summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2005-07-25 11:59:41 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2005-07-25 11:59:41 +0000
commit5acdc59b80474dc1722a5c5439df2d68aabe7a52 (patch)
treeb304c202e9538accc7a5b0e32cc52dc686895b5b /usr.bin/ssh
parent2f607a7a619756469ae9a60b6d90b3e01706222e (diff)
add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/kex.c10
-rw-r--r--usr.bin/ssh/kex.h6
-rw-r--r--usr.bin/ssh/myproposal.h4
-rw-r--r--usr.bin/ssh/packet.c56
-rw-r--r--usr.bin/ssh/packet.h4
-rw-r--r--usr.bin/ssh/servconf.c22
-rw-r--r--usr.bin/ssh/session.c5
-rw-r--r--usr.bin/ssh/sshconnect2.c6
-rw-r--r--usr.bin/ssh/sshd.c15
-rw-r--r--usr.bin/ssh/sshd_config4
-rw-r--r--usr.bin/ssh/sshd_config.510
11 files changed, 116 insertions, 26 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index 06a3ad4ccd0..5dce335fe5f 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.63 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
#include <openssl/crypto.h>
@@ -275,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server)
char *name = match_list(client, server, NULL);
if (name == NULL)
fatal("no matching comp found: client %s server %s", client, server);
- if (strcmp(name, "zlib") == 0) {
- comp->type = 1;
+ if (strcmp(name, "zlib@openssh.com") == 0) {
+ comp->type = COMP_DELAYED;
+ } else if (strcmp(name, "zlib") == 0) {
+ comp->type = COMP_ZLIB;
} else if (strcmp(name, "none") == 0) {
- comp->type = 0;
+ comp->type = COMP_NONE;
} else {
fatal("unsupported comp %s", name);
}
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index 059d83cd549..3024a27172e 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.36 2005/06/17 02:44:32 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -35,6 +35,10 @@
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
+#define COMP_NONE 0
+#define COMP_ZLIB 1
+#define COMP_DELAYED 2
+
enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
PROPOSAL_SERVER_HOST_KEY_ALGS,
diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h
index 2edbe162483..d8cba1caf81 100644
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.17 2005/05/23 23:32:46 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -36,7 +36,7 @@
"hmac-md5,hmac-sha1,hmac-ripemd160," \
"hmac-ripemd160@openssh.com," \
"hmac-sha1-96,hmac-md5-96"
-#define KEX_DEFAULT_COMP "none,zlib"
+#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
#define KEX_DEFAULT_LANG ""
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index 516ed10130d..0d7d727c397 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.117 2005/06/17 02:44:32 djm Exp $");
+RCSID("$OpenBSD: packet.c,v 1.118 2005/07/25 11:59:39 markus Exp $");
#include <sys/queue.h>
@@ -116,6 +116,12 @@ static int initialized = 0;
/* Set to true if the connection is interactive. */
static int interactive_mode = 0;
+/* Set to true if we are the server side. */
+static int server_side = 0;
+
+/* Set to true if we are authenticated. */
+static int after_authentication = 0;
+
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
static struct packet_state {
@@ -619,7 +625,9 @@ set_newkeys(int mode)
/* Deleting the keys does not gain extra security */
/* memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len); */
- if (comp->type != 0 && comp->enabled == 0) {
+ if ((comp->type == COMP_ZLIB ||
+ (comp->type == COMP_DELAYED && after_authentication)) &&
+ comp->enabled == 0) {
packet_init_compression();
if (mode == MODE_OUT)
buffer_compress_init_send(6);
@@ -640,6 +648,34 @@ set_newkeys(int mode)
}
/*
+ * Delayed compression for SSH2 is enabled after authentication:
+ * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
+ * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
+ */
+static void
+packet_enable_delayed_compress(void)
+{
+ Comp *comp = NULL;
+ int mode;
+
+ /*
+ * Remember that we are past the authentication step, so rekeying
+ * with COMP_DELAYED will turn on compression immediately.
+ */
+ after_authentication = 1;
+ for (mode = 0; mode < MODE_MAX; mode++) {
+ comp = &newkeys[mode]->comp;
+ if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
+ if (mode == MODE_OUT)
+ buffer_compress_init_send(6);
+ else
+ buffer_compress_init_recv();
+ comp->enabled = 1;
+ }
+ }
+}
+
+/*
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
*/
static void
@@ -752,6 +788,8 @@ packet_send2_wrapped(void)
if (type == SSH2_MSG_NEWKEYS)
set_newkeys(MODE_OUT);
+ else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
+ packet_enable_delayed_compress();
}
static void
@@ -1094,6 +1132,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
packet_disconnect("Invalid ssh2 packet type: %d", type);
if (type == SSH2_MSG_NEWKEYS)
set_newkeys(MODE_IN);
+ else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
+ packet_enable_delayed_compress();
#ifdef PACKET_DEBUG
fprintf(stderr, "read/plain[%d]:\r\n", type);
buffer_dump(&incoming_packet);
@@ -1516,3 +1556,15 @@ packet_set_rekey_limit(u_int32_t bytes)
{
rekey_limit = bytes;
}
+
+void
+packet_set_server(void)
+{
+ server_side = 1;
+}
+
+void
+packet_set_authenticated(void)
+{
+ after_authentication = 1;
+}
diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h
index 1ab6d8572a5..8c23646aaae 100644
--- a/usr.bin/ssh/packet.h
+++ b/usr.bin/ssh/packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.42 2005/06/17 02:44:33 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.43 2005/07/25 11:59:40 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -30,6 +30,8 @@ u_int packet_get_protocol_flags(void);
void packet_start_compression(int);
void packet_set_interactive(int);
int packet_is_interactive(void);
+void packet_set_server(void);
+void packet_set_authenticated(void);
void packet_start(u_char);
void packet_put_char(int ch);
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index f987aebc7ac..7207b1072bd 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.142 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.143 2005/07/25 11:59:40 markus Exp $");
#include "ssh.h"
#include "log.h"
@@ -191,7 +191,7 @@ fill_default_server_options(ServerOptions *options)
if (options->use_login == -1)
options->use_login = 0;
if (options->compression == -1)
- options->compression = 1;
+ options->compression = COMP_DELAYED;
if (options->allow_tcp_forwarding == -1)
options->allow_tcp_forwarding = 1;
if (options->gateway_ports == -1)
@@ -684,7 +684,23 @@ parse_flag:
case sCompression:
intptr = &options->compression;
- goto parse_flag;
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing yes/no/delayed "
+ "argument.", filename, linenum);
+ value = 0; /* silence compiler */
+ if (strcmp(arg, "delayed") == 0)
+ value = COMP_DELAYED;
+ else if (strcmp(arg, "yes") == 0)
+ value = COMP_ZLIB;
+ else if (strcmp(arg, "no") == 0)
+ value = COMP_NONE;
+ else
+ fatal("%s line %d: Bad yes/no/delayed "
+ "argument: %s", filename, linenum, arg);
+ if (*intptr == -1)
+ *intptr = value;
+ break;
case sGatewayPorts:
intptr = &options->gateway_ports;
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index f943542d308..67d22e94267 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.185 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -56,6 +56,7 @@ RCSID("$OpenBSD: session.c,v 1.185 2005/07/17 07:17:55 djm Exp $");
#include "serverloop.h"
#include "canohost.h"
#include "session.h"
+#include "kex.h"
#include "monitor_wrap.h"
#ifdef KRB5
@@ -269,7 +270,7 @@ do_authenticated1(Authctxt *authctxt)
compression_level);
break;
}
- if (!options.compression) {
+ if (options.compression == COMP_NONE) {
debug2("compression disabled");
break;
}
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 7e0a9509c39..331e7096459 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.140 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.141 2005/07/25 11:59:40 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
@@ -99,10 +99,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 6a454353ccd..e0753035bc2 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.311 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -662,6 +662,12 @@ privsep_postauth(Authctxt *authctxt)
/* It is safe now to apply the key state */
monitor_apply_keystate(pmonitor);
+
+ /*
+ * Tell the packet layer that authentication was successful, since
+ * this information is not part of the key state.
+ */
+ packet_set_authenticated();
}
static char *
@@ -1551,6 +1557,7 @@ main(int ac, char **av)
* not have a key.
*/
packet_set_connection(sock_in, sock_out);
+ packet_set_server();
/* Set SO_KEEPALIVE if requested. */
if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
@@ -1899,10 +1906,14 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
- if (!options.compression) {
+ if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ } else if (options.compression == COMP_DELAYED) {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
}
+
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
/* start key exchange */
diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config
index d04f96f66ed..dd57fc14680 100644
--- a/usr.bin/ssh/sshd_config
+++ b/usr.bin/ssh/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.71 2005/05/19 02:40:52 djm Exp $
+# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -78,7 +78,7 @@
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
-#Compression yes
+#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index 8aa5bcf82be..c4a9c7db2dd 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.43 2005/05/23 23:32:46 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@@ -217,13 +217,15 @@ The default
is 0, indicating that these messages will not be sent to the client.
This option applies to protocol version 2 only.
.It Cm Compression
-Specifies whether compression is allowed.
+Specifies whether compression is allowed, or delayed until
+the user has authenticated successfully.
The argument must be
-.Dq yes
+.Dq yes ,
+.Dq delayed ,
or
.Dq no .
The default is
-.Dq yes .
+.Dq delayed .
.It Cm DenyGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.