3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
347 lines
11 KiB
Diff
347 lines
11 KiB
Diff
Index: crypto/openssh/auth-chall.c
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
|
|
retrieving revision 1.2.2.4
|
|
retrieving revision 1.2.2.6
|
|
diff -p -c -r1.2.2.4 -r1.2.2.6
|
|
*** crypto/openssh/auth-chall.c 3 Feb 2003 17:31:06 -0000 1.2.2.4
|
|
--- crypto/openssh/auth-chall.c 24 Sep 2003 18:25:31 -0000 1.2.2.6
|
|
*************** verify_response(Authctxt *authctxt, cons
|
|
*** 93,101 ****
|
|
xfree(info);
|
|
}
|
|
/* if we received more prompts, we're screwed */
|
|
! res = (numprompts != 0);
|
|
}
|
|
device->free_ctx(authctxt->kbdintctxt);
|
|
authctxt->kbdintctxt = NULL;
|
|
return res ? 0 : 1;
|
|
}
|
|
--- 93,109 ----
|
|
xfree(info);
|
|
}
|
|
/* if we received more prompts, we're screwed */
|
|
! res = (res == 0 && numprompts == 0) ? 0 : -1;
|
|
}
|
|
device->free_ctx(authctxt->kbdintctxt);
|
|
authctxt->kbdintctxt = NULL;
|
|
return res ? 0 : 1;
|
|
+ }
|
|
+ void
|
|
+ abandon_challenge_response(Authctxt *authctxt)
|
|
+ {
|
|
+ if (authctxt->kbdintctxt != NULL) {
|
|
+ device->free_ctx(authctxt->kbdintctxt);
|
|
+ authctxt->kbdintctxt = NULL;
|
|
+ }
|
|
}
|
|
Index: crypto/openssh/auth.h
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
|
|
retrieving revision 1.1.1.1.2.6
|
|
retrieving revision 1.1.1.1.2.7
|
|
diff -p -c -r1.1.1.1.2.6 -r1.1.1.1.2.7
|
|
*** crypto/openssh/auth.h 3 Feb 2003 17:31:06 -0000 1.1.1.1.2.6
|
|
--- crypto/openssh/auth.h 7 Apr 2003 09:56:46 -0000 1.1.1.1.2.7
|
|
*************** struct passwd * getpwnamallow(const char
|
|
*** 160,165 ****
|
|
--- 160,166 ----
|
|
|
|
char *get_challenge(Authctxt *);
|
|
int verify_response(Authctxt *, const char *);
|
|
+ void abandon_challenge_response(Authctxt *);
|
|
|
|
struct passwd * auth_get_user(void);
|
|
|
|
Index: crypto/openssh/auth1.c
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
|
|
retrieving revision 1.3.2.9
|
|
retrieving revision 1.3.2.10
|
|
diff -p -c -r1.3.2.9 -r1.3.2.10
|
|
*** crypto/openssh/auth1.c 3 Feb 2003 17:31:06 -0000 1.3.2.9
|
|
--- crypto/openssh/auth1.c 7 Apr 2003 09:56:46 -0000 1.3.2.10
|
|
*************** do_authloop(Authctxt *authctxt)
|
|
*** 74,80 ****
|
|
char info[1024];
|
|
u_int dlen;
|
|
u_int ulen;
|
|
! int type = 0;
|
|
struct passwd *pw = authctxt->pw;
|
|
|
|
debug("Attempting authentication for %s%.100s.",
|
|
--- 74,80 ----
|
|
char info[1024];
|
|
u_int dlen;
|
|
u_int ulen;
|
|
! int prev, type = 0;
|
|
struct passwd *pw = authctxt->pw;
|
|
|
|
debug("Attempting authentication for %s%.100s.",
|
|
*************** do_authloop(Authctxt *authctxt)
|
|
*** 104,110 ****
|
|
--- 104,122 ----
|
|
info[0] = '\0';
|
|
|
|
/* Get a packet from the client. */
|
|
+ prev = type;
|
|
type = packet_read();
|
|
+
|
|
+ /*
|
|
+ * If we started challenge-response authentication but the
|
|
+ * next packet is not a response to our challenge, release
|
|
+ * the resources allocated by get_challenge() (which would
|
|
+ * normally have been released by verify_response() had we
|
|
+ * received such a response)
|
|
+ */
|
|
+ if (prev == SSH_CMSG_AUTH_TIS &&
|
|
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
|
|
+ abandon_challenge_response(authctxt);
|
|
|
|
/* Process the packet. */
|
|
switch (type) {
|
|
Index: crypto/openssh/auth2-pam-freebsd.c
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
|
|
retrieving revision 1.1.2.6
|
|
retrieving revision 1.1.2.8
|
|
diff -p -c -r1.1.2.6 -r1.1.2.8
|
|
*** crypto/openssh/auth2-pam-freebsd.c 7 Apr 2003 09:56:46 -0000 1.1.2.6
|
|
--- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:13:34 -0000 1.1.2.8
|
|
*************** pam_thread_conv(int n,
|
|
*** 134,141 ****
|
|
*resp = xmalloc(n * sizeof **resp);
|
|
buffer_init(&buffer);
|
|
for (i = 0; i < n; ++i) {
|
|
! resp[i]->resp_retcode = 0;
|
|
! resp[i]->resp = NULL;
|
|
switch (msg[i]->msg_style) {
|
|
case PAM_PROMPT_ECHO_OFF:
|
|
buffer_put_cstring(&buffer, msg[i]->msg);
|
|
--- 134,141 ----
|
|
*resp = xmalloc(n * sizeof **resp);
|
|
buffer_init(&buffer);
|
|
for (i = 0; i < n; ++i) {
|
|
! (*resp)[i].resp_retcode = 0;
|
|
! (*resp)[i].resp = NULL;
|
|
switch (msg[i]->msg_style) {
|
|
case PAM_PROMPT_ECHO_OFF:
|
|
buffer_put_cstring(&buffer, msg[i]->msg);
|
|
*************** pam_thread_conv(int n,
|
|
*** 143,149 ****
|
|
ssh_msg_recv(ctxt->pam_csock, &buffer);
|
|
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
|
|
goto fail;
|
|
! resp[i]->resp = buffer_get_string(&buffer, NULL);
|
|
break;
|
|
case PAM_PROMPT_ECHO_ON:
|
|
buffer_put_cstring(&buffer, msg[i]->msg);
|
|
--- 143,149 ----
|
|
ssh_msg_recv(ctxt->pam_csock, &buffer);
|
|
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
|
|
goto fail;
|
|
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
|
|
break;
|
|
case PAM_PROMPT_ECHO_ON:
|
|
buffer_put_cstring(&buffer, msg[i]->msg);
|
|
*************** pam_thread_conv(int n,
|
|
*** 151,157 ****
|
|
ssh_msg_recv(ctxt->pam_csock, &buffer);
|
|
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
|
|
goto fail;
|
|
! resp[i]->resp = buffer_get_string(&buffer, NULL);
|
|
break;
|
|
case PAM_ERROR_MSG:
|
|
buffer_put_cstring(&buffer, msg[i]->msg);
|
|
--- 151,157 ----
|
|
ssh_msg_recv(ctxt->pam_csock, &buffer);
|
|
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
|
|
goto fail;
|
|
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
|
|
break;
|
|
case PAM_ERROR_MSG:
|
|
buffer_put_cstring(&buffer, msg[i]->msg);
|
|
*************** pam_thread_conv(int n,
|
|
*** 169,176 ****
|
|
buffer_free(&buffer);
|
|
return (PAM_SUCCESS);
|
|
fail:
|
|
- while (i)
|
|
- xfree(resp[--i]);
|
|
xfree(*resp);
|
|
*resp = NULL;
|
|
buffer_free(&buffer);
|
|
--- 169,174 ----
|
|
*************** pam_chauthtok_conv(int n,
|
|
*** 550,569 ****
|
|
for (i = 0; i < n; ++i) {
|
|
switch (msg[i]->msg_style) {
|
|
case PAM_PROMPT_ECHO_OFF:
|
|
! resp[i]->resp =
|
|
read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
|
|
! resp[i]->resp_retcode = PAM_SUCCESS;
|
|
break;
|
|
case PAM_PROMPT_ECHO_ON:
|
|
fputs(msg[i]->msg, stderr);
|
|
fgets(input, sizeof input, stdin);
|
|
! resp[i]->resp = xstrdup(input);
|
|
! resp[i]->resp_retcode = PAM_SUCCESS;
|
|
break;
|
|
case PAM_ERROR_MSG:
|
|
case PAM_TEXT_INFO:
|
|
fputs(msg[i]->msg, stderr);
|
|
! resp[i]->resp_retcode = PAM_SUCCESS;
|
|
break;
|
|
default:
|
|
goto fail;
|
|
--- 548,567 ----
|
|
for (i = 0; i < n; ++i) {
|
|
switch (msg[i]->msg_style) {
|
|
case PAM_PROMPT_ECHO_OFF:
|
|
! (*resp)[i].resp =
|
|
read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
|
|
! (*resp)[i].resp_retcode = PAM_SUCCESS;
|
|
break;
|
|
case PAM_PROMPT_ECHO_ON:
|
|
fputs(msg[i]->msg, stderr);
|
|
fgets(input, sizeof input, stdin);
|
|
! (*resp)[i].resp = xstrdup(input);
|
|
! (*resp)[i].resp_retcode = PAM_SUCCESS;
|
|
break;
|
|
case PAM_ERROR_MSG:
|
|
case PAM_TEXT_INFO:
|
|
fputs(msg[i]->msg, stderr);
|
|
! (*resp)[i].resp_retcode = PAM_SUCCESS;
|
|
break;
|
|
default:
|
|
goto fail;
|
|
*************** pam_chauthtok_conv(int n,
|
|
*** 571,578 ****
|
|
}
|
|
return (PAM_SUCCESS);
|
|
fail:
|
|
- while (i)
|
|
- xfree(resp[--i]);
|
|
xfree(*resp);
|
|
*resp = NULL;
|
|
return (PAM_CONV_ERR);
|
|
--- 569,574 ----
|
|
Index: crypto/openssh/ssh_config
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
|
|
retrieving revision 1.2.2.8
|
|
retrieving revision 1.2.2.9
|
|
diff -p -c -r1.2.2.8 -r1.2.2.9
|
|
*** crypto/openssh/ssh_config 11 Feb 2003 12:11:54 -0000 1.2.2.8
|
|
--- crypto/openssh/ssh_config 24 Sep 2003 19:28:35 -0000 1.2.2.9
|
|
***************
|
|
*** 35,38 ****
|
|
# Cipher 3des
|
|
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
|
|
# EscapeChar ~
|
|
! # VersionAddendum FreeBSD-20030201
|
|
--- 35,38 ----
|
|
# Cipher 3des
|
|
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
|
|
# EscapeChar ~
|
|
! # VersionAddendum FreeBSD-20030924
|
|
Index: crypto/openssh/sshd_config
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
|
|
retrieving revision 1.4.2.12
|
|
retrieving revision 1.4.2.13
|
|
diff -p -c -r1.4.2.12 -r1.4.2.13
|
|
*** crypto/openssh/sshd_config 11 Feb 2003 12:11:54 -0000 1.4.2.12
|
|
--- crypto/openssh/sshd_config 24 Sep 2003 19:28:35 -0000 1.4.2.13
|
|
***************
|
|
*** 14,20 ****
|
|
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
|
|
# FreeBSD has a few additional options.
|
|
|
|
! #VersionAddendum FreeBSD-20030201
|
|
|
|
#Port 22
|
|
#Protocol 2,1
|
|
--- 14,20 ----
|
|
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
|
|
# FreeBSD has a few additional options.
|
|
|
|
! #VersionAddendum FreeBSD-20030924
|
|
|
|
#Port 22
|
|
#Protocol 2,1
|
|
Index: crypto/openssh/version.h
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/version.h,v
|
|
retrieving revision 1.1.1.1.2.12
|
|
retrieving revision 1.1.1.1.2.13
|
|
diff -p -c -r1.1.1.1.2.12 -r1.1.1.1.2.13
|
|
*** crypto/openssh/version.h 17 Sep 2003 14:41:41 -0000 1.1.1.1.2.12
|
|
--- crypto/openssh/version.h 24 Sep 2003 19:28:35 -0000 1.1.1.1.2.13
|
|
***************
|
|
*** 5,11 ****
|
|
|
|
#define SSH_VERSION (ssh_version_get())
|
|
#define SSH_VERSION_BASE "OpenSSH_3.5p1"
|
|
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917"
|
|
|
|
const char *ssh_version_get(void);
|
|
void ssh_version_set_addendum(const char *add);
|
|
--- 5,11 ----
|
|
|
|
#define SSH_VERSION (ssh_version_get())
|
|
#define SSH_VERSION_BASE "OpenSSH_3.5p1"
|
|
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924"
|
|
|
|
const char *ssh_version_get(void);
|
|
void ssh_version_set_addendum(const char *add);
|
|
Index: crypto/openssh/sshd_config.5
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
|
|
retrieving revision 1.5.2.5
|
|
retrieving revision 1.5.2.6
|
|
diff -p -c -r1.5.2.5 -r1.5.2.6
|
|
*** crypto/openssh/sshd_config.5 11 Feb 2003 12:11:54 -0000 1.5.2.5
|
|
--- crypto/openssh/sshd_config.5 24 Sep 2003 19:28:35 -0000 1.5.2.6
|
|
*************** The default is
|
|
*** 647,653 ****
|
|
Specifies a string to append to the regular version string to identify
|
|
OS- or site-specific modifications.
|
|
The default is
|
|
! .Dq FreeBSD-20030201 .
|
|
.It Cm X11DisplayOffset
|
|
Specifies the first display number available for
|
|
.Nm sshd Ns 's
|
|
--- 647,653 ----
|
|
Specifies a string to append to the regular version string to identify
|
|
OS- or site-specific modifications.
|
|
The default is
|
|
! .Dq FreeBSD-20030924 .
|
|
.It Cm X11DisplayOffset
|
|
Specifies the first display number available for
|
|
.Nm sshd Ns 's
|
|
Index: crypto/openssh/ssh_config.5
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
|
|
retrieving revision 1.4.2.4
|
|
retrieving revision 1.4.2.5
|
|
diff -p -c -r1.4.2.4 -r1.4.2.5
|
|
*** crypto/openssh/ssh_config.5 11 Feb 2003 12:11:54 -0000 1.4.2.4
|
|
--- crypto/openssh/ssh_config.5 24 Sep 2003 19:28:35 -0000 1.4.2.5
|
|
*************** host key database instead of
|
|
*** 616,622 ****
|
|
Specifies a string to append to the regular version string to identify
|
|
OS- or site-specific modifications.
|
|
The default is
|
|
! .Dq FreeBSD-20030201 .
|
|
.It Cm XAuthLocation
|
|
Specifies the full pathname of the
|
|
.Xr xauth 1
|
|
--- 616,622 ----
|
|
Specifies a string to append to the regular version string to identify
|
|
OS- or site-specific modifications.
|
|
The default is
|
|
! .Dq FreeBSD-20030924 .
|
|
.It Cm XAuthLocation
|
|
Specifies the full pathname of the
|
|
.Xr xauth 1
|