mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-23 07:31:31 +00:00
Vendor import of OpenSSH 4.2p1.
This commit is contained in:
parent
4518870c72
commit
043840df5b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/openssh/dist/; revision=149749
@ -3,6 +3,7 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
|
||||
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
||||
Theo de Raadt, and Dug Song - Creators of OpenSSH
|
||||
|
||||
Ahsan Rashid <arms@sco.com> - UnixWare long passwords
|
||||
Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
|
||||
Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
|
||||
Andre Lucas <andre@ae-35.com> - new login code, many fixes
|
||||
@ -32,6 +33,7 @@ David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
|
||||
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
|
||||
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
|
||||
Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
|
||||
Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
|
||||
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
|
||||
Garrick James <garrick@james.net> - configure fixes
|
||||
Gary E. Miller <gem@rellim.com> - SCO support
|
||||
@ -98,5 +100,5 @@ Apologies to anyone I have missed.
|
||||
|
||||
Damien Miller <djm@mindrot.org>
|
||||
|
||||
$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $
|
||||
$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
|
||||
|
||||
|
@ -1,3 +1,496 @@
|
||||
20050901
|
||||
- (djm) Update RPM spec file versions
|
||||
|
||||
20050831
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/08/30 22:08:05
|
||||
[gss-serv.c sshconnect2.c]
|
||||
destroy credentials if krb5_kuserok() call fails. Stops credentials being
|
||||
delegated to users who are not authorised for GSSAPIAuthentication when
|
||||
GSSAPIDeletegateCredentials=yes and another authentication mechanism
|
||||
succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
|
||||
simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
|
||||
- markus@cvs.openbsd.org 2005/08/31 09:28:42
|
||||
[version.h]
|
||||
4.2
|
||||
- (dtucker) [README] Update release note URL to 4.2
|
||||
- (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
|
||||
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
|
||||
libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
|
||||
Feedback and OK dtucker@
|
||||
|
||||
20050830
|
||||
- (tim) [configure.ac] Back out last change. It needs to be done differently.
|
||||
|
||||
20050829
|
||||
- (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
|
||||
password support to 7.x for now.
|
||||
|
||||
20050826
|
||||
- (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
|
||||
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
|
||||
openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
|
||||
openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
|
||||
on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
|
||||
by tim@. Feedback and OK dtucker@
|
||||
|
||||
20050823
|
||||
- (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
|
||||
qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
|
||||
and "//foo" to be different. Spotted by vinschen at redhat.com.
|
||||
- (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements
|
||||
and OK dtucker@
|
||||
- (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@
|
||||
|
||||
20050821
|
||||
- (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
|
||||
LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@
|
||||
|
||||
20050816
|
||||
- (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE,
|
||||
from Jacob Nevins; ok dtucker@
|
||||
|
||||
20050815
|
||||
- (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
|
||||
- (tim) [configure.ac] corrections to libedit tests. Report and patches
|
||||
by skeleten AT shillest.net
|
||||
|
||||
20050812
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2005/07/28 17:36:22
|
||||
[packet.c]
|
||||
missing packet_init_compression(); from solar
|
||||
- djm@cvs.openbsd.org 2005/07/30 01:26:16
|
||||
[ssh.c]
|
||||
fix -D listen_host initialisation, so it picks up gateway_ports setting
|
||||
correctly
|
||||
- djm@cvs.openbsd.org 2005/07/30 02:03:47
|
||||
[readconf.c]
|
||||
listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
|
||||
- dtucker@cvs.openbsd.org 2005/08/06 10:03:12
|
||||
[servconf.c]
|
||||
Unbreak sshd ListenAddress for bare IPv6 addresses.
|
||||
Report from Janusz Mucka; ok djm@
|
||||
- jaredy@cvs.openbsd.org 2005/08/08 13:22:48
|
||||
[sftp.c]
|
||||
sftp prompt enhancements:
|
||||
- in non-interactive mode, do not print an empty prompt at the end
|
||||
before finishing
|
||||
- print newline after EOF in editline mode
|
||||
- call el_end() in editline mode
|
||||
ok dtucker djm
|
||||
|
||||
20050810
|
||||
- (dtucker) [configure.ac] Test libedit library and headers for compatibility.
|
||||
Report from skeleten AT shillest.net, ok djm@
|
||||
- (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
|
||||
Sync current (thread-safe) version of realpath.c from OpenBSD (which is
|
||||
in turn based on FreeBSD's). ok djm@
|
||||
|
||||
20050809
|
||||
- (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
|
||||
Report by skeleten AT shillest.net
|
||||
|
||||
20050803
|
||||
- (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
|
||||
individually and use a value less likely to collide with real values from
|
||||
netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@
|
||||
- (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
|
||||
latter is specified in the standard.
|
||||
|
||||
20050802
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2005/07/27 10:39:03
|
||||
[scp.c hostfile.c sftp-client.c]
|
||||
Silence bogus -Wuninitialized warnings; ok djm@
|
||||
- (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
|
||||
with gcc. ok djm@
|
||||
- (dtucker) [configure.ac] Add a --with-Werror option to configure for
|
||||
adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
|
||||
|
||||
20050726
|
||||
- (dtucker) [configure.ac] Update zlib warning message too, pointed out by
|
||||
tim@.
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- otto@cvs.openbsd.org 2005/07/19 15:32:26
|
||||
[auth-passwd.c]
|
||||
auth_usercheck(3) can return NULL, so check for that. Report from
|
||||
mpech@. ok markus@
|
||||
- markus@cvs.openbsd.org 2005/07/25 11:59:40
|
||||
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
|
||||
[sshconnect2.c sshd.c sshd_config sshd_config.5]
|
||||
add a new compression method that delays compression until the user
|
||||
has been authenticated successfully and set compression to 'delayed'
|
||||
for sshd.
|
||||
this breaks older openssh clients (< 3.5) if they insist on
|
||||
compression, so you have to re-enable compression in sshd_config.
|
||||
ok djm@
|
||||
|
||||
20050725
|
||||
- (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
|
||||
|
||||
20050717
|
||||
- OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/07/16 01:35:24
|
||||
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
|
||||
[sshconnect.c]
|
||||
spacing
|
||||
- (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
|
||||
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
|
||||
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
|
||||
- (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
|
||||
- djm@cvs.openbsd.org 2005/07/17 06:49:04
|
||||
[channels.c channels.h session.c session.h]
|
||||
Fix a number of X11 forwarding channel leaks:
|
||||
1. Refuse multiple X11 forwarding requests on the same session
|
||||
2. Clean up all listeners after a single_connection X11 forward, not just
|
||||
the one that made the single connection
|
||||
3. Destroy X11 listeners when the session owning them goes away
|
||||
testing and ok dtucker@
|
||||
- djm@cvs.openbsd.org 2005/07/17 07:17:55
|
||||
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
|
||||
[cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
|
||||
[serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
|
||||
[sshconnect.c sshconnect2.c]
|
||||
knf says that a 2nd level indent is four (not three or five) spaces
|
||||
-(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
|
||||
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
|
||||
- (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls
|
||||
|
||||
20050716
|
||||
- (dtucker) [auth-pam.c] Ensure that only one side of the authentication
|
||||
socketpair stays open on in both the monitor and PAM process. Patch from
|
||||
Joerg Sonnenberger.
|
||||
|
||||
20050714
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2005/07/06 09:33:05
|
||||
[ssh.1]
|
||||
clarify meaning of ssh -b ; with & ok jmc@
|
||||
- dtucker@cvs.openbsd.org 2005/07/08 09:26:18
|
||||
[misc.c]
|
||||
Make comment match code; ok djm@
|
||||
- markus@cvs.openbsd.org 2005/07/08 09:41:33
|
||||
[channels.h]
|
||||
race when efd gets closed while there is still buffered data:
|
||||
change CHANNEL_EFD_OUTPUT_ACTIVE()
|
||||
1) c->efd must always be valid AND
|
||||
2a) no EOF has been seen OR
|
||||
2b) there is buffered data
|
||||
report, initial fix and testing Chuck Cranor
|
||||
- dtucker@cvs.openbsd.org 2005/07/08 10:20:41
|
||||
[ssh_config.5]
|
||||
change BindAddress to match recent ssh -b change; prompted by markus@
|
||||
- jmc@cvs.openbsd.org 2005/07/08 12:53:10
|
||||
[ssh_config.5]
|
||||
new sentence, new line;
|
||||
- dtucker@cvs.openbsd.org 2005/07/14 04:00:43
|
||||
[misc.h]
|
||||
use __sentinel__ attribute; ok deraadt@ djm@ markus@
|
||||
- (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
|
||||
compiler doesn't understand it to prevent warnings. If any mainstream
|
||||
compiler versions acquire it we can test for those versions. Based on
|
||||
discussion with djm@.
|
||||
|
||||
20050707
|
||||
- dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for
|
||||
the MIT Kerberos code path into a common function and expand mkstemp
|
||||
template to be consistent with the rest of OpenSSH. From sxw at
|
||||
inf.ed.ac.uk, ok djm@
|
||||
- (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
|
||||
in the case where the buffer is insufficient, so always return ENOMEM.
|
||||
Also pointed out by sxw at inf.ed.ac.uk.
|
||||
- (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
|
||||
calls to krb5_init_ets, which has not been required since krb-1.1.x and
|
||||
most Kerberos versions no longer export in their public API. From sxw
|
||||
at inf.ed.ac.uk, ok djm@
|
||||
|
||||
20050706
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2005/07/01 13:19:47
|
||||
[channels.c]
|
||||
don't free() if getaddrinfo() fails; report mpech@
|
||||
- djm@cvs.openbsd.org 2005/07/04 00:58:43
|
||||
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
|
||||
implement support for X11 and agent forwarding over multiplex slave
|
||||
connections. Because of protocol limitations, the slave connections inherit
|
||||
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
|
||||
their own.
|
||||
ok dtucker@ "put it in" deraadt@
|
||||
- jmc@cvs.openbsd.org 2005/07/04 11:29:51
|
||||
[ssh_config.5]
|
||||
fix Xr and a little grammar;
|
||||
- markus@cvs.openbsd.org 2005/07/04 14:04:11
|
||||
[channels.c]
|
||||
don't forget to set x11_saved_display
|
||||
|
||||
20050626
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/06/17 22:53:47
|
||||
[ssh.c sshconnect.c]
|
||||
Fix ControlPath's %p expanding to "0" for a default port,
|
||||
spotted dwmw2 AT infradead.org; ok markus@
|
||||
- djm@cvs.openbsd.org 2005/06/18 04:30:36
|
||||
[ssh.c ssh_config.5]
|
||||
allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
|
||||
- djm@cvs.openbsd.org 2005/06/25 22:47:49
|
||||
[ssh.c]
|
||||
do the default port filling code a few lines earlier, so it really
|
||||
does fix %p
|
||||
|
||||
20050618
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/05/20 12:57:01;
|
||||
[auth1.c] split protocol 1 auth methods into separate functions, makes
|
||||
authloop much more readable; fixes and ok markus@ (portable ok &
|
||||
polish dtucker@)
|
||||
- djm@cvs.openbsd.org 2005/06/17 02:44:33
|
||||
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
|
||||
- (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable,
|
||||
tested and fixes tim@
|
||||
|
||||
20050617
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/06/16 03:38:36
|
||||
[channels.c channels.h clientloop.c clientloop.h ssh.c]
|
||||
move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
|
||||
easier later; ok deraadt@
|
||||
- markus@cvs.openbsd.org 2005/06/16 08:00:00
|
||||
[canohost.c channels.c sshd.c]
|
||||
don't exit if getpeername fails for forwarded ports; bugzilla #1054;
|
||||
ok djm
|
||||
- djm@cvs.openbsd.org 2005/06/17 02:44:33
|
||||
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
|
||||
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
|
||||
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
|
||||
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
|
||||
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
|
||||
make this -Wsign-compare clean; ok avsm@ markus@
|
||||
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
|
||||
NB2. more work may be needed to make portable Wsign-compare clean
|
||||
- (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
|
||||
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
|
||||
it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
|
||||
and ok tim@
|
||||
|
||||
20050616
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- jaredy@cvs.openbsd.org 2005/06/07 13:25:23
|
||||
[progressmeter.c]
|
||||
catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
|
||||
- djm@cvs.openbsd.org 2005/06/06 11:20:36
|
||||
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
|
||||
introduce a generic %foo expansion function. replace existing % expansion
|
||||
and add expansion to ControlPath; ok markus@
|
||||
- djm@cvs.openbsd.org 2005/06/08 03:50:00
|
||||
[ssh-keygen.1 ssh-keygen.c sshd.8]
|
||||
increase default rsa/dsa key length from 1024 to 2048 bits;
|
||||
ok markus@ deraadt@
|
||||
- djm@cvs.openbsd.org 2005/06/08 11:25:09
|
||||
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
|
||||
add ControlMaster=auto/autoask options to support opportunistic
|
||||
multiplexing; tested avsm@ and jakob@, ok markus@
|
||||
- dtucker@cvs.openbsd.org 2005/06/09 13:43:49
|
||||
[cipher.c]
|
||||
Correctly initialize end of array sentinel; ok djm@
|
||||
(Id sync only, change already in portable)
|
||||
|
||||
20050609
|
||||
- (dtucker) [cipher.c openbsd-compat/Makefile.in
|
||||
openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}]
|
||||
Move compatibility code for supporting older OpenSSL versions to the
|
||||
compat layer. Suggested by and "no objection" djm@
|
||||
|
||||
20050607
|
||||
- (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
|
||||
in today's episode we attempt to coax it from limits.h where it may be
|
||||
hiding, failing that we take the DIY approach. Tested by tim@
|
||||
|
||||
20050603
|
||||
- (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
|
||||
defined, and check that it helps before keeping it in CFLAGS. Some old
|
||||
gcc's don't set an error code when encountering an unknown value in -std.
|
||||
Found and tested by tim@.
|
||||
- (dtucker) [configure.ac] Point configure's reporting address at the
|
||||
openssh-unix-dev list. ok tim@ djm@
|
||||
|
||||
20050602
|
||||
- (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
|
||||
Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
|
||||
to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
|
||||
must be run on all platforms) Add missing ;; to case statement. OK dtucker@
|
||||
|
||||
20050601
|
||||
- (dtucker) [configure.ac] Look for _getshort and _getlong in
|
||||
arpa/nameser.h.
|
||||
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c]
|
||||
Add strtoll to the compat library, from OpenBSD.
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- avsm@cvs.openbsd.org 2005/05/26 02:08:05
|
||||
[scp.c]
|
||||
If copying multiple files to a target file (which normally fails, as it
|
||||
must be a target directory), kill the spawned ssh child before exiting.
|
||||
This stops it trying to authenticate and spewing lots of output.
|
||||
deraadt@ ok
|
||||
- dtucker@cvs.openbsd.org 2005/05/26 09:08:12
|
||||
[ssh-keygen.c]
|
||||
uint32_t -> u_int32_t for consistency; ok djm@
|
||||
- djm@cvs.openbsd.org 2005/05/27 08:30:37
|
||||
[ssh.c]
|
||||
fix -O for cases where no ControlPath has been specified or socket at
|
||||
ControlPath is not contactable; spotted by and ok avsm@
|
||||
- (tim) [config.guess config.sub] Update to '2005-05-27' version.
|
||||
- (tim) [configure.ac] set TEST_SHELL for OpenServer 6
|
||||
|
||||
20050531
|
||||
- (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at
|
||||
vintela.com.
|
||||
- (dtucker) [mdoc2man.awk] Teach it to understand .Ox.
|
||||
|
||||
20050530
|
||||
- (dtucker) [README] Link to new release notes. Beter late than never...
|
||||
|
||||
20050529
|
||||
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
|
||||
argument to passwdexpired to be initialized to NULL. Suggested by tim@
|
||||
While at it, initialize the other arguments to auth functions in case they
|
||||
ever acquire this behaviour.
|
||||
- (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there.
|
||||
- (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
|
||||
spotted by tim@.
|
||||
|
||||
20050528
|
||||
- (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have
|
||||
one entry per line to make it easier to merge changes. ok djm@
|
||||
- (dtucker) [configure.ac] strsep() may be defined in string.h, so check
|
||||
for its presence and include it in the strsep check.
|
||||
- (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for
|
||||
its presence before doing AC_FUNC_GETPGRP.
|
||||
- (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor
|
||||
version-specific variations as required.
|
||||
- (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as
|
||||
per the autoconf man page. Configure should always define them but it
|
||||
doesn't hurt to check.
|
||||
|
||||
20050527
|
||||
- (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by
|
||||
David Leach; ok dtucker@
|
||||
- (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c
|
||||
openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo.
|
||||
Required changes from Bernhard Simon, integrated by me. ok djm@
|
||||
|
||||
20050525
|
||||
- (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not
|
||||
been used for a while
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- otto@cvs.openbsd.org 2005/04/05 13:45:31
|
||||
[ssh-keygen.c]
|
||||
- djm@cvs.openbsd.org 2005/04/06 09:43:59
|
||||
[sshd.c]
|
||||
avoid harmless logspam by not performing setsockopt() on non-socket;
|
||||
ok markus@
|
||||
- dtucker@cvs.openbsd.org 2005/04/06 12:26:06
|
||||
[ssh.c]
|
||||
Fix debug call for port forwards; patch from pete at seebeyond.com,
|
||||
ok djm@ (ID sync only - change already in portable)
|
||||
- djm@cvs.openbsd.org 2005/04/09 04:32:54
|
||||
[misc.c misc.h tildexpand.c Makefile.in]
|
||||
replace tilde_expand_filename with a simpler implementation, ahead of
|
||||
more whacking; ok deraadt@
|
||||
- jmc@cvs.openbsd.org 2005/04/14 12:30:30
|
||||
[ssh.1]
|
||||
arg to -b is an address, not if_name;
|
||||
ok markus@
|
||||
- jakob@cvs.openbsd.org 2005/04/20 10:05:45
|
||||
[dns.c]
|
||||
do not try to look up SSHFP for numerical hostname. ok djm@
|
||||
- djm@cvs.openbsd.org 2005/04/21 06:17:50
|
||||
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
|
||||
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
|
||||
variable, so don't say that we do (bz #623); ok deraadt@
|
||||
- djm@cvs.openbsd.org 2005/04/21 11:47:19
|
||||
[ssh.c]
|
||||
don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
|
||||
ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
|
||||
- dtucker@cvs.openbsd.org 2005/04/23 23:43:47
|
||||
[readpass.c]
|
||||
Add debug message if read_passphrase can't open /dev/tty; bz #471;
|
||||
ok djm@
|
||||
- jmc@cvs.openbsd.org 2005/04/26 12:59:02
|
||||
[sftp-client.h]
|
||||
spelling correction in comment from wiz@netbsd;
|
||||
- jakob@cvs.openbsd.org 2005/04/26 13:08:37
|
||||
[ssh.c ssh_config.5]
|
||||
fallback gracefully if client cannot connect to ControlPath. ok djm@
|
||||
- moritz@cvs.openbsd.org 2005/04/28 10:17:56
|
||||
[progressmeter.c ssh-keyscan.c]
|
||||
add snprintf checks. ok djm@ markus@
|
||||
- markus@cvs.openbsd.org 2005/05/02 21:13:22
|
||||
[readpass.c]
|
||||
missing {}
|
||||
- djm@cvs.openbsd.org 2005/05/10 10:28:11
|
||||
[ssh.c]
|
||||
print nice error message for EADDRINUSE as well (ID sync only)
|
||||
- djm@cvs.openbsd.org 2005/05/10 10:30:43
|
||||
[ssh.c]
|
||||
report real errors on fallback from ControlMaster=no to normal connect
|
||||
- markus@cvs.openbsd.org 2005/05/16 15:30:51
|
||||
[readconf.c servconf.c]
|
||||
check return value from strdelim() for NULL (AddressFamily); mpech
|
||||
- djm@cvs.openbsd.org 2005/05/19 02:39:55
|
||||
[sshd_config.5]
|
||||
sort config options, from grunk AT pestilenz.org; ok jmc@
|
||||
- djm@cvs.openbsd.org 2005/05/19 02:40:52
|
||||
[sshd_config]
|
||||
whitespace nit, from grunk AT pestilenz.org
|
||||
- djm@cvs.openbsd.org 2005/05/19 02:42:26
|
||||
[includes.h]
|
||||
fix cast, from grunk AT pestilenz.org
|
||||
- djm@cvs.openbsd.org 2005/05/20 10:50:55
|
||||
[ssh_config.5]
|
||||
give a ProxyCommand example using nc(1), with and ok jmc@
|
||||
- jmc@cvs.openbsd.org 2005/05/20 11:23:32
|
||||
[ssh_config.5]
|
||||
oops - article and spacing;
|
||||
- avsm@cvs.openbsd.org 2005/05/23 22:44:01
|
||||
[moduli.c ssh-keygen.c]
|
||||
- removes signed/unsigned comparisons in moduli generation
|
||||
- use strtonum instead of atoi where its easier
|
||||
- check some strlcpy overflow and fatal instead of truncate
|
||||
- djm@cvs.openbsd.org 2005/05/23 23:32:46
|
||||
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
|
||||
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
|
||||
ok markus@
|
||||
- avsm@cvs.openbsd.org 2005/05/24 02:05:09
|
||||
[ssh-keygen.c]
|
||||
some style nits from dmiller@, and use a fatal() instead of a printf()/exit
|
||||
- avsm@cvs.openbsd.org 2005/05/24 17:32:44
|
||||
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
|
||||
[ssh-keyscan.c sshconnect.c]
|
||||
Switch atomicio to use a simpler interface; it now returns a size_t
|
||||
(containing number of bytes read/written), and indicates error by
|
||||
returning 0. EOF is signalled by errno==EPIPE.
|
||||
Typical use now becomes:
|
||||
|
||||
if (atomicio(read, ..., len) != len)
|
||||
err(1,"read");
|
||||
|
||||
ok deraadt@, cloder@, djm@
|
||||
- (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on
|
||||
Cygwin.
|
||||
- (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
|
||||
warning: dereferencing type-punned pointer will break strict-aliasing rules
|
||||
warning: passing arg 3 of `pam_get_item' from incompatible pointer type
|
||||
The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
|
||||
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide
|
||||
templates for _getshort and _getlong if missing to prevent compiler warnings
|
||||
on Linux.
|
||||
- (djm) [configure.ac openbsd-compat/Makefile.in]
|
||||
[openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
|
||||
Add strtonum(3) from OpenBSD libc, new code needs it.
|
||||
Unfortunately Linux forces us to do a bizarre dance with compiler
|
||||
options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
|
||||
|
||||
20050524
|
||||
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
||||
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
|
||||
@ -9,7 +502,7 @@
|
||||
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
|
||||
allocation when retrieving core Windows environment. Add CYGWIN variable
|
||||
to propagated variables. Patch from vinschen at redhat.com, ok djm@
|
||||
- (djm) Release 4.1p1
|
||||
- Release 4.1p1
|
||||
|
||||
20050524
|
||||
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
|
||||
@ -2496,4 +2989,4 @@
|
||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $
|
||||
$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $
|
||||
|
@ -204,6 +204,7 @@ OpenSSH contains no GPL code.
|
||||
William Jones
|
||||
Darren Tucker
|
||||
Sun Microsystems
|
||||
The SCO Group
|
||||
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -255,6 +256,7 @@ OpenSSH contains no GPL code.
|
||||
Damien Miller
|
||||
Eric P. Allman
|
||||
The Regents of the University of California
|
||||
Constantin S. Svintsoff
|
||||
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $
|
||||
# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $
|
||||
|
||||
# uncomment if you run a non bourne compatable shell. Ie. csh
|
||||
#SHELL = @SH@
|
||||
@ -66,8 +66,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
|
||||
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
||||
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
|
||||
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
||||
log.o match.o moduli.o mpaux.o nchan.o packet.o \
|
||||
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
|
||||
log.o match.o moduli.o nchan.o packet.o \
|
||||
readpass.o rsa.o ttymodes.o xmalloc.o \
|
||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
|
||||
@ -190,7 +190,7 @@ ssh_prng_cmds.out: ssh_prng_cmds
|
||||
$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
|
||||
fi
|
||||
|
||||
# fake rule to stop make trying to compile moduli.o into a binary "modulo"
|
||||
# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
|
||||
moduli:
|
||||
echo
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
See http://www.openssh.com/txt/release-4.0 for the release notes.
|
||||
See http://www.openssh.com/txt/release-4.2 for the release notes.
|
||||
|
||||
- A Japanese translation of this document and of the OpenSSH FAQ is
|
||||
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
||||
@ -56,9 +56,10 @@ References -
|
||||
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
|
||||
[3] http://www.gzip.org/zlib/
|
||||
[4] http://www.openssl.org/
|
||||
[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris
|
||||
and HP-UX 11)
|
||||
[5] http://www.openpam.org
|
||||
http://www.kernel.org/pub/linux/libs/pam/
|
||||
(PAM also is standard on Solaris and HP-UX 11)
|
||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||
[7] http://www.openssh.com/faq.html
|
||||
|
||||
$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $
|
||||
$Id: README,v 1.60 2005/08/31 14:05:57 dtucker Exp $
|
||||
|
@ -38,8 +38,8 @@ privsep user and chroot directory:
|
||||
Privsep requires operating system support for file descriptor passing.
|
||||
Compression will be disabled on systems without a working mmap MAP_ANON.
|
||||
|
||||
PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX
|
||||
(including Trusted Mode), Linux and Solaris.
|
||||
PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD,
|
||||
HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
|
||||
|
||||
On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
|
||||
part of privsep is supported. Post-authentication privsep is disabled
|
||||
@ -60,4 +60,4 @@ process 1005 is the sshd process listening for new connections.
|
||||
process 6917 is the privileged monitor process, 6919 is the user owned
|
||||
sshd process and 6921 is the shell process.
|
||||
|
||||
$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $
|
||||
$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $
|
||||
|
@ -57,7 +57,7 @@ disproportionate time to execute.
|
||||
|
||||
Tuning the random helper can be done by running ./ssh-random-helper in
|
||||
very verbose mode ("-vvv") and identifying the commands that are taking
|
||||
accessive amounts of time or hanging altogher. Any problem commands can
|
||||
excessive amounts of time or hanging altogher. Any problem commands can
|
||||
be modified or removed from ssh_prng_cmds.
|
||||
|
||||
The default entropy collector will timeout programs which take too long
|
||||
@ -92,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading
|
||||
prngd/egd and configure OpenSSH using --with-prngd-port=xx or
|
||||
--with-prngd-socket=xx (refer to INSTALL for more information).
|
||||
|
||||
$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $
|
||||
$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */
|
||||
/* $Id: acconfig.h,v 1.183 2005/07/07 10:33:36 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
|
||||
@ -119,9 +119,6 @@
|
||||
/* Define if you are on NeXT */
|
||||
#undef HAVE_NEXT
|
||||
|
||||
/* Define if you are on NEWS-OS */
|
||||
#undef HAVE_NEWS4
|
||||
|
||||
/* Define if you want to enable PAM support */
|
||||
#undef USE_PAM
|
||||
|
||||
@ -205,9 +202,6 @@
|
||||
/* Define if you don't want to use lastlog in session.c */
|
||||
#undef NO_SSH_LASTLOG
|
||||
|
||||
/* Define if have krb5_init_ets */
|
||||
#undef KRB5_INIT_ETS
|
||||
|
||||
/* Define if you don't want to use utmp */
|
||||
#undef DISABLE_UTMP
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */
|
||||
/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2004 The OpenBSD project
|
||||
*
|
||||
@ -24,37 +24,37 @@
|
||||
|
||||
/* decryption sbox */
|
||||
static unsigned char sboxdec[] = {
|
||||
0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
|
||||
0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
|
||||
0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
|
||||
0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
|
||||
0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
|
||||
0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
|
||||
0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
|
||||
0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
|
||||
0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
|
||||
0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
|
||||
0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
|
||||
0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
|
||||
0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
|
||||
0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
|
||||
0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
|
||||
0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
|
||||
0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
|
||||
0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
|
||||
0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
|
||||
0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
|
||||
0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
|
||||
0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
|
||||
0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
|
||||
0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
|
||||
0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
|
||||
0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
|
||||
0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
|
||||
0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
|
||||
0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
|
||||
0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
|
||||
0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
|
||||
0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
|
||||
0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
|
||||
0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
|
||||
0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
|
||||
0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
|
||||
0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
|
||||
0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
|
||||
0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
|
||||
0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
|
||||
0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
|
||||
0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
|
||||
0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
|
||||
0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
|
||||
0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
|
||||
0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
|
||||
0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
|
||||
0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
|
||||
0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
|
||||
0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
|
||||
0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
|
||||
0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
|
||||
0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
|
||||
0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
|
||||
0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
|
||||
0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
|
||||
0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
|
||||
0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
|
||||
0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
|
||||
0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
|
||||
0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
|
||||
0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
|
||||
0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
|
||||
};
|
||||
|
||||
@ -95,38 +95,38 @@ static unsigned char sboxenc[] = {
|
||||
};
|
||||
|
||||
static unsigned char reverse[] = {
|
||||
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
|
||||
0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
|
||||
0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
|
||||
0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
|
||||
0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
|
||||
0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
|
||||
0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
|
||||
0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
|
||||
0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
|
||||
0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
|
||||
0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
|
||||
0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
|
||||
0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
|
||||
0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
|
||||
0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
|
||||
0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
|
||||
0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
|
||||
0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
|
||||
0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
|
||||
0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
|
||||
0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
|
||||
0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
|
||||
0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
|
||||
0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
|
||||
0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
|
||||
0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
|
||||
0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
|
||||
0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
|
||||
0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
|
||||
0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
|
||||
0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
|
||||
0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
|
||||
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
|
||||
0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
|
||||
0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
|
||||
0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
|
||||
0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
|
||||
0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
|
||||
0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
|
||||
0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
|
||||
0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
|
||||
0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
|
||||
0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
|
||||
0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
|
||||
0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
|
||||
0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
|
||||
0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
|
||||
0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
|
||||
0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
|
||||
0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
|
||||
0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
|
||||
0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
|
||||
0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
|
||||
0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
|
||||
0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
|
||||
0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
|
||||
0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
|
||||
0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
|
||||
0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
|
||||
0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
|
||||
0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
|
||||
0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
|
||||
0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
|
||||
0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -24,14 +25,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: atomicio.c,v 1.12 2003/07/31 15:50:16 avsm Exp $");
|
||||
RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include "atomicio.h"
|
||||
|
||||
/*
|
||||
* ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
ssize_t
|
||||
size_t
|
||||
atomicio(f, fd, _s, n)
|
||||
ssize_t (*f) (int, void *, size_t);
|
||||
int fd;
|
||||
@ -39,7 +40,8 @@ atomicio(f, fd, _s, n)
|
||||
size_t n;
|
||||
{
|
||||
char *s = _s;
|
||||
ssize_t res, pos = 0;
|
||||
size_t pos = 0;
|
||||
ssize_t res;
|
||||
|
||||
while (n > pos) {
|
||||
res = (f) (fd, s + pos, n - pos);
|
||||
@ -51,10 +53,12 @@ atomicio(f, fd, _s, n)
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
#endif
|
||||
continue;
|
||||
return 0;
|
||||
case 0:
|
||||
return (res);
|
||||
errno = EPIPE;
|
||||
return pos;
|
||||
default:
|
||||
pos += res;
|
||||
pos += (u_int)res;
|
||||
}
|
||||
}
|
||||
return (pos);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: atomicio.h,v 1.5 2003/06/28 16:23:06 deraadt Exp $ */
|
||||
/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
@ -28,6 +28,6 @@
|
||||
/*
|
||||
* Ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
ssize_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
|
||||
size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
|
||||
|
||||
#define vwrite (ssize_t (*)(int, void *, size_t))write
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
|
||||
/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
|
||||
@ -120,7 +120,7 @@ void
|
||||
audit_connection_from(const char *host, int port)
|
||||
{
|
||||
debug("audit connection from %s port %d euid %d", host, port,
|
||||
(int)geteuid());
|
||||
(int)geteuid());
|
||||
}
|
||||
|
||||
/*
|
||||
@ -147,7 +147,7 @@ audit_session_open(const char *ttyn)
|
||||
const char *t = ttyn ? ttyn : "(no tty)";
|
||||
|
||||
debug("audit session open euid %d user %s tty name %s", geteuid(),
|
||||
audit_username(), t);
|
||||
audit_username(), t);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -163,7 +163,7 @@ audit_session_close(const char *ttyn)
|
||||
const char *t = ttyn ? ttyn : "(no tty)";
|
||||
|
||||
debug("audit session close euid %d user %s tty name %s", geteuid(),
|
||||
audit_username(), t);
|
||||
audit_username(), t);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -54,9 +54,6 @@ krb5_init(void *context)
|
||||
problem = krb5_init_context(&authctxt->krb5_ctx);
|
||||
if (problem)
|
||||
return (problem);
|
||||
#ifdef KRB5_INIT_ETS
|
||||
krb5_init_ets(authctxt->krb5_ctx);
|
||||
#endif
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
@ -67,9 +64,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
||||
#ifndef HEIMDAL
|
||||
krb5_creds creds;
|
||||
krb5_principal server;
|
||||
char ccname[40];
|
||||
int tmpfd;
|
||||
mode_t old_umask;
|
||||
#endif
|
||||
krb5_error_code problem;
|
||||
krb5_ccache ccache = NULL;
|
||||
@ -146,26 +140,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
||||
goto out;
|
||||
}
|
||||
|
||||
snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
|
||||
|
||||
old_umask = umask(0177);
|
||||
tmpfd = mkstemp(ccname + strlen("FILE:"));
|
||||
umask(old_umask);
|
||||
if (tmpfd == -1) {
|
||||
logit("mkstemp(): %.100s", strerror(errno));
|
||||
problem = errno;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
|
||||
logit("fchmod(): %.100s", strerror(errno));
|
||||
close(tmpfd);
|
||||
problem = errno;
|
||||
goto out;
|
||||
}
|
||||
close(tmpfd);
|
||||
|
||||
problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache);
|
||||
problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
@ -234,4 +209,34 @@ krb5_cleanup_proc(Authctxt *authctxt)
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef HEIMDAL
|
||||
krb5_error_code
|
||||
ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
|
||||
int tmpfd, ret;
|
||||
char ccname[40];
|
||||
mode_t old_umask;
|
||||
|
||||
ret = snprintf(ccname, sizeof(ccname),
|
||||
"FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
|
||||
if (ret == -1 || ret >= sizeof(ccname))
|
||||
return ENOMEM;
|
||||
|
||||
old_umask = umask(0177);
|
||||
tmpfd = mkstemp(ccname + strlen("FILE:"));
|
||||
umask(old_umask);
|
||||
if (tmpfd == -1) {
|
||||
logit("mkstemp(): %.100s", strerror(errno));
|
||||
return errno;
|
||||
}
|
||||
|
||||
if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
|
||||
logit("fchmod(): %.100s", strerror(errno));
|
||||
close(tmpfd);
|
||||
return errno;
|
||||
}
|
||||
close(tmpfd);
|
||||
|
||||
return (krb5_cc_resolve(ctx, ccname, ccache));
|
||||
}
|
||||
#endif /* !HEIMDAL */
|
||||
#endif /* KRB5 */
|
||||
|
@ -47,7 +47,7 @@
|
||||
|
||||
/* Based on $FreeBSD$ */
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $");
|
||||
RCSID("$Id: auth-pam.c,v 1.126 2005/07/17 07:18:50 djm Exp $");
|
||||
|
||||
#ifdef USE_PAM
|
||||
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
||||
@ -56,6 +56,13 @@ RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $");
|
||||
#include <pam/pam_appl.h>
|
||||
#endif
|
||||
|
||||
/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
|
||||
#ifdef PAM_SUN_CODEBASE
|
||||
# define sshpam_const /* Solaris, HP-UX, AIX */
|
||||
#else
|
||||
# define sshpam_const const /* LinuxPAM, OpenPAM */
|
||||
#endif
|
||||
|
||||
#include "auth.h"
|
||||
#include "auth-pam.h"
|
||||
#include "buffer.h"
|
||||
@ -116,14 +123,14 @@ static struct pam_ctxt *cleanup_ctxt;
|
||||
static int sshpam_thread_status = -1;
|
||||
static mysig_t sshpam_oldsig;
|
||||
|
||||
static void
|
||||
static void
|
||||
sshpam_sigchld_handler(int sig)
|
||||
{
|
||||
signal(SIGCHLD, SIG_DFL);
|
||||
if (cleanup_ctxt == NULL)
|
||||
return; /* handler called after PAM cleanup, shouldn't happen */
|
||||
if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
|
||||
<= 0) {
|
||||
<= 0) {
|
||||
/* PAM thread has not exitted, privsep slave must have */
|
||||
kill(cleanup_ctxt->pam_thread, SIGTERM);
|
||||
if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
|
||||
@ -150,6 +157,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
|
||||
void *(*thread_start)(void *), void *arg)
|
||||
{
|
||||
pid_t pid;
|
||||
struct pam_ctxt *ctx = arg;
|
||||
|
||||
sshpam_thread_status = -1;
|
||||
switch ((pid = fork())) {
|
||||
@ -157,10 +165,14 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
|
||||
error("fork(): %s", strerror(errno));
|
||||
return (-1);
|
||||
case 0:
|
||||
close(ctx->pam_psock);
|
||||
ctx->pam_psock = -1;
|
||||
thread_start(arg);
|
||||
_exit(1);
|
||||
default:
|
||||
*thread = pid;
|
||||
close(ctx->pam_csock);
|
||||
ctx->pam_csock = -1;
|
||||
sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
|
||||
return (0);
|
||||
}
|
||||
@ -300,7 +312,7 @@ import_environments(Buffer *b)
|
||||
* Conversation function for authentication thread.
|
||||
*/
|
||||
static int
|
||||
sshpam_thread_conv(int n, struct pam_message **msg,
|
||||
sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
|
||||
struct pam_response **resp, void *data)
|
||||
{
|
||||
Buffer buffer;
|
||||
@ -399,8 +411,10 @@ sshpam_thread(void *ctxtp)
|
||||
char **env_from_pam;
|
||||
u_int i;
|
||||
const char *pam_user;
|
||||
const char **ptr_pam_user = &pam_user;
|
||||
|
||||
pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user);
|
||||
pam_get_item(sshpam_handle, PAM_USER,
|
||||
(sshpam_const void **)ptr_pam_user);
|
||||
environ[0] = NULL;
|
||||
|
||||
if (sshpam_authctxt != NULL) {
|
||||
@ -492,7 +506,7 @@ sshpam_thread_cleanup(void)
|
||||
}
|
||||
|
||||
static int
|
||||
sshpam_null_conv(int n, struct pam_message **msg,
|
||||
sshpam_null_conv(int n, sshpam_const struct pam_message **msg,
|
||||
struct pam_response **resp, void *data)
|
||||
{
|
||||
debug3("PAM: %s entering, %d messages", __func__, n);
|
||||
@ -502,7 +516,7 @@ sshpam_null_conv(int n, struct pam_message **msg,
|
||||
static struct pam_conv null_conv = { sshpam_null_conv, NULL };
|
||||
|
||||
static int
|
||||
sshpam_store_conv(int n, struct pam_message **msg,
|
||||
sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
|
||||
struct pam_response **resp, void *data)
|
||||
{
|
||||
struct pam_response *reply;
|
||||
@ -571,11 +585,12 @@ sshpam_init(Authctxt *authctxt)
|
||||
{
|
||||
extern char *__progname;
|
||||
const char *pam_rhost, *pam_user, *user = authctxt->user;
|
||||
const char **ptr_pam_user = &pam_user;
|
||||
|
||||
if (sshpam_handle != NULL) {
|
||||
/* We already have a PAM context; check if the user matches */
|
||||
sshpam_err = pam_get_item(sshpam_handle,
|
||||
PAM_USER, (void **)&pam_user);
|
||||
PAM_USER, (sshpam_const void **)ptr_pam_user);
|
||||
if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
|
||||
return (0);
|
||||
pam_end(sshpam_handle, sshpam_err);
|
||||
@ -765,7 +780,7 @@ sshpam_respond(void *ctx, u_int num, char **resp)
|
||||
buffer_init(&buffer);
|
||||
if (sshpam_authctxt->valid &&
|
||||
(sshpam_authctxt->pw->pw_uid != 0 ||
|
||||
options.permit_root_login == PERMIT_YES))
|
||||
options.permit_root_login == PERMIT_YES))
|
||||
buffer_put_cstring(&buffer, *resp);
|
||||
else
|
||||
buffer_put_cstring(&buffer, badpw);
|
||||
@ -838,7 +853,7 @@ do_pam_account(void)
|
||||
sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
|
||||
debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,
|
||||
pam_strerror(sshpam_handle, sshpam_err));
|
||||
|
||||
|
||||
if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
|
||||
sshpam_account_status = 0;
|
||||
return (sshpam_account_status);
|
||||
@ -891,7 +906,7 @@ do_pam_setcred(int init)
|
||||
}
|
||||
|
||||
static int
|
||||
sshpam_tty_conv(int n, struct pam_message **msg,
|
||||
sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
|
||||
struct pam_response **resp, void *data)
|
||||
{
|
||||
char input[PAM_MAX_MSG_SIZE];
|
||||
@ -1050,7 +1065,7 @@ free_pam_environment(char **env)
|
||||
* display.
|
||||
*/
|
||||
static int
|
||||
sshpam_passwd_conv(int n, struct pam_message **msg,
|
||||
sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
|
||||
struct pam_response **resp, void *data)
|
||||
{
|
||||
struct pam_response *reply;
|
||||
@ -1096,7 +1111,7 @@ sshpam_passwd_conv(int n, struct pam_message **msg,
|
||||
*resp = reply;
|
||||
return (PAM_SUCCESS);
|
||||
|
||||
fail:
|
||||
fail:
|
||||
for(i = 0; i < n; i++) {
|
||||
if (reply[i].resp != NULL)
|
||||
xfree(reply[i].resp);
|
||||
@ -1129,7 +1144,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
* information via timing (eg if the PAM config has a delay on fail).
|
||||
*/
|
||||
if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
|
||||
options.permit_root_login != PERMIT_YES))
|
||||
options.permit_root_login != PERMIT_YES))
|
||||
sshpam_password = badpw;
|
||||
|
||||
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
|
||||
@ -1143,7 +1158,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
|
||||
debug("PAM: password authentication accepted for %.100s",
|
||||
authctxt->user);
|
||||
return 1;
|
||||
return 1;
|
||||
} else {
|
||||
debug("PAM: password authentication failed for %.100s: %s",
|
||||
authctxt->valid ? authctxt->user : "an illegal user",
|
||||
|
@ -36,7 +36,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $");
|
||||
RCSID("$OpenBSD: auth-passwd.c,v 1.34 2005/07/19 15:32:26 otto Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
@ -163,6 +163,8 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
|
||||
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
|
||||
(char *)password);
|
||||
if (as == NULL)
|
||||
return (0);
|
||||
if (auth_getstate(as) & AUTH_PWEXPIRED) {
|
||||
auth_close(as);
|
||||
disable_forwarding();
|
||||
|
@ -13,7 +13,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $");
|
||||
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.38 2005/07/17 07:17:54 djm Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "uidswap.h"
|
||||
@ -86,7 +86,7 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
|
||||
*/
|
||||
|
||||
verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
|
||||
pw->pw_name, cuser, chost);
|
||||
pw->pw_name, cuser, chost);
|
||||
packet_send_debug("Rhosts with RSA host authentication accepted.");
|
||||
return 1;
|
||||
}
|
||||
|
@ -14,7 +14,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "uidswap.h"
|
||||
@ -133,7 +133,7 @@ check_rhosts_file(const char *filename, const char *hostname,
|
||||
/* If the entry was negated, deny access. */
|
||||
if (negated) {
|
||||
auth_debug_add("Matched negative entry in %.100s.",
|
||||
filename);
|
||||
filename);
|
||||
return 0;
|
||||
}
|
||||
/* Accept authentication. */
|
||||
|
@ -14,7 +14,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $");
|
||||
RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/md5.h>
|
||||
@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
|
||||
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
|
||||
char *cp;
|
||||
char *key_options;
|
||||
int keybits;
|
||||
|
||||
/* Skip leading whitespace, empty and comment lines. */
|
||||
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
|
||||
@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
|
||||
continue;
|
||||
|
||||
/* check the real bits */
|
||||
if (bits != BN_num_bits(key->rsa->n))
|
||||
keybits = BN_num_bits(key->rsa->n);
|
||||
if (keybits < 0 || bits != (u_int)keybits)
|
||||
logit("Warning: %s, line %lu: keysize mismatch: "
|
||||
"actual %d vs. announced %d.",
|
||||
file, linenum, BN_num_bits(key->rsa->n), bits);
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $");
|
||||
RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $");
|
||||
|
||||
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
#include <shadow.h>
|
||||
@ -101,7 +101,7 @@ auth_shadow_pwexpired(Authctxt *ctxt)
|
||||
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
|
||||
if (iscomsec()) {
|
||||
struct pr_passwd *pr;
|
||||
|
||||
|
||||
pr = getprpwnam((char *)user);
|
||||
|
||||
/* Test for Trusted Mode expiry disabled */
|
||||
|
@ -47,7 +47,7 @@ skey_query(void *ctx, char **name, char **infotxt,
|
||||
int len;
|
||||
struct skey skey;
|
||||
|
||||
if (_compat_skeychallenge(&skey, authctxt->user, challenge,
|
||||
if (_compat_skeychallenge(&skey, authctxt->user, challenge,
|
||||
sizeof(challenge)) == -1)
|
||||
return -1;
|
||||
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $");
|
||||
RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#ifdef HAVE_LOGIN_H
|
||||
#include <login.h>
|
||||
@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
|
||||
struct stat st;
|
||||
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
|
||||
char *shell;
|
||||
int i;
|
||||
u_int i;
|
||||
#ifdef USE_SHADOW
|
||||
struct spwd *spw = NULL;
|
||||
#endif
|
||||
@ -97,7 +97,11 @@ allowed_user(struct passwd * pw)
|
||||
/* grab passwd field for locked account check */
|
||||
#ifdef USE_SHADOW
|
||||
if (spw != NULL)
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
passwd = get_iaf_password(pw);
|
||||
#else
|
||||
passwd = spw->sp_pwdp;
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
#else
|
||||
passwd = pw->pw_passwd;
|
||||
#endif
|
||||
@ -119,6 +123,9 @@ allowed_user(struct passwd * pw)
|
||||
if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
|
||||
locked = 1;
|
||||
#endif
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
free(passwd);
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
if (locked) {
|
||||
logit("User %.100s not allowed because account is locked",
|
||||
pw->pw_name);
|
||||
@ -326,64 +333,41 @@ auth_root_allowed(char *method)
|
||||
*
|
||||
* This returns a buffer allocated by xmalloc.
|
||||
*/
|
||||
char *
|
||||
expand_filename(const char *filename, struct passwd *pw)
|
||||
static char *
|
||||
expand_authorized_keys(const char *filename, struct passwd *pw)
|
||||
{
|
||||
Buffer buffer;
|
||||
char *file;
|
||||
const char *cp;
|
||||
char *file, *ret;
|
||||
|
||||
/*
|
||||
* Build the filename string in the buffer by making the appropriate
|
||||
* substitutions to the given file name.
|
||||
*/
|
||||
buffer_init(&buffer);
|
||||
for (cp = filename; *cp; cp++) {
|
||||
if (cp[0] == '%' && cp[1] == '%') {
|
||||
buffer_append(&buffer, "%", 1);
|
||||
cp++;
|
||||
continue;
|
||||
}
|
||||
if (cp[0] == '%' && cp[1] == 'h') {
|
||||
buffer_append(&buffer, pw->pw_dir, strlen(pw->pw_dir));
|
||||
cp++;
|
||||
continue;
|
||||
}
|
||||
if (cp[0] == '%' && cp[1] == 'u') {
|
||||
buffer_append(&buffer, pw->pw_name,
|
||||
strlen(pw->pw_name));
|
||||
cp++;
|
||||
continue;
|
||||
}
|
||||
buffer_append(&buffer, cp, 1);
|
||||
}
|
||||
buffer_append(&buffer, "\0", 1);
|
||||
file = percent_expand(filename, "h", pw->pw_dir,
|
||||
"u", pw->pw_name, (char *)NULL);
|
||||
|
||||
/*
|
||||
* Ensure that filename starts anchored. If not, be backward
|
||||
* compatible and prepend the '%h/'
|
||||
*/
|
||||
file = xmalloc(MAXPATHLEN);
|
||||
cp = buffer_ptr(&buffer);
|
||||
if (*cp != '/')
|
||||
snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp);
|
||||
else
|
||||
strlcpy(file, cp, MAXPATHLEN);
|
||||
if (*file == '/')
|
||||
return (file);
|
||||
|
||||
buffer_free(&buffer);
|
||||
return file;
|
||||
ret = xmalloc(MAXPATHLEN);
|
||||
if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN ||
|
||||
strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN ||
|
||||
strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN)
|
||||
fatal("expand_authorized_keys: path too long");
|
||||
|
||||
xfree(file);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
char *
|
||||
authorized_keys_file(struct passwd *pw)
|
||||
{
|
||||
return expand_filename(options.authorized_keys_file, pw);
|
||||
return expand_authorized_keys(options.authorized_keys_file, pw);
|
||||
}
|
||||
|
||||
char *
|
||||
authorized_keys_file2(struct passwd *pw)
|
||||
{
|
||||
return expand_filename(options.authorized_keys_file2, pw);
|
||||
return expand_authorized_keys(options.authorized_keys_file2, pw);
|
||||
}
|
||||
|
||||
/* return ok if key exists in sysfile or userfile */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth.h,v 1.50 2004/05/23 23:59:53 dtucker Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.51 2005/06/06 11:20:36 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -163,7 +163,6 @@ char *get_challenge(Authctxt *);
|
||||
int verify_response(Authctxt *, const char *);
|
||||
void abandon_challenge_response(Authctxt *);
|
||||
|
||||
char *expand_filename(const char *, struct passwd *);
|
||||
char *authorized_keys_file(struct passwd *);
|
||||
char *authorized_keys_file2(struct passwd *);
|
||||
|
||||
@ -192,4 +191,9 @@ int sys_auth_passwd(Authctxt *, const char *);
|
||||
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
|
||||
|
||||
#define SKEY_PROMPT "\nS/Key Password: "
|
||||
|
||||
#if defined(KRB5) && !defined(HEIMDAL)
|
||||
#include <krb5.h>
|
||||
krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
|
||||
#endif
|
||||
#endif
|
||||
|
@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $");
|
||||
RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
@ -31,28 +31,182 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $");
|
||||
extern ServerOptions options;
|
||||
extern Buffer loginmsg;
|
||||
|
||||
/*
|
||||
* convert ssh auth msg type into description
|
||||
*/
|
||||
static int auth1_process_password(Authctxt *, char *, size_t);
|
||||
static int auth1_process_rsa(Authctxt *, char *, size_t);
|
||||
static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t);
|
||||
static int auth1_process_tis_challenge(Authctxt *, char *, size_t);
|
||||
static int auth1_process_tis_response(Authctxt *, char *, size_t);
|
||||
|
||||
static char *client_user = NULL; /* Used to fill in remote user for PAM */
|
||||
|
||||
struct AuthMethod1 {
|
||||
int type;
|
||||
char *name;
|
||||
int *enabled;
|
||||
int (*method)(Authctxt *, char *, size_t);
|
||||
};
|
||||
|
||||
const struct AuthMethod1 auth1_methods[] = {
|
||||
{
|
||||
SSH_CMSG_AUTH_PASSWORD, "password",
|
||||
&options.password_authentication, auth1_process_password
|
||||
},
|
||||
{
|
||||
SSH_CMSG_AUTH_RSA, "rsa",
|
||||
&options.rsa_authentication, auth1_process_rsa
|
||||
},
|
||||
{
|
||||
SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa",
|
||||
&options.rhosts_rsa_authentication, auth1_process_rhosts_rsa
|
||||
},
|
||||
{
|
||||
SSH_CMSG_AUTH_TIS, "challenge-response",
|
||||
&options.challenge_response_authentication,
|
||||
auth1_process_tis_challenge
|
||||
},
|
||||
{
|
||||
SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response",
|
||||
&options.challenge_response_authentication,
|
||||
auth1_process_tis_response
|
||||
},
|
||||
{ -1, NULL, NULL, NULL}
|
||||
};
|
||||
|
||||
static const struct AuthMethod1
|
||||
*lookup_authmethod1(int type)
|
||||
{
|
||||
int i;
|
||||
|
||||
for(i = 0; auth1_methods[i].name != NULL; i++)
|
||||
if (auth1_methods[i].type == type)
|
||||
return (&(auth1_methods[i]));
|
||||
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
static char *
|
||||
get_authname(int type)
|
||||
{
|
||||
static char buf[1024];
|
||||
switch (type) {
|
||||
case SSH_CMSG_AUTH_PASSWORD:
|
||||
return "password";
|
||||
case SSH_CMSG_AUTH_RSA:
|
||||
return "rsa";
|
||||
case SSH_CMSG_AUTH_RHOSTS_RSA:
|
||||
return "rhosts-rsa";
|
||||
case SSH_CMSG_AUTH_RHOSTS:
|
||||
return "rhosts";
|
||||
case SSH_CMSG_AUTH_TIS:
|
||||
case SSH_CMSG_AUTH_TIS_RESPONSE:
|
||||
return "challenge-response";
|
||||
const struct AuthMethod1 *a;
|
||||
static char buf[64];
|
||||
|
||||
if ((a = lookup_authmethod1(type)) != NULL)
|
||||
return (a->name);
|
||||
snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type);
|
||||
return (buf);
|
||||
}
|
||||
|
||||
static int
|
||||
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
int authenticated = 0;
|
||||
char *password;
|
||||
u_int dlen;
|
||||
|
||||
/*
|
||||
* Read user password. It is in plain text, but was
|
||||
* transmitted over the encrypted channel so it is
|
||||
* not visible to an outside observer.
|
||||
*/
|
||||
password = packet_get_string(&dlen);
|
||||
packet_check_eom();
|
||||
|
||||
/* Try authentication with the password. */
|
||||
authenticated = PRIVSEP(auth_password(authctxt, password));
|
||||
|
||||
memset(password, 0, dlen);
|
||||
xfree(password);
|
||||
|
||||
return (authenticated);
|
||||
}
|
||||
|
||||
static int
|
||||
auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
int authenticated = 0;
|
||||
BIGNUM *n;
|
||||
|
||||
/* RSA authentication requested. */
|
||||
if ((n = BN_new()) == NULL)
|
||||
fatal("do_authloop: BN_new failed");
|
||||
packet_get_bignum(n);
|
||||
packet_check_eom();
|
||||
authenticated = auth_rsa(authctxt, n);
|
||||
BN_clear_free(n);
|
||||
|
||||
return (authenticated);
|
||||
}
|
||||
|
||||
static int
|
||||
auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
int keybits, authenticated = 0;
|
||||
u_int bits;
|
||||
Key *client_host_key;
|
||||
u_int ulen;
|
||||
|
||||
/*
|
||||
* Get client user name. Note that we just have to
|
||||
* trust the client; root on the client machine can
|
||||
* claim to be any user.
|
||||
*/
|
||||
client_user = packet_get_string(&ulen);
|
||||
|
||||
/* Get the client host key. */
|
||||
client_host_key = key_new(KEY_RSA1);
|
||||
bits = packet_get_int();
|
||||
packet_get_bignum(client_host_key->rsa->e);
|
||||
packet_get_bignum(client_host_key->rsa->n);
|
||||
|
||||
keybits = BN_num_bits(client_host_key->rsa->n);
|
||||
if (keybits < 0 || bits != (u_int)keybits) {
|
||||
verbose("Warning: keysize mismatch for client_host_key: "
|
||||
"actual %d, announced %d",
|
||||
BN_num_bits(client_host_key->rsa->n), bits);
|
||||
}
|
||||
snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
|
||||
return buf;
|
||||
packet_check_eom();
|
||||
|
||||
authenticated = auth_rhosts_rsa(authctxt, client_user,
|
||||
client_host_key);
|
||||
key_free(client_host_key);
|
||||
|
||||
snprintf(info, infolen, " ruser %.100s", client_user);
|
||||
|
||||
return (authenticated);
|
||||
}
|
||||
|
||||
static int
|
||||
auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
char *challenge;
|
||||
|
||||
if ((challenge = get_challenge(authctxt)) == NULL)
|
||||
return (0);
|
||||
|
||||
debug("sending challenge '%s'", challenge);
|
||||
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
|
||||
packet_put_cstring(challenge);
|
||||
xfree(challenge);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
return (-1);
|
||||
}
|
||||
|
||||
static int
|
||||
auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
|
||||
{
|
||||
int authenticated = 0;
|
||||
char *response;
|
||||
u_int dlen;
|
||||
|
||||
response = packet_get_string(&dlen);
|
||||
packet_check_eom();
|
||||
authenticated = verify_response(authctxt, response);
|
||||
memset(response, 'r', dlen);
|
||||
xfree(response);
|
||||
|
||||
return (authenticated);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -63,14 +217,9 @@ static void
|
||||
do_authloop(Authctxt *authctxt)
|
||||
{
|
||||
int authenticated = 0;
|
||||
u_int bits;
|
||||
Key *client_host_key;
|
||||
BIGNUM *n;
|
||||
char *client_user, *password;
|
||||
char info[1024];
|
||||
u_int dlen;
|
||||
u_int ulen;
|
||||
int prev, type = 0;
|
||||
int prev = 0, type = 0;
|
||||
const struct AuthMethod1 *meth;
|
||||
|
||||
debug("Attempting authentication for %s%.100s.",
|
||||
authctxt->valid ? "" : "invalid user ", authctxt->user);
|
||||
@ -95,8 +244,6 @@ do_authloop(Authctxt *authctxt)
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
client_user = NULL;
|
||||
|
||||
for (;;) {
|
||||
/* default to fail */
|
||||
authenticated = 0;
|
||||
@ -118,107 +265,21 @@ do_authloop(Authctxt *authctxt)
|
||||
type != SSH_CMSG_AUTH_TIS_RESPONSE)
|
||||
abandon_challenge_response(authctxt);
|
||||
|
||||
/* Process the packet. */
|
||||
switch (type) {
|
||||
case SSH_CMSG_AUTH_RHOSTS_RSA:
|
||||
if (!options.rhosts_rsa_authentication) {
|
||||
verbose("Rhosts with RSA authentication disabled.");
|
||||
break;
|
||||
}
|
||||
/*
|
||||
* Get client user name. Note that we just have to
|
||||
* trust the client; root on the client machine can
|
||||
* claim to be any user.
|
||||
*/
|
||||
client_user = packet_get_string(&ulen);
|
||||
|
||||
/* Get the client host key. */
|
||||
client_host_key = key_new(KEY_RSA1);
|
||||
bits = packet_get_int();
|
||||
packet_get_bignum(client_host_key->rsa->e);
|
||||
packet_get_bignum(client_host_key->rsa->n);
|
||||
|
||||
if (bits != BN_num_bits(client_host_key->rsa->n))
|
||||
verbose("Warning: keysize mismatch for client_host_key: "
|
||||
"actual %d, announced %d",
|
||||
BN_num_bits(client_host_key->rsa->n), bits);
|
||||
packet_check_eom();
|
||||
|
||||
authenticated = auth_rhosts_rsa(authctxt, client_user,
|
||||
client_host_key);
|
||||
key_free(client_host_key);
|
||||
|
||||
snprintf(info, sizeof info, " ruser %.100s", client_user);
|
||||
break;
|
||||
|
||||
case SSH_CMSG_AUTH_RSA:
|
||||
if (!options.rsa_authentication) {
|
||||
verbose("RSA authentication disabled.");
|
||||
break;
|
||||
}
|
||||
/* RSA authentication requested. */
|
||||
if ((n = BN_new()) == NULL)
|
||||
fatal("do_authloop: BN_new failed");
|
||||
packet_get_bignum(n);
|
||||
packet_check_eom();
|
||||
authenticated = auth_rsa(authctxt, n);
|
||||
BN_clear_free(n);
|
||||
break;
|
||||
|
||||
case SSH_CMSG_AUTH_PASSWORD:
|
||||
if (!options.password_authentication) {
|
||||
verbose("Password authentication disabled.");
|
||||
break;
|
||||
}
|
||||
/*
|
||||
* Read user password. It is in plain text, but was
|
||||
* transmitted over the encrypted channel so it is
|
||||
* not visible to an outside observer.
|
||||
*/
|
||||
password = packet_get_string(&dlen);
|
||||
packet_check_eom();
|
||||
|
||||
/* Try authentication with the password. */
|
||||
authenticated = PRIVSEP(auth_password(authctxt, password));
|
||||
|
||||
memset(password, 0, strlen(password));
|
||||
xfree(password);
|
||||
break;
|
||||
|
||||
case SSH_CMSG_AUTH_TIS:
|
||||
debug("rcvd SSH_CMSG_AUTH_TIS");
|
||||
if (options.challenge_response_authentication == 1) {
|
||||
char *challenge = get_challenge(authctxt);
|
||||
if (challenge != NULL) {
|
||||
debug("sending challenge '%s'", challenge);
|
||||
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
|
||||
packet_put_cstring(challenge);
|
||||
xfree(challenge);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
continue;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case SSH_CMSG_AUTH_TIS_RESPONSE:
|
||||
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
|
||||
if (options.challenge_response_authentication == 1) {
|
||||
char *response = packet_get_string(&dlen);
|
||||
packet_check_eom();
|
||||
authenticated = verify_response(authctxt, response);
|
||||
memset(response, 'r', dlen);
|
||||
xfree(response);
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
/*
|
||||
* Any unknown messages will be ignored (and failure
|
||||
* returned) during authentication.
|
||||
*/
|
||||
logit("Unknown message during authentication: type %d", type);
|
||||
break;
|
||||
if ((meth = lookup_authmethod1(type)) == NULL) {
|
||||
logit("Unknown message during authentication: "
|
||||
"type %d", type);
|
||||
goto skip;
|
||||
}
|
||||
|
||||
if (!*(meth->enabled)) {
|
||||
verbose("%s authentication disabled.", meth->name);
|
||||
goto skip;
|
||||
}
|
||||
|
||||
authenticated = meth->method(authctxt, info, sizeof(info));
|
||||
if (authenticated == -1)
|
||||
continue; /* "postponed" */
|
||||
|
||||
#ifdef BSD_AUTH
|
||||
if (authctxt->as) {
|
||||
auth_close(authctxt->as);
|
||||
@ -238,7 +299,7 @@ do_authloop(Authctxt *authctxt)
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (authenticated &&
|
||||
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
|
||||
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
|
||||
authctxt->pw)) {
|
||||
packet_disconnect("Authentication rejected for uid %d.",
|
||||
authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
|
||||
@ -247,8 +308,8 @@ do_authloop(Authctxt *authctxt)
|
||||
#else
|
||||
/* Special handling for root */
|
||||
if (authenticated && authctxt->pw->pw_uid == 0 &&
|
||||
!auth_root_allowed(get_authname(type))) {
|
||||
authenticated = 0;
|
||||
!auth_root_allowed(meth->name)) {
|
||||
authenticated = 0;
|
||||
# ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
|
||||
# endif
|
||||
@ -262,7 +323,7 @@ do_authloop(Authctxt *authctxt)
|
||||
size_t len;
|
||||
|
||||
error("Access denied for user %s by PAM account "
|
||||
"configuration", authctxt->user);
|
||||
"configuration", authctxt->user);
|
||||
len = buffer_len(&loginmsg);
|
||||
buffer_append(&loginmsg, "\0", 1);
|
||||
msg = buffer_ptr(&loginmsg);
|
||||
@ -276,6 +337,7 @@ do_authloop(Authctxt *authctxt)
|
||||
}
|
||||
#endif
|
||||
|
||||
skip:
|
||||
/* Log before sending the reply */
|
||||
auth_log(authctxt, authenticated, get_authname(type), info);
|
||||
|
||||
@ -341,7 +403,7 @@ do_authentication(Authctxt *authctxt)
|
||||
|
||||
/*
|
||||
* If we are not running as root, the user must have the same uid as
|
||||
* the server. (Unless you are running Windows)
|
||||
* the server.
|
||||
*/
|
||||
#ifndef HAVE_CYGWIN
|
||||
if (!use_privsep && getuid() != 0 && authctxt->pw &&
|
||||
|
@ -23,7 +23,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $");
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include "auth.h"
|
||||
@ -167,7 +167,7 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt)
|
||||
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
|
||||
xfree(t);
|
||||
debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
|
||||
kbdintctxt->devices : "<empty>");
|
||||
kbdintctxt->devices : "<empty>");
|
||||
} while (kbdintctxt->devices && !kbdintctxt->device);
|
||||
|
||||
return kbdintctxt->device ? 1 : 0;
|
||||
@ -239,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt)
|
||||
{
|
||||
KbdintAuthctxt *kbdintctxt;
|
||||
char *name, *instr, **prompts;
|
||||
int i;
|
||||
u_int *echo_on;
|
||||
u_int i, *echo_on;
|
||||
|
||||
kbdintctxt = authctxt->kbdintctxt;
|
||||
if (kbdintctxt->device->query(kbdintctxt->ctxt,
|
||||
@ -273,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
Authctxt *authctxt = ctxt;
|
||||
KbdintAuthctxt *kbdintctxt;
|
||||
int i, authenticated = 0, res, len;
|
||||
u_int nresp;
|
||||
int authenticated = 0, res, len;
|
||||
u_int i, nresp;
|
||||
char **response = NULL, *method;
|
||||
|
||||
if (authctxt == NULL)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
int present;
|
||||
OM_uint32 ms;
|
||||
u_int len;
|
||||
char *doid = NULL;
|
||||
u_char *doid = NULL;
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL)
|
||||
return (0);
|
||||
@ -82,9 +82,8 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
present = 0;
|
||||
doid = packet_get_string(&len);
|
||||
|
||||
if (len > 2 &&
|
||||
doid[0] == SSH_GSS_OIDTYPE &&
|
||||
doid[1] == len - 2) {
|
||||
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
|
||||
doid[1] == len - 2) {
|
||||
goid.elements = doid + 2;
|
||||
goid.length = len - 2;
|
||||
gss_test_oid_set_member(&ms, &goid, supported,
|
||||
|
@ -234,7 +234,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
|
||||
packet_write_wait();
|
||||
}
|
||||
fatal("Access denied for user %s by PAM account "
|
||||
"configuration", authctxt->user);
|
||||
"configuration", authctxt->user);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfd.c,v 1.64 2004/08/11 21:44:31 avsm Exp $");
|
||||
RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -114,8 +114,7 @@ ssh_get_authentication_socket(void)
|
||||
static int
|
||||
ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
|
||||
{
|
||||
int l;
|
||||
u_int len;
|
||||
u_int l, len;
|
||||
char buf[1024];
|
||||
|
||||
/* Get the length of the message, and format it in the buffer. */
|
||||
@ -149,8 +148,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
|
||||
l = len;
|
||||
if (l > sizeof(buf))
|
||||
l = sizeof(buf);
|
||||
l = atomicio(read, auth->fd, buf, l);
|
||||
if (l <= 0) {
|
||||
if (atomicio(read, auth->fd, buf, l) != l) {
|
||||
error("Error reading response from authentication socket.");
|
||||
return 0;
|
||||
}
|
||||
@ -303,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
|
||||
Key *
|
||||
ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
|
||||
{
|
||||
int keybits;
|
||||
u_int bits;
|
||||
u_char *blob;
|
||||
u_int blen;
|
||||
@ -323,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
|
||||
buffer_get_bignum(&auth->identities, key->rsa->e);
|
||||
buffer_get_bignum(&auth->identities, key->rsa->n);
|
||||
*comment = buffer_get_string(&auth->identities, NULL);
|
||||
if (bits != BN_num_bits(key->rsa->n))
|
||||
keybits = BN_num_bits(key->rsa->n);
|
||||
if (keybits < 0 || bits != (u_int)keybits)
|
||||
logit("Warning: identity keysize mismatch: actual %d, announced %u",
|
||||
BN_num_bits(key->rsa->n), bits);
|
||||
break;
|
||||
|
@ -36,7 +36,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
|
||||
RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
@ -52,6 +52,7 @@ RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
|
||||
#include "authfile.h"
|
||||
#include "rsa.h"
|
||||
#include "misc.h"
|
||||
#include "atomicio.h"
|
||||
|
||||
/* Version identification string for SSH v1 identity files. */
|
||||
static const char authfile_id_string[] =
|
||||
@ -147,8 +148,8 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
|
||||
buffer_free(&encrypted);
|
||||
return 0;
|
||||
}
|
||||
if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
|
||||
buffer_len(&encrypted)) {
|
||||
if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
|
||||
buffer_len(&encrypted)) != buffer_len(&encrypted)) {
|
||||
error("write to key file %s failed: %s", filename,
|
||||
strerror(errno));
|
||||
buffer_free(&encrypted);
|
||||
@ -236,7 +237,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
|
||||
Key *pub;
|
||||
struct stat st;
|
||||
char *cp;
|
||||
int i;
|
||||
u_int i;
|
||||
size_t len;
|
||||
|
||||
if (fstat(fd, &st) < 0) {
|
||||
@ -253,7 +254,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
|
||||
buffer_init(&buffer);
|
||||
cp = buffer_append_space(&buffer, len);
|
||||
|
||||
if (read(fd, cp, (size_t) len) != (size_t) len) {
|
||||
if (atomicio(read, fd, cp, len) != len) {
|
||||
debug("Read from key file %.200s failed: %.100s", filename,
|
||||
strerror(errno));
|
||||
buffer_free(&buffer);
|
||||
@ -322,7 +323,8 @@ static Key *
|
||||
key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
|
||||
char **commentp)
|
||||
{
|
||||
int i, check1, check2, cipher_type;
|
||||
u_int i;
|
||||
int check1, check2, cipher_type;
|
||||
size_t len;
|
||||
Buffer buffer, decrypted;
|
||||
u_char *cp;
|
||||
@ -347,7 +349,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
|
||||
buffer_init(&buffer);
|
||||
cp = buffer_append_space(&buffer, len);
|
||||
|
||||
if (read(fd, cp, (size_t) len) != (size_t) len) {
|
||||
if (atomicio(read, fd, cp, len) != len) {
|
||||
debug("Read from key file %.200s failed: %.100s", filename,
|
||||
strerror(errno));
|
||||
buffer_free(&buffer);
|
||||
|
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include "bufaux.h"
|
||||
@ -154,7 +154,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
|
||||
buf[0] = 0x00;
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf+1);
|
||||
if (oi != bytes-1) {
|
||||
if (oi < 0 || (u_int)oi != bytes - 1) {
|
||||
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
|
||||
"oi %d != bin_size %d", oi, bytes);
|
||||
xfree(buf);
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $");
|
||||
RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
@ -143,7 +143,8 @@ check_ip_options(int sock, char *ipaddr)
|
||||
u_char options[200];
|
||||
char text[sizeof(options) * 3 + 1];
|
||||
socklen_t option_size;
|
||||
int i, ipproto;
|
||||
u_int i;
|
||||
int ipproto;
|
||||
struct protoent *ip;
|
||||
|
||||
if ((ip = getprotobyname("ip")) != NULL)
|
||||
@ -173,7 +174,7 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
|
||||
struct in_addr inaddr;
|
||||
u_int16_t port;
|
||||
|
||||
if (addr->ss_family != AF_INET6 ||
|
||||
if (addr->ss_family != AF_INET6 ||
|
||||
!IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr))
|
||||
return;
|
||||
|
||||
@ -346,7 +347,7 @@ get_sock_port(int sock, int local)
|
||||
} else {
|
||||
if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
|
||||
debug("getpeername failed: %.100s", strerror(errno));
|
||||
cleanup_exit(255);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $");
|
||||
RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -111,6 +111,9 @@ static int all_opens_permitted = 0;
|
||||
/* Maximum number of fake X11 displays to try. */
|
||||
#define MAX_DISPLAYS 1000
|
||||
|
||||
/* Saved X11 local (client) display. */
|
||||
static char *x11_saved_display = NULL;
|
||||
|
||||
/* Saved X11 authentication protocol name. */
|
||||
static char *x11_saved_proto = NULL;
|
||||
|
||||
@ -727,8 +730,8 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
FD_SET(c->wfd, writeset);
|
||||
} else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
||||
if (CHANNEL_EFD_OUTPUT_ACTIVE(c))
|
||||
debug2("channel %d: obuf_empty delayed efd %d/(%d)",
|
||||
c->self, c->efd, buffer_len(&c->extended));
|
||||
debug2("channel %d: obuf_empty delayed efd %d/(%d)",
|
||||
c->self, c->efd, buffer_len(&c->extended));
|
||||
else
|
||||
chan_obuf_empty(c);
|
||||
}
|
||||
@ -894,7 +897,7 @@ static int
|
||||
channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
char *p, *host;
|
||||
int len, have, i, found;
|
||||
u_int len, have, i, found;
|
||||
char username[256];
|
||||
struct {
|
||||
u_int8_t version;
|
||||
@ -979,7 +982,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
} s5_req, s5_rsp;
|
||||
u_int16_t dest_port;
|
||||
u_char *p, dest_addr[255+1];
|
||||
int i, have, found, nmethods, addrlen, af;
|
||||
u_int have, i, found, nmethods, addrlen, af;
|
||||
|
||||
debug2("channel %d: decode socks5", c->self);
|
||||
p = buffer_ptr(&c->input);
|
||||
@ -1075,7 +1078,8 @@ static void
|
||||
channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
u_char *p;
|
||||
int have, ret;
|
||||
u_int have;
|
||||
int ret;
|
||||
|
||||
have = buffer_len(&c->input);
|
||||
c->delayed = 0;
|
||||
@ -1178,7 +1182,7 @@ port_open_helper(Channel *c, char *rtype)
|
||||
int direct;
|
||||
char buf[1024];
|
||||
char *remote_ipaddr = get_peer_ipaddr(c->sock);
|
||||
u_short remote_port = get_peer_port(c->sock);
|
||||
int remote_port = get_peer_port(c->sock);
|
||||
|
||||
direct = (strcmp(rtype, "direct-tcpip") == 0);
|
||||
|
||||
@ -1208,7 +1212,7 @@ port_open_helper(Channel *c, char *rtype)
|
||||
}
|
||||
/* originator host and port */
|
||||
packet_put_cstring(remote_ipaddr);
|
||||
packet_put_int(remote_port);
|
||||
packet_put_int((u_int)remote_port);
|
||||
packet_send();
|
||||
} else {
|
||||
packet_start(SSH_MSG_PORT_OPEN);
|
||||
@ -1809,8 +1813,8 @@ channel_output_poll(void)
|
||||
* hack for extended data: delay EOF if EFD still in use.
|
||||
*/
|
||||
if (CHANNEL_EFD_INPUT_ACTIVE(c))
|
||||
debug2("channel %d: ibuf_empty delayed efd %d/(%d)",
|
||||
c->self, c->efd, buffer_len(&c->extended));
|
||||
debug2("channel %d: ibuf_empty delayed efd %d/(%d)",
|
||||
c->self, c->efd, buffer_len(&c->extended));
|
||||
else
|
||||
chan_ibuf_empty(c);
|
||||
}
|
||||
@ -2195,11 +2199,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
|
||||
|
||||
if (host == NULL) {
|
||||
error("No forward host name.");
|
||||
return success;
|
||||
return 0;
|
||||
}
|
||||
if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) {
|
||||
error("Forward host name too long.");
|
||||
return success;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -2250,12 +2254,10 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
|
||||
packet_disconnect("getaddrinfo: fatal error: %s",
|
||||
gai_strerror(r));
|
||||
} else {
|
||||
verbose("channel_setup_fwd_listener: "
|
||||
"getaddrinfo(%.64s): %s", addr, gai_strerror(r));
|
||||
packet_send_debug("channel_setup_fwd_listener: "
|
||||
error("channel_setup_fwd_listener: "
|
||||
"getaddrinfo(%.64s): %s", addr, gai_strerror(r));
|
||||
}
|
||||
aitop = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (ai = aitop; ai; ai = ai->ai_next) {
|
||||
@ -2657,7 +2659,7 @@ channel_send_window_changes(void)
|
||||
*/
|
||||
int
|
||||
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
int single_connection, u_int *display_numberp)
|
||||
int single_connection, u_int *display_numberp, int **chanids)
|
||||
{
|
||||
Channel *nc = NULL;
|
||||
int display_number, sock;
|
||||
@ -2747,6 +2749,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
}
|
||||
|
||||
/* Allocate a channel for each socket. */
|
||||
if (chanids != NULL)
|
||||
*chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
|
||||
for (n = 0; n < num_socks; n++) {
|
||||
sock = socks[n];
|
||||
nc = channel_new("x11 listener",
|
||||
@ -2754,7 +2758,11 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
|
||||
0, "X11 inet listener", 1);
|
||||
nc->single_connection = single_connection;
|
||||
if (*chanids != NULL)
|
||||
(*chanids)[n] = nc->self;
|
||||
}
|
||||
if (*chanids != NULL)
|
||||
(*chanids)[n] = -1;
|
||||
|
||||
/* Return the display number for the DISPLAY environment variable. */
|
||||
*display_numberp = display_number;
|
||||
@ -2952,19 +2960,27 @@ deny_input_open(int type, u_int32_t seq, void *ctxt)
|
||||
* This should be called in the client only.
|
||||
*/
|
||||
void
|
||||
x11_request_forwarding_with_spoofing(int client_session_id,
|
||||
x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
|
||||
const char *proto, const char *data)
|
||||
{
|
||||
u_int data_len = (u_int) strlen(data) / 2;
|
||||
u_int i, value, len;
|
||||
u_int i, value;
|
||||
char *new_data;
|
||||
int screen_number;
|
||||
const char *cp;
|
||||
u_int32_t rnd = 0;
|
||||
|
||||
cp = getenv("DISPLAY");
|
||||
if (cp)
|
||||
cp = strchr(cp, ':');
|
||||
if (x11_saved_display == NULL)
|
||||
x11_saved_display = xstrdup(disp);
|
||||
else if (strcmp(disp, x11_saved_display) != 0) {
|
||||
error("x11_request_forwarding_with_spoofing: different "
|
||||
"$DISPLAY already forwarded");
|
||||
return;
|
||||
}
|
||||
|
||||
cp = disp;
|
||||
if (disp)
|
||||
cp = strchr(disp, ':');
|
||||
if (cp)
|
||||
cp = strchr(cp, '.');
|
||||
if (cp)
|
||||
@ -2972,33 +2988,31 @@ x11_request_forwarding_with_spoofing(int client_session_id,
|
||||
else
|
||||
screen_number = 0;
|
||||
|
||||
/* Save protocol name. */
|
||||
x11_saved_proto = xstrdup(proto);
|
||||
|
||||
/*
|
||||
* Extract real authentication data and generate fake data of the
|
||||
* same length.
|
||||
*/
|
||||
x11_saved_data = xmalloc(data_len);
|
||||
x11_fake_data = xmalloc(data_len);
|
||||
for (i = 0; i < data_len; i++) {
|
||||
if (sscanf(data + 2 * i, "%2x", &value) != 1)
|
||||
fatal("x11_request_forwarding: bad authentication data: %.100s", data);
|
||||
if (i % 4 == 0)
|
||||
rnd = arc4random();
|
||||
x11_saved_data[i] = value;
|
||||
x11_fake_data[i] = rnd & 0xff;
|
||||
rnd >>= 8;
|
||||
if (x11_saved_proto == NULL) {
|
||||
/* Save protocol name. */
|
||||
x11_saved_proto = xstrdup(proto);
|
||||
/*
|
||||
* Extract real authentication data and generate fake data
|
||||
* of the same length.
|
||||
*/
|
||||
x11_saved_data = xmalloc(data_len);
|
||||
x11_fake_data = xmalloc(data_len);
|
||||
for (i = 0; i < data_len; i++) {
|
||||
if (sscanf(data + 2 * i, "%2x", &value) != 1)
|
||||
fatal("x11_request_forwarding: bad "
|
||||
"authentication data: %.100s", data);
|
||||
if (i % 4 == 0)
|
||||
rnd = arc4random();
|
||||
x11_saved_data[i] = value;
|
||||
x11_fake_data[i] = rnd & 0xff;
|
||||
rnd >>= 8;
|
||||
}
|
||||
x11_saved_data_len = data_len;
|
||||
x11_fake_data_len = data_len;
|
||||
}
|
||||
x11_saved_data_len = data_len;
|
||||
x11_fake_data_len = data_len;
|
||||
|
||||
/* Convert the fake data into hex. */
|
||||
len = 2 * data_len + 1;
|
||||
new_data = xmalloc(len);
|
||||
for (i = 0; i < data_len; i++)
|
||||
snprintf(new_data + 2 * i, len - 2 * i,
|
||||
"%02x", (u_char) x11_fake_data[i]);
|
||||
new_data = tohex(x11_fake_data, data_len);
|
||||
|
||||
/* Send the request packet. */
|
||||
if (compat20) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: channels.h,v 1.76 2005/03/01 10:09:52 djm Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.79 2005/07/17 06:49:04 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -149,7 +149,7 @@ struct Channel {
|
||||
buffer_len(&c->extended) > 0))
|
||||
#define CHANNEL_EFD_OUTPUT_ACTIVE(c) \
|
||||
(compat20 && c->extended_usage == CHAN_EXTENDED_WRITE && \
|
||||
((c->efd != -1 && !(c->flags & (CHAN_EOF_RCVD|CHAN_CLOSE_RCVD))) || \
|
||||
c->efd != -1 && (!(c->flags & (CHAN_EOF_RCVD|CHAN_CLOSE_RCVD)) || \
|
||||
buffer_len(&c->extended) > 0))
|
||||
|
||||
/* channel management */
|
||||
@ -214,9 +214,10 @@ int channel_cancel_rport_listener(const char *, u_short);
|
||||
/* x11 forwarding */
|
||||
|
||||
int x11_connect_display(void);
|
||||
int x11_create_display_inet(int, int, int, u_int *);
|
||||
int x11_create_display_inet(int, int, int, u_int *, int **);
|
||||
void x11_input_open(int, u_int32_t, void *);
|
||||
void x11_request_forwarding_with_spoofing(int, const char *, const char *);
|
||||
void x11_request_forwarding_with_spoofing(int, const char *, const char *,
|
||||
const char *);
|
||||
void deny_input_open(int, u_int32_t, void *);
|
||||
|
||||
/* agent forwarding */
|
||||
|
@ -17,7 +17,7 @@
|
||||
#include "includes.h"
|
||||
#include <openssl/evp.h>
|
||||
|
||||
RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $");
|
||||
RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $");
|
||||
|
||||
#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||
|
||||
@ -33,7 +33,7 @@ typedef struct {
|
||||
#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07
|
||||
|
||||
static int
|
||||
acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
|
||||
@ -41,7 +41,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
}
|
||||
|
||||
static int
|
||||
acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
|
||||
acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
|
||||
unsigned int inl)
|
||||
{
|
||||
acss(&data(ctx)->ks,inl,in,out);
|
||||
|
@ -14,7 +14,7 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $");
|
||||
RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -95,7 +95,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
}
|
||||
if (key != NULL)
|
||||
AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
|
||||
&c->aes_ctx);
|
||||
&c->aes_ctx);
|
||||
if (iv != NULL)
|
||||
memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
|
||||
return (1);
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $");
|
||||
RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
@ -43,25 +43,8 @@ RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $");
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00906000L
|
||||
#define SSH_OLD_EVP
|
||||
#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
extern const EVP_CIPHER *evp_rijndael(void);
|
||||
extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||
#endif
|
||||
|
||||
#if !defined(EVP_CTRL_SET_ACSS_MODE)
|
||||
# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||
extern const EVP_CIPHER *evp_acss(void);
|
||||
# define EVP_acss evp_acss
|
||||
# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */
|
||||
# else
|
||||
# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
|
||||
# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
|
||||
#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
|
||||
/* compatibility with old or broken OpenSSL versions */
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
||||
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
||||
@ -74,39 +57,32 @@ struct Cipher {
|
||||
int number; /* for ssh1 only */
|
||||
u_int block_size;
|
||||
u_int key_len;
|
||||
u_int discard_len;
|
||||
const EVP_CIPHER *(*evptype)(void);
|
||||
} ciphers[] = {
|
||||
{ "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
|
||||
{ "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },
|
||||
{ "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des },
|
||||
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf },
|
||||
{ "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
|
||||
{ "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
|
||||
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
|
||||
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
|
||||
|
||||
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },
|
||||
{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },
|
||||
{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },
|
||||
{ "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },
|
||||
{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },
|
||||
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
|
||||
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
|
||||
{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },
|
||||
{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },
|
||||
{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
|
||||
{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
|
||||
{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
|
||||
{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
|
||||
{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
|
||||
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
|
||||
{ "rijndael-cbc@lysator.liu.se",
|
||||
SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
|
||||
#else
|
||||
{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc },
|
||||
{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc },
|
||||
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
|
||||
{ "rijndael-cbc@lysator.liu.se",
|
||||
SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
|
||||
SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
|
||||
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
|
||||
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
|
||||
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
|
||||
#ifdef USE_CIPHER_ACSS
|
||||
{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00905000L
|
||||
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },
|
||||
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
|
||||
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
|
||||
#endif
|
||||
#if defined(EVP_CTRL_SET_ACSS_MODE)
|
||||
{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss },
|
||||
#endif
|
||||
{ NULL, SSH_CIPHER_INVALID, 0, 0, NULL }
|
||||
{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }
|
||||
};
|
||||
|
||||
/*--*/
|
||||
@ -222,8 +198,9 @@ cipher_init(CipherContext *cc, Cipher *cipher,
|
||||
EVP_CIPHER *type;
|
||||
#else
|
||||
const EVP_CIPHER *type;
|
||||
#endif
|
||||
int klen;
|
||||
#endif
|
||||
u_char *junk, *discard;
|
||||
|
||||
if (cipher->number == SSH_CIPHER_DES) {
|
||||
if (dowarn) {
|
||||
@ -261,7 +238,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
|
||||
fatal("cipher_init: EVP_CipherInit failed for %s",
|
||||
cipher->name);
|
||||
klen = EVP_CIPHER_CTX_key_length(&cc->evp);
|
||||
if (klen > 0 && keylen != klen) {
|
||||
if (klen > 0 && keylen != (u_int)klen) {
|
||||
debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
|
||||
if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
|
||||
fatal("cipher_init: set keylen failed (%d -> %d)",
|
||||
@ -271,6 +248,17 @@ cipher_init(CipherContext *cc, Cipher *cipher,
|
||||
fatal("cipher_init: EVP_CipherInit: set key failed for %s",
|
||||
cipher->name);
|
||||
#endif
|
||||
|
||||
if (cipher->discard_len > 0) {
|
||||
junk = xmalloc(cipher->discard_len);
|
||||
discard = xmalloc(cipher->discard_len);
|
||||
if (EVP_Cipher(&cc->evp, discard, junk,
|
||||
cipher->discard_len) == 0)
|
||||
fatal("evp_crypt: EVP_Cipher failed during discard");
|
||||
memset(discard, 0, cipher->discard_len);
|
||||
xfree(junk);
|
||||
xfree(discard);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
@ -278,23 +266,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
|
||||
{
|
||||
if (len % cc->cipher->block_size)
|
||||
fatal("cipher_encrypt: bad plaintext length %d", len);
|
||||
#ifdef SSH_OLD_EVP
|
||||
EVP_Cipher(&cc->evp, dest, (u_char *)src, len);
|
||||
#else
|
||||
if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
|
||||
fatal("evp_crypt: EVP_Cipher failed");
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
cipher_cleanup(CipherContext *cc)
|
||||
{
|
||||
#ifdef SSH_OLD_EVP
|
||||
EVP_CIPHER_CTX_cleanup(&cc->evp);
|
||||
#else
|
||||
if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
|
||||
error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -349,9 +329,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
|
||||
case SSH_CIPHER_DES:
|
||||
case SSH_CIPHER_BLOWFISH:
|
||||
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
|
||||
if (evplen == 0)
|
||||
if (evplen <= 0)
|
||||
return;
|
||||
if (evplen != len)
|
||||
if ((u_int)evplen != len)
|
||||
fatal("%s: wrong iv length %d != %d", __func__,
|
||||
evplen, len);
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
|
@ -59,7 +59,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -140,6 +140,8 @@ int session_ident = -1;
|
||||
struct confirm_ctx {
|
||||
int want_tty;
|
||||
int want_subsys;
|
||||
int want_x_fwd;
|
||||
int want_agent_fwd;
|
||||
Buffer cmd;
|
||||
char *term;
|
||||
struct termios tio;
|
||||
@ -208,6 +210,109 @@ get_current_time(void)
|
||||
return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
|
||||
}
|
||||
|
||||
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
|
||||
void
|
||||
client_x11_get_proto(const char *display, const char *xauth_path,
|
||||
u_int trusted, char **_proto, char **_data)
|
||||
{
|
||||
char cmd[1024];
|
||||
char line[512];
|
||||
char xdisplay[512];
|
||||
static char proto[512], data[512];
|
||||
FILE *f;
|
||||
int got_data = 0, generated = 0, do_unlink = 0, i;
|
||||
char *xauthdir, *xauthfile;
|
||||
struct stat st;
|
||||
|
||||
xauthdir = xauthfile = NULL;
|
||||
*_proto = proto;
|
||||
*_data = data;
|
||||
proto[0] = data[0] = '\0';
|
||||
|
||||
if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
|
||||
debug("No xauth program.");
|
||||
} else {
|
||||
if (display == NULL) {
|
||||
debug("x11_get_proto: DISPLAY not set");
|
||||
return;
|
||||
}
|
||||
/*
|
||||
* Handle FamilyLocal case where $DISPLAY does
|
||||
* not match an authorization entry. For this we
|
||||
* just try "xauth list unix:displaynum.screennum".
|
||||
* XXX: "localhost" match to determine FamilyLocal
|
||||
* is not perfect.
|
||||
*/
|
||||
if (strncmp(display, "localhost:", 10) == 0) {
|
||||
snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
|
||||
display + 10);
|
||||
display = xdisplay;
|
||||
}
|
||||
if (trusted == 0) {
|
||||
xauthdir = xmalloc(MAXPATHLEN);
|
||||
xauthfile = xmalloc(MAXPATHLEN);
|
||||
strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
|
||||
if (mkdtemp(xauthdir) != NULL) {
|
||||
do_unlink = 1;
|
||||
snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
|
||||
xauthdir);
|
||||
snprintf(cmd, sizeof(cmd),
|
||||
"%s -f %s generate %s " SSH_X11_PROTO
|
||||
" untrusted timeout 1200 2>" _PATH_DEVNULL,
|
||||
xauth_path, xauthfile, display);
|
||||
debug2("x11_get_proto: %s", cmd);
|
||||
if (system(cmd) == 0)
|
||||
generated = 1;
|
||||
}
|
||||
}
|
||||
snprintf(cmd, sizeof(cmd),
|
||||
"%s %s%s list %s . 2>" _PATH_DEVNULL,
|
||||
xauth_path,
|
||||
generated ? "-f " : "" ,
|
||||
generated ? xauthfile : "",
|
||||
display);
|
||||
debug2("x11_get_proto: %s", cmd);
|
||||
f = popen(cmd, "r");
|
||||
if (f && fgets(line, sizeof(line), f) &&
|
||||
sscanf(line, "%*s %511s %511s", proto, data) == 2)
|
||||
got_data = 1;
|
||||
if (f)
|
||||
pclose(f);
|
||||
}
|
||||
|
||||
if (do_unlink) {
|
||||
unlink(xauthfile);
|
||||
rmdir(xauthdir);
|
||||
}
|
||||
if (xauthdir)
|
||||
xfree(xauthdir);
|
||||
if (xauthfile)
|
||||
xfree(xauthfile);
|
||||
|
||||
/*
|
||||
* If we didn't get authentication data, just make up some
|
||||
* data. The forwarding code will check the validity of the
|
||||
* response anyway, and substitute this data. The X11
|
||||
* server, however, will ignore this fake data and use
|
||||
* whatever authentication mechanisms it was using otherwise
|
||||
* for the local connection.
|
||||
*/
|
||||
if (!got_data) {
|
||||
u_int32_t rnd = 0;
|
||||
|
||||
logit("Warning: No xauth data; "
|
||||
"using fake authentication data for X11 forwarding.");
|
||||
strlcpy(proto, SSH_X11_PROTO, sizeof proto);
|
||||
for (i = 0; i < 16; i++) {
|
||||
if (i % 4 == 0)
|
||||
rnd = arc4random();
|
||||
snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
|
||||
rnd & 0xff);
|
||||
rnd >>= 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* This is called when the interactive is entered. This checks if there is
|
||||
* an EOF coming on stdin. We must check this explicitly, as select() does
|
||||
@ -528,6 +633,7 @@ static void
|
||||
client_extra_session2_setup(int id, void *arg)
|
||||
{
|
||||
struct confirm_ctx *cctx = arg;
|
||||
const char *display;
|
||||
Channel *c;
|
||||
int i;
|
||||
|
||||
@ -536,6 +642,24 @@ client_extra_session2_setup(int id, void *arg)
|
||||
if ((c = channel_lookup(id)) == NULL)
|
||||
fatal("%s: no channel for id %d", __func__, id);
|
||||
|
||||
display = getenv("DISPLAY");
|
||||
if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
|
||||
char *proto, *data;
|
||||
/* Get reasonable local authentication information. */
|
||||
client_x11_get_proto(display, options.xauth_location,
|
||||
options.forward_x11_trusted, &proto, &data);
|
||||
/* Request forwarding with authentication spoofing. */
|
||||
debug("Requesting X11 forwarding with authentication spoofing.");
|
||||
x11_request_forwarding_with_spoofing(id, display, proto, data);
|
||||
/* XXX wait for reply */
|
||||
}
|
||||
|
||||
if (cctx->want_agent_fwd && options.forward_agent) {
|
||||
debug("Requesting authentication agent forwarding.");
|
||||
channel_request_start(id, "auth-agent-req@openssh.com", 0);
|
||||
packet_send();
|
||||
}
|
||||
|
||||
client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
|
||||
cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
|
||||
client_subsystem_reply);
|
||||
@ -556,12 +680,12 @@ client_process_control(fd_set * readset)
|
||||
{
|
||||
Buffer m;
|
||||
Channel *c;
|
||||
int client_fd, new_fd[3], ver, i, allowed;
|
||||
int client_fd, new_fd[3], ver, allowed;
|
||||
socklen_t addrlen;
|
||||
struct sockaddr_storage addr;
|
||||
struct confirm_ctx *cctx;
|
||||
char *cmd;
|
||||
u_int len, env_len, command, flags;
|
||||
u_int i, len, env_len, command, flags;
|
||||
uid_t euid;
|
||||
gid_t egid;
|
||||
|
||||
@ -601,7 +725,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_free(&m);
|
||||
return;
|
||||
}
|
||||
if ((ver = buffer_get_char(&m)) != 1) {
|
||||
if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
|
||||
error("%s: wrong client version %d", __func__, ver);
|
||||
buffer_free(&m);
|
||||
close(client_fd);
|
||||
@ -616,13 +740,15 @@ client_process_control(fd_set * readset)
|
||||
|
||||
switch (command) {
|
||||
case SSHMUX_COMMAND_OPEN:
|
||||
if (options.control_master == 2)
|
||||
if (options.control_master == SSHCTL_MASTER_ASK ||
|
||||
options.control_master == SSHCTL_MASTER_AUTO_ASK)
|
||||
allowed = ask_permission("Allow shared connection "
|
||||
"to %s? ", host);
|
||||
/* continue below */
|
||||
break;
|
||||
case SSHMUX_COMMAND_TERMINATE:
|
||||
if (options.control_master == 2)
|
||||
if (options.control_master == SSHCTL_MASTER_ASK ||
|
||||
options.control_master == SSHCTL_MASTER_AUTO_ASK)
|
||||
allowed = ask_permission("Terminate shared connection "
|
||||
"to %s? ", host);
|
||||
if (allowed)
|
||||
@ -633,7 +759,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_clear(&m);
|
||||
buffer_put_int(&m, allowed);
|
||||
buffer_put_int(&m, getpid());
|
||||
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
|
||||
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
|
||||
error("%s: client msg_send failed", __func__);
|
||||
close(client_fd);
|
||||
buffer_free(&m);
|
||||
@ -653,7 +779,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_clear(&m);
|
||||
buffer_put_int(&m, allowed);
|
||||
buffer_put_int(&m, getpid());
|
||||
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
|
||||
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
|
||||
error("%s: client msg_send failed", __func__);
|
||||
close(client_fd);
|
||||
buffer_free(&m);
|
||||
@ -674,7 +800,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_free(&m);
|
||||
return;
|
||||
}
|
||||
if ((ver = buffer_get_char(&m)) != 1) {
|
||||
if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
|
||||
error("%s: wrong client version %d", __func__, ver);
|
||||
buffer_free(&m);
|
||||
close(client_fd);
|
||||
@ -685,6 +811,8 @@ client_process_control(fd_set * readset)
|
||||
memset(cctx, 0, sizeof(*cctx));
|
||||
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
|
||||
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
|
||||
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
|
||||
cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
|
||||
cctx->term = buffer_get_string(&m, &len);
|
||||
|
||||
cmd = buffer_get_string(&m, &len);
|
||||
@ -718,7 +846,7 @@ client_process_control(fd_set * readset)
|
||||
|
||||
/* This roundtrip is just for synchronisation of ttymodes */
|
||||
buffer_clear(&m);
|
||||
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
|
||||
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
|
||||
error("%s: client msg_send failed", __func__);
|
||||
close(client_fd);
|
||||
close(new_fd[0]);
|
||||
@ -866,7 +994,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
|
||||
u_char ch;
|
||||
char *s;
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
if (len <= 0)
|
||||
return (0);
|
||||
|
||||
for (i = 0; i < (u_int)len; i++) {
|
||||
/* Get one character at a time. */
|
||||
ch = buf[i];
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -37,10 +37,15 @@
|
||||
|
||||
/* Client side main loop for the interactive session. */
|
||||
int client_loop(int, int, int);
|
||||
void client_x11_get_proto(const char *, const char *, u_int,
|
||||
char **, char **);
|
||||
void client_global_request_reply_fwd(int, u_int32_t, void *);
|
||||
void client_session2_setup(int, int, int, const char *, struct termios *,
|
||||
int, Buffer *, char **, dispatch_fn *);
|
||||
|
||||
/* Multiplexing protocol version */
|
||||
#define SSHMUX_VER 1
|
||||
|
||||
/* Multiplexing control protocol flags */
|
||||
#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
|
||||
#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */
|
||||
@ -48,3 +53,5 @@ void client_session2_setup(int, int, int, const char *, struct termios *,
|
||||
|
||||
#define SSHMUX_FLAG_TTY (1) /* Request tty on open */
|
||||
#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */
|
||||
#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */
|
||||
#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */
|
||||
|
590
crypto/openssh/config.guess
vendored
590
crypto/openssh/config.guess
vendored
File diff suppressed because it is too large
Load Diff
136
crypto/openssh/config.sub
vendored
136
crypto/openssh/config.sub
vendored
@ -1,9 +1,9 @@
|
||||
#! /bin/sh
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2003-08-18'
|
||||
timestamp='2005-05-12'
|
||||
|
||||
# This file is (in principle) common to ALL GNU software.
|
||||
# The presence of a machine in this file suggests that SOME GNU software
|
||||
@ -21,14 +21,15 @@ timestamp='2003-08-18'
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
# Boston, MA 02111-1307, USA.
|
||||
|
||||
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
# 02110-1301, USA.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
|
||||
# Please send patches to <config-patches@gnu.org>. Submit a context
|
||||
# diff and a properly formatted ChangeLog entry.
|
||||
#
|
||||
@ -70,7 +71,7 @@ Report bugs and patches to <config-patches@gnu.org>."
|
||||
version="\
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
|
||||
Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
@ -83,11 +84,11 @@ Try \`$me --help' for more information."
|
||||
while test $# -gt 0 ; do
|
||||
case $1 in
|
||||
--time-stamp | --time* | -t )
|
||||
echo "$timestamp" ; exit 0 ;;
|
||||
echo "$timestamp" ; exit ;;
|
||||
--version | -v )
|
||||
echo "$version" ; exit 0 ;;
|
||||
echo "$version" ; exit ;;
|
||||
--help | --h* | -h )
|
||||
echo "$usage"; exit 0 ;;
|
||||
echo "$usage"; exit ;;
|
||||
-- ) # Stop option processing
|
||||
shift; break ;;
|
||||
- ) # Use stdin as input.
|
||||
@ -99,7 +100,7 @@ while test $# -gt 0 ; do
|
||||
*local*)
|
||||
# First pass through any local machine types.
|
||||
echo $1
|
||||
exit 0;;
|
||||
exit ;;
|
||||
|
||||
* )
|
||||
break ;;
|
||||
@ -118,7 +119,8 @@ esac
|
||||
# Here we must recognize all the valid KERNEL-OS combinations.
|
||||
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
|
||||
case $maybe_os in
|
||||
nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
|
||||
kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
os=-$maybe_os
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
|
||||
;;
|
||||
@ -144,7 +146,7 @@ case $os in
|
||||
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
|
||||
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
|
||||
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
|
||||
-apple | -axis)
|
||||
-apple | -axis | -knuth | -cray)
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
@ -230,13 +232,14 @@ case $basic_machine in
|
||||
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
|
||||
| am33_2.0 \
|
||||
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
|
||||
| bfin \
|
||||
| c4x | clipper \
|
||||
| d10v | d30v | dlx | dsp16xx \
|
||||
| fr30 | frv \
|
||||
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
|
||||
| i370 | i860 | i960 | ia64 \
|
||||
| ip2k | iq2000 \
|
||||
| m32r | m68000 | m68k | m88k | mcore \
|
||||
| m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
|
||||
| mips | mipsbe | mipseb | mipsel | mipsle \
|
||||
| mips16 \
|
||||
| mips64 | mips64el \
|
||||
@ -261,12 +264,13 @@ case $basic_machine in
|
||||
| pyramid \
|
||||
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
|
||||
| sh64 | sh64le \
|
||||
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
|
||||
| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
|
||||
| sparcv8 | sparcv9 | sparcv9b \
|
||||
| strongarm \
|
||||
| tahoe | thumb | tic4x | tic80 | tron \
|
||||
| v850 | v850e \
|
||||
| we32k \
|
||||
| x86 | xscale | xstormy16 | xtensa \
|
||||
| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
|
||||
| z8k)
|
||||
basic_machine=$basic_machine-unknown
|
||||
;;
|
||||
@ -297,9 +301,9 @@ case $basic_machine in
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
|
||||
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
|
||||
| avr-* \
|
||||
| bs2000-* \
|
||||
| bfin-* | bs2000-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
|
||||
| clipper-* | cydra-* \
|
||||
| clipper-* | craynv-* | cydra-* \
|
||||
| d10v-* | d30v-* | dlx-* \
|
||||
| elxsi-* \
|
||||
| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
|
||||
@ -307,9 +311,9 @@ case $basic_machine in
|
||||
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
|
||||
| i*86-* | i860-* | i960-* | ia64-* \
|
||||
| ip2k-* | iq2000-* \
|
||||
| m32r-* \
|
||||
| m32r-* | m32rle-* \
|
||||
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
|
||||
| m88110-* | m88k-* | mcore-* \
|
||||
| m88110-* | m88k-* | maxq-* | mcore-* \
|
||||
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
|
||||
| mips16-* \
|
||||
| mips64-* | mips64el-* \
|
||||
@ -325,8 +329,9 @@ case $basic_machine in
|
||||
| mipsisa64sb1-* | mipsisa64sb1el-* \
|
||||
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
|
||||
| mipstx39-* | mipstx39el-* \
|
||||
| mmix-* \
|
||||
| msp430-* \
|
||||
| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
|
||||
| none-* | np1-* | ns16k-* | ns32k-* \
|
||||
| orion-* \
|
||||
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
|
||||
@ -334,15 +339,16 @@ case $basic_machine in
|
||||
| romp-* | rs6000-* \
|
||||
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
|
||||
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
|
||||
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
|
||||
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
|
||||
| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
|
||||
| sparclite-* \
|
||||
| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
|
||||
| tahoe-* | thumb-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
|
||||
| tron-* \
|
||||
| v850-* | v850e-* | vax-* \
|
||||
| we32k-* \
|
||||
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
|
||||
| xtensa-* \
|
||||
| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
|
||||
| xstormy16-* | xtensa-* \
|
||||
| ymp-* \
|
||||
| z8k-*)
|
||||
;;
|
||||
@ -362,6 +368,9 @@ case $basic_machine in
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
;;
|
||||
abacus)
|
||||
basic_machine=abacus-unknown
|
||||
;;
|
||||
adobe68k)
|
||||
basic_machine=m68010-adobe
|
||||
os=-scout
|
||||
@ -379,6 +388,9 @@ case $basic_machine in
|
||||
amd64)
|
||||
basic_machine=x86_64-pc
|
||||
;;
|
||||
amd64-*)
|
||||
basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
amdahl)
|
||||
basic_machine=580-amdahl
|
||||
os=-sysv
|
||||
@ -438,12 +450,27 @@ case $basic_machine in
|
||||
basic_machine=j90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
craynv)
|
||||
basic_machine=craynv-cray
|
||||
os=-unicosmp
|
||||
;;
|
||||
cr16c)
|
||||
basic_machine=cr16c-unknown
|
||||
os=-elf
|
||||
;;
|
||||
crds | unos)
|
||||
basic_machine=m68k-crds
|
||||
;;
|
||||
crisv32 | crisv32-* | etraxfs*)
|
||||
basic_machine=crisv32-axis
|
||||
;;
|
||||
cris | cris-* | etrax*)
|
||||
basic_machine=cris-axis
|
||||
;;
|
||||
crx)
|
||||
basic_machine=crx-unknown
|
||||
os=-elf
|
||||
;;
|
||||
da30 | da30-*)
|
||||
basic_machine=m68k-da30
|
||||
;;
|
||||
@ -466,6 +493,10 @@ case $basic_machine in
|
||||
basic_machine=m88k-motorola
|
||||
os=-sysv3
|
||||
;;
|
||||
djgpp)
|
||||
basic_machine=i586-pc
|
||||
os=-msdosdjgpp
|
||||
;;
|
||||
dpx20 | dpx20-*)
|
||||
basic_machine=rs6000-bull
|
||||
os=-bosx
|
||||
@ -644,10 +675,6 @@ case $basic_machine in
|
||||
mips3*)
|
||||
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
|
||||
;;
|
||||
mmix*)
|
||||
basic_machine=mmix-knuth
|
||||
os=-mmixware
|
||||
;;
|
||||
monitor)
|
||||
basic_machine=m68k-rom68k
|
||||
os=-coff
|
||||
@ -728,10 +755,6 @@ case $basic_machine in
|
||||
np1)
|
||||
basic_machine=np1-gould
|
||||
;;
|
||||
nv1)
|
||||
basic_machine=nv1-cray
|
||||
os=-unicosmp
|
||||
;;
|
||||
nsr-tandem)
|
||||
basic_machine=nsr-tandem
|
||||
;;
|
||||
@ -743,6 +766,10 @@ case $basic_machine in
|
||||
basic_machine=or32-unknown
|
||||
os=-coff
|
||||
;;
|
||||
os400)
|
||||
basic_machine=powerpc-ibm
|
||||
os=-os400
|
||||
;;
|
||||
OSE68000 | ose68000)
|
||||
basic_machine=m68000-ericsson
|
||||
os=-ose
|
||||
@ -963,6 +990,10 @@ case $basic_machine in
|
||||
tower | tower-32)
|
||||
basic_machine=m68k-ncr
|
||||
;;
|
||||
tpf)
|
||||
basic_machine=s390x-ibm
|
||||
os=-tpf
|
||||
;;
|
||||
udi29k)
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
@ -1006,6 +1037,10 @@ case $basic_machine in
|
||||
basic_machine=hppa1.1-winbond
|
||||
os=-proelf
|
||||
;;
|
||||
xbox)
|
||||
basic_machine=i686-pc
|
||||
os=-mingw32
|
||||
;;
|
||||
xps | xps100)
|
||||
basic_machine=xps100-honeywell
|
||||
;;
|
||||
@ -1036,6 +1071,9 @@ case $basic_machine in
|
||||
romp)
|
||||
basic_machine=romp-ibm
|
||||
;;
|
||||
mmix)
|
||||
basic_machine=mmix-knuth
|
||||
;;
|
||||
rs6000)
|
||||
basic_machine=rs6000-ibm
|
||||
;;
|
||||
@ -1058,7 +1096,7 @@ case $basic_machine in
|
||||
sh64)
|
||||
basic_machine=sh64-unknown
|
||||
;;
|
||||
sparc | sparcv9 | sparcv9b)
|
||||
sparc | sparcv8 | sparcv9 | sparcv9b)
|
||||
basic_machine=sparc-sun
|
||||
;;
|
||||
cydra)
|
||||
@ -1131,19 +1169,20 @@ case $os in
|
||||
| -aos* \
|
||||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
|
||||
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
|
||||
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
||||
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
|
||||
| -chorusos* | -chorusrdb* \
|
||||
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
|
||||
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
||||
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
|
||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* | -skyos*)
|
||||
# Remember, each alternative MUST END IN *, to match a version number.
|
||||
;;
|
||||
-qnx*)
|
||||
@ -1182,6 +1221,9 @@ case $os in
|
||||
-opened*)
|
||||
os=-openedition
|
||||
;;
|
||||
-os400*)
|
||||
os=-os400
|
||||
;;
|
||||
-wince*)
|
||||
os=-wince
|
||||
;;
|
||||
@ -1203,6 +1245,9 @@ case $os in
|
||||
-atheos*)
|
||||
os=-atheos
|
||||
;;
|
||||
-syllable*)
|
||||
os=-syllable
|
||||
;;
|
||||
-386bsd)
|
||||
os=-bsd
|
||||
;;
|
||||
@ -1225,6 +1270,9 @@ case $os in
|
||||
-sinix*)
|
||||
os=-sysv4
|
||||
;;
|
||||
-tpf*)
|
||||
os=-tpf
|
||||
;;
|
||||
-triton*)
|
||||
os=-sysv3
|
||||
;;
|
||||
@ -1261,6 +1309,9 @@ case $os in
|
||||
-kaos*)
|
||||
os=-kaos
|
||||
;;
|
||||
-zvmoe)
|
||||
os=-zvmoe
|
||||
;;
|
||||
-none)
|
||||
;;
|
||||
*)
|
||||
@ -1341,6 +1392,9 @@ case $basic_machine in
|
||||
*-ibm)
|
||||
os=-aix
|
||||
;;
|
||||
*-knuth)
|
||||
os=-mmixware
|
||||
;;
|
||||
*-wec)
|
||||
os=-proelf
|
||||
;;
|
||||
@ -1473,9 +1527,15 @@ case $basic_machine in
|
||||
-mvs* | -opened*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-os400*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-ptx*)
|
||||
vendor=sequent
|
||||
;;
|
||||
-tpf*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-vxsim* | -vxworks* | -windiss*)
|
||||
vendor=wrs
|
||||
;;
|
||||
@ -1500,7 +1560,7 @@ case $basic_machine in
|
||||
esac
|
||||
|
||||
echo $basic_machine$os
|
||||
exit 0
|
||||
exit
|
||||
|
||||
# Local variables:
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: configure.ac,v 1.260 2005/04/24 07:52:23 dtucker Exp $
|
||||
# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
@ -14,7 +14,7 @@
|
||||
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
AC_INIT(OpenSSH, Portable)
|
||||
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
|
||||
AC_CONFIG_HEADER(config.h)
|
||||
@ -77,8 +77,94 @@ fi
|
||||
AC_SUBST(LD)
|
||||
|
||||
AC_C_INLINE
|
||||
|
||||
AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
|
||||
|
||||
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
||||
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
|
||||
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
|
||||
GCC_VER=`$CC --version`
|
||||
case $GCC_VER in
|
||||
1.*) ;;
|
||||
2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
|
||||
2.*) ;;
|
||||
*) CFLAGS="$CFLAGS -Wsign-compare" ;;
|
||||
esac
|
||||
|
||||
if test -z "$have_llong_max"; then
|
||||
# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
|
||||
unset ac_cv_have_decl_LLONG_MAX
|
||||
saved_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS -std=gnu99"
|
||||
AC_CHECK_DECL(LLONG_MAX,
|
||||
[have_llong_max=1],
|
||||
[CFLAGS="$saved_CFLAGS"],
|
||||
[#include <limits.h>]
|
||||
)
|
||||
fi
|
||||
fi
|
||||
|
||||
if test -z "$have_llong_max"; then
|
||||
AC_MSG_CHECKING([for max value of long long])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <stdio.h>
|
||||
/* Why is this so damn hard? */
|
||||
#ifdef __GNUC__
|
||||
# undef __GNUC__
|
||||
#endif
|
||||
#define __USE_ISOC99
|
||||
#include <limits.h>
|
||||
#define DATA "conftest.llminmax"
|
||||
int main(void) {
|
||||
FILE *f;
|
||||
long long i, llmin, llmax = 0;
|
||||
|
||||
if((f = fopen(DATA,"w")) == NULL)
|
||||
exit(1);
|
||||
|
||||
#if defined(LLONG_MIN) && defined(LLONG_MAX)
|
||||
fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
|
||||
llmin = LLONG_MIN;
|
||||
llmax = LLONG_MAX;
|
||||
#else
|
||||
fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
|
||||
/* This will work on one's complement and two's complement */
|
||||
for (i = 1; i > llmax; i <<= 1, i++)
|
||||
llmax = i;
|
||||
llmin = llmax + 1LL; /* wrap */
|
||||
#endif
|
||||
|
||||
/* Sanity check */
|
||||
if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
|
||||
|| llmax - 1 > llmax) {
|
||||
fprintf(f, "unknown unknown\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
|
||||
exit(3);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
]])],
|
||||
[
|
||||
llong_min=`$AWK '{print $1}' conftest.llminmax`
|
||||
llong_max=`$AWK '{print $2}' conftest.llminmax`
|
||||
AC_MSG_RESULT($llong_max)
|
||||
AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
|
||||
[max value of long long calculated by configure])
|
||||
AC_MSG_CHECKING([for min value of long long])
|
||||
AC_MSG_RESULT($llong_min)
|
||||
AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
|
||||
[min value of long long calculated by configure])
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT(not found)
|
||||
],
|
||||
[
|
||||
AC_MSG_WARN([cross compiling: not checking])
|
||||
]
|
||||
)
|
||||
fi
|
||||
|
||||
AC_ARG_WITH(rpath,
|
||||
@ -181,26 +267,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
AC_DEFINE(BROKEN_SETREGID)
|
||||
AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
|
||||
;;
|
||||
*-*-hpux10.26)
|
||||
if test -z "$GCC"; then
|
||||
CFLAGS="$CFLAGS -Ae"
|
||||
fi
|
||||
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
|
||||
IPADDR_IN_DISPLAY=yes
|
||||
AC_DEFINE(HAVE_SECUREWARE)
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(LOGIN_NO_ENDOPT)
|
||||
AC_DEFINE(LOGIN_NEEDS_UTMPX)
|
||||
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
|
||||
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
|
||||
LIBS="$LIBS -lsec -lsecpw"
|
||||
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
|
||||
disable_ptmx_check=yes
|
||||
;;
|
||||
*-*-hpux10*)
|
||||
if test -z "$GCC"; then
|
||||
CFLAGS="$CFLAGS -Ae"
|
||||
fi
|
||||
*-*-hpux*)
|
||||
# first we define all of the options common to all HP-UX releases
|
||||
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
|
||||
IPADDR_IN_DISPLAY=yes
|
||||
AC_DEFINE(USE_PIPES)
|
||||
@ -209,23 +277,33 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
|
||||
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
|
||||
LIBS="$LIBS -lsec"
|
||||
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
|
||||
;;
|
||||
*-*-hpux11*)
|
||||
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
|
||||
IPADDR_IN_DISPLAY=yes
|
||||
AC_DEFINE(PAM_SUN_CODEBASE)
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(LOGIN_NO_ENDOPT)
|
||||
AC_DEFINE(LOGIN_NEEDS_UTMPX)
|
||||
AC_DEFINE(DISABLE_UTMP)
|
||||
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
|
||||
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
|
||||
AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
|
||||
check_for_hpux_broken_getaddrinfo=1
|
||||
check_for_conflicting_getspnam=1
|
||||
LIBS="$LIBS -lsec"
|
||||
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
|
||||
AC_CHECK_LIB(xnet, t_error, ,
|
||||
AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
|
||||
|
||||
# next, we define all of the options specific to major releases
|
||||
case "$host" in
|
||||
*-*-hpux10*)
|
||||
if test -z "$GCC"; then
|
||||
CFLAGS="$CFLAGS -Ae"
|
||||
fi
|
||||
;;
|
||||
*-*-hpux11*)
|
||||
AC_DEFINE(PAM_SUN_CODEBASE)
|
||||
AC_DEFINE(DISABLE_UTMP)
|
||||
AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
|
||||
check_for_hpux_broken_getaddrinfo=1
|
||||
check_for_conflicting_getspnam=1
|
||||
;;
|
||||
esac
|
||||
|
||||
# lastly, we define options specific to minor releases
|
||||
case "$host" in
|
||||
*-*-hpux10.26)
|
||||
AC_DEFINE(HAVE_SECUREWARE)
|
||||
disable_ptmx_check=yes
|
||||
LIBS="$LIBS -lsecpw"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*-*-irix5*)
|
||||
PATH="$PATH:/usr/etc"
|
||||
@ -269,7 +347,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
esac
|
||||
;;
|
||||
mips-sony-bsd|mips-sony-newsos4)
|
||||
AC_DEFINE(HAVE_NEWS4)
|
||||
AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
|
||||
SONY=1
|
||||
;;
|
||||
*-*-netbsd*)
|
||||
@ -296,6 +374,9 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(BROKEN_SAVED_UIDS)
|
||||
;;
|
||||
*-*-openbsd*)
|
||||
AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
|
||||
;;
|
||||
*-*-solaris*)
|
||||
if test "x$withval" != "xno" ; then
|
||||
need_dash_r=1
|
||||
@ -365,11 +446,19 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
;;
|
||||
# UnixWare 7.x, OpenUNIX 8
|
||||
*-*-sysv5*)
|
||||
check_for_libcrypt_later=1
|
||||
AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(SETEUID_BREAKS_SETUID)
|
||||
AC_DEFINE(BROKEN_SETREUID)
|
||||
AC_DEFINE(BROKEN_SETREGID)
|
||||
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
|
||||
case "$host" in
|
||||
*-*-sysv5SCO_SV*) # SCO OpenServer 6.x
|
||||
TEST_SHELL=/u95/bin/sh
|
||||
AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet])
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*-*-sysv*)
|
||||
;;
|
||||
@ -468,6 +557,19 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
AC_DEFINE(MISSING_HOWMANY)
|
||||
AC_DEFINE(MISSING_FD_MASK)
|
||||
;;
|
||||
|
||||
*-*-ultrix*)
|
||||
AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
|
||||
AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
|
||||
AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
|
||||
AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
|
||||
;;
|
||||
|
||||
*-*-lynxos)
|
||||
CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
|
||||
AC_DEFINE(MISSING_HOWMANY)
|
||||
AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
|
||||
;;
|
||||
esac
|
||||
|
||||
# Allow user to specify flags
|
||||
@ -507,6 +609,17 @@ AC_ARG_WITH(libs,
|
||||
fi
|
||||
]
|
||||
)
|
||||
AC_ARG_WITH(Werror,
|
||||
[ --with-Werror Build main code with -Werror],
|
||||
[
|
||||
if test -n "$withval" && test "x$withval" != "xno"; then
|
||||
werror_flags="-Werror"
|
||||
if "x${withval}" != "xyes"; then
|
||||
werror_flags="$withval"
|
||||
fi
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
AC_MSG_CHECKING(compiler and flags for sanity)
|
||||
AC_RUN_IFELSE(
|
||||
@ -522,17 +635,67 @@ int main(){exit(0);}
|
||||
[ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
|
||||
)
|
||||
|
||||
# Checks for header files.
|
||||
AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
|
||||
floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
|
||||
login_cap.h maillock.h ndir.h netdb.h netgroup.h \
|
||||
netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
|
||||
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
|
||||
strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
|
||||
sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
|
||||
sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
|
||||
sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
|
||||
time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
|
||||
dnl Checks for header files.
|
||||
AC_CHECK_HEADERS( \
|
||||
bstring.h \
|
||||
crypt.h \
|
||||
dirent.h \
|
||||
endian.h \
|
||||
features.h \
|
||||
floatingpoint.h \
|
||||
getopt.h \
|
||||
glob.h \
|
||||
ia.h \
|
||||
iaf.h \
|
||||
lastlog.h \
|
||||
limits.h \
|
||||
login.h \
|
||||
login_cap.h \
|
||||
maillock.h \
|
||||
ndir.h \
|
||||
netdb.h \
|
||||
netgroup.h \
|
||||
netinet/in_systm.h \
|
||||
pam/pam_appl.h \
|
||||
paths.h \
|
||||
pty.h \
|
||||
readpassphrase.h \
|
||||
rpc/types.h \
|
||||
security/pam_appl.h \
|
||||
shadow.h \
|
||||
stddef.h \
|
||||
stdint.h \
|
||||
string.h \
|
||||
strings.h \
|
||||
sys/audit.h \
|
||||
sys/bitypes.h \
|
||||
sys/bsdtty.h \
|
||||
sys/cdefs.h \
|
||||
sys/dir.h \
|
||||
sys/mman.h \
|
||||
sys/ndir.h \
|
||||
sys/prctl.h \
|
||||
sys/pstat.h \
|
||||
sys/select.h \
|
||||
sys/stat.h \
|
||||
sys/stream.h \
|
||||
sys/stropts.h \
|
||||
sys/strtio.h \
|
||||
sys/sysmacros.h \
|
||||
sys/time.h \
|
||||
sys/timers.h \
|
||||
sys/un.h \
|
||||
time.h \
|
||||
tmpdir.h \
|
||||
ttyent.h \
|
||||
unistd.h \
|
||||
usersec.h \
|
||||
util.h \
|
||||
utime.h \
|
||||
utmp.h \
|
||||
utmpx.h \
|
||||
vis.h \
|
||||
)
|
||||
|
||||
# sys/ptms.h requires sys/stream.h to be included first on Solaris
|
||||
AC_CHECK_HEADERS(sys/ptms.h, [], [], [
|
||||
@ -660,8 +823,8 @@ int main()
|
||||
if (a == 1 && b == 1 && c >= 4)
|
||||
exit(0);
|
||||
|
||||
/* 1.2.1.2 and up are OK */
|
||||
if (v >= 1020102)
|
||||
/* 1.2.3 and up are OK */
|
||||
if (v >= 1020300)
|
||||
exit(0);
|
||||
|
||||
exit(2);
|
||||
@ -675,7 +838,7 @@ Your reported zlib version has known security problems. It's possible your
|
||||
vendor has fixed these problems without changing the version number. If you
|
||||
are sure this is the case, you can disable the check by running
|
||||
"./configure --without-zlib-version-check".
|
||||
If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
|
||||
If you are in doubt, upgrade zlib to version 1.2.3 or greater.
|
||||
See http://www.gzip.org/zlib/ for details.])
|
||||
else
|
||||
AC_MSG_WARN([zlib version may have security problems])
|
||||
@ -876,6 +1039,21 @@ AC_ARG_WITH(libedit,
|
||||
[ AC_MSG_ERROR(libedit not found) ],
|
||||
[ -lcurses ]
|
||||
)
|
||||
AC_MSG_CHECKING(if libedit version is compatible)
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <histedit.h>
|
||||
int main(void)
|
||||
{
|
||||
int i = H_SETSIZE;
|
||||
el_init("", NULL, NULL, NULL);
|
||||
exit(0);
|
||||
}
|
||||
]])],
|
||||
[ AC_MSG_RESULT(yes) ],
|
||||
[ AC_MSG_RESULT(no)
|
||||
AC_MSG_ERROR(libedit version is not compatible) ]
|
||||
)
|
||||
fi ]
|
||||
)
|
||||
|
||||
@ -904,6 +1082,9 @@ AC_ARG_WITH(audit,
|
||||
AC_MSG_RESULT(debug)
|
||||
AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
|
||||
;;
|
||||
no)
|
||||
AC_MSG_RESULT(no)
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([Unknown audit module $withval])
|
||||
;;
|
||||
@ -911,19 +1092,87 @@ AC_ARG_WITH(audit,
|
||||
)
|
||||
|
||||
dnl Checks for library functions. Please keep in alphabetical order
|
||||
AC_CHECK_FUNCS(\
|
||||
arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
|
||||
bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
|
||||
freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
|
||||
getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
|
||||
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
|
||||
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
|
||||
pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
|
||||
setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
|
||||
setproctitle setregid setreuid setrlimit \
|
||||
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
|
||||
strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
|
||||
truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
|
||||
AC_CHECK_FUNCS( \
|
||||
arc4random \
|
||||
b64_ntop \
|
||||
__b64_ntop \
|
||||
b64_pton \
|
||||
__b64_pton \
|
||||
bcopy \
|
||||
bindresvport_sa \
|
||||
clock \
|
||||
closefrom \
|
||||
dirfd \
|
||||
fchmod \
|
||||
fchown \
|
||||
freeaddrinfo \
|
||||
futimes \
|
||||
getaddrinfo \
|
||||
getcwd \
|
||||
getgrouplist \
|
||||
getnameinfo \
|
||||
getopt \
|
||||
getpeereid \
|
||||
_getpty \
|
||||
getrlimit \
|
||||
getttyent \
|
||||
glob \
|
||||
inet_aton \
|
||||
inet_ntoa \
|
||||
inet_ntop \
|
||||
innetgr \
|
||||
login_getcapbool \
|
||||
md5_crypt \
|
||||
memmove \
|
||||
mkdtemp \
|
||||
mmap \
|
||||
ngetaddrinfo \
|
||||
nsleep \
|
||||
ogetaddrinfo \
|
||||
openlog_r \
|
||||
openpty \
|
||||
prctl \
|
||||
pstat \
|
||||
readpassphrase \
|
||||
realpath \
|
||||
recvmsg \
|
||||
rresvport_af \
|
||||
sendmsg \
|
||||
setdtablesize \
|
||||
setegid \
|
||||
setenv \
|
||||
seteuid \
|
||||
setgroups \
|
||||
setlogin \
|
||||
setpcred \
|
||||
setproctitle \
|
||||
setregid \
|
||||
setreuid \
|
||||
setrlimit \
|
||||
setsid \
|
||||
setvbuf \
|
||||
sigaction \
|
||||
sigvec \
|
||||
snprintf \
|
||||
socketpair \
|
||||
strdup \
|
||||
strerror \
|
||||
strlcat \
|
||||
strlcpy \
|
||||
strmode \
|
||||
strnvis \
|
||||
strtonum \
|
||||
strtoll \
|
||||
strtoul \
|
||||
sysconf \
|
||||
tcgetpgrp \
|
||||
truncate \
|
||||
unsetenv \
|
||||
updwtmpx \
|
||||
utimes \
|
||||
vhangup \
|
||||
vsnprintf \
|
||||
waitpid \
|
||||
)
|
||||
|
||||
# IRIX has a const char return value for gai_strerror()
|
||||
@ -944,8 +1193,15 @@ str = gai_strerror(0);],[
|
||||
AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
|
||||
|
||||
dnl Make sure prototypes are defined for these before using them.
|
||||
AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
|
||||
AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
|
||||
AC_CHECK_DECL(strsep,
|
||||
[AC_CHECK_FUNCS(strsep)],
|
||||
[],
|
||||
[
|
||||
#ifdef HAVE_STRING_H
|
||||
# include <string.h>
|
||||
#endif
|
||||
])
|
||||
|
||||
dnl tcsendbreak might be a macro
|
||||
AC_CHECK_DECL(tcsendbreak,
|
||||
@ -1469,6 +1725,7 @@ if test "x$check_for_libcrypt_later" = "x1"; then
|
||||
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
|
||||
fi
|
||||
|
||||
AC_CHECK_LIB(iaf, ia_openinfo)
|
||||
|
||||
### Configure cryptographic random number support
|
||||
|
||||
@ -2402,6 +2659,9 @@ int main()
|
||||
AC_MSG_RESULT(no)])
|
||||
])
|
||||
AC_CHECK_FUNCS(_getshort _getlong)
|
||||
AC_CHECK_DECLS([_getshort, _getlong], , ,
|
||||
[#include <sys/types.h>
|
||||
#include <arpa/nameser.h>])
|
||||
AC_CHECK_MEMBER(HEADER.ad,
|
||||
[AC_DEFINE(HAVE_HEADER_AD)],,
|
||||
[#include <arpa/nameser.h>])
|
||||
@ -2505,7 +2765,6 @@ AC_ARG_WITH(kerberos5,
|
||||
|
||||
LIBS="$LIBS $K5LIBS"
|
||||
AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
|
||||
AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
|
||||
]
|
||||
)
|
||||
|
||||
@ -3144,6 +3403,10 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
|
||||
LIBS=`echo $LIBS | sed 's/-ldl //'`
|
||||
fi
|
||||
|
||||
dnl Adding -Werror to CFLAGS early prevents configure tests from running.
|
||||
dnl Add now.
|
||||
CFLAGS="$CFLAGS $werror_flags"
|
||||
|
||||
AC_EXEEXT
|
||||
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
|
||||
scard/Makefile ssh_prng_cmds survey.sh])
|
||||
|
@ -25,7 +25,7 @@
|
||||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */
|
||||
/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */
|
||||
|
||||
|
||||
/* Constants */
|
||||
@ -54,10 +54,24 @@ enum
|
||||
# ifdef PATH_MAX
|
||||
# define MAXPATHLEN PATH_MAX
|
||||
# else /* PATH_MAX */
|
||||
# define MAXPATHLEN 64 /* Should be safe */
|
||||
# define MAXPATHLEN 64
|
||||
/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */
|
||||
# ifndef BROKEN_REALPATH
|
||||
# define BROKEN_REALPATH 1
|
||||
# endif /* BROKEN_REALPATH */
|
||||
# endif /* PATH_MAX */
|
||||
#endif /* MAXPATHLEN */
|
||||
|
||||
#ifndef PATH_MAX
|
||||
# ifdef _POSIX_PATH_MAX
|
||||
# define PATH_MAX _POSIX_PATH_MAX
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef MAXSYMLINKS
|
||||
# define MAXSYMLINKS 5
|
||||
#endif
|
||||
|
||||
#ifndef STDIN_FILENO
|
||||
# define STDIN_FILENO 0
|
||||
#endif
|
||||
@ -432,6 +446,10 @@ struct winsize {
|
||||
# define __dead __attribute__((noreturn))
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
|
||||
# define __sentinel__
|
||||
#endif
|
||||
|
||||
/* *-*-nto-qnx doesn't define this macro in the system headers */
|
||||
#ifdef MISSING_HOWMANY
|
||||
# define howmany(x,y) (((x)+((y)-1))/(y))
|
||||
@ -567,6 +585,23 @@ struct winsize {
|
||||
# define SSH_SYSFDMAX 10000
|
||||
#endif
|
||||
|
||||
#if defined(__Lynx__)
|
||||
/*
|
||||
* LynxOS defines these in param.h which we do not want to include since
|
||||
* it will also pull in a bunch of kernel definitions.
|
||||
*/
|
||||
# define ALIGNBYTES (sizeof(int) - 1)
|
||||
# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES)
|
||||
/* Missing prototypes on LynxOS */
|
||||
int snprintf (char *, size_t, const char *, ...);
|
||||
int mkstemp (char *);
|
||||
char *crypt (const char *, const char *);
|
||||
int seteuid (uid_t);
|
||||
int setegid (gid_t);
|
||||
char *mkdtemp (char *);
|
||||
int rresvport_af (int *, sa_family_t);
|
||||
int innetgr (const char *, const char *, const char *, const char *);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Define this to use pipes instead of socketpairs for communicating with the
|
||||
@ -653,6 +688,10 @@ struct winsize {
|
||||
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||
#endif
|
||||
|
||||
/* HP-UX 11.11 */
|
||||
#ifdef BTMP_FILE
|
||||
# define _PATH_BTMP BTMP_FILE
|
||||
@ -664,4 +703,12 @@ struct winsize {
|
||||
|
||||
/** end of login recorder definitions */
|
||||
|
||||
#ifdef BROKEN_GETGROUPS
|
||||
# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b)))
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_MMAP) && defined(BROKEN_MMAP)
|
||||
# undef HAVE_MMAP
|
||||
#endif
|
||||
|
||||
#endif /* _DEFINES_H */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -43,7 +43,7 @@
|
||||
#include "uuencode.h"
|
||||
|
||||
extern char *__progname;
|
||||
RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $");
|
||||
RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#ifndef LWRES
|
||||
static const char *errset_text[] = {
|
||||
@ -142,6 +142,26 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
|
||||
return success;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if hostname is numerical.
|
||||
* Returns -1 if hostname is numeric, 0 otherwise
|
||||
*/
|
||||
static int
|
||||
is_numeric_hostname(const char *hostname)
|
||||
{
|
||||
struct addrinfo hints, *ai;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_socktype = SOCK_DGRAM;
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
|
||||
freeaddrinfo(ai);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify the given hostname, address and host key using DNS.
|
||||
@ -151,7 +171,7 @@ int
|
||||
verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||
const Key *hostkey, int *flags)
|
||||
{
|
||||
int counter;
|
||||
u_int counter;
|
||||
int result;
|
||||
struct rrsetinfo *fingerprints = NULL;
|
||||
|
||||
@ -171,6 +191,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||
if (hostkey == NULL)
|
||||
fatal("No key to look up!");
|
||||
|
||||
if (is_numeric_hostname(hostname)) {
|
||||
debug("skipped DNS lookup for numerical hostname");
|
||||
return -1;
|
||||
}
|
||||
|
||||
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
|
||||
DNS_RDATATYPE_SSHFP, 0, &fingerprints);
|
||||
if (result) {
|
||||
@ -249,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
|
||||
u_char *rdata_digest;
|
||||
u_int rdata_digest_len;
|
||||
|
||||
int i;
|
||||
u_int i;
|
||||
int success = 0;
|
||||
|
||||
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
|
||||
|
@ -45,7 +45,7 @@
|
||||
* XXX: we should tell the child how many bytes we need.
|
||||
*/
|
||||
|
||||
RCSID("$Id: entropy.c,v 1.48 2003/11/21 12:56:47 djm Exp $");
|
||||
RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $");
|
||||
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
#define RANDOM_SEED_SIZE 48
|
||||
@ -114,8 +114,8 @@ seed_rng(void)
|
||||
close(p[0]);
|
||||
|
||||
if (waitpid(pid, &ret, 0) == -1)
|
||||
fatal("Couldn't wait for ssh-rand-helper completion: %s",
|
||||
strerror(errno));
|
||||
fatal("Couldn't wait for ssh-rand-helper completion: %s",
|
||||
strerror(errno));
|
||||
signal(SIGCHLD, old_sigchld);
|
||||
|
||||
/* We don't mind if the child exits upon a SIGPIPE */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -78,8 +78,8 @@ ssh_gssapi_error(Gssctxt *ctxt)
|
||||
}
|
||||
|
||||
char *
|
||||
ssh_gssapi_last_error(Gssctxt *ctxt,
|
||||
OM_uint32 *major_status, OM_uint32 *minor_status)
|
||||
ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
||||
OM_uint32 *minor_status)
|
||||
{
|
||||
OM_uint32 lmin;
|
||||
gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
|
||||
|
@ -65,9 +65,6 @@ ssh_gssapi_krb5_init(void)
|
||||
logit("Cannot initialize krb5 context");
|
||||
return 0;
|
||||
}
|
||||
#ifdef KRB5_INIT_ETS
|
||||
krb5_init_ets(krb_context);
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -131,34 +128,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
|
||||
return;
|
||||
}
|
||||
#else
|
||||
{
|
||||
int tmpfd;
|
||||
char ccname[40];
|
||||
mode_t old_umask;
|
||||
|
||||
snprintf(ccname, sizeof(ccname),
|
||||
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
|
||||
|
||||
old_umask = umask(0177);
|
||||
tmpfd = mkstemp(ccname + strlen("FILE:"));
|
||||
umask(old_umask);
|
||||
if (tmpfd == -1) {
|
||||
logit("mkstemp(): %.100s", strerror(errno));
|
||||
problem = errno;
|
||||
return;
|
||||
}
|
||||
if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
|
||||
logit("fchmod(): %.100s", strerror(errno));
|
||||
close(tmpfd);
|
||||
problem = errno;
|
||||
return;
|
||||
}
|
||||
close(tmpfd);
|
||||
if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
|
||||
logit("krb5_cc_resolve(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
return;
|
||||
}
|
||||
if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
|
||||
logit("ssh_krb5_cc_gen(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
return;
|
||||
}
|
||||
#endif /* #ifdef HEIMDAL */
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
|
||||
static OM_uint32
|
||||
ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
||||
{
|
||||
char *tok;
|
||||
u_char *tok;
|
||||
OM_uint32 offset;
|
||||
OM_uint32 oidl;
|
||||
|
||||
@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
||||
*/
|
||||
if (tok[4] != 0x06 || tok[5] != oidl ||
|
||||
ename->length < oidl+6 ||
|
||||
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
|
||||
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
offset = oidl+6;
|
||||
@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
|
||||
debug("Setting %s to %s", gssapi_client.store.envvar,
|
||||
gssapi_client.store.envval);
|
||||
child_set_env(envp, envsizep, gssapi_client.store.envvar,
|
||||
gssapi_client.store.envval);
|
||||
gssapi_client.store.envval);
|
||||
}
|
||||
}
|
||||
|
||||
@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
|
||||
int
|
||||
ssh_gssapi_userok(char *user)
|
||||
{
|
||||
OM_uint32 lmin;
|
||||
|
||||
if (gssapi_client.exportedname.length == 0 ||
|
||||
gssapi_client.exportedname.value == NULL) {
|
||||
debug("No suitable client data");
|
||||
return 0;
|
||||
}
|
||||
if (gssapi_client.mech && gssapi_client.mech->userok)
|
||||
return ((*gssapi_client.mech->userok)(&gssapi_client, user));
|
||||
if ((*gssapi_client.mech->userok)(&gssapi_client, user))
|
||||
return 1;
|
||||
else {
|
||||
/* Destroy delegated credentials if userok fails */
|
||||
gss_release_buffer(&lmin, &gssapi_client.displayname);
|
||||
gss_release_buffer(&lmin, &gssapi_client.exportedname);
|
||||
gss_release_cred(&lmin, &gssapi_client.creds);
|
||||
memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
debug("ssh_gssapi_userok: Unknown GSSAPI mechanism");
|
||||
return (0);
|
||||
|
@ -36,7 +36,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: hostfile.c,v 1.35 2005/07/27 10:39:03 dtucker Exp $");
|
||||
|
||||
#include <resolv.h>
|
||||
#include <openssl/hmac.h>
|
||||
@ -315,7 +315,7 @@ add_host_to_hostfile(const char *filename, const char *host, const Key *key,
|
||||
{
|
||||
FILE *f;
|
||||
int success = 0;
|
||||
char *hashed_host;
|
||||
char *hashed_host = NULL;
|
||||
|
||||
if (key == NULL)
|
||||
return 1; /* XXX ? */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: includes.h,v 1.18 2004/06/13 15:03:02 djm Exp $ */
|
||||
/* $OpenBSD: includes.h,v 1.19 2005/05/19 02:42:26 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -17,10 +17,11 @@
|
||||
#define INCLUDES_H
|
||||
|
||||
#define RCSID(msg) \
|
||||
static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
|
||||
static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
@ -168,6 +169,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
|
||||
# include <ia.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_IAF_H
|
||||
# include <iaf.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_TMPDIR_H
|
||||
# include <tmpdir.h>
|
||||
#endif
|
||||
@ -181,6 +186,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
|
||||
# include <kafs.h>
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SYS_SYSLOG_H)
|
||||
# include <sys/syslog.h>
|
||||
#endif
|
||||
|
||||
/*
|
||||
* On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations
|
||||
* of getspnam when _INCLUDE__STDC__ is defined, so we unset it here.
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
|
||||
RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *);
|
||||
static void
|
||||
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
buffer_clear(b);
|
||||
/*
|
||||
@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
|
||||
static void
|
||||
kex_prop_free(char **proposal)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < PROPOSAL_MAX; i++)
|
||||
xfree(proposal[i]);
|
||||
@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex)
|
||||
{
|
||||
u_int32_t rnd = 0;
|
||||
u_char *cookie;
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
if (kex == NULL) {
|
||||
error("kex_send_kexinit: no kex, cannot rekey");
|
||||
@ -183,8 +183,7 @@ void
|
||||
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
char *ptr;
|
||||
int dlen;
|
||||
int i;
|
||||
u_int i, dlen;
|
||||
Kex *kex = (Kex *)ctxt;
|
||||
|
||||
debug("SSH2_MSG_KEXINIT received");
|
||||
@ -276,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server)
|
||||
char *name = match_list(client, server, NULL);
|
||||
if (name == NULL)
|
||||
fatal("no matching comp found: client %s server %s", client, server);
|
||||
if (strcmp(name, "zlib") == 0) {
|
||||
comp->type = 1;
|
||||
if (strcmp(name, "zlib@openssh.com") == 0) {
|
||||
comp->type = COMP_DELAYED;
|
||||
} else if (strcmp(name, "zlib") == 0) {
|
||||
comp->type = COMP_ZLIB;
|
||||
} else if (strcmp(name, "none") == 0) {
|
||||
comp->type = 0;
|
||||
comp->type = COMP_NONE;
|
||||
} else {
|
||||
fatal("unsupported comp %s", name);
|
||||
}
|
||||
@ -343,9 +344,7 @@ kex_choose_conf(Kex *kex)
|
||||
char **my, **peer;
|
||||
char **cprop, **sprop;
|
||||
int nenc, nmac, ncomp;
|
||||
int mode;
|
||||
int ctos; /* direction: if true client-to-server */
|
||||
int need;
|
||||
u_int mode, ctos, need;
|
||||
int first_kex_follows, type;
|
||||
|
||||
my = kex_buf2prop(&kex->my, NULL);
|
||||
@ -395,7 +394,7 @@ kex_choose_conf(Kex *kex)
|
||||
|
||||
/* ignore the next message if the proposals do not match */
|
||||
if (first_kex_follows && !proposals_match(my, peer) &&
|
||||
!(datafellows & SSH_BUG_FIRSTKEX)) {
|
||||
!(datafellows & SSH_BUG_FIRSTKEX)) {
|
||||
type = packet_read();
|
||||
debug2("skipping next packet (type %u)", type);
|
||||
}
|
||||
@ -405,15 +404,19 @@ kex_choose_conf(Kex *kex)
|
||||
}
|
||||
|
||||
static u_char *
|
||||
derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
|
||||
derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
|
||||
{
|
||||
Buffer b;
|
||||
const EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
char c = id;
|
||||
int have;
|
||||
u_int have;
|
||||
int mdsz = EVP_MD_size(evp_md);
|
||||
u_char *digest = xmalloc(roundup(need, mdsz));
|
||||
u_char *digest;
|
||||
|
||||
if (mdsz < 0)
|
||||
fatal("derive_key: mdsz < 0");
|
||||
digest = xmalloc(roundup(need, mdsz));
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_put_bignum2(&b, shared_secret);
|
||||
@ -455,7 +458,7 @@ void
|
||||
kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
|
||||
{
|
||||
u_char *keys[NKEYS];
|
||||
int i, mode, ctos;
|
||||
u_int i, mode, ctos;
|
||||
|
||||
for (i = 0; i < NKEYS; i++)
|
||||
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
|
||||
@ -493,13 +496,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
|
||||
len = BN_num_bytes(host_modulus);
|
||||
if (len < (512 / 8) || len > sizeof(nbuf))
|
||||
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
|
||||
fatal("%s: bad host modulus (len %d)", __func__, len);
|
||||
BN_bn2bin(host_modulus, nbuf);
|
||||
EVP_DigestUpdate(&md, nbuf, len);
|
||||
|
||||
len = BN_num_bytes(server_modulus);
|
||||
if (len < (512 / 8) || len > sizeof(nbuf))
|
||||
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
|
||||
fatal("%s: bad server modulus (len %d)", __func__, len);
|
||||
BN_bn2bin(server_modulus, nbuf);
|
||||
EVP_DigestUpdate(&md, nbuf, len);
|
||||
@ -518,7 +521,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
|
||||
void
|
||||
dump_digest(char *msg, u_char *digest, int len)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
fprintf(stderr, "%s\n", msg);
|
||||
for (i = 0; i< len; i++) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -35,6 +35,10 @@
|
||||
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
||||
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
|
||||
|
||||
#define COMP_NONE 0
|
||||
#define COMP_ZLIB 1
|
||||
#define COMP_DELAYED 2
|
||||
|
||||
enum kex_init_proposals {
|
||||
PROPOSAL_KEX_ALGS,
|
||||
PROPOSAL_SERVER_HOST_KEY_ALGS,
|
||||
@ -83,9 +87,9 @@ struct Mac {
|
||||
char *name;
|
||||
int enabled;
|
||||
const EVP_MD *md;
|
||||
int mac_len;
|
||||
u_int mac_len;
|
||||
u_char *key;
|
||||
int key_len;
|
||||
u_int key_len;
|
||||
};
|
||||
struct Comp {
|
||||
int type;
|
||||
@ -101,7 +105,7 @@ struct Kex {
|
||||
u_char *session_id;
|
||||
u_int session_id_len;
|
||||
Newkeys *newkeys[MODE_MAX];
|
||||
int we_need;
|
||||
u_int we_need;
|
||||
int server;
|
||||
char *name;
|
||||
int hostkey_type;
|
||||
|
@ -32,7 +32,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $");
|
||||
RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -231,7 +231,7 @@ static char *
|
||||
key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
|
||||
{
|
||||
char *retval;
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
retval = xmalloc(dgst_raw_len * 3 + 1);
|
||||
retval[0] = '\0';
|
||||
|
@ -165,7 +165,7 @@
|
||||
# include <libutil.h>
|
||||
#endif
|
||||
|
||||
RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $");
|
||||
RCSID("$Id: loginrec.c,v 1.70 2005/07/17 07:26:44 djm Exp $");
|
||||
|
||||
/**
|
||||
** prototypes for helper functions in this file
|
||||
@ -362,7 +362,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username,
|
||||
strlcpy(li->username, username, sizeof(li->username));
|
||||
pw = getpwnam(li->username);
|
||||
if (pw == NULL) {
|
||||
fatal("%s: Cannot find user \"%s\"", __func__,
|
||||
fatal("%s: Cannot find user \"%s\"", __func__,
|
||||
li->username);
|
||||
}
|
||||
li->uid = pw->pw_uid;
|
||||
@ -374,7 +374,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username,
|
||||
return (1);
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
* login_set_current_time(struct logininfo *) - set the current time
|
||||
*
|
||||
* Set the current time in a logininfo structure. This function is
|
||||
@ -443,8 +443,9 @@ login_write(struct logininfo *li)
|
||||
wtmpx_write_entry(li);
|
||||
#endif
|
||||
#ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
|
||||
if (li->type == LTYPE_LOGIN &&
|
||||
!sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg))
|
||||
if (li->type == LTYPE_LOGIN &&
|
||||
!sys_auth_record_login(li->username,li->hostname,li->line,
|
||||
&loginmsg))
|
||||
logit("Writing login record failed for %s", li->username);
|
||||
#endif
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
@ -534,7 +535,7 @@ getlast_entry(struct logininfo *li)
|
||||
* sure dst has enough space, if not just copy src (ugh)
|
||||
*/
|
||||
char *
|
||||
line_fullname(char *dst, const char *src, int dstsize)
|
||||
line_fullname(char *dst, const char *src, u_int dstsize)
|
||||
{
|
||||
memset(dst, '\0', dstsize);
|
||||
if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5)))
|
||||
@ -558,7 +559,7 @@ line_stripname(char *dst, const char *src, int dstsize)
|
||||
return (dst);
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
* line_abbrevname(): Return the abbreviated (usually four-character)
|
||||
* form of the line (Just use the last <dstsize> characters of the
|
||||
* full name.)
|
||||
@ -808,7 +809,7 @@ utmp_write_library(struct logininfo *li, struct utmp *ut)
|
||||
}
|
||||
# else /* UTMP_USE_LIBRARY */
|
||||
|
||||
/*
|
||||
/*
|
||||
* Write a utmp entry direct to the file
|
||||
* This is a slightly modification of code in OpenBSD's login.c
|
||||
*/
|
||||
@ -852,7 +853,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
|
||||
return (0);
|
||||
}
|
||||
if (ret != pos) {
|
||||
logit("%s: Couldn't seek to tty %d slot in %s",
|
||||
logit("%s: Couldn't seek to tty %d slot in %s",
|
||||
__func__, tty, UTMP_FILE);
|
||||
return (0);
|
||||
}
|
||||
@ -1052,7 +1053,7 @@ utmpx_write_entry(struct logininfo *li)
|
||||
|
||||
#ifdef USE_WTMP
|
||||
|
||||
/*
|
||||
/*
|
||||
* Write a wtmp entry direct to the end of the file
|
||||
* This is a slight modification of code in OpenBSD's logwtmp.c
|
||||
*/
|
||||
@ -1113,7 +1114,7 @@ wtmp_write_entry(struct logininfo *li)
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
/*
|
||||
* Notes on fetching login data from wtmp/wtmpx
|
||||
*
|
||||
* Logouts are usually recorded with (amongst other things) a blank
|
||||
@ -1157,12 +1158,12 @@ wtmp_get_entry(struct logininfo *li)
|
||||
li->tv_sec = li->tv_usec = 0;
|
||||
|
||||
if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
|
||||
logit("%s: problem opening %s: %s", __func__,
|
||||
logit("%s: problem opening %s: %s", __func__,
|
||||
WTMP_FILE, strerror(errno));
|
||||
return (0);
|
||||
}
|
||||
if (fstat(fd, &st) != 0) {
|
||||
logit("%s: couldn't stat %s: %s", __func__,
|
||||
logit("%s: couldn't stat %s: %s", __func__,
|
||||
WTMP_FILE, strerror(errno));
|
||||
close(fd);
|
||||
return (0);
|
||||
@ -1177,7 +1178,7 @@ wtmp_get_entry(struct logininfo *li)
|
||||
|
||||
while (!found) {
|
||||
if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
|
||||
logit("%s: read of %s failed: %s", __func__,
|
||||
logit("%s: read of %s failed: %s", __func__,
|
||||
WTMP_FILE, strerror(errno));
|
||||
close (fd);
|
||||
return (0);
|
||||
@ -1235,7 +1236,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx)
|
||||
int fd, ret = 1;
|
||||
|
||||
if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
|
||||
logit("%s: problem opening %s: %s", __func__,
|
||||
logit("%s: problem opening %s: %s", __func__,
|
||||
WTMPX_FILE, strerror(errno));
|
||||
return (0);
|
||||
}
|
||||
@ -1322,12 +1323,12 @@ wtmpx_get_entry(struct logininfo *li)
|
||||
li->tv_sec = li->tv_usec = 0;
|
||||
|
||||
if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
|
||||
logit("%s: problem opening %s: %s", __func__,
|
||||
logit("%s: problem opening %s: %s", __func__,
|
||||
WTMPX_FILE, strerror(errno));
|
||||
return (0);
|
||||
}
|
||||
if (fstat(fd, &st) != 0) {
|
||||
logit("%s: couldn't stat %s: %s", __func__,
|
||||
logit("%s: couldn't stat %s: %s", __func__,
|
||||
WTMPX_FILE, strerror(errno));
|
||||
close(fd);
|
||||
return (0);
|
||||
@ -1342,13 +1343,13 @@ wtmpx_get_entry(struct logininfo *li)
|
||||
|
||||
while (!found) {
|
||||
if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
|
||||
logit("%s: read of %s failed: %s", __func__,
|
||||
logit("%s: read of %s failed: %s", __func__,
|
||||
WTMPX_FILE, strerror(errno));
|
||||
close (fd);
|
||||
return (0);
|
||||
}
|
||||
/*
|
||||
* Logouts are recorded as a blank username on a particular
|
||||
* Logouts are recorded as a blank username on a particular
|
||||
* line. So, we just need to find the username in struct utmpx
|
||||
*/
|
||||
if (wtmpx_islogin(li, &utx)) {
|
||||
|
@ -35,7 +35,7 @@
|
||||
#include <netinet/in.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */
|
||||
/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */
|
||||
|
||||
/**
|
||||
** you should use the login_* calls to work around platform dependencies
|
||||
@ -128,7 +128,7 @@ struct logininfo *login_get_lastlog(struct logininfo *li, const int uid);
|
||||
unsigned int login_get_lastlog_time(const int uid);
|
||||
|
||||
/* produce various forms of the line filename */
|
||||
char *line_fullname(char *dst, const char *src, int dstsize);
|
||||
char *line_fullname(char *dst, const char *src, u_int dstsize);
|
||||
char *line_stripname(char *dst, const char *src, int dstsize);
|
||||
char *line_abbrevname(char *dst, const char *src, int dstsize);
|
||||
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
|
||||
RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
@ -51,12 +51,15 @@ struct {
|
||||
int
|
||||
mac_init(Mac *mac, char *name)
|
||||
{
|
||||
int i;
|
||||
int i, evp_len;
|
||||
|
||||
for (i = 0; macs[i].name; i++) {
|
||||
if (strcmp(name, macs[i].name) == 0) {
|
||||
if (mac != NULL) {
|
||||
mac->md = (*macs[i].mdfunc)();
|
||||
mac->key_len = mac->mac_len = EVP_MD_size(mac->md);
|
||||
if ((evp_len = EVP_MD_size(mac->md)) <= 0)
|
||||
fatal("mac %s len %d", name, evp_len);
|
||||
mac->key_len = mac->mac_len = (u_int)evp_len;
|
||||
if (macs[i].truncatebits != 0)
|
||||
mac->mac_len = macs[i].truncatebits/8;
|
||||
}
|
||||
@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
||||
|
||||
if (mac->key == NULL)
|
||||
fatal("mac_compute: no key");
|
||||
if ((u_int)mac->mac_len > sizeof(m))
|
||||
if (mac->mac_len > sizeof(m))
|
||||
fatal("mac_compute: mac too long");
|
||||
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
|
||||
PUT_32BIT(b, seqno);
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
|
||||
RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include "match.h"
|
||||
#include "xmalloc.h"
|
||||
@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next)
|
||||
ret = xstrdup(p);
|
||||
if (next != NULL)
|
||||
*next = (cp == NULL) ?
|
||||
strlen(c) : cp - c;
|
||||
strlen(c) : (u_int)(cp - c);
|
||||
xfree(c);
|
||||
xfree(s);
|
||||
return ret;
|
||||
|
@ -140,6 +140,9 @@ function add(str) {
|
||||
} else if(match(words[w],"^Dt$")) {
|
||||
id=wtail()
|
||||
next
|
||||
} else if(match(words[w],"^Ox$")) {
|
||||
add("OpenBSD")
|
||||
skip=1
|
||||
} else if(match(words[w],"^Os$")) {
|
||||
add(".TH " id " \"" date "\" \"" wtail() "\"")
|
||||
} else if(match(words[w],"^Sh$")) {
|
||||
|
@ -1,5 +1,6 @@
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2005 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -23,7 +24,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
|
||||
|
||||
#include "misc.h"
|
||||
#include "log.h"
|
||||
@ -375,6 +376,114 @@ addargs(arglist *args, char *fmt, ...)
|
||||
args->list[args->num] = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Expands tildes in the file name. Returns data allocated by xmalloc.
|
||||
* Warning: this calls getpw*.
|
||||
*/
|
||||
char *
|
||||
tilde_expand_filename(const char *filename, uid_t uid)
|
||||
{
|
||||
const char *path;
|
||||
char user[128], ret[MAXPATHLEN];
|
||||
struct passwd *pw;
|
||||
u_int len, slash;
|
||||
|
||||
if (*filename != '~')
|
||||
return (xstrdup(filename));
|
||||
filename++;
|
||||
|
||||
path = strchr(filename, '/');
|
||||
if (path != NULL && path > filename) { /* ~user/path */
|
||||
slash = path - filename;
|
||||
if (slash > sizeof(user) - 1)
|
||||
fatal("tilde_expand_filename: ~username too long");
|
||||
memcpy(user, filename, slash);
|
||||
user[slash] = '\0';
|
||||
if ((pw = getpwnam(user)) == NULL)
|
||||
fatal("tilde_expand_filename: No such user %s", user);
|
||||
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
|
||||
fatal("tilde_expand_filename: No such uid %d", uid);
|
||||
|
||||
if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
/* Make sure directory has a trailing '/' */
|
||||
len = strlen(pw->pw_dir);
|
||||
if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
|
||||
strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
/* Skip leading '/' from specified path */
|
||||
if (path != NULL)
|
||||
filename = path + 1;
|
||||
if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
return (xstrdup(ret));
|
||||
}
|
||||
|
||||
/*
|
||||
* Expand a string with a set of %[char] escapes. A number of escapes may be
|
||||
* specified as (char *escape_chars, char *replacement) pairs. The list must
|
||||
* be terminated by a NULL escape_char. Returns replaced string in memory
|
||||
* allocated by xmalloc.
|
||||
*/
|
||||
char *
|
||||
percent_expand(const char *string, ...)
|
||||
{
|
||||
#define EXPAND_MAX_KEYS 16
|
||||
struct {
|
||||
const char *key;
|
||||
const char *repl;
|
||||
} keys[EXPAND_MAX_KEYS];
|
||||
u_int num_keys, i, j;
|
||||
char buf[4096];
|
||||
va_list ap;
|
||||
|
||||
/* Gather keys */
|
||||
va_start(ap, string);
|
||||
for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
|
||||
keys[num_keys].key = va_arg(ap, char *);
|
||||
if (keys[num_keys].key == NULL)
|
||||
break;
|
||||
keys[num_keys].repl = va_arg(ap, char *);
|
||||
if (keys[num_keys].repl == NULL)
|
||||
fatal("percent_expand: NULL replacement");
|
||||
}
|
||||
va_end(ap);
|
||||
|
||||
if (num_keys >= EXPAND_MAX_KEYS)
|
||||
fatal("percent_expand: too many keys");
|
||||
|
||||
/* Expand string */
|
||||
*buf = '\0';
|
||||
for (i = 0; *string != '\0'; string++) {
|
||||
if (*string != '%') {
|
||||
append:
|
||||
buf[i++] = *string;
|
||||
if (i >= sizeof(buf))
|
||||
fatal("percent_expand: string too long");
|
||||
buf[i] = '\0';
|
||||
continue;
|
||||
}
|
||||
string++;
|
||||
if (*string == '%')
|
||||
goto append;
|
||||
for (j = 0; j < num_keys; j++) {
|
||||
if (strchr(keys[j].key, *string) != NULL) {
|
||||
i = strlcat(buf, keys[j].repl, sizeof(buf));
|
||||
if (i >= sizeof(buf))
|
||||
fatal("percent_expand: string too long");
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (j >= num_keys)
|
||||
fatal("percent_expand: unknown key %%%c", *string);
|
||||
}
|
||||
return (xstrdup(buf));
|
||||
#undef EXPAND_MAX_KEYS
|
||||
}
|
||||
|
||||
/*
|
||||
* Read an entire line from a public key file into a static buffer, discarding
|
||||
* lines that exceed the buffer size. Returns 0 on success, -1 on failure.
|
||||
@ -397,3 +506,20 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
char *
|
||||
tohex(const u_char *d, u_int l)
|
||||
{
|
||||
char b[3], *r;
|
||||
u_int i, hl;
|
||||
|
||||
hl = l * 2 + 1;
|
||||
r = xmalloc(hl);
|
||||
*r = '\0';
|
||||
for (i = 0; i < l; i++) {
|
||||
snprintf(b, sizeof(b), "%02x", d[i]);
|
||||
strlcat(r, b, hl);
|
||||
}
|
||||
return (r);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */
|
||||
/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -24,6 +24,9 @@ char *hpdelim(char **);
|
||||
char *cleanhostname(char *);
|
||||
char *colon(char *);
|
||||
long convtime(const char *);
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
||||
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
|
||||
char *tohex(const u_char *, u_int);
|
||||
|
||||
struct passwd *pwcopy(struct passwd *);
|
||||
|
||||
@ -35,10 +38,6 @@ struct arglist {
|
||||
};
|
||||
void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
|
||||
|
||||
/* tildexpand.c */
|
||||
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
||||
|
||||
/* readpass.c */
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
@ -112,22 +112,22 @@
|
||||
#define TINY_NUMBER (1UL<<16)
|
||||
|
||||
/* Ensure enough bit space for testing 2*q. */
|
||||
#define TEST_MAXIMUM (1UL<<16)
|
||||
#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
|
||||
/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
|
||||
#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
|
||||
#define TEST_MAXIMUM (1UL<<16)
|
||||
#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
|
||||
/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
|
||||
#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
|
||||
|
||||
/* bit operations on 32-bit words */
|
||||
#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
|
||||
#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
|
||||
#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
|
||||
#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
|
||||
#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
|
||||
#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
|
||||
|
||||
/*
|
||||
* Prime testing defines
|
||||
*/
|
||||
|
||||
/* Minimum number of primality tests to perform */
|
||||
#define TRIAL_MINIMUM (4)
|
||||
#define TRIAL_MINIMUM (4)
|
||||
|
||||
/*
|
||||
* Sieving data (XXX - move to struct)
|
||||
@ -144,7 +144,7 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
|
||||
static u_int32_t largebits, largememory; /* megabytes */
|
||||
static BIGNUM *largebase;
|
||||
|
||||
int gen_candidates(FILE *, int, int, BIGNUM *);
|
||||
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
|
||||
|
||||
/*
|
||||
@ -241,19 +241,20 @@ sieve_large(u_int32_t s)
|
||||
* The list is checked against small known primes (less than 2**30).
|
||||
*/
|
||||
int
|
||||
gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
|
||||
gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
|
||||
{
|
||||
BIGNUM *q;
|
||||
u_int32_t j, r, s, t;
|
||||
u_int32_t smallwords = TINY_NUMBER >> 6;
|
||||
u_int32_t tinywords = TINY_NUMBER >> 6;
|
||||
time_t time_start, time_stop;
|
||||
int i, ret = 0;
|
||||
u_int32_t i;
|
||||
int ret = 0;
|
||||
|
||||
largememory = memory;
|
||||
|
||||
if (memory != 0 &&
|
||||
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
|
||||
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
|
||||
error("Invalid memory amount (min %ld, max %ld)",
|
||||
LARGE_MINIMUM, LARGE_MAXIMUM);
|
||||
return (-1);
|
||||
@ -371,8 +372,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
|
||||
* fencepost errors, the last pass is skipped.
|
||||
*/
|
||||
for (smallbase = TINY_NUMBER + 3;
|
||||
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
|
||||
smallbase += TINY_NUMBER) {
|
||||
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
|
||||
smallbase += TINY_NUMBER) {
|
||||
for (i = 0; i < tinybits; i++) {
|
||||
if (BIT_TEST(TinySieve, i))
|
||||
continue; /* 2*i+3 is composite */
|
||||
@ -548,7 +549,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
|
||||
* due to earlier inconsistencies in interpretation, check
|
||||
* the proposed bit size.
|
||||
*/
|
||||
if (BN_num_bits(p) != (in_size + 1)) {
|
||||
if ((u_int32_t)BN_num_bits(p) != (in_size + 1)) {
|
||||
debug2("%10u: bit size %u mismatch", count_in, in_size);
|
||||
continue;
|
||||
}
|
||||
|
@ -869,8 +869,8 @@ int
|
||||
mm_answer_pam_query(int sock, Buffer *m)
|
||||
{
|
||||
char *name, *info, **prompts;
|
||||
u_int num, *echo_on;
|
||||
int i, ret;
|
||||
u_int i, num, *echo_on;
|
||||
int ret;
|
||||
|
||||
debug3("%s", __func__);
|
||||
sshpam_authok = NULL;
|
||||
@ -903,8 +903,8 @@ int
|
||||
mm_answer_pam_respond(int sock, Buffer *m)
|
||||
{
|
||||
char **resp;
|
||||
u_int num;
|
||||
int i, ret;
|
||||
u_int i, num;
|
||||
int ret;
|
||||
|
||||
debug3("%s", __func__);
|
||||
sshpam_authok = NULL;
|
||||
|
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $");
|
||||
RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dh.h>
|
||||
@ -95,9 +95,9 @@ mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
|
||||
PUT_32BIT(buf, mlen + 1);
|
||||
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
|
||||
if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
|
||||
fatal("%s: write", __func__);
|
||||
fatal("%s: write: %s", __func__, strerror(errno));
|
||||
if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen)
|
||||
fatal("%s: write", __func__);
|
||||
fatal("%s: write: %s", __func__, strerror(errno));
|
||||
}
|
||||
|
||||
void
|
||||
@ -105,24 +105,21 @@ mm_request_receive(int sock, Buffer *m)
|
||||
{
|
||||
u_char buf[4];
|
||||
u_int msg_len;
|
||||
ssize_t res;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
|
||||
res = atomicio(read, sock, buf, sizeof(buf));
|
||||
if (res != sizeof(buf)) {
|
||||
if (res == 0)
|
||||
if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
if (errno == EPIPE)
|
||||
cleanup_exit(255);
|
||||
fatal("%s: read: %ld", __func__, (long)res);
|
||||
fatal("%s: read: %s", __func__, strerror(errno));
|
||||
}
|
||||
msg_len = GET_32BIT(buf);
|
||||
if (msg_len > 256 * 1024)
|
||||
fatal("%s: read: bad msg_len %d", __func__, msg_len);
|
||||
buffer_clear(m);
|
||||
buffer_append_space(m, msg_len);
|
||||
res = atomicio(read, sock, buffer_ptr(m), msg_len);
|
||||
if (res != msg_len)
|
||||
fatal("%s: read: %ld != msg_len", __func__, (long)res);
|
||||
if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len)
|
||||
fatal("%s: read: %s", __func__, strerror(errno));
|
||||
}
|
||||
|
||||
void
|
||||
@ -767,7 +764,8 @@ mm_sshpam_query(void *ctx, char **name, char **info,
|
||||
u_int *num, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
Buffer m;
|
||||
int i, ret;
|
||||
u_int i;
|
||||
int ret;
|
||||
|
||||
debug3("%s", __func__);
|
||||
buffer_init(&m);
|
||||
@ -793,7 +791,8 @@ int
|
||||
mm_sshpam_respond(void *ctx, u_int num, char **resp)
|
||||
{
|
||||
Buffer m;
|
||||
int i, ret;
|
||||
u_int i;
|
||||
int ret;
|
||||
|
||||
debug3("%s", __func__);
|
||||
buffer_init(&m);
|
||||
|
@ -22,7 +22,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: msg.c,v 1.7 2003/11/17 09:45:39 djm Exp $");
|
||||
RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "getput.h"
|
||||
@ -55,15 +55,13 @@ int
|
||||
ssh_msg_recv(int fd, Buffer *m)
|
||||
{
|
||||
u_char buf[4];
|
||||
ssize_t res;
|
||||
u_int msg_len;
|
||||
|
||||
debug3("ssh_msg_recv entering");
|
||||
|
||||
res = atomicio(read, fd, buf, sizeof(buf));
|
||||
if (res != sizeof(buf)) {
|
||||
if (res != 0)
|
||||
error("ssh_msg_recv: read: header %ld", (long)res);
|
||||
if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
if (errno != EPIPE)
|
||||
error("ssh_msg_recv: read: header");
|
||||
return (-1);
|
||||
}
|
||||
msg_len = GET_32BIT(buf);
|
||||
@ -73,9 +71,8 @@ ssh_msg_recv(int fd, Buffer *m)
|
||||
}
|
||||
buffer_clear(m);
|
||||
buffer_append_space(m, msg_len);
|
||||
res = atomicio(read, fd, buffer_ptr(m), msg_len);
|
||||
if (res != msg_len) {
|
||||
error("ssh_msg_recv: read: %ld != msg_len", (long)res);
|
||||
if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
|
||||
error("ssh_msg_recv: read: %s", strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: myproposal.h,v 1.16 2004/06/13 12:53:24 djm Exp $ */
|
||||
/* $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -28,14 +28,15 @@
|
||||
"diffie-hellman-group1-sha1"
|
||||
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
|
||||
#define KEX_DEFAULT_ENCRYPT \
|
||||
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
|
||||
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
|
||||
"arcfour128,arcfour256,arcfour," \
|
||||
"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
|
||||
"aes128-ctr,aes192-ctr,aes256-ctr"
|
||||
#define KEX_DEFAULT_MAC \
|
||||
"hmac-md5,hmac-sha1,hmac-ripemd160," \
|
||||
"hmac-ripemd160@openssh.com," \
|
||||
"hmac-sha1-96,hmac-md5-96"
|
||||
#define KEX_DEFAULT_COMP "none,zlib"
|
||||
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
||||
#define KEX_DEFAULT_LANG ""
|
||||
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $
|
||||
# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $
|
||||
|
||||
sysconfdir=@sysconfdir@
|
||||
piddir=@piddir@
|
||||
@ -16,11 +16,11 @@ RANLIB=@RANLIB@
|
||||
INSTALL=@INSTALL@
|
||||
LDFLAGS=-L. @LDFLAGS@
|
||||
|
||||
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
|
||||
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
|
||||
|
||||
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
|
||||
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||
|
||||
PORTS=port-irix.o port-aix.o
|
||||
PORTS=port-irix.o port-aix.o port-uw.o
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
|
@ -29,7 +29,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $");
|
||||
RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
|
||||
|
@ -18,7 +18,7 @@
|
||||
#include "includes.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $");
|
||||
RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $");
|
||||
|
||||
#ifndef HAVE___PROGNAME
|
||||
char *__progname;
|
||||
@ -212,3 +212,21 @@ mysignal(int sig, mysig_t act)
|
||||
return (signal(sig, act));
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifndef HAVE_STRDUP
|
||||
char *
|
||||
strdup(const char *str)
|
||||
{
|
||||
size_t len;
|
||||
char *cp;
|
||||
|
||||
len = strlen(str) + 1;
|
||||
cp = malloc(len);
|
||||
if (cp != NULL)
|
||||
if (strlcpy(cp, str, len) != len) {
|
||||
free(cp);
|
||||
return NULL;
|
||||
}
|
||||
return cp;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: fake-rfc2553.h,v 1.10 2005/02/11 07:32:13 dtucker Exp $ */
|
||||
/* $Id: fake-rfc2553.h,v 1.12 2005/08/03 05:36:21 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2000-2003 Damien Miller. All rights reserved.
|
||||
@ -114,10 +114,16 @@ struct sockaddr_in6 {
|
||||
#endif /* !NI_MAXHOST */
|
||||
|
||||
#ifndef EAI_NODATA
|
||||
# define EAI_NODATA 1
|
||||
# define EAI_MEMORY 2
|
||||
# define EAI_NONAME 3
|
||||
# define EAI_SYSTEM 4
|
||||
# define EAI_NODATA (INT_MAX - 1)
|
||||
#endif
|
||||
#ifndef EAI_MEMORY
|
||||
# define EAI_MEMORY (INT_MAX - 2)
|
||||
#endif
|
||||
#ifndef EAI_NONAME
|
||||
# define EAI_NONAME (INT_MAX - 3)
|
||||
#endif
|
||||
#ifndef EAI_SYSTEM
|
||||
# define EAI_SYSTEM (INT_MAX - 4)
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRUCT_ADDRINFO
|
||||
|
@ -144,6 +144,8 @@ _getshort(msgp)
|
||||
GETSHORT(u, msgp);
|
||||
return (u);
|
||||
}
|
||||
#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0)
|
||||
u_int16_t _getshort(register const u_char *);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE__GETLONG
|
||||
@ -156,6 +158,8 @@ _getlong(msgp)
|
||||
GETLONG(u, msgp);
|
||||
return (u);
|
||||
}
|
||||
#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0)
|
||||
u_int32_t _getlong(register const u_char *);
|
||||
#endif
|
||||
|
||||
int
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */
|
||||
/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
|
||||
@ -152,6 +152,10 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *);
|
||||
int snprintf(char *, size_t, const char *, ...);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRTONUM
|
||||
long long strtonum(const char *, long long, long long, const char **);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_VSNPRINTF
|
||||
int vsnprintf(char *, size_t, const char *, va_list);
|
||||
#endif
|
||||
@ -169,5 +173,6 @@ char *shadow_pw(struct passwd *pw);
|
||||
#include "bsd-cygwin_util.h"
|
||||
#include "port-irix.h"
|
||||
#include "port-aix.h"
|
||||
#include "port-uw.h"
|
||||
|
||||
#endif /* _OPENBSD_COMPAT_H */
|
||||
|
46
crypto/openssh/openbsd-compat/openssl-compat.c
Normal file
46
crypto/openssh/openbsd-compat/openssl-compat.c
Normal file
@ -0,0 +1,46 @@
|
||||
/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#define SSH_DONT_REDEF_EVP
|
||||
#include "openssl-compat.h"
|
||||
|
||||
#ifdef SSH_OLD_EVP
|
||||
int
|
||||
ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
|
||||
unsigned char *key, unsigned char *iv, int enc)
|
||||
{
|
||||
EVP_CipherInit(evp, type, key, iv, enc);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
|
||||
{
|
||||
EVP_Cipher(evp, dst, src, len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
|
||||
{
|
||||
EVP_CIPHER_CTX_cleanup(evp);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
65
crypto/openssh/openbsd-compat/openssl-compat.h
Normal file
65
crypto/openssh/openbsd-compat/openssl-compat.h
Normal file
@ -0,0 +1,65 @@
|
||||
/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00906000L
|
||||
# define SSH_OLD_EVP
|
||||
# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
# define EVP_aes_128_cbc evp_rijndael
|
||||
# define EVP_aes_192_cbc evp_rijndael
|
||||
# define EVP_aes_256_cbc evp_rijndael
|
||||
extern const EVP_CIPHER *evp_rijndael(void);
|
||||
extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||
#endif
|
||||
|
||||
#if !defined(EVP_CTRL_SET_ACSS_MODE)
|
||||
# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||
# define USE_CIPHER_ACSS 1
|
||||
extern const EVP_CIPHER *evp_acss(void);
|
||||
# define EVP_acss evp_acss
|
||||
# else
|
||||
# define EVP_acss NULL
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* insert comment here
|
||||
*/
|
||||
#ifdef SSH_OLD_EVP
|
||||
|
||||
# ifndef SSH_DONT_REDEF_EVP
|
||||
|
||||
# ifdef EVP_Cipher
|
||||
# undef EVP_Cipher
|
||||
# endif
|
||||
|
||||
# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e))
|
||||
# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d))
|
||||
# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
|
||||
# endif
|
||||
|
||||
int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
|
||||
unsigned char *, int);
|
||||
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
|
||||
int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
|
||||
#endif
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
*
|
||||
* Copyright (c) 2001 Gert Doering. All rights reserved.
|
||||
* Copyright (c) 2003,2004 Darren Tucker. All rights reserved.
|
||||
* Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -42,14 +42,12 @@ static char old_registry[REGISTRY_SIZE] = "";
|
||||
# endif
|
||||
|
||||
/*
|
||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||
* a few applications actually use this and die if it's not set
|
||||
*
|
||||
* NOTE: TTY= should be set, but since no one uses it and it's hard to
|
||||
* acquire due to privsep code. We will just drop support.
|
||||
*/
|
||||
|
||||
|
||||
void
|
||||
aix_usrinfo(struct passwd *pw)
|
||||
{
|
||||
@ -60,7 +58,7 @@ aix_usrinfo(struct passwd *pw)
|
||||
len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
|
||||
cp = xmalloc(len);
|
||||
|
||||
i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
|
||||
i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
|
||||
pw->pw_name, '\0');
|
||||
if (usrinfo(SETUINFO, cp, i) == -1)
|
||||
fatal("Couldn't set usrinfo: %s", strerror(errno));
|
||||
@ -153,14 +151,14 @@ aix_valid_authentications(const char *user)
|
||||
int
|
||||
sys_auth_passwd(Authctxt *ctxt, const char *password)
|
||||
{
|
||||
char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
|
||||
char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name;
|
||||
int authsuccess = 0, expired, reenter, result;
|
||||
|
||||
do {
|
||||
result = authenticate((char *)name, (char *)password, &reenter,
|
||||
&authmsg);
|
||||
aix_remove_embedded_newlines(authmsg);
|
||||
debug3("AIX/authenticate result %d, msg %.100s", result,
|
||||
debug3("AIX/authenticate result %d, authmsg %.100s", result,
|
||||
authmsg);
|
||||
} while (reenter);
|
||||
|
||||
@ -170,7 +168,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
|
||||
if (result == 0) {
|
||||
authsuccess = 1;
|
||||
|
||||
/*
|
||||
/*
|
||||
* Record successful login. We don't have a pty yet, so just
|
||||
* label the line as "ssh"
|
||||
*/
|
||||
@ -257,7 +255,7 @@ int
|
||||
sys_auth_record_login(const char *user, const char *host, const char *ttynm,
|
||||
Buffer *loginmsg)
|
||||
{
|
||||
char *msg;
|
||||
char *msg = NULL;
|
||||
int success = 0;
|
||||
|
||||
aix_setauthdb(user);
|
||||
|
@ -1,8 +1,9 @@
|
||||
/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */
|
||||
/* $Id: port-aix.h,v 1.26 2005/05/28 10:28:40 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
* Copyright (c) 2001 Gert Doering. All rights reserved.
|
||||
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -47,23 +48,23 @@
|
||||
|
||||
/* These should be in the system headers but are not. */
|
||||
int usrinfo(int, char *, int);
|
||||
#if (HAVE_DECL_SETAUTHDB == 0)
|
||||
#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0)
|
||||
int setauthdb(const char *, char *);
|
||||
#endif
|
||||
/* these may or may not be in the headers depending on the version */
|
||||
#if (HAVE_DECL_AUTHENTICATE == 0)
|
||||
#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0)
|
||||
int authenticate(char *, char *, int *, char **);
|
||||
#endif
|
||||
#if (HAVE_DECL_LOGINFAILED == 0)
|
||||
#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0)
|
||||
int loginfailed(char *, char *, char *);
|
||||
#endif
|
||||
#if (HAVE_DECL_LOGINRESTRICTIONS == 0)
|
||||
#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0)
|
||||
int loginrestrictions(char *, int, char *, char **);
|
||||
#endif
|
||||
#if (HAVE_DECL_LOGINSUCCESS == 0)
|
||||
#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0)
|
||||
int loginsuccess(char *, char *, char *, char **);
|
||||
#endif
|
||||
#if (HAVE_DECL_PASSWDEXPIRED == 0)
|
||||
#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0)
|
||||
int passwdexpired(char *, char **);
|
||||
#endif
|
||||
|
||||
|
134
crypto/openssh/openbsd-compat/port-uw.c
Normal file
134
crypto/openssh/openbsd-compat/port-uw.c
Normal file
@ -0,0 +1,134 @@
|
||||
/*
|
||||
* Copyright (c) 2005 The SCO Group. All rights reserved.
|
||||
* Copyright (c) 2005 Tim Rice. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
#ifdef HAVE_CRYPT_H
|
||||
#include <crypt.h>
|
||||
#endif
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "auth.h"
|
||||
#include "auth-options.h"
|
||||
|
||||
int nischeck(char *);
|
||||
|
||||
int
|
||||
sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
{
|
||||
struct passwd *pw = authctxt->pw;
|
||||
char *encrypted_password;
|
||||
char *salt;
|
||||
int result;
|
||||
|
||||
/* Just use the supplied fake password if authctxt is invalid */
|
||||
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
|
||||
|
||||
/* Check for users with no password. */
|
||||
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
|
||||
return (1);
|
||||
|
||||
/* Encrypt the candidate password using the proper salt. */
|
||||
salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
if (!nischeck(pw->pw_name))
|
||||
encrypted_password = bigcrypt(password, salt);
|
||||
else
|
||||
#endif /* UNIXWARE_LONG_PASSWORDS */
|
||||
encrypted_password = xcrypt(password, salt);
|
||||
|
||||
/*
|
||||
* Authentication is accepted if the encrypted passwords
|
||||
* are identical.
|
||||
*/
|
||||
result = (strcmp(encrypted_password, pw_password) == 0);
|
||||
|
||||
if (authctxt->valid)
|
||||
free(pw_password);
|
||||
return(result);
|
||||
}
|
||||
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
int
|
||||
nischeck(char *namep)
|
||||
{
|
||||
char password_file[] = "/etc/passwd";
|
||||
FILE *fd;
|
||||
struct passwd *ent = NULL;
|
||||
|
||||
if ((fd = fopen (password_file, "r")) == NULL) {
|
||||
/*
|
||||
* If the passwd file has dissapeared we are in a bad state.
|
||||
* However, returning 0 will send us back through the
|
||||
* authentication scheme that has checked the ia database for
|
||||
* passwords earlier.
|
||||
*/
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* fgetpwent() only reads from password file, so we know for certain
|
||||
* that the user is local.
|
||||
*/
|
||||
while (ent = fgetpwent(fd)) {
|
||||
if (strcmp (ent->pw_name, namep) == 0) {
|
||||
/* Local user */
|
||||
fclose (fd);
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
|
||||
fclose (fd);
|
||||
return (1);
|
||||
}
|
||||
|
||||
#endif /* UNIXWARE_LONG_PASSWORDS */
|
||||
|
||||
/*
|
||||
NOTE: ia_get_logpwd() allocates memory for arg 2
|
||||
functions that call shadow_pw() will need to free
|
||||
*/
|
||||
|
||||
char *
|
||||
get_iaf_password(struct passwd *pw)
|
||||
{
|
||||
char *pw_password = NULL;
|
||||
|
||||
uinfo_t uinfo;
|
||||
if (!ia_openinfo(pw->pw_name,&uinfo)) {
|
||||
ia_get_logpwd(uinfo, &pw_password);
|
||||
if (pw_password == NULL)
|
||||
fatal("ia_get_logpwd: Unable to get the shadow passwd");
|
||||
ia_closeinfo(uinfo);
|
||||
return pw_password;
|
||||
}
|
||||
else
|
||||
fatal("ia_openinfo: Unable to open the shadow passwd file");
|
||||
}
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
|
30
crypto/openssh/openbsd-compat/port-uw.h
Normal file
30
crypto/openssh/openbsd-compat/port-uw.h
Normal file
@ -0,0 +1,30 @@
|
||||
/*
|
||||
* Copyright (c) 2005 Tim Rice. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
char * get_iaf_password(struct passwd *pw);
|
||||
#endif
|
||||
|
@ -1,11 +1,7 @@
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1994
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* This code is derived from software contributed to Berkeley by
|
||||
* Jan-Simon Pendry.
|
||||
* Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -15,14 +11,14 @@
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
* 3. The names of the authors may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
@ -36,169 +32,165 @@
|
||||
|
||||
#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
|
||||
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $";
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/*
|
||||
* MAXSYMLINKS
|
||||
*/
|
||||
#ifndef MAXSYMLINKS
|
||||
#define MAXSYMLINKS 5
|
||||
#endif
|
||||
|
||||
/*
|
||||
* char *realpath(const char *path, char resolved_path[MAXPATHLEN]);
|
||||
* char *realpath(const char *path, char resolved[PATH_MAX]);
|
||||
*
|
||||
* Find the real name of path, by removing all ".", ".." and symlink
|
||||
* components. Returns (resolved) on success, or (NULL) on failure,
|
||||
* in which case the path which caused trouble is left in (resolved).
|
||||
*/
|
||||
char *
|
||||
realpath(const char *path, char *resolved)
|
||||
realpath(const char *path, char resolved[PATH_MAX])
|
||||
{
|
||||
struct stat sb;
|
||||
int fd, n, needslash, serrno;
|
||||
char *p, *q, wbuf[MAXPATHLEN];
|
||||
int symlinks = 0;
|
||||
char *p, *q, *s;
|
||||
size_t left_len, resolved_len;
|
||||
unsigned symlinks;
|
||||
int serrno, slen;
|
||||
char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
|
||||
|
||||
/* Save the starting point. */
|
||||
#ifndef HAVE_FCHDIR
|
||||
char start[MAXPATHLEN];
|
||||
/* this is potentially racy but without fchdir we have no option */
|
||||
if (getcwd(start, sizeof(start)) == NULL) {
|
||||
resolved[0] = '.';
|
||||
serrno = errno;
|
||||
symlinks = 0;
|
||||
if (path[0] == '/') {
|
||||
resolved[0] = '/';
|
||||
resolved[1] = '\0';
|
||||
return (NULL);
|
||||
}
|
||||
#endif
|
||||
if ((fd = open(".", O_RDONLY)) < 0) {
|
||||
resolved[0] = '.';
|
||||
resolved[1] = '\0';
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
/* Convert "." -> "" to optimize away a needless lstat() and chdir() */
|
||||
if (path[0] == '.' && path[1] == '\0')
|
||||
path = "";
|
||||
|
||||
/*
|
||||
* Find the dirname and basename from the path to be resolved.
|
||||
* Change directory to the dirname component.
|
||||
* lstat the basename part.
|
||||
* if it is a symlink, read in the value and loop.
|
||||
* if it is a directory, then change to that directory.
|
||||
* get the current directory name and append the basename.
|
||||
*/
|
||||
if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) {
|
||||
serrno = ENAMETOOLONG;
|
||||
goto err2;
|
||||
}
|
||||
loop:
|
||||
q = strrchr(resolved, '/');
|
||||
if (q != NULL) {
|
||||
p = q + 1;
|
||||
if (q == resolved)
|
||||
q = "/";
|
||||
else {
|
||||
do {
|
||||
--q;
|
||||
} while (q > resolved && *q == '/');
|
||||
q[1] = '\0';
|
||||
q = resolved;
|
||||
}
|
||||
if (chdir(q) < 0)
|
||||
goto err1;
|
||||
} else
|
||||
p = resolved;
|
||||
|
||||
/* Deal with the last component. */
|
||||
if (*p != '\0' && lstat(p, &sb) == 0) {
|
||||
if (S_ISLNK(sb.st_mode)) {
|
||||
if (++symlinks > MAXSYMLINKS) {
|
||||
errno = ELOOP;
|
||||
goto err1;
|
||||
}
|
||||
if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0)
|
||||
goto err1;
|
||||
resolved[n] = '\0';
|
||||
goto loop;
|
||||
}
|
||||
if (S_ISDIR(sb.st_mode)) {
|
||||
if (chdir(p) < 0)
|
||||
goto err1;
|
||||
p = "";
|
||||
if (path[1] == '\0')
|
||||
return (resolved);
|
||||
resolved_len = 1;
|
||||
left_len = strlcpy(left, path + 1, sizeof(left));
|
||||
} else {
|
||||
if (getcwd(resolved, PATH_MAX) == NULL) {
|
||||
strlcpy(resolved, ".", PATH_MAX);
|
||||
return (NULL);
|
||||
}
|
||||
resolved_len = strlen(resolved);
|
||||
left_len = strlcpy(left, path, sizeof(left));
|
||||
}
|
||||
|
||||
/*
|
||||
* Save the last component name and get the full pathname of
|
||||
* the current directory.
|
||||
*/
|
||||
if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) {
|
||||
if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
if (getcwd(resolved, MAXPATHLEN) == NULL)
|
||||
goto err1;
|
||||
|
||||
/*
|
||||
* Join the two strings together, ensuring that the right thing
|
||||
* happens if the last component is empty, or the dirname is root.
|
||||
* Iterate over path components in `left'.
|
||||
*/
|
||||
if (resolved[0] == '/' && resolved[1] == '\0')
|
||||
needslash = 0;
|
||||
else
|
||||
needslash = 1;
|
||||
|
||||
if (*wbuf) {
|
||||
if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) {
|
||||
while (left_len != 0) {
|
||||
/*
|
||||
* Extract the next path component and adjust `left'
|
||||
* and its length.
|
||||
*/
|
||||
p = strchr(left, '/');
|
||||
s = p ? p : left + left_len;
|
||||
if (s - left >= sizeof(next_token)) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
if (needslash) {
|
||||
if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) {
|
||||
memcpy(next_token, left, s - left);
|
||||
next_token[s - left] = '\0';
|
||||
left_len -= s - left;
|
||||
if (p != NULL)
|
||||
memmove(left, s + 1, left_len + 1);
|
||||
if (resolved[resolved_len - 1] != '/') {
|
||||
if (resolved_len + 1 >= PATH_MAX) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
resolved[resolved_len++] = '/';
|
||||
resolved[resolved_len] = '\0';
|
||||
}
|
||||
if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) {
|
||||
if (next_token[0] == '\0')
|
||||
continue;
|
||||
else if (strcmp(next_token, ".") == 0)
|
||||
continue;
|
||||
else if (strcmp(next_token, "..") == 0) {
|
||||
/*
|
||||
* Strip the last path component except when we have
|
||||
* single "/"
|
||||
*/
|
||||
if (resolved_len > 1) {
|
||||
resolved[resolved_len - 1] = '\0';
|
||||
q = strrchr(resolved, '/') + 1;
|
||||
*q = '\0';
|
||||
resolved_len = q - resolved;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Append the next path component and lstat() it. If
|
||||
* lstat() fails we still can return successfully if
|
||||
* there are no more path components left.
|
||||
*/
|
||||
resolved_len = strlcat(resolved, next_token, PATH_MAX);
|
||||
if (resolved_len >= PATH_MAX) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
if (lstat(resolved, &sb) != 0) {
|
||||
if (errno == ENOENT && p == NULL) {
|
||||
errno = serrno;
|
||||
return (resolved);
|
||||
}
|
||||
return (NULL);
|
||||
}
|
||||
if (S_ISLNK(sb.st_mode)) {
|
||||
if (symlinks++ > MAXSYMLINKS) {
|
||||
errno = ELOOP;
|
||||
return (NULL);
|
||||
}
|
||||
slen = readlink(resolved, symlink, sizeof(symlink) - 1);
|
||||
if (slen < 0)
|
||||
return (NULL);
|
||||
symlink[slen] = '\0';
|
||||
if (symlink[0] == '/') {
|
||||
resolved[1] = 0;
|
||||
resolved_len = 1;
|
||||
} else if (resolved_len > 1) {
|
||||
/* Strip the last path component. */
|
||||
resolved[resolved_len - 1] = '\0';
|
||||
q = strrchr(resolved, '/') + 1;
|
||||
*q = '\0';
|
||||
resolved_len = q - resolved;
|
||||
}
|
||||
|
||||
/*
|
||||
* If there are any path components left, then
|
||||
* append them to symlink. The result is placed
|
||||
* in `left'.
|
||||
*/
|
||||
if (p != NULL) {
|
||||
if (symlink[slen - 1] != '/') {
|
||||
if (slen + 1 >= sizeof(symlink)) {
|
||||
errno = ENAMETOOLONG;
|
||||
return (NULL);
|
||||
}
|
||||
symlink[slen] = '/';
|
||||
symlink[slen + 1] = 0;
|
||||
}
|
||||
left_len = strlcat(symlink, left, sizeof(left));
|
||||
if (left_len >= sizeof(left)) {
|
||||
errno = ENAMETOOLONG;
|
||||
return (NULL);
|
||||
}
|
||||
}
|
||||
left_len = strlcpy(left, symlink, sizeof(left));
|
||||
}
|
||||
}
|
||||
|
||||
/* Go back to where we came from. */
|
||||
#ifdef HAVE_FCHDIR
|
||||
if (fchdir(fd) < 0) {
|
||||
#else
|
||||
if (chdir(start) < 0) {
|
||||
#endif
|
||||
serrno = errno;
|
||||
goto err2;
|
||||
}
|
||||
|
||||
/* It's okay if the close fails, what's an fd more or less? */
|
||||
(void)close(fd);
|
||||
/*
|
||||
* Remove trailing slash except when the resolved pathname
|
||||
* is a single "/".
|
||||
*/
|
||||
if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
|
||||
resolved[resolved_len - 1] = '\0';
|
||||
return (resolved);
|
||||
|
||||
err1: serrno = errno;
|
||||
#ifdef HAVE_FCHDIR
|
||||
(void)fchdir(fd);
|
||||
#else
|
||||
chdir(start);
|
||||
#endif
|
||||
err2: (void)close(fd);
|
||||
errno = serrno;
|
||||
return (NULL);
|
||||
}
|
||||
#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
|
||||
|
151
crypto/openssh/openbsd-compat/strtoll.c
Normal file
151
crypto/openssh/openbsd-compat/strtoll.c
Normal file
@ -0,0 +1,151 @@
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1992 The Regents of the University of California.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#ifndef HAVE_STRTOLL
|
||||
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $";
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
/*
|
||||
* Convert a string to a long long.
|
||||
*
|
||||
* Ignores `locale' stuff. Assumes that the upper and lower case
|
||||
* alphabets and digits are each contiguous.
|
||||
*/
|
||||
long long
|
||||
strtoll(const char *nptr, char **endptr, int base)
|
||||
{
|
||||
const char *s;
|
||||
long long acc, cutoff;
|
||||
int c;
|
||||
int neg, any, cutlim;
|
||||
|
||||
/*
|
||||
* Skip white space and pick up leading +/- sign if any.
|
||||
* If base is 0, allow 0x for hex and 0 for octal, else
|
||||
* assume decimal; if base is already 16, allow 0x.
|
||||
*/
|
||||
s = nptr;
|
||||
do {
|
||||
c = (unsigned char) *s++;
|
||||
} while (isspace(c));
|
||||
if (c == '-') {
|
||||
neg = 1;
|
||||
c = *s++;
|
||||
} else {
|
||||
neg = 0;
|
||||
if (c == '+')
|
||||
c = *s++;
|
||||
}
|
||||
if ((base == 0 || base == 16) &&
|
||||
c == '0' && (*s == 'x' || *s == 'X')) {
|
||||
c = s[1];
|
||||
s += 2;
|
||||
base = 16;
|
||||
}
|
||||
if (base == 0)
|
||||
base = c == '0' ? 8 : 10;
|
||||
|
||||
/*
|
||||
* Compute the cutoff value between legal numbers and illegal
|
||||
* numbers. That is the largest legal value, divided by the
|
||||
* base. An input number that is greater than this value, if
|
||||
* followed by a legal input character, is too big. One that
|
||||
* is equal to this value may be valid or not; the limit
|
||||
* between valid and invalid numbers is then based on the last
|
||||
* digit. For instance, if the range for long longs is
|
||||
* [-9223372036854775808..9223372036854775807] and the input base
|
||||
* is 10, cutoff will be set to 922337203685477580 and cutlim to
|
||||
* either 7 (neg==0) or 8 (neg==1), meaning that if we have
|
||||
* accumulated a value > 922337203685477580, or equal but the
|
||||
* next digit is > 7 (or 8), the number is too big, and we will
|
||||
* return a range error.
|
||||
*
|
||||
* Set any if any `digits' consumed; make it negative to indicate
|
||||
* overflow.
|
||||
*/
|
||||
cutoff = neg ? LLONG_MIN : LLONG_MAX;
|
||||
cutlim = cutoff % base;
|
||||
cutoff /= base;
|
||||
if (neg) {
|
||||
if (cutlim > 0) {
|
||||
cutlim -= base;
|
||||
cutoff += 1;
|
||||
}
|
||||
cutlim = -cutlim;
|
||||
}
|
||||
for (acc = 0, any = 0;; c = (unsigned char) *s++) {
|
||||
if (isdigit(c))
|
||||
c -= '0';
|
||||
else if (isalpha(c))
|
||||
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
|
||||
else
|
||||
break;
|
||||
if (c >= base)
|
||||
break;
|
||||
if (any < 0)
|
||||
continue;
|
||||
if (neg) {
|
||||
if (acc < cutoff || (acc == cutoff && c > cutlim)) {
|
||||
any = -1;
|
||||
acc = LLONG_MIN;
|
||||
errno = ERANGE;
|
||||
} else {
|
||||
any = 1;
|
||||
acc *= base;
|
||||
acc -= c;
|
||||
}
|
||||
} else {
|
||||
if (acc > cutoff || (acc == cutoff && c > cutlim)) {
|
||||
any = -1;
|
||||
acc = LLONG_MAX;
|
||||
errno = ERANGE;
|
||||
} else {
|
||||
any = 1;
|
||||
acc *= base;
|
||||
acc += c;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (endptr != 0)
|
||||
*endptr = (char *) (any ? s - 1 : nptr);
|
||||
return (acc);
|
||||
}
|
||||
#endif /* HAVE_STRTOLL */
|
69
crypto/openssh/openbsd-compat/strtonum.c
Normal file
69
crypto/openssh/openbsd-compat/strtonum.c
Normal file
@ -0,0 +1,69 @@
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
|
||||
|
||||
/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004 Ted Unangst and Todd Miller
|
||||
* All rights reserved.
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#ifndef HAVE_STRTONUM
|
||||
#include <limits.h>
|
||||
|
||||
#define INVALID 1
|
||||
#define TOOSMALL 2
|
||||
#define TOOLARGE 3
|
||||
|
||||
long long
|
||||
strtonum(const char *numstr, long long minval, long long maxval,
|
||||
const char **errstrp)
|
||||
{
|
||||
long long ll = 0;
|
||||
char *ep;
|
||||
int error = 0;
|
||||
struct errval {
|
||||
const char *errstr;
|
||||
int err;
|
||||
} ev[4] = {
|
||||
{ NULL, 0 },
|
||||
{ "invalid", EINVAL },
|
||||
{ "too small", ERANGE },
|
||||
{ "too large", ERANGE },
|
||||
};
|
||||
|
||||
ev[0].err = errno;
|
||||
errno = 0;
|
||||
if (minval > maxval)
|
||||
error = INVALID;
|
||||
else {
|
||||
ll = strtoll(numstr, &ep, 10);
|
||||
if (numstr == ep || *ep != '\0')
|
||||
error = INVALID;
|
||||
else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
|
||||
error = TOOSMALL;
|
||||
else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
|
||||
error = TOOLARGE;
|
||||
}
|
||||
if (errstrp != NULL)
|
||||
*errstrp = ev[error].errstr;
|
||||
errno = ev[error].err;
|
||||
if (error)
|
||||
ll = 0;
|
||||
|
||||
return (ll);
|
||||
}
|
||||
|
||||
#endif /* HAVE_STRTONUM */
|
@ -93,6 +93,11 @@ shadow_pw(struct passwd *pw)
|
||||
if (spw != NULL)
|
||||
pw_password = spw->sp_pwdp;
|
||||
# endif
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
return(get_iaf_password(pw));
|
||||
#endif
|
||||
|
||||
# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
|
||||
struct passwd_adjunct *spw;
|
||||
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
|
||||
|
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
|
||||
RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $");
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@ -116,6 +116,12 @@ static int initialized = 0;
|
||||
/* Set to true if the connection is interactive. */
|
||||
static int interactive_mode = 0;
|
||||
|
||||
/* Set to true if we are the server side. */
|
||||
static int server_side = 0;
|
||||
|
||||
/* Set to true if we are authenticated. */
|
||||
static int after_authentication = 0;
|
||||
|
||||
/* Session key information for Encryption and MAC */
|
||||
Newkeys *newkeys[MODE_MAX];
|
||||
static struct packet_state {
|
||||
@ -624,7 +630,9 @@ set_newkeys(int mode)
|
||||
/* Deleting the keys does not gain extra security */
|
||||
/* memset(enc->iv, 0, enc->block_size);
|
||||
memset(enc->key, 0, enc->key_len); */
|
||||
if (comp->type != 0 && comp->enabled == 0) {
|
||||
if ((comp->type == COMP_ZLIB ||
|
||||
(comp->type == COMP_DELAYED && after_authentication)) &&
|
||||
comp->enabled == 0) {
|
||||
packet_init_compression();
|
||||
if (mode == MODE_OUT)
|
||||
buffer_compress_init_send(6);
|
||||
@ -644,6 +652,35 @@ set_newkeys(int mode)
|
||||
*max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
|
||||
}
|
||||
|
||||
/*
|
||||
* Delayed compression for SSH2 is enabled after authentication:
|
||||
* This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
|
||||
* and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
|
||||
*/
|
||||
static void
|
||||
packet_enable_delayed_compress(void)
|
||||
{
|
||||
Comp *comp = NULL;
|
||||
int mode;
|
||||
|
||||
/*
|
||||
* Remember that we are past the authentication step, so rekeying
|
||||
* with COMP_DELAYED will turn on compression immediately.
|
||||
*/
|
||||
after_authentication = 1;
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
comp = &newkeys[mode]->comp;
|
||||
if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
|
||||
packet_init_compression();
|
||||
if (mode == MODE_OUT)
|
||||
buffer_compress_init_send(6);
|
||||
else
|
||||
buffer_compress_init_recv();
|
||||
comp->enabled = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
|
||||
*/
|
||||
@ -757,6 +794,8 @@ packet_send2_wrapped(void)
|
||||
|
||||
if (type == SSH2_MSG_NEWKEYS)
|
||||
set_newkeys(MODE_OUT);
|
||||
else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
|
||||
packet_enable_delayed_compress();
|
||||
}
|
||||
|
||||
static void
|
||||
@ -992,7 +1031,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
|
||||
static u_int packet_length = 0;
|
||||
u_int padlen, need;
|
||||
u_char *macbuf, *cp, type;
|
||||
int maclen, block_size;
|
||||
u_int maclen, block_size;
|
||||
Enc *enc = NULL;
|
||||
Mac *mac = NULL;
|
||||
Comp *comp = NULL;
|
||||
@ -1099,6 +1138,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
|
||||
packet_disconnect("Invalid ssh2 packet type: %d", type);
|
||||
if (type == SSH2_MSG_NEWKEYS)
|
||||
set_newkeys(MODE_IN);
|
||||
else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
|
||||
packet_enable_delayed_compress();
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "read/plain[%d]:\r\n", type);
|
||||
buffer_dump(&incoming_packet);
|
||||
@ -1229,9 +1270,9 @@ packet_get_bignum2(BIGNUM * value)
|
||||
}
|
||||
|
||||
void *
|
||||
packet_get_raw(int *length_ptr)
|
||||
packet_get_raw(u_int *length_ptr)
|
||||
{
|
||||
int bytes = buffer_len(&incoming_packet);
|
||||
u_int bytes = buffer_len(&incoming_packet);
|
||||
|
||||
if (length_ptr != NULL)
|
||||
*length_ptr = bytes;
|
||||
@ -1524,3 +1565,15 @@ packet_set_rekey_limit(u_int32_t bytes)
|
||||
{
|
||||
rekey_limit = bytes;
|
||||
}
|
||||
|
||||
void
|
||||
packet_set_server(void)
|
||||
{
|
||||
server_side = 1;
|
||||
}
|
||||
|
||||
void
|
||||
packet_set_authenticated(void)
|
||||
{
|
||||
after_authentication = 1;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: packet.h,v 1.41 2004/05/11 19:01:43 deraadt Exp $ */
|
||||
/* $OpenBSD: packet.h,v 1.43 2005/07/25 11:59:40 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -30,6 +30,8 @@ u_int packet_get_protocol_flags(void);
|
||||
void packet_start_compression(int);
|
||||
void packet_set_interactive(int);
|
||||
int packet_is_interactive(void);
|
||||
void packet_set_server(void);
|
||||
void packet_set_authenticated(void);
|
||||
|
||||
void packet_start(u_char);
|
||||
void packet_put_char(int ch);
|
||||
@ -52,7 +54,7 @@ u_int packet_get_char(void);
|
||||
u_int packet_get_int(void);
|
||||
void packet_get_bignum(BIGNUM * value);
|
||||
void packet_get_bignum2(BIGNUM * value);
|
||||
void *packet_get_raw(int *length_ptr);
|
||||
void *packet_get_raw(u_int *length_ptr);
|
||||
void *packet_get_string(u_int *length_ptr);
|
||||
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $");
|
||||
RCSID("$OpenBSD: progressmeter.c,v 1.24 2005/06/07 13:25:23 jaredy Exp $");
|
||||
|
||||
#include "progressmeter.h"
|
||||
#include "atomicio.h"
|
||||
@ -42,6 +42,10 @@ static int can_output(void);
|
||||
static void format_size(char *, int, off_t);
|
||||
static void format_rate(char *, int, off_t);
|
||||
|
||||
/* window resizing */
|
||||
static void sig_winch(int);
|
||||
static void setscreensize(void);
|
||||
|
||||
/* updates the progressmeter to reflect the current state of the transfer */
|
||||
void refresh_progress_meter(void);
|
||||
|
||||
@ -57,6 +61,7 @@ static volatile off_t *counter; /* progress counter */
|
||||
static long stalled; /* how long we have been stalled */
|
||||
static int bytes_per_second; /* current speed in bytes per second */
|
||||
static int win_size; /* terminal window size */
|
||||
static volatile sig_atomic_t win_resized; /* for window resizing */
|
||||
|
||||
/* units for format_size */
|
||||
static const char unit[] = " KMGT";
|
||||
@ -147,6 +152,8 @@ refresh_progress_meter(void)
|
||||
len = snprintf(buf, file_len + 1, "\r%s", file);
|
||||
if (len < 0)
|
||||
len = 0;
|
||||
if (len >= file_len + 1)
|
||||
len = file_len;
|
||||
for (i = len; i < file_len; i++ )
|
||||
buf[i] = ' ';
|
||||
buf[file_len] = '\0';
|
||||
@ -215,6 +222,10 @@ update_progress_meter(int ignore)
|
||||
|
||||
save_errno = errno;
|
||||
|
||||
if (win_resized) {
|
||||
setscreensize();
|
||||
win_resized = 0;
|
||||
}
|
||||
if (can_output())
|
||||
refresh_progress_meter();
|
||||
|
||||
@ -226,8 +237,6 @@ update_progress_meter(int ignore)
|
||||
void
|
||||
start_progress_meter(char *f, off_t filesize, off_t *ctr)
|
||||
{
|
||||
struct winsize winsize;
|
||||
|
||||
start = last_update = time(NULL);
|
||||
file = f;
|
||||
end_pos = filesize;
|
||||
@ -236,20 +245,12 @@ start_progress_meter(char *f, off_t filesize, off_t *ctr)
|
||||
stalled = 0;
|
||||
bytes_per_second = 0;
|
||||
|
||||
if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
|
||||
winsize.ws_col != 0) {
|
||||
if (winsize.ws_col > MAX_WINSIZE)
|
||||
win_size = MAX_WINSIZE;
|
||||
else
|
||||
win_size = winsize.ws_col;
|
||||
} else
|
||||
win_size = DEFAULT_WINSIZE;
|
||||
win_size += 1; /* trailing \0 */
|
||||
|
||||
setscreensize();
|
||||
if (can_output())
|
||||
refresh_progress_meter();
|
||||
|
||||
signal(SIGALRM, update_progress_meter);
|
||||
signal(SIGWINCH, sig_winch);
|
||||
alarm(UPDATE_INTERVAL);
|
||||
}
|
||||
|
||||
@ -267,3 +268,25 @@ stop_progress_meter(void)
|
||||
|
||||
atomicio(vwrite, STDOUT_FILENO, "\n", 1);
|
||||
}
|
||||
|
||||
static void
|
||||
sig_winch(int sig)
|
||||
{
|
||||
win_resized = 1;
|
||||
}
|
||||
|
||||
static void
|
||||
setscreensize(void)
|
||||
{
|
||||
struct winsize winsize;
|
||||
|
||||
if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
|
||||
winsize.ws_col != 0) {
|
||||
if (winsize.ws_col > MAX_WINSIZE)
|
||||
win_size = MAX_WINSIZE;
|
||||
else
|
||||
win_size = winsize.ws_col;
|
||||
} else
|
||||
win_size = DEFAULT_WINSIZE;
|
||||
win_size += 1; /* trailing \0 */
|
||||
}
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readconf.c,v 1.139 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
@ -695,7 +695,7 @@ process_config_line(Options *options, const char *host,
|
||||
fwd.listen_host = cleanhostname(fwd.listen_host);
|
||||
} else {
|
||||
fwd.listen_port = a2port(fwd.listen_host);
|
||||
fwd.listen_host = "";
|
||||
fwd.listen_host = NULL;
|
||||
}
|
||||
if (fwd.listen_port == 0)
|
||||
fatal("%.200s line %d: Badly formatted port number.",
|
||||
@ -743,6 +743,9 @@ process_config_line(Options *options, const char *host,
|
||||
|
||||
case oAddressFamily:
|
||||
arg = strdelim(&s);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: missing address family.",
|
||||
filename, linenum);
|
||||
intptr = &options->address_family;
|
||||
if (strcasecmp(arg, "inet") == 0)
|
||||
value = AF_INET;
|
||||
@ -793,7 +796,27 @@ process_config_line(Options *options, const char *host,
|
||||
|
||||
case oControlMaster:
|
||||
intptr = &options->control_master;
|
||||
goto parse_yesnoask;
|
||||
arg = strdelim(&s);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%.200s line %d: Missing ControlMaster argument.",
|
||||
filename, linenum);
|
||||
value = 0; /* To avoid compiler warning... */
|
||||
if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
|
||||
value = SSHCTL_MASTER_YES;
|
||||
else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
|
||||
value = SSHCTL_MASTER_NO;
|
||||
else if (strcmp(arg, "auto") == 0)
|
||||
value = SSHCTL_MASTER_AUTO;
|
||||
else if (strcmp(arg, "ask") == 0)
|
||||
value = SSHCTL_MASTER_ASK;
|
||||
else if (strcmp(arg, "autoask") == 0)
|
||||
value = SSHCTL_MASTER_AUTO_ASK;
|
||||
else
|
||||
fatal("%.200s line %d: Bad ControlMaster argument.",
|
||||
filename, linenum);
|
||||
if (*activep && *intptr == -1)
|
||||
*intptr = value;
|
||||
break;
|
||||
|
||||
case oHashKnownHosts:
|
||||
intptr = &options->hash_known_hosts;
|
||||
@ -816,7 +839,7 @@ process_config_line(Options *options, const char *host,
|
||||
/* Check that there is no garbage at end of line. */
|
||||
if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
||||
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
|
||||
filename, linenum, arg);
|
||||
filename, linenum, arg);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $ */
|
||||
/* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -116,6 +116,11 @@ typedef struct {
|
||||
int hash_known_hosts;
|
||||
} Options;
|
||||
|
||||
#define SSHCTL_MASTER_NO 0
|
||||
#define SSHCTL_MASTER_YES 1
|
||||
#define SSHCTL_MASTER_AUTO 2
|
||||
#define SSHCTL_MASTER_ASK 3
|
||||
#define SSHCTL_MASTER_AUTO_ASK 4
|
||||
|
||||
void initialize_options(Options *);
|
||||
void fill_default_options(Options *);
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $");
|
||||
RCSID("$OpenBSD: readpass.c,v 1.33 2005/05/02 21:13:22 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "misc.h"
|
||||
@ -106,15 +106,20 @@ read_passphrase(const char *prompt, int flags)
|
||||
if (flags & RP_USE_ASKPASS)
|
||||
use_askpass = 1;
|
||||
else if (flags & RP_ALLOW_STDIN) {
|
||||
if (!isatty(STDIN_FILENO))
|
||||
if (!isatty(STDIN_FILENO)) {
|
||||
debug("read_passphrase: stdin is not a tty");
|
||||
use_askpass = 1;
|
||||
}
|
||||
} else {
|
||||
rppflags |= RPP_REQUIRE_TTY;
|
||||
ttyfd = open(_PATH_TTY, O_RDWR);
|
||||
if (ttyfd >= 0)
|
||||
close(ttyfd);
|
||||
else
|
||||
else {
|
||||
debug("read_passphrase: can't open %s: %s", _PATH_TTY,
|
||||
strerror(errno));
|
||||
use_askpass = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
|
||||
|
@ -3,10 +3,10 @@
|
||||
|
||||
tid="reexec tests"
|
||||
|
||||
DATA=/bin/ls
|
||||
DATA=/bin/ls${EXEEXT}
|
||||
COPY=${OBJ}/copy
|
||||
SSHD_ORIG=$SSHD
|
||||
SSHD_COPY=$OBJ/sshd
|
||||
SSHD_ORIG=$SSHD${EXEEXT}
|
||||
SSHD_COPY=$OBJ/sshd${EXEEXT}
|
||||
|
||||
# Start a sshd and then delete it
|
||||
start_sshd_copy ()
|
||||
|
@ -96,9 +96,10 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then
|
||||
fi
|
||||
|
||||
# Path to sshd must be absolute for rexec
|
||||
if [ ! -x /$SSHD ]; then
|
||||
SSHD=`which sshd`
|
||||
fi
|
||||
case "$SSHD" in
|
||||
/*) ;;
|
||||
*) SSHD=`which sshd` ;;
|
||||
esac
|
||||
|
||||
if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
|
||||
TEST_SSH_LOGFILE=/dev/null
|
||||
|
@ -71,7 +71,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: scp.c,v 1.121 2005/04/02 12:41:16 djm Exp $");
|
||||
RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "atomicio.h"
|
||||
@ -109,11 +109,13 @@ static void
|
||||
killchild(int signo)
|
||||
{
|
||||
if (do_cmd_pid > 1) {
|
||||
kill(do_cmd_pid, signo);
|
||||
kill(do_cmd_pid, signo ? signo : SIGTERM);
|
||||
waitpid(do_cmd_pid, NULL, 0);
|
||||
}
|
||||
|
||||
_exit(1);
|
||||
if (signo)
|
||||
_exit(1);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -184,7 +186,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
int cnt;
|
||||
size_t cnt;
|
||||
char *buf;
|
||||
} BUF;
|
||||
|
||||
@ -502,8 +504,9 @@ source(int argc, char **argv)
|
||||
struct stat stb;
|
||||
static BUF buffer;
|
||||
BUF *bp;
|
||||
off_t i, amt, result, statbytes;
|
||||
int fd, haderr, indx;
|
||||
off_t i, amt, statbytes;
|
||||
size_t result;
|
||||
int fd = -1, haderr, indx;
|
||||
char *last, *name, buf[2048];
|
||||
int len;
|
||||
|
||||
@ -578,14 +581,14 @@ next: (void) close(fd);
|
||||
if (!haderr) {
|
||||
result = atomicio(read, fd, bp->buf, amt);
|
||||
if (result != amt)
|
||||
haderr = result >= 0 ? EIO : errno;
|
||||
haderr = errno;
|
||||
}
|
||||
if (haderr)
|
||||
(void) atomicio(vwrite, remout, bp->buf, amt);
|
||||
else {
|
||||
result = atomicio(vwrite, remout, bp->buf, amt);
|
||||
if (result != amt)
|
||||
haderr = result >= 0 ? EIO : errno;
|
||||
haderr = errno;
|
||||
statbytes += result;
|
||||
}
|
||||
if (limit_rate)
|
||||
@ -720,8 +723,9 @@ sink(int argc, char **argv)
|
||||
YES, NO, DISPLAYED
|
||||
} wrerr;
|
||||
BUF *bp;
|
||||
off_t i, j;
|
||||
int amt, count, exists, first, mask, mode, ofd, omode;
|
||||
off_t i;
|
||||
size_t j, count;
|
||||
int amt, exists, first, mask, mode, ofd, omode;
|
||||
off_t size, statbytes;
|
||||
int setimes, targisdir, wrerrno = 0;
|
||||
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
|
||||
@ -748,7 +752,7 @@ sink(int argc, char **argv)
|
||||
targisdir = 1;
|
||||
for (first = 1;; first = 0) {
|
||||
cp = buf;
|
||||
if (atomicio(read, remin, cp, 1) <= 0)
|
||||
if (atomicio(read, remin, cp, 1) != 1)
|
||||
return;
|
||||
if (*cp++ == '\n')
|
||||
SCREWUP("unexpected <newline>");
|
||||
@ -829,7 +833,7 @@ sink(int argc, char **argv)
|
||||
}
|
||||
if (targisdir) {
|
||||
static char *namebuf;
|
||||
static int cursize;
|
||||
static size_t cursize;
|
||||
size_t need;
|
||||
|
||||
need = strlen(targ) + strlen(cp) + 250;
|
||||
@ -902,7 +906,7 @@ bad: run_err("%s: %s", np, strerror(errno));
|
||||
count += amt;
|
||||
do {
|
||||
j = atomicio(read, remin, cp, amt);
|
||||
if (j <= 0) {
|
||||
if (j == 0) {
|
||||
run_err("%s", j ? strerror(errno) :
|
||||
"dropped connection");
|
||||
exit(1);
|
||||
@ -918,10 +922,10 @@ bad: run_err("%s: %s", np, strerror(errno));
|
||||
if (count == bp->cnt) {
|
||||
/* Keep reading so we stay sync'd up. */
|
||||
if (wrerr == NO) {
|
||||
j = atomicio(vwrite, ofd, bp->buf, count);
|
||||
if (j != count) {
|
||||
if (atomicio(vwrite, ofd, bp->buf,
|
||||
count) != count) {
|
||||
wrerr = YES;
|
||||
wrerrno = j >= 0 ? EIO : errno;
|
||||
wrerrno = errno;
|
||||
}
|
||||
}
|
||||
count = 0;
|
||||
@ -931,9 +935,9 @@ bad: run_err("%s: %s", np, strerror(errno));
|
||||
if (showprogress)
|
||||
stop_progress_meter();
|
||||
if (count != 0 && wrerr == NO &&
|
||||
(j = atomicio(vwrite, ofd, bp->buf, count)) != count) {
|
||||
atomicio(vwrite, ofd, bp->buf, count) != count) {
|
||||
wrerr = YES;
|
||||
wrerrno = j >= 0 ? EIO : errno;
|
||||
wrerrno = errno;
|
||||
}
|
||||
if (wrerr == NO && ftruncate(ofd, size) != 0) {
|
||||
run_err("%s: truncate: %s", np, strerror(errno));
|
||||
@ -1070,7 +1074,7 @@ verifydir(char *cp)
|
||||
errno = ENOTDIR;
|
||||
}
|
||||
run_err("%s: %s", cp, strerror(errno));
|
||||
exit(1);
|
||||
killchild(0);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: servconf.c,v 1.140 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
@ -201,7 +201,7 @@ fill_default_server_options(ServerOptions *options)
|
||||
if (options->use_login == -1)
|
||||
options->use_login = 0;
|
||||
if (options->compression == -1)
|
||||
options->compression = 1;
|
||||
options->compression = COMP_DELAYED;
|
||||
if (options->allow_tcp_forwarding == -1)
|
||||
options->allow_tcp_forwarding = 1;
|
||||
if (options->gateway_ports == -1)
|
||||
@ -398,7 +398,7 @@ parse_token(const char *cp, const char *filename,
|
||||
static void
|
||||
add_listen_addr(ServerOptions *options, char *addr, u_short port)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
if (options->num_ports == 0)
|
||||
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||
@ -438,9 +438,10 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
const char *filename, int linenum)
|
||||
{
|
||||
char *cp, **charptr, *arg, *p;
|
||||
int *intptr, value, i, n;
|
||||
int *intptr, value, n;
|
||||
ServerOpCodes opcode;
|
||||
u_short port;
|
||||
u_int i;
|
||||
|
||||
cp = line;
|
||||
arg = strdelim(&cp);
|
||||
@ -516,6 +517,12 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
if (arg == NULL || *arg == '\0')
|
||||
fatal("%s line %d: missing address",
|
||||
filename, linenum);
|
||||
/* check for bare IPv6 address: no "[]" and 2 or more ":" */
|
||||
if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
|
||||
&& strchr(p+1, ':') != NULL) {
|
||||
add_listen_addr(options, arg, 0);
|
||||
break;
|
||||
}
|
||||
p = hpdelim(&arg);
|
||||
if (p == NULL)
|
||||
fatal("%s line %d: bad address:port usage",
|
||||
@ -532,6 +539,9 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
|
||||
case sAddressFamily:
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: missing address family.",
|
||||
filename, linenum);
|
||||
intptr = &options->address_family;
|
||||
if (options->listen_addrs != NULL)
|
||||
fatal("%s line %d: address family must be specified before "
|
||||
@ -721,7 +731,23 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
|
||||
case sCompression:
|
||||
intptr = &options->compression;
|
||||
goto parse_flag;
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: missing yes/no/delayed "
|
||||
"argument.", filename, linenum);
|
||||
value = 0; /* silence compiler */
|
||||
if (strcmp(arg, "delayed") == 0)
|
||||
value = COMP_DELAYED;
|
||||
else if (strcmp(arg, "yes") == 0)
|
||||
value = COMP_ZLIB;
|
||||
else if (strcmp(arg, "no") == 0)
|
||||
value = COMP_NONE;
|
||||
else
|
||||
fatal("%s line %d: Bad yes/no/delayed "
|
||||
"argument: %s", filename, linenum, arg);
|
||||
if (*intptr == -1)
|
||||
*intptr = value;
|
||||
break;
|
||||
|
||||
case sGatewayPorts:
|
||||
intptr = &options->gateway_ports;
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.117 2004/08/11 21:43:05 avsm Exp $");
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.118 2005/07/17 07:17:55 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
@ -865,7 +865,7 @@ server_request_direct_tcpip(void)
|
||||
packet_check_eom();
|
||||
|
||||
debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
|
||||
originator, originator_port, target, target_port);
|
||||
originator, originator_port, target, target_port);
|
||||
|
||||
/* XXX check permission */
|
||||
sock = channel_connect_to(target, target_port);
|
||||
@ -983,7 +983,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
|
||||
#ifndef NO_IPPORT_RESERVED_CONCEPT
|
||||
|| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
|
||||
#endif
|
||||
) {
|
||||
) {
|
||||
success = 0;
|
||||
packet_send_debug("Server has disabled port forwarding.");
|
||||
} else {
|
||||
|
@ -33,7 +33,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -56,6 +56,7 @@ RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $");
|
||||
#include "serverloop.h"
|
||||
#include "canohost.h"
|
||||
#include "session.h"
|
||||
#include "kex.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
#if defined(KRB5) && defined(USE_AFS)
|
||||
@ -196,11 +197,11 @@ auth_input_request_forwarding(struct passwd * pw)
|
||||
static void
|
||||
display_loginmsg(void)
|
||||
{
|
||||
if (buffer_len(&loginmsg) > 0) {
|
||||
buffer_append(&loginmsg, "\0", 1);
|
||||
printf("%s", (char *)buffer_ptr(&loginmsg));
|
||||
buffer_clear(&loginmsg);
|
||||
}
|
||||
if (buffer_len(&loginmsg) > 0) {
|
||||
buffer_append(&loginmsg, "\0", 1);
|
||||
printf("%s", (char *)buffer_ptr(&loginmsg));
|
||||
buffer_clear(&loginmsg);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
@ -272,7 +273,7 @@ do_authenticated1(Authctxt *authctxt)
|
||||
compression_level);
|
||||
break;
|
||||
}
|
||||
if (!options.compression) {
|
||||
if (options.compression == COMP_NONE) {
|
||||
debug2("compression disabled");
|
||||
break;
|
||||
}
|
||||
@ -946,7 +947,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
|
||||
}
|
||||
#endif /* HAVE_ETC_DEFAULT_LOGIN */
|
||||
|
||||
void copy_environment(char **source, char ***env, u_int *envsize)
|
||||
void
|
||||
copy_environment(char **source, char ***env, u_int *envsize)
|
||||
{
|
||||
char *var_name, *var_val;
|
||||
int i;
|
||||
@ -1332,6 +1334,11 @@ do_setusercontext(struct passwd *pw)
|
||||
# ifdef _AIX
|
||||
aix_usrinfo(pw);
|
||||
# endif /* _AIX */
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
if (set_id(pw->pw_name) != 0) {
|
||||
exit(1);
|
||||
}
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
/* Permanently switch to the desired uid. */
|
||||
permanently_set_uid(pw);
|
||||
#endif
|
||||
@ -1529,7 +1536,7 @@ do_child(Session *s, const char *command)
|
||||
*/
|
||||
|
||||
if (options.kerberos_get_afs_token && k_hasafs() &&
|
||||
(s->authctxt->krb5_ctx != NULL)) {
|
||||
(s->authctxt->krb5_ctx != NULL)) {
|
||||
char cell[64];
|
||||
|
||||
debug("Getting AFS token");
|
||||
@ -1633,6 +1640,7 @@ session_new(void)
|
||||
s->ttyfd = -1;
|
||||
s->used = 1;
|
||||
s->self = i;
|
||||
s->x11_chanids = NULL;
|
||||
debug("session_new: session %d", i);
|
||||
return s;
|
||||
}
|
||||
@ -1705,6 +1713,29 @@ session_by_channel(int id)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static Session *
|
||||
session_by_x11_channel(int id)
|
||||
{
|
||||
int i, j;
|
||||
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
Session *s = &sessions[i];
|
||||
|
||||
if (s->x11_chanids == NULL || !s->used)
|
||||
continue;
|
||||
for (j = 0; s->x11_chanids[j] != -1; j++) {
|
||||
if (s->x11_chanids[j] == id) {
|
||||
debug("session_by_x11_channel: session %d "
|
||||
"channel %d", s->self, id);
|
||||
return s;
|
||||
}
|
||||
}
|
||||
}
|
||||
debug("session_by_x11_channel: unknown channel %d", id);
|
||||
session_dump();
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static Session *
|
||||
session_by_pid(pid_t pid)
|
||||
{
|
||||
@ -1800,7 +1831,7 @@ session_subsystem_req(Session *s)
|
||||
u_int len;
|
||||
int success = 0;
|
||||
char *cmd, *subsys = packet_get_string(&len);
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
packet_check_eom();
|
||||
logit("subsystem request for %.100s", subsys);
|
||||
@ -1834,6 +1865,11 @@ session_x11_req(Session *s)
|
||||
{
|
||||
int success;
|
||||
|
||||
if (s->auth_proto != NULL || s->auth_data != NULL) {
|
||||
error("session_x11_req: session %d: "
|
||||
"x11 fowarding already active", s->self);
|
||||
return 0;
|
||||
}
|
||||
s->single_connection = packet_get_char();
|
||||
s->auth_proto = packet_get_string(NULL);
|
||||
s->auth_data = packet_get_string(NULL);
|
||||
@ -2058,10 +2094,67 @@ sig2name(int sig)
|
||||
return "SIG@openssh.com";
|
||||
}
|
||||
|
||||
static void
|
||||
session_close_x11(int id)
|
||||
{
|
||||
Channel *c;
|
||||
|
||||
if ((c = channel_lookup(id)) == NULL) {
|
||||
debug("session_close_x11: x11 channel %d missing", id);
|
||||
} else {
|
||||
/* Detach X11 listener */
|
||||
debug("session_close_x11: detach x11 channel %d", id);
|
||||
channel_cancel_cleanup(id);
|
||||
if (c->ostate != CHAN_OUTPUT_CLOSED)
|
||||
chan_mark_dead(c);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
session_close_single_x11(int id, void *arg)
|
||||
{
|
||||
Session *s;
|
||||
u_int i;
|
||||
|
||||
debug3("session_close_single_x11: channel %d", id);
|
||||
channel_cancel_cleanup(id);
|
||||
if ((s = session_by_x11_channel(id)) == NULL)
|
||||
fatal("session_close_single_x11: no x11 channel %d", id);
|
||||
for (i = 0; s->x11_chanids[i] != -1; i++) {
|
||||
debug("session_close_single_x11: session %d: "
|
||||
"closing channel %d", s->self, s->x11_chanids[i]);
|
||||
/*
|
||||
* The channel "id" is already closing, but make sure we
|
||||
* close all of its siblings.
|
||||
*/
|
||||
if (s->x11_chanids[i] != id)
|
||||
session_close_x11(s->x11_chanids[i]);
|
||||
}
|
||||
xfree(s->x11_chanids);
|
||||
s->x11_chanids = NULL;
|
||||
if (s->display) {
|
||||
xfree(s->display);
|
||||
s->display = NULL;
|
||||
}
|
||||
if (s->auth_proto) {
|
||||
xfree(s->auth_proto);
|
||||
s->auth_proto = NULL;
|
||||
}
|
||||
if (s->auth_data) {
|
||||
xfree(s->auth_data);
|
||||
s->auth_data = NULL;
|
||||
}
|
||||
if (s->auth_display) {
|
||||
xfree(s->auth_display);
|
||||
s->auth_display = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
session_exit_message(Session *s, int status)
|
||||
{
|
||||
Channel *c;
|
||||
u_int i;
|
||||
|
||||
if ((c = channel_lookup(s->chanid)) == NULL)
|
||||
fatal("session_exit_message: session %d: no channel %d",
|
||||
@ -2101,12 +2194,20 @@ session_exit_message(Session *s, int status)
|
||||
if (c->ostate != CHAN_OUTPUT_CLOSED)
|
||||
chan_write_failed(c);
|
||||
s->chanid = -1;
|
||||
|
||||
/* Close any X11 listeners associated with this session */
|
||||
if (s->x11_chanids != NULL) {
|
||||
for (i = 0; s->x11_chanids[i] != -1; i++) {
|
||||
session_close_x11(s->x11_chanids[i]);
|
||||
s->x11_chanids[i] = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
session_close(Session *s)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
|
||||
if (s->ttyfd != -1)
|
||||
@ -2115,6 +2216,8 @@ session_close(Session *s)
|
||||
xfree(s->term);
|
||||
if (s->display)
|
||||
xfree(s->display);
|
||||
if (s->x11_chanids)
|
||||
xfree(s->x11_chanids);
|
||||
if (s->auth_display)
|
||||
xfree(s->auth_display);
|
||||
if (s->auth_data)
|
||||
@ -2153,6 +2256,7 @@ void
|
||||
session_close_by_channel(int id, void *arg)
|
||||
{
|
||||
Session *s = session_by_channel(id);
|
||||
|
||||
if (s == NULL) {
|
||||
debug("session_close_by_channel: no session for id %d", id);
|
||||
return;
|
||||
@ -2233,6 +2337,7 @@ session_setup_x11fwd(Session *s)
|
||||
struct stat st;
|
||||
char display[512], auth_display[512];
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
u_int i;
|
||||
|
||||
if (no_x11_forwarding_flag) {
|
||||
packet_send_debug("X11 forwarding disabled in user configuration file.");
|
||||
@ -2258,10 +2363,14 @@ session_setup_x11fwd(Session *s)
|
||||
}
|
||||
if (x11_create_display_inet(options.x11_display_offset,
|
||||
options.x11_use_localhost, s->single_connection,
|
||||
&s->display_number) == -1) {
|
||||
&s->display_number, &s->x11_chanids) == -1) {
|
||||
debug("x11_create_display_inet failed.");
|
||||
return 0;
|
||||
}
|
||||
for (i = 0; s->x11_chanids[i] != -1; i++) {
|
||||
channel_register_cleanup(s->x11_chanids[i],
|
||||
session_close_single_x11);
|
||||
}
|
||||
|
||||
/* Set up a suitable value for the DISPLAY variable. */
|
||||
if (gethostname(hostname, sizeof(hostname)) < 0)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */
|
||||
/* $OpenBSD: session.h,v 1.25 2005/07/17 06:49:04 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -49,8 +49,9 @@ struct Session {
|
||||
int single_connection;
|
||||
/* proto 2 */
|
||||
int chanid;
|
||||
int *x11_chanids;
|
||||
int is_subsystem;
|
||||
int num_env;
|
||||
u_int num_env;
|
||||
struct {
|
||||
char *name;
|
||||
char *val;
|
||||
|
@ -20,7 +20,7 @@
|
||||
/* XXX: copy between two remote sites */
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $");
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@ -64,10 +64,10 @@ send_msg(int fd, Buffer *m)
|
||||
|
||||
/* Send length first */
|
||||
PUT_32BIT(mlen, buffer_len(m));
|
||||
if (atomicio(vwrite, fd, mlen, sizeof(mlen)) <= 0)
|
||||
if (atomicio(vwrite, fd, mlen, sizeof(mlen)) != sizeof(mlen))
|
||||
fatal("Couldn't send packet: %s", strerror(errno));
|
||||
|
||||
if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) <= 0)
|
||||
if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) != buffer_len(m))
|
||||
fatal("Couldn't send packet: %s", strerror(errno));
|
||||
|
||||
buffer_clear(m);
|
||||
@ -76,26 +76,27 @@ send_msg(int fd, Buffer *m)
|
||||
static void
|
||||
get_msg(int fd, Buffer *m)
|
||||
{
|
||||
ssize_t len;
|
||||
u_int msg_len;
|
||||
|
||||
buffer_append_space(m, 4);
|
||||
len = atomicio(read, fd, buffer_ptr(m), 4);
|
||||
if (len == 0)
|
||||
fatal("Connection closed");
|
||||
else if (len == -1)
|
||||
fatal("Couldn't read packet: %s", strerror(errno));
|
||||
if (atomicio(read, fd, buffer_ptr(m), 4) != 4) {
|
||||
if (errno == EPIPE)
|
||||
fatal("Connection closed");
|
||||
else
|
||||
fatal("Couldn't read packet: %s", strerror(errno));
|
||||
}
|
||||
|
||||
msg_len = buffer_get_int(m);
|
||||
if (msg_len > MAX_MSG_LENGTH)
|
||||
fatal("Received message too long %u", msg_len);
|
||||
|
||||
buffer_append_space(m, msg_len);
|
||||
len = atomicio(read, fd, buffer_ptr(m), msg_len);
|
||||
if (len == 0)
|
||||
fatal("Connection closed");
|
||||
else if (len == -1)
|
||||
fatal("Read packet: %s", strerror(errno));
|
||||
if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
|
||||
if (errno == EPIPE)
|
||||
fatal("Connection closed");
|
||||
else
|
||||
fatal("Read packet: %s", strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
@ -310,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
|
||||
SFTP_DIRENT ***dir)
|
||||
{
|
||||
Buffer msg;
|
||||
u_int type, id, handle_len, i, expected_id, ents = 0;
|
||||
u_int count, type, id, handle_len, i, expected_id, ents = 0;
|
||||
char *handle;
|
||||
|
||||
id = conn->msg_id++;
|
||||
@ -334,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
|
||||
}
|
||||
|
||||
for (; !interrupted;) {
|
||||
int count;
|
||||
|
||||
id = expected_id = conn->msg_id++;
|
||||
|
||||
debug3("Sending SSH2_FXP_READDIR I:%u", id);
|
||||
@ -743,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
||||
Attrib junk, *a;
|
||||
Buffer msg;
|
||||
char *handle;
|
||||
int local_fd, status, num_req, max_req, write_error;
|
||||
int local_fd, status = 0, write_error;
|
||||
int read_error, write_errno;
|
||||
u_int64_t offset, size;
|
||||
u_int handle_len, mode, type, id, buflen;
|
||||
u_int handle_len, mode, type, id, buflen, num_req, max_req;
|
||||
off_t progress_counter;
|
||||
struct request {
|
||||
u_int id;
|
||||
@ -1127,7 +1126,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
goto done;
|
||||
}
|
||||
debug3("In write loop, ack for %u %u bytes at %llu",
|
||||
ack->id, ack->len, (unsigned long long)ack->offset);
|
||||
ack->id, ack->len, (unsigned long long)ack->offset);
|
||||
++ackid;
|
||||
xfree(ack);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */
|
||||
/* $OpenBSD: sftp-client.h,v 1.14 2005/04/26 12:59:02 jmc Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
@ -30,7 +30,7 @@ struct SFTP_DIRENT {
|
||||
};
|
||||
|
||||
/*
|
||||
* Initialiase a SSH filexfer connection. Returns NULL on error or
|
||||
* Initialise a SSH filexfer connection. Returns NULL on error or
|
||||
* a pointer to a initialized sftp_conn struct on success.
|
||||
*/
|
||||
struct sftp_conn *do_init(int, int, u_int, u_int);
|
||||
|
@ -14,7 +14,7 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $");
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
@ -130,7 +130,7 @@ Handle handles[100];
|
||||
static void
|
||||
handle_init(void)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
|
||||
handles[i].use = HANDLE_UNUSED;
|
||||
@ -139,7 +139,7 @@ handle_init(void)
|
||||
static int
|
||||
handle_new(int use, const char *name, int fd, DIR *dirp)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
|
||||
if (handles[i].use == HANDLE_UNUSED) {
|
||||
@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp)
|
||||
static int
|
||||
handle_is_ok(int i, int type)
|
||||
{
|
||||
return i >= 0 && i < sizeof(handles)/sizeof(Handle) &&
|
||||
return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
|
||||
handles[i].use == type;
|
||||
}
|
||||
|
||||
@ -477,10 +477,10 @@ process_write(void)
|
||||
} else {
|
||||
/* XXX ATOMICIO ? */
|
||||
ret = write(fd, data, len);
|
||||
if (ret == -1) {
|
||||
if (ret < 0) {
|
||||
error("process_write: write failed");
|
||||
status = errno_to_portable(errno);
|
||||
} else if (ret == len) {
|
||||
} else if ((size_t)ret == len) {
|
||||
status = SSH2_FX_OK;
|
||||
} else {
|
||||
logit("nothing at all written");
|
||||
|
@ -16,7 +16,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
|
||||
|
||||
#ifdef USE_LIBEDIT
|
||||
#include <histedit.h>
|
||||
@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path)
|
||||
{
|
||||
const char *cp = *cpp, *end;
|
||||
char quot;
|
||||
int i, j;
|
||||
u_int i, j;
|
||||
|
||||
cp += strspn(cp, WHITESPACE);
|
||||
if (!*cp) {
|
||||
@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb)
|
||||
static int
|
||||
do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
|
||||
{
|
||||
int n, c = 1, colspace = 0, columns = 1;
|
||||
int n;
|
||||
u_int c = 1, colspace = 0, columns = 1;
|
||||
SFTP_DIRENT **d;
|
||||
|
||||
if ((n = do_readdir(conn, path, &d)) != 0)
|
||||
return (n);
|
||||
|
||||
if (!(lflag & LS_SHORT_VIEW)) {
|
||||
int m = 0, width = 80;
|
||||
u_int m = 0, width = 80;
|
||||
struct winsize ws;
|
||||
char *tmp;
|
||||
|
||||
@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
|
||||
int lflag)
|
||||
{
|
||||
glob_t g;
|
||||
int i, c = 1, colspace = 0, columns = 1;
|
||||
u_int i, c = 1, colspace = 0, columns = 1;
|
||||
Attrib *a = NULL;
|
||||
|
||||
memset(&g, 0, sizeof(g));
|
||||
@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
|
||||
}
|
||||
|
||||
if (!(lflag & LS_SHORT_VIEW)) {
|
||||
int m = 0, width = 80;
|
||||
u_int m = 0, width = 80;
|
||||
struct winsize ws;
|
||||
|
||||
/* Count entries for sort and find longest filename */
|
||||
@ -1236,7 +1237,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
char *dir = NULL;
|
||||
char cmd[2048];
|
||||
struct sftp_conn *conn;
|
||||
int err;
|
||||
int err, interactive;
|
||||
EditLine *el = NULL;
|
||||
#ifdef USE_LIBEDIT
|
||||
History *hl = NULL;
|
||||
@ -1294,14 +1295,15 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
xfree(dir);
|
||||
}
|
||||
|
||||
#if HAVE_SETVBUF
|
||||
#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF)
|
||||
setvbuf(stdout, NULL, _IOLBF, 0);
|
||||
setvbuf(infile, NULL, _IOLBF, 0);
|
||||
#else
|
||||
setlinebuf(stdout);
|
||||
setlinebuf(infile);
|
||||
setlinebuf(stdout);
|
||||
setlinebuf(infile);
|
||||
#endif
|
||||
|
||||
interactive = !batchmode && isatty(STDIN_FILENO);
|
||||
err = 0;
|
||||
for (;;) {
|
||||
char *cp;
|
||||
@ -1309,20 +1311,28 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
signal(SIGINT, SIG_IGN);
|
||||
|
||||
if (el == NULL) {
|
||||
printf("sftp> ");
|
||||
if (interactive)
|
||||
printf("sftp> ");
|
||||
if (fgets(cmd, sizeof(cmd), infile) == NULL) {
|
||||
printf("\n");
|
||||
if (interactive)
|
||||
printf("\n");
|
||||
break;
|
||||
}
|
||||
if (batchmode) /* Echo command */
|
||||
printf("%s", cmd);
|
||||
if (!interactive) { /* Echo command */
|
||||
printf("sftp> %s", cmd);
|
||||
if (strlen(cmd) > 0 &&
|
||||
cmd[strlen(cmd) - 1] != '\n')
|
||||
printf("\n");
|
||||
}
|
||||
} else {
|
||||
#ifdef USE_LIBEDIT
|
||||
const char *line;
|
||||
int count = 0;
|
||||
|
||||
if ((line = el_gets(el, &count)) == NULL || count <= 0)
|
||||
break;
|
||||
if ((line = el_gets(el, &count)) == NULL || count <= 0) {
|
||||
printf("\n");
|
||||
break;
|
||||
}
|
||||
history(hl, &hev, H_ENTER, line);
|
||||
if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) {
|
||||
fprintf(stderr, "Error: input line too long\n");
|
||||
@ -1345,6 +1355,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
}
|
||||
xfree(pwd);
|
||||
|
||||
#ifdef USE_LIBEDIT
|
||||
if (el != NULL)
|
||||
el_end(el);
|
||||
#endif /* USE_LIBEDIT */
|
||||
|
||||
/* err == 1 signifies normal "quit" exit */
|
||||
return (err >= 0 ? 0 : -1);
|
||||
}
|
||||
@ -1475,7 +1490,7 @@ main(int argc, char **argv)
|
||||
|
||||
/* Allow "-" as stdin */
|
||||
if (strcmp(optarg, "-") != 0 &&
|
||||
(infile = fopen(optarg, "r")) == NULL)
|
||||
(infile = fopen(optarg, "r")) == NULL)
|
||||
fatal("%s (%s).", strerror(errno), optarg);
|
||||
showprogress = 0;
|
||||
batchmode = 1;
|
||||
@ -1561,8 +1576,8 @@ main(int argc, char **argv)
|
||||
err = interactive_loop(in, out, file1, file2);
|
||||
|
||||
#if !defined(USE_PIPES)
|
||||
shutdown(in, SHUT_RDWR);
|
||||
shutdown(out, SHUT_RDWR);
|
||||
shutdown(in, SHUT_RDWR);
|
||||
shutdown(out, SHUT_RDWR);
|
||||
#endif
|
||||
|
||||
close(in);
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $
|
||||
.\" $OpenBSD: ssh-add.1,v 1.43 2005/04/21 06:17:50 djm Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
@ -57,10 +57,10 @@
|
||||
adds RSA or DSA identities to the authentication agent,
|
||||
.Xr ssh-agent 1 .
|
||||
When run without arguments, it adds the files
|
||||
.Pa $HOME/.ssh/id_rsa ,
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
.Pa ~/.ssh/id_rsa ,
|
||||
.Pa ~/.ssh/id_dsa
|
||||
and
|
||||
.Pa $HOME/.ssh/identity .
|
||||
.Pa ~/.ssh/identity .
|
||||
Alternative file names can be given on the command line.
|
||||
If any file requires a passphrase,
|
||||
.Nm
|
||||
@ -142,11 +142,11 @@ agent.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $HOME/.ssh/identity
|
||||
.It Pa ~/.ssh/identity
|
||||
Contains the protocol version 1 RSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_dsa
|
||||
.It Pa ~/.ssh/id_dsa
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_rsa
|
||||
.It Pa ~/.ssh/id_rsa
|
||||
Contains the protocol version 2 RSA authentication identity of the user.
|
||||
.El
|
||||
.Pp
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $");
|
||||
RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -145,7 +145,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
|
||||
/* clear passphrase since it did not work */
|
||||
clear_pass();
|
||||
snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
|
||||
comment);
|
||||
comment);
|
||||
for (;;) {
|
||||
pass = read_passphrase(msg, RP_ALLOW_STDIN);
|
||||
if (strcmp(pass, "") == 0) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -111,10 +111,10 @@ Keys are added using
|
||||
When executed without arguments,
|
||||
.Xr ssh-add 1
|
||||
adds the files
|
||||
.Pa $HOME/.ssh/id_rsa ,
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
.Pa ~/.ssh/id_rsa ,
|
||||
.Pa ~/.ssh/id_dsa
|
||||
and
|
||||
.Pa $HOME/.ssh/identity .
|
||||
.Pa ~/.ssh/identity .
|
||||
If the identity has a passphrase,
|
||||
.Xr ssh-add 1
|
||||
asks for the passphrase (using a small X11 application if running
|
||||
@ -179,11 +179,11 @@ The agent exits automatically when the command given on the command
|
||||
line terminates.
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $HOME/.ssh/identity
|
||||
.It Pa ~/.ssh/identity
|
||||
Contains the protocol version 1 RSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_dsa
|
||||
.It Pa ~/.ssh/id_dsa
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_rsa
|
||||
.It Pa ~/.ssh/id_rsa
|
||||
Contains the protocol version 2 RSA authentication identity of the user.
|
||||
.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
|
||||
Unix-domain sockets used to contain the connection to the
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
@ -129,10 +129,10 @@ section for details.
|
||||
Normally each user wishing to use SSH
|
||||
with RSA or DSA authentication runs this once to create the authentication
|
||||
key in
|
||||
.Pa $HOME/.ssh/identity ,
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
.Pa ~/.ssh/identity ,
|
||||
.Pa ~/.ssh/id_dsa
|
||||
or
|
||||
.Pa $HOME/.ssh/id_rsa .
|
||||
.Pa ~/.ssh/id_rsa .
|
||||
Additionally, the system administrator may use this to generate host keys,
|
||||
as seen in
|
||||
.Pa /etc/rc .
|
||||
@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file.
|
||||
.It Fl b Ar bits
|
||||
Specifies the number of bits in the key to create.
|
||||
Minimum is 512 bits.
|
||||
Generally, 1024 bits is considered sufficient.
|
||||
The default is 1024 bits.
|
||||
Generally, 2048 bits is considered sufficient.
|
||||
The default is 2048 bits.
|
||||
.It Fl C Ar comment
|
||||
Provides a new comment.
|
||||
.It Fl c
|
||||
@ -381,7 +381,7 @@ It is important that this file contains moduli of a range of bit lengths and
|
||||
that both ends of a connection share common moduli.
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $HOME/.ssh/identity
|
||||
.It Pa ~/.ssh/identity
|
||||
Contains the protocol version 1 RSA authentication identity of the user.
|
||||
This file should not be readable by anyone but the user.
|
||||
It is possible to
|
||||
@ -392,14 +392,14 @@ This file is not automatically accessed by
|
||||
but it is offered as the default file for the private key.
|
||||
.Xr ssh 1
|
||||
will read this file when a login attempt is made.
|
||||
.It Pa $HOME/.ssh/identity.pub
|
||||
.It Pa ~/.ssh/identity.pub
|
||||
Contains the protocol version 1 RSA public key for authentication.
|
||||
The contents of this file should be added to
|
||||
.Pa $HOME/.ssh/authorized_keys
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
on all machines
|
||||
where the user wishes to log in using RSA authentication.
|
||||
There is no need to keep the contents of this file secret.
|
||||
.It Pa $HOME/.ssh/id_dsa
|
||||
.It Pa ~/.ssh/id_dsa
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
This file should not be readable by anyone but the user.
|
||||
It is possible to
|
||||
@ -410,14 +410,14 @@ This file is not automatically accessed by
|
||||
but it is offered as the default file for the private key.
|
||||
.Xr ssh 1
|
||||
will read this file when a login attempt is made.
|
||||
.It Pa $HOME/.ssh/id_dsa.pub
|
||||
.It Pa ~/.ssh/id_dsa.pub
|
||||
Contains the protocol version 2 DSA public key for authentication.
|
||||
The contents of this file should be added to
|
||||
.Pa $HOME/.ssh/authorized_keys
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
on all machines
|
||||
where the user wishes to log in using public key authentication.
|
||||
There is no need to keep the contents of this file secret.
|
||||
.It Pa $HOME/.ssh/id_rsa
|
||||
.It Pa ~/.ssh/id_rsa
|
||||
Contains the protocol version 2 RSA authentication identity of the user.
|
||||
This file should not be readable by anyone but the user.
|
||||
It is possible to
|
||||
@ -428,10 +428,10 @@ This file is not automatically accessed by
|
||||
but it is offered as the default file for the private key.
|
||||
.Xr ssh 1
|
||||
will read this file when a login attempt is made.
|
||||
.It Pa $HOME/.ssh/id_rsa.pub
|
||||
.It Pa ~/.ssh/id_rsa.pub
|
||||
Contains the protocol version 2 RSA public key for authentication.
|
||||
The contents of this file should be added to
|
||||
.Pa $HOME/.ssh/authorized_keys
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
on all machines
|
||||
where the user wishes to log in using public key authentication.
|
||||
There is no need to keep the contents of this file secret.
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user