d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolve conflicts.

Browse Source 
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Dag-Erling Smørgrav 2002-06-29 11:48:59 +00:00
parent d2a34caedb
commit a82e551f0f
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=99063
27 changed files with 336 additions and 198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/openssh/acconfig.h
View File

@ -1,4 +1,4 @@
/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */
/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */
/* $FreeBSD$ */
#ifndef _CONFIG_H
@ -232,9 +232,6 @@
/* Define if xauth is found in your path */
#undef XAUTH_PATH
/* Define if rsh is found in your path */
#undef RSH_PATH
/* Define if you want to allow MD5 passwords */
#undef HAVE_MD5_PASSWORDS
@ -362,6 +359,12 @@
/* Path that unprivileged child will chroot() to in privep mode */
#undef PRIVSEP_PATH
/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
#undef HAVE_MMAP_ANON_SHARED
/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
#undef BROKEN_FD_PASSING
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */

18
crypto/openssh/auth2-chall.c
View File

@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $");
RCSID("$FreeBSD$");
#include "ssh2.h"
@ -70,6 +70,7 @@ struct KbdintAuthctxt
char *devices;
void *ctxt;
KbdintDevice *device;
u_int nreq;
};
static KbdintAuthctxt *
@ -97,6 +98,7 @@ kbdint_alloc(const char *devs)
debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
kbdintctxt->ctxt = NULL;
kbdintctxt->device = NULL;
kbdintctxt->nreq = 0;
return kbdintctxt;
}
@ -216,26 +218,26 @@ send_userauth_info_request(Authctxt *authctxt)
KbdintAuthctxt *kbdintctxt;
char *name, *instr, **prompts;
int i;
u_int numprompts, *echo_on;
u_int *echo_on;
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt->device->query(kbdintctxt->ctxt,
&name, &instr, &numprompts, &prompts, &echo_on))
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
return 0;
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(name);
packet_put_cstring(instr);
packet_put_cstring(""); /* language not used */
packet_put_int(numprompts);
for (i = 0; i < numprompts; i++) {
packet_put_int(kbdintctxt->nreq);
for (i = 0; i < kbdintctxt->nreq; i++) {
packet_put_cstring(prompts[i]);
packet_put_char(echo_on[i]);
}
packet_send();
packet_write_wait();
for (i = 0; i < numprompts; i++)
for (i = 0; i < kbdintctxt->nreq; i++)
xfree(prompts[i]);
xfree(prompts);
xfree(echo_on);
@ -263,6 +265,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
authctxt->postponed = 0; /* reset */
nresp = packet_get_int();
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xmalloc(nresp * sizeof(char*));
for (i = 0; i < nresp; i++)

12
crypto/openssh/auth2-pam.c
View File

@ -1,5 +1,6 @@
#include "includes.h"
RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $");
RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $");
RCSID("$FreeBSD$");
#ifdef USE_PAM
#include <security/pam_appl.h>
@ -140,6 +141,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
if (nresp != context_pam2.num_expected)
fatal("%s: Received incorrect number of responses "
"(expected %u, received %u)", __func__, nresp,
context_pam2.num_expected);
if (nresp > 100)
fatal("%s: too many replies", __func__);
for (i = 0; i < nresp; i++) {
int j = context_pam2.prompts[i];

5
crypto/openssh/authfd.c
View File

@ -35,7 +35,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $");
RCSID("$FreeBSD$");
#include <openssl/evp.h>
@ -144,7 +145,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
error("Error reading response from authentication socket.");
return 0;
}
buffer_append(reply, (char *) buf, l);
buffer_append(reply, buf, l);
len -= l;
}
return 1;

7
crypto/openssh/authfile.c
View File

@ -36,7 +36,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $");
RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
RCSID("$FreeBSD$");
#include <openssl/err.h>
#include <openssl/evp.h>
@ -270,7 +271,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
(void) buffer_get_int(&buffer); /* reserved */
/* Read the public key from the buffer. */
buffer_get_int(&buffer);
(void) buffer_get_int(&buffer);
pub = key_new(KEY_RSA1);
buffer_get_bignum(&buffer, pub->rsa->n);
buffer_get_bignum(&buffer, pub->rsa->e);
@ -357,7 +358,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
(void) buffer_get_int(&buffer); /* Reserved data. */
/* Read the public key from the buffer. */
buffer_get_int(&buffer);
(void) buffer_get_int(&buffer);
prv = key_new_private(KEY_RSA1);
buffer_get_bignum(&buffer, prv->rsa->n);

26
crypto/openssh/bufaux.c
View File

@ -37,7 +37,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
RCSID("$FreeBSD$");
#include <openssl/bn.h>
#include "bufaux.h"
@ -88,6 +89,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
bits = GET_16BIT(buf);
/* Compute the number of binary bytes that follow. */
bytes = (bits + 7) / 8;
if (bytes > 8 * 1024)
fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
if (buffer_len(buffer) < bytes)
fatal("buffer_get_bignum: input buffer too small");
bin = buffer_ptr(buffer);
@ -105,6 +108,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
u_char *buf = xmalloc(bytes);
int oi;
int hasnohigh = 0;
buf[0] = '\0';
/* Get the value of in binary */
oi = BN_bn2bin(value, buf+1);
@ -128,12 +132,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
xfree(buf);
}
/* XXX does not handle negative BNs */
void
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
{
/**XXX should be two's-complement */
int len;
u_char *bin = buffer_get_string(buffer, (u_int *)&len);
u_int len;
u_char *bin = buffer_get_string(buffer, &len);
if (len > 8 * 1024)
fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
BN_bin2bn(bin, len, value);
xfree(bin);
}
@ -145,6 +152,7 @@ u_short
buffer_get_short(Buffer *buffer)
{
u_char buf[2];
buffer_get(buffer, (char *) buf, 2);
return GET_16BIT(buf);
}
@ -153,6 +161,7 @@ u_int
buffer_get_int(Buffer *buffer)
{
u_char buf[4];
buffer_get(buffer, (char *) buf, 4);
return GET_32BIT(buf);
}
@ -162,6 +171,7 @@ u_int64_t
buffer_get_int64(Buffer *buffer)
{
u_char buf[8];
buffer_get(buffer, (char *) buf, 8);
return GET_64BIT(buf);
}
@ -174,6 +184,7 @@ void
buffer_put_short(Buffer *buffer, u_short value)
{
char buf[2];
PUT_16BIT(buf, value);
buffer_append(buffer, buf, 2);
}
@ -182,6 +193,7 @@ void
buffer_put_int(Buffer *buffer, u_int value)
{
char buf[4];
PUT_32BIT(buf, value);
buffer_append(buffer, buf, 4);
}
@ -191,6 +203,7 @@ void
buffer_put_int64(Buffer *buffer, u_int64_t value)
{
char buf[8];
PUT_64BIT(buf, value);
buffer_append(buffer, buf, 8);
}
@ -207,8 +220,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
void *
buffer_get_string(Buffer *buffer, u_int *length_ptr)
{
u_int len;
u_char *value;
u_int len;
/* Get the length. */
len = buffer_get_int(buffer);
if (len > 256 * 1024)
@ -249,6 +263,7 @@ int
buffer_get_char(Buffer *buffer)
{
char ch;
buffer_get(buffer, &ch, 1);
return (u_char) ch;
}
@ -260,5 +275,6 @@ void
buffer_put_char(Buffer *buffer, int value)
{
char ch = value;
buffer_append(buffer, &ch, 1);
}

32
crypto/openssh/channels.c
View File

@ -39,7 +39,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
#include "ssh1.h"
@ -205,7 +206,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
Channel *
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
int window, int maxpack, int extusage, char *remote_name, int nonblock)
u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
{
int i, found;
Channel *c;
@ -229,6 +230,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
/* There are no free slots. Take last+1 slot and expand the array. */
found = channels_alloc;
channels_alloc += 10;
if (channels_alloc > 10000)
fatal("channel_new: internal error: channels_alloc %d "
"too big.", channels_alloc);
debug2("channel: expanding %d", channels_alloc);
channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
for (i = found; i < channels_alloc; i++)
@ -1568,8 +1572,9 @@ channel_after_select(fd_set * readset, fd_set * writeset)
void
channel_output_poll(void)
{
int len, i;
Channel *c;
int i;
u_int len;
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
@ -1647,7 +1652,7 @@ channel_output_poll(void)
c->remote_window > 0 &&
(len = buffer_len(&c->extended)) > 0 &&
c->extended_usage == CHAN_EXTENDED_READ) {
debug2("channel %d: rwin %d elen %d euse %d",
debug2("channel %d: rwin %u elen %u euse %d",
c->self, c->remote_window, buffer_len(&c->extended),
c->extended_usage);
if (len > c->remote_window)
@ -1717,9 +1722,8 @@ void
channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
{
int id;
int tcode;
char *data;
u_int data_len;
u_int data_len, tcode;
Channel *c;
/* Get the channel number and verify it. */
@ -1874,7 +1878,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
c->confirm(c->self, NULL);
debug2("callback done");
}
debug("channel %d: open confirm rwindow %d rmax %d", c->self,
debug("channel %d: open confirm rwindow %u rmax %u", c->self,
c->remote_window, c->remote_maxpacket);
}
packet_check_eom();
@ -1931,7 +1935,8 @@ void
channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
{
Channel *c;
int id, adjust;
int id;
u_int adjust;
if (!compat20)
return;
@ -1947,7 +1952,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
}
adjust = packet_get_int();
packet_check_eom();
debug2("channel %d: rcvd adjust %d", id, adjust);
debug2("channel %d: rcvd adjust %u", id, adjust);
c->remote_window += adjust;
}
@ -2328,12 +2333,12 @@ channel_connect_to(const char *host, u_short port)
/*
* Creates an internet domain socket for listening for X11 connections.
* Returns a suitable display number for the DISPLAY variable, or -1 if
* an error occurs.
* Returns 0 and a suitable display number for the DISPLAY variable
* stored in display_numberp , or -1 if an error occurs.
*/
int
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
int single_connection)
int single_connection, u_int *display_numberp)
{
Channel *nc = NULL;
int display_number, sock;
@ -2431,7 +2436,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
}
/* Return the display number for the DISPLAY environment variable. */
return display_number;
*display_numberp = display_number;
return (0);
}
static int

19
crypto/openssh/channels.h
View File

@ -1,4 +1,5 @@
/* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */
/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -90,12 +91,12 @@ struct Channel {
int host_port; /* remote port to connect for forwards */
char *remote_name; /* remote hostname */
int remote_window;
int remote_maxpacket;
int local_window;
int local_window_max;
int local_consumed;
int local_maxpacket;
u_int remote_window;
u_int remote_maxpacket;
u_int local_window;
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
int extended_usage;
int single_connection;
@ -151,7 +152,7 @@ struct Channel {
/* channel management */
Channel *channel_lookup(int);
Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int);
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
void channel_set_fds(int, int, int, int, int, int, u_int);
void channel_free(Channel *);
void channel_free_all(void);
@ -205,7 +206,7 @@ int channel_setup_remote_fwd_listener(const char *, u_short, int);
/* x11 forwarding */
int x11_connect_display(void);
int x11_create_display_inet(int, int, int);
int x11_create_display_inet(int, int, int, u_int *);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *);
void deny_input_open(int, u_int32_t, void *);

15
crypto/openssh/cipher.c
View File

@ -35,7 +35,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $");
RCSID("$FreeBSD$");
#include "xmalloc.h"
#include "log.h"
@ -95,11 +96,13 @@ cipher_blocksize(Cipher *c)
{
return (c->block_size);
}
u_int
cipher_keylen(Cipher *c)
{
return (c->key_len);
}
u_int
cipher_get_number(Cipher *c)
{
@ -314,6 +317,7 @@ struct ssh1_3des_ctx
{
EVP_CIPHER_CTX k1, k2, k3;
};
static int
ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
int enc)
@ -356,6 +360,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
#endif
return (1);
}
static int
ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
{
@ -377,6 +382,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
#endif
return (1);
}
static int
ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
{
@ -389,6 +395,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
}
return (1);
}
static const EVP_CIPHER *
evp_ssh1_3des(void)
{
@ -430,7 +437,9 @@ swap_bytes(const u_char *src, u_char *dst, int n)
*dst++ = c[3];
}
}
static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
static int
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
{
@ -441,6 +450,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
swap_bytes(out, out, len);
return (ret);
}
static const EVP_CIPHER *
evp_ssh1_bf(void)
{
@ -483,6 +493,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
return (1);
}
static int
ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
u_int len)
@ -528,6 +539,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
}
return (1);
}
static int
ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
{
@ -540,6 +552,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
}
return (1);
}
static const EVP_CIPHER *
evp_rijndael(void)
{

53
crypto/openssh/configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $
# $FreeBSD$
AC_INIT
@ -77,6 +77,7 @@ case "$host" in
AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
;;
*-*-cygwin*)
LIBS="$LIBS /usr/lib/textmode.o"
@ -86,6 +87,7 @@ case "$host" in
AC_DEFINE(IPV4_DEFAULT)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
AC_DEFINE(BROKEN_FD_PASSING)
AC_DEFINE(SETGROUPS_NOOP)
;;
*-*-dgux*)
@ -247,7 +249,6 @@ mips-sony-bsd|mips-sony-newsos4)
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
rsh_path="/usr/bin/rcmd"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
@ -264,10 +265,10 @@ mips-sony-bsd|mips-sony-newsos4)
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
rsh_path="/usr/bin/rcmd"
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_FD_PASSING)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
@ -275,6 +276,7 @@ mips-sony-bsd|mips-sony-newsos4)
no_libsocket=1
no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(BROKEN_FD_PASSING)
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
LIBS="$LIBS -lgen -lrsc"
;;
@ -611,6 +613,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
if test $ac_cv_func_mmap = yes ; then
AC_MSG_CHECKING([for mmap anon shared])
AC_TRY_RUN(
[
#include <stdio.h>
#include <sys/mman.h>
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
#define MAP_ANON MAP_ANONYMOUS
#endif
main() { char *p;
p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
if (p == (char *)-1)
exit(1);
exit(0);
}
],
[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_MMAP_ANON_SHARED)
],
[ AC_MSG_RESULT(no) ]
)
fi
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
AC_CHECK_LIB(gen, dirname,[
@ -943,16 +969,17 @@ AC_ARG_WITH(entropy-timeout,
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
ssh_privsep_user=sshd
SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval"; then
ssh_privsep_user=$withval
SSH_PRIVSEP_USER=$withval
fi
]
)
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
AC_SUBST(SSH_PRIVSEP_USER)
# We do this little dance with the search path to insure
# that programs that we select for use by installed programs
@ -1829,17 +1856,6 @@ AC_ARG_WITH(afs,
LIBS="$LIBS $KLIBS $K5LIBS"
# Looking for programs, paths and files
AC_ARG_WITH(rsh,
[ --with-rsh=PATH Specify path to remote shell program ],
[
if test "x$withval" != "$no" ; then
rsh_path=$withval
fi
],
[
AC_PATH_PROG(rsh_path, rsh)
]
)
PRIVSEP_PATH=/var/empty
AC_ARG_WITH(privsep-path,
@ -1875,9 +1891,6 @@ else
XAUTH_PATH=$xauth_path
AC_SUBST(XAUTH_PATH)
fi
if test ! -z "$rsh_path" ; then
AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
fi
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then

11
crypto/openssh/key.c
View File

@ -32,7 +32,8 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $");
RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $");
RCSID("$FreeBSD$");
#include <openssl/evp.h>
@ -89,6 +90,7 @@ key_new(int type)
}
return k;
}
Key *
key_new_private(int type)
{
@ -120,6 +122,7 @@ key_new_private(int type)
}
return k;
}
void
key_free(Key *k)
{
@ -359,6 +362,7 @@ read_bignum(char **cpp, BIGNUM * value)
*cpp = cp;
return 1;
}
static int
write_bignum(FILE *f, BIGNUM *num)
{
@ -485,6 +489,7 @@ key_read(Key *ret, char **cpp)
}
return success;
}
int
key_write(Key *key, FILE *f)
{
@ -516,6 +521,7 @@ key_write(Key *key, FILE *f)
}
return success;
}
char *
key_type(Key *k)
{
@ -532,6 +538,7 @@ key_type(Key *k)
}
return "unknown";
}
char *
key_ssh_name(Key *k)
{
@ -545,6 +552,7 @@ key_ssh_name(Key *k)
}
return "ssh-unknown";
}
u_int
key_size(Key *k)
{
@ -807,7 +815,6 @@ key_verify(
}
/* Converts a private to a public key */
Key *
key_demote(Key *k)
{

26
crypto/openssh/monitor.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $");
RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
RCSID("$FreeBSD$");
#include <openssl/dh.h>
@ -205,13 +205,6 @@ struct mon_table mon_dispatch_proto15[] = {
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
#ifdef USE_PAM
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
#ifdef BSD_AUTH
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
@ -219,6 +212,13 @@ struct mon_table mon_dispatch_proto15[] = {
#ifdef SKEY
{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
{MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
#endif
#ifdef USE_PAM
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
{0, 0, NULL}
};
@ -1090,14 +1090,14 @@ mm_answer_keyverify(int socket, Buffer *m)
xfree(signature);
xfree(data);
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
monitor_reset_key_state();
buffer_clear(m);
buffer_put_int(m, verified);
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
return (verified);
}
@ -1564,9 +1564,13 @@ mm_get_keystate(struct monitor *pmonitor)
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
int len = size * ncount;
void *address;
address = mm_malloc(mm, size * ncount);
if (len <= 0)
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
address = mm_malloc(mm, len);
return (address);
}

23
crypto/openssh/servconf.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
RCSID("$FreeBSD$");
#if defined(KRB4)
@ -268,7 +268,7 @@ fill_default_server_options(ServerOptions *options)
if (use_privsep == -1)
use_privsep = 1;
#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
#if !defined(HAVE_MMAP_ANON_SHARED)
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
"separation and compression");
@ -438,7 +438,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
snprintf(strport, sizeof strport, "%d", port);
snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
fatal("bad addr or host: %s (%s)",
addr ? addr : "<NULL>",
@ -454,9 +454,8 @@ process_server_config_line(ServerOptions *options, char *line,
const char *filename, int linenum)
{
char *cp, **charptr, *arg, *p;
int *intptr, value;
int *intptr, value, i, n;
ServerOpCodes opcode;
int i, n;
cp = line;
arg = strdelim(&cp);
@ -780,7 +779,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (options->num_allow_users >= MAX_ALLOW_USERS)
fatal("%s line %d: too many allow users.",
filename, linenum);
options->allow_users[options->num_allow_users++] = xstrdup(arg);
options->allow_users[options->num_allow_users++] =
xstrdup(arg);
}
break;
@ -789,7 +789,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (options->num_deny_users >= MAX_DENY_USERS)
fatal( "%s line %d: too many deny users.",
filename, linenum);
options->deny_users[options->num_deny_users++] = xstrdup(arg);
options->deny_users[options->num_deny_users++] =
xstrdup(arg);
}
break;
@ -798,7 +799,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
fatal("%s line %d: too many allow groups.",
filename, linenum);
options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
options->allow_groups[options->num_allow_groups++] =
xstrdup(arg);
}
break;
@ -943,10 +945,9 @@ process_server_config_line(ServerOptions *options, char *line,
void
read_server_config(ServerOptions *options, const char *filename)
{
FILE *f;
int linenum, bad_options = 0;
char line[1024];
int linenum;
int bad_options = 0;
FILE *f;
f = fopen(filename, "r");
if (!f) {

7
crypto/openssh/serverloop.c
View File

@ -35,7 +35,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $");
RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $");
RCSID("$FreeBSD$");
#include "xmalloc.h"
#include "packet.h"
@ -902,10 +903,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
char *ctype;
u_int len;
int rchan;
int rmaxpack;
int rwindow;
u_int rmaxpack, rwindow, len;
ctype = packet_get_string(&len);
rchan = packet_get_int();

41
crypto/openssh/session.c
View File

@ -33,7 +33,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $");
RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
@ -253,8 +253,8 @@ do_authenticated1(Authctxt *authctxt)
Session *s;
char *command;
int success, type, screen_flag;
int compression_level = 0, enable_compression_after_reply = 0;
u_int proto_len, data_len, dlen;
int enable_compression_after_reply = 0;
u_int proto_len, data_len, dlen, compression_level = 0;
s = session_new();
s->authctxt = authctxt;
@ -850,6 +850,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
} else {
/* New variable. Expand if necessary. */
if (i >= (*envsizep) - 1) {
if (*envsizep >= 1000)
fatal("child_set_env: too many env vars,"
" skipping: %.100s", name);
(*envsizep) += 50;
env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
}
@ -875,12 +878,15 @@ read_environment_file(char ***env, u_int *envsize,
FILE *f;
char buf[4096];
char *cp, *value;
u_int lineno = 0;
f = fopen(filename, "r");
if (!f)
return;
while (fgets(buf, sizeof(buf), f)) {
if (++lineno > 1000)
fatal("Too many lines in environment file %s", filename);
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '#' || *cp == '\n')
@ -889,7 +895,8 @@ read_environment_file(char ***env, u_int *envsize,
*strchr(cp, '\n') = '\0';
value = strchr(cp, '=');
if (value == NULL) {
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
fprintf(stderr, "Bad line %u in %.100s\n", lineno,
filename);
continue;
}
/*
@ -1166,6 +1173,8 @@ do_nologin(struct passwd *pw)
void
do_setusercontext(struct passwd *pw)
{
char tty='\0';
#ifdef HAVE_CYGWIN
if (is_winnt) {
#else /* HAVE_CYGWIN */
@ -1175,6 +1184,9 @@ do_setusercontext(struct passwd *pw)
setpcred(pw->pw_name);
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
#ifdef __bsdi__
setpgid(0, 0);
#endif
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) {
perror("unable to set user context");
@ -1210,6 +1222,10 @@ do_setusercontext(struct passwd *pw)
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
irix_setusercontext(pw);
# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
# ifdef _AIX
/* XXX: Disable tty setting. Enabled if required later */
aix_usrinfo(pw, &tty, -1);
# endif /* _AIX */
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
@ -1272,9 +1288,6 @@ do_child(Session *s, const char *command)
do_motd();
#else /* HAVE_OSF_SIA */
do_nologin(pw);
# ifdef _AIX
aix_usrinfo(pw, s->tty, s->ttyfd);
# endif /* _AIX */
do_setusercontext(pw);
#endif /* HAVE_OSF_SIA */
}
@ -1984,9 +1997,9 @@ session_setup_x11fwd(Session *s)
debug("X11 display already set.");
return 0;
}
s->display_number = x11_create_display_inet(options.x11_display_offset,
options.x11_use_localhost, s->single_connection);
if (s->display_number == -1) {
if (x11_create_display_inet(options.x11_display_offset,
options.x11_use_localhost, s->single_connection,
&s->display_number) == -1) {
debug("x11_create_display_inet failed.");
return 0;
}
@ -2000,9 +2013,9 @@ session_setup_x11fwd(Session *s)
* different than the DISPLAY string for localhost displays.
*/
if (options.x11_use_localhost) {
snprintf(display, sizeof display, "localhost:%d.%d",
snprintf(display, sizeof display, "localhost:%u.%u",
s->display_number, s->screen);
snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
s->display_number, s->screen);
s->display = xstrdup(display);
s->auth_display = xstrdup(auth_display);
@ -2018,10 +2031,10 @@ session_setup_x11fwd(Session *s)
return 0;
}
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
s->display_number, s->screen);
#else
snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
s->display_number, s->screen);
#endif
s->display = xstrdup(display);

9
crypto/openssh/session.h
View File

@ -1,4 +1,5 @@
/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */
/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -37,15 +38,15 @@ struct Session {
/* tty */
char *term;
int ptyfd, ttyfd, ptymaster;
int row, col, xpixel, ypixel;
u_int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* last login */
char hostname[MAXHOSTNAMELEN];
time_t last_login_time;
/* X11 */
int display_number;
u_int display_number;
char *display;
int screen;
u_int screen;
char *auth_display;
char *auth_proto;
char *auth_data;

83
crypto/openssh/ssh-agent.c
View File

@ -35,7 +35,8 @@
#include "includes.h"
#include "openbsd-compat/fake-queue.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
RCSID("$FreeBSD$");
#include <openssl/evp.h>
#include <openssl/md5.h>
@ -110,6 +111,7 @@ static void
idtab_init(void)
{
int i;
for (i = 0; i <=2; i++) {
TAILQ_INIT(&idtable[i].idlist);
idtable[i].nentries = 0;
@ -152,8 +154,8 @@ static void
process_request_identities(SocketEntry *e, int version)
{
Idtab *tab = idtab_lookup(version);
Buffer msg;
Identity *id;
Buffer msg;
buffer_init(&msg);
buffer_put_char(&msg, (version == 1) ?
@ -182,21 +184,21 @@ process_request_identities(SocketEntry *e, int version)
static void
process_authentication_challenge1(SocketEntry *e)
{
Identity *id;
Key *key;
u_char buf[32], mdbuf[16], session_id[16];
u_int response_type;
BIGNUM *challenge;
Identity *id;
int i, len;
Buffer msg;
MD5_CTX md;
u_char buf[32], mdbuf[16], session_id[16];
u_int response_type;
Key *key;
buffer_init(&msg);
key = key_new(KEY_RSA1);
if ((challenge = BN_new()) == NULL)
fatal("process_authentication_challenge1: BN_new failed");
buffer_get_int(&e->request); /* ignored */
(void) buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->request, key->rsa->e);
buffer_get_bignum(&e->request, key->rsa->n);
buffer_get_bignum(&e->request, challenge);
@ -251,13 +253,12 @@ process_authentication_challenge1(SocketEntry *e)
static void
process_sign_request2(SocketEntry *e)
{
extern int datafellows;
Key *key;
u_char *blob, *data, *signature = NULL;
u_int blen, dlen, slen = 0;
int flags;
extern int datafellows;
int ok = -1, flags;
Buffer msg;
int ok = -1;
Key *key;
datafellows = 0;
@ -296,11 +297,10 @@ process_sign_request2(SocketEntry *e)
static void
process_remove_identity(SocketEntry *e, int version)
{
u_int blen, bits;
int success = 0;
Key *key = NULL;
u_char *blob;
u_int blen;
u_int bits;
int success = 0;
switch (version) {
case 1:
@ -310,7 +310,7 @@ process_remove_identity(SocketEntry *e, int version)
buffer_get_bignum(&e->request, key->rsa->n);
if (bits != key_size(key))
log("Warning: identity keysize mismatch: actual %d, announced %d",
log("Warning: identity keysize mismatch: actual %u, announced %u",
key_size(key), bits);
break;
case 2:
@ -370,10 +370,10 @@ process_remove_all_identities(SocketEntry *e, int version)
static void
reaper(void)
{
Idtab *tab;
u_int now = time(NULL);
Identity *id, *nxt;
int version;
u_int now = time(NULL);
Idtab *tab;
for (version = 1; version < 3; version++) {
tab = idtab_lookup(version);
@ -391,16 +391,15 @@ reaper(void)
static void
process_add_identity(SocketEntry *e, int version)
{
Key *k = NULL;
char *type_name;
char *comment;
int type, success = 0, death = 0;
Idtab *tab = idtab_lookup(version);
int type, success = 0, death = 0;
char *type_name, *comment;
Key *k = NULL;
switch (version) {
case 1:
k = key_new_private(KEY_RSA1);
buffer_get_int(&e->request); /* ignored */
(void) buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->request, k->rsa->n);
buffer_get_bignum(&e->request, k->rsa->e);
buffer_get_bignum(&e->request, k->rsa->d);
@ -481,8 +480,8 @@ process_add_identity(SocketEntry *e, int version)
static void
process_lock_agent(SocketEntry *e, int lock)
{
char *passwd;
int success = 0;
char *passwd;
passwd = buffer_get_string(&e->request, NULL);
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
@ -523,11 +522,11 @@ no_identities(SocketEntry *e, u_int type)
static void
process_add_smartcard_key (SocketEntry *e)
{
Identity *id;
Idtab *tab;
Key **keys, *k;
char *sc_reader_id = NULL, *pin;
int i, version, success = 0;
Key **keys, *k;
Identity *id;
Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
@ -566,11 +565,11 @@ process_add_smartcard_key (SocketEntry *e)
static void
process_remove_smartcard_key(SocketEntry *e)
{
Identity *id;
Idtab *tab;
Key **keys, *k = NULL;
char *sc_reader_id = NULL, *pin;
int i, version, success = 0;
Key **keys, *k = NULL;
Identity *id;
Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
@ -608,8 +607,7 @@ process_remove_smartcard_key(SocketEntry *e)
static void
process_message(SocketEntry *e)
{
u_int msg_len;
u_int type;
u_int msg_len, type;
u_char *cp;
/* kill dead keys */
@ -622,6 +620,7 @@ process_message(SocketEntry *e)
if (msg_len > 256 * 1024) {
shutdown(e->fd, SHUT_RDWR);
close(e->fd);
e->fd = -1;
e->type = AUTH_UNUSED;
buffer_free(&e->input);
buffer_free(&e->output);
@ -717,6 +716,7 @@ static void
new_socket(sock_type type, int fd)
{
u_int i, old_alloc;
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
error("fcntl O_NONBLOCK: %s", strerror(errno));
@ -801,11 +801,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp)
static void
after_select(fd_set *readset, fd_set *writeset)
{
u_int i;
int len, sock;
struct sockaddr_un sunaddr;
socklen_t slen;
char buf[1024];
struct sockaddr_un sunaddr;
int len, sock;
u_int i;
for (i = 0; i < sockets_alloc; i++)
switch (sockets[i].type) {
@ -839,6 +839,7 @@ after_select(fd_set *readset, fd_set *writeset)
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
sockets[i].fd = -1;
sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output);
@ -858,6 +859,7 @@ after_select(fd_set *readset, fd_set *writeset)
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
sockets[i].fd = -1;
sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output);
@ -928,6 +930,8 @@ int
main(int ac, char **av)
{
int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
fd_set *readsetp = NULL, *writesetp = NULL;
struct sockaddr_un sunaddr;
#ifdef HAVE_SETRLIMIT
struct rlimit rlim;
@ -935,11 +939,10 @@ main(int ac, char **av)
#ifdef HAVE_CYGWIN
int prev_mask;
#endif
pid_t pid;
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
char *agentsocket = NULL;
extern int optind;
fd_set *readsetp = NULL, *writesetp = NULL;
extern char *optarg;
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
SSLeay_add_all_algorithms();
@ -947,11 +950,7 @@ main(int ac, char **av)
init_rng();
seed_rng();
#ifdef __GNU_LIBRARY__
while ((ch = getopt(ac, av, "+cdksa:")) != -1) {
#else /* __GNU_LIBRARY__ */
while ((ch = getopt(ac, av, "cdksa:")) != -1) {
#endif /* __GNU_LIBRARY__ */
switch (ch) {
case 'c':
if (s_flag)

6
crypto/openssh/ssh.1
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $
.\" $FreeBSD$
.Dd September 25, 1999
.Dt SSH 1
@ -955,8 +955,8 @@ protocol versions 1.5 and 2.0.
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr telnet 1 ,
.Xr ssh_config 4 ,
.Xr ssh-keysign 8,
.Xr ssh_config 5 ,
.Xr ssh-keysign 8 ,
.Xr sshd 8
.Rs
.%A T. Ylonen

7
crypto/openssh/ssh.h
View File

@ -1,4 +1,5 @@
/* $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $ */
/* $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -65,8 +66,8 @@
#endif
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
* Name of the environment variable containing the process ID of the
* authentication agent.
*/
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"

6
crypto/openssh/sshconnect.c
View File

@ -13,7 +13,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $");
RCSID("$FreeBSD$");
#include <openssl/bn.h>
@ -266,7 +267,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
fatal("%s: %.100s: %s", __progname, host,
gai_strerror(gaierr));
@ -489,7 +490,6 @@ confirm(const char *prompt)
* check whether the supplied host key is valid, return -1 if the key
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
*/
static int
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
int readonly, const char *user_hostfile, const char *system_hostfile)

14
crypto/openssh/sshconnect2.c
View File

@ -23,7 +23,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
#include "ssh2.h"
@ -299,12 +300,14 @@ userauth(Authctxt *authctxt, char *authlist)
}
}
}
void
input_userauth_error(int type, u_int32_t seq, void *ctxt)
{
fatal("input_userauth_error: bad message during authentication: "
"type %d", type);
}
void
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
@ -316,6 +319,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
xfree(msg);
xfree(lang);
}
void
input_userauth_success(int type, u_int32_t seq, void *ctxt)
{
@ -327,6 +331,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
clear_auth_state(authctxt);
authctxt->success = 1; /* break out */
}
void
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
{
@ -375,7 +380,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
}
packet_check_eom();
debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
do {
@ -894,9 +899,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
}
static int
ssh_keysign(
Key *key,
u_char **sigp, u_int *lenp,
ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
Buffer b;
@ -1098,6 +1101,7 @@ authmethod_lookup(const char *name)
static Authmethod *current = NULL;
static char *supported = NULL;
static char *preferred = NULL;
/*
* Given the authentication method list sent by the server, return the
* next method we should try. If the server initially sends a nil list,

11
crypto/openssh/sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $
.\" $FreeBSD$
.Dd September 25, 1999
.Dt SSHD 8
@ -581,11 +581,18 @@ These files are created using
.Xr ssh-keygen 1 .
.It Pa /etc/ssh/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
.It Pa /var/empty
.Xr chroot 2
directory used by
.Nm
during privilege separation in the pre-authentication phase.
The directory should not contain any files and must be owned by root
and not group or world-writable.
.It Pa /var/run/sshd.pid
Contains the process ID of the
.Nm
listening for connections (if there are several daemons running
concurrently for different ports, this contains the pid of the one
concurrently for different ports, this contains the process ID of the one
started last).
The content of this file is not sensitive; it can be world-readable.
.It Pa $HOME/.ssh/authorized_keys

49
crypto/openssh/sshd.c
View File

@ -42,7 +42,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
RCSID("$FreeBSD$");
#include <openssl/dh.h>
#include <openssl/bn.h>
@ -219,6 +220,7 @@ static void
close_listen_socks(void)
{
int i;
for (i = 0; i < num_listen_socks; i++)
close(listen_socks[i]);
num_listen_socks = -1;
@ -228,6 +230,7 @@ static void
close_startup_pipes(void)
{
int i;
if (startup_pipes)
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
@ -260,7 +263,8 @@ sighup_restart(void)
close_listen_socks();
close_startup_pipes();
execv(saved_argv[0], saved_argv);
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
exit(1);
}
@ -280,8 +284,8 @@ sigterm_handler(int sig)
static void
main_sigchld_handler(int sig)
{
pid_t pid;
int save_errno = errno;
pid_t pid;
int status;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
@ -341,6 +345,7 @@ static void
key_regeneration_alarm(int sig)
{
int save_errno = errno;
signal(SIGALRM, SIG_DFL);
errno = save_errno;
key_do_regen = 1;
@ -372,7 +377,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
if (client_version_string == NULL) {
/* Send our protocol version identification. */
if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
if (atomicio(write, sock_out, server_version_string,
strlen(server_version_string))
!= strlen(server_version_string)) {
log("Could not write ident string to %s", get_remote_ipaddr());
fatal_cleanup();
@ -475,7 +481,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
}
/* Destroy the host and server keys. They will no longer be needed. */
void
destroy_sensitive_data(void)
@ -526,8 +531,9 @@ static void
privsep_preauth_child(void)
{
u_int32_t rand[256];
int i;
gid_t gidset[2];
struct passwd *pw;
int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
@ -555,7 +561,17 @@ privsep_preauth_child(void)
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
#if 0
/* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
#else
gidset[0] = pw->pw_gid;
if (setgid(pw->pw_gid) < 0)
fatal("setgid failed for %u", pw->pw_gid );
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(pw);
#endif
}
static Authctxt*
@ -609,7 +625,11 @@ privsep_postauth(Authctxt *authctxt)
/* XXX - Remote port forwarding */
x_authctxt = authctxt;
#ifdef BROKEN_FD_PASSING
if (1) {
#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
@ -683,6 +703,7 @@ Key *
get_hostkey_by_type(int type)
{
int i;
for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key != NULL && key->type == type)
@ -703,6 +724,7 @@ int
get_hostkey_index(Key *key)
{
int i;
for (i = 0; i < options.num_host_key_files; i++) {
if (key == sensitive_data.host_keys[i])
return (i);
@ -991,11 +1013,13 @@ main(int ac, char **av)
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
SSH_KEY_BITS_RESERVED && options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
@ -1012,6 +1036,9 @@ main(int ac, char **av)
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
fatal("Bad owner or mode for %s",
_PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
@ -1351,7 +1378,7 @@ main(int ac, char **av)
*/
#if 0
/* XXX: this breaks Solaris */
if (setsid() < 0)
if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif

10
crypto/openssh/sshd_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
.\" $FreeBSD$
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
@ -422,6 +422,12 @@ The probability increases linearly and all connection attempts
are refused if the number of unauthenticated connections reaches
.Dq full
(60).
.It Cm PAMAuthenticationViaKbdInt
Specifies whether PAM challenge response authentication is allowed. This
allows the use of most PAM challenge response authentication modules, but
it will allow password authentication regardless of whether
.Cm PasswordAuthentication
is enabled.
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
@ -461,7 +467,7 @@ If this option is set to
.Dq no
root is not allowed to login.
.It Cm PidFile
Specifies the file that contains the process identifier of the
Specifies the file that contains the process ID of the
.Nm sshd
daemon.
The default is

10
crypto/openssh/sshlogin.c
View File

@ -39,7 +39,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $");
RCSID("$FreeBSD$");
#include "loginrec.h"
@ -48,10 +49,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
* information is not available. This must be called before record_login.
* The host the user logged in from will be returned in buf.
*/
u_long
get_last_login_time(uid_t uid, const char *logname,
char *buf, u_int bufsize)
char *buf, u_int bufsize)
{
struct logininfo li;
@ -64,10 +64,9 @@ get_last_login_time(uid_t uid, const char *logname,
* Records that the user has logged in. I these parts of operating systems
* were more standardized.
*/
void
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr * addr)
const char *host, struct sockaddr * addr)
{
struct logininfo *li;
@ -92,7 +91,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user,
#endif
/* Records that the user has logged out. */
void
record_logout(pid_t pid, const char *ttyname, const char *user)
{

17
crypto/openssh/sshpty.c
View File

@ -12,7 +12,8 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $");
RCSID("$FreeBSD$");
#ifdef HAVE_UTIL_H
# include <util.h>
@ -343,9 +344,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
if (fd < 0)
error("open /dev/tty failed - could not set controlling tty: %.100s",
strerror(errno));
else {
else
close(fd);
}
#endif /* _CRAY */
}
@ -356,6 +356,7 @@ pty_change_window_size(int ptyfd, int row, int col,
int xpixel, int ypixel)
{
struct winsize w;
w.ws_row = row;
w.ws_col = col;
w.ws_xpixel = xpixel;
@ -393,13 +394,13 @@ pty_setowner(struct passwd *pw, const char *ttyname)
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
(st.st_uid == pw->pw_uid || st.st_uid == 0))
error("chown(%.100s, %d, %d) failed: %.100s",
ttyname, pw->pw_uid, gid,
(st.st_uid == pw->pw_uid || st.st_uid == 0))
error("chown(%.100s, %u, %u) failed: %.100s",
ttyname, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));
else
fatal("chown(%.100s, %d, %d) failed: %.100s",
ttyname, pw->pw_uid, gid,
fatal("chown(%.100s, %u, %u) failed: %.100s",
ttyname, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));
}
}

6
crypto/openssh/version.h
View File

@ -1,11 +1,11 @@
/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */
/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */
/* $FreeBSD$ */
#ifndef SSH_VERSION
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.3"
#define SSH_VERSION_ADDENDUM "FreeBSD-20020625"
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
#define SSH_VERSION_ADDENDUM "FreeBSD-20020629"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);