[openssh-commits] [openssh] 02/02: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Feb 21 09:20:48 AEDT 2015


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 44732de06884238049f285f1455b2181baa7dc82
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Feb 20 22:17:21 2015 +0000

    upstream commit
    
    UpdateHostKeys fixes:
    
    I accidentally changed the format of the hostkeys at openssh.com messages
    last week without changing the extension name, and this has been causing
    connection failures for people who are running -current. First reported
    by sthen@
    
    s/hostkeys at openssh.com/hostkeys-00 at openssh.com/
    Change the name of the proof message too, and reorder it a little.
    
    Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
    available to read the response) so disable UpdateHostKeys if it is in
    ask mode and ControlPersist is active (and document this)
---
 PROTOCOL     | 12 ++++++------
 clientloop.c | 23 +++++++++++++----------
 monitor.c    |  8 ++++----
 serverloop.c | 10 +++++-----
 ssh.c        |  8 +++++++-
 ssh_config.5 |  7 +++++--
 sshd.c       |  4 ++--
 7 files changed, 42 insertions(+), 30 deletions(-)

diff --git a/PROTOCOL b/PROTOCOL
index f956083..91bfe27 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -282,15 +282,15 @@ by the client cancel the forwarding of a Unix domain socket.
 	boolean		FALSE
 	string		socket path
 
-2.5. connection: hostkey update and rotation "hostkeys at openssh.com"
-and "hostkeys-prove at openssh.com"
+2.5. connection: hostkey update and rotation "hostkeys-00 at openssh.com"
+and "hostkeys-prove-00 at openssh.com"
 
 OpenSSH supports a protocol extension allowing a server to inform
 a client of all its protocol v.2 host keys after user-authentication
 has completed.
 
 	byte		SSH_MSG_GLOBAL_REQUEST
-	string		"hostkeys at openssh.com"
+	string		"hostkeys-00 at openssh.com"
 	string[]	hostkeys
 
 Upon receiving this message, a client should check which of the
@@ -300,15 +300,15 @@ to request the server prove ownership of the private half of the
 key.
 
 	byte		SSH_MSG_GLOBAL_REQUEST
-	string		"hostkeys-prove at openssh.com"
+	string		"hostkeys-prove-00 at openssh.com"
 	char		1 /* want-reply */
 	string[]	hostkeys
 
 When a server receives this message, it should generate a signature
 using each requested key over the following:
 
+	string		"hostkeys-prove-00 at openssh.com"
 	string		session identifier
-	string		"hostkeys-prove at openssh.com"
 	string		hostkey
 
 These signatures should be included in the reply, in the order matching
@@ -453,4 +453,4 @@ respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.26 2015/02/16 22:13:32 djm Exp $
+$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $
diff --git a/clientloop.c b/clientloop.c
index a19d9d0..ca3a459 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.269 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.270 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2265,10 +2265,10 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
 			continue;
 		/* Prepare data to be signed: session ID, unique string, key */
 		sshbuf_reset(signdata);
-		if ((r = sshbuf_put_string(signdata, ssh->kex->session_id,
+		if ( (r = sshbuf_put_cstring(signdata,
+		    "hostkeys-prove-00 at openssh.com")) != 0 ||
+		    (r = sshbuf_put_string(signdata, ssh->kex->session_id,
 		    ssh->kex->session_id_len)) != 0 ||
-		    (r = sshbuf_put_cstring(signdata,
-		    "hostkeys-prove at openssh.com")) != 0 ||
 		    (r = sshkey_puts(ctx->keys[i], signdata)) != 0)
 			fatal("%s: failed to prepare signature: %s",
 			    __func__, ssh_err(r));
@@ -2300,7 +2300,7 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
 }
 
 /*
- * Handle hostkeys at openssh.com global request to inform the client of all
+ * Handle hostkeys-00 at openssh.com global request to inform the client of all
  * the server's hostkeys. The keys are checked against the user's
  * HostkeyAlgorithms preference before they are accepted.
  */
@@ -2335,8 +2335,10 @@ client_input_hostkeys(void)
 			    __func__, ssh_err(r));
 			goto out;
 		}
-		if ((r = sshkey_from_blob(blob, len, &key)) != 0)
-			fatal("%s: parse key: %s", __func__, ssh_err(r));
+		if ((r = sshkey_from_blob(blob, len, &key)) != 0) {
+			error("%s: parse key: %s", __func__, ssh_err(r));
+			goto out;
+		}
 		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);
 		debug3("%s: received %s key %s", __func__,
@@ -2376,9 +2378,10 @@ client_input_hostkeys(void)
 	}
 
 	if (ctx->nkeys == 0) {
-		error("%s: server sent no hostkeys", __func__);
+		debug("%s: server sent no hostkeys", __func__);
 		goto out;
 	}
+
 	if ((ctx->keys_seen = calloc(ctx->nkeys,
 	    sizeof(*ctx->keys_seen))) == NULL)
 		fatal("%s: calloc failed", __func__);
@@ -2418,7 +2421,7 @@ client_input_hostkeys(void)
 		    __func__, ctx->nnew);
 		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
 		    (r = sshpkt_put_cstring(ssh,
-		    "hostkeys-prove at openssh.com")) != 0 ||
+		    "hostkeys-prove-00 at openssh.com")) != 0 ||
 		    (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */
 			fatal("%s: cannot prepare packet: %s",
 			    __func__, ssh_err(r));
@@ -2465,7 +2468,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
 	want_reply = packet_get_char();
 	debug("client_input_global_request: rtype %s want_reply %d",
 	    rtype, want_reply);
-	if (strcmp(rtype, "hostkeys at openssh.com") == 0)
+	if (strcmp(rtype, "hostkeys-00 at openssh.com") == 0)
 		success = client_input_hostkeys();
 	if (want_reply) {
 		packet_start(success ?
diff --git a/monitor.c b/monitor.c
index bc4f039..8f5ab72 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.144 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos at citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -693,7 +693,7 @@ mm_answer_sign(int sock, Buffer *m)
 	u_char *signature;
 	size_t datlen, siglen;
 	int r, keyid, is_proof = 0;
-	const char proof_req[] = "hostkeys-prove at openssh.com";
+	const char proof_req[] = "hostkeys-prove-00 at openssh.com";
 
 	debug3("%s", __func__);
 
@@ -723,9 +723,9 @@ mm_answer_sign(int sock, Buffer *m)
 			fatal("%s: no hostkey for index %d", __func__, keyid);
 		if ((sigbuf = sshbuf_new()) == NULL)
 			fatal("%s: sshbuf_new", __func__);
-		if ((r = sshbuf_put_string(sigbuf, session_id2,
+		if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
+		    (r = sshbuf_put_string(sigbuf, session_id2,
 		    session_id2_len) != 0) ||
-		    (r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
 		    (r = sshkey_puts(key, sigbuf)) != 0)
 			fatal("%s: couldn't prepare private key "
 			    "proof buffer: %s", __func__, ssh_err(r));
diff --git a/serverloop.c b/serverloop.c
index 5633ceb..306ac36 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.177 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1195,10 +1195,10 @@ server_input_hostkeys_prove(struct sshbuf **respp)
 		sshbuf_reset(sigbuf);
 		free(sig);
 		sig = NULL;
-		if ((r = sshbuf_put_string(sigbuf,
+		if ((r = sshbuf_put_cstring(sigbuf,
+		    "hostkeys-prove-00 at openssh.com")) != 0 ||
+		    (r = sshbuf_put_string(sigbuf,
 		    ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
-		    (r = sshbuf_put_cstring(sigbuf,
-		    "hostkeys-prove at openssh.com")) != 0 ||
 		    (r = sshkey_puts(key, sigbuf)) != 0 ||
 		    (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
 		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 ||
@@ -1310,7 +1310,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 	} else if (strcmp(rtype, "no-more-sessions at openssh.com") == 0) {
 		no_more_sessions = 1;
 		success = 1;
-	} else if (strcmp(rtype, "hostkeys-prove at openssh.com") == 0) {
+	} else if (strcmp(rtype, "hostkeys-prove-00 at openssh.com") == 0) {
 		success = server_input_hostkeys_prove(&resp);
 	}
 	if (want_reply) {
diff --git a/ssh.c b/ssh.c
index 430773c..57b53fb 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.414 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: ssh.c,v 1.415 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1072,6 +1072,12 @@ main(int ac, char **av)
 	    strcmp(options.proxy_command, "-") == 0 &&
 	    options.proxy_use_fdpass)
 		fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
+	if (options.control_persist &&
+	    options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
+		debug("UpdateHostKeys=ask is incompatible with ControlPersist; "
+		    "disabling");
+		options.update_hostkeys = 0;
+	}
 #ifndef HAVE_CYGWIN
 	if (original_effective_uid != 0)
 		options.use_privileged_port = 0;
diff --git a/ssh_config.5 b/ssh_config.5
index fa59c51..140d0ba 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.204 2015/02/16 22:13:32 djm Exp $
-.Dd $Mdocdate: February 16 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $
+.Dd $Mdocdate: February 20 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1524,6 +1524,9 @@ If
 is set to
 .Dq ask ,
 then the user is asked to confirm the modifications to the known_hosts file.
+Confirmation is currently incompatible with
+.Cm ControlPersist ,
+and will be disabled if it is enabled.
 .Pp
 Presently, only
 .Xr sshd 8
diff --git a/sshd.c b/sshd.c
index 2919efb..312dcd8 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.443 2015/02/16 22:30:03 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.444 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -942,7 +942,7 @@ notify_hostkeys(struct ssh *ssh)
 		free(fp);
 		if (nkeys == 0) {
 			packet_start(SSH2_MSG_GLOBAL_REQUEST);
-			packet_put_cstring("hostkeys at openssh.com");
+			packet_put_cstring("hostkeys-00 at openssh.com");
 			packet_put_char(0); /* want-reply */
 		}
 		sshbuf_reset(buf);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list