search path (to avoid breaking + existing users of this file), but override this in sshd_config so it will + be no longer used on fresh installs. Maybe in 2015 we can remove it + entierly :) + + feedback and ok markus@ dtucker@ + - djm@cvs.openbsd.org 2011/05/23 03:33:38 + [auth.c] + make secure_filename() spam debug logs less + - djm@cvs.openbsd.org 2011/05/23 03:52:55 + [sshconnect.c] + remove extra newline + - jmc@cvs.openbsd.org 2011/05/23 07:10:21 + [sshd.8 sshd_config.5] + tweak previous; ok djm + - djm@cvs.openbsd.org 2011/05/23 07:24:57 + [authfile.c] + read in key comments for v.2 keys (though note that these are not + passed over the agent protocol); bz#439, based on patch from binder + AT arago.de; ok markus@ + - djm@cvs.openbsd.org 2011/05/24 07:15:47 + [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] + Remove undocumented legacy options UserKnownHostsFile2 and + GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile + accept multiple paths per line and making their defaults include + known_hosts2; ok markus + - djm@cvs.openbsd.org 2011/05/23 03:31:31 + [regress/cfgmatch.sh] + include testing of multiple/overridden AuthorizedKeysFiles + refactor to simply daemon start/stop and get rid of racy constructs + +20110520 + - (djm) [session.c] call setexeccon() before executing passwd for pw + changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ + - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options + options, we should corresponding -W-option when trying to determine + whether it is accepted. Also includes a warning fix on the program + fragment uses (bad main() return type). + bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ + - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/05/15 08:09:01 + [authfd.c monitor.c serverloop.c] + use FD_CLOEXEC consistently; patch from zion AT x96.org + - djm@cvs.openbsd.org 2011/05/17 07:13:31 + [key.c] + fatal() if asked to generate a legacy ECDSA cert (these don't exist) + and fix the regress test that was trying to generate them :) + - djm@cvs.openbsd.org 2011/05/20 00:55:02 + [servconf.c] + the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile + and AuthorizedPrincipalsFile were not being correctly applied in + Match blocks, despite being overridable there; ok dtucker@ + - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 + [servconf.c] + Add comment documenting what should be after the preauth check. ok djm + - djm@cvs.openbsd.org 2011/05/20 03:25:45 + [monitor.c monitor_wrap.c servconf.c servconf.h] + use a macro to define which string options to copy between configs + for Match. This avoids problems caused by forgetting to keep three + code locations in perfect sync and ordering + + "this is at once beautiful and horrible" + ok dtucker@ + - djm@cvs.openbsd.org 2011/05/17 07:13:31 + [regress/cert-userkey.sh] + fatal() if asked to generate a legacy ECDSA cert (these don't exist) + and fix the regress test that was trying to generate them :) + - djm@cvs.openbsd.org 2011/05/20 02:43:36 + [cert-hostkey.sh] + another attempt to generate a v00 ECDSA key that broke the test + ID sync only - portable already had this somehow + - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 + [dynamic-forward.sh] + Prevent races in dynamic forwarding test; ok djm + - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 + [dynamic-forward.sh] + fix dumb error in dynamic-forward test + +20110515 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/05/05 05:12:08 + [mux.c] + gracefully fall back when ControlPath is too large for a + sockaddr_un. ok markus@ as part of a larger diff + - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 + [sshd_config] + clarify language about overriding defaults. bz#1892, from Petr Cerny + - djm@cvs.openbsd.org 2011/05/06 01:09:53 + [sftp.1] + mention that IPv6 addresses must be enclosed in square brackets; + bz#1845 + - djm@cvs.openbsd.org 2011/05/06 02:05:41 + [sshconnect2.c] + fix memory leak; bz#1849 ok dtucker@ + - djm@cvs.openbsd.org 2011/05/06 21:14:05 + [packet.c packet.h] + set traffic class for IPv6 traffic as we do for IPv4 TOS; + patch from lionel AT mamane.lu via Colin Watson in bz#1855; + ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:18:02 + [ssh.c ssh_config.5] + add a %L expansion (short-form of the local host name) for ControlPath; + sync some more expansions with LocalCommand; ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:31:38 + [readconf.c ssh_config.5] + support negated Host matching, e.g. + + Host *.example.org !c.example.org + User mekmitasdigoat + + Will match "a.example.org", "b.example.org", but not "c.example.org" + ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:34:32 + [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] + Add a RequestTTY ssh_config option to allow configuration-based + control over tty allocation (like -t/-T); ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:38:58 + [ssh.c] + fix dropping from previous diff + - djm@cvs.openbsd.org 2011/05/06 22:20:10 + [PROTOCOL.mux] + fix numbering; from bert.wesarg AT googlemail.com + - jmc@cvs.openbsd.org 2011/05/07 23:19:39 + [ssh_config.5] + - tweak previous + - come consistency fixes + ok djm + - jmc@cvs.openbsd.org 2011/05/07 23:20:25 + [ssh.1] + +.It RequestTTY + - djm@cvs.openbsd.org 2011/05/08 12:52:01 + [PROTOCOL.mux clientloop.c clientloop.h mux.c] + improve our behaviour when TTY allocation fails: if we are in + RequestTTY=auto mode (the default), then do not treat at TTY + allocation error as fatal but rather just restore the local TTY + to cooked mode and continue. This is more graceful on devices that + never allocate TTYs. + + If RequestTTY is set to "yes" or "force", then failure to allocate + a TTY is fatal. + + ok markus@ + - djm@cvs.openbsd.org 2011/05/10 05:46:46 + [authfile.c] + despam debug() logs by detecting that we are trying to load a private key + in key_try_load_public() and returning early; ok markus@ + - djm@cvs.openbsd.org 2011/05/11 04:47:06 + [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] + remove support for authorized_keys2; it is a relic from the early days + of protocol v.2 support and has been undocumented for many years; + ok markus@ + - djm@cvs.openbsd.org 2011/05/13 00:05:36 + [authfile.c] + warn on unexpected key type in key_parse_private_type() + - (djm) [packet.c] unbreak portability #endif + +20110510 + - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix + --with-ssl-engine which was broken with the change from deprecated + SSLeay_add_all_algorithms(). ok djm + +20110506 + - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype + for closefrom() in test code. Report from Dan Wallis via Gentoo. + +20110505 + - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS + definitions. From des AT des.no + - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] + [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] + [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] + [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] + [regress/README.regress] Remove ssh-rand-helper and all its + tentacles. PRNGd seeding has been rolled into entropy.c directly. + Thanks to tim@ for testing on affected platforms. + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/03/10 02:52:57 + [auth2-gss.c auth2.c auth.h] + allow GSSAPI authentication to detect when a server-side failure causes + authentication failure and don't count such failures against MaxAuthTries; + bz#1244 from simon AT sxw.org.uk; ok markus@ before lock + - okan@cvs.openbsd.org 2011/03/15 10:36:02 + [ssh-keyscan.c] + use timerclear macro + ok djm@ + - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 + [ssh-keygen.1 ssh-keygen.c] + Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) + for which host keys do not exist, generate the host keys with the + default key file path, an empty passphrase, default bits for the key + type, and default comment. This will be used by /etc/rc to generate + new host keys. Idea from deraadt. + ok deraadt + - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 + [ssh-keygen.1] + -q not used in /etc/rc now so remove statement. + - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 + [ssh-keygen.c] + remove -d, documentation removed >10 years ago; ok markus + - jmc@cvs.openbsd.org 2011/03/24 15:29:30 + [ssh-keygen.1] + zap trailing whitespace; + - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 + [ssh-keygen.c] + use strcasecmp() for "clear" cert permission option also; ok djm + - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 + [misc.c misc.h servconf.c] + print ipqos friendly string for sshd -T; ok markus + # sshd -Tf sshd_config|grep ipqos + ipqos lowdelay throughput + - djm@cvs.openbsd.org 2011/04/12 04:23:50 + [ssh-keygen.c] + fix -Wshadow + - djm@cvs.openbsd.org 2011/04/12 05:32:49 + [sshd.c] + exit with 0 status on SIGTERM; bz#1879 + - djm@cvs.openbsd.org 2011/04/13 04:02:48 + [ssh-keygen.1] + improve wording; bz#1861 + - djm@cvs.openbsd.org 2011/04/13 04:09:37 + [ssh-keygen.1] + mention valid -b sizes for ECDSA keys; bz#1862 + - djm@cvs.openbsd.org 2011/04/17 22:42:42 + [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] + allow graceful shutdown of multiplexing: request that a mux server + removes its listener socket and refuse future multiplexing requests; + ok markus@ + - djm@cvs.openbsd.org 2011/04/18 00:46:05 + [ssh-keygen.c] + certificate options are supposed to be packed in lexical order of + option name (though we don't actually enforce this at present). + Move one up that was out of sequence + - djm@cvs.openbsd.org 2011/05/04 21:15:29 + [authfile.c authfile.h ssh-add.c] + allow "ssh-add - < key"; feedback and ok markus@ + - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE + so autoreconf 2.68 is happy. + - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ + 20110221 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the Cygwin-specific service installer script ssh-host-config. The actual @@ -19,6 +469,13 @@ The new script also is more thorough to inform the user why the script failed. Patch from vinschen at redhat com. +20110218 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/02/16 00:31:14 + [ssh-keysign.c] + make hostbased auth with ECDSA keys work correctly. Based on patch + by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) + 20110206 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in selinux code. Patch from Leonardo Chiquitto @@ -46,6 +503,14 @@ succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851 +20110127 + - (tim) [config.guess config.sub] Sync with upstream. + - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete + AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with + AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white + space changes for consistency/readability. Makes autoconf 2.68 happy. + "Nice work" djm + 20110125 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to @@ -1256,4 +1721,3 @@ (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@ - Modified: head/crypto/openssh/INSTALL ============================================================================== --- head/crypto/openssh/INSTALL Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/INSTALL Wed Oct 5 22:08:17 2011 (r226046) @@ -16,9 +16,7 @@ The remaining items are optional. NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random, or failing that, either prngd or egd. If you don't have -any of these you will have to rely on ssh-rand-helper, which is inferior -to a good kernel-based solution or prngd. +/dev/random, or failing that, either prngd or egd PRNGD: @@ -262,4 +260,4 @@ Please refer to the "reporting bugs" sec http://www.openssh.com/ -$Id: INSTALL,v 1.85 2010/02/11 22:34:22 djm Exp $ +$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $ Modified: head/crypto/openssh/PROTOCOL.mux ============================================================================== --- head/crypto/openssh/PROTOCOL.mux Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/PROTOCOL.mux Wed Oct 5 22:08:17 2011 (r226046) @@ -73,6 +73,13 @@ non-multiplexed ssh(1) connection. Two a client must cope with are it receiving a signal itself and the server disconnecting without sending an exit message. +A master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE +if remote TTY allocation was unsuccessful. The client may use this to +return its local tty to "cooked" mode. + + uint32 MUX_S_TTY_ALLOC_FAIL + uint32 session id + 3. Health checks The client may request a health check/PID report from a server: @@ -149,10 +156,21 @@ The client then sends its standard input The contents of "reserved" are currently ignored. -A server may reply with a MUX_S_SESSION_OPEED, a MUX_S_PERMISSION_DENIED +A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. -8. Status messages +8. Requesting shutdown of mux listener + +A client may request the master to stop accepting new multiplexing requests +and remove its listener socket. + + uint32 MUX_C_STOP_LISTENING + uint32 request id + +A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a +MUX_S_FAILURE. + +9. Status messages The MUX_S_OK message is empty: @@ -169,7 +187,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA uint32 client request id string reason -9. Protocol numbers +10. Protocol numbers #define MUX_MSG_HELLO 0x00000001 #define MUX_C_NEW_SESSION 0x10000002 @@ -178,6 +196,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA #define MUX_C_OPEN_FWD 0x10000006 #define MUX_C_CLOSE_FWD 0x10000007 #define MUX_C_NEW_STDIO_FWD 0x10000008 +#define MUX_C_STOP_LISTENING 0x10000009 #define MUX_S_OK 0x80000001 #define MUX_S_PERMISSION_DENIED 0x80000002 #define MUX_S_FAILURE 0x80000003 @@ -185,6 +204,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA #define MUX_S_ALIVE 0x80000005 #define MUX_S_SESSION_OPENED 0x80000006 #define MUX_S_REMOTE_PORT 0x80000007 +#define MUX_S_TTY_ALLOC_FAIL 0x80000008 #define MUX_FWD_LOCAL 1 #define MUX_FWD_REMOTE 2 @@ -192,12 +212,10 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA XXX TODO XXX extended status (e.g. report open channels / forwards) -XXX graceful close (delete listening socket, but keep existing sessions active) XXX lock (maybe) XXX watch in/out traffic (pre/post crypto) XXX inject packet (what about replies) XXX server->client error/warning notifications -XXX port0 rfwd (need custom response message) XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.7 2011/05/08 12:52:01 djm Exp $ Modified: head/crypto/openssh/README ============================================================================== --- head/crypto/openssh/README Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/README Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.8p2 for the release notes. +See http://www.openssh.com/txt/release-5.9 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.75.4.2 2011/05/03 00:04:21 djm Exp $ +$Id: README,v 1.77.2.2 2011/09/06 23:11:20 djm Exp $ Modified: head/crypto/openssh/aclocal.m4 ============================================================================== --- head/crypto/openssh/aclocal.m4 Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/aclocal.m4 Wed Oct 5 22:08:17 2011 (r226046) @@ -1,8 +1,26 @@ -dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $ +dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $ dnl dnl OpenSSH-specific autoconf macros dnl +dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag]) +dnl Check that $CC accepts a flag 'check_flag'. If it is supported append +dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append +dnl 'check_flag'. +AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ + AC_MSG_CHECKING([if $CC supports $1]) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $1" + _define_flag="$2" + test "x$_define_flag" = "x" && _define_flag="$1" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], + [ AC_MSG_RESULT([yes]) + CFLAGS="$saved_CFLAGS $_define_flag"], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ] + ) +}]) + dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol) dnl Does AC_EGREP_HEADER on 'header' for the string 'field' @@ -33,16 +51,6 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [ fi ]) -dnl OSSH_PATH_ENTROPY_PROG(variablename, command): -dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST -AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [ - AC_PATH_PROG($1, $2) - if test -z "[$]$1" ; then - $1="undef" - fi - AC_SUBST($1) -]) - dnl Check for socklen_t: historically on BSD it is an int, and in dnl POSIX 1g it is a type of its own, but some platforms use different dnl types for the argument to getsockopt, getpeername, etc. So we Modified: head/crypto/openssh/audit-linux.c ============================================================================== --- head/crypto/openssh/audit-linux.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/audit-linux.c Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $Id$ */ +/* $Id: audit-linux.c,v 1.1 2011/01/17 10:15:30 dtucker Exp $ */ /* * Copyright 2010 Red Hat, Inc. All rights reserved. Modified: head/crypto/openssh/auth-rsa.c ============================================================================== --- head/crypto/openssh/auth-rsa.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/auth-rsa.c Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.79 2010/12/03 23:55:27 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.80 2011/05/23 03:30:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -160,44 +160,27 @@ auth_rsa_challenge_dialog(Key *key) return (success); } -/* - * check if there's user key matching client_n, - * return key if login is allowed, NULL otherwise - */ - -int -auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) +static int +rsa_key_allowed_in_file(struct passwd *pw, char *file, + const BIGNUM *client_n, Key **rkey) { - char line[SSH_MAX_PUBKEY_BYTES], *file; + char line[SSH_MAX_PUBKEY_BYTES]; int allowed = 0; u_int bits; FILE *f; u_long linenum = 0; Key *key; - /* Temporarily use the user's uid. */ - temporarily_use_uid(pw); - - /* The authorized keys. */ - file = authorized_keys_file(pw); debug("trying public RSA key file %s", file); - f = auth_openkeyfile(file, pw, options.strict_modes); - if (!f) { - xfree(file); - restore_uid(); - return (0); - } - - /* Flag indicating whether the key is allowed. */ - allowed = 0; - - key = key_new(KEY_RSA1); + if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) + return 0; /* * Go though the accepted keys, looking for the current key. If * found, perform a challenge-response dialog to verify that the * user really has the corresponding private key. */ + key = key_new(KEY_RSA1); while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; @@ -235,7 +218,10 @@ auth_rsa_key_allowed(struct passwd *pw, } /* cp now points to the comment part. */ - /* Check if the we have found the desired key (identified by its modulus). */ + /* + * Check if the we have found the desired key (identified + * by its modulus). + */ if (BN_cmp(key->rsa->n, client_n) != 0) continue; @@ -264,11 +250,7 @@ auth_rsa_key_allowed(struct passwd *pw, break; } - /* Restore the privileged uid. */ - restore_uid(); - /* Close the file. */ - xfree(file); fclose(f); /* return key if allowed */ @@ -276,7 +258,33 @@ auth_rsa_key_allowed(struct passwd *pw, *rkey = key; else key_free(key); - return (allowed); + + return allowed; +} + +/* + * check if there's user key matching client_n, + * return key if login is allowed, NULL otherwise + */ + +int +auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) +{ + char *file; + u_int i, allowed = 0; + + temporarily_use_uid(pw); + + for (i = 0; !allowed && i < options.num_authkeys_files; i++) { + file = expand_authorized_keys( + options.authorized_keys_files[i], pw); + allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); + xfree(file); + } + + restore_uid(); + + return allowed; } /* Modified: head/crypto/openssh/auth-skey.c ============================================================================== --- head/crypto/openssh/auth-skey.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/auth-skey.c Wed Oct 5 22:08:17 2011 (r226046) @@ -39,6 +39,7 @@ #include "hostfile.h" #include "auth.h" #include "ssh-gss.h" +#include "log.h" #include "monitor_wrap.h" static void * Modified: head/crypto/openssh/auth.c ============================================================================== --- head/crypto/openssh/auth.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/auth.c Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -332,7 +332,7 @@ auth_root_allowed(char *method) * * This returns a buffer allocated by xmalloc. */ -static char * +char * expand_authorized_keys(const char *filename, struct passwd *pw) { char *file, ret[MAXPATHLEN]; @@ -356,18 +356,6 @@ expand_authorized_keys(const char *filen } char * -authorized_keys_file(struct passwd *pw) -{ - return expand_authorized_keys(options.authorized_keys_file, pw); -} - -char * -authorized_keys_file2(struct passwd *pw) -{ - return expand_authorized_keys(options.authorized_keys_file2, pw); -} - -char * authorized_principals_file(struct passwd *pw) { if (options.authorized_principals_file == NULL) @@ -469,7 +457,6 @@ secure_filename(FILE *f, const char *fil } strlcpy(buf, cp, sizeof(buf)); - debug3("secure_filename: checking '%s'", buf); if (stat(buf, &st) < 0 || (st.st_uid != 0 && st.st_uid != uid) || (st.st_mode & 022) != 0) { @@ -479,11 +466,9 @@ secure_filename(FILE *f, const char *fil } /* If are past the homedir then we can stop */ - if (comparehome && strcmp(homedir, buf) == 0) { - debug3("secure_filename: terminating check at '%s'", - buf); + if (comparehome && strcmp(homedir, buf) == 0) break; - } + /* * dirname should always complete with a "/" path, * but we can be paranoid and check for "." too Modified: head/crypto/openssh/auth.h ============================================================================== --- head/crypto/openssh/auth.h Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/auth.h Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.66 2010/05/07 11:30:29 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -53,6 +53,7 @@ struct Authctxt { int valid; /* user exists and is allowed to login */ int attempt; int failures; + int server_caused_failure; int force_pwchange; char *user; /* username sent by the client */ char *service; @@ -167,8 +168,7 @@ char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); void abandon_challenge_response(Authctxt *); -char *authorized_keys_file(struct passwd *); -char *authorized_keys_file2(struct passwd *); +char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); FILE *auth_openkeyfile(const char *, struct passwd *, int); Modified: head/crypto/openssh/auth2-gss.c ============================================================================== --- head/crypto/openssh/auth2-gss.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/auth2-gss.c Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.17 2011/03/10 02:52:57 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -102,6 +102,7 @@ userauth_gssapi(Authctxt *authctxt) if (!present) { xfree(doid); + authctxt->server_caused_failure = 1; return (0); } @@ -109,6 +110,7 @@ userauth_gssapi(Authctxt *authctxt) if (ctxt != NULL) ssh_gssapi_delete_ctx(&ctxt); xfree(doid); + authctxt->server_caused_failure = 1; return (0); } Modified: head/crypto/openssh/auth2-pubkey.c ============================================================================== --- head/crypto/openssh/auth2-pubkey.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/auth2-pubkey.c Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.29 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -436,7 +436,7 @@ user_cert_trusted_ca(struct passwd *pw, int user_key_allowed(struct passwd *pw, Key *key) { - int success; + u_int success, i; char *file; if (auth_key_is_revoked(key)) @@ -448,16 +448,13 @@ user_key_allowed(struct passwd *pw, Key if (success) return success; - file = authorized_keys_file(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); - if (success) - return success; + for (i = 0; !success && i < options.num_authkeys_files; i++) { + file = expand_authorized_keys( + options.authorized_keys_files[i], pw); + success = user_key_allowed2(pw, key, file); + xfree(file); + } - /* try suffix "2" for backward compat, too */ - file = authorized_keys_file2(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); return success; } Modified: head/crypto/openssh/auth2.c ============================================================================== --- head/crypto/openssh/auth2.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/auth2.c Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -304,6 +304,7 @@ input_userauth_request(int type, u_int32 #endif authctxt->postponed = 0; + authctxt->server_caused_failure = 0; /* try to authenticate user */ m = authmethod_lookup(method); @@ -376,7 +377,8 @@ userauth_finish(Authctxt *authctxt, int } else { /* Allow initial try of "none" auth without failure penalty */ - if (authctxt->attempt > 1 || strcmp(method, "none") != 0) + if (!authctxt->server_caused_failure && + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS Modified: head/crypto/openssh/authfd.c ============================================================================== --- head/crypto/openssh/authfd.c Wed Oct 5 20:00:50 2011 (r226045) +++ head/crypto/openssh/authfd.c Wed Oct 5 22:08:17 2011 (r226046) @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -102,6 +102,7 @@ ssh_get_authentication_socket(void) if (!authsocket) return -1; + bzero(&sunaddr, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); @@ -110,7 +111,7 @@ ssh_get_authentication_socket(void) return -1; /* close on exec */ - if (fcntl(sock, F_SETFD, 1) == -1) { *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***