upstream commit

remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56

Makefile.in

@@ -95,8 +95,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	platform-pledge.o
 
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
-	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
-	roaming_common.o roaming_client.o
+	sshconnect.o sshconnect1.o sshconnect2.o mux.o
 
 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	audit.o audit-bsm.o audit-linux.o platform.o \
@@ -109,7 +108,6 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
 	sftp-server.o sftp-common.o \
-	roaming_common.o roaming_serv.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
 	sandbox-solaris.o
@@ -180,14 +178,14 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
 ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
 	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
-ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o
-	$(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o
+	$(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
-ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
-	$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 
 sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
 	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -484,8 +482,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
 
 UNITTESTS_TEST_KEX_OBJS=\
 	regress/unittests/kex/tests.o \
-	regress/unittests/kex/test_kex.o \
-	roaming_dummy.o
+	regress/unittests/kex/test_kex.o
 
 regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
     regress/unittests/test_helper/libtest_helper.a libssh.a

clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.280 2016/01/14 16:17:39 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -111,7 +111,6 @@
 #include "sshpty.h"
 #include "match.h"
 #include "msg.h"
-#include "roaming.h"
 #include "ssherr.h"
 #include "hostfile.h"
 
@@ -756,7 +755,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
 static void
 client_process_net_input(fd_set *readset)
 {
-	int len, cont = 0;
+	int len;
 	char buf[SSH_IOBUFSZ];
 
 	/*
@@ -765,8 +764,8 @@ client_process_net_input(fd_set *readset)
 	 */
 	if (FD_ISSET(connection_in, readset)) {
 		/* Read as much as possible. */
-		len = roaming_read(connection_in, buf, sizeof(buf), &cont);
-		if (len == 0 && cont == 0) {
+		len = read(connection_in, buf, sizeof(buf));
+		if (len == 0) {
 			/*
 			 * Received EOF.  The remote host has closed the
 			 * connection.

kex.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.115 2015/12/13 22:42:23 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.116 2016/01/14 16:17:39 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -49,7 +49,6 @@
 #include "misc.h"
 #include "dispatch.h"
 #include "monitor.h"
-#include "roaming.h"
 
 #include "ssherr.h"
 #include "sshbuf.h"
@@ -748,17 +747,6 @@ kex_choose_conf(struct ssh *ssh)
 		sprop=peer;
 	}
 
-	/* Check whether server offers roaming */
-	if (!kex->server) {
-		char *roaming = match_list(KEX_RESUME,
-		    peer[PROPOSAL_KEX_ALGS], NULL);
-
-		if (roaming) {
-			kex->roaming = 1;
-			free(roaming);
-		}
-	}
-
 	/* Check whether client supports ext_info_c */
 	if (kex->server) {
 		char *ext;

kex.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.74 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.75 2016/01/14 16:17:39 markus Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -54,7 +54,6 @@
 #define	KEX_DH14		"diffie-hellman-group14-sha1"
 #define	KEX_DHGEX_SHA1		"diffie-hellman-group-exchange-sha1"
 #define	KEX_DHGEX_SHA256	"diffie-hellman-group-exchange-sha256"
-#define	KEX_RESUME		"resume@appgate.com"
 #define	KEX_ECDH_SHA2_NISTP256	"ecdh-sha2-nistp256"
 #define	KEX_ECDH_SHA2_NISTP384	"ecdh-sha2-nistp384"
 #define	KEX_ECDH_SHA2_NISTP521	"ecdh-sha2-nistp521"
@@ -133,7 +132,6 @@ struct kex {
 	int	hostkey_type;
 	int	hostkey_nid;
 	u_int	kex_type;
-	int	roaming;
 	int	rsa_sha2;
 	int	ext_info_c;
 	struct sshbuf *my;

monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.155 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.156 2016/01/14 16:17:39 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -100,7 +100,6 @@
 #include "monitor_fdpass.h"
 #include "compat.h"
 #include "ssh2.h"
-#include "roaming.h"
 #include "authfd.h"
 #include "match.h"
 #include "ssherr.h"

monitor_wrap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.86 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.87 2016/01/14 16:17:40 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -80,7 +80,6 @@
 #include "channels.h"
 #include "session.h"
 #include "servconf.h"
-#include "roaming.h"
 
 #include "ssherr.h"
 

opacket.c

@@ -235,18 +235,6 @@ packet_set_connection(int fd_in, int fd_out)
 		fatal("%s: ssh_packet_set_connection failed", __func__);
 }
 
-void
-packet_backup_state(void)
-{
-	ssh_packet_backup_state(active_state, backup_state);
-}
-
-void
-packet_restore_state(void)
-{
-	ssh_packet_restore_state(active_state, backup_state);
-}
-
 u_int
 packet_get_char(void)
 {

opacket.h

@@ -39,8 +39,6 @@ do { \
 void	 packet_close(void);
 u_int	 packet_get_char(void);
 u_int	 packet_get_int(void);
-void	 packet_backup_state(void);
-void	 packet_restore_state(void);
 void     packet_set_connection(int, int);
 int	 packet_read_seqnr(u_int32_t *);
 int	 packet_read_poll_seqnr(u_int32_t *);

packet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.221 2015/12/11 04:21:12 mmcc Exp $ */
+/* $OpenBSD: packet.c,v 1.222 2016/01/14 16:17:40 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -83,7 +83,6 @@
 #include "channels.h"
 #include "ssh.h"
 #include "packet.h"
-#include "roaming.h"
 #include "ssherr.h"
 #include "sshbuf.h"
 
@@ -1279,7 +1278,7 @@ int
 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
 	struct session_state *state = ssh->state;
-	int len, r, ms_remain, cont;
+	int len, r, ms_remain;
 	fd_set *setp;
 	char buf[8192];
 	struct timeval timeout, start, *timeoutp = NULL;
@@ -1349,11 +1348,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 		if (r == 0)
 			return SSH_ERR_CONN_TIMEOUT;
 		/* Read data from the socket. */
-		do {
-			cont = 0;
-			len = roaming_read(state->connection_in, buf,
-			    sizeof(buf), &cont);
-		} while (len == 0 && cont);
+		len = read(state->connection_in, buf, sizeof(buf));
 		if (len == 0) {
 			r = SSH_ERR_CONN_CLOSED;
 			goto out;
@@ -2025,19 +2020,18 @@ ssh_packet_write_poll(struct ssh *ssh)
 {
 	struct session_state *state = ssh->state;
 	int len = sshbuf_len(state->output);
-	int cont, r;
+	int r;
 
 	if (len > 0) {
-		cont = 0;
-		len = roaming_write(state->connection_out,
-		    sshbuf_ptr(state->output), len, &cont);
+		len = write(state->connection_out,
+		    sshbuf_ptr(state->output), len);
 		if (len == -1) {
 			if (errno == EINTR || errno == EAGAIN ||
 			    errno == EWOULDBLOCK)
 				return 0;
 			return SSH_ERR_SYSTEM_ERROR;
 		}
-		if (len == 0 && !cont)
+		if (len == 0)
 			return SSH_ERR_CONN_CLOSED;
 		if ((r = sshbuf_consume(state->output, len)) != 0)
 			return r;
@@ -2314,58 +2308,6 @@ ssh_packet_get_output(struct ssh *ssh)
 	return (void *)ssh->state->output;
 }
 
-/* XXX TODO update roaming to new API (does not work anyway) */
-/*
- * Save the state for the real connection, and use a separate state when
- * resuming a suspended connection.
- */
-void
-ssh_packet_backup_state(struct ssh *ssh,
-    struct ssh *backup_state)
-{
-	struct ssh *tmp;
-
-	close(ssh->state->connection_in);
-	ssh->state->connection_in = -1;
-	close(ssh->state->connection_out);
-	ssh->state->connection_out = -1;
-	if (backup_state)
-		tmp = backup_state;
-	else
-		tmp = ssh_alloc_session_state();
-	backup_state = ssh;
-	ssh = tmp;
-}
-
-/* XXX FIXME FIXME FIXME */
-/*
- * Swap in the old state when resuming a connecion.
- */
-void
-ssh_packet_restore_state(struct ssh *ssh,
-    struct ssh *backup_state)
-{
-	struct ssh *tmp;
-	u_int len;
-	int r;
-
-	tmp = backup_state;
-	backup_state = ssh;
-	ssh = tmp;
-	ssh->state->connection_in = backup_state->state->connection_in;
-	backup_state->state->connection_in = -1;
-	ssh->state->connection_out = backup_state->state->connection_out;
-	backup_state->state->connection_out = -1;
-	len = sshbuf_len(backup_state->state->input);
-	if (len > 0) {
-		if ((r = sshbuf_putb(ssh->state->input,
-		    backup_state->state->input)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
-		sshbuf_reset(backup_state->state->input);
-		add_recv_bytes(len);
-	}
-}
-
 /* Reset after_authentication and reset compression in post-auth privsep */
 static int
 ssh_packet_set_postauth(struct ssh *ssh)
@@ -2515,11 +2457,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
 	    (r = sshbuf_put_stringb(m, state->output)) != 0)
 		return r;
 
-	if (compat20) {
-		if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 ||
-		    (r = sshbuf_put_u64(m, get_recv_bytes())) != 0)
-			return r;
-	}
 	return 0;
 }
 
@@ -2646,7 +2583,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
 	size_t ssh1keylen, rlen, slen, ilen, olen;
 	int r;
 	u_int ssh1cipher = 0;
-	u_int64_t sent_bytes = 0, recv_bytes = 0;
 
 	if (!compat20) {
 		if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 ||
@@ -2711,12 +2647,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
 	    (r = sshbuf_put(state->output, output, olen)) != 0)
 		return r;
 
-	if (compat20) {
-		if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 ||
-		    (r = sshbuf_get_u64(m, &recv_bytes)) != 0)
-			return r;
-		roam_set_bytes(sent_bytes, recv_bytes);
-	}
 	if (sshbuf_len(m))
 		return SSH_ERR_INVALID_FORMAT;
 	debug3("%s: done", __func__);

packet.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.67 2015/12/11 03:24:25 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.68 2016/01/14 16:17:40 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -149,10 +149,6 @@ int	 ssh_packet_need_rekeying(struct ssh *);
 void	 ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t);
 time_t	 ssh_packet_get_rekey_timeout(struct ssh *);
 
-/* XXX FIXME */
-void	 ssh_packet_backup_state(struct ssh *, struct ssh *);
-void	 ssh_packet_restore_state(struct ssh *, struct ssh *);
-
 void	*ssh_packet_get_input(struct ssh *);
 void	*ssh_packet_get_output(struct ssh *);