Attachment #1529 for bug #1469

Lines 60-66 INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAN Link Here

(-)openssh-3.6.1p2.orig/Makefile.in (-1 / +1 lines)
60		60
61	TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)	61	TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
62		62
63	LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \	63	LIBSSH_OBJS=authfd.o authfile.o blacklist.o bufaux.o buffer.o canohost.o channels.o \
64	cipher.o compat.o compress.o crc32.o deattack.o fatal.o \	64	cipher.o compat.o compress.o crc32.o deattack.o fatal.o \
65	hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o \	65	hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o \
66	rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \	66	rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \

Lines 26-31 RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 20 Link Here

(-)openssh-3.6.1p2.orig/auth-rh-rsa.c (+4 lines)
26	#include "canohost.h"	26	#include "canohost.h"
27		27
28	#include "monitor_wrap.h"	28	#include "monitor_wrap.h"
		29	#include "blacklist.h"
29		30
30	/* import */	31	/* import */
31	extern ServerOptions options;	32	extern ServerOptions options;
Lines 40-45 auth_rhosts_rsa_key_allowed(struct passw Link Here
40	if (!auth_rhosts(pw, cuser))	41	if (!auth_rhosts(pw, cuser))
41	return 0;	42	return 0;
42		43
		44	if (blacklisted_key(client_host_key, 0))
		45	return 0;
		46
43	host_status = check_key_in_hostfiles(pw, client_host_key,	47	host_status = check_key_in_hostfiles(pw, client_host_key,
44	chost, _PATH_SSH_SYSTEM_HOSTFILE,	48	chost, _PATH_SSH_SYSTEM_HOSTFILE,
45	options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);	49	options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);

Lines 34-39 RCSID("$OpenBSD: auth-rsa.c,v 1.56 2002/ Link Here

(-)openssh-3.6.1p2.orig/auth-rsa.c (+4 lines)
34	#include "hostfile.h"	34	#include "hostfile.h"
35	#include "monitor_wrap.h"	35	#include "monitor_wrap.h"
36	#include "ssh.h"	36	#include "ssh.h"
		37	#include "blacklist.h"
37		38
38	/* import */	39	/* import */
39	extern ServerOptions options;	40	extern ServerOptions options;
Lines 250-255 auth_rsa_key_allowed(struct passwd *pw, Link Here
250	"actual %d vs. announced %d.",	251	"actual %d vs. announced %d.",
251	file, linenum, BN_num_bits(key->rsa->n), bits);	252	file, linenum, BN_num_bits(key->rsa->n), bits);
252		253
		254	if (blacklisted_key(key, 0))
		255	continue;
		256
253	/* We have found the desired key. */	257	/* We have found the desired key. */
254	/*	258	/*
255	* If our options do not allow this key to be used,	259	* If our options do not allow this key to be used,

Lines 38-43 RCSID("$OpenBSD: auth2-hostbased.c,v 1.2 Link Here

(-)openssh-3.6.1p2.orig/auth2-hostbased.c (+4 lines)
38	#include "canohost.h"	38	#include "canohost.h"
39	#include "monitor_wrap.h"	39	#include "monitor_wrap.h"
40	#include "pathnames.h"	40	#include "pathnames.h"
		41	#include "blacklist.h"
41		42
42	/* import */	43	/* import */
43	extern ServerOptions options;	44	extern ServerOptions options;
Lines 136-141 hostbased_key_allowed(struct passwd *pw, Link Here
136	HostStatus host_status;	137	HostStatus host_status;
137	int len;	138	int len;
138		139
		140	if (blacklisted_key(key, 0))
		141	return 0;
		142
139	resolvedname = get_canonical_hostname(options.use_dns);	143	resolvedname = get_canonical_hostname(options.use_dns);
140	ipaddr = get_remote_ipaddr();	144	ipaddr = get_remote_ipaddr();
141		145

Lines 40-45 RCSID("$OpenBSD: auth2-pubkey.c,v 1.2 20 Link Here

(-)openssh-3.6.1p2.orig/auth2-pubkey.c (+4 lines)
40	#include "auth-options.h"	40	#include "auth-options.h"
41	#include "canohost.h"	41	#include "canohost.h"
42	#include "monitor_wrap.h"	42	#include "monitor_wrap.h"
		43	#include "blacklist.h"
43		44
44	/* import */	45	/* import */
45	extern ServerOptions options;	46	extern ServerOptions options;
Lines 263-268 user_key_allowed(struct passwd *pw, Key Link Here
263	int success;	264	int success;
264	char *file;	265	char *file;
265		266
		267	if (blacklisted_key(key, 0))
		268	return 0;
		269
266	file = authorized_keys_file(pw);	270	file = authorized_keys_file(pw);
267	success = user_key_allowed2(pw, key, file);	271	success = user_key_allowed2(pw, key, file);
268	xfree(file);	272	xfree(file);




/*
 * Support for RSA/DSA key blacklisting based on partial fingerprints,
 * developed under Openwall Project for Owl - http://www.openwall.com/Owl/
 *
 * Copyright (c) 2008 Dmitry V. Levin <ldv at cvs.openwall.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * The blacklist encoding was designed by Solar Designer and Dmitry V. Levin.
 * No intellectual property rights to the encoding scheme are claimed.
 *
 * This effort was supported by CivicActions - http://www.civicactions.com
 *
 * The file size to encode 294,903 of 48-bit fingerprints is just 1.3 MB,
 * which corresponds to less than 4.5 bytes per fingerprint.
 */

#include "includes.h"
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>

#include "atomicio.h"
#include "blacklist.h"
#include "canohost.h"
#include "log.h"
#include "pathnames.h"
#include "servconf.h"
#include "xmalloc.h"

extern ServerOptions options;

typedef struct
{
	/* format version identifier */
	char    version[8];
	/* index size, in bits */
	uint8_t index_size;
	/* offset size, in bits */
	uint8_t offset_size;
	/* record size, in bits */
	uint8_t record_bits;
	/* number of records */
	uint8_t records[3];
	/* offset shift */
	uint8_t shift[2];

} __attribute__((packed)) blacklist_header;

static unsigned
c2u(uint8_t c)
{
	return (c >= 'a') ? (c - 'a' + 10) : (c - '0');
}

static blacklist_error_t
validate_blacklist(const char *fname, int fd, unsigned *bytes,
		   unsigned *records, unsigned *shift)
{
	unsigned expected;
	struct stat st;
	blacklist_header header;

	if (fstat(fd, &st)) {
		error("fstat for blacklist file %s failed: %m", fname);
		return BLACKLIST_ERROR_ACCESS;
	}

	if (atomicio(read, fd, &header, sizeof(header)) != sizeof(header)) {
		error("read blacklist file %s header failed: %m", fname);
		return BLACKLIST_ERROR_ACCESS;
	}

	if (memcmp(header.version, "SSH-FP", 6)) {
		error("blacklist file %s has unrecognized format", fname);
		return BLACKLIST_ERROR_FORMAT;
	}

	if (header.index_size != 16 || header.offset_size != 16 ||
	    memcmp(header.version, "SSH-FP00", 8)) {
		error("blacklist file %s has unsupported format", fname);
		return BLACKLIST_ERROR_VERSION;
	}

	*bytes = (header.record_bits >> 3) - 2;
	*records =
		(((header.records[0] << 8) +
		  header.records[1]) << 8) + header.records[2];
	*shift = (header.shift[0] << 8) + header.shift[1];

	expected = sizeof(header) + 0x20000 + (*records) * (*bytes);
	if (st.st_size != expected) {
		error("blacklist file %s size mismatch: "
		      "expected size %u, found size %lu",
		      fname, expected, (unsigned long) st.st_size);
		return BLACKLIST_ERROR_ACCESS;
	}

	return BLACKLIST_ERROR_NONE;
}

static int
expected_offset(uint16_t index, uint16_t shift, unsigned records)
{
	return ((index * (long long) records) >> 16) - shift;
}

static int
xlseek(const char *fname, int fd, unsigned seek)
{
	if (lseek(fd, seek, SEEK_SET) != seek) {
		error("lseek for blacklist file %s failed: %m", fname);
		return BLACKLIST_ERROR_ACCESS;
	}
	return BLACKLIST_ERROR_NONE;
}

static blacklist_error_t
check(const char *fname, int fd, const char *s)
{
	unsigned bytes, records, shift;
	unsigned num, i, j;
	int     off_start, off_end;
	blacklist_error_t rc;
	uint16_t index;
	/* max number of bytes stored in record_bits, minus two bytes used for index */
	uint8_t buf[(0xff >> 3) - 2];

	if ((rc = validate_blacklist(fname, fd, &bytes, &records, &shift)))
		return rc;

	index = (((((c2u(s[0]) << 4) | c2u(s[1])) << 4) |
		  c2u(s[2])) << 4) | c2u(s[3]);
	if (xlseek(fname, fd, sizeof(blacklist_header) + index * 2))
		return BLACKLIST_ERROR_ACCESS;

	if (atomicio(read, fd, buf, 4) != 4) {
		error("read blacklist file %s offsets failed: %m", fname);
		return BLACKLIST_ERROR_ACCESS;
	}

	off_start = (buf[0] << 8) + buf[1] +
		expected_offset(index, shift, records);
	if (off_start < 0 || (unsigned) off_start > records) {
		error("blacklist file %s off_start overflow [%d] for index %#x",
		      fname, off_start, index);
		return BLACKLIST_ERROR_ACCESS;
	}
	if (index < 0xffff) {
		off_end = (buf[2] << 8) + buf[3] +
			expected_offset(index + 1, shift, records);
		if (off_end < off_start || (unsigned) off_end > records) {
			error("blacklist file %s off_end overflow [%d] for index %#x",
			      fname, off_end, index);
			return BLACKLIST_ERROR_ACCESS;
		}
	} else
		off_end = records;

	if (xlseek(fname, fd,
		   sizeof(blacklist_header) + 0x20000 + off_start * bytes))
		return BLACKLIST_ERROR_ACCESS;

	num = off_end - off_start;
	for (i = 0; i < num; ++i) {
		if (atomicio(read, fd, buf, bytes) != bytes) {
			error("read blacklist file %s fingerprints failed: %m",
			      fname);
			return BLACKLIST_ERROR_ACCESS;
		}

		for (j = 0; j < bytes; ++j)
			if (((c2u(s[4 + j * 2]) << 4) | c2u(s[5 + j * 2])) !=
			    buf[j])
				break;
		if (j >= bytes) {
			debug("blacklisted fingerprint: %s offset=%u, number=%u",
			      s, off_start, i);
			return BLACKLIST_ERROR_ALL;
		}
	}

	debug("non-blacklisted fingerprint: %s offset=%u, number=%u",
	      s, off_start, num);
	return BLACKLIST_ERROR_NONE;
}

static blacklist_error_t
blacklisted_fingerprint(const char *hex)
{
	int     fd = -1;
	blacklist_error_t rc = BLACKLIST_ERROR_ACCESS;
	const char *fname = _PATH_BLACKLIST;
	char   *s, *p;

	debug("Checking fingerprint %s using blacklist file %s", hex, fname);

	s = xstrdup(hex);
	for (p = s; *hex; ++hex)
		if (*hex != ':')
			*p++ = *hex;
	*p = '\0';

	if (strlen(s) != 32 || strlen(s) != strspn(s, "0123456789abcdef")) {
		error("%s: invalid fingerprint", s);
		goto out;
	}

	if ((fd = open(fname, O_RDONLY)) < 0) {
		if (ENOENT == errno) {
			rc = BLACKLIST_ERROR_MISSING;
			verbose("open blacklist file %s failed: %m", fname);
		} else
			log("open blacklist file %s failed: %m", fname);
		goto out;
	}

	rc = check(fname, fd, s);

out:
	close(fd);
	xfree(s);
	return rc;
}

int
blacklisted_key(Key *key, int hostkey)
{
	int     rc;
	const char *text;
	char   *fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);

	switch ((rc = blacklisted_fingerprint(fp))) {
		case BLACKLIST_ERROR_NONE:
			break;
		case BLACKLIST_ERROR_ALL:
			text = (options.ignore_blacklist_errors == rc) ?
			       "Permitted" : "Rejected";
			if (hostkey)
				log("%s blacklisted host key %s", text, fp);
			else
				log("%s blacklisted public key %s from %.100s",
				    text, fp, get_remote_ipaddr());
			break;
		default:
			if (hostkey)
				log("Unable to check blacklist for host key %s",
				    fp);
			else
				log("Unable to check blacklist for public key %s from %.100s",
				    fp, get_remote_ipaddr());
	}

	xfree(fp);
	return (rc > options.ignore_blacklist_errors);
}




/*
 * Support for RSA/DSA key blacklisting based on partial fingerprints,
 * developed under Openwall Project for Owl - http://www.openwall.com/Owl/
 *
 * Copyright (c) 2008 Dmitry V. Levin <ldv at cvs.openwall.com>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef BLACKLIST_H_
#define BLACKLIST_H_

#include "key.h"

int blacklisted_key(Key *, int);

typedef enum
{
	BLACKLIST_ERROR_NONE = 0,
	BLACKLIST_ERROR_MISSING,
	BLACKLIST_ERROR_VERSION,
	BLACKLIST_ERROR_FORMAT,
	BLACKLIST_ERROR_ACCESS,
	BLACKLIST_ERROR_ALL
} blacklist_error_t;

#endif /* BLACKLIST_H_ */

Lines 43-48 Link Here

(-)openssh-3.6.1p2.orig/pathnames.h (+2 lines)
43	/* Backwards compatibility */	43	/* Backwards compatibility */
44	#define _PATH_DH_PRIMES SSHDIR "/primes"	44	#define _PATH_DH_PRIMES SSHDIR "/primes"
45		45
		46	#define _PATH_BLACKLIST SSHDIR "/blacklist"
		47
46	#ifndef _PATH_SSH_PROGRAM	48	#ifndef _PATH_SSH_PROGRAM
47	#define _PATH_SSH_PROGRAM "/usr/bin/ssh"	49	#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
48	#endif	50	#endif

Lines 39-44 RCSID("$OpenBSD: servconf.c,v 1.116 2003 Link Here

(-)openssh-3.6.1p2.orig/servconf.c (-1 / +31 lines)
39	#include "cipher.h"	39	#include "cipher.h"
40	#include "kex.h"	40	#include "kex.h"
41	#include "mac.h"	41	#include "mac.h"
		42	#include "blacklist.h"
42		43
43	static void add_listen_addr(ServerOptions , char , u_short);	44	static void add_listen_addr(ServerOptions , char , u_short);
44	static void add_one_listen_addr(ServerOptions , char , u_short);	45	static void add_one_listen_addr(ServerOptions , char , u_short);
Lines 100-105 initialize_server_options(ServerOptions Link Here
100	options->password_authentication = -1;	101	options->password_authentication = -1;
101	options->kbd_interactive_authentication = -1;	102	options->kbd_interactive_authentication = -1;
102	options->challenge_response_authentication = -1;	103	options->challenge_response_authentication = -1;
		104	options->ignore_blacklist_errors = -1;
103	options->permit_empty_passwd = -1;	105	options->permit_empty_passwd = -1;
104	options->permit_user_env = -1;	106	options->permit_user_env = -1;
105	options->use_login = -1;	107	options->use_login = -1;
Lines 222-227 fill_default_server_options(ServerOption Link Here
222	options->kbd_interactive_authentication = 0;	224	options->kbd_interactive_authentication = 0;
223	if (options->challenge_response_authentication == -1)	225	if (options->challenge_response_authentication == -1)
224	options->challenge_response_authentication = 1;	226	options->challenge_response_authentication = 1;
		227	if (options->ignore_blacklist_errors == -1)
		228	options->ignore_blacklist_errors = BLACKLIST_ERROR_VERSION;
225	if (options->permit_empty_passwd == -1)	229	if (options->permit_empty_passwd == -1)
226	options->permit_empty_passwd = 0;	230	options->permit_empty_passwd = 0;
227	if (options->permit_user_env == -1)	231	if (options->permit_user_env == -1)
Lines 293-299 typedef enum { Link Here
293	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,	297	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
294	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	298	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
295	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	299	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
296	sStrictModes, sEmptyPasswd, sKeepAlives,	300	sStrictModes, sIgnoreBlacklistErrors, sEmptyPasswd, sKeepAlives,
297	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,	301	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
298	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	302	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
299	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,	303	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Lines 356-361 static struct { Link Here
356	{ "x11uselocalhost", sX11UseLocalhost },	360	{ "x11uselocalhost", sX11UseLocalhost },
357	{ "xauthlocation", sXAuthLocation },	361	{ "xauthlocation", sXAuthLocation },
358	{ "strictmodes", sStrictModes },	362	{ "strictmodes", sStrictModes },
		363	{ "ignoreblacklisterrors", sIgnoreBlacklistErrors },
359	{ "permitemptypasswords", sEmptyPasswd },	364	{ "permitemptypasswords", sEmptyPasswd },
360	{ "permituserenvironment", sPermitUserEnvironment },	365	{ "permituserenvironment", sPermitUserEnvironment },
361	{ "uselogin", sUseLogin },	366	{ "uselogin", sUseLogin },
Lines 714-719 parse_flag: Link Here
714	intptr = &options->keepalives;	719	intptr = &options->keepalives;
715	goto parse_flag;	720	goto parse_flag;
716		721
		722	case sIgnoreBlacklistErrors:
		723	arg = strdelim(&cp);
		724	if (!arg \|\| *arg == '\0')
		725	fatal("%s line %d: missing none/missing/version/format/access/all argument.",
		726	filename, linenum);
		727	value = 0; /* silence compiler */
		728	if (strcmp(arg, "none") == 0)
		729	value = BLACKLIST_ERROR_NONE;
		730	else if (strcmp(arg, "missing") == 0)
		731	value = BLACKLIST_ERROR_MISSING;
		732	else if (strcmp(arg, "version") == 0)
		733	value = BLACKLIST_ERROR_VERSION;
		734	else if (strcmp(arg, "format") == 0)
		735	value = BLACKLIST_ERROR_FORMAT;
		736	else if (strcmp(arg, "access") == 0)
		737	value = BLACKLIST_ERROR_ACCESS;
		738	else if (strcmp(arg, "all") == 0)
		739	value = BLACKLIST_ERROR_ALL;
		740	else
		741	fatal("%s line %d: Bad none/missing/version/format/access/all argument: %s",
		742	filename, linenum, arg);
		743	if (options->ignore_blacklist_errors == -1)
		744	options->ignore_blacklist_errors = value;
		745	break;
		746
717	case sEmptyPasswd:	747	case sEmptyPasswd:
718	intptr = &options->permit_empty_passwd;	748	intptr = &options->permit_empty_passwd;
719	goto parse_flag;	749	goto parse_flag;

Lines 95-100 typedef struct { Link Here

(-)openssh-3.6.1p2.orig/servconf.h (+1 lines)
95	* authentication. */	95	* authentication. */
96	int kbd_interactive_authentication; /* If true, permit */	96	int kbd_interactive_authentication; /* If true, permit */
97	int challenge_response_authentication;	97	int challenge_response_authentication;
		98	int ignore_blacklist_errors; /* none/missing/version/format/access/all */
98	int permit_empty_passwd; /* If false, do not permit empty	99	int permit_empty_passwd; /* If false, do not permit empty
99	* passwords. */	100	* passwords. */
100	int permit_user_env; /* If true, read ~/.ssh/environment */	101	int permit_user_env; /* If true, read ~/.ssh/environment */

Lines 84-89 RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/ Link Here

(-)openssh-3.6.1p2.orig/sshd.c (+6 lines)
84	#include "monitor.h"	84	#include "monitor.h"
85	#include "monitor_wrap.h"	85	#include "monitor_wrap.h"
86	#include "monitor_fdpass.h"	86	#include "monitor_fdpass.h"
		87	#include "blacklist.h"
87		88
88	#ifdef LIBWRAP	89	#ifdef LIBWRAP
89	#include <tcpd.h>	90	#include <tcpd.h>
Lines 1006-1011 main(int ac, char **av) Link Here
1006	sensitive_data.host_keys[i] = NULL;	1007	sensitive_data.host_keys[i] = NULL;
1007	continue;	1008	continue;
1008	}	1009	}
		1010	if (blacklisted_key(key, 1)) {
		1011	sensitive_data.host_keys[i] = NULL;
		1012	key_free(key);
		1013	continue;
		1014	}
1009	switch (key->type) {	1015	switch (key->type) {
1010	case KEY_RSA1:	1016	case KEY_RSA1:
1011	sensitive_data.ssh1_host_key = key;	1017	sensitive_data.ssh1_host_key = key;




Specifies whether password authentication is allowed.
The default is
.Dq yes .
.It Cm IgnoreBlacklistErrors
Specifies whether
.Xr sshd 8
should allow keys recorded in its blacklist of known-compromised keys.
If
.Dq all ,
then attempts to authenticate with compromised keys will be logged
but accepted.
If
.Dq access ,
then attempts to authenticate with compromised keys will be rejected,
but blacklist file access errors will be ignored.
If
.Dq format ,
then attempts to authenticate with compromised keys will be rejected, but
blacklist file access errors due to missing blacklist file or blacklist
file unrecognized format will be ignored.
If
.Dq version ,
then attempts to authenticate with compromised keys will be rejected, but
blacklist file access errors due to missing blacklist file or blacklist
file format version mismatch will be ignored.
If
.Dq missing ,
then attempts to authenticate with compromised keys will be rejected,
but blacklist file access errors due to missing blacklist file will
be ignored.
If
.Dq none ,
then attempts to authenticate with compromised keys, or in case of
any blacklist file access error, will be rejected.
The default is
.Dq version .
.It Cm PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings.

Return to bug 1469

Line 0 Link Here

(-)openssh-3.6.1p2.orig/blacklist.c (+267 lines)
		1	/*
		2	* Support for RSA/DSA key blacklisting based on partial fingerprints,
		3	* developed under Openwall Project for Owl - http://www.openwall.com/Owl/
		4	*
		5	* Copyright (c) 2008 Dmitry V. Levin <ldv at cvs.openwall.com>
		6	*
		7	* Permission to use, copy, modify, and distribute this software for any
		8	* purpose with or without fee is hereby granted, provided that the above
		9	* copyright notice and this permission notice appear in all copies.
		10	*
		11	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		12	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		13	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		14	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		15	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		16	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		17	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		18	*
		19	* The blacklist encoding was designed by Solar Designer and Dmitry V. Levin.
		20	* No intellectual property rights to the encoding scheme are claimed.
		21	*
		22	* This effort was supported by CivicActions - http://www.civicactions.com
		23	*
		24	* The file size to encode 294,903 of 48-bit fingerprints is just 1.3 MB,
		25	* which corresponds to less than 4.5 bytes per fingerprint.
		26	*/
		27
		28	#include "includes.h"
		29	#include <string.h>
		30	#include <unistd.h>
		31	#include <errno.h>
		32	#include <fcntl.h>
		33
		34	#include "atomicio.h"
		35	#include "blacklist.h"
		36	#include "canohost.h"
		37	#include "log.h"
		38	#include "pathnames.h"
		39	#include "servconf.h"
		40	#include "xmalloc.h"
		41
		42	extern ServerOptions options;
		43
		44	typedef struct
		45	{
		46	/* format version identifier */
		47	char version[8];
		48	/* index size, in bits */
		49	uint8_t index_size;
		50	/* offset size, in bits */
		51	uint8_t offset_size;
		52	/* record size, in bits */
		53	uint8_t record_bits;
		54	/* number of records */
		55	uint8_t records[3];
		56	/* offset shift */
		57	uint8_t shift[2];
		58
		59	} __attribute__((packed)) blacklist_header;
		60
		61	static unsigned
		62	c2u(uint8_t c)
		63	{
		64	return (c >= 'a') ? (c - 'a' + 10) : (c - '0');
65	}
66
67	static blacklist_error_t
68	validate_blacklist(const char fname, int fd, unsigned bytes,
69	unsigned records, unsigned shift)
70	{
71	unsigned expected;
72	struct stat st;
73	blacklist_header header;
74
75	if (fstat(fd, &st)) {
76	error("fstat for blacklist file %s failed: %m", fname);
77	return BLACKLIST_ERROR_ACCESS;
78	}
79
80	if (atomicio(read, fd, &header, sizeof(header)) != sizeof(header)) {
81	error("read blacklist file %s header failed: %m", fname);
82	return BLACKLIST_ERROR_ACCESS;
83	}
84
85	if (memcmp(header.version, "SSH-FP", 6)) {
86	error("blacklist file %s has unrecognized format", fname);
87	return BLACKLIST_ERROR_FORMAT;
88	}
89
90	if (header.index_size != 16 \|\| header.offset_size != 16 \|\|
91	memcmp(header.version, "SSH-FP00", 8)) {
92	error("blacklist file %s has unsupported format", fname);
93	return BLACKLIST_ERROR_VERSION;
94	}
95
96	*bytes = (header.record_bits >> 3) - 2;
97	*records =
98	(((header.records[0] << 8) +
99	header.records[1]) << 8) + header.records[2];
100	*shift = (header.shift[0] << 8) + header.shift[1];
101
102	expected = sizeof(header) + 0x20000 + (records) (*bytes);
103	if (st.st_size != expected) {
104	error("blacklist file %s size mismatch: "
105	"expected size %u, found size %lu",
106	fname, expected, (unsigned long) st.st_size);
107	return BLACKLIST_ERROR_ACCESS;
108	}
109
110	return BLACKLIST_ERROR_NONE;
111	}
112
113	static int
114	expected_offset(uint16_t index, uint16_t shift, unsigned records)
115	{
116	return ((index * (long long) records) >> 16) - shift;
117	}
118
119	static int
120	xlseek(const char *fname, int fd, unsigned seek)
121	{
122	if (lseek(fd, seek, SEEK_SET) != seek) {
123	error("lseek for blacklist file %s failed: %m", fname);
124	return BLACKLIST_ERROR_ACCESS;
125	}
126	return BLACKLIST_ERROR_NONE;
127	}
128
129	static blacklist_error_t
130	check(const char fname, int fd, const char s)
131	{
132	unsigned bytes, records, shift;
133	unsigned num, i, j;
134	int off_start, off_end;
135	blacklist_error_t rc;
136	uint16_t index;
137	/* max number of bytes stored in record_bits, minus two bytes used for index */
138	uint8_t buf[(0xff >> 3) - 2];
139
140	if ((rc = validate_blacklist(fname, fd, &bytes, &records, &shift)))
141	return rc;
142
143	index = (((((c2u(s[0]) << 4) \| c2u(s[1])) << 4) \|
144	c2u(s[2])) << 4) \| c2u(s[3]);
145	if (xlseek(fname, fd, sizeof(blacklist_header) + index * 2))
146	return BLACKLIST_ERROR_ACCESS;
147
148	if (atomicio(read, fd, buf, 4) != 4) {
149	error("read blacklist file %s offsets failed: %m", fname);
150	return BLACKLIST_ERROR_ACCESS;
151	}
152
153	off_start = (buf[0] << 8) + buf[1] +
154	expected_offset(index, shift, records);
155	if (off_start < 0 \|\| (unsigned) off_start > records) {
156	error("blacklist file %s off_start overflow [%d] for index %#x",
157	fname, off_start, index);
158	return BLACKLIST_ERROR_ACCESS;
159	}
160	if (index < 0xffff) {
161	off_end = (buf[2] << 8) + buf[3] +
162	expected_offset(index + 1, shift, records);
163	if (off_end < off_start \|\| (unsigned) off_end > records) {
164	error("blacklist file %s off_end overflow [%d] for index %#x",
165	fname, off_end, index);
166	return BLACKLIST_ERROR_ACCESS;
167	}
168	} else
169	off_end = records;
170
171	if (xlseek(fname, fd,
172	sizeof(blacklist_header) + 0x20000 + off_start * bytes))
173	return BLACKLIST_ERROR_ACCESS;
174
175	num = off_end - off_start;
176	for (i = 0; i < num; ++i) {
177	if (atomicio(read, fd, buf, bytes) != bytes) {
178	error("read blacklist file %s fingerprints failed: %m",
179	fname);
180	return BLACKLIST_ERROR_ACCESS;
181	}
182
183	for (j = 0; j < bytes; ++j)
184	if (((c2u(s[4 + j * 2]) << 4) \| c2u(s[5 + j * 2])) !=
185	buf[j])
186	break;
187	if (j >= bytes) {
188	debug("blacklisted fingerprint: %s offset=%u, number=%u",
189	s, off_start, i);
190	return BLACKLIST_ERROR_ALL;
191	}
192	}
193
194	debug("non-blacklisted fingerprint: %s offset=%u, number=%u",
195	s, off_start, num);
196	return BLACKLIST_ERROR_NONE;
197	}
198
199	static blacklist_error_t
200	blacklisted_fingerprint(const char *hex)
201	{
202	int fd = -1;
203	blacklist_error_t rc = BLACKLIST_ERROR_ACCESS;
204	const char *fname = _PATH_BLACKLIST;
205	char s, p;
206
207	debug("Checking fingerprint %s using blacklist file %s", hex, fname);
208
209	s = xstrdup(hex);
210	for (p = s; *hex; ++hex)
211	if (*hex != ':')
212	p++ = hex;
213	*p = '\0';
214
215	if (strlen(s) != 32 \|\| strlen(s) != strspn(s, "0123456789abcdef")) {
216	error("%s: invalid fingerprint", s);
217	goto out;
218	}
219
220	if ((fd = open(fname, O_RDONLY)) < 0) {
221	if (ENOENT == errno) {
222	rc = BLACKLIST_ERROR_MISSING;
223	verbose("open blacklist file %s failed: %m", fname);
224	} else
225	log("open blacklist file %s failed: %m", fname);
226	goto out;
227	}
228
229	rc = check(fname, fd, s);
230
231	out:
232	close(fd);
233	xfree(s);
234	return rc;
235	}
236
237	int
238	blacklisted_key(Key *key, int hostkey)
239	{
240	int rc;
241	const char *text;
242	char *fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
243
244	switch ((rc = blacklisted_fingerprint(fp))) {
245	case BLACKLIST_ERROR_NONE:
246	break;
247	case BLACKLIST_ERROR_ALL:
248	text = (options.ignore_blacklist_errors == rc) ?
249	"Permitted" : "Rejected";
250	if (hostkey)
251	log("%s blacklisted host key %s", text, fp);
252	else
253	log("%s blacklisted public key %s from %.100s",
254	text, fp, get_remote_ipaddr());
255	break;
256	default:
257	if (hostkey)
258	log("Unable to check blacklist for host key %s",
259	fp);
260	else
261	log("Unable to check blacklist for public key %s from %.100s",
262	fp, get_remote_ipaddr());
263	}
264
265	xfree(fp);
266	return (rc > options.ignore_blacklist_errors);
267	}

Line 0 Link Here

(-)openssh-3.6.1p2.orig/blacklist.h (+37 lines)
	1	/*
	2	* Support for RSA/DSA key blacklisting based on partial fingerprints,
	3	* developed under Openwall Project for Owl - http://www.openwall.com/Owl/
	4	*
	5	* Copyright (c) 2008 Dmitry V. Levin <ldv at cvs.openwall.com>
	6	*
	7	* Permission to use, copy, modify, and distribute this software for any
	8	* purpose with or without fee is hereby granted, provided that the above
	9	* copyright notice and this permission notice appear in all copies.
	10	*
	11	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	12	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	13	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	14	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	15	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	16	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	17	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	18	*/
	19
	20	#ifndef BLACKLIST_H_
	21	#define BLACKLIST_H_
	22
	23	#include "key.h"
	24
	25	int blacklisted_key(Key *, int);
	26
	27	typedef enum
	28	{
	29	BLACKLIST_ERROR_NONE = 0,
	30	BLACKLIST_ERROR_MISSING,
	31	BLACKLIST_ERROR_VERSION,
	32	BLACKLIST_ERROR_FORMAT,
	33	BLACKLIST_ERROR_ACCESS,
	34	BLACKLIST_ERROR_ALL
	35	} blacklist_error_t;
	36
	37	#endif /* BLACKLIST_H_ */

Lines 434-439 is enabled. Link Here

(-)openssh-3.6.1p2.orig/sshd_config.5 (+33 lines)
434	Specifies whether password authentication is allowed.	434	Specifies whether password authentication is allowed.
435	The default is	435	The default is
436	.Dq yes .	436	.Dq yes .
		437	.It Cm IgnoreBlacklistErrors
		438	Specifies whether
		439	.Xr sshd 8
		440	should allow keys recorded in its blacklist of known-compromised keys.
		441	If
		442	.Dq all ,
		443	then attempts to authenticate with compromised keys will be logged
		444	but accepted.
		445	If
		446	.Dq access ,
		447	then attempts to authenticate with compromised keys will be rejected,
		448	but blacklist file access errors will be ignored.
		449	If
		450	.Dq format ,
		451	then attempts to authenticate with compromised keys will be rejected, but
		452	blacklist file access errors due to missing blacklist file or blacklist
		453	file unrecognized format will be ignored.
		454	If
		455	.Dq version ,
		456	then attempts to authenticate with compromised keys will be rejected, but
		457	blacklist file access errors due to missing blacklist file or blacklist
		458	file format version mismatch will be ignored.
		459	If
		460	.Dq missing ,
		461	then attempts to authenticate with compromised keys will be rejected,
		462	but blacklist file access errors due to missing blacklist file will
		463	be ignored.
		464	If
		465	.Dq none ,
		466	then attempts to authenticate with compromised keys, or in case of
		467	any blacklist file access error, will be rejected.
		468	The default is
		469	.Dq version .
437	.It Cm PermitEmptyPasswords	470	.It Cm PermitEmptyPasswords
438	When password authentication is allowed, it specifies whether the	471	When password authentication is allowed, it specifies whether the
439	server allows login to accounts with empty password strings.	472	server allows login to accounts with empty password strings.