Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh merge conflicts
details: https://anonhg.NetBSD.org/src/rev/c83b78ba25a8
branches: trunk
changeset: 321807:c83b78ba25a8
user: christos <christos%NetBSD.org@localhost>
date: Fri Apr 06 18:58:59 2018 +0000
description:
merge conflicts
diffstat:
crypto/external/bsd/openssh/Makefile.inc | 4 +-
crypto/external/bsd/openssh/bin/ssh/Makefile | 4 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 16 +-
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 10 +-
crypto/external/bsd/openssh/dist/auth-options.c | 1205 ++++++++------
crypto/external/bsd/openssh/dist/auth-options.h | 107 +-
crypto/external/bsd/openssh/dist/auth-pam.c | 197 +-
crypto/external/bsd/openssh/dist/auth-pam.h | 14 +-
crypto/external/bsd/openssh/dist/auth-passwd.c | 61 +-
crypto/external/bsd/openssh/dist/auth.c | 363 ++++-
crypto/external/bsd/openssh/dist/auth.h | 33 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 14 +-
crypto/external/bsd/openssh/dist/auth2-none.c | 8 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 8 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 632 +++++--
crypto/external/bsd/openssh/dist/auth2.c | 13 +-
crypto/external/bsd/openssh/dist/authfd.c | 47 +-
crypto/external/bsd/openssh/dist/authfd.h | 9 +-
crypto/external/bsd/openssh/dist/authfile.c | 12 +-
crypto/external/bsd/openssh/dist/bitmap.c | 5 +-
crypto/external/bsd/openssh/dist/bitmap.h | 4 +-
crypto/external/bsd/openssh/dist/blf.h | 1 +
crypto/external/bsd/openssh/dist/blocks.c | 248 ---
crypto/external/bsd/openssh/dist/chacha.h | 1 +
crypto/external/bsd/openssh/dist/channels.c | 86 +-
crypto/external/bsd/openssh/dist/cipher-aesctr.c | 3 +
crypto/external/bsd/openssh/dist/cipher-aesctr.h | 1 +
crypto/external/bsd/openssh/dist/cipher-chachapoly.h | 1 +
crypto/external/bsd/openssh/dist/cipher-ctr-mt.c | 3 +-
crypto/external/bsd/openssh/dist/cipher.c | 25 +-
crypto/external/bsd/openssh/dist/cleanup.c | 4 +-
crypto/external/bsd/openssh/dist/clientloop.c | 61 +-
crypto/external/bsd/openssh/dist/clientloop.h | 6 +-
crypto/external/bsd/openssh/dist/compat.c | 77 +-
crypto/external/bsd/openssh/dist/compat.h | 30 +-
crypto/external/bsd/openssh/dist/crypto_api.h | 1 +
crypto/external/bsd/openssh/dist/dh.c | 13 +-
crypto/external/bsd/openssh/dist/digest.h | 1 +
crypto/external/bsd/openssh/dist/dns.c | 11 +-
crypto/external/bsd/openssh/dist/dns.h | 7 +-
crypto/external/bsd/openssh/dist/fe25519.h | 1 +
crypto/external/bsd/openssh/dist/fmt_scaled.c | 3 +-
crypto/external/bsd/openssh/dist/freezero.c | 36 +
crypto/external/bsd/openssh/dist/ge25519.h | 1 +
crypto/external/bsd/openssh/dist/hash.c | 85 +-
crypto/external/bsd/openssh/dist/hmac.h | 1 +
crypto/external/bsd/openssh/dist/includes.h | 4 +-
crypto/external/bsd/openssh/dist/kex.c | 18 +-
crypto/external/bsd/openssh/dist/kexc25519c.c | 6 +-
crypto/external/bsd/openssh/dist/kexdhc.c | 14 +-
crypto/external/bsd/openssh/dist/kexdhs.c | 12 +-
crypto/external/bsd/openssh/dist/kexecdhc.c | 23 +-
crypto/external/bsd/openssh/dist/kexecdhs.c | 18 +-
crypto/external/bsd/openssh/dist/kexgexc.c | 14 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 12 +-
crypto/external/bsd/openssh/dist/key.c | 21 +-
crypto/external/bsd/openssh/dist/key.h | 5 +-
crypto/external/bsd/openssh/dist/krl.c | 7 +-
crypto/external/bsd/openssh/dist/krl.h | 1 +
crypto/external/bsd/openssh/dist/misc.c | 647 +++++--
crypto/external/bsd/openssh/dist/misc.h | 23 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 45 -
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 38 -
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 40 -
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 36 -
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 35 -
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 44 -
crypto/external/bsd/openssh/dist/moduli.c | 11 +-
crypto/external/bsd/openssh/dist/monitor.c | 120 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 60 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 16 +-
crypto/external/bsd/openssh/dist/opacket.c | 5 +-
crypto/external/bsd/openssh/dist/opacket.h | 3 +-
crypto/external/bsd/openssh/dist/packet.c | 36 +-
crypto/external/bsd/openssh/dist/packet.h | 7 +-
crypto/external/bsd/openssh/dist/pathnames.h | 6 +-
crypto/external/bsd/openssh/dist/pfilter.c | 4 +
crypto/external/bsd/openssh/dist/pfilter.h | 1 +
crypto/external/bsd/openssh/dist/poly1305.h | 1 +
crypto/external/bsd/openssh/dist/readconf.c | 80 +-
crypto/external/bsd/openssh/dist/readconf.h | 6 +-
crypto/external/bsd/openssh/dist/readpassphrase.c | 3 +-
crypto/external/bsd/openssh/dist/rijndael.c | 3 +
crypto/external/bsd/openssh/dist/rijndael.h | 1 +
crypto/external/bsd/openssh/dist/sandbox-pledge.c | 3 +
crypto/external/bsd/openssh/dist/sc25519.h | 1 +
crypto/external/bsd/openssh/dist/scp.1 | 47 +-
crypto/external/bsd/openssh/dist/scp.c | 228 +-
crypto/external/bsd/openssh/dist/servconf.c | 560 ++++--
crypto/external/bsd/openssh/dist/servconf.h | 79 +-
crypto/external/bsd/openssh/dist/serverloop.c | 82 +-
crypto/external/bsd/openssh/dist/session.c | 93 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 24 +-
crypto/external/bsd/openssh/dist/sftp.1 | 94 +-
crypto/external/bsd/openssh/dist/sftp.c | 92 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 78 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 68 +-
crypto/external/bsd/openssh/dist/ssh-dss.c | 91 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 12 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 31 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 103 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.1 | 104 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 42 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 12 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 9 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 183 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 9 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 49 +-
crypto/external/bsd/openssh/dist/ssh-sandbox.h | 1 +
crypto/external/bsd/openssh/dist/ssh-xmss.c | 3 +
crypto/external/bsd/openssh/dist/ssh.1 | 59 +-
crypto/external/bsd/openssh/dist/ssh.c | 350 ++-
crypto/external/bsd/openssh/dist/ssh_config.5 | 54 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 1 +
crypto/external/bsd/openssh/dist/sshconnect.c | 194 +-
crypto/external/bsd/openssh/dist/sshconnect.h | 6 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 103 +-
crypto/external/bsd/openssh/dist/sshd.8 | 34 +-
crypto/external/bsd/openssh/dist/sshd.c | 202 +-
crypto/external/bsd/openssh/dist/sshd_config | 5 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 76 +-
crypto/external/bsd/openssh/dist/ssherr.h | 1 +
crypto/external/bsd/openssh/dist/sshkey-xmss.c | 11 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.h | 1 +
crypto/external/bsd/openssh/dist/sshkey.c | 764 +++++++--
crypto/external/bsd/openssh/dist/sshkey.h | 42 +-
crypto/external/bsd/openssh/dist/ttymodes.c | 17 +-
crypto/external/bsd/openssh/dist/umac.c | 200 +-
crypto/external/bsd/openssh/dist/utf8.h | 1 +
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/dist/xmss_commons.c | 3 +
crypto/external/bsd/openssh/dist/xmss_commons.h | 1 +
crypto/external/bsd/openssh/dist/xmss_fast.c | 3 +
crypto/external/bsd/openssh/dist/xmss_fast.h | 1 +
crypto/external/bsd/openssh/dist/xmss_hash.c | 3 +
crypto/external/bsd/openssh/dist/xmss_hash.h | 1 +
crypto/external/bsd/openssh/dist/xmss_hash_address.c | 3 +
crypto/external/bsd/openssh/dist/xmss_hash_address.h | 1 +
crypto/external/bsd/openssh/dist/xmss_wots.c | 3 +
crypto/external/bsd/openssh/dist/xmss_wots.h | 1 +
crypto/external/bsd/openssh/lib/Makefile | 19 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
142 files changed, 5522 insertions(+), 3647 deletions(-)
diffs (truncated from 17019 to 300 lines):
diff -r 899fb0456dba -r c83b78ba25a8 crypto/external/bsd/openssh/Makefile.inc
--- a/crypto/external/bsd/openssh/Makefile.inc Fri Apr 06 18:56:07 2018 +0000
+++ b/crypto/external/bsd/openssh/Makefile.inc Fri Apr 06 18:58:59 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.13 2018/02/09 01:54:46 christos Exp $
+# $NetBSD: Makefile.inc,v 1.14 2018/04/06 18:58:59 christos Exp $
WARNS?= 4
@@ -19,7 +19,7 @@
CPPFLAGS+=-DOPENSSL_API_COMPAT=0x10100000L
.endif
-CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
+CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE -DWITH_XMSS
.if !defined(NOPIC)
CPPFLAGS+=-DHAVE_DLOPEN
.endif
diff -r 899fb0456dba -r c83b78ba25a8 crypto/external/bsd/openssh/bin/ssh/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile Fri Apr 06 18:56:07 2018 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile Fri Apr 06 18:58:59 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.13 2018/02/25 00:16:48 mrg Exp $
+# $NetBSD: Makefile,v 1.14 2018/04/06 18:58:59 christos Exp $
.include <bsd.own.mk>
@@ -8,7 +8,7 @@
SRCS= ssh.c readconf.c clientloop.c sshtty.c \
sshconnect.c sshconnect2.c mux.c auth.c
-COPTS.auth.c= -DHOST_ONLY
+COPTS.auth.c= -DHOST_ONLY
COPTS.mux.c= -Wno-pointer-sign
COPTS.sshconnect2.c= -Wno-pointer-sign
diff -r 899fb0456dba -r c83b78ba25a8 crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Fri Apr 06 18:56:07 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Fri Apr 06 18:58:59 2018 +0000
@@ -295,10 +295,14 @@
string[] hostkeys
Upon receiving this message, a client should check which of the
-supplied host keys are present in known_hosts. For keys that are
-not present, it should send a "hostkeys-prove%openssh.com@localhost" message
-to request the server prove ownership of the private half of the
-key.
+supplied host keys are present in known_hosts.
+
+Note that the server may send key types that the client does not
+support. The client should disgregard such keys if they are received.
+
+If the client identifies any keys that are not present for the host,
+it should send a "hostkeys-prove%openssh.com@localhost" message to request the
+server prove ownership of the private half of the key.
byte SSH_MSG_GLOBAL_REQUEST
string "hostkeys-prove-00%openssh.com@localhost"
@@ -454,5 +458,5 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $
-$NetBSD: PROTOCOL,v 1.10 2017/10/07 19:39:19 christos Exp $
+$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $
+$NetBSD: PROTOCOL,v 1.11 2018/04/06 18:58:59 christos Exp $
diff -r 899fb0456dba -r c83b78ba25a8 crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Fri Apr 06 18:56:07 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Fri Apr 06 18:58:59 2018 +0000
@@ -100,9 +100,9 @@
ECDSA certificate
- string "ecdsa-sha2-nistp256-v01%openssh.com@localhost" |
- "ecdsa-sha2-nistp384-v01%openssh.com@localhost" |
- "ecdsa-sha2-nistp521-v01%openssh.com@localhost"
+ string "ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost" |
+ "ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost" |
+ "ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost"
string nonce
string curve
string public_key
@@ -291,5 +291,5 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.12 2017/05/31 04:29:44 djm Exp $
-$NetBSD: PROTOCOL.certkeys,v 1.8 2017/10/07 19:39:19 christos Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $
+$NetBSD: PROTOCOL.certkeys,v 1.9 2018/04/06 18:58:59 christos Exp $
diff -r 899fb0456dba -r c83b78ba25a8 crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c Fri Apr 06 18:56:07 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c Fri Apr 06 18:58:59 2018 +0000
@@ -1,19 +1,24 @@
-/* $NetBSD: auth-options.c,v 1.16 2017/10/07 19:39:19 christos Exp $ */
-/* $OpenBSD: auth-options.c,v 1.74 2017/09/12 06:32:07 djm Exp $ */
+/* $NetBSD: auth-options.c,v 1.17 2018/04/06 18:58:59 christos Exp $ */
+/* $OpenBSD: auth-options.c,v 1.78 2018/03/14 05:35:40 djm Exp $ */
/*
- * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
- * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
- * All rights reserved
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
+ * Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.16 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.17 2018/04/06 18:58:59 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
@@ -23,83 +28,28 @@
#include <stdio.h>
#include <stdarg.h>
#include <time.h>
+#include <ctype.h>
+#include <limits.h>
-#include "key.h" /* XXX for typedef */
-#include "buffer.h" /* XXX for typedef */
#include "xmalloc.h"
-#include "match.h"
#include "ssherr.h"
#include "log.h"
-#include "canohost.h"
-#include "packet.h"
#include "sshbuf.h"
#include "misc.h"
-#include "channels.h"
-#include "servconf.h"
#include "sshkey.h"
+#include "match.h"
+#include "ssh2.h"
#include "auth-options.h"
-#include "hostfile.h"
-#include "auth.h"
-
-/* Flags set authorized_keys flags */
-int no_port_forwarding_flag = 0;
-int no_agent_forwarding_flag = 0;
-int no_x11_forwarding_flag = 0;
-int no_pty_flag = 0;
-int no_user_rc = 0;
-int key_is_cert_authority = 0;
-
-/* "command=" option. */
-char *forced_command = NULL;
-
-/* "environment=" options. */
-struct envstring *custom_environment = NULL;
-
-/* "tunnel=" option. */
-int forced_tun_device = -1;
-
-/* "principals=" option. */
-char *authorized_principals = NULL;
-
-extern ServerOptions options;
-
-/* XXX refactor to be stateless */
-
-void
-auth_clear_options(void)
-{
- struct ssh *ssh = active_state; /* XXX */
-
- no_agent_forwarding_flag = 0;
- no_port_forwarding_flag = 0;
- no_pty_flag = 0;
- no_x11_forwarding_flag = 0;
- no_user_rc = 0;
- key_is_cert_authority = 0;
- while (custom_environment) {
- struct envstring *ce = custom_environment;
- custom_environment = ce->next;
- free(ce->s);
- free(ce);
- }
- free(forced_command);
- forced_command = NULL;
- free(authorized_principals);
- authorized_principals = NULL;
- forced_tun_device = -1;
- channel_clear_permitted_opens(ssh);
-}
/*
* Match flag 'opt' in *optsp, and if allow_negate is set then also match
* 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
- * if negated option matches.
+ * if negated option matches.
* If the option or negated option matches, then *optsp is updated to
- * point to the first character after the option and, if 'msg' is not NULL
- * then a message based on it added via auth_debug_add().
+ * point to the first character after the option.
*/
static int
-match_flag(const char *opt, int allow_negate, const char **optsp, const char *msg)
+opt_flag(const char *opt, int allow_negate, const char **optsp)
{
size_t opt_len = strlen(opt);
const char *opts = *optsp;
@@ -111,368 +61,92 @@
}
if (strncasecmp(opts, opt, opt_len) == 0) {
*optsp = opts + opt_len;
- if (msg != NULL) {
- auth_debug_add("%s %s.", msg,
- negate ? "disabled" : "enabled");
- }
return negate ? 0 : 1;
}
return -1;
}
-/*
- * return 1 if access is granted, 0 if not.
- * side effect: sets key option flags
- * XXX remove side effects; fill structure instead.
- */
-int
-auth_parse_options(struct passwd *pw, const char *opts, const char *file,
- u_long linenum)
+static char *
+opt_dequote(const char **sp, const char **errstrp)
{
- struct ssh *ssh = active_state; /* XXX */
- const char *cp;
- int i, r;
-
- /* reset options */
- auth_clear_options();
-
- if (!opts)
- return 1;
+ const char *s = *sp;
+ char *ret;
+ size_t i;
- while (*opts && *opts != ' ' && *opts != '\t') {
- if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) {
- key_is_cert_authority = r;
- goto next_option;
- }
- if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) {
- auth_debug_add("Key is restricted.");
- no_port_forwarding_flag = 1;
- no_agent_forwarding_flag = 1;
- no_x11_forwarding_flag = 1;
- no_pty_flag = 1;
- no_user_rc = 1;
- goto next_option;
- }
- if ((r = match_flag("port-forwarding", 1, &opts,
- "Port forwarding")) != -1) {
- no_port_forwarding_flag = r != 1;
- goto next_option;
- }
- if ((r = match_flag("agent-forwarding", 1, &opts,
- "Agent forwarding")) != -1) {
- no_agent_forwarding_flag = r != 1;
- goto next_option;
- }
- if ((r = match_flag("x11-forwarding", 1, &opts,
- "X11 forwarding")) != -1) {
- no_x11_forwarding_flag = r != 1;
- goto next_option;
- }
- if ((r = match_flag("pty", 1, &opts,
- "PTY allocation")) != -1) {
- no_pty_flag = r != 1;
- goto next_option;
- }
- if ((r = match_flag("user-rc", 1, &opts,
- "User rc execution")) != -1) {
- no_user_rc = r != 1;
- goto next_option;
- }
- cp = "command=\"";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- opts += strlen(cp);
- free(forced_command);
Home |
Main Index |
Thread Index |
Old Index