From a82e551f0fd24a72fde2fc9145eef2c270cda9c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Sat, 29 Jun 2002 11:48:59 +0000 Subject: [PATCH] Resolve conflicts. Sponsored by: DARPA, NAI Labs --- crypto/openssh/acconfig.h | 11 +++-- crypto/openssh/auth2-chall.c | 18 +++++--- crypto/openssh/auth2-pam.c | 12 +++++- crypto/openssh/authfd.c | 5 ++- crypto/openssh/authfile.c | 7 +-- crypto/openssh/bufaux.c | 26 ++++++++--- crypto/openssh/channels.c | 32 ++++++++------ crypto/openssh/channels.h | 19 +++++---- crypto/openssh/cipher.c | 15 ++++++- crypto/openssh/configure.ac | 53 ++++++++++++++--------- crypto/openssh/key.c | 11 ++++- crypto/openssh/monitor.c | 26 ++++++----- crypto/openssh/servconf.c | 23 +++++----- crypto/openssh/serverloop.c | 7 ++- crypto/openssh/session.c | 41 ++++++++++++------ crypto/openssh/session.h | 9 ++-- crypto/openssh/ssh-agent.c | 83 ++++++++++++++++++------------------ crypto/openssh/ssh.1 | 6 +-- crypto/openssh/ssh.h | 7 +-- crypto/openssh/sshconnect.c | 6 +-- crypto/openssh/sshconnect2.c | 14 +++--- crypto/openssh/sshd.8 | 11 ++++- crypto/openssh/sshd.c | 49 ++++++++++++++++----- crypto/openssh/sshd_config.5 | 10 ++++- crypto/openssh/sshlogin.c | 10 ++--- crypto/openssh/sshpty.c | 17 ++++---- crypto/openssh/version.h | 6 +-- 27 files changed, 336 insertions(+), 198 deletions(-) diff --git a/crypto/openssh/acconfig.h b/crypto/openssh/acconfig.h index dc47bf52e964..ca5181cef8c2 100644 --- a/crypto/openssh/acconfig.h +++ b/crypto/openssh/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */ +/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ /* $FreeBSD$ */ #ifndef _CONFIG_H @@ -232,9 +232,6 @@ /* Define if xauth is found in your path */ #undef XAUTH_PATH -/* Define if rsh is found in your path */ -#undef RSH_PATH - /* Define if you want to allow MD5 passwords */ #undef HAVE_MD5_PASSWORDS @@ -362,6 +359,12 @@ /* Path that unprivileged child will chroot() to in privep mode */ #undef PRIVSEP_PATH +/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ +#undef HAVE_MMAP_ANON_SHARED + +/* Define if sendmsg()/recvmsg() has problems passing file descriptors */ +#undef BROKEN_FD_PASSING + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/crypto/openssh/auth2-chall.c b/crypto/openssh/auth2-chall.c index 4d6fcc356baf..5f43ee9e48b7 100644 --- a/crypto/openssh/auth2-chall.c +++ b/crypto/openssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); RCSID("$FreeBSD$"); #include "ssh2.h" @@ -70,6 +70,7 @@ struct KbdintAuthctxt char *devices; void *ctxt; KbdintDevice *device; + u_int nreq; }; static KbdintAuthctxt * @@ -97,6 +98,7 @@ kbdint_alloc(const char *devs) debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); kbdintctxt->ctxt = NULL; kbdintctxt->device = NULL; + kbdintctxt->nreq = 0; return kbdintctxt; } @@ -216,26 +218,26 @@ send_userauth_info_request(Authctxt *authctxt) KbdintAuthctxt *kbdintctxt; char *name, *instr, **prompts; int i; - u_int numprompts, *echo_on; + u_int *echo_on; kbdintctxt = authctxt->kbdintctxt; if (kbdintctxt->device->query(kbdintctxt->ctxt, - &name, &instr, &numprompts, &prompts, &echo_on)) + &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) return 0; packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); packet_put_cstring(name); packet_put_cstring(instr); packet_put_cstring(""); /* language not used */ - packet_put_int(numprompts); - for (i = 0; i < numprompts; i++) { + packet_put_int(kbdintctxt->nreq); + for (i = 0; i < kbdintctxt->nreq; i++) { packet_put_cstring(prompts[i]); packet_put_char(echo_on[i]); } packet_send(); packet_write_wait(); - for (i = 0; i < numprompts; i++) + for (i = 0; i < kbdintctxt->nreq; i++) xfree(prompts[i]); xfree(prompts); xfree(echo_on); @@ -263,6 +265,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp != kbdintctxt->nreq) + fatal("input_userauth_info_response: wrong number of replies"); + if (nresp > 100) + fatal("input_userauth_info_response: too many replies"); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) diff --git a/crypto/openssh/auth2-pam.c b/crypto/openssh/auth2-pam.c index dd29ebd483e2..79be8e83c053 100644 --- a/crypto/openssh/auth2-pam.c +++ b/crypto/openssh/auth2-pam.c @@ -1,5 +1,6 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $"); +RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $"); +RCSID("$FreeBSD$"); #ifdef USE_PAM #include @@ -140,6 +141,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) nresp = packet_get_int(); /* Number of responses. */ debug("got %d responses", nresp); + + if (nresp != context_pam2.num_expected) + fatal("%s: Received incorrect number of responses " + "(expected %u, received %u)", __func__, nresp, + context_pam2.num_expected); + + if (nresp > 100) + fatal("%s: too many replies", __func__); + for (i = 0; i < nresp; i++) { int j = context_pam2.prompts[i]; diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c index a452a792ee66..1b689eaddc67 100644 --- a/crypto/openssh/authfd.c +++ b/crypto/openssh/authfd.c @@ -35,7 +35,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $"); +RCSID("$FreeBSD$"); #include @@ -144,7 +145,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply error("Error reading response from authentication socket."); return 0; } - buffer_append(reply, (char *) buf, l); + buffer_append(reply, buf, l); len -= l; } return 1; diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c index 6d936de56e39..800ee6592f53 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -36,7 +36,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $"); +RCSID("$FreeBSD$"); #include #include @@ -270,7 +271,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) (void) buffer_get_int(&buffer); /* reserved */ /* Read the public key from the buffer. */ - buffer_get_int(&buffer); + (void) buffer_get_int(&buffer); pub = key_new(KEY_RSA1); buffer_get_bignum(&buffer, pub->rsa->n); buffer_get_bignum(&buffer, pub->rsa->e); @@ -357,7 +358,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, (void) buffer_get_int(&buffer); /* Reserved data. */ /* Read the public key from the buffer. */ - buffer_get_int(&buffer); + (void) buffer_get_int(&buffer); prv = key_new_private(KEY_RSA1); buffer_get_bignum(&buffer, prv->rsa->n); diff --git a/crypto/openssh/bufaux.c b/crypto/openssh/bufaux.c index 79f8bbd49667..94836feb5807 100644 --- a/crypto/openssh/bufaux.c +++ b/crypto/openssh/bufaux.c @@ -37,7 +37,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $"); +RCSID("$FreeBSD$"); #include #include "bufaux.h" @@ -88,6 +89,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) bits = GET_16BIT(buf); /* Compute the number of binary bytes that follow. */ bytes = (bits + 7) / 8; + if (bytes > 8 * 1024) + fatal("buffer_get_bignum: cannot handle BN of size %d", bytes); if (buffer_len(buffer) < bytes) fatal("buffer_get_bignum: input buffer too small"); bin = buffer_ptr(buffer); @@ -105,6 +108,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) u_char *buf = xmalloc(bytes); int oi; int hasnohigh = 0; + buf[0] = '\0'; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); @@ -128,12 +132,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) xfree(buf); } +/* XXX does not handle negative BNs */ void buffer_get_bignum2(Buffer *buffer, BIGNUM *value) { - /**XXX should be two's-complement */ - int len; - u_char *bin = buffer_get_string(buffer, (u_int *)&len); + u_int len; + u_char *bin = buffer_get_string(buffer, &len); + + if (len > 8 * 1024) + fatal("buffer_get_bignum2: cannot handle BN of size %d", len); BN_bin2bn(bin, len, value); xfree(bin); } @@ -145,6 +152,7 @@ u_short buffer_get_short(Buffer *buffer) { u_char buf[2]; + buffer_get(buffer, (char *) buf, 2); return GET_16BIT(buf); } @@ -153,6 +161,7 @@ u_int buffer_get_int(Buffer *buffer) { u_char buf[4]; + buffer_get(buffer, (char *) buf, 4); return GET_32BIT(buf); } @@ -162,6 +171,7 @@ u_int64_t buffer_get_int64(Buffer *buffer) { u_char buf[8]; + buffer_get(buffer, (char *) buf, 8); return GET_64BIT(buf); } @@ -174,6 +184,7 @@ void buffer_put_short(Buffer *buffer, u_short value) { char buf[2]; + PUT_16BIT(buf, value); buffer_append(buffer, buf, 2); } @@ -182,6 +193,7 @@ void buffer_put_int(Buffer *buffer, u_int value) { char buf[4]; + PUT_32BIT(buf, value); buffer_append(buffer, buf, 4); } @@ -191,6 +203,7 @@ void buffer_put_int64(Buffer *buffer, u_int64_t value) { char buf[8]; + PUT_64BIT(buf, value); buffer_append(buffer, buf, 8); } @@ -207,8 +220,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value) void * buffer_get_string(Buffer *buffer, u_int *length_ptr) { - u_int len; u_char *value; + u_int len; + /* Get the length. */ len = buffer_get_int(buffer); if (len > 256 * 1024) @@ -249,6 +263,7 @@ int buffer_get_char(Buffer *buffer) { char ch; + buffer_get(buffer, &ch, 1); return (u_char) ch; } @@ -260,5 +275,6 @@ void buffer_put_char(Buffer *buffer, int value) { char ch = value; + buffer_append(buffer, &ch, 1); } diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index d34411e18787..25d23e3ce999 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -39,7 +39,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $"); +RCSID("$FreeBSD$"); #include "ssh.h" #include "ssh1.h" @@ -205,7 +206,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, Channel * channel_new(char *ctype, int type, int rfd, int wfd, int efd, - int window, int maxpack, int extusage, char *remote_name, int nonblock) + u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock) { int i, found; Channel *c; @@ -229,6 +230,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; channels_alloc += 10; + if (channels_alloc > 10000) + fatal("channel_new: internal error: channels_alloc %d " + "too big.", channels_alloc); debug2("channel: expanding %d", channels_alloc); channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); for (i = found; i < channels_alloc; i++) @@ -1568,8 +1572,9 @@ channel_after_select(fd_set * readset, fd_set * writeset) void channel_output_poll(void) { - int len, i; Channel *c; + int i; + u_int len; for (i = 0; i < channels_alloc; i++) { c = channels[i]; @@ -1647,7 +1652,7 @@ channel_output_poll(void) c->remote_window > 0 && (len = buffer_len(&c->extended)) > 0 && c->extended_usage == CHAN_EXTENDED_READ) { - debug2("channel %d: rwin %d elen %d euse %d", + debug2("channel %d: rwin %u elen %u euse %d", c->self, c->remote_window, buffer_len(&c->extended), c->extended_usage); if (len > c->remote_window) @@ -1717,9 +1722,8 @@ void channel_input_extended_data(int type, u_int32_t seq, void *ctxt) { int id; - int tcode; char *data; - u_int data_len; + u_int data_len, tcode; Channel *c; /* Get the channel number and verify it. */ @@ -1874,7 +1878,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt) c->confirm(c->self, NULL); debug2("callback done"); } - debug("channel %d: open confirm rwindow %d rmax %d", c->self, + debug("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); } packet_check_eom(); @@ -1931,7 +1935,8 @@ void channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) { Channel *c; - int id, adjust; + int id; + u_int adjust; if (!compat20) return; @@ -1947,7 +1952,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt) } adjust = packet_get_int(); packet_check_eom(); - debug2("channel %d: rcvd adjust %d", id, adjust); + debug2("channel %d: rcvd adjust %u", id, adjust); c->remote_window += adjust; } @@ -2328,12 +2333,12 @@ channel_connect_to(const char *host, u_short port) /* * Creates an internet domain socket for listening for X11 connections. - * Returns a suitable display number for the DISPLAY variable, or -1 if - * an error occurs. + * Returns 0 and a suitable display number for the DISPLAY variable + * stored in display_numberp , or -1 if an error occurs. */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, - int single_connection) + int single_connection, u_int *display_numberp) { Channel *nc = NULL; int display_number, sock; @@ -2431,7 +2436,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, } /* Return the display number for the DISPLAY environment variable. */ - return display_number; + *display_numberp = display_number; + return (0); } static int diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index 9ceff3e73199..7ef003935a20 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,5 @@ -/* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */ +/* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -90,12 +91,12 @@ struct Channel { int host_port; /* remote port to connect for forwards */ char *remote_name; /* remote hostname */ - int remote_window; - int remote_maxpacket; - int local_window; - int local_window_max; - int local_consumed; - int local_maxpacket; + u_int remote_window; + u_int remote_maxpacket; + u_int local_window; + u_int local_window_max; + u_int local_consumed; + u_int local_maxpacket; int extended_usage; int single_connection; @@ -151,7 +152,7 @@ struct Channel { /* channel management */ Channel *channel_lookup(int); -Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int); +Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int); void channel_set_fds(int, int, int, int, int, int, u_int); void channel_free(Channel *); void channel_free_all(void); @@ -205,7 +206,7 @@ int channel_setup_remote_fwd_listener(const char *, u_short, int); /* x11 forwarding */ int x11_connect_display(void); -int x11_create_display_inet(int, int, int); +int x11_create_display_inet(int, int, int, u_int *); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *); void deny_input_open(int, u_int32_t, void *); diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c index b18c701fb031..288b4d68d994 100644 --- a/crypto/openssh/cipher.c +++ b/crypto/openssh/cipher.c @@ -35,7 +35,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $"); +RCSID("$FreeBSD$"); #include "xmalloc.h" #include "log.h" @@ -95,11 +96,13 @@ cipher_blocksize(Cipher *c) { return (c->block_size); } + u_int cipher_keylen(Cipher *c) { return (c->key_len); } + u_int cipher_get_number(Cipher *c) { @@ -314,6 +317,7 @@ struct ssh1_3des_ctx { EVP_CIPHER_CTX k1, k2, k3; }; + static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) @@ -356,6 +360,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, #endif return (1); } + static int ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) { @@ -377,6 +382,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) #endif return (1); } + static int ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) { @@ -389,6 +395,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } + static const EVP_CIPHER * evp_ssh1_3des(void) { @@ -430,7 +437,9 @@ swap_bytes(const u_char *src, u_char *dst, int n) *dst++ = c[3]; } } + static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; + static int bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) { @@ -441,6 +450,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) swap_bytes(out, out, len); return (ret); } + static const EVP_CIPHER * evp_ssh1_bf(void) { @@ -483,6 +493,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE); return (1); } + static int ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) @@ -528,6 +539,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, } return (1); } + static int ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) { @@ -540,6 +552,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } + static const EVP_CIPHER * evp_rijndael(void) { diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index b255486b123b..527b56ba6f2e 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $ +# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $ # $FreeBSD$ AC_INIT @@ -77,6 +77,7 @@ case "$host" in AC_DEFINE(BROKEN_REALPATH) dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) + AC_DEFINE(LOGIN_NEEDS_UTMPX) ;; *-*-cygwin*) LIBS="$LIBS /usr/lib/textmode.o" @@ -86,6 +87,7 @@ case "$host" in AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(NO_X11_UNIX_SOCKETS) + AC_DEFINE(BROKEN_FD_PASSING) AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) @@ -247,7 +249,6 @@ mips-sony-bsd|mips-sony-newsos4) CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -los -lprot -lx -ltinfo -lm" - rsh_path="/usr/bin/rcmd" RANLIB=true no_dev_ptmx=1 AC_DEFINE(BROKEN_SYS_TERMIO_H) @@ -264,10 +265,10 @@ mips-sony-bsd|mips-sony-newsos4) LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -lprot -lx -ltinfo -lm" no_dev_ptmx=1 - rsh_path="/usr/bin/rcmd" AC_DEFINE(USE_PIPES) AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(BROKEN_FD_PASSING) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man ;; @@ -275,6 +276,7 @@ mips-sony-bsd|mips-sony-newsos4) no_libsocket=1 no_libnsl=1 AC_DEFINE(USE_PIPES) + AC_DEFINE(BROKEN_FD_PASSING) LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" LIBS="$LIBS -lgen -lrsc" ;; @@ -611,6 +613,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) +if test $ac_cv_func_mmap = yes ; then +AC_MSG_CHECKING([for mmap anon shared]) +AC_TRY_RUN( + [ +#include +#include +#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) +#define MAP_ANON MAP_ANONYMOUS +#endif +main() { char *p; +p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); +if (p == (char *)-1) + exit(1); +exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_MMAP_ANON_SHARED) + ], + [ AC_MSG_RESULT(no) ] +) +fi + dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ @@ -943,16 +969,17 @@ AC_ARG_WITH(entropy-timeout, ) AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) -ssh_privsep_user=sshd +SSH_PRIVSEP_USER=sshd AC_ARG_WITH(privsep-user, [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ if test -n "$withval"; then - ssh_privsep_user=$withval + SSH_PRIVSEP_USER=$withval fi ] ) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user") +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") +AC_SUBST(SSH_PRIVSEP_USER) # We do this little dance with the search path to insure # that programs that we select for use by installed programs @@ -1829,17 +1856,6 @@ AC_ARG_WITH(afs, LIBS="$LIBS $KLIBS $K5LIBS" # Looking for programs, paths and files -AC_ARG_WITH(rsh, - [ --with-rsh=PATH Specify path to remote shell program ], - [ - if test "x$withval" != "$no" ; then - rsh_path=$withval - fi - ], - [ - AC_PATH_PROG(rsh_path, rsh) - ] -) PRIVSEP_PATH=/var/empty AC_ARG_WITH(privsep-path, @@ -1875,9 +1891,6 @@ else XAUTH_PATH=$xauth_path AC_SUBST(XAUTH_PATH) fi -if test ! -z "$rsh_path" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") -fi # Check for mail directory (last resort if we cannot get it from headers) if test ! -z "$MAIL" ; then diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index 2d850c8e5712..1c6569c81688 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -32,7 +32,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $"); +RCSID("$FreeBSD$"); #include @@ -89,6 +90,7 @@ key_new(int type) } return k; } + Key * key_new_private(int type) { @@ -120,6 +122,7 @@ key_new_private(int type) } return k; } + void key_free(Key *k) { @@ -359,6 +362,7 @@ read_bignum(char **cpp, BIGNUM * value) *cpp = cp; return 1; } + static int write_bignum(FILE *f, BIGNUM *num) { @@ -485,6 +489,7 @@ key_read(Key *ret, char **cpp) } return success; } + int key_write(Key *key, FILE *f) { @@ -516,6 +521,7 @@ key_write(Key *key, FILE *f) } return success; } + char * key_type(Key *k) { @@ -532,6 +538,7 @@ key_type(Key *k) } return "unknown"; } + char * key_ssh_name(Key *k) { @@ -545,6 +552,7 @@ key_ssh_name(Key *k) } return "ssh-unknown"; } + u_int key_size(Key *k) { @@ -807,7 +815,6 @@ key_verify( } /* Converts a private to a public key */ - Key * key_demote(Key *k) { diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index 885a1e3ec7fc..75789be48d8b 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $"); RCSID("$FreeBSD$"); #include @@ -205,13 +205,6 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, -#ifdef USE_PAM - {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, - {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, - {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, - {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, - {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, -#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, @@ -219,6 +212,13 @@ struct mon_table mon_dispatch_proto15[] = { #ifdef SKEY {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, +#endif +#ifdef USE_PAM + {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, + {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, + {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, + {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, + {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, #endif {0, 0, NULL} }; @@ -1090,14 +1090,14 @@ mm_answer_keyverify(int socket, Buffer *m) xfree(signature); xfree(data); + auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; + monitor_reset_key_state(); buffer_clear(m); buffer_put_int(m, verified); mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); - auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; - return (verified); } @@ -1564,9 +1564,13 @@ mm_get_keystate(struct monitor *pmonitor) void * mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { + int len = size * ncount; void *address; - address = mm_malloc(mm, size * ncount); + if (len <= 0) + fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); + + address = mm_malloc(mm, len); return (address); } diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 954072540834..bb19bc2c9a7f 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); RCSID("$FreeBSD$"); #if defined(KRB4) @@ -268,7 +268,7 @@ fill_default_server_options(ServerOptions *options) if (use_privsep == -1) use_privsep = 1; -#if !defined(HAVE_MMAP) || !defined(MAP_ANON) +#if !defined(HAVE_MMAP_ANON_SHARED) if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " "separation and compression"); @@ -438,7 +438,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; - snprintf(strport, sizeof strport, "%d", port); + snprintf(strport, sizeof strport, "%u", port); if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) fatal("bad addr or host: %s (%s)", addr ? addr : "", @@ -454,9 +454,8 @@ process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum) { char *cp, **charptr, *arg, *p; - int *intptr, value; + int *intptr, value, i, n; ServerOpCodes opcode; - int i, n; cp = line; arg = strdelim(&cp); @@ -780,7 +779,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); - options->allow_users[options->num_allow_users++] = xstrdup(arg); + options->allow_users[options->num_allow_users++] = + xstrdup(arg); } break; @@ -789,7 +789,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_users >= MAX_DENY_USERS) fatal( "%s line %d: too many deny users.", filename, linenum); - options->deny_users[options->num_deny_users++] = xstrdup(arg); + options->deny_users[options->num_deny_users++] = + xstrdup(arg); } break; @@ -798,7 +799,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_groups >= MAX_ALLOW_GROUPS) fatal("%s line %d: too many allow groups.", filename, linenum); - options->allow_groups[options->num_allow_groups++] = xstrdup(arg); + options->allow_groups[options->num_allow_groups++] = + xstrdup(arg); } break; @@ -943,10 +945,9 @@ process_server_config_line(ServerOptions *options, char *line, void read_server_config(ServerOptions *options, const char *filename) { - FILE *f; + int linenum, bad_options = 0; char line[1024]; - int linenum; - int bad_options = 0; + FILE *f; f = fopen(filename, "r"); if (!f) { diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index 1a148fcbea3b..649e4ee60f66 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -35,7 +35,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $"); +RCSID("$FreeBSD$"); #include "xmalloc.h" #include "packet.h" @@ -902,10 +903,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; char *ctype; - u_int len; int rchan; - int rmaxpack; - int rwindow; + u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); rchan = packet_get_int(); diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index efed1fcac496..82f46042f0da 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); RCSID("$FreeBSD$"); #include "ssh.h" @@ -253,8 +253,8 @@ do_authenticated1(Authctxt *authctxt) Session *s; char *command; int success, type, screen_flag; - int compression_level = 0, enable_compression_after_reply = 0; - u_int proto_len, data_len, dlen; + int enable_compression_after_reply = 0; + u_int proto_len, data_len, dlen, compression_level = 0; s = session_new(); s->authctxt = authctxt; @@ -850,6 +850,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, } else { /* New variable. Expand if necessary. */ if (i >= (*envsizep) - 1) { + if (*envsizep >= 1000) + fatal("child_set_env: too many env vars," + " skipping: %.100s", name); (*envsizep) += 50; env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); } @@ -875,12 +878,15 @@ read_environment_file(char ***env, u_int *envsize, FILE *f; char buf[4096]; char *cp, *value; + u_int lineno = 0; f = fopen(filename, "r"); if (!f) return; while (fgets(buf, sizeof(buf), f)) { + if (++lineno > 1000) + fatal("Too many lines in environment file %s", filename); for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '#' || *cp == '\n') @@ -889,7 +895,8 @@ read_environment_file(char ***env, u_int *envsize, *strchr(cp, '\n') = '\0'; value = strchr(cp, '='); if (value == NULL) { - fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); + fprintf(stderr, "Bad line %u in %.100s\n", lineno, + filename); continue; } /* @@ -1166,6 +1173,8 @@ do_nologin(struct passwd *pw) void do_setusercontext(struct passwd *pw) { + char tty='\0'; + #ifdef HAVE_CYGWIN if (is_winnt) { #else /* HAVE_CYGWIN */ @@ -1175,6 +1184,9 @@ do_setusercontext(struct passwd *pw) setpcred(pw->pw_name); #endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP +#ifdef __bsdi__ + setpgid(0, 0); +#endif if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) { perror("unable to set user context"); @@ -1210,6 +1222,10 @@ do_setusercontext(struct passwd *pw) # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) irix_setusercontext(pw); # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ +# ifdef _AIX + /* XXX: Disable tty setting. Enabled if required later */ + aix_usrinfo(pw, &tty, -1); +# endif /* _AIX */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif @@ -1272,9 +1288,6 @@ do_child(Session *s, const char *command) do_motd(); #else /* HAVE_OSF_SIA */ do_nologin(pw); -# ifdef _AIX - aix_usrinfo(pw, s->tty, s->ttyfd); -# endif /* _AIX */ do_setusercontext(pw); #endif /* HAVE_OSF_SIA */ } @@ -1984,9 +1997,9 @@ session_setup_x11fwd(Session *s) debug("X11 display already set."); return 0; } - s->display_number = x11_create_display_inet(options.x11_display_offset, - options.x11_use_localhost, s->single_connection); - if (s->display_number == -1) { + if (x11_create_display_inet(options.x11_display_offset, + options.x11_use_localhost, s->single_connection, + &s->display_number) == -1) { debug("x11_create_display_inet failed."); return 0; } @@ -2000,9 +2013,9 @@ session_setup_x11fwd(Session *s) * different than the DISPLAY string for localhost displays. */ if (options.x11_use_localhost) { - snprintf(display, sizeof display, "localhost:%d.%d", + snprintf(display, sizeof display, "localhost:%u.%u", s->display_number, s->screen); - snprintf(auth_display, sizeof auth_display, "unix:%d.%d", + snprintf(auth_display, sizeof auth_display, "unix:%u.%u", s->display_number, s->screen); s->display = xstrdup(display); s->auth_display = xstrdup(auth_display); @@ -2018,10 +2031,10 @@ session_setup_x11fwd(Session *s) return 0; } memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); - snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr), + snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr), s->display_number, s->screen); #else - snprintf(display, sizeof display, "%.400s:%d.%d", hostname, + snprintf(display, sizeof display, "%.400s:%u.%u", hostname, s->display_number, s->screen); #endif s->display = xstrdup(display); diff --git a/crypto/openssh/session.h b/crypto/openssh/session.h index 2a7e4b224fd4..cd1c8c366faf 100644 --- a/crypto/openssh/session.h +++ b/crypto/openssh/session.h @@ -1,4 +1,5 @@ -/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */ +/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */ +/* $FreeBSD$ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -37,15 +38,15 @@ struct Session { /* tty */ char *term; int ptyfd, ttyfd, ptymaster; - int row, col, xpixel, ypixel; + u_int row, col, xpixel, ypixel; char tty[TTYSZ]; /* last login */ char hostname[MAXHOSTNAMELEN]; time_t last_login_time; /* X11 */ - int display_number; + u_int display_number; char *display; - int screen; + u_int screen; char *auth_display; char *auth_proto; char *auth_data; diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index c3a907798fab..4ff5b5418180 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -35,7 +35,8 @@ #include "includes.h" #include "openbsd-compat/fake-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); +RCSID("$FreeBSD$"); #include #include @@ -110,6 +111,7 @@ static void idtab_init(void) { int i; + for (i = 0; i <=2; i++) { TAILQ_INIT(&idtable[i].idlist); idtable[i].nentries = 0; @@ -152,8 +154,8 @@ static void process_request_identities(SocketEntry *e, int version) { Idtab *tab = idtab_lookup(version); - Buffer msg; Identity *id; + Buffer msg; buffer_init(&msg); buffer_put_char(&msg, (version == 1) ? @@ -182,21 +184,21 @@ process_request_identities(SocketEntry *e, int version) static void process_authentication_challenge1(SocketEntry *e) { - Identity *id; - Key *key; + u_char buf[32], mdbuf[16], session_id[16]; + u_int response_type; BIGNUM *challenge; + Identity *id; int i, len; Buffer msg; MD5_CTX md; - u_char buf[32], mdbuf[16], session_id[16]; - u_int response_type; + Key *key; buffer_init(&msg); key = key_new(KEY_RSA1); if ((challenge = BN_new()) == NULL) fatal("process_authentication_challenge1: BN_new failed"); - buffer_get_int(&e->request); /* ignored */ + (void) buffer_get_int(&e->request); /* ignored */ buffer_get_bignum(&e->request, key->rsa->e); buffer_get_bignum(&e->request, key->rsa->n); buffer_get_bignum(&e->request, challenge); @@ -251,13 +253,12 @@ process_authentication_challenge1(SocketEntry *e) static void process_sign_request2(SocketEntry *e) { - extern int datafellows; - Key *key; u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; - int flags; + extern int datafellows; + int ok = -1, flags; Buffer msg; - int ok = -1; + Key *key; datafellows = 0; @@ -296,11 +297,10 @@ process_sign_request2(SocketEntry *e) static void process_remove_identity(SocketEntry *e, int version) { + u_int blen, bits; + int success = 0; Key *key = NULL; u_char *blob; - u_int blen; - u_int bits; - int success = 0; switch (version) { case 1: @@ -310,7 +310,7 @@ process_remove_identity(SocketEntry *e, int version) buffer_get_bignum(&e->request, key->rsa->n); if (bits != key_size(key)) - log("Warning: identity keysize mismatch: actual %d, announced %d", + log("Warning: identity keysize mismatch: actual %u, announced %u", key_size(key), bits); break; case 2: @@ -370,10 +370,10 @@ process_remove_all_identities(SocketEntry *e, int version) static void reaper(void) { - Idtab *tab; + u_int now = time(NULL); Identity *id, *nxt; int version; - u_int now = time(NULL); + Idtab *tab; for (version = 1; version < 3; version++) { tab = idtab_lookup(version); @@ -391,16 +391,15 @@ reaper(void) static void process_add_identity(SocketEntry *e, int version) { - Key *k = NULL; - char *type_name; - char *comment; - int type, success = 0, death = 0; Idtab *tab = idtab_lookup(version); + int type, success = 0, death = 0; + char *type_name, *comment; + Key *k = NULL; switch (version) { case 1: k = key_new_private(KEY_RSA1); - buffer_get_int(&e->request); /* ignored */ + (void) buffer_get_int(&e->request); /* ignored */ buffer_get_bignum(&e->request, k->rsa->n); buffer_get_bignum(&e->request, k->rsa->e); buffer_get_bignum(&e->request, k->rsa->d); @@ -481,8 +480,8 @@ process_add_identity(SocketEntry *e, int version) static void process_lock_agent(SocketEntry *e, int lock) { - char *passwd; int success = 0; + char *passwd; passwd = buffer_get_string(&e->request, NULL); if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { @@ -523,11 +522,11 @@ no_identities(SocketEntry *e, u_int type) static void process_add_smartcard_key (SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -566,11 +565,11 @@ process_add_smartcard_key (SocketEntry *e) static void process_remove_smartcard_key(SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k = NULL; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k = NULL; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -608,8 +607,7 @@ process_remove_smartcard_key(SocketEntry *e) static void process_message(SocketEntry *e) { - u_int msg_len; - u_int type; + u_int msg_len, type; u_char *cp; /* kill dead keys */ @@ -622,6 +620,7 @@ process_message(SocketEntry *e) if (msg_len > 256 * 1024) { shutdown(e->fd, SHUT_RDWR); close(e->fd); + e->fd = -1; e->type = AUTH_UNUSED; buffer_free(&e->input); buffer_free(&e->output); @@ -717,6 +716,7 @@ static void new_socket(sock_type type, int fd) { u_int i, old_alloc; + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -801,11 +801,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp) static void after_select(fd_set *readset, fd_set *writeset) { - u_int i; - int len, sock; + struct sockaddr_un sunaddr; socklen_t slen; char buf[1024]; - struct sockaddr_un sunaddr; + int len, sock; + u_int i; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -839,6 +839,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -858,6 +859,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -928,6 +930,8 @@ int main(int ac, char **av) { int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; + char *shell, *format, *pidstr, *agentsocket = NULL; + fd_set *readsetp = NULL, *writesetp = NULL; struct sockaddr_un sunaddr; #ifdef HAVE_SETRLIMIT struct rlimit rlim; @@ -935,11 +939,10 @@ main(int ac, char **av) #ifdef HAVE_CYGWIN int prev_mask; #endif - pid_t pid; - char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; - char *agentsocket = NULL; extern int optind; - fd_set *readsetp = NULL, *writesetp = NULL; + extern char *optarg; + pid_t pid; + char pidstrbuf[1 + 3 * sizeof pid]; SSLeay_add_all_algorithms(); @@ -947,11 +950,7 @@ main(int ac, char **av) init_rng(); seed_rng(); -#ifdef __GNU_LIBRARY__ - while ((ch = getopt(ac, av, "+cdksa:")) != -1) { -#else /* __GNU_LIBRARY__ */ while ((ch = getopt(ac, av, "cdksa:")) != -1) { -#endif /* __GNU_LIBRARY__ */ switch (ch) { case 'c': if (s_flag) diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 230e48e1d172..314062a7b21a 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ .\" $FreeBSD$ .Dd September 25, 1999 .Dt SSH 1 @@ -955,8 +955,8 @@ protocol versions 1.5 and 2.0. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr telnet 1 , -.Xr ssh_config 4 , -.Xr ssh-keysign 8, +.Xr ssh_config 5 , +.Xr ssh-keysign 8 , .Xr sshd 8 .Rs .%A T. Ylonen diff --git a/crypto/openssh/ssh.h b/crypto/openssh/ssh.h index e23bb1d5c26c..ea71a56cdcca 100644 --- a/crypto/openssh/ssh.h +++ b/crypto/openssh/ssh.h @@ -1,4 +1,5 @@ -/* $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $ */ +/* $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $ */ +/* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -65,8 +66,8 @@ #endif /* - * Name of the environment variable containing the pathname of the - * authentication socket. + * Name of the environment variable containing the process ID of the + * authentication agent. */ #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 9b4c38835a67..d96b02d6ea02 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -13,7 +13,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$FreeBSD$"); #include @@ -266,7 +267,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%d", port); + snprintf(strport, sizeof strport, "%u", port); if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) fatal("%s: %.100s: %s", __progname, host, gai_strerror(gaierr)); @@ -489,7 +490,6 @@ confirm(const char *prompt) * check whether the supplied host key is valid, return -1 if the key * is not valid. the user_hostfile will not be updated if 'readonly' is true. */ - static int check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int readonly, const char *user_hostfile, const char *system_hostfile) diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 7f28ab51e79d..ccef7fc2efd5 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -23,7 +23,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$FreeBSD$"); #include "ssh.h" #include "ssh2.h" @@ -299,12 +300,14 @@ userauth(Authctxt *authctxt, char *authlist) } } } + void input_userauth_error(int type, u_int32_t seq, void *ctxt) { fatal("input_userauth_error: bad message during authentication: " "type %d", type); } + void input_userauth_banner(int type, u_int32_t seq, void *ctxt) { @@ -316,6 +319,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) xfree(msg); xfree(lang); } + void input_userauth_success(int type, u_int32_t seq, void *ctxt) { @@ -327,6 +331,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) clear_auth_state(authctxt); authctxt->success = 1; /* break out */ } + void input_userauth_failure(int type, u_int32_t seq, void *ctxt) { @@ -375,7 +380,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d", + debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", pkalg, blen, authctxt->last_key, authctxt->last_key_hint); do { @@ -894,9 +899,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) } static int -ssh_keysign( - Key *key, - u_char **sigp, u_int *lenp, +ssh_keysign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { Buffer b; @@ -1098,6 +1101,7 @@ authmethod_lookup(const char *name) static Authmethod *current = NULL; static char *supported = NULL; static char *preferred = NULL; + /* * Given the authentication method list sent by the server, return the * next method we should try. If the server initially sends a nil list, diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index e6f2410a958f..147d8be763c5 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $ .\" $FreeBSD$ .Dd September 25, 1999 .Dt SSHD 8 @@ -581,11 +581,18 @@ These files are created using .Xr ssh-keygen 1 . .It Pa /etc/ssh/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +.It Pa /var/empty +.Xr chroot 2 +directory used by +.Nm +during privilege separation in the pre-authentication phase. +The directory should not contain any files and must be owned by root +and not group or world-writable. .It Pa /var/run/sshd.pid Contains the process ID of the .Nm listening for connections (if there are several daemons running -concurrently for different ports, this contains the pid of the one +concurrently for different ports, this contains the process ID of the one started last). The content of this file is not sensitive; it can be world-readable. .It Pa $HOME/.ssh/authorized_keys diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index feea3ce2c5ca..a181878815d9 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -42,7 +42,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); +RCSID("$FreeBSD$"); #include #include @@ -219,6 +220,7 @@ static void close_listen_socks(void) { int i; + for (i = 0; i < num_listen_socks; i++) close(listen_socks[i]); num_listen_socks = -1; @@ -228,6 +230,7 @@ static void close_startup_pipes(void) { int i; + if (startup_pipes) for (i = 0; i < options.max_startups; i++) if (startup_pipes[i] != -1) @@ -260,7 +263,8 @@ sighup_restart(void) close_listen_socks(); close_startup_pipes(); execv(saved_argv[0], saved_argv); - log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno)); + log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], + strerror(errno)); exit(1); } @@ -280,8 +284,8 @@ sigterm_handler(int sig) static void main_sigchld_handler(int sig) { - pid_t pid; int save_errno = errno; + pid_t pid; int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || @@ -341,6 +345,7 @@ static void key_regeneration_alarm(int sig) { int save_errno = errno; + signal(SIGALRM, SIG_DFL); errno = save_errno; key_do_regen = 1; @@ -372,7 +377,8 @@ sshd_exchange_identification(int sock_in, int sock_out) if (client_version_string == NULL) { /* Send our protocol version identification. */ - if (atomicio(write, sock_out, server_version_string, strlen(server_version_string)) + if (atomicio(write, sock_out, server_version_string, + strlen(server_version_string)) != strlen(server_version_string)) { log("Could not write ident string to %s", get_remote_ipaddr()); fatal_cleanup(); @@ -475,7 +481,6 @@ sshd_exchange_identification(int sock_in, int sock_out) } } - /* Destroy the host and server keys. They will no longer be needed. */ void destroy_sensitive_data(void) @@ -526,8 +531,9 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; - int i; + gid_t gidset[2]; struct passwd *pw; + int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); @@ -555,7 +561,17 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(pw); +#endif } static Authctxt* @@ -609,7 +625,11 @@ privsep_postauth(Authctxt *authctxt) /* XXX - Remote port forwarding */ x_authctxt = authctxt; +#ifdef BROKEN_FD_PASSING + if (1) { +#else if (authctxt->pw->pw_uid == 0 || options.use_login) { +#endif /* File descriptor passing is broken or root login */ monitor_apply_keystate(pmonitor); use_privsep = 0; @@ -683,6 +703,7 @@ Key * get_hostkey_by_type(int type) { int i; + for (i = 0; i < options.num_host_key_files; i++) { Key *key = sensitive_data.host_keys[i]; if (key != NULL && key->type == type) @@ -703,6 +724,7 @@ int get_hostkey_index(Key *key) { int i; + for (i = 0; i < options.num_host_key_files; i++) { if (key == sensitive_data.host_keys[i]) return (i); @@ -991,11 +1013,13 @@ main(int ac, char **av) * hate software patents. I dont know if this can go? Niels */ if (options.server_key_bits > - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED && - options.server_key_bits < - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - + SSH_KEY_BITS_RESERVED && options.server_key_bits < + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED) { options.server_key_bits = - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED; + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED; debug("Forcing server key to %d bits to make it differ from host key.", options.server_key_bits); } @@ -1012,6 +1036,9 @@ main(int ac, char **av) (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); + if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) + fatal("Bad owner or mode for %s", + _PATH_PRIVSEP_CHROOT_DIR); } /* Configuration looks good, so exit if in test mode. */ @@ -1351,7 +1378,7 @@ main(int ac, char **av) */ #if 0 /* XXX: this breaks Solaris */ - if (setsid() < 0) + if (!debug_flag && !inetd_flag && setsid() < 0) error("setsid: %.100s", strerror(errno)); #endif diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 4327e63670f2..615ea27aedc1 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ .\" $FreeBSD$ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 @@ -422,6 +422,12 @@ The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches .Dq full (60). +.It Cm PAMAuthenticationViaKbdInt +Specifies whether PAM challenge response authentication is allowed. This +allows the use of most PAM challenge response authentication modules, but +it will allow password authentication regardless of whether +.Cm PasswordAuthentication +is enabled. .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is @@ -461,7 +467,7 @@ If this option is set to .Dq no root is not allowed to login. .It Cm PidFile -Specifies the file that contains the process identifier of the +Specifies the file that contains the process ID of the .Nm sshd daemon. The default is diff --git a/crypto/openssh/sshlogin.c b/crypto/openssh/sshlogin.c index 78c51abd6793..a794672c010e 100644 --- a/crypto/openssh/sshlogin.c +++ b/crypto/openssh/sshlogin.c @@ -39,7 +39,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $"); +RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $"); +RCSID("$FreeBSD$"); #include "loginrec.h" @@ -48,10 +49,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $"); * information is not available. This must be called before record_login. * The host the user logged in from will be returned in buf. */ - u_long get_last_login_time(uid_t uid, const char *logname, - char *buf, u_int bufsize) + char *buf, u_int bufsize) { struct logininfo li; @@ -64,10 +64,9 @@ get_last_login_time(uid_t uid, const char *logname, * Records that the user has logged in. I these parts of operating systems * were more standardized. */ - void record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, - const char *host, struct sockaddr * addr) + const char *host, struct sockaddr * addr) { struct logininfo *li; @@ -92,7 +91,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user, #endif /* Records that the user has logged out. */ - void record_logout(pid_t pid, const char *ttyname, const char *user) { diff --git a/crypto/openssh/sshpty.c b/crypto/openssh/sshpty.c index a7e7e27693bb..14a01b7e79b7 100644 --- a/crypto/openssh/sshpty.c +++ b/crypto/openssh/sshpty.c @@ -12,7 +12,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $"); +RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $"); +RCSID("$FreeBSD$"); #ifdef HAVE_UTIL_H # include @@ -343,9 +344,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) if (fd < 0) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); - else { + else close(fd); - } #endif /* _CRAY */ } @@ -356,6 +356,7 @@ pty_change_window_size(int ptyfd, int row, int col, int xpixel, int ypixel) { struct winsize w; + w.ws_row = row; w.ws_col = col; w.ws_xpixel = xpixel; @@ -393,13 +394,13 @@ pty_setowner(struct passwd *pw, const char *ttyname) if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && - (st.st_uid == pw->pw_uid || st.st_uid == 0)) - error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + (st.st_uid == pw->pw_uid || st.st_uid == 0)) + error("chown(%.100s, %u, %u) failed: %.100s", + ttyname, (u_int)pw->pw_uid, (u_int)gid, strerror(errno)); else - fatal("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + fatal("chown(%.100s, %u, %u) failed: %.100s", + ttyname, (u_int)pw->pw_uid, (u_int)gid, strerror(errno)); } } diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 2d7291b5a96d..e9f3524da374 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,11 +1,11 @@ -/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */ +/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */ /* $FreeBSD$ */ #ifndef SSH_VERSION #define SSH_VERSION (ssh_version_get()) -#define SSH_VERSION_BASE "OpenSSH_3.3" -#define SSH_VERSION_ADDENDUM "FreeBSD-20020625" +#define SSH_VERSION_BASE "OpenSSH_3.4p1" +#define SSH_VERSION_ADDENDUM "FreeBSD-20020629" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add);