Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssh merge conflicts.



details:   https://anonhg.NetBSD.org/src/rev/520a4ac70b6c
branches:  trunk
changeset: 346774:520a4ac70b6c
user:      christos <christos%NetBSD.org@localhost>
date:      Tue Aug 02 13:45:12 2016 +0000

description:
merge conflicts.

diffstat:

 crypto/external/bsd/openssh/bin/ssh/Makefile            |    5 +-
 crypto/external/bsd/openssh/dist/PROTOCOL               |    6 +-
 crypto/external/bsd/openssh/dist/PROTOCOL.agent         |   26 +-
 crypto/external/bsd/openssh/dist/PROTOCOL.certkeys      |   44 ++-
 crypto/external/bsd/openssh/dist/auth-krb5.c            |    7 +-
 crypto/external/bsd/openssh/dist/auth-options.c         |   18 +-
 crypto/external/bsd/openssh/dist/auth-pam.c             |   11 +-
 crypto/external/bsd/openssh/dist/auth-passwd.c          |   11 +-
 crypto/external/bsd/openssh/dist/auth-rh-rsa.c          |   15 +-
 crypto/external/bsd/openssh/dist/auth-rhosts.c          |   16 +-
 crypto/external/bsd/openssh/dist/auth.c                 |  150 ++++++++-
 crypto/external/bsd/openssh/dist/auth.h                 |    9 +-
 crypto/external/bsd/openssh/dist/auth2-chall.c          |   10 +-
 crypto/external/bsd/openssh/dist/auth2-hostbased.c      |   11 +-
 crypto/external/bsd/openssh/dist/auth2.c                |   13 +-
 crypto/external/bsd/openssh/dist/authfile.c             |   39 +-
 crypto/external/bsd/openssh/dist/bufbn.c                |    4 +-
 crypto/external/bsd/openssh/dist/canohost.c             |   96 +----
 crypto/external/bsd/openssh/dist/canohost.h             |   15 +-
 crypto/external/bsd/openssh/dist/channels.c             |   17 +-
 crypto/external/bsd/openssh/dist/clientloop.c           |   17 +-
 crypto/external/bsd/openssh/dist/compat.c               |    6 +-
 crypto/external/bsd/openssh/dist/dh.c                   |  120 +++++-
 crypto/external/bsd/openssh/dist/dh.h                   |    6 +-
 crypto/external/bsd/openssh/dist/kex.c                  |   17 +-
 crypto/external/bsd/openssh/dist/kex.h                  |   19 +-
 crypto/external/bsd/openssh/dist/kexc25519.c            |    8 +-
 crypto/external/bsd/openssh/dist/kexc25519c.c           |    6 +-
 crypto/external/bsd/openssh/dist/kexc25519s.c           |    8 +-
 crypto/external/bsd/openssh/dist/kexdh.c                |   13 +-
 crypto/external/bsd/openssh/dist/kexdhc.c               |   14 +-
 crypto/external/bsd/openssh/dist/kexdhs.c               |   15 +-
 crypto/external/bsd/openssh/dist/kexgexs.c              |    9 +-
 crypto/external/bsd/openssh/dist/key.c                  |    9 +-
 crypto/external/bsd/openssh/dist/log.c                  |   18 +-
 crypto/external/bsd/openssh/dist/log.h                  |    6 +-
 crypto/external/bsd/openssh/dist/mac.c                  |   27 +-
 crypto/external/bsd/openssh/dist/mac.h                  |    6 +-
 crypto/external/bsd/openssh/dist/misc.c                 |  141 +++++++-
 crypto/external/bsd/openssh/dist/misc.h                 |    8 +-
 crypto/external/bsd/openssh/dist/monitor.c              |   40 +-
 crypto/external/bsd/openssh/dist/monitor_fdpass.c       |   12 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.c         |   17 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.h         |   12 +-
 crypto/external/bsd/openssh/dist/mux.c                  |   17 +-
 crypto/external/bsd/openssh/dist/myproposal.h           |   10 +-
 crypto/external/bsd/openssh/dist/opacket.h              |    6 +-
 crypto/external/bsd/openssh/dist/packet.c               |  147 +++++---
 crypto/external/bsd/openssh/dist/packet.h               |   10 +-
 crypto/external/bsd/openssh/dist/pathnames.h            |    6 +-
 crypto/external/bsd/openssh/dist/progressmeter.c        |   25 +-
 crypto/external/bsd/openssh/dist/readconf.c             |  263 ++++++++++++++-
 crypto/external/bsd/openssh/dist/readconf.h             |   16 +-
 crypto/external/bsd/openssh/dist/sandbox-systrace.c     |  205 ------------
 crypto/external/bsd/openssh/dist/scp.1                  |   10 +-
 crypto/external/bsd/openssh/dist/scp.c                  |   58 ++-
 crypto/external/bsd/openssh/dist/servconf.c             |   65 +++-
 crypto/external/bsd/openssh/dist/serverloop.c           |   46 +-
 crypto/external/bsd/openssh/dist/session.c              |   79 +++-
 crypto/external/bsd/openssh/dist/session.h              |    6 +-
 crypto/external/bsd/openssh/dist/sftp-client.c          |   19 +-
 crypto/external/bsd/openssh/dist/sftp.1                 |   10 +-
 crypto/external/bsd/openssh/dist/sftp.c                 |   82 ++--
 crypto/external/bsd/openssh/dist/ssh-agent.c            |   23 +-
 crypto/external/bsd/openssh/dist/ssh-dss.c              |   10 +-
 crypto/external/bsd/openssh/dist/ssh-ecdsa.c            |   10 +-
 crypto/external/bsd/openssh/dist/ssh-ed25519.c          |    7 +-
 crypto/external/bsd/openssh/dist/ssh-keygen.1           |   14 +-
 crypto/external/bsd/openssh/dist/ssh-keygen.c           |   23 +-
 crypto/external/bsd/openssh/dist/ssh-keyscan.c          |   10 +-
 crypto/external/bsd/openssh/dist/ssh-rsa.c              |   10 +-
 crypto/external/bsd/openssh/dist/ssh.1                  |   35 +-
 crypto/external/bsd/openssh/dist/ssh.c                  |  145 ++++++--
 crypto/external/bsd/openssh/dist/ssh1.h                 |    5 +-
 crypto/external/bsd/openssh/dist/ssh2.h                 |    8 +-
 crypto/external/bsd/openssh/dist/ssh_api.c              |   14 +-
 crypto/external/bsd/openssh/dist/ssh_config.5           |   79 ++++-
 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c  |    6 +-
 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c |    2 +-
 crypto/external/bsd/openssh/dist/sshbuf-misc.c          |   27 +-
 crypto/external/bsd/openssh/dist/sshbuf.h               |    9 +-
 crypto/external/bsd/openssh/dist/sshconnect1.c          |   20 +-
 crypto/external/bsd/openssh/dist/sshconnect2.c          |  106 ++---
 crypto/external/bsd/openssh/dist/sshd.c                 |  186 +++++++---
 crypto/external/bsd/openssh/dist/sshd_config            |    5 +-
 crypto/external/bsd/openssh/dist/sshd_config.5          |   30 +-
 crypto/external/bsd/openssh/dist/sshkey.c               |   49 +-
 crypto/external/bsd/openssh/dist/sshkey.h               |    4 +-
 crypto/external/bsd/openssh/dist/ttymodes.c             |    7 +-
 crypto/external/bsd/openssh/dist/ttymodes.h             |    7 +-
 crypto/external/bsd/openssh/dist/utf8.c                 |    6 +
 crypto/external/bsd/openssh/dist/version.h              |    8 +-
 crypto/external/bsd/openssh/lib/Makefile                |    3 +-
 crypto/external/bsd/openssh/lib/shlib_version           |    4 +-
 94 files changed, 1946 insertions(+), 1083 deletions(-)

diffs (truncated from 7271 to 300 lines):

diff -r fb8921a6c3fe -r 520a4ac70b6c crypto/external/bsd/openssh/bin/ssh/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile      Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile      Tue Aug 02 13:45:12 2016 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.9 2016/01/14 22:30:04 christos Exp $
+#      $NetBSD: Makefile,v 1.10 2016/08/02 13:45:12 christos Exp $
 
 .include <bsd.own.mk>
 
@@ -6,8 +6,9 @@
 
 PROG=  ssh
 SRCS=  ssh.c readconf.c clientloop.c sshtty.c \
-       sshconnect.c sshconnect1.c sshconnect2.c mux.c
+       sshconnect.c sshconnect1.c sshconnect2.c mux.c auth.c
 
+COPTS.auth.c=  -DHOST_ONLY
 COPTS.sshconnect1.c=   -fno-strict-aliasing
 COPTS.mux.c=           -Wno-pointer-sign
 COPTS.sshconnect2.c=   -Wno-pointer-sign
diff -r fb8921a6c3fe -r 520a4ac70b6c crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Tue Aug 02 13:45:12 2016 +0000
@@ -247,6 +247,8 @@
        uint32          initial window size
        uint32          maximum packet size
        string          socket path
+       string          reserved
+       uint32          reserved
 
 Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
 server when the client has previously send the server a streamlocal-forward
@@ -452,5 +454,5 @@
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $
-$NetBSD: PROTOCOL,v 1.7 2015/08/13 10:33:21 christos Exp $
+$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $
+$NetBSD: PROTOCOL,v 1.8 2016/08/02 13:45:12 christos Exp $
diff -r fb8921a6c3fe -r 520a4ac70b6c crypto/external/bsd/openssh/dist/PROTOCOL.agent
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.agent   Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.agent   Tue Aug 02 13:45:12 2016 +0000
@@ -206,6 +206,28 @@
        string                  key_comment
        constraint[]            key_constraints
 
+ED25519 keys may be added using the following request
+       byte                    SSH2_AGENTC_ADD_IDENTITY or
+                               SSH2_AGENTC_ADD_ID_CONSTRAINED
+       string                  "ssh-ed25519"
+       string                  ed25519_public_key
+       string                  ed25519_private_key || ed25519_public_key
+       string                  key_comment
+       constraint[]            key_constraints
+
+ED25519 certificates may be added with:
+       byte                    SSH2_AGENTC_ADD_IDENTITY or
+                               SSH2_AGENTC_ADD_ID_CONSTRAINED
+       string                  "ssh-ed25519-cert-v01%openssh.com@localhost"
+       string                  certificate
+       string                  ed25519_public_key
+       string                  ed25519_private_key || ed25519_public_key
+       string                  key_comment
+       constraint[]            key_constraints
+
+For both ssh-ed25519 and ssh-ed25519-cert-v01%openssh.com@localhost keys, the private
+key has the public key appended (for historical reasons).
+
 RSA keys may be added with this request:
 
        byte                    SSH2_AGENTC_ADD_IDENTITY or
@@ -557,5 +579,5 @@
        SSH_AGENT_CONSTRAIN_LIFETIME                    1
        SSH_AGENT_CONSTRAIN_CONFIRM                     2
 
-$OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $
-$NetBSD: PROTOCOL.agent,v 1.6 2015/07/03 00:59:59 christos Exp $
+$OpenBSD: PROTOCOL.agent,v 1.11 2016/05/19 07:45:32 djm Exp $
+$NetBSD: PROTOCOL.agent,v 1.7 2016/08/02 13:45:12 christos Exp $
diff -r fb8921a6c3fe -r 520a4ac70b6c crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys        Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys        Tue Aug 02 13:45:12 2016 +0000
@@ -100,9 +100,9 @@
 
 ECDSA certificate
 
-    string    "ecdsa-sha2-nistp256%openssh.com@localhost" |
-              "ecdsa-sha2-nistp384%openssh.com@localhost" |
-              "ecdsa-sha2-nistp521%openssh.com@localhost"
+    string    "ecdsa-sha2-nistp256-v01%openssh.com@localhost" |
+              "ecdsa-sha2-nistp384-v01%openssh.com@localhost" |
+              "ecdsa-sha2-nistp521-v01%openssh.com@localhost"
     string    nonce
     string    curve
     string    public_key
@@ -118,6 +118,23 @@
     string    signature key
     string    signature
 
+ED25519 certificate
+
+    string    "ssh-ed25519-cert-v01%openssh.com@localhost"
+    string    nonce
+    string    pk
+    uint64    serial
+    uint32    type
+    string    key id
+    string    valid principals
+    uint64    valid after
+    uint64    valid before
+    string    critical options
+    string    extensions
+    string    reserved
+    string    signature key
+    string    signature
+
 The nonce field is a CA-provided random bitstring of arbitrary length
 (but typically 16 or 32 bytes) included to make attacks that depend on
 inducing collisions in the signature hash infeasible.
@@ -129,6 +146,9 @@
 curve and public key are respectively the ECDSA "[identifier]" and "Q"
 defined in section 3.1 of RFC5656.
 
+pk is the encoded Ed25519 public key as defined by
+draft-josefsson-eddsa-ed25519-03.
+
 serial is an optional certificate serial number set by the CA to
 provide an abbreviated way to refer to certificates from that CA.
 If a CA does not wish to number its certificates it must set this
@@ -146,7 +166,7 @@
 certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
 usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
 zero-length "valid principals" field means the certificate is valid for
-any principal of the specified type. XXX DNS wildcards?
+any principal of the specified type.
 
 "valid after" and "valid before" specify a validity period for the
 certificate. Each represents a time in seconds since 1970-01-01
@@ -183,7 +203,7 @@
 up to, and including the signature key. Signatures are computed and
 encoded according to the rules defined for the CA's public key algorithm
 (RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
-types).
+types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
 
 Critical options
 ----------------
@@ -203,8 +223,9 @@
 "critical", if an implementation does not recognise a option
 then the validating party should refuse to accept the certificate.
 
-The supported options and the contents and structure of their
-data fields are:
+No critical options are defined for host certificates at present. The
+supported user certificate options and the contents and structure of
+their data fields are:
 
 Name                    Format        Description
 -----------------------------------------------------------------------------
@@ -233,8 +254,9 @@
 If an implementation does not recognise an extension, then it should
 ignore it.
 
-The supported extensions and the contents and structure of their data
-fields are:
+No extensions are defined for host certificates at present. The
+supported user certificate extensions and the contents and structure of
+their data fields are:
 
 Name                    Format        Description
 -----------------------------------------------------------------------------
@@ -262,5 +284,5 @@
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $
-$NetBSD: PROTOCOL.certkeys,v 1.5 2015/04/03 23:58:19 christos Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $
+$NetBSD: PROTOCOL.certkeys,v 1.6 2016/08/02 13:45:12 christos Exp $
diff -r fb8921a6c3fe -r 520a4ac70b6c crypto/external/bsd/openssh/dist/auth-krb5.c
--- a/crypto/external/bsd/openssh/dist/auth-krb5.c      Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-krb5.c      Tue Aug 02 13:45:12 2016 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: auth-krb5.c,v 1.8 2016/03/11 01:55:00 christos Exp $   */
-/* $OpenBSD: auth-krb5.c,v 1.21 2016/01/27 06:44:58 djm Exp $ */
+/*     $NetBSD: auth-krb5.c,v 1.9 2016/08/02 13:45:12 christos Exp $   */
+/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */
 
 /*
  *    Kerberos v5 authentication and ticket-passing routines.
@@ -31,7 +31,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-krb5.c,v 1.8 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: auth-krb5.c,v 1.9 2016/08/02 13:45:12 christos Exp $");
 #include <sys/types.h>
 #include <pwd.h>
 #include <stdarg.h>
@@ -39,7 +39,6 @@
 
 #include "xmalloc.h"
 #include "ssh.h"
-#include "ssh1.h"
 #include "packet.h"
 #include "log.h"
 #include "buffer.h"
diff -r fb8921a6c3fe -r 520a4ac70b6c crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c   Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c   Tue Aug 02 13:45:12 2016 +0000
@@ -1,6 +1,5 @@
-/*     $NetBSD: auth-options.c,v 1.12 2016/03/11 01:55:00 christos Exp $       */
-/* $OpenBSD: auth-options.c,v 1.70 2015/12/10 17:08:40 mmcc Exp $ */
-
+/*     $NetBSD: auth-options.c,v 1.13 2016/08/02 13:45:12 christos Exp $       */
+/* $OpenBSD: auth-options.c,v 1.71 2016/03/07 19:02:43 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
  * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -13,7 +12,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.12 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.13 2016/08/02 13:45:12 christos Exp $");
 #include <sys/types.h>
 #include <sys/queue.h>
 
@@ -31,6 +30,7 @@
 #include "ssherr.h"
 #include "log.h"
 #include "canohost.h"
+#include "packet.h"
 #include "sshbuf.h"
 #include "misc.h"
 #include "channels.h"
@@ -123,6 +123,7 @@
 auth_parse_options(struct passwd *pw, const char *opts, const char *file,
     u_long linenum)
 {
+       struct ssh *ssh = active_state;         /* XXX */
        const char *cp;
        int i, r;
 
@@ -276,9 +277,9 @@
                }
                cp = "from=\"";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                       const char *remote_ip = get_remote_ipaddr();
-                       const char *remote_host = get_canonical_hostname(
-                           options.use_dns);
+                       const char *remote_ip = ssh_remote_ipaddr(ssh);
+                       const char *remote_host = auth_get_canonical_hostname(
+                           ssh, options.use_dns);
                        char *patterns = xmalloc(strlen(opts) + 1);
 
                        opts += strlen(cp);
@@ -460,6 +461,7 @@
     char **cert_forced_command,
     int *cert_source_address_done)
 {
+       struct ssh *ssh = active_state;         /* XXX */
        char *command, *allowed;
        const char *remote_ip;
        char *name = NULL;
@@ -533,7 +535,7 @@
                                        free(allowed);
                                        goto out;
                                }
-                               remote_ip = get_remote_ipaddr();
+                               remote_ip = ssh_remote_ipaddr(ssh);
                                result = addr_match_cidr_list(remote_ip,
                                    allowed);
                                free(allowed);
diff -r fb8921a6c3fe -r 520a4ac70b6c crypto/external/bsd/openssh/dist/auth-pam.c
--- a/crypto/external/bsd/openssh/dist/auth-pam.c       Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-pam.c       Tue Aug 02 13:45:12 2016 +0000
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.8 2016/01/23 00:03:30 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.9 2016/08/02 13:45:12 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -108,6 +108,8 @@
 #include "packet.h"
 #include "misc.h"
 #include "servconf.h"
+#include "channels.h"
+#include "session.h"
 #include "ssh2.h"
 #include "auth-options.h"
 #ifdef GSSAPI
@@ -640,6 +642,7 @@
 {
        const char *pam_rhost, *pam_user, *user = authctxt->user;
        const char **ptr_pam_user = &pam_user;



Home | Main Index | Thread Index | Old Index