external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/readconf.h b/readconf.h
index 5944cff..576b9e3 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.90 2011/05/24 07:15:47 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.109 2015/02/16 22:13:32 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,19 +16,17 @@
#ifndef READCONF_H
#define READCONF_H
-/* Data structure for representing a forwarding request. */
-
-typedef struct {
- char *listen_host; /* Host (address) to listen on. */
- int listen_port; /* Port to forward. */
- char *connect_host; /* Host to connect. */
- int connect_port; /* Port to connect on connect_host. */
- int allocated_port; /* Dynamically allocated listen port */
-} Forward;
/* Data structure for representing option data. */
#define MAX_SEND_ENV 256
-#define SSH_MAX_HOSTS_FILES 256
+#define SSH_MAX_HOSTS_FILES 32
+#define MAX_CANON_DOMAINS 32
+#define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path)
+
+struct allowed_cname {
+ char *source_list;
+ char *target_list;
+};
typedef struct {
int forward_agent; /* Forward authentication agent. */
@@ -37,7 +35,7 @@
int forward_x11_trusted; /* Trust Forward X11 display. */
int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */
char *xauth_location; /* Location for xauth program */
- int gateway_ports; /* Allow remote connects to forwarded ports. */
+ struct ForwardOptions fwd_opts; /* forwarding options */
int use_privileged_port; /* Don't use privileged port if false. */
int rhosts_rsa_authentication; /* Try rhosts with RSA
* authentication. */
@@ -52,7 +50,6 @@
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
- int zero_knowledge_password_authentication; /* Try jpake */
int batch_mode; /* Batch mode: do not ask for passwords. */
int check_host_ip; /* Also keep track of keys for IP address */
int strict_host_key_checking; /* Strict host key checking. */
@@ -95,19 +92,21 @@
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
- Key *identity_keys[SSH_MAX_IDENTITY_FILES];
+ int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
+ struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];
/* Local TCP/IP forward requests. */
int num_local_forwards;
- Forward *local_forwards;
+ struct Forward *local_forwards;
/* Remote TCP/IP forward requests. */
int num_remote_forwards;
- Forward *remote_forwards;
+ struct Forward *remote_forwards;
int clear_forwardings;
int enable_ssh_keysign;
int64_t rekey_limit;
+ int rekey_interval;
int no_host_authentication_for_localhost;
int identities_only;
int server_alive_interval;
@@ -134,8 +133,32 @@
int use_roaming;
int request_tty;
+
+ int proxy_use_fdpass;
+
+ int num_canonical_domains;
+ char *canonical_domains[MAX_CANON_DOMAINS];
+ int canonicalize_hostname;
+ int canonicalize_max_dots;
+ int canonicalize_fallback_local;
+ int num_permitted_cnames;
+ struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
+
+ char *revoked_host_keys;
+
+ int fingerprint_hash;
+
+ int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
+
+ char *hostbased_key_types;
+
+ char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
+#define SSH_CANONICALISE_NO 0
+#define SSH_CANONICALISE_YES 1
+#define SSH_CANONICALISE_ALWAYS 2
+
#define SSHCTL_MASTER_NO 0
#define SSHCTL_MASTER_YES 1
#define SSHCTL_MASTER_AUTO 2
@@ -147,15 +170,28 @@
#define REQUEST_TTY_YES 2
#define REQUEST_TTY_FORCE 3
+#define SSHCONF_CHECKPERM 1 /* check permissions on config file */
+#define SSHCONF_USERCONF 2 /* user provided config file not system */
+#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */
+
+#define SSH_UPDATE_HOSTKEYS_NO 0
+#define SSH_UPDATE_HOSTKEYS_YES 1
+#define SSH_UPDATE_HOSTKEYS_ASK 2
+
void initialize_options(Options *);
void fill_default_options(Options *);
-int read_config_file(const char *, const char *, Options *, int);
-int parse_forward(Forward *, const char *, int, int);
+void fill_default_options_for_canonicalization(Options *);
+int process_config_line(Options *, struct passwd *, const char *,
+ const char *, char *, const char *, int, int *, int);
+int read_config_file(const char *, struct passwd *, const char *,
+ const char *, Options *, int);
+int parse_forward(struct Forward *, const char *, int, int);
+int default_ssh_port(void);
+int option_clear_or_none(const char *);
+void dump_client_config(Options *o, const char *host);
-int
-process_config_line(Options *, const char *, char *, const char *, int, int *);
-
-void add_local_forward(Options *, const Forward *);
-void add_remote_forward(Options *, const Forward *);
+void add_local_forward(Options *, const struct Forward *);
+void add_remote_forward(Options *, const struct Forward *);
+void add_identity_file(Options *, const char *, const char *, int);
#endif /* READCONF_H */