-- openssh-5.0p1/Makefile.in

++ openssh-5.0p1/Makefile.in

LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \

LIBSSH_OBJS=acss.o authfd.o authfile.o blacklist.o bufaux.o bufbn.o buffer.o \

-- openssh-5.0p1/auth-rh-rsa.c

++ openssh-5.0p1/auth-rh-rsa.c

-- openssh-5.0p1/auth-rsa.c

++ openssh-5.0p1/auth-rsa.c

-- openssh-5.0p1/auth2-hostbased.c

++ openssh-5.0p1/auth2-hostbased.c

-- openssh-5.0p1/auth2-pubkey.c

++ openssh-5.0p1/auth2-pubkey.c

-- /dev/null

++ openssh-5.0p1/blacklist.c

-- /dev/null

/*

 * Support for RSA/DSA key blacklisting based on partial fingerprints,

 * developed under Openwall Project for Owl - http://www.openwall.com/Owl/

 *

 * Copyright (c) 2008 Dmitry V. Levin <ldv at cvs.openwall.com>

 *

 * Permission to use, copy, modify, and distribute this software for any

 * purpose with or without fee is hereby granted, provided that the above

 * copyright notice and this permission notice appear in all copies.

 *

 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 *

 * The blacklist encoding was designed by Solar Designer and Dmitry V. Levin.

 * No intellectual property rights to the encoding scheme are claimed.

 *

 * This effort was supported by CivicActions - http://www.civicactions.com

 *

 * The file size to encode 294,903 of 48-bit fingerprints is just 1.3 MB,

 * which corresponds to less than 4.5 bytes per fingerprint.

 */

#include "includes.h"

#include <string.h>

#include <unistd.h>

#include <errno.h>

#include <fcntl.h>

#include "atomicio.h"

#include "blacklist.h"

#include "canohost.h"

#include "log.h"

#include "pathnames.h"

#include "servconf.h"

#include "xmalloc.h"

extern ServerOptions options;

typedef struct

{

	/* format version identifier */

	char    version[8];

	/* index size, in bits */

	uint8_t index_size;

	/* offset size, in bits */

	uint8_t offset_size;

	/* record size, in bits */

	uint8_t record_bits;

	/* number of records */

	uint8_t records[3];

	/* offset shift */

	uint8_t shift[2];

} __attribute__((packed)) blacklist_header;

static unsigned

c2u(uint8_t c)

{

	return (c >= 'a') ? (c - 'a' + 10) : (c - '0');

}

static blacklist_error_t

validate_blacklist(const char *fname, int fd, unsigned *bytes,

		   unsigned *records, unsigned *shift)

{

	unsigned expected;

	struct stat st;

	blacklist_header header;

	if (fstat(fd, &st)) {

		error("fstat for blacklist file %s failed: %m", fname);

		return BLACKLIST_ERROR_ACCESS;

	}

	if (atomicio(read, fd, &header, sizeof(header)) != sizeof(header)) {

		error("read blacklist file %s header failed: %m", fname);

		return BLACKLIST_ERROR_ACCESS;

	}

	if (memcmp(header.version, "SSH-FP", 6)) {

		error("blacklist file %s has unrecognized format", fname);

		return BLACKLIST_ERROR_FORMAT;

	}

	if (header.index_size != 16 || header.offset_size != 16 ||

	    memcmp(header.version, "SSH-FP00", 8)) {

		error("blacklist file %s has unsupported format", fname);

		return BLACKLIST_ERROR_VERSION;

	}

	*bytes = (header.record_bits >> 3) - 2;

	*records =

		(((header.records[0] << 8) +

		  header.records[1]) << 8) + header.records[2];

	*shift = (header.shift[0] << 8) + header.shift[1];

	expected = sizeof(header) + 0x20000 + (*records) * (*bytes);

	if (st.st_size != expected) {

		error("blacklist file %s size mismatch: "

		      "expected size %u, found size %lu",

		      fname, expected, (unsigned long) st.st_size);

		return BLACKLIST_ERROR_ACCESS;

	}

	return BLACKLIST_ERROR_NONE;

}

static int

expected_offset(uint16_t index, uint16_t shift, unsigned records)

{

	return ((index * (long long) records) >> 16) - shift;

}

static int

xlseek(const char *fname, int fd, unsigned seek)

{

	if (lseek(fd, seek, SEEK_SET) != seek) {

		error("lseek for blacklist file %s failed: %m", fname);

		return BLACKLIST_ERROR_ACCESS;

	}

	return BLACKLIST_ERROR_NONE;

}

static blacklist_error_t

check(const char *fname, int fd, const char *s)

{

	unsigned bytes, records, shift;

	unsigned num, i, j;

	int     off_start, off_end;

	blacklist_error_t rc;

	uint16_t index;

	/* max number of bytes stored in record_bits, minus two bytes used for index */

	uint8_t buf[(0xff >> 3) - 2];

	if ((rc = validate_blacklist(fname, fd, &bytes, &records, &shift)))

		return rc;

	index = (((((c2u(s[0]) << 4) | c2u(s[1])) << 4) |

		  c2u(s[2])) << 4) | c2u(s[3]);

	if (xlseek(fname, fd, sizeof(blacklist_header) + index * 2))

		return BLACKLIST_ERROR_ACCESS;

	if (atomicio(read, fd, buf, 4) != 4) {

		error("read blacklist file %s offsets failed: %m", fname);

		return BLACKLIST_ERROR_ACCESS;

	}

	off_start = (buf[0] << 8) + buf[1] +

		expected_offset(index, shift, records);

	if (off_start < 0 || (unsigned) off_start > records) {

		error("blacklist file %s off_start overflow [%d] for index %#x",

		      fname, off_start, index);

		return BLACKLIST_ERROR_ACCESS;

	}

	if (index < 0xffff) {

		off_end = (buf[2] << 8) + buf[3] +

			expected_offset(index + 1, shift, records);

		if (off_end < off_start || (unsigned) off_end > records) {

			error("blacklist file %s off_end overflow [%d] for index %#x",

			      fname, off_end, index);

			return BLACKLIST_ERROR_ACCESS;

		}

	} else

		off_end = records;

	if (xlseek(fname, fd,

		   sizeof(blacklist_header) + 0x20000 + off_start * bytes))

		return BLACKLIST_ERROR_ACCESS;

	num = off_end - off_start;

	for (i = 0; i < num; ++i) {

		if (atomicio(read, fd, buf, bytes) != bytes) {

			error("read blacklist file %s fingerprints failed: %m",

			      fname);

			return BLACKLIST_ERROR_ACCESS;

		}

		for (j = 0; j < bytes; ++j)

			if (((c2u(s[4 + j * 2]) << 4) | c2u(s[5 + j * 2])) !=

			    buf[j])

				break;

		if (j >= bytes) {

			debug("blacklisted fingerprint: %s offset=%u, number=%u",

			      s, off_start, i);

			return BLACKLIST_ERROR_ALL;

		}

	}

	debug("non-blacklisted fingerprint: %s offset=%u, number=%u",

	      s, off_start, num);

	return BLACKLIST_ERROR_NONE;

}

static blacklist_error_t

blacklisted_fingerprint(const char *hex)

{

	int     fd = -1;

	blacklist_error_t rc = BLACKLIST_ERROR_ACCESS;

	const char *fname = _PATH_BLACKLIST;

	char   *s, *p;

	debug("Checking fingerprint %s using blacklist file %s", hex, fname);

	s = xstrdup(hex);

	for (p = s; *hex; ++hex)

		if (*hex != ':')

			*p++ = *hex;

	*p = '\0';

	if (strlen(s) != 32 || strlen(s) != strspn(s, "0123456789abcdef")) {

		error("%s: invalid fingerprint", s);

		goto out;

	}

	if ((fd = open(fname, O_RDONLY)) < 0) {

		if (ENOENT == errno) {

			rc = BLACKLIST_ERROR_MISSING;

			verbose("open blacklist file %s failed: %m", fname);

		} else

			logit("open blacklist file %s failed: %m", fname);

		goto out;

	}

	rc = check(fname, fd, s);

out:

	close(fd);

	xfree(s);

	return rc;

}

int

blacklisted_key(Key *key, int hostkey)

{

	int     rc;

	const char *text;

	char   *fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);

	switch ((rc = blacklisted_fingerprint(fp))) {

		case BLACKLIST_ERROR_NONE:

			break;

		case BLACKLIST_ERROR_ALL:

			text = (options.ignore_blacklist_errors == rc) ?

			       "Permitted" : "Rejected";

			if (hostkey)

				logit("%s blacklisted host key %s", text, fp);

			else

				logit("%s blacklisted public key %s from %.100s",

				      text, fp, get_remote_ipaddr());

			break;

		default:

			if (hostkey)

				logit("Unable to check blacklist for host key %s",

				      fp);

			else

				logit("Unable to check blacklist for public key %s from %.100s",

				      fp, get_remote_ipaddr());

	}

	xfree(fp);

	return (rc > options.ignore_blacklist_errors);

}

-- openssh-5.0p1/pathnames.h

/*

 * Support for RSA/DSA key blacklisting based on partial fingerprints,

 * developed under Openwall Project for Owl - http://www.openwall.com/Owl/

 *

 * Copyright (c) 2008 Dmitry V. Levin <ldv at cvs.openwall.com>

 *

 * Permission to use, copy, modify, and distribute this software for any

 * purpose with or without fee is hereby granted, provided that the above

 * copyright notice and this permission notice appear in all copies.

 *

 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 */

#ifndef BLACKLIST_H_

#define BLACKLIST_H_

#include "key.h"

int blacklisted_key(Key *, int);

typedef enum

{

	BLACKLIST_ERROR_NONE = 0,

	BLACKLIST_ERROR_MISSING,

	BLACKLIST_ERROR_VERSION,

	BLACKLIST_ERROR_FORMAT,

	BLACKLIST_ERROR_ACCESS,

	BLACKLIST_ERROR_ALL

} blacklist_error_t;

#endif /* BLACKLIST_H_ */

-- openssh-5.0p1/servconf.c

++ openssh-5.0p1/servconf.c

	sStrictModes, sEmptyPasswd, sTCPKeepAlive,

	sStrictModes, sIgnoreBlacklistErrors, sEmptyPasswd, sTCPKeepAlive,

-- openssh-5.0p1/servconf.h

++ openssh-5.0p1/servconf.h

-- openssh-5.0p1/sshd.c

++ openssh-5.0p1/sshd.c

-- openssh-5.0p1/sshd_config.5

++ openssh-5.0p1/sshd_config.5