mirror of
https://git.freebsd.org/src.git
synced 2026-01-16 23:02:24 +00:00
3d9fd9fcb4
Highlights from the release notes are reproduced below. Bug fixes and improvements that were previously merged into FreeBSD have been elided. See the upstream release notes for full details of the 9.9p1 release (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * ssh(1): remove support for pre-authentication compression. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters. New features ------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. Bugfixes -------- * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505 --- Reviewed by: jlduran (build infrastructure) Reviewed by: cy (build infrastructure) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48947
367 lines
9.6 KiB
C
367 lines
9.6 KiB
C
/* $OpenBSD: match.c,v 1.45 2024/09/06 02:30:44 djm Exp $ */
|
|
/*
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
* All rights reserved
|
|
* Simple pattern matching, with '*' and '?' as wildcards.
|
|
*
|
|
* As far as I am concerned, the code I have written for this software
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
* software must be clearly marked as such, and if the derived work is
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
* called by a name other than "ssh" or "Secure Shell".
|
|
*/
|
|
/*
|
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <ctype.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
|
|
#include "xmalloc.h"
|
|
#include "match.h"
|
|
#include "misc.h"
|
|
|
|
/*
|
|
* Returns true if the given string matches the pattern (which may contain ?
|
|
* and * as wildcards), and zero if it does not match.
|
|
*/
|
|
int
|
|
match_pattern(const char *s, const char *pattern)
|
|
{
|
|
for (;;) {
|
|
/* If at end of pattern, accept if also at end of string. */
|
|
if (!*pattern)
|
|
return !*s;
|
|
|
|
if (*pattern == '*') {
|
|
/* Skip this and any consecutive asterisks. */
|
|
while (*pattern == '*')
|
|
pattern++;
|
|
|
|
/* If at end of pattern, accept immediately. */
|
|
if (!*pattern)
|
|
return 1;
|
|
|
|
/* If next character in pattern is known, optimize. */
|
|
if (*pattern != '?' && *pattern != '*') {
|
|
/*
|
|
* Look instances of the next character in
|
|
* pattern, and try to match starting from
|
|
* those.
|
|
*/
|
|
for (; *s; s++)
|
|
if (*s == *pattern &&
|
|
match_pattern(s + 1, pattern + 1))
|
|
return 1;
|
|
/* Failed. */
|
|
return 0;
|
|
}
|
|
/*
|
|
* Move ahead one character at a time and try to
|
|
* match at each position.
|
|
*/
|
|
for (; *s; s++)
|
|
if (match_pattern(s, pattern))
|
|
return 1;
|
|
/* Failed. */
|
|
return 0;
|
|
}
|
|
/*
|
|
* There must be at least one more character in the string.
|
|
* If we are at the end, fail.
|
|
*/
|
|
if (!*s)
|
|
return 0;
|
|
|
|
/* Check if the next character of the string is acceptable. */
|
|
if (*pattern != '?' && *pattern != *s)
|
|
return 0;
|
|
|
|
/* Move to the next character, both in string and in pattern. */
|
|
s++;
|
|
pattern++;
|
|
}
|
|
/* NOTREACHED */
|
|
}
|
|
|
|
/*
|
|
* Tries to match the string against the
|
|
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
|
* indicate negation). Returns -1 if negation matches, 1 if there is
|
|
* a positive match, 0 if there is no match at all.
|
|
*/
|
|
int
|
|
match_pattern_list(const char *string, const char *pattern, int dolower)
|
|
{
|
|
char sub[1024];
|
|
int negated;
|
|
int got_positive;
|
|
u_int i, subi, len = strlen(pattern);
|
|
|
|
got_positive = 0;
|
|
for (i = 0; i < len;) {
|
|
/* Check if the subpattern is negated. */
|
|
if (pattern[i] == '!') {
|
|
negated = 1;
|
|
i++;
|
|
} else
|
|
negated = 0;
|
|
|
|
/*
|
|
* Extract the subpattern up to a comma or end. Convert the
|
|
* subpattern to lowercase.
|
|
*/
|
|
for (subi = 0;
|
|
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
|
|
subi++, i++)
|
|
sub[subi] = dolower && isupper((u_char)pattern[i]) ?
|
|
tolower((u_char)pattern[i]) : pattern[i];
|
|
/* If subpattern too long, return failure (no match). */
|
|
if (subi >= sizeof(sub) - 1)
|
|
return 0;
|
|
|
|
/* If the subpattern was terminated by a comma, then skip it. */
|
|
if (i < len && pattern[i] == ',')
|
|
i++;
|
|
|
|
/* Null-terminate the subpattern. */
|
|
sub[subi] = '\0';
|
|
|
|
/* Try to match the subpattern against the string. */
|
|
if (match_pattern(string, sub)) {
|
|
if (negated)
|
|
return -1; /* Negative */
|
|
else
|
|
got_positive = 1; /* Positive */
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Return success if got a positive match. If there was a negative
|
|
* match, we have already returned -1 and never get here.
|
|
*/
|
|
return got_positive;
|
|
}
|
|
|
|
/* Match a list representing users or groups. */
|
|
int
|
|
match_usergroup_pattern_list(const char *string, const char *pattern)
|
|
{
|
|
#ifdef HAVE_CYGWIN
|
|
/* Windows usernames may be Unicode and are not case sensitive */
|
|
return cygwin_ug_match_pattern_list(string, pattern);
|
|
#else
|
|
/* Case sensitive match */
|
|
return match_pattern_list(string, pattern, 0);
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Tries to match the host name (which must be in all lowercase) against the
|
|
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
|
* indicate negation). Returns -1 if negation matches, 1 if there is
|
|
* a positive match, 0 if there is no match at all.
|
|
*/
|
|
int
|
|
match_hostname(const char *host, const char *pattern)
|
|
{
|
|
char *hostcopy = xstrdup(host);
|
|
int r;
|
|
|
|
lowercase(hostcopy);
|
|
r = match_pattern_list(hostcopy, pattern, 1);
|
|
free(hostcopy);
|
|
return r;
|
|
}
|
|
|
|
/*
|
|
* returns 0 if we get a negative match for the hostname or the ip
|
|
* or if we get no match at all. returns -1 on error, or 1 on
|
|
* successful match.
|
|
*/
|
|
int
|
|
match_host_and_ip(const char *host, const char *ipaddr,
|
|
const char *patterns)
|
|
{
|
|
int mhost, mip;
|
|
|
|
if ((mip = addr_match_list(ipaddr, patterns)) == -2)
|
|
return -1; /* error in ipaddr match */
|
|
else if (host == NULL || ipaddr == NULL || mip == -1)
|
|
return 0; /* negative ip address match, or testing pattern */
|
|
|
|
/* negative hostname match */
|
|
if ((mhost = match_hostname(host, patterns)) == -1)
|
|
return 0;
|
|
/* no match at all */
|
|
if (mhost == 0 && mip == 0)
|
|
return 0;
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Match user, user@host_or_ip, user@host_or_ip_list against pattern.
|
|
* If user, host and ipaddr are all NULL then validate pattern/
|
|
* Returns -1 on invalid pattern, 0 on no match, 1 on match.
|
|
*/
|
|
int
|
|
match_user(const char *user, const char *host, const char *ipaddr,
|
|
const char *pattern)
|
|
{
|
|
char *p, *pat;
|
|
int ret;
|
|
|
|
/* test mode */
|
|
if (user == NULL && host == NULL && ipaddr == NULL) {
|
|
if ((p = strrchr(pattern, '@')) != NULL &&
|
|
match_host_and_ip(NULL, NULL, p + 1) < 0)
|
|
return -1;
|
|
return 0;
|
|
}
|
|
|
|
if (user == NULL)
|
|
return 0; /* shouldn't happen */
|
|
|
|
if (strrchr(pattern, '@') == NULL)
|
|
return match_pattern(user, pattern);
|
|
|
|
pat = xstrdup(pattern);
|
|
p = strrchr(pat, '@');
|
|
*p++ = '\0';
|
|
|
|
if ((ret = match_pattern(user, pat)) == 1)
|
|
ret = match_host_and_ip(host, ipaddr, p);
|
|
free(pat);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Returns first item from client-list that is also supported by server-list,
|
|
* caller must free the returned string.
|
|
*/
|
|
#define MAX_PROP 40
|
|
#define SEP ","
|
|
char *
|
|
match_list(const char *client, const char *server, u_int *next)
|
|
{
|
|
char *sproposals[MAX_PROP];
|
|
char *c, *s, *p, *ret, *cp, *sp;
|
|
int i, j, nproposals;
|
|
|
|
c = cp = xstrdup(client);
|
|
s = sp = xstrdup(server);
|
|
|
|
for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
|
|
(p = strsep(&sp, SEP)), i++) {
|
|
if (i < MAX_PROP)
|
|
sproposals[i] = p;
|
|
else
|
|
break;
|
|
}
|
|
nproposals = i;
|
|
|
|
for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
|
|
(p = strsep(&cp, SEP)), i++) {
|
|
for (j = 0; j < nproposals; j++) {
|
|
if (strcmp(p, sproposals[j]) == 0) {
|
|
ret = xstrdup(p);
|
|
if (next != NULL)
|
|
*next = (cp == NULL) ?
|
|
strlen(c) : (u_int)(cp - c);
|
|
free(c);
|
|
free(s);
|
|
return ret;
|
|
}
|
|
}
|
|
}
|
|
if (next != NULL)
|
|
*next = strlen(c);
|
|
free(c);
|
|
free(s);
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Filter proposal using pattern-list filter.
|
|
* "denylist" determines sense of filter:
|
|
* non-zero indicates that items matching filter should be excluded.
|
|
* zero indicates that only items matching filter should be included.
|
|
* returns NULL on allocation error, otherwise caller must free result.
|
|
*/
|
|
static char *
|
|
filter_list(const char *proposal, const char *filter, int denylist)
|
|
{
|
|
size_t len = strlen(proposal) + 1;
|
|
char *fix_prop = malloc(len);
|
|
char *orig_prop = strdup(proposal);
|
|
char *cp, *tmp;
|
|
int r;
|
|
|
|
if (fix_prop == NULL || orig_prop == NULL) {
|
|
free(orig_prop);
|
|
free(fix_prop);
|
|
return NULL;
|
|
}
|
|
|
|
tmp = orig_prop;
|
|
*fix_prop = '\0';
|
|
while ((cp = strsep(&tmp, ",")) != NULL) {
|
|
r = match_pattern_list(cp, filter, 0);
|
|
if ((denylist && r != 1) || (!denylist && r == 1)) {
|
|
if (*fix_prop != '\0')
|
|
strlcat(fix_prop, ",", len);
|
|
strlcat(fix_prop, cp, len);
|
|
}
|
|
}
|
|
free(orig_prop);
|
|
return fix_prop;
|
|
}
|
|
|
|
/*
|
|
* Filters a comma-separated list of strings, excluding any entry matching
|
|
* the 'filter' pattern list. Caller must free returned string.
|
|
*/
|
|
char *
|
|
match_filter_denylist(const char *proposal, const char *filter)
|
|
{
|
|
return filter_list(proposal, filter, 1);
|
|
}
|
|
|
|
/*
|
|
* Filters a comma-separated list of strings, including only entries matching
|
|
* the 'filter' pattern list. Caller must free returned string.
|
|
*/
|
|
char *
|
|
match_filter_allowlist(const char *proposal, const char *filter)
|
|
{
|
|
return filter_list(proposal, filter, 0);
|
|
}
|