Context Navigation

compat.c @ 22574

Visit:

Revision 22574, 6.6 KB checked in by ghudson, 18 years ago (diff)
Merge with OpenSSH 4.2p1. Merge work was done in the svn repository in /afs/dev.mit.edu/project/openssh, and was based on patches from Simon Wilkinson and the krb5 team to add GSSAPI key exchange support and compatibility with OpenSSH 3.5.

Line
1	/*
2	* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
3	*
4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions
6	* are met:
7	* 1. Redistributions of source code must retain the above copyright
8	* notice, this list of conditions and the following disclaimer.
9	* 2. Redistributions in binary form must reproduce the above copyright
10	* notice, this list of conditions and the following disclaimer in the
11	* documentation and/or other materials provided with the distribution.
12	*
13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23	*/
24
25	#include "includes.h"
26	RCSID("$OpenBSD: compat.c,v 1.71 2005/03/01 10:09:52 djm Exp $");
27
28	#include "buffer.h"
29	#include "packet.h"
30	#include "xmalloc.h"
31	#include "compat.h"
32	#include "log.h"
33	#include "match.h"
34
35	int compat13 = 0;
36	int compat20 = 0;
37	int datafellows = 0;
38
39	void
40	enable_compat20(void)
41	{
42	debug("Enabling compatibility mode for protocol 2.0");
43	compat20 = 1;
44	}
45	void
46	enable_compat13(void)
47	{
48	debug("Enabling compatibility mode for protocol 1.3");
49	compat13 = 1;
50	}
51	/* datafellows bug compatibility */
52	void
53	compat_datafellows(const char *version)
54	{
55	int i;
56	static struct {
57	char *pat;
58	int bugs;
59	} check[] = {
60	{ "OpenSSH-2.0*,"
61	"OpenSSH-2.1*,"
62	"OpenSSH_2.1*,"
63	"OpenSSH_2.2*", SSH_OLD_SESSIONID\|SSH_BUG_BANNER\|
64	SSH_OLD_DHGEX\|SSH_BUG_NOREKEY\|
65	SSH_BUG_EXTEOF\|SSH_OLD_FORWARD_ADDR},
66	{ "OpenSSH_2.3.0*", SSH_BUG_BANNER\|SSH_BUG_BIGENDIANAES\|
67	SSH_OLD_DHGEX\|SSH_BUG_NOREKEY\|
68	SSH_BUG_EXTEOF\|SSH_OLD_FORWARD_ADDR},
69	{ "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES\|SSH_OLD_DHGEX\|
70	SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF\|
71	SSH_OLD_FORWARD_ADDR},
72	{ "OpenSSH_2.5.0p1*,"
73	"OpenSSH_2.5.1p1*",
74	SSH_BUG_BIGENDIANAES\|SSH_OLD_DHGEX\|
75	SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF\|
76	SSH_OLD_FORWARD_ADDR},
77	{ "OpenSSH_2.5.0*,"
78	"OpenSSH_2.5.1*,"
79	"OpenSSH_2.5.2*", SSH_OLD_DHGEX\|SSH_BUG_NOREKEY\|
80	SSH_BUG_EXTEOF\|SSH_OLD_FORWARD_ADDR},
81	{ "OpenSSH_2.5.3*", SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF\|
82	SSH_OLD_FORWARD_ADDR},
83	{ "OpenSSH_2.*,"
84	"OpenSSH_3.0*,"
85	"OpenSSH_3.1*", SSH_BUG_EXTEOF\|SSH_OLD_FORWARD_ADDR\|
86	SSH_BUG_GSSAPI_BER},
87	{ "OpenSSH_3.2*,"
88	"OpenSSH_3.3*,"
89	"OpenSSH_3.4*,"
90	"OpenSSH_3.5*", SSH_OLD_FORWARD_ADDR\|SSH_BUG_GSSAPI_BER},
91	{ "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR },
92	{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY\|SSH_BUG_EXTEOF},
93	{ "OpenSSH*", 0 },
94	{ "MindTerm", 0 },
95	{ "2.1.0*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
96	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
97	SSH_BUG_RSASIGMD5\|SSH_BUG_HBSERVICE\|
98	SSH_BUG_FIRSTKEX },
99	{ "2.1 *", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
100	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
101	SSH_BUG_RSASIGMD5\|SSH_BUG_HBSERVICE\|
102	SSH_BUG_FIRSTKEX },
103	{ "2.0.13*,"
104	"2.0.14*,"
105	"2.0.15*,"
106	"2.0.16*,"
107	"2.0.17*,"
108	"2.0.18*,"
109	"2.0.19*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
110	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
111	SSH_BUG_PKSERVICE\|SSH_BUG_X11FWD\|
112	SSH_BUG_PKOK\|SSH_BUG_RSASIGMD5\|
113	SSH_BUG_HBSERVICE\|SSH_BUG_OPENFAILURE\|
114	SSH_BUG_DUMMYCHAN\|SSH_BUG_FIRSTKEX },
115	{ "2.0.11*,"
116	"2.0.12*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
117	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
118	SSH_BUG_PKSERVICE\|SSH_BUG_X11FWD\|
119	SSH_BUG_PKAUTH\|SSH_BUG_PKOK\|
120	SSH_BUG_RSASIGMD5\|SSH_BUG_OPENFAILURE\|
121	SSH_BUG_DUMMYCHAN\|SSH_BUG_FIRSTKEX },
122	{ "2.0.*", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
123	SSH_OLD_SESSIONID\|SSH_BUG_DEBUG\|
124	SSH_BUG_PKSERVICE\|SSH_BUG_X11FWD\|
125	SSH_BUG_PKAUTH\|SSH_BUG_PKOK\|
126	SSH_BUG_RSASIGMD5\|SSH_BUG_OPENFAILURE\|
127	SSH_BUG_DERIVEKEY\|SSH_BUG_DUMMYCHAN\|
128	SSH_BUG_FIRSTKEX },
129	{ "2.2.0*,"
130	"2.3.0*", SSH_BUG_HMAC\|SSH_BUG_DEBUG\|
131	SSH_BUG_RSASIGMD5\|SSH_BUG_FIRSTKEX },
132	{ "2.3.*", SSH_BUG_DEBUG\|SSH_BUG_RSASIGMD5\|
133	SSH_BUG_FIRSTKEX },
134	{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
135	{ "2.*", SSH_BUG_DEBUG\|SSH_BUG_FIRSTKEX },
136	{ "3.0.*", SSH_BUG_DEBUG },
137	{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
138	{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
139	{ "1.2.18*,"
140	"1.2.19*,"
141	"1.2.20*,"
142	"1.2.21*,"
143	"1.2.22*", SSH_BUG_IGNOREMSG },
144	{ "1.3.2", / F-Secure */
145	SSH_BUG_IGNOREMSG },
146	{ "SSH Compatible Server", /* Netscreen */
147	SSH_BUG_PASSWORDPAD },
148	{ "OSU_0,"
149	"OSU_1.0*,"
150	"OSU_1.1*,"
151	"OSU_1.2*,"
152	"OSU_1.3*,"
153	"OSU_1.4*,"
154	"OSU_1.5alpha1*,"
155	"OSU_1.5alpha2*,"
156	"OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
157	{ "SSH_Version_Mapper",
158	SSH_BUG_SCANNER },
159	{ "Probe-*",
160	SSH_BUG_PROBE },
161	{ NULL, 0 }
162	};
163
164	/* process table, return first match */
165	for (i = 0; check[i].pat; i++) {
166	if (match_pattern_list(version, check[i].pat,
167	strlen(check[i].pat), 0) == 1) {
168	debug("match: %s pat %s", version, check[i].pat);
169	datafellows = check[i].bugs;
170	return;
171	}
172	}
173	debug("no match: %s", version);
174	}
175
176	#define SEP ","
177	int
178	proto_spec(const char *spec)
179	{
180	char s, p, *q;
181	int ret = SSH_PROTO_UNKNOWN;
182
183	if (spec == NULL)
184	return ret;
185	q = s = xstrdup(spec);
186	for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
187	switch (atoi(p)) {
188	case 1:
189	if (ret == SSH_PROTO_UNKNOWN)
190	ret \|= SSH_PROTO_1_PREFERRED;
191	ret \|= SSH_PROTO_1;
192	break;
193	case 2:
194	ret \|= SSH_PROTO_2;
195	break;
196	default:
197	logit("ignoring bad proto spec: '%s'.", p);
198	break;
199	}
200	}
201	xfree(s);
202	return ret;
203	}
204
205	char *
206	compat_cipher_proposal(char *cipher_prop)
207	{
208	Buffer b;
209	char orig_prop, fix_ciphers;
210	char cp, tmp;
211
212	if (!(datafellows & SSH_BUG_BIGENDIANAES))
213	return(cipher_prop);
214
215	buffer_init(&b);
216	tmp = orig_prop = xstrdup(cipher_prop);
217	while ((cp = strsep(&tmp, ",")) != NULL) {
218	if (strncmp(cp, "aes", 3) != 0) {
219	if (buffer_len(&b) > 0)
220	buffer_append(&b, ",", 1);
221	buffer_append(&b, cp, strlen(cp));
222	}
223	}
224	buffer_append(&b, "\0", 1);
225	fix_ciphers = xstrdup(buffer_ptr(&b));
226	buffer_free(&b);
227	xfree(orig_prop);
228	debug2("Original cipher proposal: %s", cipher_prop);
229	debug2("Compat cipher proposal: %s", fix_ciphers);
230	if (!*fix_ciphers)
231	fatal("No available ciphers found.");
232
233	return(fix_ciphers);
234	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/third/openssh/compat.c @ 22574

Download in other formats: