d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r137015,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
des 2004-10-28 16:03:53 +00:00
commit a16e622b22
80 changed files with 3430 additions and 716 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/openssh/CREDITS
View File

@ -31,6 +31,7 @@ David Agraz <dagraz@jahoopa.com> - Build fixes
David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
Garrick James <garrick@james.net> - configure fixes
Gary E. Miller <gem@rellim.com> - SCO support
@ -43,7 +44,7 @@ Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> - KRB4/AFS config patch
IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - bugfixes
Jani Hakala <jahakala@cc.jyu.fi> - Patches
Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes
Jim Knoble <jmknoble@jmknoble.cx> - Many patches
Jim Knoble <jmknoble@pobox.com> - Many patches
Jonchen (email unknown) - the original author of PAM support of SSH
Juergen Keil <jk@tools.de> - scp bugfixing
KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
@ -61,6 +62,7 @@ Martin Johansson <fatbob@acc.umu.se> - Linux fixes
Mark D. Roth <roth+openssh@feep.net> - Features, bug fixes
Mark Miller <markm@swoon.net> - Bugfixes
Matt Richards <v2matt@btv.ibm.com> - AIX patches
Michael Steffens <michael_steffens at hp.com> - HP-UX fixes
Michael Stone <mstone@cs.loyola.edu> - Irix enhancements
Nakaji Hiroyuki <nakaji@tutrp.tut.ac.jp> - Sony News-OS patch
Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
@ -76,6 +78,7 @@ Phil Karn <karn@ka9q.ampr.org> - Autoconf fixes
Philippe WILLEM <Philippe.WILLEM@urssaf.fr> - Bugfixes
Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
Robert Dahlem <Robert.Dahlem at siemens.com> - Reliant Unix fixes
Roumen Petrov <openssh@roumenpetrov.info> - Compile & configure fixes
SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV
@ -95,5 +98,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
$Id: CREDITS,v 1.77 2004/01/30 04:00:50 dtucker Exp $
$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $

675
crypto/openssh/ChangeLog
View File

@ -1,10 +1,681 @@
20040817
- (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/08/16 08:17:01
[version.h]
3.9
- (djm) Crank RPM spec version numbers
- (djm) Release 3.9p1
20040816
- (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
to convince Solaris PAM to honour password complexity rules. ok djm@
20040815
- (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms. ok djm@
- (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
closefrom() replacement from sudo; ok dtucker@
- (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker
- (dtucker) [Makefile.in] Fix typo.
20040814
- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
Explicitly set umask for mkstemp; ok djm@
- (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
- (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Plug AIX login recording into login_write so logins will be recorded for
all auth types.
20040813
- (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
redhat.com
- (dtucker) OpenBSD CVS Sync
- avsm@cvs.openbsd.org 2004/08/11 21:43:05
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
some signed/unsigned int comparison cleanups; markus@ ok
- avsm@cvs.openbsd.org 2004/08/11 21:44:32
[authfd.c scp.c ssh-keyscan.c]
use atomicio instead of homegrown equivalents or read/write.
markus@ ok
- djm@cvs.openbsd.org 2004/08/12 09:18:24
[sshlogin.c]
typo in error message, spotted by moritz AT jodeit.org (Id sync only)
- jakob@cvs.openbsd.org 2004/08/12 21:41:13
[ssh-keygen.1 ssh.1]
improve SSHFP documentation; ok deraadt@
- jmc@cvs.openbsd.org 2004/08/13 00:01:43
[ssh-keygen.1]
kill whitespace at eol;
- djm@cvs.openbsd.org 2004/08/13 02:51:48
[monitor_fdpass.c]
extra check for no message case; ok markus, deraadt, hshoexer, henning
- dtucker@cvs.openbsd.org 2004/08/13 11:09:24
[servconf.c]
Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
ok markus@, djm@
20040812
- (dtucker) [sshd.c] Remove duplicate variable imported during sync.
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/07/28 08:56:22
[sshd.c]
call setsid() _before_ re-exec
- markus@cvs.openbsd.org 2004/07/28 09:40:29
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
sshconnect1.c]
more s/illegal/invalid/
- djm@cvs.openbsd.org 2004/08/04 10:37:52
[dh.c]
return group14 when no primes found - fixes hang on empty /etc/moduli;
ok markus@
- dtucker@cvs.openbsd.org 2004/08/11 11:09:54
[servconf.c]
Fix minor leak; "looks right" deraadt@
- dtucker@cvs.openbsd.org 2004/08/11 11:50:09
[sshd.c]
Don't try to close startup_pipe if it's not open; ok djm@
- djm@cvs.openbsd.org 2004/08/11 11:59:22
[sshlogin.c]
check that lseek went were we told it to; ok markus@
(Id sync only, but similar changes are needed in loginrec.c)
- djm@cvs.openbsd.org 2004/08/11 12:01:16
[sshlogin.c]
make store_lastlog_message() static to appease -Wall; ok markus
- (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
messages generated before the postauth privsep split.
20040720
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/07/21 08:56:12
[auth.c]
s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
miod, ...
- djm@cvs.openbsd.org 2004/07/21 10:33:31
[auth1.c auth2.c]
bz#899: Don't display invalid usernames in setproctitle
from peak AT argo.troja.mff.cuni.cz; ok markus@
- djm@cvs.openbsd.org 2004/07/21 10:36:23
[gss-serv-krb5.c]
fix function declaration
- djm@cvs.openbsd.org 2004/07/21 11:51:29
[canohost.c]
bz#902: cache remote port so we don't fatal() in auth_log when remote
connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
ok markus@
- (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
20040720
- (djm) [log.c] bz #111: Escape more control characters when sending data
to syslog; from peak AT argo.troja.mff.cuni.cz
- (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from
peak AT argo.troja.mff.cuni.cz
- (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now
that sshd is fixed to behave better; suggested by tim
20040719
- (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
ok dtucker@
- (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
- (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.
Report by rac AT tenzing.org
20040717
- (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
diff vs OpenBSD; ok mouring@, tested by tim@ too.
- (dtucker) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
- brad@cvs.openbsd.org 2004/07/12 23:34:25
[ssh-keyscan.1]
Fix incorrect macro, .I -> .Em
From: Eric S. Raymond <esr at thyrsus dot com>
ok jmc@
- dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463); much assistance & ok markus@
20040711
- (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
the monitor to properly clean up the PAM thread (Debian bug #252676).
20040709
- (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from
vinschen AT redhat.com
20040708
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2004/07/03 05:11:33
[sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
Use '\0' not 0 for string; ok djm@, deraadt@
- dtucker@cvs.openbsd.org 2004/07/03 11:02:25
[monitor_wrap.c]
Put s/key functions inside #ifdef SKEY same as monitor.c,
from des@freebsd via bz #330, ok markus@
- dtucker@cvs.openbsd.org 2004/07/08 12:47:21
[scp.c]
Prevent scp from skipping the file following a double-error.
bz #863, ok markus@
20040702
- (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by
strube at physik3.gwdg.de a long time ago.
20040701
- (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
Ensures messages from PAM modules are displayed when privsep=no.
- (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
- (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
to pam_authenticate for challenge-response auth too. Originally from
fcusack at fcusack.com, ok djm@
- (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
the same version. Handle the case where someone uses --with-privsep-user=
and the user name does not match the group name. ok dtucker@
20040630
- (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
appdata_ptr to the conversation function. ok djm@
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2004/06/26 09:03:21
[ssh.1]
- remove double word
- rearrange .Bk to keep SYNOPSIS nice
- -M before -m in options description
- jmc@cvs.openbsd.org 2004/06/26 09:11:14
[ssh_config.5]
punctuation and grammar fixes. also, keep the options in order.
- jmc@cvs.openbsd.org 2004/06/26 09:14:40
[sshd_config.5]
new sentence, new line;
- avsm@cvs.openbsd.org 2004/06/26 20:07:16
[sshd.c]
initialise some fd variables to -1, djm@ ok
- djm@cvs.openbsd.org 2004/06/30 08:36:59
[session.c]
unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
20040627
- (tim) update README files.
- (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros.
- (dtucker) [regress/README.regress] Document new variables.
- (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
rename handling for Linux which returns EPERM for link() on (at least some)
filesystems that do not support hard links. sftp-server will fall back to
stat+rename() in such cases.
- (dtucker) [openbsd-compat/port-aix.c] Missing __func__.
20040626
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/25 18:43:36
[sshd.c]
fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@
- djm@cvs.openbsd.org 2004/06/25 23:21:38
[sftp.c]
bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de
20040625
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/24 19:30:54
[servconf.c servconf.h sshd.c]
re-exec sshd on accept(); initial work, final debugging and ok markus@
- djm@cvs.openbsd.org 2004/06/25 01:16:09
[sshd.c]
only perform tcp wrappers checks when the incoming connection is on a
socket. silences useless warnings from regress tests that use
proxycommand="sshd -i". prompted by david@ ok markus@
- djm@cvs.openbsd.org 2004/06/24 19:32:00
[regress/Makefile regress/test-exec.sh, added regress/reexec.sh]
regress test for re-exec corner cases
- djm@cvs.openbsd.org 2004/06/25 01:25:12
[regress/test-exec.sh]
clean reexec-specific junk out of text-exec.sh and simplify; idea markus@
- dtucker@cvs.openbsd.org 2004/06/25 05:38:48
[sftp-server.c]
Fall back to stat+rename if filesystem doesn't doesn't support hard
links. bz#823, ok djm@
- (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h]
Add closefrom() for platforms that don't have it.
- (dtucker) [sshd.c] add line missing from reexec sync.
20040623
- (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
connections with empty passwords. Patch from davidwu at nbttech.com,
ok djm@
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2004/06/22 22:42:02
[regress/envpass.sh]
Add quoting for test -z; ok markus@
- dtucker@cvs.openbsd.org 2004/06/22 22:45:52
[regress/test-exec.sh]
Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
arbitary options to sshd_config and ssh_config during tests. ok markus@
- dtucker@cvs.openbsd.org 2004/06/22 22:55:56
[regress/dynamic-forward.sh regress/test-exec.sh]
Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
- mouring@cvs.openbsd.org 2004/06/23 00:39:38
[rijndael.c]
-Wshadow fix up s/encrypt/do_encrypt/. OK djm@, markus@
- dtucker@cvs.openbsd.org 2004/06/23 14:31:01
[ssh.c]
Fix counting in master/slave when passing environment variables; ok djm@
- (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match
-Wshadow change.
- (bal) [Makefile.in] Remove opensshd.init on 'make distclean'
- (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move loginrestrictions test to port-aix.c, replace with a generic hook.
- (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable.
- (bal) [contrib/README] Removed "mdoc2man.pl" reference and added
reference to "findssl.sh"
20040622
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/20 17:36:59
[ssh.c]
filter passed env vars at slave in connection sharing case; ok markus@
- djm@cvs.openbsd.org 2004/06/20 18:53:39
[sftp.c]
make "ls -l" listings print user/group names, add "ls -n" to show uid/gid
(like /bin/ls); idea & ok markus@
- djm@cvs.openbsd.org 2004/06/20 19:28:12
[sftp.1]
mention new -n flag
- avsm@cvs.openbsd.org 2004/06/21 17:36:31
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
sshpty.c]
make ssh -Wshadow clean, no functional changes
markus@ ok
- djm@cvs.openbsd.org 2004/06/21 17:53:03
[session.c]
fix fd leak for multiple subsystem connections; with markus@
- djm@cvs.openbsd.org 2004/06/21 22:02:58
[log.h]
mark fatal and cleanup exit as __dead; ok markus@
- djm@cvs.openbsd.org 2004/06/21 22:04:50
[sftp.c]
introduce sorting for ls, same options as /bin/ls; ok markus@
- djm@cvs.openbsd.org 2004/06/21 22:30:45
[sftp.c]
prefix ls option flags with LS_
- djm@cvs.openbsd.org 2004/06/21 22:41:31
[sftp.1]
document sort options
- djm@cvs.openbsd.org 2004/06/22 01:16:39
[sftp.c]
don't show .files by default in ls, add -a option to turn them back on;
ok markus
- markus@cvs.openbsd.org 2004/06/22 03:12:13
[regress/envpass.sh regress/multiplex.sh]
more portable env passing tests
- dtucker@cvs.openbsd.org 2004/06/22 05:05:45
[monitor.c monitor_wrap.c]
Change login->username, will prevent -Wshadow errors in Portable;
ok markus@
- (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket".
- (dtucker) [defines.h] Define __dead if not already defined.
- (bal) [auth-passwd.c auth1.c] Clean up unused variables.
20040620
- (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms.
20040619
- (dtucker) [auth-pam.c] Don't use PAM namespace for
pam_password_change_required either.
- (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd
init script to top level directory. Add opensshd.init.in.
Remove contrib/solaris/buildpkg.sh, contrib/solaris/opensshd.in
20040618
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/17 14:52:48
[clientloop.c clientloop.h ssh.c]
support environment passing over shared connections; ok markus@
- djm@cvs.openbsd.org 2004/06/17 15:10:14
[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
Add option for confirmation (ControlMaster=ask) via ssh-askpass before
opening shared connections; ok markus@
- djm@cvs.openbsd.org 2004/06/17 14:53:27
[regress/multiplex.sh]
shared connection env passing regress test
- (dtucker) [regress/README.regress] Add detail on how to run a single
test from the top-level Makefile.
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/17 23:56:57
[ssh.1 ssh.c]
sync usage() and SYNPOSIS with connection sharing changes
- dtucker@cvs.openbsd.org 2004/06/18 06:13:25
[sftp.c]
Use execvp instead of execv so sftp -S ssh works. "makes sense" markus@
- dtucker@cvs.openbsd.org 2004/06/18 06:15:51
[multiplex.sh]
Use -S for scp/sftp to force the use of the ssh being tested.
ok djm@,markus@
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/18 10:40:19
[ssh.c]
delay signal handler setup until we have finished talking to the master.
allow interrupting of setup (e.g. if master is stuck); ok markus@
- markus@cvs.openbsd.org 2004/06/18 10:55:43
[ssh.1 ssh.c]
trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask';
ok djm
- djm@cvs.openbsd.org 2004/06/18 11:11:54
[channels.c clientloop.c]
Don't explode in clientloop when we receive a bogus channel id, but
also don't generate them to begin with; ok markus@
20040617
- (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
platforms), so test if diff understands it. Pointed out by tim@, ok djm@
- (dtucker) OpenBSD CVS Sync regress/
- dtucker@cvs.openbsd.org 2004/06/17 05:51:59
[regress/multiplex.sh]
Remove datafile between and after tests, kill sshd rather than wait;
ok djm@
- dtucker@cvs.openbsd.org 2004/06/17 06:00:05
[regress/multiplex.sh]
Use DATA and COPY for test data rather than hard-coded paths; ok djm@
- dtucker@cvs.openbsd.org 2004/06/17 06:19:06
[regress/multiplex.sh]
Add small description of failing test to failure message; ok djm@
- (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need
it.
- (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not
enough for slow systems, especially if they don't have a kernel RNG).
20040616
- (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
code changes.
- (dtucker) OpenBSD CVS Sync regress/
- djm@cvs.openbsd.org 2004/04/27 09:47:30
[regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
regress test for environment passing, SendEnv & AcceptEnv options;
ok markus@
- dtucker@cvs.openbsd.org 2004/06/13 13:51:02
[regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh
regress/scp.sh]
Add scp regression test; with & ok markus@
- djm@cvs.openbsd.org 2004/06/13 15:04:08
[regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
regress test for client multiplexing; ok markus@
- djm@cvs.openbsd.org 2004/06/13 15:16:54
[regress/test-exec.sh]
remove duplicate setting of $SCP; spotted by markus@
- dtucker@cvs.openbsd.org 2004/06/16 13:15:09
[regress/scp.sh]
Make scp -r tests use diff -rN not cmp (which won't do dirs. ok markus@
- dtucker@cvs.openbsd.org 2004/06/16 13:16:40
[regress/multiplex.sh]
Silence multiplex sftp and scp tests. ok markus@
- (dtucker) [regress/test-exec.sh]
Move Portable-only StrictModes to top of list to make syncs easier.
- (dtucker) [regress/README.regress]
Add $TEST_SHELL to readme.
20040615
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/05/26 08:59:57
[sftp.c]
exit -> _exit in forked child on error; from andrushock AT korovino.net
- markus@cvs.openbsd.org 2004/05/26 23:02:39
[channels.c]
missing freeaddrinfo; Andrey Matveev
- dtucker@cvs.openbsd.org 2004/05/27 00:50:13
[readconf.c]
Kill dead code after fatal(); ok djm@
- dtucker@cvs.openbsd.org 2004/06/01 14:20:45
[auth2-chall.c]
Remove redundant #include; ok markus@
- pedro@cvs.openbsd.org 2004/06/03 12:22:20
[sftp-client.c sftp.c]
initialize pointers, ok markus@
- djm@cvs.openbsd.org 2004/06/13 12:53:24
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
[ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@
- dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
List supported ciphers in man pages, tidy up ssh -c;
"looks fine" jmc@, ok markus@
- djm@cvs.openbsd.org 2004/06/13 15:03:02
[channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
[readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
implement session multiplexing in the client (the server has supported
this since 2.0); ok markus@
- djm@cvs.openbsd.org 2004/06/14 01:44:39
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
[sshd.c]
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
- djm@cvs.openbsd.org 2004/06/15 05:45:04
[clientloop.c]
missed one unset_nonblock; spotted by Tim Rice
- (djm) Fix Makefile.in for connection sharing changes
- (djm) [ssh.c] Use separate var for address length
20040603
- (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
ok djm@
20040601
- (djm) [auth-pam.c] Add copyright for local changes
20040530
- (dtucker) [auth-pam.c auth-pam.h auth-passwd.c] Bug #874: Re-add PAM
support for PasswordAuthentication=yes. ok djm@
- (dtucker) [auth-pam.c] Use an invalid password for root if
PermitRootLogin != yes or the login is invalid, to prevent leaking
information. Based on Openwall's owl-always-auth patch. ok djm@
- (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
- (tim) [buildpkg.sh.in] New file. A more flexible version of
contrib/solaris/buildpkg.sh used for "make package".
- (tim) [buildpkg.sh.in] Last minute fix didn't make it in the .in file.
20040527
- (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
and Jim Knoble's email address , from Jim himself.
20040524
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/05/19 12:17:33
[sftp-client.c sftp.c]
gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while
waiting for a command; ok markus@
- dtucker@cvs.openbsd.org 2004/05/20 10:58:05
[clientloop.c]
Trivial type fix 0 -> '\0'; ok markus@
- markus@cvs.openbsd.org 2004/05/21 08:43:03
[kex.h moduli.c tildexpand.c]
add prototypes for -Wall; ok djm
- djm@cvs.openbsd.org 2004/05/21 11:33:11
[channels.c channels.h clientloop.c serverloop.c ssh.1]
bz #756: add support for the cancel-tcpip-forward request for the server
and the client (through the ~C commandline). reported by z3p AT
twistedmatrix.com; ok markus@
- djm@cvs.openbsd.org 2004/05/22 06:32:12
[clientloop.c ssh.1]
use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
- jmc@cvs.openbsd.org 2004/05/22 16:01:05
[ssh.1]
kill whitespace at eol;
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config
sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
- (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
is terminated if the privsep slave exits during keyboard-interactive
authentication. ok djm@
- (dtucker) [sshd.c] Fix typo in comment.
20040523
- (djm) [sshd_config] Explain consequences of UsePAM=yes a little better in
sshd_config; ok dtucker@
- (djm) [configure.ac] Warn if the system has no known way of figuring out
which user is on the other end of a Unix domain socket; ok dtucker@
- (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle
old/broken/incomplete <sys/queue.h>.
20040513
- (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
libresolv, fixes problems detecting it on some platforms
(eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2004/05/04 18:36:07
[scp.1]
SendEnv here too;
- jmc@cvs.openbsd.org 2004/05/06 11:24:23
[ssh_config.5]
typo from John Cosimano (PR 3770);
- deraadt@cvs.openbsd.org 2004/05/08 00:01:37
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
tildexpand.c], removed: sshtty.h tildexpand.h
make two tiny header files go away; djm ok
- djm@cvs.openbsd.org 2004/05/08 00:21:31
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
kill a tiny header; ok deraadt@
- djm@cvs.openbsd.org 2004/05/09 00:06:47
[moduli.c ssh-keygen.c] removed: moduli.h
zap another tiny header; ok deraadt@
- djm@cvs.openbsd.org 2004/05/09 01:19:28
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
- djm@cvs.openbsd.org 2004/05/09 01:26:48
[kex.c]
don't overwrite what we are trying to compute
- deraadt@cvs.openbsd.org 2004/05/11 19:01:43
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
improve some code lint did not like; djm millert ok
- dtucker@cvs.openbsd.org 2004/05/13 02:47:50
[ssh-agent.1]
Add examples to ssh-agent.1, bz#481 from Ralf Hauser; ok deraadt@
- (dtucker) [sshd.8] Bug #843: Add warning about PasswordAuthentication to
UsePAM section. Parts from djm@ and jmc@.
- (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses
readpass.h, grep says scard-opensc.c does too. Replace with misc.h.
- (dtucker) [openbsd-compat/getrrsetbyname.c] Check that HAVE_DECL_H_ERROR
is defined before using.
- (dtucker) [openbsd-compat/getrrsetbyname.c] Fix typo too: HAVE_DECL_H_ERROR
-> HAVE_DECL_H_ERRNO.
20040502
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/04/22 11:56:57
[moduli.c]
Bugzilla #850: Sophie Germain is the correct name of the French
mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
- djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
ssh_config.5 sshd_config.5]
bz #815: implement ability to pass specified environment variables from
the client to the server; ok markus@
- djm@cvs.openbsd.org 2004/04/28 05:17:10
[ssh_config.5 sshd_config.5]
manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
- jmc@cvs.openbsd.org 2004/04/28 07:02:56
[sshd_config.5]
remove unnecessary .Pp;
- jmc@cvs.openbsd.org 2004/04/28 07:13:42
[sftp.1 ssh.1]
add SendEnv to -o list;
- dtucker@cvs.openbsd.org 2004/05/02 11:54:31
[sshd.8]
Man page grammar fix (bz #858), from damerell at chiark.greenend.org.uk
via Debian; ok djm@
- dtucker@cvs.openbsd.org 2004/05/02 11:57:52
[ssh.1]
ConnectionTimeout -> ConnectTimeout, from m.a.ellis at ncl.ac.uk via
Debian. ok djm@
- dtucker@cvs.openbsd.org 2004/05/02 23:02:17
[sftp.1]
ConnectionTimeout -> ConnectTimeout here too, pointed out by jmc@
- dtucker@cvs.openbsd.org 2004/05/02 23:17:51
[scp.1]
ConnectionTimeout -> ConnectTimeout for scp.1 too.
20040423
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno
as extern int if not already declared. Fixes compile errors on old SCO
platforms. ok tim@
- (dtucker) [README.platform] List prereqs for building on Cygwin.
20040421
- (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@
20040420
- (djm) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/04/08 16:08:21
[sshconnect2.c]
swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what
FreeBSD and NetBSD do.
ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
- djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
- djm@cvs.openbsd.org 2004/04/19 13:02:40
[ssh.1 ssh_config.5]
document strict permission checks on ~/.ssh/config; prompted by,
with & ok jmc@
- jmc@cvs.openbsd.org 2004/04/19 16:12:14
[ssh_config.5]
kill whitespace at eol;
- djm@cvs.openbsd.org 2004/04/19 21:51:49
[ssh.c]
fix idiot typo that i introduced in my last commit;
spotted by cschneid AT cschneid.com
- (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for
above change
- (djm) [configure.ac] Check whether libroken is required when building
with Heimdal
20040419
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2004/02/29 22:04:45
[regress/login-timeout.sh]
Use sudo when restarting daemon during test. ok markus@
- dtucker@cvs.openbsd.org 2004/03/08 10:17:12
[regress/login-timeout.sh]
Missing OBJ, from tim@. ok markus@ (Already fixed, ID sync only)
- djm@cvs.openbsd.org 2004/03/30 12:41:56
[sftp-client.c]
sync comment with reality
- djm@cvs.openbsd.org 2004/03/31 21:58:47
[canohost.c]
don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
- markus@cvs.openbsd.org 2004/04/01 12:19:57
[scp.c]
limit trust between local and remote rcp/scp process,
noticed by lcamtuf; ok deraadt@, djm@
20040418
- (dtucker) [auth-pam.c] Log username and source host for failed PAM
authentication attempts. With & ok djm@
- (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow
change of user context without a password, so relax auth method
restrictions; from vinschen AT redhat.com; ok dtucker@
- Release 3.8.1p1
20040416
- (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since
@ -983,4 +1654,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3316.2.1 2004/04/18 12:51:12 djm Exp $
$Id: ChangeLog,v 1.3517 2004/08/17 12:50:40 djm Exp $

4
crypto/openssh/INSTALL
View File

@ -30,7 +30,7 @@ libraries and headers.
GNOME:
http://www.gnome.org/
Alternatively, Jim Knoble <jmknoble@jmknoble.cx> has written an excellent X11
Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11
passphrase requester. This is maintained separately at:
http://www.jmknoble.net/software/x11-ssh-askpass/
@ -200,4 +200,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.63 2003/11/21 12:48:55 djm Exp $
$Id: INSTALL,v 1.64 2004/05/26 23:59:31 dtucker Exp $

28
crypto/openssh/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.257 2004/02/18 03:35:11 djm Exp $
# $Id: Makefile.in,v 1.263 2004/08/15 11:01:37 dtucker Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -67,22 +67,21 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o moduli.o mpaux.o nchan.o packet.o \
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \
rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
entropy.o scard-opensc.o gss-genr.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \
sshpty.o sshlogin.o servconf.o serverloop.o \
auth.o auth1.o auth2.o auth-options.o session.o \
auth-chall.o auth2-chall.o groupaccess.o \
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
kexdhs.o kexgexs.o \
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o
@ -200,11 +199,14 @@ clean: regressclean
distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
rm -f Makefile config.h config.status ssh_prng_cmds *~
rm -f *.out core opensshd.init
rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~
rm -rf autom4te.cache
(cd openbsd-compat && $(MAKE) distclean)
(cd scard && $(MAKE) distclean)
if test -d pkg ; then \
rm -fr pkg ; \
fi
veryclean: distclean
rm -f configure config.h.in *.0
@ -375,7 +377,7 @@ tests: $(TARGETS)
[ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \
[ -f `pwd`/regress/Makefile ] || \
ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \
TEST_SHELL="@TEST_MINUS_S_SH@"; \
TEST_SHELL="@TEST_SHELL@"; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
@ -407,3 +409,9 @@ regressclean:
if [ -f regress/Makefile -a -r regress/Makefile ]; then \
(cd regress && $(MAKE) clean) \
fi
package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
sh buildpkg.sh; \
fi

1
crypto/openssh/OVERVIEW
View File

@ -40,7 +40,6 @@ these programs.
Multiple Precision Integer Library
- Uses the SSLeay BIGNUM sublibrary.
- Some auxiliary functions for mp-int manipulation are in mpaux.c.
Random Numbers

20
crypto/openssh/README
View File

@ -15,10 +15,11 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at http://www.openssh.com/
This port consists of the re-introduction of autoconf support, PAM
support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
for OpenBSD library functions that are (regrettably) absent from other
unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
Irix and AIX. Support for SCO, NeXT and other Unices is underway.
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.
This version actively tracks changes in the OpenBSD CVS repository.
The PAM support is now more functional than the popular packages of
@ -32,13 +33,8 @@ refer to http://www.openssh.com/list.html for details on how to join.
Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by
unsubscribed users.
If you are a citizen of an USA-embargoed country to which export of
cryptographic products is restricted, then please refrain from sending
crypto-related code or patches to the list. We cannot accept them.
Other code contribution are accepted, but please follow the OpenBSD
style guidelines[6].
unsubscribed users.Code contribution are welcomed, but please follow the
OpenBSD style guidelines[6].
Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
@ -65,4 +61,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.54 2004/04/18 10:32:56 djm Exp $
$Id: README,v 1.56 2004/08/14 00:26:30 djm Exp $

10
crypto/openssh/README.platform
View File

@ -13,10 +13,18 @@ Accounts in this state must have their passwords reset manually by the
administrator. As a precaution, it is recommended that the administrative
passwords be reset before upgrading from OpenSSH <3.8.
Cygwin
------
To build on Cygwin, OpenSSH requires the following packages:
gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl,
openssl-devel, zlib, minres, minires-devel.
Solaris
-------
Currently, sshd does not support BSM auditting. This can show up as errors
when editting cron entries via crontab. See.
http://bugzilla.mindrot.org/show_bug.cgi?id=125
$Id: README.platform,v 1.1 2004/02/24 05:14:41 dtucker Exp $
$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $

8
crypto/openssh/README.privsep
View File

@ -42,9 +42,9 @@ PAM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
configuration.
On Compaq Tru64 Unix, only the pre-authentication part of privsep is
supported. Post-authentication privsep is disabled automatically (so
you won't see the additional process mentioned below).
On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
part of privsep is supported. Post-authentication privsep is disabled
automatically (so you won't see the additional process mentioned below).
Note that for a normal interactive login with a shell, enabling privsep
will require 1 additional process per login session.
@ -61,4 +61,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
$Id: README.privsep,v 1.13 2003/11/21 12:48:55 djm Exp $
$Id: README.privsep,v 1.14 2004/06/28 03:50:36 tim Exp $

12
crypto/openssh/auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.7 2003/11/21 11:57:03 djm Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -54,7 +54,7 @@ static void input_gssapi_errtok(int, u_int32_t, void *);
static int
userauth_gssapi(Authctxt *authctxt)
{
gss_OID_desc oid = {0, NULL};
gss_OID_desc goid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
gss_OID_set supported;
@ -85,9 +85,9 @@ userauth_gssapi(Authctxt *authctxt)
if (len > 2 &&
doid[0] == SSH_GSS_OIDTYPE &&
doid[1] == len - 2) {
oid.elements = doid + 2;
oid.length = len - 2;
gss_test_oid_set_member(&ms, &oid, supported,
goid.elements = doid + 2;
goid.length = len - 2;
gss_test_oid_set_member(&ms, &goid, supported,
&present);
} else {
logit("Badly formed OID received");
@ -101,7 +101,7 @@ userauth_gssapi(Authctxt *authctxt)
return (0);
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) {
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
xfree(doid);
return (0);
}

11
crypto/openssh/auth2-none.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-none.c,v 1.6 2003/08/26 09:58:43 markus Exp $");
RCSID("$OpenBSD: auth2-none.c,v 1.7 2004/05/11 19:01:43 deraadt Exp $");
#include "auth.h"
#include "xmalloc.h"
@ -46,7 +46,7 @@ auth2_read_banner(void)
{
struct stat st;
char *banner = NULL;
off_t len, n;
size_t len, n;
int fd;
if ((fd = open(options.banner, O_RDONLY)) == -1)
@ -55,7 +55,12 @@ auth2_read_banner(void)
close(fd);
return (NULL);
}
len = st.st_size;
if (st.st_size > 1*1024*1024) {
close(fd);
return (NULL);
}
len = (size_t)st.st_size; /* truncate */
banner = xmalloc(len + 1);
n = atomicio(read, fd, banner, len);
close(fd);

8
crypto/openssh/auth2-pubkey.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-pubkey.c,v 1.6 2004/01/19 21:25:15 markus Exp $");
RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@ -205,7 +205,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
found = key_new(key->type);
while (fgets(line, sizeof(line), f)) {
char *cp, *options = NULL;
char *cp, *key_options = NULL;
linenum++;
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@ -217,7 +217,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
/* no key? check if there are options for this key */
int quoted = 0;
debug2("user_key_allowed: check options: '%s'", cp);
options = cp;
key_options = cp;
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
if (*cp == '\\' && cp[1] == '"')
cp++; /* Skip both */
@ -234,7 +234,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
}
}
if (key_equal(found, key) &&
auth_parse_options(pw, options, file, linenum) == 1) {
auth_parse_options(pw, key_options, file, linenum) == 1) {
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);

562
crypto/openssh/buildpkg.sh.in Normal file
View File

@ -0,0 +1,562 @@
#!/bin/sh
#
# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
#
# The following code has been provide under Public Domain License. I really
# don't care what you use it for. Just as long as you don't complain to me
# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
#
umask 022
#
# Options for building the package
# You can create a openssh-config.local with your customized options
#
REMOVE_FAKE_ROOT_WHEN_DONE=yes
#
# uncommenting TEST_DIR and using
# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
# and
# PKGNAME=tOpenSSH should allow testing a package without interfering
# with a real OpenSSH package on a system. This is not needed on systems
# that support the -R option to pkgadd.
#TEST_DIR=/var/tmp # leave commented out for production build
PKGNAME=OpenSSH
# revisions within the same version (REV=a)
#REV=
SYSVINIT_NAME=opensshd
MAKE=${MAKE:="make"}
SSHDUID=67 # Default privsep uid
SSHDGID=67 # Default privsep gid
# uncomment these next three as needed
#PERMIT_ROOT_LOGIN=no
#X11_FORWARDING=yes
#USR_LOCAL_IS_SYMLINK=yes
# System V init run levels
SYSVINITSTART=S98
SYSVINITSTOPT=K30
# We will source these if they exist
POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh
POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
# We'll be one level deeper looking for these
PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
PKG_POSTINSTALL_LOCAL=../pkg-postinstall.local
PKG_PREREMOVE_LOCAL=../pkg-preremove.local
PKG_POSTREMOVE_LOCAL=../pkg-postremove.local
PKG_REQUEST_LOCAL=../pkg-request.local
# end of sourced files
#
OPENSSHD=opensshd.init
PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
PATH_USERADD_PROG=@PATH_USERADD_PROG@
PATH_PASSWD_PROG=@PATH_PASSWD_PROG@
#
# list of system directories we do NOT want to change owner/group/perms
# when installing our package
SYSTEM_DIR="/etc \
/etc/init.d \
/etc/rcS.d \
/etc/rc0.d \
/etc/rc1.d \
/etc/rc2.d \
/etc/opt \
/opt \
/opt/bin \
/usr \
/usr/bin \
/usr/lib \
/usr/sbin \
/usr/share \
/usr/share/man \
/usr/share/man/man1 \
/usr/share/man/man8 \
/usr/local \
/usr/local/bin \
/usr/local/etc \
/usr/local/libexec \
/usr/local/man \
/usr/local/man/man1 \
/usr/local/man/man8 \
/usr/local/sbin \
/usr/local/share \
/var \
/var/opt \
/var/run \
/var/tmp \
/tmp"
# We may need to build as root so we make sure PATH is set up
# only set the path if it's not set already
[ -d /opt/bin ] && {
echo $PATH | grep ":/opt/bin" > /dev/null 2>&1
[ $? -ne 0 ] && PATH=$PATH:/opt/bin
}
[ -d /usr/local/bin ] && {
echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
}
[ -d /usr/ccs/bin ] && {
echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
}
export PATH
#
[ -f Makefile ] || {
echo "Please run this script from your build directory"
exit 1
}
# we will look for openssh-config.local to override the above options
[ -s ./openssh-config.local ] && . ./openssh-config.local
START=`pwd`
FAKE_ROOT=$START/pkg
## Fill in some details, like prefix and sysconfdir
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir srcdir
do
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done
## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
do
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
done
## Set privsep defaults if not defined
if [ -z "$SSH_PRIVSEP_USER" ]
then
SSH_PRIVSEP_USER=sshd
fi
## Extract common info requires for the 'info' part of the package.
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
ARCH=`uname -m`
DEF_MSG="\n"
OS_VER=`uname -v`
SCRIPT_SHELL=/sbin/sh
UNAME_S=`uname -s`
case ${UNAME_S} in
SunOS) UNAME_S=Solaris
ARCH=`uname -p`
RCS_D=yes
DEF_MSG="(default: n)"
;;
SCO_SV) UNAME_S=OpenServer
OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'`
SCRIPT_SHELL=/bin/sh
RC1_D=no
DEF_MSG="(default: n)"
;;
esac
case `basename $0` in
buildpkg.sh)
## Start by faking root install
echo "Faking root install..."
[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
mkdir $FAKE_ROOT
${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
if [ $? -gt 0 ]
then
echo "Fake root install failed, stopping."
exit 1
fi
## Setup our run level stuff while we are at it.
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
[ "${PERMIT_ROOT_LOGIN}" = no ] && \
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
$FAKE_ROOT/${sysconfdir}/sshd_config
[ "${X11_FORWARDING}" = yes ] && \
perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
$FAKE_ROOT/${sysconfdir}/sshd_config
# fix PrintMotd
perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
$FAKE_ROOT/${sysconfdir}/sshd_config
# We don't want to overwrite config files on multiple installs
mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
# local tweeks here
[ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES}
cd $FAKE_ROOT
## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
## whining.
for i in *; do
PROTO_ARGS="$PROTO_ARGS $i=/$i";
done
## Build info file
echo "Building pkginfo file..."
cat > pkginfo << _EOF
PKG=$PKGNAME
NAME="OpenSSH Portable for ${UNAME_S}"
DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
ARCH=$ARCH
VERSION=$VERSION$REV
CATEGORY="Security,application"
BASEDIR=/
CLASSES="none"
PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
_EOF
## Build empty depend file that may get updated by $POST_PROTOTYPE_EDITS
echo "Building depend file..."
touch depend
## Build space file
echo "Building space file..."
cat > space << _EOF
# extra space required by start/stop links added by installf in postinstall
$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
_EOF
[ "$RC1_D" = no ] || \
echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
[ "$RCS_D" = yes ] && \
echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
## Build preinstall file
echo "Building preinstall file..."
cat > preinstall << _EOF
#! ${SCRIPT_SHELL}
#
_EOF
# local preinstall changes here
[ -s "${PKG_PREINSTALL_LOCAL}" ] && . ${PKG_PREINSTALL_LOCAL}
cat >> preinstall << _EOF
#
[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
exit 0
_EOF
## Build postinstall file
echo "Building postinstall file..."
cat > postinstall << _EOF
#! ${SCRIPT_SHELL}
#
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
}
# make rc?.d dirs only if we are doing a test install
[ -n "${TEST_DIR}" ] && {
[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
mkdir -p ${TEST_DIR}/etc/rc0.d
[ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
mkdir -p ${TEST_DIR}/etc/rc2.d
}
if [ "\${USE_SYM_LINKS}" = yes ]
then
[ "$RCS_D" = yes ] && \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
[ "$RC1_D" = no ] || \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
else
[ "$RCS_D" = yes ] && \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
[ "$RC1_D" = no ] || \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
fi
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 0755 root sys
_EOF
# local postinstall changes here
[ -s "${PKG_POSTINSTALL_LOCAL}" ] && . ${PKG_POSTINSTALL_LOCAL}
cat >> postinstall << _EOF
installf -f ${PKGNAME}
# Use chroot to handle PKG_INSTALL_ROOT
if [ ! -z "\${PKG_INSTALL_ROOT}" ]
then
chroot="chroot \${PKG_INSTALL_ROOT}"
fi
# If this is a test build, we will skip the groupadd/useradd/passwd commands
if [ ! -z "${TEST_DIR}" ]
then
chroot=echo
fi
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
then
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
echo "or group."
else
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
# user required?
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\`
SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\`
else
DO_PASSWD=yes
fi
[ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER
# group required?
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null
then
echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists."
else
DO_GROUP=yes
fi
# create group if required
[ "\$DO_GROUP" = yes ] && {
# Use gid of 67 if possible
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
then
:
else
sshdgid="-g $SSHDGID"
fi
echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP."
\$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP
}
# Create user if required
[ "\$DO_PASSWD" = yes ] && {
# Use uid of 67 if possible
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
then
:
else
sshduid="-u $SSHDUID"
fi
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
\$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
\$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
}
fi
[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
exit 0
_EOF
## Build preremove file
echo "Building preremove file..."
cat > preremove << _EOF
#! ${SCRIPT_SHELL}
#
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
_EOF
# local preremove changes here
[ -s "${PKG_PREREMOVE_LOCAL}" ] && . ${PKG_PREREMOVE_LOCAL}
cat >> preremove << _EOF
exit 0
_EOF
## Build postremove file
echo "Building postremove file..."
cat > postremove << _EOF
#! ${SCRIPT_SHELL}
#
_EOF
# local postremove changes here
[ -s "${PKG_POSTREMOVE_LOCAL}" ] && . ${PKG_POSTREMOVE_LOCAL}
cat >> postremove << _EOF
exit 0
_EOF
## Build request file
echo "Building request file..."
cat > request << _EOF
trap 'exit 3' 15
_EOF
[ -x /usr/bin/ckyorn ] || cat >> request << _EOF
ckyorn() {
# for some strange reason OpenServer has no ckyorn
# We build a striped down version here
DEFAULT=n
PROMPT="Yes or No [yes,no,?,quit]"
HELP_PROMPT=" Enter y or yes if your answer is yes; n or no if your answer is no."
USAGE="usage: ckyorn [options]
where options may include:
-d default
-h help
-p prompt
"
if [ \$# != 0 ]
then
while getopts d:p:h: c
do
case \$c in
h) HELP_PROMPT="\$OPTARG" ;;
d) DEFAULT=\$OPTARG ;;
p) PROMPT=\$OPTARG ;;
\\?) echo "\$USAGE" 1>&2
exit 1 ;;
esac
done
shift \`expr \$OPTIND - 1\`
fi
while true
do
echo "\${PROMPT}\\c " 1>&2
read key
[ -z "\$key" ] && key=\$DEFAULT
case \$key in
[n,N]|[n,N][o,O]|[y,Y]|[y,Y][e,E][s,S]) echo "\${key}\\c"
exit 0 ;;
\\?) echo \$HELP_PROMPT 1>&2 ;;
q|quit) echo "q\\c" 1>&2
exit 3 ;;
esac
done
}
_EOF
cat >> request << _EOF
USE_SYM_LINKS=no
PRE_INS_STOP=no
POST_INS_START=no
# Use symbolic links?
ans=\`ckyorn -d n \
-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) USE_SYM_LINKS=yes ;;
esac
# determine if should restart the daemon
if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
then
ans=\`ckyorn -d n \
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) PRE_INS_STOP=yes
POST_INS_START=yes
;;
esac
else
# determine if we should start sshd
ans=\`ckyorn -d n \
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) POST_INS_START=yes ;;
esac
fi
# make parameters available to installation service,
# and so to any other packaging scripts
cat >\$1 <<!
USE_SYM_LINKS='\$USE_SYM_LINKS'
PRE_INS_STOP='\$PRE_INS_STOP'
POST_INS_START='\$POST_INS_START'
!
_EOF
# local request changes here
[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}
cat >> request << _EOF
exit 0
_EOF
## Next Build our prototype
echo "Building prototype file..."
cat >mk-proto.awk << _EOF
BEGIN { print "i pkginfo"; print "i depend"; \\
print "i preinstall"; print "i postinstall"; \\
print "i preremove"; print "i postremove"; \\
print "i request"; print "i space"; \\
split("$SYSTEM_DIR",sys_files); }
{
for (dir in sys_files) { if ( \$3 != sys_files[dir] )
{ if ( \$1 == "s" )
{ \$5=""; \$6=""; }
else
{ \$5="root"; \$6="sys"; }
}
else
{ \$4="?"; \$5="?"; \$6="?"; break;}
} }
{ print; }
_EOF
find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
# /usr/local is a symlink on some systems
[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
mv prototype.new prototype
}
## Step back a directory and now build the package.
cd ..
# local prototype tweeks here
[ -s "${POST_PROTOTYPE_EDITS}" ] && . ${POST_PROTOTYPE_EDITS}
echo "Building package.."
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
;;
justpkg.sh)
rm -fr ${FAKE_ROOT}/${PKGNAME}
grep -v "^PSTAMP=" $FAKE_ROOT/pkginfo > $$tmp
mv $$tmp $FAKE_ROOT/pkginfo
cat >> $FAKE_ROOT/pkginfo << _EOF
PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
_EOF
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
;;
esac
[ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT
exit 0

478
crypto/openssh/clientloop.c
View File

@ -59,7 +59,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.130 2004/08/11 21:43:04 avsm Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -79,9 +79,11 @@ RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $");
#include "clientloop.h"
#include "authfd.h"
#include "atomicio.h"
#include "sshtty.h"
#include "sshpty.h"
#include "misc.h"
#include "readpass.h"
#include "monitor_fdpass.h"
#include "match.h"
#include "msg.h"
/* import options */
extern Options options;
@ -92,6 +94,9 @@ extern int stdin_null_flag;
/* Flag indicating that no shell has been requested */
extern int no_shell_flag;
/* Control socket */
extern int control_fd;
/*
* Name of the host we are connecting to. This is the name given on the
* command line, or the HostName specified for the user-supplied name in a
@ -132,16 +137,27 @@ static int server_alive_timeouts = 0;
static void client_init_dispatch(void);
int session_ident = -1;
struct confirm_ctx {
int want_tty;
int want_subsys;
Buffer cmd;
char *term;
struct termios tio;
char **env;
};
/*XXX*/
extern Kex *xxx_kex;
void ssh_process_session2_setup(int, int, int, Buffer *);
/* Restores stdin to blocking mode. */
static void
leave_non_blocking(void)
{
if (in_non_blocking_mode) {
(void) fcntl(fileno(stdin), F_SETFL, 0);
unset_nonblock(fileno(stdin));
in_non_blocking_mode = 0;
}
}
@ -152,7 +168,7 @@ static void
enter_non_blocking(void)
{
in_non_blocking_mode = 1;
(void) fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
set_nonblock(fileno(stdin));
}
/*
@ -292,19 +308,13 @@ client_check_window_change(void)
/** XXX race */
received_window_change_signal = 0;
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
return;
debug2("client_check_window_change: changed");
if (compat20) {
channel_request_start(session_ident, "window-change", 0);
packet_put_int(ws.ws_col);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_xpixel);
packet_put_int(ws.ws_ypixel);
packet_send();
channel_send_window_changes();
} else {
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
return;
packet_start(SSH_CMSG_WINDOW_SIZE);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_col);
@ -336,10 +346,9 @@ server_alive_check(void)
* Waits until the client can do something (some data becomes available on
* one of the file descriptors).
*/
static void
client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
int *maxfdp, int *nallocp, int rekeying)
int *maxfdp, u_int *nallocp, int rekeying)
{
struct timeval tv, *tvp;
int ret;
@ -382,6 +391,9 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
if (packet_have_data_to_write())
FD_SET(connection_out, *writesetp);
if (control_fd != -1)
FD_SET(control_fd, *readsetp);
/*
* Wait for something to happen. This will suspend the process until
* some selected descriptor can be read, written, or has some other
@ -390,7 +402,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
if (options.server_alive_interval == 0 || !compat20)
tvp = NULL;
else {
else {
tv.tv_sec = options.server_alive_interval;
tv.tv_usec = 0;
tvp = &tv;
@ -500,6 +512,222 @@ client_process_net_input(fd_set * readset)
}
}
static void
client_subsystem_reply(int type, u_int32_t seq, void *ctxt)
{
int id;
Channel *c;
id = packet_get_int();
packet_check_eom();
if ((c = channel_lookup(id)) == NULL) {
error("%s: no channel for id %d", __func__, id);
return;
}
if (type == SSH2_MSG_CHANNEL_SUCCESS)
debug2("Request suceeded on channel %d", id);
else if (type == SSH2_MSG_CHANNEL_FAILURE) {
error("Request failed on channel %d", id);
channel_free(c);
}
}
static void
client_extra_session2_setup(int id, void *arg)
{
struct confirm_ctx *cctx = arg;
Channel *c;
int i;
if (cctx == NULL)
fatal("%s: cctx == NULL", __func__);
if ((c = channel_lookup(id)) == NULL)
fatal("%s: no channel for id %d", __func__, id);
client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
client_subsystem_reply);
c->confirm_ctx = NULL;
buffer_free(&cctx->cmd);
xfree(cctx->term);
if (cctx->env != NULL) {
for (i = 0; cctx->env[i] != NULL; i++)
xfree(cctx->env[i]);
xfree(cctx->env);
}
xfree(cctx);
}
static void
client_process_control(fd_set * readset)
{
Buffer m;
Channel *c;
int client_fd, new_fd[3], ver, i, allowed;
socklen_t addrlen;
struct sockaddr_storage addr;
struct confirm_ctx *cctx;
char *cmd;
u_int len, env_len;
uid_t euid;
gid_t egid;
/*
* Accept connection on control socket
*/
if (control_fd == -1 || !FD_ISSET(control_fd, readset))
return;
memset(&addr, 0, sizeof(addr));
addrlen = sizeof(addr);
if ((client_fd = accept(control_fd,
(struct sockaddr*)&addr, &addrlen)) == -1) {
error("%s accept: %s", __func__, strerror(errno));
return;
}
if (getpeereid(client_fd, &euid, &egid) < 0) {
error("%s getpeereid failed: %s", __func__, strerror(errno));
close(client_fd);
return;
}
if ((euid != 0) && (getuid() != euid)) {
error("control mode uid mismatch: peer euid %u != uid %u",
(u_int) euid, (u_int) getuid());
close(client_fd);
return;
}
allowed = 1;
if (options.control_master == 2) {
char *p, prompt[1024];
allowed = 0;
snprintf(prompt, sizeof(prompt),
"Allow shared connection to %s? ", host);
p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
if (p != NULL) {
/*
* Accept empty responses and responses consisting
* of the word "yes" as affirmative.
*/
if (*p == '\0' || *p == '\n' ||
strcasecmp(p, "yes") == 0)
allowed = 1;
xfree(p);
}
}
unset_nonblock(client_fd);
buffer_init(&m);
buffer_put_int(&m, allowed);
buffer_put_int(&m, getpid());
if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
buffer_free(&m);
return;
}
buffer_clear(&m);
if (!allowed) {
error("Refused control connection");
close(client_fd);
buffer_free(&m);
return;
}
if (ssh_msg_recv(client_fd, &m) == -1) {
error("%s: client msg_recv failed", __func__);
close(client_fd);
buffer_free(&m);
return;
}
if ((ver = buffer_get_char(&m)) != 0) {
error("%s: wrong client version %d", __func__, ver);
buffer_free(&m);
close(client_fd);
return;
}
cctx = xmalloc(sizeof(*cctx));
memset(cctx, 0, sizeof(*cctx));
cctx->want_tty = buffer_get_int(&m);
cctx->want_subsys = buffer_get_int(&m);
cctx->term = buffer_get_string(&m, &len);
cmd = buffer_get_string(&m, &len);
buffer_init(&cctx->cmd);
buffer_append(&cctx->cmd, cmd, strlen(cmd));
env_len = buffer_get_int(&m);
env_len = MIN(env_len, 4096);
debug3("%s: receiving %d env vars", __func__, env_len);
if (env_len != 0) {
cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
for (i = 0; i < env_len; i++)
cctx->env[i] = buffer_get_string(&m, &len);
cctx->env[i] = NULL;
}
debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
cctx->want_tty, cctx->want_subsys, cmd);
/* Gather fds from client */
new_fd[0] = mm_receive_fd(client_fd);
new_fd[1] = mm_receive_fd(client_fd);
new_fd[2] = mm_receive_fd(client_fd);
debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
new_fd[0], new_fd[1], new_fd[2]);
/* Try to pick up ttymodes from client before it goes raw */
if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
error("%s: tcgetattr: %s", __func__, strerror(errno));
buffer_clear(&m);
if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
close(new_fd[0]);
close(new_fd[1]);
close(new_fd[2]);
buffer_free(&m);
return;
}
buffer_free(&m);
/* enable nonblocking unless tty */
if (!isatty(new_fd[0]))
set_nonblock(new_fd[0]);
if (!isatty(new_fd[1]))
set_nonblock(new_fd[1]);
if (!isatty(new_fd[2]))
set_nonblock(new_fd[2]);
set_nonblock(client_fd);
c = channel_new("session", SSH_CHANNEL_OPENING,
new_fd[0], new_fd[1], new_fd[2],
CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT,
CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
/* XXX */
c->ctl_fd = client_fd;
debug3("%s: channel_new: %d", __func__, c->self);
channel_send_open(c->self);
channel_register_confirm(c->self, client_extra_session2_setup, cctx);
}
static void
process_cmdline(void)
{
@ -507,6 +735,7 @@ process_cmdline(void)
char *s, *cmd;
u_short fwd_port, fwd_host_port;
char buf[1024], sfwd_port[6], sfwd_host_port[6];
int delete = 0;
int local = 0;
leave_raw_mode();
@ -516,44 +745,77 @@ process_cmdline(void)
goto out;
while (*s && isspace(*s))
s++;
if (*s == 0)
if (*s == '-')
s++; /* Skip cmdline '-', if any */
if (*s == '\0')
goto out;
if (strlen(s) < 2 || s[0] != '-' || !(s[1] == 'L' || s[1] == 'R')) {
if (*s == 'h' || *s == 'H' || *s == '?') {
logit("Commands:");
logit(" -Lport:host:hostport Request local forward");
logit(" -Rport:host:hostport Request remote forward");
logit(" -KRhostport Cancel remote forward");
goto out;
}
if (*s == 'K') {
delete = 1;
s++;
}
if (*s != 'L' && *s != 'R') {
logit("Invalid command.");
goto out;
}
if (s[1] == 'L')
if (*s == 'L')
local = 1;
if (!local && !compat20) {
if (local && delete) {
logit("Not supported.");
goto out;
}
if ((!local || delete) && !compat20) {
logit("Not supported for SSH protocol version 1.");
goto out;
}
s += 2;
s++;
while (*s && isspace(*s))
s++;
if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",
sfwd_port, buf, sfwd_host_port) != 3 &&
sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
sfwd_port, buf, sfwd_host_port) != 3) {
logit("Bad forwarding specification.");
goto out;
}
if ((fwd_port = a2port(sfwd_port)) == 0 ||
(fwd_host_port = a2port(sfwd_host_port)) == 0) {
logit("Bad forwarding port(s).");
goto out;
}
if (local) {
if (channel_setup_local_fwd_listener(fwd_port, buf,
fwd_host_port, options.gateway_ports) < 0) {
logit("Port forwarding failed.");
if (delete) {
if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) {
logit("Bad forwarding specification.");
goto out;
}
} else
channel_request_remote_forwarding(fwd_port, buf,
fwd_host_port);
logit("Forwarding port.");
if ((fwd_host_port = a2port(sfwd_host_port)) == 0) {
logit("Bad forwarding port(s).");
goto out;
}
channel_request_rforward_cancel(fwd_host_port);
} else {
if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",
sfwd_port, buf, sfwd_host_port) != 3 &&
sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
sfwd_port, buf, sfwd_host_port) != 3) {
logit("Bad forwarding specification.");
goto out;
}
if ((fwd_port = a2port(sfwd_port)) == 0 ||
(fwd_host_port = a2port(sfwd_host_port)) == 0) {
logit("Bad forwarding port(s).");
goto out;
}
if (local) {
if (channel_setup_local_fwd_listener(fwd_port, buf,
fwd_host_port, options.gateway_ports) < 0) {
logit("Port forwarding failed.");
goto out;
}
} else
channel_request_remote_forwarding(fwd_port, buf,
fwd_host_port);
logit("Forwarding port.");
}
out:
signal(SIGINT, handler);
enter_raw_mode();
@ -868,9 +1130,6 @@ simple_escape_filter(Channel *c, char *buf, int len)
static void
client_channel_closed(int id, void *arg)
{
if (id != session_ident)
error("client_channel_closed: id %d != session_ident %d",
id, session_ident);
channel_cancel_cleanup(id);
session_closed = 1;
leave_raw_mode();
@ -888,7 +1147,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
fd_set *readset = NULL, *writeset = NULL;
double start_time, total_time;
int max_fd = 0, max_fd2 = 0, len, rekeying = 0, nalloc = 0;
int max_fd = 0, max_fd2 = 0, len, rekeying = 0;
u_int nalloc = 0;
char buf[100];
debug("Entering interactive session.");
@ -904,6 +1164,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
max_fd = MAX(connection_in, connection_out);
if (control_fd != -1)
max_fd = MAX(max_fd, control_fd);
if (!compat20) {
/* enable nonblocking unless tty */
@ -1021,6 +1283,9 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
/* Buffer input from the connection. */
client_process_net_input(readset);
/* Accept control connections. */
client_process_control(readset);
if (quit_pending)
break;
@ -1352,7 +1617,7 @@ static void
client_input_channel_req(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
int id, reply, success = 0;
int exitval, id, reply, success = 0;
char *rtype;
id = packet_get_int();
@ -1362,24 +1627,28 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
debug("client_input_channel_req: channel %d rtype %s reply %d",
id, rtype, reply);
if (session_ident == -1) {
error("client_input_channel_req: no channel %d", session_ident);
} else if (id != session_ident) {
error("client_input_channel_req: channel %d: wrong channel: %d",
session_ident, id);
}
c = channel_lookup(id);
if (c == NULL) {
if (id == -1) {
error("client_input_channel_req: request for channel -1");
} else if ((c = channel_lookup(id)) == NULL) {
error("client_input_channel_req: channel %d: unknown channel", id);
} else if (strcmp(rtype, "exit-status") == 0) {
success = 1;
exit_status = packet_get_int();
exitval = packet_get_int();
if (id == session_ident) {
success = 1;
exit_status = exitval;
} else if (c->ctl_fd == -1) {
error("client_input_channel_req: unexpected channel %d",
session_ident);
} else {
atomicio(vwrite, c->ctl_fd, &exitval, sizeof(exitval));
success = 1;
}
packet_check_eom();
}
if (reply) {
packet_start(success ?
SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
packet_put_int(c->remote_id);
packet_put_int(id);
packet_send();
}
xfree(rtype);
@ -1404,6 +1673,97 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
xfree(rtype);
}
void
client_session2_setup(int id, int want_tty, int want_subsystem,
const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env,
dispatch_fn *subsys_repl)
{
int len;
debug2("%s: id %d", __func__, id);
if (want_tty) {
struct winsize ws;
struct termios tio;
/* Store window size in the packet. */
if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0)
memset(&ws, 0, sizeof(ws));
channel_request_start(id, "pty-req", 0);
packet_put_cstring(term != NULL ? term : "");
packet_put_int(ws.ws_col);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_xpixel);
packet_put_int(ws.ws_ypixel);
tio = get_saved_tio();
tty_make_modes(-1, tiop != NULL ? tiop : &tio);
packet_send();
/* XXX wait for reply */
}
/* Transfer any environment variables from client to server */
if (options.num_send_env != 0 && env != NULL) {
int i, j, matched;
char *name, *val;
debug("Sending environment.");
for (i = 0; env[i] != NULL; i++) {
/* Split */
name = xstrdup(env[i]);
if ((val = strchr(name, '=')) == NULL) {
free(name);
continue;
}
*val++ = '\0';
matched = 0;
for (j = 0; j < options.num_send_env; j++) {
if (match_pattern(name, options.send_env[j])) {
matched = 1;
break;
}
}
if (!matched) {
debug3("Ignored env %s", name);
free(name);
continue;
}
debug("Sending env %s = %s", name, val);
channel_request_start(id, "env", 0);
packet_put_cstring(name);
packet_put_cstring(val);
packet_send();
free(name);
}
}
len = buffer_len(cmd);
if (len > 0) {
if (len > 900)
len = 900;
if (want_subsystem) {
debug("Sending subsystem: %.*s", len, (u_char*)buffer_ptr(cmd));
channel_request_start(id, "subsystem", subsys_repl != NULL);
if (subsys_repl != NULL) {
/* register callback for reply */
/* XXX we assume that client_loop has already been called */
dispatch_set(SSH2_MSG_CHANNEL_FAILURE, subsys_repl);
dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, subsys_repl);
}
} else {
debug("Sending command: %.*s", len, (u_char*)buffer_ptr(cmd));
channel_request_start(id, "exec", 0);
}
packet_put_string(buffer_ptr(cmd), buffer_len(cmd));
packet_send();
} else {
channel_request_start(id, "shell", 0);
packet_send();
}
}
static void
client_init_dispatch_20(void)
{
@ -1470,5 +1830,7 @@ cleanup_exit(int i)
{
leave_raw_mode();
leave_non_blocking();
if (options.control_path != NULL && control_fd != -1)
unlink(options.control_path);
_exit(i);
}

4
crypto/openssh/clientloop.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.h,v 1.8 2003/12/16 15:49:51 markus Exp $ */
/* $OpenBSD: clientloop.h,v 1.11 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -38,3 +38,5 @@
/* Client side main loop for the interactive session. */
int client_loop(int, int, int);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
int, Buffer *, char **, dispatch_fn *);

441
crypto/openssh/config.guess vendored
View File

@ -1,9 +1,9 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002 Free Software Foundation, Inc.
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
timestamp='2002-07-23'
timestamp='2003-10-03'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -98,30 +98,32 @@ trap 'exit 1' 1 2 15
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
# use `HOST_CC' if defined, but it is deprecated.
# This shell variable is my proudest work .. or something. --bje
# Portable tmp directory creation inspired by the Autoconf team.
set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
|| (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
dummy=$tmpdir/dummy ;
files="$dummy.c $dummy.o $dummy.rel $dummy" ;
trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
set_cc_for_build='
trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
: ${TMPDIR=/tmp} ;
{ tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
dummy=$tmp/dummy ;
tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
case $CC_FOR_BUILD,$HOST_CC,$CC in
,,) echo "int x;" > $dummy.c ;
for c in cc gcc c89 c99 ; do
if ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; then
if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
CC_FOR_BUILD="$c"; break ;
fi ;
done ;
rm -f $files ;
if test x"$CC_FOR_BUILD" = x ; then
CC_FOR_BUILD=no_compiler_found ;
fi
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
esac ;
unset files'
esac ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
@ -174,11 +176,22 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
fi
;;
*)
os=netbsd
os=netbsd
;;
esac
# The OS release
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
# kernel version information, so it can be replaced with a
# suitable tag, in the style of linux-gnu.
case "${UNAME_VERSION}" in
Debian*)
release='-gnu'
;;
*)
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
@ -227,68 +240,52 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
if test $UNAME_RELEASE = "V4.0"; then
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
fi
# According to Compaq, /usr/sbin/psrinfo has been available on
# OSF/1 and Tru64 systems produced since 1995. I hope that
# covers most systems running today. This code pipes the CPU
# types through head -n 1, so we only detect the type of CPU 0.
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE="alpha" ;;
"EV4.5 (21064)")
UNAME_MACHINE="alpha" ;;
"LCA4 (21066/21068)")
UNAME_MACHINE="alpha" ;;
"EV5 (21164)")
UNAME_MACHINE="alphaev5" ;;
"EV5.6 (21164A)")
UNAME_MACHINE="alphaev56" ;;
"EV5.6 (21164PC)")
UNAME_MACHINE="alphapca56" ;;
"EV5.7 (21164PC)")
UNAME_MACHINE="alphapca57" ;;
"EV6 (21264)")
UNAME_MACHINE="alphaev6" ;;
"EV6.7 (21264A)")
UNAME_MACHINE="alphaev67" ;;
"EV6.8CB (21264C)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8AL (21264B)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8CX (21264D)")
UNAME_MACHINE="alphaev68" ;;
"EV6.9A (21264/EV69A)")
UNAME_MACHINE="alphaev69" ;;
"EV7 (21364)")
UNAME_MACHINE="alphaev7" ;;
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
esac
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
eval $set_cc_for_build
cat <<EOF >$dummy.s
.data
\$Lformat:
.byte 37,100,45,37,120,10,0 # "%d-%x\n"
.text
.globl main
.align 4
.ent main
main:
.frame \$30,16,\$26,0
ldgp \$29,0(\$27)
.prologue 1
.long 0x47e03d80 # implver \$0
lda \$2,-1
.long 0x47e20c21 # amask \$2,\$1
lda \$16,\$Lformat
mov \$0,\$17
not \$1,\$18
jsr \$26,printf
ldgp \$29,0(\$26)
mov 0,\$16
jsr \$26,exit
.end main
EOF
$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
if test "$?" = 0 ; then
case `$dummy` in
0-0)
UNAME_MACHINE="alpha"
;;
1-0)
UNAME_MACHINE="alphaev5"
;;
1-1)
UNAME_MACHINE="alphaev56"
;;
1-101)
UNAME_MACHINE="alphapca56"
;;
2-303)
UNAME_MACHINE="alphaev6"
;;
2-307)
UNAME_MACHINE="alphaev67"
;;
2-1307)
UNAME_MACHINE="alphaev68"
;;
3-1307)
UNAME_MACHINE="alphaev7"
;;
esac
fi
rm -f $dummy.s $dummy && rmdir $tmpdir
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
exit 0 ;;
Alpha*:OpenVMS:*:*)
echo alpha-hp-vms
exit 0 ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
@ -327,6 +324,9 @@ EOF
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
exit 0 ;;
DRS?6000:unix:4.0:6*)
echo sparc-icl-nx6
exit 0 ;;
DRS?6000:UNIX_SV:4.2*:7*)
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7 && exit 0 ;;
@ -382,23 +382,23 @@ EOF
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
exit 0 ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
echo m68k-milan-mint${UNAME_RELEASE}
exit 0 ;;
echo m68k-milan-mint${UNAME_RELEASE}
exit 0 ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
echo m68k-hades-mint${UNAME_RELEASE}
exit 0 ;;
echo m68k-hades-mint${UNAME_RELEASE}
exit 0 ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
echo m68k-unknown-mint${UNAME_RELEASE}
exit 0 ;;
echo m68k-unknown-mint${UNAME_RELEASE}
exit 0 ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit 0 ;;
@ -437,16 +437,18 @@ EOF
exit (-1);
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy \
$CC_FOR_BUILD -o $dummy $dummy.c \
&& $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
&& rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
rm -f $dummy.c $dummy && rmdir $tmpdir
&& exit 0
echo mips-mips-riscos${UNAME_RELEASE}
exit 0 ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
exit 0 ;;
Night_Hawk:*:*:PowerMAX_OS)
Motorola:*:4.3:PL8-*)
echo powerpc-harris-powermax
exit 0 ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
exit 0 ;;
Night_Hawk:Power_UNIX:*:*)
@ -462,8 +464,8 @@ EOF
echo m88k-motorola-sysv3
exit 0 ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
@ -476,7 +478,7 @@ EOF
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
exit 0 ;;
exit 0 ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit 0 ;;
@ -521,8 +523,7 @@ EOF
exit(0);
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
rm -f $dummy.c $dummy && rmdir $tmpdir
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo rs6000-ibm-aix3.2.5
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
@ -573,58 +574,68 @@ EOF
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
esac ;;
esac
esac ;;
esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#define _HPUX_SOURCE
#include <stdlib.h>
#include <unistd.h>
#define _HPUX_SOURCE
#include <stdlib.h>
#include <unistd.h>
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy`
if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
rm -f $dummy.c $dummy && rmdir $tmpdir
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
then
# avoid double evaluation of $set_cc_for_build
test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
then
HP_ARCH="hppa2.0w"
else
HP_ARCH="hppa64"
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
exit 0 ;;
ia64:HP-UX:*:*)
@ -658,8 +669,7 @@ EOF
exit (0);
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
rm -f $dummy.c $dummy && rmdir $tmpdir
$CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
echo unknown-hitachi-hiuxwe2
exit 0 ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@ -689,22 +699,22 @@ EOF
exit 0 ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
exit 0 ;;
exit 0 ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
exit 0 ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
exit 0 ;;
exit 0 ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
exit 0 ;;
exit 0 ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
exit 0 ;;
exit 0 ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
@ -717,9 +727,6 @@ EOF
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*T3D:*:*:*)
echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
@ -727,14 +734,14 @@ EOF
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
*:UNICOS/mp:*:*)
echo nv1-cray-unicosmp | sed -e 's/\.[^.]*$/.X/'
echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit 0 ;;
@ -744,7 +751,7 @@ EOF
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
*:FreeBSD:*:*)
*:FreeBSD:*:*|*:GNU/FreeBSD:*:*)
# Determine whether the default compiler uses glibc.
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
@ -756,8 +763,10 @@ EOF
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
rm -f $dummy.c && rmdir $tmpdir
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
# GNU/FreeBSD systems have a "k" prefix to indicate we are using
# FreeBSD's kernel, but not the complete OS.
case ${LIBC} in gnu) kernel_only='k' ;; esac
echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
exit 0 ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
@ -768,14 +777,17 @@ EOF
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit 0 ;;
x86:Interix*:3*)
echo i386-pc-interix3
x86:Interix*:[34]*)
echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
exit 0 ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit 0 ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i386-pc-interix
echo i586-pc-interix
exit 0 ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
@ -795,6 +807,9 @@ EOF
arm*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
cris:Linux:*:*)
echo cris-axis-linux-gnu
exit 0 ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
@ -818,8 +833,26 @@ EOF
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
rm -f $dummy.c && rmdir $tmpdir
test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
;;
mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
#undef mips64
#undef mips64el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
CPU=mips64el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
CPU=mips64
#else
CPU=
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
@ -836,7 +869,7 @@ EOF
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
esac
objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
@ -855,6 +888,9 @@ EOF
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
exit 0 ;;
sh64*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit 0 ;;
@ -875,7 +911,7 @@ EOF
s/.*supported targets: *//
s/ .*//
p'`
case "$ld_supported_targets" in
case "$ld_supported_targets" in
elf32-i386)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
@ -912,9 +948,11 @@ EOF
LIBC=gnuaout
#endif
#endif
#ifdef __dietlibc__
LIBC=dietlibc
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
rm -f $dummy.c && rmdir $tmpdir
test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
;;
@ -925,13 +963,30 @@ EOF
echo i386-sequent-sysv4
exit 0 ;;
i*86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
# Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit 0 ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
exit 0 ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
exit 0 ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
exit 0 ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
exit 0 ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
@ -966,15 +1021,12 @@ EOF
echo ${UNAME_MACHINE}-pc-sysv32
fi
exit 0 ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
exit 0 ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
exit 0 ;;
exit 0 ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit 0 ;;
@ -992,9 +1044,15 @@ EOF
# "miniframe"
echo m68010-convergent-sysv
exit 0 ;;
mc68k:UNIX:SYSTEM5:3.51m)
echo m68k-convergent-sysv
exit 0 ;;
M680?0:D-NIX:5.3:*)
echo m68k-diab-dnix
exit 0 ;;
M68*:*:R3V[567]*:*)
test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)
3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
@ -1003,17 +1061,14 @@ EOF
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit 0 ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
@ -1041,9 +1096,9 @@ EOF
fi
exit 0 ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
exit 0 ;;
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
exit 0 ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
@ -1065,11 +1120,11 @@ EOF
exit 0 ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
echo mips-unknown-sysv${UNAME_RELEASE}
fi
exit 0 ;;
exit 0 ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit 0 ;;
@ -1085,6 +1140,9 @@ EOF
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
exit 0 ;;
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
exit 0 ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
@ -1092,7 +1150,11 @@ EOF
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Darwin:*:*)
echo `uname -p`-apple-darwin${UNAME_RELEASE}
case `uname -p` in
*86) UNAME_PROCESSOR=i686 ;;
powerpc) UNAME_PROCESSOR=powerpc ;;
esac
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit 0 ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
@ -1105,7 +1167,7 @@ EOF
*:QNX:*:4*)
echo i386-pc-qnx
exit 0 ;;
NSR-[GKLNPTVW]:NONSTOP_KERNEL:*:*)
NSR-[DGKLNPTVWY]:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit 0 ;;
*:NonStop-UX:*:*)
@ -1128,11 +1190,6 @@ EOF
fi
echo ${UNAME_MACHINE}-unknown-plan9
exit 0 ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
exit 0 ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
exit 0 ;;
@ -1151,11 +1208,8 @@ EOF
*:ITS:*:*)
echo pdp10-unknown-its
exit 0 ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
exit 0 ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
SEI:*:*:SEIUX)
echo mips-sei-seiux${UNAME_RELEASE}
exit 0 ;;
esac
@ -1179,11 +1233,11 @@ main ()
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
"4"
#else
""
#endif
); exit (0);
); exit (0);
#endif
#endif
@ -1277,8 +1331,7 @@ main ()
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
rm -f $dummy.c $dummy && rmdir $tmpdir
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
# Apollos put the system type in the environment.

135
crypto/openssh/config.sub vendored
View File

@ -1,9 +1,9 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002 Free Software Foundation, Inc.
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
timestamp='2002-07-03'
timestamp='2003-08-18'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@ -118,7 +118,7 @@ esac
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | freebsd*-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*)
nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@ -162,10 +162,10 @@ case $os in
os=-chorusos
basic_machine=$1
;;
-chorusrdb)
os=-chorusrdb
-chorusrdb)
os=-chorusrdb
basic_machine=$1
;;
;;
-hiux*)
os=-hiuxwe2
;;
@ -228,36 +228,42 @@ case $basic_machine in
| a29k \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k \
| ip2k | iq2000 \
| m32r | m68000 | m68k | m88k | mcore \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
| mips64vr | mips64vrel \
| mips64orion | mips64orionel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa64 | mipsisa64el \
| mipsisa64r2 | mipsisa64r2el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
| msp430 \
| ns16k | ns32k \
| openrisc | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
| sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
| strongarm \
| tahoe | thumb | tic80 | tron \
| tahoe | thumb | tic4x | tic80 | tron \
| v850 | v850e \
| we32k \
| x86 | xscale | xstormy16 | xtensa \
@ -292,7 +298,7 @@ case $basic_machine in
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
| bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c54x-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
@ -300,32 +306,39 @@ case $basic_machine in
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* \
| ip2k-* | iq2000-* \
| m32r-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | mcore-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
| mips64vr-* | mips64vrel-* \
| mips64orion-* | mips64orionel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa64-* | mipsisa64el-* \
| mipsisa64r2-* | mipsisa64r2el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipstx39 | mipstx39el \
| none-* | np1-* | ns16k-* | ns32k-* | nv1-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipstx39-* | mipstx39el-* \
| msp430-* \
| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
| sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \
| tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
@ -363,6 +376,9 @@ case $basic_machine in
basic_machine=a29k-none
os=-bsd
;;
amd64)
basic_machine=x86_64-pc
;;
amdahl)
basic_machine=580-amdahl
os=-sysv
@ -712,11 +728,12 @@ case $basic_machine in
np1)
basic_machine=np1-gould
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
nv1)
basic_machine=nv1-cray
os=-unicosmp
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
@ -754,21 +771,27 @@ case $basic_machine in
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
;;
pentiumpro | p6 | 6x86 | athlon)
pentiumpro | p6 | 6x86 | athlon | athlon_*)
basic_machine=i686-pc
;;
pentiumii | pentium2)
pentiumii | pentium2 | pentiumiii | pentium3)
basic_machine=i686-pc
;;
pentium4)
basic_machine=i786-pc
;;
pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumii-* | pentium2-*)
pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentium4-*)
basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pn)
basic_machine=pn-gould
;;
@ -821,6 +844,16 @@ case $basic_machine in
basic_machine=a29k-amd
os=-udi
;;
sb1)
basic_machine=mipsisa64sb1-unknown
;;
sb1el)
basic_machine=mipsisa64sb1el-unknown
;;
sei)
basic_machine=mips-sei
os=-seiux
;;
sequent)
basic_machine=i386-sequent
;;
@ -828,6 +861,9 @@ case $basic_machine in
basic_machine=sh-hitachi
os=-hms
;;
sh64)
basic_machine=sh64-unknown
;;
sparclite-wrs | simso-wrs)
basic_machine=sparclite-wrs
os=-vxworks
@ -890,18 +926,10 @@ case $basic_machine in
basic_machine=sv1-cray
os=-unicos
;;
sx*-nec)
basic_machine=sx6-nec
os=-sysv
;;
symmetry)
basic_machine=i386-sequent
os=-dynix
;;
t3d)
basic_machine=alpha-cray
os=-unicos
;;
t3e)
basic_machine=alphaev5-cray
os=-unicos
@ -914,6 +942,14 @@ case $basic_machine in
basic_machine=tic54x-unknown
os=-coff
;;
tic55x | c55x*)
basic_machine=tic55x-unknown
os=-coff
;;
tic6x | c6x*)
basic_machine=tic6x-unknown
os=-coff
;;
tx39)
basic_machine=mipstx39-unknown
;;
@ -948,8 +984,8 @@ case $basic_machine in
os=-vms
;;
vpp*|vx|vx-*)
basic_machine=f301-fujitsu
;;
basic_machine=f301-fujitsu
;;
vxworks960)
basic_machine=i960-wrs
os=-vxworks
@ -970,10 +1006,6 @@ case $basic_machine in
basic_machine=hppa1.1-winbond
os=-proelf
;;
windows32)
basic_machine=i386-pc
os=-windows32-msvcrt
;;
xps | xps100)
basic_machine=xps100-honeywell
;;
@ -1020,7 +1052,7 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sh64)
@ -1044,10 +1076,6 @@ case $basic_machine in
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
c4x*)
basic_machine=c4x-none
os=-coff
;;
*-unknown)
# Make sure to match an already-canonicalized machine name.
;;
@ -1074,8 +1102,8 @@ esac
if [ x"$os" != x"" ]
then
case $os in
# First match some system type aliases
# that might get confused with valid system types.
# First match some system type aliases
# that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
@ -1103,18 +1131,19 @@ case $os in
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* | -powermax*)
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1126,8 +1155,10 @@ case $os in
;;
esac
;;
-nto-qnx*)
;;
-nto*)
os=-nto-qnx
os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
@ -1136,6 +1167,9 @@ case $os in
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
-linux-dietlibc)
os=-linux-dietlibc
;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
@ -1221,6 +1255,12 @@ case $os in
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
;;
-aros*)
os=-aros
;;
-kaos*)
os=-kaos
;;
-none)
;;
*)
@ -1252,6 +1292,9 @@ case $basic_machine in
arm*-semi)
os=-aout
;;
c4x-* | tic4x-*)
os=-coff
;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20

9
crypto/openssh/defines.h
View File

@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.115 2004/04/14 07:24:30 dtucker Exp $ */
/* $Id: defines.h,v 1.117 2004/06/22 03:27:16 dtucker Exp $ */
/* Constants */
@ -424,6 +424,10 @@ struct winsize {
# define __attribute__(x)
#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
#ifndef __dead
# define __dead __attribute__((noreturn))
#endif
/* *-*-nto-qnx doesn't define this macro in the system headers */
#ifdef MISSING_HOWMANY
# define howmany(x,y) (((x)+((y)-1))/(y))
@ -462,6 +466,9 @@ struct winsize {
(struct cmsghdr *)NULL)
#endif /* CMSG_FIRSTHDR */
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
/* Function replacement / compatibility hacks */

30
crypto/openssh/dh.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $");
RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $");
#include "xmalloc.h"
@ -115,8 +115,9 @@ choose_dh(int min, int wantbits, int max)
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
logit("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI);
return (dh_new_group1());
logit("WARNING: %s does not exist, using fixed modulus",
_PATH_DH_MODULI);
return (dh_new_group14());
}
linenum = 0;
@ -144,7 +145,7 @@ choose_dh(int min, int wantbits, int max)
if (bestcount == 0) {
fclose(f);
logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
return (NULL);
return (dh_new_group14());
}
linenum = 0;
@ -169,7 +170,7 @@ choose_dh(int min, int wantbits, int max)
return (dh_new_group(dhg.g, dhg.p));
}
/* diffie-hellman-group1-sha1 */
/* diffie-hellman-groupN-sha1 */
int
dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
@ -272,6 +273,25 @@ dh_new_group1(void)
return (dh_new_group_asc(gen, group1));
}
DH *
dh_new_group14(void)
{
static char *gen = "2", *group14 =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
"15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF";
return (dh_new_group_asc(gen, group14));
}
/*
* Estimates the group order for a Diffie-Hellman group that has an
* attack complexity approximately the same as O(2**bits). Estimate

3
crypto/openssh/dh.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dh.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */
/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@ -36,6 +36,7 @@ DH *choose_dh(int, int, int);
DH *dh_new_group_asc(const char *, const char *);
DH *dh_new_group(BIGNUM *, BIGNUM *);
DH *dh_new_group1(void);
DH *dh_new_group14(void);
void dh_gen_key(DH *, int);
int dh_pub_is_valid(DH *, BIGNUM *);

8
crypto/openssh/dns.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $ */
/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -43,7 +43,7 @@
#include "uuencode.h"
extern char *__progname;
RCSID("$OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $");
RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $");
#ifndef LWRES
static const char *errset_text[] = {
@ -56,9 +56,9 @@ static const char *errset_text[] = {
};
static const char *
dns_result_totext(unsigned int error)
dns_result_totext(unsigned int res)
{
switch (error) {
switch (res) {
case ERRSET_SUCCESS:
return errset_text[ERRSET_SUCCESS];
case ERRSET_NOMEMORY:

44
crypto/openssh/envpass.sh Normal file
View File

@ -0,0 +1,44 @@
# $OpenBSD: envpass.sh,v 1.1 2004/04/27 09:47:30 djm Exp $
# Placed in the Public Domain.
tid="environment passing"
# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
trace "pass env, don't accept"
verbose "test $tid: pass env, don't accept"
_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
'[ -z "$_TEST_ENV" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment found"
fi
trace "don't pass env, accept"
verbose "test $tid: don't pass env, accept"
${SSH} -F $OBJ/ssh_proxy otherhost \
'[ -z "$_XXX_TEST_A" -a -z "$_XXX_TEST_B" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment found"
fi
trace "pass single env, accept single env"
verbose "test $tid: pass single env, accept single env"
_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
'[ "x$_XXX_TEST" = "xblah" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment not found"
fi
trace "pass multiple env, accept multiple env"
verbose "test $tid: pass multiple env, accept multiple env"
_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
-F $OBJ/ssh_proxy otherhost \
'[ "x$_XXX_TEST_A" = "x1" -a "x$_XXX_TEST_B" = "x2" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment not found"
fi

10
crypto/openssh/gss-serv-krb5.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.2 2003/11/21 11:57:03 djm Exp $ */
/* $OpenBSD: gss-serv-krb5.c,v 1.3 2004/07/21 10:36:23 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -53,7 +53,7 @@ static krb5_context krb_context = NULL;
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
static int
ssh_gssapi_krb5_init()
ssh_gssapi_krb5_init(void)
{
krb5_error_code problem;
@ -134,11 +134,15 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
{
int tmpfd;
char ccname[40];
mode_t old_umask;
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
old_umask = umask(0177);
tmpfd = mkstemp(ccname + strlen("FILE:"));
umask(old_umask);
if (tmpfd == -1) {
logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
return;

45
crypto/openssh/kex.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $");
RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
#include <openssl/crypto.h>
@ -148,7 +148,7 @@ kex_finish(Kex *kex)
void
kex_send_kexinit(Kex *kex)
{
u_int32_t rand = 0;
u_int32_t rnd = 0;
u_char *cookie;
int i;
@ -168,9 +168,9 @@ kex_send_kexinit(Kex *kex)
cookie = buffer_ptr(&kex->my);
for (i = 0; i < KEX_COOKIE_LEN; i++) {
if (i % 4 == 0)
rand = arc4random();
cookie[i] = rand;
rand >>= 8;
rnd = arc4random();
cookie[i] = rnd;
rnd >>= 8;
}
packet_start(SSH2_MSG_KEXINIT);
packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
@ -293,6 +293,8 @@ choose_kex(Kex *k, char *client, char *server)
fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) == 0) {
k->kex_type = KEX_DH_GRP1_SHA1;
} else if (strcmp(k->name, KEX_DH14) == 0) {
k->kex_type = KEX_DH_GRP14_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
k->kex_type = KEX_DH_GEX_SHA1;
} else
@ -479,6 +481,39 @@ kex_get_newkeys(int mode)
return ret;
}
void
derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
u_int8_t cookie[8], u_int8_t id[16])
{
const EVP_MD *evp_md = EVP_md5();
EVP_MD_CTX md;
u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];
int len;
EVP_DigestInit(&md, evp_md);
len = BN_num_bytes(host_modulus);
if (len < (512 / 8) || len > sizeof(nbuf))
fatal("%s: bad host modulus (len %d)", __func__, len);
BN_bn2bin(host_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
len = BN_num_bytes(server_modulus);
if (len < (512 / 8) || len > sizeof(nbuf))
fatal("%s: bad server modulus (len %d)", __func__, len);
BN_bn2bin(server_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
EVP_DigestUpdate(&md, cookie, 8);
EVP_DigestFinal(&md, obuf, NULL);
memcpy(id, obuf, 16);
memset(nbuf, 0, sizeof(nbuf));
memset(obuf, 0, sizeof(obuf));
memset(&md, 0, sizeof(md));
}
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void
dump_digest(char *msg, u_char *digest, int len)

7
crypto/openssh/kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */
/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -32,6 +32,7 @@
#include "key.h"
#define KEX_DH1 "diffie-hellman-group1-sha1"
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
enum kex_init_proposals {
@ -56,6 +57,7 @@ enum kex_modes {
enum kex_exchange {
KEX_DH_GRP1_SHA1,
KEX_DH_GRP14_SHA1,
KEX_DH_GEX_SHA1,
KEX_MAX
};
@ -137,6 +139,9 @@ u_char *
kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
void
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void dump_digest(char *, u_char *, int);
#endif

13
crypto/openssh/kexdhc.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@ -44,7 +44,16 @@ kexdh_client(Kex *kex)
u_int klen, kout, slen, sbloblen;
/* generate and send 'e', client DH public key */
dh = dh_new_group1();
switch (kex->kex_type) {
case KEX_DH_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_DH_GRP14_SHA1:
dh = dh_new_group14();
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
dh_gen_key(dh, kex->we_need * 8);
packet_start(SSH2_MSG_KEXDH_INIT);
packet_put_bignum2(dh->pub_key);

13
crypto/openssh/kexdhs.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@ -45,7 +45,16 @@ kexdh_server(Kex *kex)
u_int slen;
/* generate server DH public key */
dh = dh_new_group1();
switch (kex->kex_type) {
case KEX_DH_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_DH_GRP14_SHA1:
dh = dh_new_group14();
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEXDH_INIT");

6
crypto/openssh/log.c
View File

@ -51,6 +51,9 @@ static char *argv0;
extern char *__progname;
#define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL)
#define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL)
/* textual representation of log-facilities/levels */
static struct {
@ -316,7 +319,8 @@ do_log(LogLevel level, const char *fmt, va_list args)
} else {
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
}
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_SAFE|VIS_OCTAL);
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
if (log_on_stderr) {
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
write(STDERR_FILENO, msgbuf, strlen(msgbuf));

6
crypto/openssh/logintest.c
View File

@ -43,13 +43,9 @@
#include "loginrec.h"
RCSID("$Id: logintest.c,v 1.10 2003/08/21 23:34:41 djm Exp $");
RCSID("$Id: logintest.c,v 1.11 2004/07/17 04:07:42 dtucker Exp $");
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
char *__progname;
#endif
#define PAUSE_BEFORE_LOGOUT 3

10
crypto/openssh/mdoc2man.awk
View File

@ -32,6 +32,7 @@ BEGIN {
extopt=0
literal=0
prenl=0
breakw=0
line=""
}
@ -298,6 +299,13 @@ function add(str) {
w=nwords
} else if(match(words[w],"^El$")) {
optlist=oldoptlist
} else if(match(words[w],"^Bk$")) {
if(match(words[w+1],"-words")) {
w++
breakw=1
}
} else if(match(words[w],"^Ek$")) {
breakw=0
} else if(match(words[w],"^It$")&&optlist) {
if(optlist==1)
add(".IP \\(bu")
@ -306,7 +314,7 @@ function add(str) {
else if(optlist==3) {
add(".TP")
prenl++
if(match(words[w+1],"^Pa|Ev$")) {
if(match(words[w+1],"^Pa$|^Ev$")) {
add(".B")
w++
}

36
crypto/openssh/misc.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.23 2003/10/28 09:08:06 markus Exp $");
RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $");
#include "misc.h"
#include "log.h"
@ -46,7 +46,7 @@ chop(char *s)
}
/* set/unset filedescriptor to non-blocking */
void
int
set_nonblock(int fd)
{
int val;
@ -54,20 +54,23 @@ set_nonblock(int fd)
val = fcntl(fd, F_GETFL, 0);
if (val < 0) {
error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
return;
return (-1);
}
if (val & O_NONBLOCK) {
debug2("fd %d is O_NONBLOCK", fd);
return;
debug3("fd %d is O_NONBLOCK", fd);
return (0);
}
debug2("fd %d setting O_NONBLOCK", fd);
val |= O_NONBLOCK;
if (fcntl(fd, F_SETFL, val) == -1)
debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
fd, strerror(errno));
if (fcntl(fd, F_SETFL, val) == -1) {
debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
strerror(errno));
return (-1);
}
return (0);
}
void
int
unset_nonblock(int fd)
{
int val;
@ -75,17 +78,20 @@ unset_nonblock(int fd)
val = fcntl(fd, F_GETFL, 0);
if (val < 0) {
error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
return;
return (-1);
}
if (!(val & O_NONBLOCK)) {
debug2("fd %d is not O_NONBLOCK", fd);
return;
debug3("fd %d is not O_NONBLOCK", fd);
return (0);
}
debug("fd %d clearing O_NONBLOCK", fd);
val &= ~O_NONBLOCK;
if (fcntl(fd, F_SETFL, val) == -1)
debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
if (fcntl(fd, F_SETFL, val) == -1) {
debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
fd, strerror(errno));
return (-1);
}
return (0);
}
/* disable nagle on socket */
@ -308,7 +314,7 @@ addargs(arglist *args, char *fmt, ...)
{
va_list ap;
char buf[1024];
int nalloc;
u_int nalloc;
va_start(ap, fmt);
vsnprintf(buf, sizeof(buf), fmt, ap);

25
crypto/openssh/misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.12 2002/03/19 10:49:35 markus Exp $ */
/* $OpenBSD: misc.h,v 1.17 2004/08/11 21:43:05 avsm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -12,10 +12,12 @@
* called by a name other than "ssh" or "Secure Shell".
*/
/* misc.c */
char *chop(char *);
char *strdelim(char **);
void set_nonblock(int);
void unset_nonblock(int);
int set_nonblock(int);
int unset_nonblock(int);
void set_nodelay(int);
int a2port(const char *);
char *cleanhostname(char *);
@ -27,7 +29,20 @@ struct passwd *pwcopy(struct passwd *);
typedef struct arglist arglist;
struct arglist {
char **list;
int num;
int nalloc;
u_int num;
u_int nalloc;
};
void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
/* tildexpand.c */
char *tilde_expand_filename(const char *, uid_t);
/* readpass.c */
#define RP_ECHO 0x0001
#define RP_ALLOW_STDIN 0x0002
#define RP_ALLOW_EOF 0x0004
#define RP_USE_ASKPASS 0x0008
char *read_passphrase(const char *, int);

86
crypto/openssh/moduli.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
/* $OpenBSD: moduli.c,v 1.9 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -38,7 +38,6 @@
*/
#include "includes.h"
#include "moduli.h"
#include "xmalloc.h"
#include "log.h"
@ -49,55 +48,68 @@
*/
/* need line long enough for largest moduli plus headers */
#define QLINESIZE (100+8192)
#define QLINESIZE (100+8192)
/* Type: decimal.
* Specifies the internal structure of the prime modulus.
*/
#define QTYPE_UNKNOWN (0)
#define QTYPE_UNSTRUCTURED (1)
#define QTYPE_SAFE (2)
#define QTYPE_SCHNOOR (3)
#define QTYPE_SOPHIE_GERMAINE (4)
#define QTYPE_STRONG (5)
#define QTYPE_UNKNOWN (0)
#define QTYPE_UNSTRUCTURED (1)
#define QTYPE_SAFE (2)
#define QTYPE_SCHNOOR (3)
#define QTYPE_SOPHIE_GERMAIN (4)
#define QTYPE_STRONG (5)
/* Tests: decimal (bit field).
* Specifies the methods used in checking for primality.
* Usually, more than one test is used.
*/
#define QTEST_UNTESTED (0x00)
#define QTEST_COMPOSITE (0x01)
#define QTEST_SIEVE (0x02)
#define QTEST_MILLER_RABIN (0x04)
#define QTEST_JACOBI (0x08)
#define QTEST_ELLIPTIC (0x10)
#define QTEST_UNTESTED (0x00)
#define QTEST_COMPOSITE (0x01)
#define QTEST_SIEVE (0x02)
#define QTEST_MILLER_RABIN (0x04)
#define QTEST_JACOBI (0x08)
#define QTEST_ELLIPTIC (0x10)
/*
* Size: decimal.
* Specifies the number of the most significant bit (0 to M).
* WARNING: internally, usually 1 to N.
*/
#define QSIZE_MINIMUM (511)
#define QSIZE_MINIMUM (511)
/*
* Prime sieving defines
*/
/* Constant: assuming 8 bit bytes and 32 bit words */
#define SHIFT_BIT (3)
#define SHIFT_BYTE (2)
#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE)
#define SHIFT_MEGABYTE (20)
#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE)
#define SHIFT_BIT (3)
#define SHIFT_BYTE (2)
#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE)
#define SHIFT_MEGABYTE (20)
#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE)
/*
* Using virtual memory can cause thrashing. This should be the largest
* number that is supported without a large amount of disk activity --
* that would increase the run time from hours to days or weeks!
*/
#define LARGE_MINIMUM (8UL) /* megabytes */
/*
* Do not increase this number beyond the unsigned integer bit size.
* Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits).
*/
#define LARGE_MAXIMUM (127UL) /* megabytes */
/*
* Constant: when used with 32-bit integers, the largest sieve prime
* has to be less than 2**32.
*/
#define SMALL_MAXIMUM (0xffffffffUL)
#define SMALL_MAXIMUM (0xffffffffUL)
/* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */
#define TINY_NUMBER (1UL<<16)
#define TINY_NUMBER (1UL<<16)
/* Ensure enough bit space for testing 2*q. */
#define TEST_MAXIMUM (1UL<<16)
@ -114,6 +126,9 @@
* Prime testing defines
*/
/* Minimum number of primality tests to perform */
#define TRIAL_MINIMUM (4)
/*
* Sieving data (XXX - move to struct)
*/
@ -129,6 +144,8 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
static u_int32_t largebits, largememory; /* megabytes */
static BIGNUM *largebase;
int gen_candidates(FILE *, int, int, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
/*
* print moduli out in consistent form,
@ -219,7 +236,7 @@ sieve_large(u_int32_t s)
}
/*
* list candidates for Sophie-Germaine primes (where q = (p-1)/2)
* list candidates for Sophie-Germain primes (where q = (p-1)/2)
* to standard output.
* The list is checked against small known primes (less than 2**30).
*/
@ -235,6 +252,13 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
largememory = memory;
if (memory != 0 &&
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
error("Invalid memory amount (min %ld, max %ld)",
LARGE_MINIMUM, LARGE_MAXIMUM);
return (-1);
}
/*
* Set power to the length in bits of the prime to be generated.
* This is changed to 1 less than the desired safe prime moduli p.
@ -403,7 +427,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
debug2("test q = largebase+%u", 2 * j);
BN_set_word(q, 2 * j);
BN_add(q, q, largebase);
if (qfileout(out, QTYPE_SOPHIE_GERMAINE, QTEST_SIEVE,
if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
largetries, (power - 1) /* MSB */, (0), q) == -1) {
ret = -1;
break;
@ -430,8 +454,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
* The result is a list of so-call "safe" primes
*/
int
prime_test(FILE *in, FILE *out, u_int32_t trials,
u_int32_t generator_wanted)
prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
{
BIGNUM *q, *p, *a;
BN_CTX *ctx;
@ -441,6 +464,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
time_t time_start, time_stop;
int res;
if (trials < TRIAL_MINIMUM) {
error("Minimum primality trials is %d", TRIAL_MINIMUM);
return (-1);
}
time(&time_start);
p = BN_new();
@ -490,8 +518,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
/* modulus (hex) */
switch (in_type) {
case QTYPE_SOPHIE_GERMAINE:
debug2("%10u: (%u) Sophie-Germaine", count_in, in_type);
case QTYPE_SOPHIE_GERMAIN:
debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
a = q;
BN_hex2bn(&a, cp);
/* p = 2*q + 1 */

12
crypto/openssh/monitor_fdpass.c
View File

@ -24,7 +24,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor_fdpass.c,v 1.4 2002/06/26 14:50:04 deraadt Exp $");
RCSID("$OpenBSD: monitor_fdpass.c,v 1.6 2004/08/13 02:51:48 djm Exp $");
#include <sys/uio.h>
@ -32,7 +32,7 @@ RCSID("$OpenBSD: monitor_fdpass.c,v 1.4 2002/06/26 14:50:04 deraadt Exp $");
#include "monitor_fdpass.h"
void
mm_send_fd(int socket, int fd)
mm_send_fd(int sock, int fd)
{
#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
struct msghdr msg;
@ -63,7 +63,7 @@ mm_send_fd(int socket, int fd)
msg.msg_iov = &vec;
msg.msg_iovlen = 1;
if ((n = sendmsg(socket, &msg, 0)) == -1)
if ((n = sendmsg(sock, &msg, 0)) == -1)
fatal("%s: sendmsg(%d): %s", __func__, fd,
strerror(errno));
if (n != 1)
@ -76,7 +76,7 @@ mm_send_fd(int socket, int fd)
}
int
mm_receive_fd(int socket)
mm_receive_fd(int sock)
{
#if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
struct msghdr msg;
@ -102,7 +102,7 @@ mm_receive_fd(int socket)
msg.msg_controllen = sizeof(tmp);
#endif
if ((n = recvmsg(socket, &msg, 0)) == -1)
if ((n = recvmsg(sock, &msg, 0)) == -1)
fatal("%s: recvmsg: %s", __func__, strerror(errno));
if (n != 1)
fatal("%s: recvmsg: expected received 1 got %ld",
@ -113,6 +113,8 @@ mm_receive_fd(int socket)
fatal("%s: no fd", __func__);
#else
cmsg = CMSG_FIRSTHDR(&msg);
if (cmsg == NULL)
fatal("%s: no message header", __func__);
#ifndef BROKEN_CMSG_TYPE
if (cmsg->cmsg_type != SCM_RIGHTS)
fatal("%s: expected type %d got %d", __func__,

2
crypto/openssh/monitor_mm.c
View File

@ -24,7 +24,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor_mm.c,v 1.8 2002/08/02 14:43:15 millert Exp $");
RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004/05/11 19:01:43 deraadt Exp $");
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>

20
crypto/openssh/nchan.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: nchan.c,v 1.49 2003/08/29 10:04:36 markus Exp $");
RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
#include "ssh1.h"
#include "ssh2.h"
@ -42,15 +42,15 @@ RCSID("$OpenBSD: nchan.c,v 1.49 2003/08/29 10:04:36 markus Exp $");
* tear down of channels:
*
* 1.3: strict request-ack-protocol:
* CLOSE ->
* <- CLOSE_CONFIRM
* CLOSE ->
* <- CLOSE_CONFIRM
*
* 1.5: uses variations of:
* IEOF ->
* <- OCLOSE
* <- IEOF
* OCLOSE ->
* i.e. both sides have to close the channel
* IEOF ->
* <- OCLOSE
* <- IEOF
* OCLOSE ->
* i.e. both sides have to close the channel
*
* 2.0: the EOF messages are optional
*
@ -395,7 +395,7 @@ chan_mark_dead(Channel *c)
}
int
chan_is_dead(Channel *c, int send)
chan_is_dead(Channel *c, int do_send)
{
if (c->type == SSH_CHANNEL_ZOMBIE) {
debug2("channel %d: zombie", c->self);
@ -416,7 +416,7 @@ chan_is_dead(Channel *c, int send)
return 0;
}
if (!(c->flags & CHAN_CLOSE_SENT)) {
if (send) {
if (do_send) {
chan_send_close2(c);
} else {
/* channel would be dead if we sent a close */

4
crypto/openssh/openbsd-compat/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.30 2004/01/21 06:07:23 djm Exp $
# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
PORTS=port-irix.o port-aix.o

12
crypto/openssh/openbsd-compat/bsd-arc4random.c
View File

@ -17,7 +17,7 @@
#include "includes.h"
#include "log.h"
RCSID("$Id: bsd-arc4random.c,v 1.8 2004/02/17 05:49:55 djm Exp $");
RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $");
#ifndef HAVE_ARC4RANDOM
@ -56,13 +56,21 @@ unsigned int arc4random(void)
void arc4random_stir(void)
{
unsigned char rand_buf[SEED_SIZE];
int i;
memset(&rc4, 0, sizeof(rc4));
if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
fatal("Couldn't obtain random bytes (error %ld)",
ERR_get_error());
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
/*
* Discard early keystream, as per recommendations in:
* http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
*/
for(i = 0; i <= 256; i += sizeof(rand_buf))
RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
memset(rand_buf, 0, sizeof(rand_buf));
rc4_ready = REKEY_BYTES;

100
crypto/openssh/openbsd-compat/bsd-closefrom.c Normal file
View File

@ -0,0 +1,100 @@
/*
* Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifndef HAVE_CLOSEFROM
#include <sys/types.h>
#include <sys/param.h>
#include <unistd.h>
#include <stdio.h>
#include <limits.h>
#include <stdlib.h>
#include <stddef.h>
#ifdef HAVE_DIRENT_H
# include <dirent.h>
# define NAMLEN(dirent) strlen((dirent)->d_name)
#else
# define dirent direct
# define NAMLEN(dirent) (dirent)->d_namlen
# ifdef HAVE_SYS_NDIR_H
# include <sys/ndir.h>
# endif
# ifdef HAVE_SYS_DIR_H
# include <sys/dir.h>
# endif
# ifdef HAVE_NDIR_H
# include <ndir.h>
# endif
#endif
#ifndef OPEN_MAX
# define OPEN_MAX 256
#endif
RCSID("$Id: bsd-closefrom.c,v 1.1 2004/08/15 08:41:00 djm Exp $");
#ifndef lint
static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
#endif /* lint */
/*
* Close all file descriptors greater than or equal to lowfd.
*/
void
closefrom(int lowfd)
{
long fd, maxfd;
#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
char fdpath[PATH_MAX], *endp;
struct dirent *dent;
DIR *dirp;
int len;
/* Check for a /proc/$$/fd directory. */
len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
if (len != -1 && len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
while ((dent = readdir(dirp)) != NULL) {
fd = strtol(dent->d_name, &endp, 10);
if (dent->d_name != endp && *endp == '\0' &&
fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
(void) close((int) fd);
}
(void) closedir(dirp);
} else
#endif
{
/*
* Fall back on sysconf() or getdtablesize(). We avoid checking
* resource limits since it is possible to open a file descriptor
* and then drop the rlimit such that it is below the open fd.
*/
#ifdef HAVE_SYSCONF
maxfd = sysconf(_SC_OPEN_MAX);
#else
maxfd = getdtablesize();
#endif /* HAVE_SYSCONF */
if (maxfd < 0)
maxfd = OPEN_MAX;
for (fd = lowfd; fd < maxfd; fd++)
(void) close((int) fd);
}
}
#endif /* HAVE_CLOSEFROM */

7
crypto/openssh/openbsd-compat/bsd-misc.c
View File

@ -1,3 +1,4 @@
/*
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
*
@ -17,7 +18,11 @@
#include "includes.h"
#include "xmalloc.h"
RCSID("$Id: bsd-misc.c,v 1.21 2004/02/17 05:49:55 djm Exp $");
RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $");
#ifndef HAVE___PROGNAME
char *__progname;
#endif
/*
* NB. duplicate __progname in case it is an alias for argv[0]

2
crypto/openssh/openbsd-compat/bsd-misc.h
View File

@ -1,4 +1,4 @@
/* $Id: bsd-misc.h,v 1.15 2004/03/08 11:59:03 dtucker Exp $ */
/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */
/*
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>

4
crypto/openssh/openbsd-compat/getrrsetbyname.c
View File

@ -53,6 +53,10 @@
#define ANSWER_BUFFER_SIZE 1024*64
#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
extern int h_errno;
#endif
struct dns_query {
char *name;
u_int16_t type;

6
crypto/openssh/openbsd-compat/openbsd-compat.h
View File

@ -1,4 +1,4 @@
/* $Id: openbsd-compat.h,v 1.25 2004/01/21 06:07:23 djm Exp $ */
/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@ -48,6 +48,10 @@ char *basename(const char *path);
int bindresvport_sa(int sd, struct sockaddr *sa);
#endif
#ifndef HAVE_CLOSEFROM
void closefrom(int);
#endif
#ifndef HAVE_GETCWD
char *getcwd(char *pt, size_t size);
#endif

88
crypto/openssh/openbsd-compat/port-aix.c
View File

@ -101,7 +101,7 @@ aix_remove_embedded_newlines(char *p)
int
sys_auth_passwd(Authctxt *ctxt, const char *password)
{
char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name;
char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
int authsuccess = 0, expired, reenter, result;
do {
@ -115,30 +115,21 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
if (result == 0) {
authsuccess = 1;
host = (char *)get_canonical_hostname(options.use_dns);
/*
* Record successful login. We don't have a pty yet, so just
* label the line as "ssh"
*/
aix_setauthdb(name);
if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
if (msg != NULL) {
debug("%s: msg %s", __func__, msg);
buffer_append(&loginmsg, msg, strlen(msg));
xfree(msg);
}
}
/*
* Check if the user's password is expired.
*/
expired = passwdexpired(name, &msg);
if (msg && *msg) {
buffer_append(&loginmsg, msg, strlen(msg));
aix_remove_embedded_newlines(msg);
}
debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
expired = passwdexpired(name, &msg);
if (msg && *msg) {
buffer_append(&loginmsg, msg, strlen(msg));
aix_remove_embedded_newlines(msg);
}
debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
switch (expired) {
case 0: /* password not expired */
@ -163,7 +154,70 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
return authsuccess;
}
/*
* Check if specified account is permitted to log in.
* Returns 1 if login is allowed, 0 if not allowed.
*/
int
sys_auth_allowed_user(struct passwd *pw)
{
char *msg = NULL;
int result, permitted = 0;
struct stat st;
/*
* Don't perform checks for root account (PermitRootLogin controls
* logins via * ssh) or if running as non-root user (since
* loginrestrictions will always fail due to insufficient privilege).
*/
if (pw->pw_uid == 0 || geteuid() != 0) {
debug3("%s: not checking", __func__);
return 1;
}
result = loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg);
if (result == 0)
permitted = 1;
/*
* If restricted because /etc/nologin exists, the login will be denied
* in session.c after the nologin message is sent, so allow for now
* and do not append the returned message.
*/
if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0)
permitted = 1;
else if (msg != NULL)
buffer_append(&loginmsg, msg, strlen(msg));
if (msg == NULL)
msg = xstrdup("(none)");
aix_remove_embedded_newlines(msg);
debug3("AIX/loginrestrictions returned %d msg %.100s", result, msg);
if (!permitted)
logit("Login restricted for %s: %.100s", pw->pw_name, msg);
xfree(msg);
return permitted;
}
int
sys_auth_record_login(const char *user, const char *host, const char *ttynm)
{
char *msg;
int success = 0;
aix_setauthdb(user);
if (loginsuccess((char *)user, host, ttynm, &msg) == 0) {
success = 1;
if (msg != NULL) {
debug("AIX/loginsuccess: msg %s", __func__, msg);
buffer_append(&loginmsg, msg, strlen(msg));
xfree(msg);
}
}
aix_restoreauthdb();
return (success);
}
# ifdef CUSTOM_FAILED_LOGIN
/*
* record_failed_login: generic "login failed" interface function

6
crypto/openssh/openbsd-compat/port-aix.h
View File

@ -1,4 +1,4 @@
/* $Id: port-aix.h,v 1.19 2004/02/10 04:27:35 dtucker Exp $ */
/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */
/*
*
@ -63,6 +63,10 @@ void aix_usrinfo(struct passwd *);
#ifdef WITH_AIXAUTHENTICATE
# define CUSTOM_SYS_AUTH_PASSWD 1
# define CUSTOM_SYS_AUTH_ALLOWED_USER 1
int sys_auth_allowed_user(struct passwd *);
# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
int sys_auth_record_login(const char *, const char *, const char *);
# define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *, const char *);
#endif

19
crypto/openssh/openbsd-compat/sys-queue.h
View File

@ -1,6 +1,6 @@
/* OPENBSD ORIGINAL: sys/sys/queue.h */
/* $OpenBSD: queue.h,v 1.23 2003/06/02 23:28:21 millert Exp $ */
/* $OpenBSD: queue.h,v 1.25 2004/04/08 16:08:21 henning Exp $ */
/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
/*
@ -38,12 +38,13 @@
#define _FAKE_QUEUE_H_
/*
* Ignore all <sys/queue.h> since older platforms have broken/incomplete
* <sys/queue.h> that are too hard to work around.
* Require for OS/X and other platforms that have old/broken/incomplete
* <sys/queue.h>.
*/
#undef SLIST_HEAD
#undef SLIST_HEAD_INITIALIZER
#undef SLIST_ENTRY
#undef SLIST_FOREACH_PREVPTR
#undef SLIST_FIRST
#undef SLIST_END
#undef SLIST_EMPTY
@ -54,6 +55,7 @@
#undef SLIST_INSERT_HEAD
#undef SLIST_REMOVE_HEAD
#undef SLIST_REMOVE
#undef SLIST_REMOVE_NEXT
#undef LIST_HEAD
#undef LIST_HEAD_INITIALIZER
#undef LIST_ENTRY
@ -194,6 +196,11 @@ struct { \
(var) != SLIST_END(head); \
(var) = SLIST_NEXT(var, field))
#define SLIST_FOREACH_PREVPTR(var, varp, head, field) \
for ((varp) = &SLIST_FIRST((head)); \
((var) = *(varp)) != SLIST_END(head); \
(varp) = &SLIST_NEXT((var), field))
/*
* Singly-linked List functions.
*/
@ -211,6 +218,10 @@ struct { \
(head)->slh_first = (elm); \
} while (0)
#define SLIST_REMOVE_NEXT(head, elm, field) do { \
(elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \
} while (0)
#define SLIST_REMOVE_HEAD(head, field) do { \
(head)->slh_first = (head)->slh_first->field.sle_next; \
} while (0)
@ -400,7 +411,7 @@ struct { \
(var) != TAILQ_END(head); \
(var) = TAILQ_NEXT(var, field))
#define TAILQ_FOREACH_REVERSE(var, head, field, headname) \
#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \
for((var) = TAILQ_LAST(head, headname); \
(var) != TAILQ_END(head); \
(var) = TAILQ_PREV(var, headname, field))

11
crypto/openssh/openbsd-compat/xmmap.c
View File

@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* $Id: xmmap.c,v 1.3 2003/06/02 02:25:27 tim Exp $ */
/* $Id: xmmap.c,v 1.5 2004/08/14 13:55:38 dtucker Exp $ */
#include "includes.h"
@ -40,25 +40,28 @@ void *xmmap(size_t size)
#ifdef HAVE_MMAP
# ifdef MAP_ANON
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
-1, 0);
-1, (off_t)0);
# else
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
open("/dev/zero", O_RDWR), 0);
open("/dev/zero", O_RDWR), (off_t)0);
# endif
#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX"
if (address == MAP_FAILED) {
char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
int tmpfd;
mode_t old_umask;
old_umask = umask(0177);
tmpfd = mkstemp(tmpname);
umask(old_umask);
if (tmpfd == -1)
fatal("mkstemp(\"%s\"): %s",
MM_SWAP_TEMPLATE, strerror(errno));
unlink(tmpname);
ftruncate(tmpfd, size);
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
tmpfd, 0);
tmpfd, (off_t)0);
close(tmpfd);
}

82
crypto/openssh/opensshd.init.in Executable file
View File

@ -0,0 +1,82 @@
#!/sbin/sh
# Donated code that was put under PD license.
#
# Stripped PRNGd out of it for the time being.
umask 022
CAT=@CAT@
KILL=@KILL@
prefix=@prefix@
sysconfdir=@sysconfdir@
piddir=@piddir@
SSHD=$prefix/sbin/sshd
PIDFILE=$piddir/sshd.pid
SSH_KEYGEN=$prefix/bin/ssh-keygen
HOST_KEY_RSA1=$sysconfdir/ssh_host_key
HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
checkkeys() {
if [ ! -f $HOST_KEY_RSA1 ]; then
${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
fi
if [ ! -f $HOST_KEY_DSA ]; then
${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
fi
if [ ! -f $HOST_KEY_RSA ]; then
${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
fi
}
stop_service() {
if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
PID=`${CAT} ${PIDFILE}`
fi
if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
${KILL} ${PID}
else
echo "Unable to read PID file"
fi
}
start_service() {
# XXX We really should check if the service is already going, but
# XXX we will opt out at this time. - Bal
# Check to see if we have keys that need to be made
checkkeys
# Start SSHD
echo "starting $SSHD... \c" ; $SSHD
sshd_rc=$?
if [ $sshd_rc -ne 0 ]; then
echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
exit $sshd_rc
fi
echo done.
}
case $1 in
'start')
start_service
;;
'stop')
stop_service
;;
'restart')
stop_service
start_service
;;
*)
echo "$0: usage: $0 {start|stop|restart}"
;;
esac

53
crypto/openssh/packet.c
View File

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: packet.c,v 1.112 2003/09/23 20:17:11 markus Exp $");
RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $");
#include "openbsd-compat/sys-queue.h"
@ -154,8 +154,10 @@ packet_set_connection(int fd_in, int fd_out)
fatal("packet_set_connection: cannot load cipher 'none'");
connection_in = fd_in;
connection_out = fd_out;
cipher_init(&send_context, none, "", 0, NULL, 0, CIPHER_ENCRYPT);
cipher_init(&receive_context, none, "", 0, NULL, 0, CIPHER_DECRYPT);
cipher_init(&send_context, none, (const u_char *)"",
0, NULL, 0, CIPHER_ENCRYPT);
cipher_init(&receive_context, none, (const u_char *)"",
0, NULL, 0, CIPHER_DECRYPT);
newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
if (!initialized) {
initialized = 1;
@ -317,13 +319,10 @@ void
packet_set_nonblocking(void)
{
/* Set the socket into non-blocking mode. */
if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0)
error("fcntl O_NONBLOCK: %.100s", strerror(errno));
set_nonblock(connection_in);
if (connection_out != connection_in) {
if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0)
error("fcntl O_NONBLOCK: %.100s", strerror(errno));
}
if (connection_out != connection_in)
set_nonblock(connection_out);
}
/* Returns the socket used for reading. */
@ -508,7 +507,7 @@ packet_send1(void)
u_char buf[8], *cp;
int i, padding, len;
u_int checksum;
u_int32_t rand = 0;
u_int32_t rnd = 0;
/*
* If using packet compression, compress the payload of the outgoing
@ -534,9 +533,9 @@ packet_send1(void)
cp = buffer_ptr(&outgoing_packet);
for (i = 0; i < padding; i++) {
if (i % 4 == 0)
rand = arc4random();
cp[7 - i] = rand & 0xff;
rand >>= 8;
rnd = arc4random();
cp[7 - i] = rnd & 0xff;
rnd >>= 8;
}
}
buffer_consume(&outgoing_packet, 8 - padding);
@ -581,18 +580,18 @@ set_newkeys(int mode)
Comp *comp;
CipherContext *cc;
u_int64_t *max_blocks;
int encrypt;
int crypt_type;
debug2("set_newkeys: mode %d", mode);
if (mode == MODE_OUT) {
cc = &send_context;
encrypt = CIPHER_ENCRYPT;
crypt_type = CIPHER_ENCRYPT;
p_send.packets = p_send.blocks = 0;
max_blocks = &max_blocks_out;
} else {
cc = &receive_context;
encrypt = CIPHER_DECRYPT;
crypt_type = CIPHER_DECRYPT;
p_read.packets = p_read.blocks = 0;
max_blocks = &max_blocks_in;
}
@ -621,7 +620,7 @@ set_newkeys(int mode)
mac->enabled = 1;
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
enc->iv, enc->block_size, encrypt);
enc->iv, enc->block_size, crypt_type);
/* Deleting the keys does not gain extra security */
/* memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len); */
@ -655,7 +654,7 @@ packet_send2_wrapped(void)
u_char padlen, pad;
u_int packet_length = 0;
u_int i, len;
u_int32_t rand = 0;
u_int32_t rnd = 0;
Enc *enc = NULL;
Mac *mac = NULL;
Comp *comp = NULL;
@ -714,9 +713,9 @@ packet_send2_wrapped(void)
/* random padding */
for (i = 0; i < padlen; i++) {
if (i % 4 == 0)
rand = arc4random();
cp[i] = rand & 0xff;
rand >>= 8;
rnd = arc4random();
cp[i] = rnd & 0xff;
rnd >>= 8;
}
} else {
/* clear padding */
@ -1449,7 +1448,7 @@ packet_is_interactive(void)
return interactive_mode;
}
u_int
int
packet_set_maxsize(u_int s)
{
static int called = 0;
@ -1490,20 +1489,20 @@ packet_add_padding(u_char pad)
void
packet_send_ignore(int nbytes)
{
u_int32_t rand = 0;
u_int32_t rnd = 0;
int i;
packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
packet_put_int(nbytes);
for (i = 0; i < nbytes; i++) {
if (i % 4 == 0)
rand = arc4random();
packet_put_char(rand & 0xff);
rand >>= 8;
rnd = arc4random();
packet_put_char(rnd & 0xff);
rnd >>= 8;
}
}
#define MAX_PACKETS (1<<31)
#define MAX_PACKETS (1U<<31)
int
packet_need_rekeying(void)
{

24
crypto/openssh/progressmeter.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: progressmeter.c,v 1.19 2004/02/05 15:33:33 markus Exp $");
RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $");
#include "progressmeter.h"
#include "atomicio.h"
@ -48,15 +48,15 @@ void refresh_progress_meter(void);
/* signal handler for updating the progress meter */
static void update_progress_meter(int);
static time_t start; /* start progress */
static time_t last_update; /* last progress update */
static char *file; /* name of the file being transferred */
static off_t end_pos; /* ending position of transfer */
static off_t cur_pos; /* transfer position as of last refresh */
static time_t start; /* start progress */
static time_t last_update; /* last progress update */
static char *file; /* name of the file being transferred */
static off_t end_pos; /* ending position of transfer */
static off_t cur_pos; /* transfer position as of last refresh */
static volatile off_t *counter; /* progress counter */
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
static int win_size; /* terminal window size */
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
static int win_size; /* terminal window size */
/* units for format_size */
static const char unit[] = " KMGT";
@ -167,7 +167,7 @@ refresh_progress_meter(void)
/* bandwidth usage */
format_rate(buf + strlen(buf), win_size - strlen(buf),
bytes_per_second);
(off_t)bytes_per_second);
strlcat(buf, "/s ", win_size);
/* ETA */
@ -224,7 +224,7 @@ update_progress_meter(int ignore)
}
void
start_progress_meter(char *f, off_t filesize, off_t *stat)
start_progress_meter(char *f, off_t filesize, off_t *ctr)
{
struct winsize winsize;
@ -232,7 +232,7 @@ start_progress_meter(char *f, off_t filesize, off_t *stat)
file = f;
end_pos = filesize;
cur_pos = 0;
counter = stat;
counter = ctr;
stalled = 0;
bytes_per_second = 0;

11
crypto/openssh/readpass.c
View File

@ -23,10 +23,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $");
RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $");
#include "xmalloc.h"
#include "readpass.h"
#include "misc.h"
#include "pathnames.h"
#include "log.h"
#include "ssh.h"
@ -103,7 +103,9 @@ read_passphrase(const char *prompt, int flags)
int rppflags, use_askpass = 0, ttyfd;
rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
if (flags & RP_ALLOW_STDIN) {
if (flags & RP_USE_ASKPASS)
use_askpass = 1;
else if (flags & RP_ALLOW_STDIN) {
if (!isatty(STDIN_FILENO))
use_askpass = 1;
} else {
@ -115,6 +117,9 @@ read_passphrase(const char *prompt, int flags)
use_askpass = 1;
}
if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
if (use_askpass && getenv("DISPLAY")) {
if (getenv(SSH_ASKPASS_ENV))
askpass = getenv(SSH_ASKPASS_ENV);

12
crypto/openssh/regress/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.27 2004/02/17 08:23:20 dtucker Exp $
# $OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec
tests: $(REGRESS_TARGETS)
@ -13,6 +13,7 @@ LTESTS= connect \
proto-version \
proto-mismatch \
exit-status \
envpass \
transfer \
banner \
rekey \
@ -28,13 +29,16 @@ LTESTS= connect \
agent-ptrace \
keyscan \
keygen-change \
scp \
sftp \
sftp-cmds \
sftp-badcmds \
sftp-batch \
reconfigure \
dynamic-forward \
forwarding
forwarding \
multiplex \
reexec
USER!= id -un
CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
@ -42,7 +46,9 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
ssh_config ssh_proxy sshd_config sshd_proxy \
rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
ls.copy banner.in banner.out empty.in remote_pid
ls.copy banner.in banner.out empty.in \
scp-ssh-wrapper.exe \
remote_pid
#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp

31
crypto/openssh/regress/README.regress
View File

@ -27,15 +27,26 @@ TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
OBJ: used by test scripts to access build dir.
TEST_SHELL: shell used for running the test scripts.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_SSH_CONFOTPS: Configuration directives to be added to ssh_config
before running each test.
TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config
before running each test.
Individual tests.
You can invoke test-exec.sh directly if you set up the path to find the
binaries under test and the test scripts themselves, for example:
You can run an individual test from the top-level Makefile, eg:
$ make tests LTESTS=agent-timeout
If you need to manipulate the environment more you can invoke test-exec.sh
directly if you set up the path to find the binaries under test and the
test scripts themselves, for example:
$ cd regress
$ PATH=`pwd`/..:$PATH:. sh test-exec.sh `pwd` agent-timeout.sh
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
agent-timeout.sh
ok agent timeout test
@ -82,16 +93,12 @@ Failed tests can be difficult to diagnose. Suggestions:
Known Issues.
- If you build with tcpwrappers and try to run the regression tests,
your hosts.allow must permit connections from localhost and from
"unknown". This is because some tests are performed via the loopback
interface, while others are done with "sshd -i" as a ProxyCommand. In
the latter case, when sshd calls getpeername() on the socket it will
fail (because it's not a tcp socket) and will be identified as
"unknown", which is then checked against tcpwrappers.
- If your build requires ssh-rand-helper regress tests will fail
unless ssh-rand-helper is in pre-installed (the path to
ssh-rand-helper is hard coded).
$Id: README.regress,v 1.4 2004/03/08 20:12:18 tim Exp $
- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
test to fail. The old behaviour can be restored by setting (and
exporting) _POSIX2_VERSION=199209 before running the tests.
$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $

4
crypto/openssh/regress/dynamic-forward.sh
View File

@ -3,8 +3,8 @@
tid="dynamic forwarding"
PORT=4242
FWDPORT=4243
FWDPORT=`expr $PORT + 1`
DATA=/bin/ls${EXEEXT}
if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then

51
crypto/openssh/regress/envpass.sh Normal file
View File

@ -0,0 +1,51 @@
# $OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $
# Placed in the Public Domain.
tid="environment passing"
# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
trace "pass env, don't accept"
verbose "test $tid: pass env, don't accept"
_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
sh << 'EOF'
test -z "$_TEST_ENV"
EOF
r=$?
if [ $r -ne 0 ]; then
fail "environment found"
fi
trace "don't pass env, accept"
verbose "test $tid: don't pass env, accept"
${SSH} -F $OBJ/ssh_proxy otherhost \
sh << 'EOF'
test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B"
EOF
r=$?
if [ $r -ne 0 ]; then
fail "environment found"
fi
trace "pass single env, accept single env"
verbose "test $tid: pass single env, accept single env"
_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
sh << 'EOF'
test X"$_XXX_TEST" = X"blah"
EOF
r=$?
if [ $r -ne 0 ]; then
fail "environment not found"
fi
trace "pass multiple env, accept multiple env"
verbose "test $tid: pass multiple env, accept multiple env"
_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
-F $OBJ/ssh_proxy otherhost \
sh << 'EOF'
test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2"
EOF
r=$?
if [ $r -ne 0 ]; then
fail "environment not found"
fi

4
crypto/openssh/regress/login-timeout.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: login-timeout.sh,v 1.1 2004/02/17 08:23:20 dtucker Exp $
# $OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $
# Placed in the Public Domain.
tid="connect after login grace timeout"
@ -15,7 +15,7 @@ if [ $? -ne 0 ]; then
fail "ssh connect after login grace timeout failed with privsep"
fi
kill `cat $PIDFILE`
$SUDO kill `cat $PIDFILE`
trace "test login grace without privsep"
echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config

74
crypto/openssh/regress/multiplex.sh Normal file
View File

@ -0,0 +1,74 @@
# $OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $
# Placed in the Public Domain.
CTL=$OBJ/ctl-sock
tid="connection multiplexing"
DATA=/bin/ls${EXEEXT}
COPY=$OBJ/ls.copy
start_sshd
trace "start master, fork to background"
${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120
verbose "test $tid: envpass"
trace "env passing over multiplexed connection"
_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF'
test X"$_XXX_TEST" = X"blah"
EOF
if [ $? -ne 0 ]; then
fail "environment not found"
fi
verbose "test $tid: transfer"
rm -f ${COPY}
trace "ssh transfer over multiplexed connection and check result"
${SSH} -S$CTL otherhost cat ${DATA} > ${COPY}
test -f ${COPY} || fail "ssh -Sctl: failed copy ${DATA}"
cmp ${DATA} ${COPY} || fail "ssh -Sctl: corrupted copy of ${DATA}"
rm -f ${COPY}
trace "ssh transfer over multiplexed connection and check result"
${SSH} -S $CTL otherhost cat ${DATA} > ${COPY}
test -f ${COPY} || fail "ssh -S ctl: failed copy ${DATA}"
cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}"
rm -f ${COPY}
trace "sftp transfer over multiplexed connection and check result"
echo "get ${DATA} ${COPY}" | \
${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1
test -f ${COPY} || fail "sftp: failed copy ${DATA}"
cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}"
rm -f ${COPY}
trace "scp transfer over multiplexed connection and check result"
${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1
test -f ${COPY} || fail "scp: failed copy ${DATA}"
cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}"
rm -f ${COPY}
for s in 0 1 4 5 44; do
trace "exit status $s over multiplexed connection"
verbose "test $tid: status $s"
${SSH} -S $CTL otherhost exit $s
r=$?
if [ $r -ne $s ]; then
fail "exit code mismatch for protocol $p: $r != $s"
fi
# same with early close of stdout/err
trace "exit status $s with early close over multiplexed connection"
${SSH} -S $CTL -n otherhost \
exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
r=$?
if [ $r -ne $s ]; then
fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
fi
done
# kill master, remove control socket. ssh -MS will exit when sleep exits
$SUDO kill `cat $PIDFILE`
rm -f $CTL

87
crypto/openssh/regress/reexec.sh Normal file
View File

@ -0,0 +1,87 @@
# $OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $
# Placed in the Public Domain.
tid="reexec tests"
DATA=/bin/ls
COPY=${OBJ}/copy
SSHD_ORIG=$SSHD
SSHD_COPY=$OBJ/sshd.copy
# Start a sshd and then delete it
start_sshd_copy_zap ()
{
cp $SSHD_ORIG $SSHD_COPY
SSHD=$SSHD_COPY
start_sshd
rm -f $SSHD_COPY
SSHD=$SSHD_ORIG
}
verbose "test config passing"
cp $OBJ/sshd_config $OBJ/sshd_config.orig
start_sshd
echo "InvalidXXX=no" >> $OBJ/sshd_config
rm -f ${COPY}
for p in 1 2; do
verbose "$tid: proto $p"
${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
cat ${DATA} > ${COPY}
if [ $? -ne 0 ]; then
fail "ssh cat $DATA failed"
fi
cmp ${DATA} ${COPY} || fail "corrupted copy"
rm -f ${COPY}
done
$SUDO kill `cat $PIDFILE`
rm -f $PIDFILE
cp $OBJ/sshd_config.orig $OBJ/sshd_config
verbose "test reexec fallback"
start_sshd_copy_zap
rm -f ${COPY}
for p in 1 2; do
verbose "$tid: proto $p"
${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
cat ${DATA} > ${COPY}
if [ $? -ne 0 ]; then
fail "ssh cat $DATA failed"
fi
cmp ${DATA} ${COPY} || fail "corrupted copy"
rm -f ${COPY}
done
$SUDO kill `cat $PIDFILE`
rm -f $PIDFILE
verbose "test reexec fallback without privsep"
cp $OBJ/sshd_config.orig $OBJ/sshd_config
echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config
start_sshd_copy_zap
rm -f ${COPY}
for p in 1 2; do
verbose "$tid: proto $p"
${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
cat ${DATA} > ${COPY}
if [ $? -ne 0 ]; then
fail "ssh cat $DATA failed"
fi
cmp ${DATA} ${COPY} || fail "corrupted copy"
rm -f ${COPY}
done
$SUDO kill `cat $PIDFILE`
rm -f $PIDFILE
cp $OBJ/sshd_config.orig $OBJ/sshd_config

54
crypto/openssh/regress/scp-ssh-wrapper.sh Normal file
View File

@ -0,0 +1,54 @@
#!/bin/sh
# $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $
# Placed in the Public Domain.
printname () {
NAME=$1
save_IFS=$IFS
IFS=/
set -- `echo "$NAME"`
IFS="$save_IFS"
while [ $# -ge 1 ] ; do
if [ "x$1" != "x" ]; then
echo "D0755 0 $1"
fi
shift;
done
}
# discard first 5 args
shift; shift; shift; shift; shift
BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
case "$SCPTESTMODE" in
badserver_0)
echo "D0755 0 /${DIR}/rootpathdir"
echo "C755 2 rootpathfile"
echo "X"
;;
badserver_1)
echo "D0755 0 $BAD"
echo "C755 2 file"
echo "X"
;;
badserver_2)
echo "D0755 0 $BAD"
echo "C755 2 file"
echo "X"
;;
badserver_3)
printname $BAD
echo "C755 2 file"
echo "X"
;;
badserver_4)
printname $BAD
echo "D0755 0 .."
echo "C755 2 file"
echo "X"
;;
*)
exec $1
;;
esac

82
crypto/openssh/regress/scp.sh Normal file
View File

@ -0,0 +1,82 @@
# $OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $
# Placed in the Public Domain.
tid="scp"
#set -x
# Figure out if diff understands "-N"
if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then
DIFFOPT="-rN"
else
DIFFOPT="-r"
fi
DATA=/bin/ls
COPY=${OBJ}/copy
COPY2=${OBJ}/copy2
DIR=${COPY}.dd
DIR2=${COPY}.dd2
SRC=`dirname ${SCRIPT}`
cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe
chmod 755 ${OBJ}/scp-ssh-wrapper.exe
scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe"
scpclean() {
rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
mkdir ${DIR} ${DIR2}
}
verbose "$tid: simple copy local file to remote file"
scpclean
$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
cmp ${DATA} ${COPY} || fail "corrupted copy"
verbose "$tid: simple copy remote file to local file"
scpclean
$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed"
cmp ${DATA} ${COPY} || fail "corrupted copy"
verbose "$tid: simple copy local file to remote dir"
scpclean
cp ${DATA} ${COPY}
$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
verbose "$tid: simple copy remote file to local dir"
scpclean
cp ${DATA} ${COPY}
$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed"
cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
verbose "$tid: recursive local dir to remote dir"
scpclean
rm -rf ${DIR2}
cp ${DATA} ${DIR}/copy
$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
verbose "$tid: recursive remote dir to local dir"
scpclean
rm -rf ${DIR2}
cp ${DATA} ${DIR}/copy
$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
for i in 0 1 2 3 4; do
verbose "$tid: disallow bad server #$i"
SCPTESTMODE=badserver_$i
export DIR SCPTESTMODE
scpclean
$SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
[ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
[ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
scpclean
$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
done
scpclean
rm -f ${OBJ}/scp-ssh-wrapper.exe

35
crypto/openssh/regress/test-exec.sh
View File

@ -1,9 +1,14 @@
# $OpenBSD: test-exec.sh,v 1.15 2004/02/24 16:56:30 markus Exp $
# $OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
# Placed in the Public Domain.
PORT=4242
#SUDO=sudo
if [ ! -z "$TEST_SSH_PORT" ]; then
PORT="$TEST_SSH_PORT"
else
PORT=4242
fi
if [ -x /usr/ucb/whoami ]; then
USER=`/usr/ucb/whoami`
elif whoami >/dev/null 2>&1; then
@ -47,6 +52,7 @@ SSHKEYGEN=ssh-keygen
SSHKEYSCAN=ssh-keyscan
SFTP=sftp
SFTPSERVER=/usr/libexec/openssh/sftp-server
SCP=scp
if [ "x$TEST_SSH_SSH" != "x" ]; then
SSH="${TEST_SSH_SSH}"
@ -72,10 +78,16 @@ fi
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
SFTPSERVER="${TEST_SSH_SFTPSERVER}"
fi
if [ "x$TEST_SSH_SCP" != "x" ]; then
SCP="${TEST_SSH_SCP}"
fi
# Path to sshd must be absolute for rexec
SSHD=`which sshd`
# these should be used in tests
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
# helper
echon()
@ -156,15 +168,23 @@ trap fatal 3 2
# create server config
cat << EOF > $OBJ/sshd_config
StrictModes no
Port $PORT
ListenAddress 127.0.0.1
#ListenAddress ::1
PidFile $PIDFILE
AuthorizedKeysFile $OBJ/authorized_keys_%u
LogLevel QUIET
StrictModes no
AcceptEnv _XXX_TEST_*
AcceptEnv _XXX_TEST
Subsystem sftp $SFTPSERVER
EOF
if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
fi
# server config for proxy connects
cp $OBJ/sshd_config $OBJ/sshd_proxy
@ -190,6 +210,11 @@ Host *
StrictHostKeyChecking yes
EOF
if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
fi
rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
trace "generate keys"

4
crypto/openssh/regress/try-ciphers.sh
View File

@ -29,8 +29,10 @@ for c in $ciphers; do
fi
done
if ! ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
if ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
then
:
else
echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy
c=acss@openssh.org

2
crypto/openssh/scard-opensc.c
View File

@ -35,7 +35,7 @@
#include "key.h"
#include "log.h"
#include "xmalloc.h"
#include "readpass.h"
#include "misc.h"
#include "scard.h"
#if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)

4
crypto/openssh/scard.c
View File

@ -24,7 +24,7 @@
#include "includes.h"
#if defined(SMARTCARD) && defined(USE_SECTOK)
RCSID("$OpenBSD: scard.c,v 1.28 2003/06/12 19:12:02 markus Exp $");
RCSID("$OpenBSD: scard.c,v 1.29 2004/05/08 00:21:31 djm Exp $");
#include <openssl/evp.h>
#include <sectok.h>
@ -32,7 +32,7 @@ RCSID("$OpenBSD: scard.c,v 1.28 2003/06/12 19:12:02 markus Exp $");
#include "key.h"
#include "log.h"
#include "xmalloc.h"
#include "readpass.h"
#include "misc.h"
#include "scard.h"
#if OPENSSL_VERSION_NUMBER < 0x00907000L

7
crypto/openssh/scp.1
View File

@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $
.\" $OpenBSD: scp.1,v 1.36 2004/06/13 15:03:02 djm Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@ -127,7 +127,9 @@ For full details of the options listed below, and their possible values, see
.It Compression
.It CompressionLevel
.It ConnectionAttempts
.It ConnectionTimeout
.It ConnectTimeout
.It ControlMaster
.It ControlPath
.It GlobalKnownHostsFile
.It GSSAPIAuthentication
.It GSSAPIDelegateCredentials
@ -150,6 +152,7 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RhostsRSAAuthentication
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval
.It ServerAliveCountMax
.It SmartcardDevice

39
crypto/openssh/sftp-client.c
View File

@ -20,7 +20,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
RCSID("$OpenBSD: sftp-client.c,v 1.47 2004/03/03 09:30:42 djm Exp $");
RCSID("$OpenBSD: sftp-client.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
#include "openbsd-compat/sys-queue.h"
@ -36,6 +36,7 @@ RCSID("$OpenBSD: sftp-client.c,v 1.47 2004/03/03 09:30:42 djm Exp $");
#include "sftp-common.h"
#include "sftp-client.h"
extern volatile sig_atomic_t interrupted;
extern int showprogress;
/* Minimum amount of data to read at at time */
@ -330,7 +331,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
(*dir)[0] = NULL;
}
for (;;) {
for (; !interrupted;) {
int count;
id = expected_id = conn->msg_id++;
@ -407,6 +408,13 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
do_close(conn, handle, handle_len);
xfree(handle);
/* Don't return partial matches on interrupt */
if (interrupted && dir != NULL && *dir != NULL) {
free_sftp_dirents(*dir);
*dir = xmalloc(sizeof(**dir));
**dir = NULL;
}
return(0);
}
@ -643,7 +651,7 @@ do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath)
buffer_init(&msg);
/* Send rename request */
/* Send symlink request */
id = conn->msg_id++;
buffer_put_char(&msg, SSH2_FXP_SYMLINK);
buffer_put_int(&msg, id);
@ -812,6 +820,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
char *data;
u_int len;
/*
* Simulate EOF on interrupt: stop sending new requests and
* allow outstanding requests to drain gracefully
*/
if (interrupted) {
if (num_req == 0) /* If we haven't started yet... */
break;
max_req = 0;
}
/* Send some more requests */
while (num_req < max_req) {
debug3("Request range %llu -> %llu (%d/%d)",
@ -899,8 +917,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
(unsigned long long)offset,
num_req);
max_req = 1;
}
else if (max_req < conn->num_requests + 1) {
} else if (max_req <= conn->num_requests) {
++max_req;
}
}
@ -975,7 +992,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
TAILQ_ENTRY(outstanding_ack) tq;
};
TAILQ_HEAD(ackhead, outstanding_ack) acks;
struct outstanding_ack *ack;
struct outstanding_ack *ack = NULL;
TAILQ_INIT(&acks);
@ -1036,10 +1053,14 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
int len;
/*
* Can't use atomicio here because it returns 0 on EOF, thus losing
* the last block of the file
* Can't use atomicio here because it returns 0 on EOF,
* thus losing the last block of the file.
* Simulate an EOF on interrupt, allowing ACKs from the
* server to drain.
*/
do
if (interrupted)
len = 0;
else do
len = read(local_fd, data, conn->transfer_buflen);
while ((len == -1) && (errno == EINTR || errno == EAGAIN));

48
crypto/openssh/sftp-server.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: sftp-server.c,v 1.45 2004/02/19 21:15:04 markus Exp $");
RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $");
#include "buffer.h"
#include "bufaux.h"
@ -31,11 +31,7 @@ RCSID("$OpenBSD: sftp-server.c,v 1.45 2004/02/19 21:15:04 markus Exp $");
#define get_string(lenp) buffer_get_string(&iqueue, lenp);
#define TRACE debug
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
char *__progname;
#endif
/* input and output queue */
Buffer iqueue;
@ -260,7 +256,7 @@ send_msg(Buffer *m)
}
static void
send_status(u_int32_t id, u_int32_t error)
send_status(u_int32_t id, u_int32_t status)
{
Buffer msg;
const char *status_messages[] = {
@ -276,14 +272,14 @@ send_status(u_int32_t id, u_int32_t error)
"Unknown error" /* Others */
};
TRACE("sent status id %u error %u", id, error);
TRACE("sent status id %u error %u", id, status);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_STATUS);
buffer_put_int(&msg, id);
buffer_put_int(&msg, error);
buffer_put_int(&msg, status);
if (version >= 3) {
buffer_put_cstring(&msg,
status_messages[MIN(error,SSH2_FX_MAX)]);
status_messages[MIN(status,SSH2_FX_MAX)]);
buffer_put_cstring(&msg, "");
}
send_msg(&msg);
@ -839,9 +835,29 @@ process_rename(void)
status = errno_to_portable(errno);
else if (S_ISREG(sb.st_mode)) {
/* Race-free rename of regular files */
if (link(oldpath, newpath) == -1)
status = errno_to_portable(errno);
else if (unlink(oldpath) == -1) {
if (link(oldpath, newpath) == -1) {
if (errno == EOPNOTSUPP
#ifdef LINK_OPNOTSUPP_ERRNO
|| errno == LINK_OPNOTSUPP_ERRNO
#endif
) {
struct stat st;
/*
* fs doesn't support links, so fall back to
* stat+rename. This is racy.
*/
if (stat(newpath, &st) == -1) {
if (rename(oldpath, newpath) == -1)
status =
errno_to_portable(errno);
else
status = SSH2_FX_OK;
}
} else {
status = errno_to_portable(errno);
}
} else if (unlink(oldpath) == -1) {
status = errno_to_portable(errno);
/* clean spare link */
unlink(newpath);
@ -863,20 +879,20 @@ process_readlink(void)
{
u_int32_t id;
int len;
char link[MAXPATHLEN];
char buf[MAXPATHLEN];
char *path;
id = get_int();
path = get_string(NULL);
TRACE("readlink id %u path %s", id, path);
if ((len = readlink(path, link, sizeof(link) - 1)) == -1)
if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
send_status(id, errno_to_portable(errno));
else {
Stat s;
link[len] = '\0';
buf[len] = '\0';
attrib_clear(&s.attrib);
s.name = s.long_name = link;
s.name = s.long_name = buf;
send_names(id, 1, &s);
}
xfree(path);

25
crypto/openssh/sftp.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $
.\" $OpenBSD: sftp.1,v 1.57 2004/06/21 22:41:31 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@ -153,7 +153,9 @@ For full details of the options listed below, and their possible values, see
.It Compression
.It CompressionLevel
.It ConnectionAttempts
.It ConnectionTimeout
.It ConnectTimeout
.It ControlMaster
.It ControlPath
.It GlobalKnownHostsFile
.It GSSAPIAuthentication
.It GSSAPIDelegateCredentials
@ -176,6 +178,7 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAuthentication
.It RhostsRSAAuthentication
.It RSAAuthentication
.It SendEnv
.It ServerAliveInterval
.It ServerAliveCountMax
.It SmartcardDevice
@ -300,6 +303,24 @@ If the
.Fl l
flag is specified, then display additional details including permissions
and ownership information.
The
.Fl n
flag will produce a long listing with user and group information presented
numerically.
.Pp
By default,
.Ic ls
listings are sorted in lexicographical order.
This may be changed by specifying the
.Fl S
(sort by file size),
.Fl t
(sort by last modification time), or
.Fl f
(don't sort at all) flags.
Additionally, the sort order may be reversed using the
.Fl r
flag.
.It Ic lumask Ar umask
Set local umask to
.Ar umask .

188
crypto/openssh/sftp.c
View File

@ -16,7 +16,7 @@
#include "includes.h"
RCSID("$OpenBSD: sftp.c,v 1.45 2004/03/03 09:31:20 djm Exp $");
RCSID("$OpenBSD: sftp.c,v 1.56 2004/07/11 17:48:47 deraadt Exp $");
#include "buffer.h"
#include "xmalloc.h"
@ -46,21 +46,32 @@ static pid_t sshpid = -1;
/* This is set to 0 if the progressmeter is not desired. */
int showprogress = 1;
/* SIGINT received during command processing */
volatile sig_atomic_t interrupted = 0;
/* I wish qsort() took a separate ctx for the comparison function...*/
int sort_flag;
int remote_glob(struct sftp_conn *, const char *, int,
int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
char *__progname;
#endif
/* Separators for interactive commands */
#define WHITESPACE " \t\r\n"
/* Define what type of ls view (0 - multi-column) */
#define LONG_VIEW 1 /* Full view ala ls -l */
#define SHORT_VIEW 2 /* Single row view ala ls -1 */
/* ls flags */
#define LS_LONG_VIEW 0x01 /* Full view ala ls -l */
#define LS_SHORT_VIEW 0x02 /* Single row view ala ls -1 */
#define LS_NUMERIC_VIEW 0x04 /* Long view with numeric uid/gid */
#define LS_NAME_SORT 0x08 /* Sort by name (default) */
#define LS_TIME_SORT 0x10 /* Sort by mtime */
#define LS_SIZE_SORT 0x20 /* Sort by file size */
#define LS_REVERSE_SORT 0x40 /* Reverse sort order */
#define LS_SHOW_ALL 0x80 /* Don't skip filenames starting with '.' */
#define VIEW_FLAGS (LS_LONG_VIEW|LS_SHORT_VIEW|LS_NUMERIC_VIEW)
#define SORT_FLAGS (LS_NAME_SORT|LS_TIME_SORT|LS_SIZE_SORT)
/* Commands for interactive mode */
#define I_CHDIR 1
@ -130,6 +141,24 @@ static const struct CMD cmds[] = {
int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
static void
killchild(int signo)
{
if (sshpid > 1)
kill(sshpid, SIGTERM);
_exit(1);
}
static void
cmd_interrupt(int signo)
{
const char msg[] = "\rInterrupt \n";
write(STDERR_FILENO, msg, sizeof(msg) - 1);
interrupted = 1;
}
static void
help(void)
{
@ -254,13 +283,13 @@ path_append(char *p1, char *p2)
static char *
make_absolute(char *p, char *pwd)
{
char *abs;
char *abs_str;
/* Derelativise */
if (p && p[0] != '/') {
abs = path_append(pwd, p);
abs_str = path_append(pwd, p);
xfree(p);
return(abs);
return(abs_str);
} else
return(p);
}
@ -313,15 +342,41 @@ parse_ls_flags(const char **cpp, int *lflag)
{
const char *cp = *cpp;
/* Defaults */
*lflag = LS_NAME_SORT;
/* Check for flags */
if (cp++[0] == '-') {
for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
switch (*cp) {
case 'l':
*lflag = LONG_VIEW;
*lflag &= ~VIEW_FLAGS;
*lflag |= LS_LONG_VIEW;
break;
case '1':
*lflag = SHORT_VIEW;
*lflag &= ~VIEW_FLAGS;
*lflag |= LS_SHORT_VIEW;
break;
case 'n':
*lflag &= ~VIEW_FLAGS;
*lflag |= LS_NUMERIC_VIEW|LS_LONG_VIEW;
break;
case 'S':
*lflag &= ~SORT_FLAGS;
*lflag |= LS_SIZE_SORT;
break;
case 't':
*lflag &= ~SORT_FLAGS;
*lflag |= LS_TIME_SORT;
break;
case 'r':
*lflag |= LS_REVERSE_SORT;
break;
case 'f':
*lflag &= ~SORT_FLAGS;
break;
case 'a':
*lflag |= LS_SHOW_ALL;
break;
default:
error("Invalid flag -%c", *cp);
@ -369,7 +424,7 @@ get_pathname(const char **cpp, char **path)
i++;
if (cp[i] != '\'' && cp[i] != '\"' &&
cp[i] != '\\') {
error("Bad escaped character '\%c'",
error("Bad escaped character '\\%c'",
cp[i]);
goto fail;
}
@ -465,7 +520,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
goto out;
}
for (i = 0; g.gl_pathv[i]; i++) {
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
if (infer_path(g.gl_pathv[i], &tmp)) {
err = -1;
goto out;
@ -534,7 +589,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
goto out;
}
for (i = 0; g.gl_pathv[i]; i++) {
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
if (!is_reg(g.gl_pathv[i])) {
error("skipping non-regular file %s",
g.gl_pathv[i]);
@ -582,8 +637,17 @@ sdirent_comp(const void *aa, const void *bb)
{
SFTP_DIRENT *a = *(SFTP_DIRENT **)aa;
SFTP_DIRENT *b = *(SFTP_DIRENT **)bb;
int rmul = sort_flag & LS_REVERSE_SORT ? -1 : 1;
return (strcmp(a->filename, b->filename));
#define NCMP(a,b) (a == b ? 0 : (a < b ? 1 : -1))
if (sort_flag & LS_NAME_SORT)
return (rmul * strcmp(a->filename, b->filename));
else if (sort_flag & LS_TIME_SORT)
return (rmul * NCMP(a->a.mtime, b->a.mtime));
else if (sort_flag & LS_SIZE_SORT)
return (rmul * NCMP(a->a.size, b->a.size));
fatal("Unknown ls sort type");
}
/* sftp ls.1 replacement for directories */
@ -596,14 +660,16 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
if ((n = do_readdir(conn, path, &d)) != 0)
return (n);
if (!(lflag & SHORT_VIEW)) {
if (!(lflag & LS_SHORT_VIEW)) {
int m = 0, width = 80;
struct winsize ws;
char *tmp;
/* Count entries for sort and find longest filename */
for (n = 0; d[n] != NULL; n++)
m = MAX(m, strlen(d[n]->filename));
for (n = 0; d[n] != NULL; n++) {
if (d[n]->filename[0] != '.' || (lflag & LS_SHOW_ALL))
m = MAX(m, strlen(d[n]->filename));
}
/* Add any subpath that also needs to be counted */
tmp = path_strip(path, strip_path);
@ -619,24 +685,33 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
colspace = MIN(colspace, width);
}
qsort(d, n, sizeof(*d), sdirent_comp);
if (lflag & SORT_FLAGS) {
sort_flag = lflag & (SORT_FLAGS|LS_REVERSE_SORT);
qsort(d, n, sizeof(*d), sdirent_comp);
}
for (n = 0; d[n] != NULL; n++) {
for (n = 0; d[n] != NULL && !interrupted; n++) {
char *tmp, *fname;
if (d[n]->filename[0] == '.' && !(lflag & LS_SHOW_ALL))
continue;
tmp = path_append(path, d[n]->filename);
fname = path_strip(tmp, strip_path);
xfree(tmp);
if (lflag & LONG_VIEW) {
char *lname;
struct stat sb;
if (lflag & LS_LONG_VIEW) {
if (lflag & LS_NUMERIC_VIEW) {
char *lname;
struct stat sb;
memset(&sb, 0, sizeof(sb));
attrib_to_stat(&d[n]->a, &sb);
lname = ls_file(fname, &sb, 1);
printf("%s\n", lname);
xfree(lname);
memset(&sb, 0, sizeof(sb));
attrib_to_stat(&d[n]->a, &sb);
lname = ls_file(fname, &sb, 1);
printf("%s\n", lname);
xfree(lname);
} else
printf("%s\n", d[n]->longname);
} else {
printf("%-*s", colspace, fname);
if (c >= columns) {
@ -649,7 +724,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
xfree(fname);
}
if (!(lflag & LONG_VIEW) && (c != 1))
if (!(lflag & LS_LONG_VIEW) && (c != 1))
printf("\n");
free_sftp_dirents(d);
@ -673,6 +748,9 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
return (-1);
}
if (interrupted)
goto out;
/*
* If the glob returns a single match, which is the same as the
* input glob, and it is a directory, then just list its contents
@ -690,7 +768,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
}
}
if (!(lflag & SHORT_VIEW)) {
if (!(lflag & LS_SHORT_VIEW)) {
int m = 0, width = 80;
struct winsize ws;
@ -706,12 +784,12 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
colspace = width / columns;
}
for (i = 0; g.gl_pathv[i]; i++) {
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
char *fname;
fname = path_strip(g.gl_pathv[i], strip_path);
if (lflag & LONG_VIEW) {
if (lflag & LS_LONG_VIEW) {
char *lname;
struct stat sb;
@ -740,9 +818,10 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
xfree(fname);
}
if (!(lflag & LONG_VIEW) && (c != 1))
if (!(lflag & LS_LONG_VIEW) && (c != 1))
printf("\n");
out:
if (g.gl_pathc)
globfree(&g);
@ -952,7 +1031,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
case I_RM:
path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i]; i++) {
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
printf("Removing %s\n", g.gl_pathv[i]);
err = do_rm(conn, g.gl_pathv[i]);
if (err != 0 && err_abort)
@ -1041,7 +1120,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
a.perm = n_arg;
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i]; i++) {
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
printf("Changing mode on %s\n", g.gl_pathv[i]);
err = do_setstat(conn, g.gl_pathv[i], &a);
if (err != 0 && err_abort)
@ -1052,7 +1131,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
case I_CHGRP:
path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i]; i++) {
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
if (err != 0 && err_abort)
break;
@ -1180,6 +1259,8 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
for (;;) {
char *cp;
signal(SIGINT, SIG_IGN);
printf("sftp> ");
/* XXX: use libedit */
@ -1195,6 +1276,10 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
if (cp)
*cp = '\0';
/* Handle user interrupts gracefully during commands */
interrupted = 0;
signal(SIGINT, cmd_interrupt);
err = parse_dispatch_command(conn, cmd, &pwd, batchmode);
if (err != 0)
break;
@ -1205,15 +1290,6 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
return (err >= 0 ? 0 : -1);
}
static void
killchild(int signo)
{
if (sshpid > 1)
kill(sshpid, signo);
_exit(1);
}
static void
connect_to_server(char *path, char **args, int *in, int *out)
{
@ -1243,15 +1319,23 @@ connect_to_server(char *path, char **args, int *in, int *out)
if ((dup2(c_in, STDIN_FILENO) == -1) ||
(dup2(c_out, STDOUT_FILENO) == -1)) {
fprintf(stderr, "dup2: %s\n", strerror(errno));
exit(1);
_exit(1);
}
close(*in);
close(*out);
close(c_in);
close(c_out);
execv(path, args);
/*
* The underlying ssh is in the same process group, so we must
* ignore SIGINT if we want to gracefully abort commands,
* otherwise the signal will make it to the ssh process and
* kill it too
*/
signal(SIGINT, SIG_IGN);
execvp(path, args);
fprintf(stderr, "exec: %s: %s\n", path, strerror(errno));
exit(1);
_exit(1);
}
signal(SIGTERM, killchild);
@ -1280,7 +1364,7 @@ int
main(int argc, char **argv)
{
int in, out, ch, err;
char *host, *userhost, *cp, *file2;
char *host, *userhost, *cp, *file2 = NULL;
int debug_level = 0, sshver = 2;
char *file1 = NULL, *sftp_server = NULL;
char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL;
@ -1331,7 +1415,7 @@ main(int argc, char **argv)
fatal("Batch file already specified.");
/* Allow "-" as stdin */
if (strcmp(optarg, "-") != 0 &&
if (strcmp(optarg, "-") != 0 &&
(infile = fopen(optarg, "r")) == NULL)
fatal("%s (%s).", strerror(errno), optarg);
showprogress = 0;

22
crypto/openssh/ssh-agent.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.39 2003/06/10 09:12:11 jmc Exp $
.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -134,13 +134,25 @@ remote logins, and the user can thus use the privileges given by the
identities anywhere in the network in a secure way.
.Pp
There are two main ways to get an agent set up:
Either the agent starts a new subcommand into which some environment
variables are exported, or the agent prints the needed shell commands
(either
The first is that the agent starts a new subcommand into which some environment
variables are exported, eg
.Cm ssh-agent xterm & .
The second is that the agent prints the needed shell commands (either
.Xr sh 1
or
.Xr csh 1
syntax can be generated) which can be evalled in the calling shell.
syntax can be generated) which can be evalled in the calling shell, eg
.Cm eval `ssh-agent -s`
for Bourne-type shells such as
.Xr sh 1
or
.Xr ksh 1
and
.Cm eval `ssh-agent -c`
for
.Xr csh 1
and derivatives.
.Pp
Later
.Xr ssh 1
looks at these variables and uses them to establish a connection to the agent.

38
crypto/openssh/ssh-gss.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-gss.h,v 1.4 2003/11/17 11:06:07 markus Exp $ */
/* $OpenBSD: ssh-gss.h,v 1.5 2004/06/21 17:36:31 avsm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
@ -100,31 +100,31 @@ typedef struct {
extern ssh_gssapi_mech *supported_mechs[];
int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len);
void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len);
void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid);
void ssh_gssapi_supported_oids(gss_OID_set *oidset);
ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *ctxt);
int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
void ssh_gssapi_set_oid(Gssctxt *, gss_OID);
void ssh_gssapi_supported_oids(gss_OID_set *);
ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
OM_uint32 ssh_gssapi_import_name(Gssctxt *ctx, const char *host);
OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *ctx);
OM_uint32 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds,
gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,
gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *);
void ssh_gssapi_error(Gssctxt *ctx);
char *ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min);
void ssh_gssapi_build_ctx(Gssctxt **ctx);
void ssh_gssapi_delete_ctx(Gssctxt **ctx);
OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *);
OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *);
OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,
gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *,
gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
OM_uint32 ssh_gssapi_getclient(Gssctxt *, ssh_gssapi_client *);
void ssh_gssapi_error(Gssctxt *);
char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *);
void ssh_gssapi_build_ctx(Gssctxt **);
void ssh_gssapi_delete_ctx(Gssctxt **);
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid);
OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
/* In the server */
int ssh_gssapi_userok(char *name);
OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
void ssh_gssapi_do_child(char ***envp, u_int *envsizep);
void ssh_gssapi_do_child(char ***, u_int *);
void ssh_gssapi_cleanup_creds(void);
void ssh_gssapi_storecreds(void);

11
crypto/openssh/ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
@ -192,7 +192,9 @@ to stdout.
This option allows exporting keys for use by several commercial
SSH implementations.
.It Fl g
Use generic DNS resource record format.
Use generic DNS format when printing fingerprint resource records using the
.Fl r
command.
.It Fl f Ar filename
Specifies the filename of the key file.
.It Fl i
@ -276,8 +278,9 @@ Multiple
options increase the verbosity.
The maximum is 3.
.It Fl r Ar hostname
Print DNS resource record with the specified
.Ar hostname .
Print the SSHFP fingerprint resource record named
.Ar hostname
for the specified public key file.
.El
.Sh MODULI GENERATION
.Nm

32
crypto/openssh/ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.117 2004/07/11 17:48:47 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -26,8 +26,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
#include "bufaux.h"
#include "pathnames.h"
#include "log.h"
#include "readpass.h"
#include "moduli.h"
#include "misc.h"
#ifdef SMARTCARD
#include "scard.h"
@ -77,14 +76,14 @@ int print_generic = 0;
char *key_type_name = NULL;
/* argv0 */
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
char *__progname;
#endif
char hostname[MAXHOSTNAMELEN];
/* moduli.c */
int gen_candidates(FILE *, int, int, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
static void
ask_filename(struct passwd *pw, const char *prompt)
{
@ -189,8 +188,8 @@ do_convert_to_ssh2(struct passwd *pw)
static void
buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
{
u_int bits = buffer_get_int(b);
u_int bytes = (bits + 7) / 8;
u_int bignum_bits = buffer_get_int(b);
u_int bytes = (bignum_bits + 7) / 8;
if (buffer_len(b) < bytes)
fatal("buffer_get_bignum_bits: input buffer too small: "
@ -627,7 +626,7 @@ do_change_passphrase(struct passwd *pw)
* Print the SSHFP RR.
*/
static void
do_print_resource_record(struct passwd *pw, char *hostname)
do_print_resource_record(struct passwd *pw, char *hname)
{
Key *public;
char *comment = NULL;
@ -641,7 +640,7 @@ do_print_resource_record(struct passwd *pw, char *hostname)
}
public = key_load_public(identity_file, &comment);
if (public != NULL) {
export_dns_rr(hostname, public, stdout, print_generic);
export_dns_rr(hname, public, stdout, print_generic);
key_free(public);
xfree(comment);
exit(0);
@ -896,7 +895,7 @@ main(int ac, char **av)
if (log_level == SYSLOG_LEVEL_INFO)
log_level = SYSLOG_LEVEL_DEBUG1;
else {
if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
log_level < SYSLOG_LEVEL_DEBUG3)
log_level++;
}
@ -911,18 +910,9 @@ main(int ac, char **av)
break;
case 'a':
trials = atoi(optarg);
if (trials < TRIAL_MINIMUM) {
fatal("Minimum primality trials is %d",
TRIAL_MINIMUM);
}
break;
case 'M':
memory = atoi(optarg);
if (memory != 0 &&
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
fatal("Invalid memory amount (min %ld, max %ld)",
LARGE_MINIMUM, LARGE_MAXIMUM);
}
break;
case 'G':
do_gen_candidates = 1;

4
crypto/openssh/ssh-keyscan.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.18 2004/07/12 23:34:25 brad Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -97,7 +97,7 @@ to use IPv6 addresses only.
If a ssh_known_hosts file is constructed using
.Nm
without verifying the keys, users will be vulnerable to
.I man in the middle
.Em man in the middle
attacks.
On the other hand, if the security model allows such a risk,
.Nm

20
crypto/openssh/ssh-keysign.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
@ -41,15 +41,12 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
#include "canohost.h"
#include "pathnames.h"
#include "readconf.h"
#include "uidswap.h"
/* XXX readconf.c needs these */
uid_t original_real_uid;
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
char *__progname;
#endif
static int
valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
@ -154,8 +151,11 @@ main(int argc, char **argv)
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
seteuid(getuid());
setuid(getuid());
if ((pw = getpwuid(getuid())) == NULL)
fatal("getpwuid failed");
pw = pwcopy(pw);
permanently_set_uid(pw);
init_rng();
seed_rng();
@ -168,7 +168,7 @@ main(int argc, char **argv)
/* verify that ssh-keysign is enabled by the admin */
original_real_uid = getuid(); /* XXX readconf.c needs this */
initialize_options(&options);
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
fill_default_options(&options);
if (options.enable_ssh_keysign != 1)
fatal("ssh-keysign not enabled in %s",
@ -177,10 +177,6 @@ main(int argc, char **argv)
if (key_fd[0] == -1 && key_fd[1] == -1)
fatal("could not open any host key");
if ((pw = getpwuid(getuid())) == NULL)
fatal("getpwuid failed");
pw = pwcopy(pw);
SSLeay_add_all_algorithms();
for (i = 0; i < 256; i++)
rnd[i] = arc4random();

10
crypto/openssh/ssh-rand-helper.c
View File

@ -39,7 +39,7 @@
#include "pathnames.h"
#include "log.h"
RCSID("$Id: ssh-rand-helper.c,v 1.16 2003/11/21 12:56:47 djm Exp $");
RCSID("$Id: ssh-rand-helper.c,v 1.18 2004/07/17 04:07:42 dtucker Exp $");
/* Number of bytes we write out */
#define OUTPUT_SEED_SIZE 48
@ -63,15 +63,7 @@ RCSID("$Id: ssh-rand-helper.c,v 1.16 2003/11/21 12:56:47 djm Exp $");
# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds"
#endif
#ifdef HAVE___PROGNAME
extern char *__progname;
#else
char *__progname;
#endif
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
#define WHITESPACE " \t\n"

8
crypto/openssh/ssh1.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh1.h,v 1.3 2001/05/30 12:55:13 markus Exp $ */
/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -29,8 +29,8 @@
#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
#define SSH_CMSG_EXEC_SHELL 12 /* */
#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
#define SSH_SMSG_SUCCESS 14 /* */
@ -45,7 +45,7 @@
#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */

6
crypto/openssh/sshpty.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshpty.h,v 1.4 2002/03/04 17:27:39 stevesk Exp $ */
/* $OpenBSD: sshpty.h,v 1.5 2004/05/08 00:01:37 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -17,6 +17,10 @@
#ifndef SSHPTY_H
#define SSHPTY_H
struct termios get_saved_tio(void);
void leave_raw_mode(void);
void enter_raw_mode(void);
int pty_allocate(int *, int *, char *, int);
void pty_release(const char *);
void pty_make_controlling_tty(int *, const char *);

4
crypto/openssh/sshtty.c
View File

@ -35,9 +35,9 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp $");
RCSID("$OpenBSD: sshtty.c,v 1.6 2004/05/08 00:01:37 deraadt Exp $");
#include "sshtty.h"
#include "sshpty.h"
#include "log.h"
static struct termios _saved_tio;

4
crypto/openssh/tildexpand.c
View File

@ -11,11 +11,11 @@
*/
#include "includes.h"
RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
RCSID("$OpenBSD: tildexpand.c,v 1.15 2004/05/21 08:43:03 markus Exp $");
#include "xmalloc.h"
#include "log.h"
#include "tildexpand.h"
#include "misc.h"
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.

18
crypto/openssh/ttymodes.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ttymodes.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */
/* $OpenBSD: ttymodes.h,v 1.13 2004/07/11 17:48:47 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -113,17 +113,17 @@ TTYCHAR(VDISCARD, 18)
/* name, field, op */
TTYMODE(IGNPAR, c_iflag, 30)
TTYMODE(PARMRK, c_iflag, 31)
TTYMODE(INPCK, c_iflag, 32)
TTYMODE(INPCK, c_iflag, 32)
TTYMODE(ISTRIP, c_iflag, 33)
TTYMODE(INLCR, c_iflag, 34)
TTYMODE(IGNCR, c_iflag, 35)
TTYMODE(ICRNL, c_iflag, 36)
TTYMODE(INLCR, c_iflag, 34)
TTYMODE(IGNCR, c_iflag, 35)
TTYMODE(ICRNL, c_iflag, 36)
#if defined(IUCLC)
TTYMODE(IUCLC, c_iflag, 37)
TTYMODE(IUCLC, c_iflag, 37)
#endif
TTYMODE(IXON, c_iflag, 38)
TTYMODE(IXANY, c_iflag, 39)
TTYMODE(IXOFF, c_iflag, 40)
TTYMODE(IXON, c_iflag, 38)
TTYMODE(IXANY, c_iflag, 39)
TTYMODE(IXOFF, c_iflag, 40)
#ifdef IMAXBEL
TTYMODE(IMAXBEL,c_iflag, 41)
#endif /* IMAXBEL */