From 2b7c1f5900da541a394e8384717e81e135ef1f82 Mon Sep 17 00:00:00 2001 From: djm Date: Sun, 30 Apr 2017 23:11:45 +0000 Subject: [PATCH] remove options.protocol and client Protocol configuration knob ok markus@ --- usr.bin/ssh/compat.c | 4 +-- usr.bin/ssh/readconf.c | 57 ++++++++-------------------------------- usr.bin/ssh/readconf.h | 3 +-- usr.bin/ssh/ssh.c | 6 ++--- usr.bin/ssh/sshconnect.c | 49 +++++++--------------------------- 5 files changed, 26 insertions(+), 93 deletions(-) diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index 9cc60cdebb4..d9706480046 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.102 2017/04/30 23:11:45 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -230,8 +230,6 @@ proto_spec(const char *spec) return ret; for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { switch (atoi(p)) { - case 1: - break; case 2: ret |= SSH_PROTO_2; break; diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 7bf65ad6e19..e690d9321e7 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.272 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.273 2017/04/30 23:11:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -137,7 +137,7 @@ typedef enum { oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, - oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oProtocol, oMacs, + oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, @@ -156,7 +156,7 @@ typedef enum { oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, oPubkeyAcceptedKeyTypes, oProxyJump, - oIgnoredUnknownOption, oDeprecated, oUnsupported + oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -166,6 +166,7 @@ static struct { OpCodes opcode; } keywords[] = { /* Deprecated options */ + { "protocol", oIgnore }, /* NB. silently ignored */ { "fallbacktorsh", oDeprecated }, { "globalknownhostsfile2", oDeprecated }, { "rhostsauthentication", oDeprecated }, @@ -227,7 +228,6 @@ static struct { { "cipher", oCipher }, { "ciphers", oCiphers }, { "macs", oMacs }, - { "protocol", oProtocol }, { "remoteforward", oRemoteForward }, { "localforward", oLocalForward }, { "user", oUser }, @@ -851,6 +851,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, case oBadOption: /* don't panic, but count bad options */ return -1; + case oIgnore: + return 0; case oIgnoredUnknownOption: debug("%s line %d: Ignored unknown option \"%s\"", filename, linenum, keyword); @@ -1221,19 +1223,6 @@ parse_keytypes: *charptr = xstrdup(arg); break; - case oProtocol: - intptr = &options->protocol; - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); - value = proto_spec(arg); - if (value == SSH_PROTO_UNKNOWN) - fatal("%.200s line %d: Bad protocol spec '%s'.", - filename, linenum, arg ? arg : ""); - if (*activep && *intptr == SSH_PROTO_UNKNOWN) - *intptr = value; - break; - case oLogLevel: log_level_ptr = &options->log_level; arg = strdelim(&s); @@ -1812,7 +1801,6 @@ initialize_options(Options * options) options->macs = NULL; options->kex_algorithms = NULL; options->hostkeyalgorithms = NULL; - options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; options->num_certificate_files = 0; options->hostname = NULL; @@ -1969,25 +1957,14 @@ fill_default_options(Options * options) if (options->cipher == -1) options->cipher = SSH_CIPHER_NOT_SET; /* options->hostkeyalgorithms, default set in myproposals.h */ - if (options->protocol == SSH_PROTO_UNKNOWN) - options->protocol = SSH_PROTO_2; if (options->add_keys_to_agent == -1) options->add_keys_to_agent = 0; if (options->num_identity_files == 0) { - if (options->protocol & SSH_PROTO_1) { - add_identity_file(options, "~/", - _PATH_SSH_CLIENT_IDENTITY, 0); - } - if (options->protocol & SSH_PROTO_2) { - add_identity_file(options, "~/", - _PATH_SSH_CLIENT_ID_RSA, 0); - add_identity_file(options, "~/", - _PATH_SSH_CLIENT_ID_DSA, 0); - add_identity_file(options, "~/", - _PATH_SSH_CLIENT_ID_ECDSA, 0); - add_identity_file(options, "~/", - _PATH_SSH_CLIENT_ID_ED25519, 0); - } + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); + add_identity_file(options, "~/", + _PATH_SSH_CLIENT_ID_ED25519, 0); } if (options->escape_char == -1) options->escape_char = '~'; @@ -2378,17 +2355,6 @@ fmt_intarg(OpCodes code, int val) return fmt_multistate_int(val, multistate_canonicalizehostname); case oFingerprintHash: return ssh_digest_alg_name(val); - case oProtocol: - switch (val) { - case SSH_PROTO_1: - return "1"; - case SSH_PROTO_2: - return "2"; - case (SSH_PROTO_1|SSH_PROTO_2): - return "2,1"; - default: - return "UNKNOWN"; - } default: switch (val) { case 0: @@ -2533,7 +2499,6 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); - dump_cfg_fmtint(oProtocol, o->protocol); dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); dump_cfg_fmtint(oRequestTTY, o->request_tty); diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index d6242810139..f53864854b6 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.118 2017/04/28 03:20:27 dtucker Exp $ */ +/* $OpenBSD: readconf.h,v 1.119 2017/04/30 23:11:45 djm Exp $ */ /* * Author: Tatu Ylonen @@ -75,7 +75,6 @@ typedef struct { char *macs; /* SSH2 macs in order of preference. */ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ - int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ char *proxy_command; /* Proxy command for connecting the host. */ diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 8cfc35fb939..fb6cadf38c9 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.453 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.454 2017/04/30 23:11:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -578,10 +578,10 @@ main(int ac, char **av) "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { switch (opt) { case '1': - options.protocol = SSH_PROTO_1; + fatal("SSH protocol v.1 is no longer supported"); break; case '2': - options.protocol = SSH_PROTO_2; + /* Ignored */ break; case '4': options.address_family = AF_INET; diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 80b2691b3c8..c2257a961b4 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.274 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.275 2017/04/30 23:11:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -539,7 +539,7 @@ ssh_exchange_identification(int timeout_ms) int remote_major, remote_minor, mismatch; int connection_in = packet_get_connection_in(); int connection_out = packet_get_connection_out(); - int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0; + int client_banner_sent = 0; u_int i, n; size_t len; int fdsetsz, remaining, rc; @@ -549,15 +549,9 @@ ssh_exchange_identification(int timeout_ms) fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); fdset = xcalloc(1, fdsetsz); - /* - * If we are SSH2-only then we can send the banner immediately and - * save a round-trip. - */ - if (options.protocol == SSH_PROTO_2) { - enable_compat20(); - send_client_banner(connection_out, 0); - client_banner_sent = 1; - } + enable_compat20(); + send_client_banner(connection_out, 0); + client_banner_sent = 1; /* Read other side's version identification. */ remaining = timeout_ms; @@ -625,50 +619,27 @@ ssh_exchange_identification(int timeout_ms) switch (remote_major) { case 1: - if (remote_minor == 99 && - (options.protocol & SSH_PROTO_2) && - !(options.protocol & SSH_PROTO_1_PREFERRED)) { + if (remote_minor == 99) enable_compat20(); - break; - } - if (!(options.protocol & SSH_PROTO_1)) { + else mismatch = 1; - break; - } - if (remote_minor < 3) { - fatal("Remote machine has too old SSH software version."); - } else if (remote_minor == 3 || remote_minor == 4) { - /* We speak 1.3, too. */ - enable_compat13(); - minor1 = 3; - if (options.forward_agent) { - logit("Agent forwarding disabled for protocol 1.3"); - options.forward_agent = 0; - } - } break; case 2: - if (options.protocol & SSH_PROTO_2) { - enable_compat20(); - break; - } - /* FALLTHROUGH */ + enable_compat20(); + break; default: mismatch = 1; break; } if (mismatch) fatal("Protocol major versions differ: %d vs. %d", - (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, - remote_major); + PROTOCOL_MAJOR_2, remote_major); if ((datafellows & SSH_BUG_DERIVEKEY) != 0) fatal("Server version \"%.100s\" uses unsafe key agreement; " "refusing connection", remote_version); if ((datafellows & SSH_BUG_RSASIGMD5) != 0) logit("Server version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); - if (!client_banner_sent) - send_client_banner(connection_out, minor1); chop(server_version_string); } -- 2.20.1