mirror of git://anongit.mindrot.org/openssh.git
upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
This commit is contained in:
parent
bba229b6f3
commit
4ca6a1fac3
10
channels.c
10
channels.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: channels.c,v 1.403 2020/10/18 11:32:01 djm Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.404 2021/01/27 09:26:53 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -2997,7 +2997,7 @@ channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh)
|
|||
return 0;
|
||||
}
|
||||
if (c->flags & CHAN_EOF_RCVD) {
|
||||
if (datafellows & SSH_BUG_EXTEOF)
|
||||
if (ssh->compat & SSH_BUG_EXTEOF)
|
||||
debug("channel %d: accepting ext data after eof",
|
||||
c->self);
|
||||
else
|
||||
|
@ -3260,7 +3260,7 @@ channel_fwd_bind_addr(struct ssh *ssh, const char *listen_addr, int *wildcardp,
|
|||
if (fwd_opts->gateway_ports)
|
||||
wildcard = 1;
|
||||
} else if (fwd_opts->gateway_ports || is_client) {
|
||||
if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
|
||||
if (((ssh->compat & SSH_OLD_FORWARD_ADDR) &&
|
||||
strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
|
||||
*listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
|
||||
(!is_client && fwd_opts->gateway_ports == 1)) {
|
||||
|
@ -3449,7 +3449,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
|
|||
c->host_port = fwd->connect_port;
|
||||
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
|
||||
if (fwd->listen_port == 0 && allocated_listen_port != NULL &&
|
||||
!(datafellows & SSH_BUG_DYNAMIC_RPORT))
|
||||
!(ssh->compat & SSH_BUG_DYNAMIC_RPORT))
|
||||
c->listening_port = *allocated_listen_port;
|
||||
else
|
||||
c->listening_port = fwd->listen_port;
|
||||
|
@ -4087,7 +4087,7 @@ channel_update_permission(struct ssh *ssh, int idx, int newport)
|
|||
fwd_perm_clear(&pset->permitted_user[idx]);
|
||||
else {
|
||||
pset->permitted_user[idx].listen_port =
|
||||
(datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
|
||||
(ssh->compat & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.c,v 1.356 2020/12/20 23:36:51 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.357 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -1024,7 +1024,7 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
continue;
|
||||
|
||||
case 'R':
|
||||
if (datafellows & SSH_BUG_NOREKEY)
|
||||
if (ssh->compat & SSH_BUG_NOREKEY)
|
||||
logit("Server does not "
|
||||
"support re-keying");
|
||||
else
|
||||
|
|
36
compat.c
36
compat.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: compat.c,v 1.116 2020/10/18 11:32:01 djm Exp $ */
|
||||
/* $OpenBSD: compat.c,v 1.117 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -38,11 +38,9 @@
|
|||
#include "match.h"
|
||||
#include "kex.h"
|
||||
|
||||
int datafellows = 0;
|
||||
|
||||
/* datafellows bug compatibility */
|
||||
u_int
|
||||
compat_datafellows(const char *version)
|
||||
/* determine bug flags from SSH protocol banner */
|
||||
void
|
||||
compat_banner(struct ssh *ssh, const char *version)
|
||||
{
|
||||
int i;
|
||||
static struct {
|
||||
|
@ -145,22 +143,22 @@ compat_datafellows(const char *version)
|
|||
};
|
||||
|
||||
/* process table, return first match */
|
||||
ssh->compat = 0;
|
||||
for (i = 0; check[i].pat; i++) {
|
||||
if (match_pattern_list(version, check[i].pat, 0) == 1) {
|
||||
debug("match: %s pat %s compat 0x%08x",
|
||||
debug_f("match: %s pat %s compat 0x%08x",
|
||||
version, check[i].pat, check[i].bugs);
|
||||
datafellows = check[i].bugs; /* XXX for now */
|
||||
return check[i].bugs;
|
||||
ssh->compat = check[i].bugs;
|
||||
return;
|
||||
}
|
||||
}
|
||||
debug("no match: %s", version);
|
||||
return 0;
|
||||
debug_f("no match: %s", version);
|
||||
}
|
||||
|
||||
char *
|
||||
compat_cipher_proposal(char *cipher_prop)
|
||||
compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
|
||||
{
|
||||
if (!(datafellows & SSH_BUG_BIGENDIANAES))
|
||||
if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
|
||||
return cipher_prop;
|
||||
debug2_f("original cipher proposal: %s", cipher_prop);
|
||||
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
|
||||
|
@ -172,9 +170,9 @@ compat_cipher_proposal(char *cipher_prop)
|
|||
}
|
||||
|
||||
char *
|
||||
compat_pkalg_proposal(char *pkalg_prop)
|
||||
compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
|
||||
{
|
||||
if (!(datafellows & SSH_BUG_RSASIGMD5))
|
||||
if (!(ssh->compat & SSH_BUG_RSASIGMD5))
|
||||
return pkalg_prop;
|
||||
debug2_f("original public key proposal: %s", pkalg_prop);
|
||||
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
|
||||
|
@ -186,16 +184,16 @@ compat_pkalg_proposal(char *pkalg_prop)
|
|||
}
|
||||
|
||||
char *
|
||||
compat_kex_proposal(char *p)
|
||||
compat_kex_proposal(struct ssh *ssh, char *p)
|
||||
{
|
||||
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
||||
if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
||||
return p;
|
||||
debug2_f("original KEX proposal: %s", p);
|
||||
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
|
||||
if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
|
||||
if ((p = match_filter_denylist(p,
|
||||
"curve25519-sha256@libssh.org")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
if ((datafellows & SSH_OLD_DHGEX) != 0) {
|
||||
if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
|
||||
if ((p = match_filter_denylist(p,
|
||||
"diffie-hellman-group-exchange-sha256,"
|
||||
"diffie-hellman-group-exchange-sha1")) == NULL)
|
||||
|
|
12
compat.h
12
compat.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: compat.h,v 1.55 2020/06/01 07:11:38 dtucker Exp $ */
|
||||
/* $OpenBSD: compat.h,v 1.56 2021/01/27 09:26:54 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -58,10 +58,10 @@
|
|||
#define SSH_BUG_HOSTKEYS 0x20000000
|
||||
#define SSH_BUG_DHGEX_LARGE 0x40000000
|
||||
|
||||
u_int compat_datafellows(const char *);
|
||||
char *compat_cipher_proposal(char *);
|
||||
char *compat_pkalg_proposal(char *);
|
||||
char *compat_kex_proposal(char *);
|
||||
struct ssh;
|
||||
|
||||
extern int datafellows;
|
||||
void compat_banner(struct ssh *, const char *);
|
||||
char *compat_cipher_proposal(struct ssh *, char *);
|
||||
char *compat_pkalg_proposal(struct ssh *, char *);
|
||||
char *compat_kex_proposal(struct ssh *, char *);
|
||||
#endif
|
||||
|
|
4
kex.c
4
kex.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kex.c,v 1.163 2020/12/29 00:59:15 djm Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.164 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -1322,7 +1322,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
}
|
||||
debug("Remote protocol version %d.%d, remote software version %.100s",
|
||||
remote_major, remote_minor, remote_version);
|
||||
ssh->compat = compat_datafellows(remote_version);
|
||||
compat_banner(ssh, remote_version);
|
||||
|
||||
mismatch = 0;
|
||||
switch (remote_major) {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kexgexc.c,v 1.35 2019/11/25 00:51:37 djm Exp $ */
|
||||
/* $OpenBSD: kexgexc.c,v 1.36 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -68,7 +68,7 @@ kexgex_client(struct ssh *ssh)
|
|||
kex->min = DH_GRP_MIN;
|
||||
kex->max = DH_GRP_MAX;
|
||||
kex->nbits = nbits;
|
||||
if (datafellows & SSH_BUG_DHGEX_LARGE)
|
||||
if (ssh->compat & SSH_BUG_DHGEX_LARGE)
|
||||
kex->nbits = MINIMUM(kex->nbits, 4096);
|
||||
/* New GEX request */
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
|
||||
|
|
10
monitor.c
10
monitor.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: monitor.c,v 1.221 2021/01/26 05:32:21 dtucker Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.222 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -1175,7 +1175,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
if (key != NULL && authctxt->valid) {
|
||||
/* These should not make it past the privsep child */
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
(datafellows & SSH_BUG_RSASIGMD5) != 0)
|
||||
(ssh->compat & SSH_BUG_RSASIGMD5) != 0)
|
||||
fatal_f("passed a SSH_BUG_RSASIGMD5 key");
|
||||
|
||||
switch (type) {
|
||||
|
@ -1252,7 +1252,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
}
|
||||
|
||||
static int
|
||||
monitor_valid_userblob(const u_char *data, u_int datalen)
|
||||
monitor_valid_userblob(struct ssh *ssh, const u_char *data, u_int datalen)
|
||||
{
|
||||
struct sshbuf *b;
|
||||
const u_char *p;
|
||||
|
@ -1264,7 +1264,7 @@ monitor_valid_userblob(const u_char *data, u_int datalen)
|
|||
if ((b = sshbuf_from(data, datalen)) == NULL)
|
||||
fatal_f("sshbuf_from");
|
||||
|
||||
if (datafellows & SSH_OLD_SESSIONID) {
|
||||
if (ssh->compat & SSH_OLD_SESSIONID) {
|
||||
p = sshbuf_ptr(b);
|
||||
len = sshbuf_len(b);
|
||||
if ((session_id2 == NULL) ||
|
||||
|
@ -1418,7 +1418,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
switch (key_blobtype) {
|
||||
case MM_USERKEY:
|
||||
valid_data = monitor_valid_userblob(data, datalen);
|
||||
valid_data = monitor_valid_userblob(ssh, data, datalen);
|
||||
auth_method = "publickey";
|
||||
break;
|
||||
case MM_HOSTKEY:
|
||||
|
|
6
nchan.c
6
nchan.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: nchan.c,v 1.71 2020/10/18 11:32:01 djm Exp $ */
|
||||
/* $OpenBSD: nchan.c,v 1.72 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -233,7 +233,7 @@ chan_send_eow2(struct ssh *ssh, Channel *c)
|
|||
c->self);
|
||||
return;
|
||||
}
|
||||
if (!(datafellows & SSH_NEW_OPENSSH))
|
||||
if (!(ssh->compat & SSH_NEW_OPENSSH))
|
||||
return;
|
||||
if (!c->have_remote_id)
|
||||
fatal_f("channel %d: no remote_id", c->self);
|
||||
|
@ -334,7 +334,7 @@ chan_is_dead(struct ssh *ssh, Channel *c, int do_send)
|
|||
}
|
||||
if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
|
||||
return 0;
|
||||
if ((datafellows & SSH_BUG_EXTEOF) &&
|
||||
if ((ssh->compat & SSH_BUG_EXTEOF) &&
|
||||
c->extended_usage == CHAN_EXTENDED_WRITE &&
|
||||
c->efd != -1 &&
|
||||
sshbuf_len(c->extended) > 0) {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-keyscan.c,v 1.138 2020/12/29 00:59:15 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keyscan.c,v 1.139 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
||||
*
|
||||
|
@ -522,11 +522,10 @@ congreet(int s)
|
|||
fatal("ssh_packet_set_connection failed");
|
||||
ssh_packet_set_timeout(c->c_ssh, timeout, 1);
|
||||
ssh_set_app_data(c->c_ssh, c); /* back link */
|
||||
c->c_ssh->compat = 0;
|
||||
if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
|
||||
&remote_major, &remote_minor, remote_version) == 3)
|
||||
c->c_ssh->compat = compat_datafellows(remote_version);
|
||||
else
|
||||
c->c_ssh->compat = 0;
|
||||
compat_banner(c->c_ssh, remote_version);
|
||||
if (!ssh2_capable(remote_major, remote_minor)) {
|
||||
debug("%s doesn't support ssh2", c->c_name);
|
||||
confree(s);
|
||||
|
|
4
ssh.c
4
ssh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh.c,v 1.548 2021/01/26 05:32:22 dtucker Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.549 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -2118,7 +2118,7 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
|
|||
|
||||
/* If we don't expect to open a new session, then disallow it */
|
||||
if (options.control_master == SSHCTL_MASTER_NO &&
|
||||
(datafellows & SSH_NEW_OPENSSH)) {
|
||||
(ssh->compat & SSH_NEW_OPENSSH)) {
|
||||
debug("Requesting no-more-sessions@openssh.com");
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh_api.c,v 1.24 2020/12/29 00:59:15 djm Exp $ */
|
||||
/* $OpenBSD: ssh_api.c,v 1.25 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2012 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -392,7 +392,7 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
|
|||
debug("Remote protocol version %d.%d, remote software version %.100s",
|
||||
remote_major, remote_minor, remote_version);
|
||||
|
||||
ssh->compat = compat_datafellows(remote_version);
|
||||
compat_banner(ssh, remote_version);
|
||||
if (remote_major == 1 && remote_minor == 99) {
|
||||
remote_major = 2;
|
||||
remote_minor = 0;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect2.c,v 1.344 2021/01/26 05:32:22 dtucker Exp $ */
|
||||
/* $OpenBSD: sshconnect2.c,v 1.345 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||
|
@ -246,11 +246,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
|||
|
||||
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
||||
fatal_f("kex_names_cat");
|
||||
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
|
||||
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s);
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
compat_cipher_proposal(options.ciphers);
|
||||
compat_cipher_proposal(ssh, options.ciphers);
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] =
|
||||
compat_cipher_proposal(options.ciphers);
|
||||
compat_cipher_proposal(ssh, options.ciphers);
|
||||
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_COMP_ALGS_STOC] =
|
||||
(char *)compression_alg_list(options.compression);
|
||||
|
@ -259,12 +259,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
|||
if (use_known_hosts_order) {
|
||||
/* Query known_hosts and prefer algorithms that appear there */
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||
compat_pkalg_proposal(
|
||||
compat_pkalg_proposal(ssh,
|
||||
order_hostkeyalgs(host, hostaddr, port, cinfo));
|
||||
} else {
|
||||
/* Use specified HostkeyAlgorithms exactly */
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||
compat_pkalg_proposal(options.hostkeyalgorithms);
|
||||
compat_pkalg_proposal(ssh, options.hostkeyalgorithms);
|
||||
}
|
||||
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
|
@ -294,7 +294,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
|||
|
||||
/* remove ext-info from the KEX proposals for rekeying */
|
||||
myproposal[PROPOSAL_KEX_ALGS] =
|
||||
compat_kex_proposal(options.kex_algorithms);
|
||||
compat_kex_proposal(ssh, options.kex_algorithms);
|
||||
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
|
||||
fatal_r(r, "kex_prop2buf");
|
||||
|
||||
|
@ -1188,7 +1188,7 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
|
|||
*/
|
||||
if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
|
||||
(key->type != KEY_RSA && key->type != KEY_RSA_CERT) ||
|
||||
(key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
|
||||
(key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) {
|
||||
/* Filter base key signature alg against our configuration */
|
||||
return match_list(sshkey_ssh_name(key),
|
||||
options.pubkey_accepted_algos, NULL);
|
||||
|
@ -1408,7 +1408,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
|
|||
sshbuf_free(b);
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (datafellows & SSH_OLD_SESSIONID) {
|
||||
if (ssh->compat & SSH_OLD_SESSIONID) {
|
||||
if ((r = sshbuf_put(b, session_id2,
|
||||
session_id2_len)) != 0)
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
|
@ -1430,7 +1430,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
|
|||
|
||||
/* generate signature */
|
||||
r = identity_sign(sign_id, &signature, &slen,
|
||||
sshbuf_ptr(b), sshbuf_len(b), datafellows, alg);
|
||||
sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg);
|
||||
if (r == 0)
|
||||
break;
|
||||
else if (r == SSH_ERR_KEY_NOT_FOUND)
|
||||
|
@ -1808,12 +1808,12 @@ pubkey_reset(Authctxt *authctxt)
|
|||
}
|
||||
|
||||
static int
|
||||
try_identity(Identity *id)
|
||||
try_identity(struct ssh *ssh, Identity *id)
|
||||
{
|
||||
if (!id->key)
|
||||
return (0);
|
||||
if (sshkey_type_plain(id->key->type) == KEY_RSA &&
|
||||
(datafellows & SSH_BUG_RSASIGMD5) != 0) {
|
||||
(ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
|
||||
debug("Skipped %s key %s for RSA/MD5 server",
|
||||
sshkey_type(id->key), id->filename);
|
||||
return (0);
|
||||
|
@ -1841,7 +1841,7 @@ userauth_pubkey(struct ssh *ssh)
|
|||
* private key instead
|
||||
*/
|
||||
if (id->key != NULL) {
|
||||
if (try_identity(id)) {
|
||||
if (try_identity(ssh, id)) {
|
||||
ident = format_identity(id);
|
||||
debug("Offering public key: %s", ident);
|
||||
free(ident);
|
||||
|
@ -1851,7 +1851,7 @@ userauth_pubkey(struct ssh *ssh)
|
|||
debug("Trying private key: %s", id->filename);
|
||||
id->key = load_identity_file(id);
|
||||
if (id->key != NULL) {
|
||||
if (try_identity(id)) {
|
||||
if (try_identity(ssh, id)) {
|
||||
id->isprivate = 1;
|
||||
sent = sign_and_send_pubkey(ssh, id);
|
||||
}
|
||||
|
|
10
sshd.c
10
sshd.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshd.c,v 1.567 2021/01/09 12:10:02 dtucker Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.568 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -2352,11 +2352,11 @@ do_ssh2_kex(struct ssh *ssh)
|
|||
struct kex *kex;
|
||||
int r;
|
||||
|
||||
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
||||
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh,
|
||||
options.kex_algorithms);
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh,
|
||||
options.ciphers);
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh,
|
||||
options.ciphers);
|
||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||
|
@ -2371,7 +2371,7 @@ do_ssh2_kex(struct ssh *ssh)
|
|||
options.rekey_interval);
|
||||
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
|
||||
list_hostkey_types());
|
||||
ssh, list_hostkey_types());
|
||||
|
||||
/* start key exchange */
|
||||
if ((r = kex_setup(ssh, myproposal)) != 0)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ttymodes.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */
|
||||
/* $OpenBSD: ttymodes.c,v 1.36 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -316,7 +316,7 @@ ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop)
|
|||
#define SSH_TTYMODE_IUTF8 42 /* for SSH_BUG_UTF8TTYMODE */
|
||||
|
||||
#define TTYMODE(NAME, FIELD, OP) \
|
||||
if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \
|
||||
if (OP == SSH_TTYMODE_IUTF8 && (ssh->compat & SSH_BUG_UTF8TTYMODE)) { \
|
||||
debug3_f("SSH_BUG_UTF8TTYMODE"); \
|
||||
} else if ((r = sshbuf_put_u8(buf, OP)) != 0 || \
|
||||
(r = sshbuf_put_u32(buf, ((tio.FIELD & NAME) != 0))) != 0) \
|
||||
|
|
Loading…
Reference in New Issue