d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of OpenSSH 3.4p1.

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2002-06-29 11:34:13 +00:00
parent 83d2307d00
commit ee21a45f81
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-crypto/openssh/dist/; revision=99060
55 changed files with 685 additions and 381 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
crypto/openssh/ChangeLog
View File

@ -1,6 +1,169 @@
20020626
- (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/06/23 21:34:07
[channels.c]
tcode is u_int
- markus@cvs.openbsd.org 2002/06/24 13:12:23
[ssh-agent.1]
the socket name contains ssh-agent's ppid; via mpech@ from form@
- markus@cvs.openbsd.org 2002/06/24 14:33:27
[channels.c channels.h clientloop.c serverloop.c]
move channel counter to u_int
- markus@cvs.openbsd.org 2002/06/24 14:55:38
[authfile.c kex.c ssh-agent.c]
cat to (void) when output from buffer_get_X is ignored
- itojun@cvs.openbsd.org 2002/06/24 15:49:22
[msg.c]
printf type pedant
- deraadt@cvs.openbsd.org 2002/06/24 17:57:20
[sftp-server.c sshpty.c]
explicit (u_int) for uid and gid
- markus@cvs.openbsd.org 2002/06/25 16:22:42
[authfd.c]
unnecessary cast
- markus@cvs.openbsd.org 2002/06/25 18:51:04
[sshd.c]
lightweight do_setusercontext after chroot()
- (bal) Updated AIX package build. Patch by dtucker@zip.com.au
- (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
- (bal) added back in error check for mmap(). I screwed up, Pointed
out by stevesk@
- (tim) [README.privsep] UnixWare tip no longer needed.
- (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
but it all damned lies.
- (stevesk) [README.privsep] more for sshd pseudo-account.
- (tim) [contrib/caldera/openssh.spec] add support for privsep
- (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/06/26 08:53:12
[bufaux.c]
limit size of BNs to 8KB; ok provos/deraadt
- markus@cvs.openbsd.org 2002/06/26 08:54:18
[buffer.c]
limit append to 1MB and buffers to 10MB
- markus@cvs.openbsd.org 2002/06/26 08:55:02
[channels.c]
limit # of channels to 10000
- markus@cvs.openbsd.org 2002/06/26 08:58:26
[session.c]
limit # of env vars to 1000; ok deraadt/djm
- deraadt@cvs.openbsd.org 2002/06/26 13:20:57
[monitor.c]
be careful in mm_zalloc
- deraadt@cvs.openbsd.org 2002/06/26 13:49:26
[session.c]
disclose less information from environment files; based on input
from djm, and dschultz@uclink.Berkeley.EDU
- markus@cvs.openbsd.org 2002/06/26 13:55:37
[auth2-chall.c]
make sure # of response matches # of queries, fixes int overflow;
from ISS
- markus@cvs.openbsd.org 2002/06/26 13:56:27
[version.h]
3.4
- (djm) Require krb5 devel for RPM build w/ KrbV
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
<nalin@redhat.com>
- (djm) Update spec files for release
- (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
- (djm) Release 3.4p1
20020625
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
- (stevesk) [README.privsep] minor updates
- (djm) Create privsep directory and warn if privsep user is missing
during make install
- (bal) Started list of PrivSep issues in TODO
- (bal) if mmap() is substandard, don't allow compression on server side.
Post 'event' we will add more options.
- (tim) [contrib/caldera/openssh.spec] Sync with Caldera
- (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
dtucker@zip.com.au
- (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
for Cygwin, Cray, & SCO
20020624
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/06/23 03:25:50
[tildexpand.c]
KNF
- deraadt@cvs.openbsd.org 2002/06/23 03:26:19
[cipher.c key.c]
KNF
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
- deraadt@cvs.openbsd.org 2002/06/23 09:30:14
[sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
sftp.c]
bunch of u_int vs int stuff
- deraadt@cvs.openbsd.org 2002/06/23 09:39:55
[ssh-keygen.c]
u_int stuff
- deraadt@cvs.openbsd.org 2002/06/23 09:46:51
[bufaux.c servconf.c]
minor KNF. things the fingers do while you read
- deraadt@cvs.openbsd.org 2002/06/23 10:29:52
[ssh-agent.c sshd.c]
some minor KNF and %u
- deraadt@cvs.openbsd.org 2002/06/23 20:39:45
[session.c]
compression_level is u_int
- deraadt@cvs.openbsd.org 2002/06/23 21:06:13
[sshpty.c]
KNF
- deraadt@cvs.openbsd.org 2002/06/23 21:06:41
[channels.c channels.h session.c session.h]
display, screen, row, col, xpixel, ypixel are u_int; markus ok
- deraadt@cvs.openbsd.org 2002/06/23 21:10:02
[packet.c]
packet_get_int() returns unsigned for reason & seqnr
- (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
xpixel are u_int.
20020623
- (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
- (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
- (bal) add extern char *getopt. Based on report by dtucker@zip.com.au
- OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/06/22 02:00:29
[ssh.h]
correct comment
- stevesk@cvs.openbsd.org 2002/06/22 02:40:23
[ssh.1]
section 5 not 4 for ssh_config
- naddy@cvs.openbsd.org 2002/06/22 11:51:39
[ssh.1]
typo
- stevesk@cvs.openbsd.org 2002/06/22 16:32:54
[sshd.8]
add /var/empty in FILES section
- stevesk@cvs.openbsd.org 2002/06/22 16:40:19
[sshd.c]
check /var/empty owner mode; ok provos@
- stevesk@cvs.openbsd.org 2002/06/22 16:41:57
[scp.1]
typo
- stevesk@cvs.openbsd.org 2002/06/22 16:45:29
[ssh-agent.1 sshd.8 sshd_config.5]
use process ID vs. pid/PID/process identifier
- stevesk@cvs.openbsd.org 2002/06/22 20:05:27
[sshd.c]
don't call setsid() if debugging or run from inetd; no "Operation not
permitted" errors now; ok millert@ markus@
- stevesk@cvs.openbsd.org 2002/06/22 23:09:51
[monitor.c]
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
20020622
- (djm) Update README.privsep; spotted by fries@
- (djm) Release 3.3p1
- (bal) getopt now can be staticly compiled on those platforms missing
optreset. Patch by binder@arago.de
20020621
- (djm) Sync:
@ -1004,4 +1167,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2240 2002/06/21 15:44:45 djm Exp $
$Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $

7
crypto/openssh/INSTALL
View File

@ -105,11 +105,6 @@ name).
There are a few other options to the configure script:
--with-rsh=PATH allows you to specify the path to your rsh program.
Normally ./configure will search the current $PATH for 'rsh'. You
may need to specify this option if rsh is not in your path or has a
different name.
--with-pam enables PAM support.
--enable-gnome-askpass will build the GNOME passphrase dialog. You
@ -226,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.53 2002/05/13 05:22:21 djm Exp $
$Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $

13
crypto/openssh/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.215 2002/06/21 01:38:53 mouring Exp $
# $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
RAND_HELPER=$(libexecdir)/ssh-rand-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@ -197,9 +198,13 @@ distprep: catman-do
$(AUTORECONF)
(cd scard && $(MAKE) -f Makefile.in distprep)
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
check-user:
id $(SSH_PRIVSEP_USER) || \
echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist"
scard-install:
(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
@ -212,6 +217,8 @@ install-files: scard-install
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
$(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)
chmod 0700 $(DESTDIR)$(PRIVSEP_PATH)
$(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
@ -234,7 +241,7 @@ install-files: scard-install
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
fi
@NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1

21
crypto/openssh/README.privsep
View File

@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
compression must be disabled in order for privilege separation to
function.
When privsep is enabled, the pre-authentication sshd process will
When privsep is enabled, during the pre-authentication phase sshd will
chroot(2) to "/var/empty" and change its privileges to the "sshd" user
and its primary group. You should do something like the following to
prepare the privsep preauth environment:
and its primary group. sshd is a pseudo-account that should not be
used by other daemons, and must be locked and should contain a
"nologin" or invalid shell.
You should do something like the following to prepare the privsep
preauth environment:
# mkdir /var/empty
# chown root:sys /var/empty
# chmod 755 /var/empty
# groupadd sshd
# useradd -g sshd sshd
If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
# ln /usr/lib/.ns.so /usr/lib/ns.so.1
# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
/var/empty should not contain any files.
@ -34,8 +35,8 @@ privsep user and chroot directory:
--with-privsep-path=xxx Path for privilege separation chroot
--with-privsep-user=user Specify non-privileged user for privilege separation
Privsep requires operating system support for file descriptor passing
and mmap(MAP_ANON).
Privsep requires operating system support for file descriptor passing.
Compression will be disabled on systems without a working mmap MAP_ANON.
PAM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
@ -57,4 +58,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $
$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $

18
crypto/openssh/TODO
View File

@ -87,4 +87,20 @@ Packaging:
- HP-UX: Provide DEPOT package scripts.
(gilbert.r.loomis@saic.com)
$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $
PrivSep Issues:
- mmap() issues.
+ /dev/zero solution (Solaris)
+ No/broken MAP_ANON (Irix)
+ broken /dev/zero parse (Linux)
- PAM
+ See above PAM notes
- AIX
+ usrinfo() does not set TTY, but only required for legicy systems. Works
with PrivSep.
- OSF
+ SIA is broken
- Cygwin
+ Privsep for Pre-auth only (no fd passing)
$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $

11
crypto/openssh/acconfig.h
View File

@ -1,4 +1,4 @@
/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */
/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */
#ifndef _CONFIG_H
#define _CONFIG_H
@ -228,9 +228,6 @@
/* Define if xauth is found in your path */
#undef XAUTH_PATH
/* Define if rsh is found in your path */
#undef RSH_PATH
/* Define if you want to allow MD5 passwords */
#undef HAVE_MD5_PASSWORDS
@ -358,6 +355,12 @@
/* Path that unprivileged child will chroot() to in privep mode */
#undef PRIVSEP_PATH
/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
#undef HAVE_MMAP_ANON_SHARED
/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
#undef BROKEN_FD_PASSING
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */

18
crypto/openssh/auth2-chall.c
View File

@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $");
#include "ssh2.h"
#include "auth.h"
@ -63,6 +63,7 @@ struct KbdintAuthctxt
char *devices;
void *ctxt;
KbdintDevice *device;
u_int nreq;
};
static KbdintAuthctxt *
@ -90,6 +91,7 @@ kbdint_alloc(const char *devs)
debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
kbdintctxt->ctxt = NULL;
kbdintctxt->device = NULL;
kbdintctxt->nreq = 0;
return kbdintctxt;
}
@ -209,26 +211,26 @@ send_userauth_info_request(Authctxt *authctxt)
KbdintAuthctxt *kbdintctxt;
char *name, *instr, **prompts;
int i;
u_int numprompts, *echo_on;
u_int *echo_on;
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt->device->query(kbdintctxt->ctxt,
&name, &instr, &numprompts, &prompts, &echo_on))
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
return 0;
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(name);
packet_put_cstring(instr);
packet_put_cstring(""); /* language not used */
packet_put_int(numprompts);
for (i = 0; i < numprompts; i++) {
packet_put_int(kbdintctxt->nreq);
for (i = 0; i < kbdintctxt->nreq; i++) {
packet_put_cstring(prompts[i]);
packet_put_char(echo_on[i]);
}
packet_send();
packet_write_wait();
for (i = 0; i < numprompts; i++)
for (i = 0; i < kbdintctxt->nreq; i++)
xfree(prompts[i]);
xfree(prompts);
xfree(echo_on);
@ -256,6 +258,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
authctxt->postponed = 0; /* reset */
nresp = packet_get_int();
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xmalloc(nresp * sizeof(char*));
for (i = 0; i < nresp; i++)

11
crypto/openssh/auth2-pam.c
View File

@ -1,5 +1,5 @@
#include "includes.h"
RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $");
RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $");
#ifdef USE_PAM
#include <security/pam_appl.h>
@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
if (nresp != context_pam2.num_expected)
fatal("%s: Received incorrect number of responses "
"(expected %u, received %u)", __func__, nresp,
context_pam2.num_expected);
if (nresp > 100)
fatal("%s: too many replies", __func__);
for (i = 0; i < nresp; i++) {
int j = context_pam2.prompts[i];

4
crypto/openssh/authfd.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $");
#include <openssl/evp.h>
@ -144,7 +144,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
error("Error reading response from authentication socket.");
return 0;
}
buffer_append(reply, (char *) buf, l);
buffer_append(reply, buf, l);
len -= l;
}
return 1;

6
crypto/openssh/authfile.c
View File

@ -36,7 +36,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $");
RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
@ -270,7 +270,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
(void) buffer_get_int(&buffer); /* reserved */
/* Read the public key from the buffer. */
buffer_get_int(&buffer);
(void) buffer_get_int(&buffer);
pub = key_new(KEY_RSA1);
buffer_get_bignum(&buffer, pub->rsa->n);
buffer_get_bignum(&buffer, pub->rsa->e);
@ -357,7 +357,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
(void) buffer_get_int(&buffer); /* Reserved data. */
/* Read the public key from the buffer. */
buffer_get_int(&buffer);
(void) buffer_get_int(&buffer);
prv = key_new_private(KEY_RSA1);
buffer_get_bignum(&buffer, prv->rsa->n);

25
crypto/openssh/bufaux.c
View File

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
bits = GET_16BIT(buf);
/* Compute the number of binary bytes that follow. */
bytes = (bits + 7) / 8;
if (bytes > 8 * 1024)
fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
if (buffer_len(buffer) < bytes)
fatal("buffer_get_bignum: input buffer too small");
bin = buffer_ptr(buffer);
@ -105,6 +107,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
u_char *buf = xmalloc(bytes);
int oi;
int hasnohigh = 0;
buf[0] = '\0';
/* Get the value of in binary */
oi = BN_bn2bin(value, buf+1);
@ -128,12 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
xfree(buf);
}
/* XXX does not handle negative BNs */
void
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
{
/**XXX should be two's-complement */
int len;
u_char *bin = buffer_get_string(buffer, (u_int *)&len);
u_int len;
u_char *bin = buffer_get_string(buffer, &len);
if (len > 8 * 1024)
fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
BN_bin2bn(bin, len, value);
xfree(bin);
}
@ -145,6 +151,7 @@ u_short
buffer_get_short(Buffer *buffer)
{
u_char buf[2];
buffer_get(buffer, (char *) buf, 2);
return GET_16BIT(buf);
}
@ -153,6 +160,7 @@ u_int
buffer_get_int(Buffer *buffer)
{
u_char buf[4];
buffer_get(buffer, (char *) buf, 4);
return GET_32BIT(buf);
}
@ -162,6 +170,7 @@ u_int64_t
buffer_get_int64(Buffer *buffer)
{
u_char buf[8];
buffer_get(buffer, (char *) buf, 8);
return GET_64BIT(buf);
}
@ -174,6 +183,7 @@ void
buffer_put_short(Buffer *buffer, u_short value)
{
char buf[2];
PUT_16BIT(buf, value);
buffer_append(buffer, buf, 2);
}
@ -182,6 +192,7 @@ void
buffer_put_int(Buffer *buffer, u_int value)
{
char buf[4];
PUT_32BIT(buf, value);
buffer_append(buffer, buf, 4);
}
@ -191,6 +202,7 @@ void
buffer_put_int64(Buffer *buffer, u_int64_t value)
{
char buf[8];
PUT_64BIT(buf, value);
buffer_append(buffer, buf, 8);
}
@ -207,8 +219,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
void *
buffer_get_string(Buffer *buffer, u_int *length_ptr)
{
u_int len;
u_char *value;
u_int len;
/* Get the length. */
len = buffer_get_int(buffer);
if (len > 256 * 1024)
@ -249,6 +262,7 @@ int
buffer_get_char(Buffer *buffer)
{
char ch;
buffer_get(buffer, &ch, 1);
return (u_char) ch;
}
@ -260,5 +274,6 @@ void
buffer_put_char(Buffer *buffer, int value)
{
char ch = value;
buffer_append(buffer, &ch, 1);
}

8
crypto/openssh/buffer.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: buffer.c,v 1.15 2002/01/18 18:14:17 stevesk Exp $");
RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@ -71,6 +71,9 @@ buffer_append_space(Buffer *buffer, u_int len)
{
void *p;
if (len > 0x100000)
fatal("buffer_append_space: len %u not supported", len);
/* If the buffer is empty, start using it from the beginning. */
if (buffer->offset == buffer->end) {
buffer->offset = 0;
@ -96,6 +99,9 @@ buffer_append_space(Buffer *buffer, u_int len)
}
/* Increase the size of the buffer and retry. */
buffer->alloc += len + 32768;
if (buffer->alloc > 0xa00000)
fatal("buffer_append_space: alloc %u not supported",
buffer->alloc);
buffer->buf = xrealloc(buffer->buf, buffer->alloc);
goto restart;
/* NOTREACHED */

31
crypto/openssh/channels.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -205,7 +205,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
Channel *
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
int window, int maxpack, int extusage, char *remote_name, int nonblock)
u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
{
int i, found;
Channel *c;
@ -229,6 +229,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
/* There are no free slots. Take last+1 slot and expand the array. */
found = channels_alloc;
channels_alloc += 10;
if (channels_alloc > 10000)
fatal("channel_new: internal error: channels_alloc %d "
"too big.", channels_alloc);
debug2("channel: expanding %d", channels_alloc);
channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
for (i = found; i < channels_alloc; i++)
@ -1568,8 +1571,9 @@ channel_after_select(fd_set * readset, fd_set * writeset)
void
channel_output_poll(void)
{
int len, i;
Channel *c;
int i;
u_int len;
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
@ -1647,7 +1651,7 @@ channel_output_poll(void)
c->remote_window > 0 &&
(len = buffer_len(&c->extended)) > 0 &&
c->extended_usage == CHAN_EXTENDED_READ) {
debug2("channel %d: rwin %d elen %d euse %d",
debug2("channel %d: rwin %u elen %u euse %d",
c->self, c->remote_window, buffer_len(&c->extended),
c->extended_usage);
if (len > c->remote_window)
@ -1717,9 +1721,8 @@ void
channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
{
int id;
int tcode;
char *data;
u_int data_len;
u_int data_len, tcode;
Channel *c;
/* Get the channel number and verify it. */
@ -1874,7 +1877,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
c->confirm(c->self, NULL);
debug2("callback done");
}
debug("channel %d: open confirm rwindow %d rmax %d", c->self,
debug("channel %d: open confirm rwindow %u rmax %u", c->self,
c->remote_window, c->remote_maxpacket);
}
packet_check_eom();
@ -1931,7 +1934,8 @@ void
channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
{
Channel *c;
int id, adjust;
int id;
u_int adjust;
if (!compat20)
return;
@ -1947,7 +1951,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
}
adjust = packet_get_int();
packet_check_eom();
debug2("channel %d: rcvd adjust %d", id, adjust);
debug2("channel %d: rcvd adjust %u", id, adjust);
c->remote_window += adjust;
}
@ -2328,12 +2332,12 @@ channel_connect_to(const char *host, u_short port)
/*
* Creates an internet domain socket for listening for X11 connections.
* Returns a suitable display number for the DISPLAY variable, or -1 if
* an error occurs.
* Returns 0 and a suitable display number for the DISPLAY variable
* stored in display_numberp , or -1 if an error occurs.
*/
int
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
int single_connection)
int single_connection, u_int *display_numberp)
{
Channel *nc = NULL;
int display_number, sock;
@ -2431,7 +2435,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
}
/* Return the display number for the DISPLAY environment variable. */
return display_number;
*display_numberp = display_number;
return (0);
}
static int

18
crypto/openssh/channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */
/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -90,12 +90,12 @@ struct Channel {
int host_port; /* remote port to connect for forwards */
char *remote_name; /* remote hostname */
int remote_window;
int remote_maxpacket;
int local_window;
int local_window_max;
int local_consumed;
int local_maxpacket;
u_int remote_window;
u_int remote_maxpacket;
u_int local_window;
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
int extended_usage;
int single_connection;
@ -151,7 +151,7 @@ struct Channel {
/* channel management */
Channel *channel_lookup(int);
Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int);
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
void channel_set_fds(int, int, int, int, int, int, u_int);
void channel_free(Channel *);
void channel_free_all(void);
@ -205,7 +205,7 @@ int channel_setup_remote_fwd_listener(const char *, u_short, int);
/* x11 forwarding */
int x11_connect_display(void);
int x11_create_display_inet(int, int, int);
int x11_create_display_inet(int, int, int, u_int *);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *);
void deny_input_open(int, u_int32_t, void *);

14
crypto/openssh/cipher.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $");
#include "xmalloc.h"
#include "log.h"
@ -95,11 +95,13 @@ cipher_blocksize(Cipher *c)
{
return (c->block_size);
}
u_int
cipher_keylen(Cipher *c)
{
return (c->key_len);
}
u_int
cipher_get_number(Cipher *c)
{
@ -314,6 +316,7 @@ struct ssh1_3des_ctx
{
EVP_CIPHER_CTX k1, k2, k3;
};
static int
ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
int enc)
@ -356,6 +359,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
#endif
return (1);
}
static int
ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
{
@ -377,6 +381,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
#endif
return (1);
}
static int
ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
{
@ -389,6 +394,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
}
return (1);
}
static const EVP_CIPHER *
evp_ssh1_3des(void)
{
@ -430,7 +436,9 @@ swap_bytes(const u_char *src, u_char *dst, int n)
*dst++ = c[3];
}
}
static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
static int
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
{
@ -441,6 +449,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
swap_bytes(out, out, len);
return (ret);
}
static const EVP_CIPHER *
evp_ssh1_bf(void)
{
@ -483,6 +492,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
return (1);
}
static int
ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
u_int len)
@ -528,6 +538,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
}
return (1);
}
static int
ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
{
@ -540,6 +551,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
}
return (1);
}
static const EVP_CIPHER *
evp_rijndael(void)
{

6
crypto/openssh/clientloop.c
View File

@ -59,7 +59,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.101 2002/06/09 13:32:01 markus Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -1208,10 +1208,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
char *ctype;
u_int len;
int rchan;
int rmaxpack;
int rwindow;
u_int rmaxpack, rwindow, len;
ctype = packet_get_string(&len);
rchan = packet_get_int();

53
crypto/openssh/configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@ -76,6 +76,7 @@ case "$host" in
AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
;;
*-*-cygwin*)
LIBS="$LIBS /usr/lib/textmode.o"
@ -85,6 +86,7 @@ case "$host" in
AC_DEFINE(IPV4_DEFAULT)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
AC_DEFINE(BROKEN_FD_PASSING)
AC_DEFINE(SETGROUPS_NOOP)
;;
*-*-dgux*)
@ -246,7 +248,6 @@ mips-sony-bsd|mips-sony-newsos4)
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
rsh_path="/usr/bin/rcmd"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
@ -263,10 +264,10 @@ mips-sony-bsd|mips-sony-newsos4)
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
rsh_path="/usr/bin/rcmd"
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_FD_PASSING)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
@ -274,6 +275,7 @@ mips-sony-bsd|mips-sony-newsos4)
no_libsocket=1
no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(BROKEN_FD_PASSING)
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
LIBS="$LIBS -lgen -lrsc"
;;
@ -575,6 +577,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
if test $ac_cv_func_mmap = yes ; then
AC_MSG_CHECKING([for mmap anon shared])
AC_TRY_RUN(
[
#include <stdio.h>
#include <sys/mman.h>
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
#define MAP_ANON MAP_ANONYMOUS
#endif
main() { char *p;
p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
if (p == (char *)-1)
exit(1);
exit(0);
}
],
[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_MMAP_ANON_SHARED)
],
[ AC_MSG_RESULT(no) ]
)
fi
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
AC_CHECK_LIB(gen, dirname,[
@ -907,16 +933,17 @@ AC_ARG_WITH(entropy-timeout,
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
ssh_privsep_user=sshd
SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval"; then
ssh_privsep_user=$withval
SSH_PRIVSEP_USER=$withval
fi
]
)
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
AC_SUBST(SSH_PRIVSEP_USER)
# We do this little dance with the search path to insure
# that programs that we select for use by installed programs
@ -1789,17 +1816,6 @@ AC_ARG_WITH(afs,
LIBS="$LIBS $KLIBS $K5LIBS"
# Looking for programs, paths and files
AC_ARG_WITH(rsh,
[ --with-rsh=PATH Specify path to remote shell program ],
[
if test "x$withval" != "$no" ; then
rsh_path=$withval
fi
],
[
AC_PATH_PROG(rsh_path, rsh)
]
)
PRIVSEP_PATH=/var/empty
AC_ARG_WITH(privsep-path,
@ -1835,9 +1851,6 @@ else
XAUTH_PATH=$xauth_path
AC_SUBST(XAUTH_PATH)
fi
if test ! -z "$rsh_path" ; then
AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
fi
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then

23
crypto/openssh/defines.h
View File

@ -1,7 +1,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.90 2002/06/07 03:19:36 mouring Exp $ */
/* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */
/* Constants */
@ -316,14 +316,6 @@ struct winsize {
# define _PATH_MAILDIR MAILDIR
#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
#ifndef _PATH_RSH
# ifdef RSH_PATH
# define _PATH_RSH RSH_PATH
# else /* RSH_PATH */
# define _PATH_RSH "/usr/bin/rsh"
# endif /* RSH_PATH */
#endif /* _PATH_RSH */
#ifndef _PATH_NOLOGIN
# define _PATH_NOLOGIN "/etc/nologin"
#endif
@ -417,7 +409,18 @@ struct winsize {
#endif
#ifndef HAVE_GETOPT_OPTRESET
#define getopt(ac, av, o) BSDgetopt(ac, av, o)
# undef getopt
# undef opterr
# undef optind
# undef optopt
# undef optreset
# undef optarg
# define getopt(ac, av, o) BSDgetopt(ac, av, o)
# define opterr BSDopterr
# define optind BSDoptind
# define optopt BSDoptopt
# define optreset BSDoptreset
# define optarg BSDoptarg
#endif
/* In older versions of libpam, pam_strerror takes a single argument */

6
crypto/openssh/kex.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
#include <openssl/crypto.h>
@ -202,8 +202,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(packet_get_string(NULL));
packet_get_char();
packet_get_int();
(void) packet_get_char();
(void) packet_get_int();
packet_check_eom();
kex_kexinit_finish(kex);

10
crypto/openssh/key.c
View File

@ -32,7 +32,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $");
RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $");
#include <openssl/evp.h>
@ -89,6 +89,7 @@ key_new(int type)
}
return k;
}
Key *
key_new_private(int type)
{
@ -120,6 +121,7 @@ key_new_private(int type)
}
return k;
}
void
key_free(Key *k)
{
@ -359,6 +361,7 @@ read_bignum(char **cpp, BIGNUM * value)
*cpp = cp;
return 1;
}
static int
write_bignum(FILE *f, BIGNUM *num)
{
@ -485,6 +488,7 @@ key_read(Key *ret, char **cpp)
}
return success;
}
int
key_write(Key *key, FILE *f)
{
@ -516,6 +520,7 @@ key_write(Key *key, FILE *f)
}
return success;
}
char *
key_type(Key *k)
{
@ -532,6 +537,7 @@ key_type(Key *k)
}
return "unknown";
}
char *
key_ssh_name(Key *k)
{
@ -545,6 +551,7 @@ key_ssh_name(Key *k)
}
return "ssh-unknown";
}
u_int
key_size(Key *k)
{
@ -807,7 +814,6 @@ key_verify(
}
/* Converts a private to a public key */
Key *
key_demote(Key *k)
{

15
crypto/openssh/monitor.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $");
RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
#include <openssl/dh.h>
@ -188,9 +188,6 @@ struct mon_table mon_dispatch_proto15[] = {
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
#ifdef USE_PAM
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
#endif
#ifdef BSD_AUTH
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
@ -982,14 +979,14 @@ mm_answer_keyverify(int socket, Buffer *m)
xfree(signature);
xfree(data);
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
monitor_reset_key_state();
buffer_clear(m);
buffer_put_int(m, verified);
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
return (verified);
}
@ -1456,9 +1453,13 @@ mm_get_keystate(struct monitor *pmonitor)
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
int len = size * ncount;
void *address;
address = mm_malloc(mm, size * ncount);
if (len <= 0)
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
address = mm_malloc(mm, len);
return (address);
}

2
crypto/openssh/monitor_fdpass.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>

8
crypto/openssh/monitor_mm.c
View File

@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size)
*/
mm->mmalloc = mmalloc;
#if defined(HAVE_MMAP) && defined(MAP_ANON)
#ifdef HAVE_MMAP_ANON_SHARED
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
-1, 0);
if (address == MAP_FAILED)
fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
#else
fatal("%s: UsePrivilegeSeparation=yes not supported",
fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
__func__);
#endif
@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm)
mm_freelist(mm->mmalloc, &mm->rb_free);
mm_freelist(mm->mmalloc, &mm->rb_allocated);
#ifdef HAVE_MMAP
#ifdef HAVE_MMAP_ANON_SHARED
if (munmap(mm->address, mm->size) == -1)
fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
strerror(errno));
#else
fatal("%s: UsePrivilegeSeparation=yes not supported",
fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
__func__);
#endif
if (mm->mmalloc == NULL)

2
crypto/openssh/monitor_mm.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>

6
crypto/openssh/msg.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: msg.c,v 1.2 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $");
#include "buffer.h"
#include "getput.h"
@ -36,7 +36,7 @@ msg_send(int fd, u_char type, Buffer *m)
u_char buf[5];
u_int mlen = buffer_len(m);
debug3("msg_send: type %d", type);
debug3("msg_send: type %u", (unsigned int)type & 0xff);
PUT_32BIT(buf, mlen + 1);
buf[4] = type; /* 1st byte of payload is mesg-type */
@ -59,7 +59,7 @@ msg_recv(int fd, Buffer *m)
if (res != sizeof(buf)) {
if (res == 0)
return -1;
fatal("msg_recv: read: header %d", res);
fatal("msg_recv: read: header %ld", (long)res);
}
msg_len = GET_32BIT(buf);
if (msg_len > 256 * 1024)

48
crypto/openssh/openbsd-compat/getopt.c
View File

@ -42,11 +42,11 @@ static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
#include <stdlib.h>
#include <string.h>
int opterr = 1, /* if error message should be printed */
optind = 1, /* index into parent argv vector */
optopt, /* character checked for validity */
optreset; /* reset getopt */
char *optarg; /* argument associated with option */
int BSDopterr = 1, /* if error message should be printed */
BSDoptind = 1, /* index into parent argv vector */
BSDoptopt, /* character checked for validity */
BSDoptreset; /* reset getopt */
char *BSDoptarg; /* argument associated with option */
#define BADCH (int)'?'
#define BADARG (int)':'
@ -66,57 +66,57 @@ BSDgetopt(nargc, nargv, ostr)
static char *place = EMSG; /* option letter processing */
char *oli; /* option letter list index */
if (optreset || !*place) { /* update scanning pointer */
optreset = 0;
if (optind >= nargc || *(place = nargv[optind]) != '-') {
if (BSDoptreset || !*place) { /* update scanning pointer */
BSDoptreset = 0;
if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
place = EMSG;
return (-1);
}
if (place[1] && *++place == '-') { /* found "--" */
++optind;
++BSDoptind;
place = EMSG;
return (-1);
}
} /* option letter okay? */
if ((optopt = (int)*place++) == (int)':' ||
!(oli = strchr(ostr, optopt))) {
if ((BSDoptopt = (int)*place++) == (int)':' ||
!(oli = strchr(ostr, BSDoptopt))) {
/*
* if the user didn't specify '-' as an option,
* assume it means -1.
*/
if (optopt == (int)'-')
if (BSDoptopt == (int)'-')
return (-1);
if (!*place)
++optind;
if (opterr && *ostr != ':')
++BSDoptind;
if (BSDopterr && *ostr != ':')
(void)fprintf(stderr,
"%s: illegal option -- %c\n", __progname, optopt);
"%s: illegal option -- %c\n", __progname, BSDoptopt);
return (BADCH);
}
if (*++oli != ':') { /* don't need argument */
optarg = NULL;
BSDoptarg = NULL;
if (!*place)
++optind;
++BSDoptind;
}
else { /* need an argument */
if (*place) /* no white space */
optarg = place;
else if (nargc <= ++optind) { /* no arg */
BSDoptarg = place;
else if (nargc <= ++BSDoptind) { /* no arg */
place = EMSG;
if (*ostr == ':')
return (BADARG);
if (opterr)
if (BSDopterr)
(void)fprintf(stderr,
"%s: option requires an argument -- %c\n",
__progname, optopt);
__progname, BSDoptopt);
return (BADCH);
}
else /* white space */
optarg = nargv[optind];
BSDoptarg = nargv[BSDoptind];
place = EMSG;
++optind;
++BSDoptind;
}
return (optopt); /* dump back option letter */
return (BSDoptopt); /* dump back option letter */
}
#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */

15
crypto/openssh/packet.c
View File

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $");
RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $");
#include "xmalloc.h"
#include "buffer.h"
@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
int
packet_read_poll_seqnr(u_int32_t *seqnr_p)
{
int reason, seqnr;
u_int reason, seqnr;
u_char type;
char *msg;
@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
case SSH2_MSG_DISCONNECT:
reason = packet_get_int();
msg = packet_get_string(NULL);
log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),
reason, msg);
log("Received disconnect from %s: %u: %.400s",
get_remote_ipaddr(), reason, msg);
xfree(msg);
fatal_cleanup();
break;
case SSH2_MSG_UNIMPLEMENTED:
seqnr = packet_get_int();
debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr);
debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
seqnr);
break;
default:
return type;
@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
break;
case SSH_MSG_DISCONNECT:
msg = packet_get_string(NULL);
log("Received disconnect from %s: %.400s", get_remote_ipaddr(),
msg);
log("Received disconnect from %s: %.400s",
get_remote_ipaddr(), msg);
fatal_cleanup();
xfree(msg);
break;

4
crypto/openssh/scard.c
View File

@ -24,7 +24,7 @@
#include "includes.h"
#if defined(SMARTCARD) && defined(USE_SECTOK)
RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
RCSID("$OpenBSD: scard.c,v 1.26 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/evp.h>
#include <sectok.h>
@ -191,7 +191,7 @@ sc_read_pubkey(Key * k)
status = 0;
p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
debug("fingerprint %d %s", key_size(k), p);
debug("fingerprint %u %s", key_size(k), p);
xfree(p);
err:

4
crypto/openssh/scp.1
View File

@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.22 2002/06/20 20:00:05 stevesk Exp $
.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@ -152,5 +152,5 @@ California.
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr ssh_config 5
.Xr ssh_config 5 ,
.Xr sshd 8

23
crypto/openssh/servconf.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
#if defined(KRB4)
#include <krb.h>
@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options)
if (use_privsep == -1)
use_privsep = 1;
#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
#if !defined(HAVE_MMAP_ANON_SHARED)
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
"separation and compression");
@ -423,7 +423,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
snprintf(strport, sizeof strport, "%d", port);
snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
fatal("bad addr or host: %s (%s)",
addr ? addr : "<NULL>",
@ -439,9 +439,8 @@ process_server_config_line(ServerOptions *options, char *line,
const char *filename, int linenum)
{
char *cp, **charptr, *arg, *p;
int *intptr, value;
int *intptr, value, i, n;
ServerOpCodes opcode;
int i, n;
cp = line;
arg = strdelim(&cp);
@ -765,7 +764,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (options->num_allow_users >= MAX_ALLOW_USERS)
fatal("%s line %d: too many allow users.",
filename, linenum);
options->allow_users[options->num_allow_users++] = xstrdup(arg);
options->allow_users[options->num_allow_users++] =
xstrdup(arg);
}
break;
@ -774,7 +774,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (options->num_deny_users >= MAX_DENY_USERS)
fatal( "%s line %d: too many deny users.",
filename, linenum);
options->deny_users[options->num_deny_users++] = xstrdup(arg);
options->deny_users[options->num_deny_users++] =
xstrdup(arg);
}
break;
@ -783,7 +784,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
fatal("%s line %d: too many allow groups.",
filename, linenum);
options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
options->allow_groups[options->num_allow_groups++] =
xstrdup(arg);
}
break;
@ -921,10 +923,9 @@ process_server_config_line(ServerOptions *options, char *line,
void
read_server_config(ServerOptions *options, const char *filename)
{
FILE *f;
int linenum, bad_options = 0;
char line[1024];
int linenum;
int bad_options = 0;
FILE *f;
f = fopen(filename, "r");
if (!f) {

6
crypto/openssh/serverloop.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $");
RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
@ -902,10 +902,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
char *ctype;
u_int len;
int rchan;
int rmaxpack;
int rwindow;
u_int rmaxpack, rwindow, len;
ctype = packet_get_string(&len);
rchan = packet_get_int();

41
crypto/openssh/session.c
View File

@ -33,7 +33,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $");
RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -252,8 +252,8 @@ do_authenticated1(Authctxt *authctxt)
Session *s;
char *command;
int success, type, screen_flag;
int compression_level = 0, enable_compression_after_reply = 0;
u_int proto_len, data_len, dlen;
int enable_compression_after_reply = 0;
u_int proto_len, data_len, dlen, compression_level = 0;
s = session_new();
s->authctxt = authctxt;
@ -849,6 +849,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
} else {
/* New variable. Expand if necessary. */
if (i >= (*envsizep) - 1) {
if (*envsizep >= 1000)
fatal("child_set_env: too many env vars,"
" skipping: %.100s", name);
(*envsizep) += 50;
env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
}
@ -874,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
FILE *f;
char buf[4096];
char *cp, *value;
u_int lineno = 0;
f = fopen(filename, "r");
if (!f)
return;
while (fgets(buf, sizeof(buf), f)) {
if (++lineno > 1000)
fatal("Too many lines in environment file %s", filename);
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '#' || *cp == '\n')
@ -888,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
*strchr(cp, '\n') = '\0';
value = strchr(cp, '=');
if (value == NULL) {
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
fprintf(stderr, "Bad line %u in %.100s\n", lineno,
filename);
continue;
}
/*
@ -1152,6 +1159,8 @@ do_nologin(struct passwd *pw)
void
do_setusercontext(struct passwd *pw)
{
char tty='\0';
#ifdef HAVE_CYGWIN
if (is_winnt) {
#else /* HAVE_CYGWIN */
@ -1161,6 +1170,9 @@ do_setusercontext(struct passwd *pw)
setpcred(pw->pw_name);
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
#ifdef __bsdi__
setpgid(0, 0);
#endif
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
perror("unable to set user context");
@ -1196,6 +1208,10 @@ do_setusercontext(struct passwd *pw)
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
irix_setusercontext(pw);
# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
# ifdef _AIX
/* XXX: Disable tty setting. Enabled if required later */
aix_usrinfo(pw, &tty, -1);
# endif /* _AIX */
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
@ -1258,9 +1274,6 @@ do_child(Session *s, const char *command)
do_motd();
#else /* HAVE_OSF_SIA */
do_nologin(pw);
# ifdef _AIX
aix_usrinfo(pw, s->tty, s->ttyfd);
# endif /* _AIX */
do_setusercontext(pw);
#endif /* HAVE_OSF_SIA */
}
@ -1970,9 +1983,9 @@ session_setup_x11fwd(Session *s)
debug("X11 display already set.");
return 0;
}
s->display_number = x11_create_display_inet(options.x11_display_offset,
options.x11_use_localhost, s->single_connection);
if (s->display_number == -1) {
if (x11_create_display_inet(options.x11_display_offset,
options.x11_use_localhost, s->single_connection,
&s->display_number) == -1) {
debug("x11_create_display_inet failed.");
return 0;
}
@ -1986,9 +1999,9 @@ session_setup_x11fwd(Session *s)
* different than the DISPLAY string for localhost displays.
*/
if (options.x11_use_localhost) {
snprintf(display, sizeof display, "localhost:%d.%d",
snprintf(display, sizeof display, "localhost:%u.%u",
s->display_number, s->screen);
snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
s->display_number, s->screen);
s->display = xstrdup(display);
s->auth_display = xstrdup(auth_display);
@ -2004,10 +2017,10 @@ session_setup_x11fwd(Session *s)
return 0;
}
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
s->display_number, s->screen);
#else
snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
s->display_number, s->screen);
#endif
s->display = xstrdup(display);

8
crypto/openssh/session.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */
/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -37,15 +37,15 @@ struct Session {
/* tty */
char *term;
int ptyfd, ttyfd, ptymaster;
int row, col, xpixel, ypixel;
u_int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* last login */
char hostname[MAXHOSTNAMELEN];
time_t last_login_time;
/* X11 */
int display_number;
u_int display_number;
char *display;
int screen;
u_int screen;
char *auth_display;
char *auth_proto;
char *auth_data;

65
crypto/openssh/sftp-client.c
View File

@ -28,7 +28,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
RCSID("$OpenBSD: sftp-client.c,v 1.32 2002/06/09 13:32:01 markus Exp $");
RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $");
#include "openbsd-compat/fake-queue.h"
@ -88,7 +88,7 @@ get_msg(int fd, Buffer *m)
msg_len = GET_32BIT(buf);
if (msg_len > 256 * 1024)
fatal("Received message too long %d", msg_len);
fatal("Received message too long %u", msg_len);
while (msg_len) {
len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf)));
@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s,
buffer_put_int(&msg, id);
buffer_put_string(&msg, s, len);
send_msg(fd, &msg);
debug3("Sent message fd %d T:%d I:%d", fd, code, id);
debug3("Sent message fd %d T:%u I:%u", fd, code, id);
buffer_free(&msg);
}
@ -129,12 +129,12 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s,
buffer_put_string(&msg, s, len);
encode_attrib(&msg, a);
send_msg(fd, &msg);
debug3("Sent message fd %d T:%d I:%d", fd, code, id);
debug3("Sent message fd %d T:%u I:%u", fd, code, id);
buffer_free(&msg);
}
static u_int
get_status(int fd, int expected_id)
get_status(int fd, u_int expected_id)
{
Buffer msg;
u_int type, id, status;
@ -145,15 +145,15 @@ get_status(int fd, int expected_id)
id = buffer_get_int(&msg);
if (id != expected_id)
fatal("ID mismatch (%d != %d)", id, expected_id);
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type != SSH2_FXP_STATUS)
fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d",
fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
SSH2_FXP_STATUS, type);
status = buffer_get_int(&msg);
buffer_free(&msg);
debug3("SSH2_FXP_STATUS %d", status);
debug3("SSH2_FXP_STATUS %u", status);
return(status);
}
@ -171,14 +171,14 @@ get_handle(int fd, u_int expected_id, u_int *len)
id = buffer_get_int(&msg);
if (id != expected_id)
fatal("ID mismatch (%d != %d)", id, expected_id);
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
int status = buffer_get_int(&msg);
error("Couldn't get handle: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_HANDLE)
fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d",
fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u",
SSH2_FXP_HANDLE, type);
handle = buffer_get_string(&msg, len);
@ -200,9 +200,9 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
type = buffer_get_char(&msg);
id = buffer_get_int(&msg);
debug3("Received stat reply T:%d I:%d", type, id);
debug3("Received stat reply T:%u I:%u", type, id);
if (id != expected_id)
fatal("ID mismatch (%d != %d)", id, expected_id);
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
int status = buffer_get_int(&msg);
@ -212,7 +212,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
error("Couldn't stat remote file: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_ATTRS) {
fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d",
fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
SSH2_FXP_ATTRS, type);
}
a = decode_attrib(&msg);
@ -224,7 +224,8 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
struct sftp_conn *
do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
{
int type, version;
u_int type;
int version;
Buffer msg;
struct sftp_conn *ret;
@ -239,7 +240,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
/* Expecting a VERSION reply */
if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
error("Invalid packet back from SSH2_FXP_INIT (type %d)",
error("Invalid packet back from SSH2_FXP_INIT (type %u)",
type);
buffer_free(&msg);
return(NULL);
@ -294,7 +295,7 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
buffer_put_int(&msg, id);
buffer_put_string(&msg, handle, handle_len);
send_msg(conn->fd_out, &msg);
debug3("Sent message SSH2_FXP_CLOSE I:%d", id);
debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
status = get_status(conn->fd_in, id);
if (status != SSH2_FX_OK)
@ -339,7 +340,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
id = expected_id = conn->msg_id++;
debug3("Sending SSH2_FXP_READDIR I:%d", id);
debug3("Sending SSH2_FXP_READDIR I:%u", id);
buffer_clear(&msg);
buffer_put_char(&msg, SSH2_FXP_READDIR);
@ -354,10 +355,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
type = buffer_get_char(&msg);
id = buffer_get_int(&msg);
debug3("Received reply T:%d I:%d", type, id);
debug3("Received reply T:%u I:%u", type, id);
if (id != expected_id)
fatal("ID mismatch (%d != %d)", id, expected_id);
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
int status = buffer_get_int(&msg);
@ -373,7 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
return(status);
}
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
count = buffer_get_int(&msg);
@ -584,7 +585,7 @@ do_realpath(struct sftp_conn *conn, char *path)
id = buffer_get_int(&msg);
if (id != expected_id)
fatal("ID mismatch (%d != %d)", id, expected_id);
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
u_int status = buffer_get_int(&msg);
@ -592,7 +593,7 @@ do_realpath(struct sftp_conn *conn, char *path)
error("Couldn't canonicalise: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
count = buffer_get_int(&msg);
@ -690,7 +691,7 @@ do_readlink(struct sftp_conn *conn, char *path)
id = buffer_get_int(&msg);
if (id != expected_id)
fatal("ID mismatch (%d != %d)", id, expected_id);
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
u_int status = buffer_get_int(&msg);
@ -698,7 +699,7 @@ do_readlink(struct sftp_conn *conn, char *path)
error("Couldn't readlink: %s", fx2txt(status));
return(NULL);
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
count = buffer_get_int(&msg);
@ -790,7 +791,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
attrib_clear(&junk); /* Send empty attributes */
encode_attrib(&msg, &junk);
send_msg(conn->fd_out, &msg);
debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
handle = get_handle(conn->fd_in, id, &handle_len);
if (handle == NULL) {
@ -835,7 +836,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
get_msg(conn->fd_in, &msg);
type = buffer_get_char(&msg);
id = buffer_get_int(&msg);
debug3("Received reply T:%d I:%d R:%d", type, id, max_req);
debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
/* Find the request in our queue */
for(req = TAILQ_FIRST(&requests);
@ -862,7 +863,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
(unsigned long long)req->offset + len - 1);
if (len > req->len)
fatal("Received more data than asked for "
"%d > %d", len, req->len);
"%u > %u", len, req->len);
if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
atomicio(write, local_fd, data, len) != len) &&
!write_error) {
@ -907,7 +908,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
}
break;
default:
fatal("Expected SSH2_FXP_DATA(%d) packet, got %d",
fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
SSH2_FXP_DATA, type);
}
}
@ -1006,7 +1007,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC);
encode_attrib(&msg, &a);
send_msg(conn->fd_out, &msg);
debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
buffer_clear(&msg);
@ -1051,7 +1052,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
buffer_put_int64(&msg, offset);
buffer_put_string(&msg, data, len);
send_msg(conn->fd_out, &msg);
debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u",
debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
id, (unsigned long long)offset, len);
} else if (TAILQ_FIRST(&acks) == NULL)
break;
@ -1081,7 +1082,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
ack = TAILQ_NEXT(ack, tq))
;
if (ack == NULL)
fatal("Can't find request for ID %d", r_id);
fatal("Can't find request for ID %u", r_id);
TAILQ_REMOVE(&acks, ack, tq);
if (status != SSH2_FX_OK) {
@ -1091,7 +1092,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
close(local_fd);
goto done;
}
debug3("In write loop, ack for %u %d bytes at %llu",
debug3("In write loop, ack for %u %u bytes at %llu",
ack->id, ack->len, (unsigned long long)ack->offset);
++ackid;
free(ack);

8
crypto/openssh/sftp-client.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.h,v 1.9 2002/02/13 00:59:23 djm Exp $ */
/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */
/*
* Copyright (c) 2001,2002 Damien Miller. All rights reserved.
@ -41,11 +41,9 @@ struct SFTP_DIRENT {
* Initialiase a SSH filexfer connection. Returns -1 on error or
* protocol version on success.
*/
struct sftp_conn *
do_init(int, int, u_int, u_int);
struct sftp_conn *do_init(int, int, u_int, u_int);
u_int
sftp_proto_version(struct sftp_conn *);
u_int sftp_proto_version(struct sftp_conn *);
/* Close file referred to by 'handle' */
int do_close(struct sftp_conn *, char *, u_int);

4
crypto/openssh/sftp-common.c
View File

@ -24,7 +24,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sftp-common.c,v 1.5 2001/12/02 02:08:32 deraadt Exp $");
RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
@ -70,6 +70,7 @@ Attrib *
decode_attrib(Buffer *b)
{
static Attrib a;
attrib_clear(&a);
a.flags = buffer_get_int(b);
if (a.flags & SSH2_FILEXFER_ATTR_SIZE)
@ -88,6 +89,7 @@ decode_attrib(Buffer *b)
if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) {
char *type, *data;
int i, count;
count = buffer_get_int(b);
for (i = 0; i < count; i++) {
type = buffer_get_string(b, NULL);

4
crypto/openssh/sftp-int.c
View File

@ -26,7 +26,7 @@
/* XXX: recursive operations */
#include "includes.h"
RCSID("$OpenBSD: sftp-int.c,v 1.46 2002/03/30 18:51:15 markus Exp $");
RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $");
#include "buffer.h"
#include "xmalloc.h"
@ -835,7 +835,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
help();
break;
case I_VERSION:
printf("SFTP protocol version %d\n", sftp_proto_version(conn));
printf("SFTP protocol version %u\n", sftp_proto_version(conn));
break;
default:
fatal("%d is not implemented", cmdnum);

54
crypto/openssh/sftp-server.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: sftp-server.c,v 1.35 2002/06/06 17:30:11 markus Exp $");
RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
@ -282,7 +282,7 @@ send_status(u_int32_t id, u_int32_t error)
"Unknown error" /* Others */
};
TRACE("sent status id %d error %d", id, error);
TRACE("sent status id %u error %u", id, error);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_STATUS);
buffer_put_int(&msg, id);
@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
static void
send_data(u_int32_t id, char *data, int dlen)
{
TRACE("sent data id %d len %d", id, dlen);
TRACE("sent data id %u len %d", id, dlen);
send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
}
@ -322,7 +322,7 @@ send_handle(u_int32_t id, int handle)
int hlen;
handle_to_string(handle, &string, &hlen);
TRACE("sent handle id %d handle %d", id, handle);
TRACE("sent handle id %u handle %d", id, handle);
send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
xfree(string);
}
@ -337,7 +337,7 @@ send_names(u_int32_t id, int count, Stat *stats)
buffer_put_char(&msg, SSH2_FXP_NAME);
buffer_put_int(&msg, id);
buffer_put_int(&msg, count);
TRACE("sent names id %d count %d", id, count);
TRACE("sent names id %u count %d", id, count);
for (i = 0; i < count; i++) {
buffer_put_cstring(&msg, stats[i].name);
buffer_put_cstring(&msg, stats[i].long_name);
@ -352,7 +352,7 @@ send_attrib(u_int32_t id, Attrib *a)
{
Buffer msg;
TRACE("sent attrib id %d have 0x%x", id, a->flags);
TRACE("sent attrib id %u have 0x%x", id, a->flags);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_ATTRS);
buffer_put_int(&msg, id);
@ -391,7 +391,7 @@ process_open(void)
a = get_attrib();
flags = flags_from_portable(pflags);
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode);
TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
fd = open(name, flags, mode);
if (fd < 0) {
status = errno_to_portable(errno);
@ -417,7 +417,7 @@ process_close(void)
id = get_int();
handle = get_handle();
TRACE("close id %d handle %d", id, handle);
TRACE("close id %u handle %d", id, handle);
ret = handle_close(handle);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@ -436,7 +436,7 @@ process_read(void)
off = get_int64();
len = get_int();
TRACE("read id %d handle %d off %llu len %d", id, handle,
TRACE("read id %u handle %d off %llu len %d", id, handle,
(u_int64_t)off, len);
if (len > sizeof buf) {
len = sizeof buf;
@ -477,7 +477,7 @@ process_write(void)
off = get_int64();
data = get_string(&len);
TRACE("write id %d handle %d off %llu len %d", id, handle,
TRACE("write id %u handle %d off %llu len %d", id, handle,
(u_int64_t)off, len);
fd = handle_to_fd(handle);
if (fd >= 0) {
@ -512,7 +512,7 @@ process_do_stat(int do_lstat)
id = get_int();
name = get_string(NULL);
TRACE("%sstat id %d name %s", do_lstat ? "l" : "", id, name);
TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name);
ret = do_lstat ? lstat(name, &st) : stat(name, &st);
if (ret < 0) {
status = errno_to_portable(errno);
@ -548,7 +548,7 @@ process_fstat(void)
id = get_int();
handle = get_handle();
TRACE("fstat id %d handle %d", id, handle);
TRACE("fstat id %u handle %d", id, handle);
fd = handle_to_fd(handle);
if (fd >= 0) {
ret = fstat(fd, &st);
@ -582,13 +582,12 @@ process_setstat(void)
Attrib *a;
u_int32_t id;
char *name;
int ret;
int status = SSH2_FX_OK;
int status = SSH2_FX_OK, ret;
id = get_int();
name = get_string(NULL);
a = get_attrib();
TRACE("setstat id %d name %s", id, name);
TRACE("setstat id %u name %s", id, name);
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
ret = truncate(name, a->size);
if (ret == -1)
@ -625,7 +624,7 @@ process_fsetstat(void)
id = get_int();
handle = get_handle();
a = get_attrib();
TRACE("fsetstat id %d handle %d", id, handle);
TRACE("fsetstat id %u handle %d", id, handle);
fd = handle_to_fd(handle);
name = handle_to_name(handle);
if (fd < 0 || name == NULL) {
@ -677,7 +676,7 @@ process_opendir(void)
id = get_int();
path = get_string(NULL);
TRACE("opendir id %d path %s", id, path);
TRACE("opendir id %u path %s", id, path);
dirp = opendir(path);
if (dirp == NULL) {
status = errno_to_portable(errno);
@ -713,13 +712,13 @@ ls_file(char *name, struct stat *st)
if ((pw = getpwuid(st->st_uid)) != NULL) {
user = pw->pw_name;
} else {
snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
user = ubuf;
}
if ((gr = getgrgid(st->st_gid)) != NULL) {
group = gr->gr_name;
} else {
snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
group = gbuf;
}
if (ltime != NULL) {
@ -749,7 +748,7 @@ process_readdir(void)
id = get_int();
handle = get_handle();
TRACE("readdir id %d handle %d", id, handle);
TRACE("readdir id %u handle %d", id, handle);
dirp = handle_to_dir(handle);
path = handle_to_name(handle);
if (dirp == NULL || path == NULL) {
@ -759,6 +758,7 @@ process_readdir(void)
char pathname[1024];
Stat *stats;
int nstats = 10, count = 0, i;
stats = xmalloc(nstats * sizeof(Stat));
while ((dp = readdir(dirp)) != NULL) {
if (count >= nstats) {
@ -802,7 +802,7 @@ process_remove(void)
id = get_int();
name = get_string(NULL);
TRACE("remove id %d name %s", id, name);
TRACE("remove id %u name %s", id, name);
ret = unlink(name);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@ -822,7 +822,7 @@ process_mkdir(void)
a = get_attrib();
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
a->perm & 0777 : 0777;
TRACE("mkdir id %d name %s mode 0%o", id, name, mode);
TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
ret = mkdir(name, mode);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@ -838,7 +838,7 @@ process_rmdir(void)
id = get_int();
name = get_string(NULL);
TRACE("rmdir id %d name %s", id, name);
TRACE("rmdir id %u name %s", id, name);
ret = rmdir(name);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@ -858,7 +858,7 @@ process_realpath(void)
xfree(path);
path = xstrdup(".");
}
TRACE("realpath id %d path %s", id, path);
TRACE("realpath id %u path %s", id, path);
if (realpath(path, resolvedname) == NULL) {
send_status(id, errno_to_portable(errno));
} else {
@ -881,7 +881,7 @@ process_rename(void)
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
TRACE("rename id %d old %s new %s", id, oldpath, newpath);
TRACE("rename id %u old %s new %s", id, oldpath, newpath);
/* fail if 'newpath' exists */
if (stat(newpath, &st) == -1) {
ret = rename(oldpath, newpath);
@ -902,7 +902,7 @@ process_readlink(void)
id = get_int();
path = get_string(NULL);
TRACE("readlink id %d path %s", id, path);
TRACE("readlink id %u path %s", id, path);
if ((len = readlink(path, link, sizeof(link) - 1)) == -1)
send_status(id, errno_to_portable(errno));
else {
@ -927,7 +927,7 @@ process_symlink(void)
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
TRACE("symlink id %d old %s new %s", id, oldpath, newpath);
TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
/* fail if 'newpath' exists */
if (stat(newpath, &st) == -1) {
ret = symlink(oldpath, newpath);

5
crypto/openssh/sftp.c
View File

@ -24,7 +24,7 @@
#include "includes.h"
RCSID("$OpenBSD: sftp.c,v 1.29 2002/04/02 17:37:48 markus Exp $");
RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $");
/* XXX: short-form remote directory listings (like 'ls -C') */
@ -53,8 +53,10 @@ static void
connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
{
int c_in, c_out;
#ifdef USE_PIPES
int pin[2], pout[2];
if ((pipe(pin) == -1) || (pipe(pout) == -1))
fatal("pipe: %s", strerror(errno));
*in = pin[0];
@ -63,6 +65,7 @@ connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
c_out = pin[1];
#else /* USE_PIPES */
int inout[2];
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
fatal("socketpair: %s", strerror(errno));
*in = *out = inout[0];

8
crypto/openssh/ssh-agent.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.33 2002/06/19 00:27:55 deraadt Exp $
.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -69,7 +69,7 @@ The options are as follows:
Bind the agent to the unix-domain socket
.Ar bind_address .
The default is
.Pa /tmp/ssh-XXXXXXXX/agent.<pid> .
.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> .
.It Fl c
Generate C-shell commands on
.Dv stdout .
@ -151,7 +151,7 @@ user.
.Pp
The
.Ev SSH_AGENT_PID
environment variable holds the agent's PID.
environment variable holds the agent's process ID.
.Pp
The agent exits automatically when the command given on the command
line terminates.
@ -163,7 +163,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa $HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
Unix-domain sockets used to contain the connection to the
authentication agent.
These sockets should only be readable by the owner.

82
crypto/openssh/ssh-agent.c
View File

@ -35,7 +35,7 @@
#include "includes.h"
#include "openbsd-compat/fake-queue.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
@ -110,6 +110,7 @@ static void
idtab_init(void)
{
int i;
for (i = 0; i <=2; i++) {
TAILQ_INIT(&idtable[i].idlist);
idtable[i].nentries = 0;
@ -152,8 +153,8 @@ static void
process_request_identities(SocketEntry *e, int version)
{
Idtab *tab = idtab_lookup(version);
Buffer msg;
Identity *id;
Buffer msg;
buffer_init(&msg);
buffer_put_char(&msg, (version == 1) ?
@ -182,21 +183,21 @@ process_request_identities(SocketEntry *e, int version)
static void
process_authentication_challenge1(SocketEntry *e)
{
Identity *id;
Key *key;
u_char buf[32], mdbuf[16], session_id[16];
u_int response_type;
BIGNUM *challenge;
Identity *id;
int i, len;
Buffer msg;
MD5_CTX md;
u_char buf[32], mdbuf[16], session_id[16];
u_int response_type;
Key *key;
buffer_init(&msg);
key = key_new(KEY_RSA1);
if ((challenge = BN_new()) == NULL)
fatal("process_authentication_challenge1: BN_new failed");
buffer_get_int(&e->request); /* ignored */
(void) buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->request, key->rsa->e);
buffer_get_bignum(&e->request, key->rsa->n);
buffer_get_bignum(&e->request, challenge);
@ -251,13 +252,12 @@ process_authentication_challenge1(SocketEntry *e)
static void
process_sign_request2(SocketEntry *e)
{
extern int datafellows;
Key *key;
u_char *blob, *data, *signature = NULL;
u_int blen, dlen, slen = 0;
int flags;
extern int datafellows;
int ok = -1, flags;
Buffer msg;
int ok = -1;
Key *key;
datafellows = 0;
@ -296,11 +296,10 @@ process_sign_request2(SocketEntry *e)
static void
process_remove_identity(SocketEntry *e, int version)
{
u_int blen, bits;
int success = 0;
Key *key = NULL;
u_char *blob;
u_int blen;
u_int bits;
int success = 0;
switch (version) {
case 1:
@ -310,7 +309,7 @@ process_remove_identity(SocketEntry *e, int version)
buffer_get_bignum(&e->request, key->rsa->n);
if (bits != key_size(key))
log("Warning: identity keysize mismatch: actual %d, announced %d",
log("Warning: identity keysize mismatch: actual %u, announced %u",
key_size(key), bits);
break;
case 2:
@ -370,10 +369,10 @@ process_remove_all_identities(SocketEntry *e, int version)
static void
reaper(void)
{
Idtab *tab;
u_int now = time(NULL);
Identity *id, *nxt;
int version;
u_int now = time(NULL);
Idtab *tab;
for (version = 1; version < 3; version++) {
tab = idtab_lookup(version);
@ -391,16 +390,15 @@ reaper(void)
static void
process_add_identity(SocketEntry *e, int version)
{
Key *k = NULL;
char *type_name;
char *comment;
int type, success = 0, death = 0;
Idtab *tab = idtab_lookup(version);
int type, success = 0, death = 0;
char *type_name, *comment;
Key *k = NULL;
switch (version) {
case 1:
k = key_new_private(KEY_RSA1);
buffer_get_int(&e->request); /* ignored */
(void) buffer_get_int(&e->request); /* ignored */
buffer_get_bignum(&e->request, k->rsa->n);
buffer_get_bignum(&e->request, k->rsa->e);
buffer_get_bignum(&e->request, k->rsa->d);
@ -481,8 +479,8 @@ process_add_identity(SocketEntry *e, int version)
static void
process_lock_agent(SocketEntry *e, int lock)
{
char *passwd;
int success = 0;
char *passwd;
passwd = buffer_get_string(&e->request, NULL);
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
@ -523,11 +521,11 @@ no_identities(SocketEntry *e, u_int type)
static void
process_add_smartcard_key (SocketEntry *e)
{
Identity *id;
Idtab *tab;
Key **keys, *k;
char *sc_reader_id = NULL, *pin;
int i, version, success = 0;
Key **keys, *k;
Identity *id;
Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
@ -566,11 +564,11 @@ process_add_smartcard_key (SocketEntry *e)
static void
process_remove_smartcard_key(SocketEntry *e)
{
Identity *id;
Idtab *tab;
Key **keys, *k = NULL;
char *sc_reader_id = NULL, *pin;
int i, version, success = 0;
Key **keys, *k = NULL;
Identity *id;
Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
@ -608,8 +606,7 @@ process_remove_smartcard_key(SocketEntry *e)
static void
process_message(SocketEntry *e)
{
u_int msg_len;
u_int type;
u_int msg_len, type;
u_char *cp;
/* kill dead keys */
@ -622,6 +619,7 @@ process_message(SocketEntry *e)
if (msg_len > 256 * 1024) {
shutdown(e->fd, SHUT_RDWR);
close(e->fd);
e->fd = -1;
e->type = AUTH_UNUSED;
buffer_free(&e->input);
buffer_free(&e->output);
@ -717,6 +715,7 @@ static void
new_socket(sock_type type, int fd)
{
u_int i, old_alloc;
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
error("fcntl O_NONBLOCK: %s", strerror(errno));
@ -801,11 +800,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp)
static void
after_select(fd_set *readset, fd_set *writeset)
{
u_int i;
int len, sock;
struct sockaddr_un sunaddr;
socklen_t slen;
char buf[1024];
struct sockaddr_un sunaddr;
int len, sock;
u_int i;
for (i = 0; i < sockets_alloc; i++)
switch (sockets[i].type) {
@ -839,6 +838,7 @@ after_select(fd_set *readset, fd_set *writeset)
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
sockets[i].fd = -1;
sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output);
@ -858,6 +858,7 @@ after_select(fd_set *readset, fd_set *writeset)
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
sockets[i].fd = -1;
sockets[i].type = AUTH_UNUSED;
buffer_free(&sockets[i].input);
buffer_free(&sockets[i].output);
@ -928,6 +929,8 @@ int
main(int ac, char **av)
{
int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
fd_set *readsetp = NULL, *writesetp = NULL;
struct sockaddr_un sunaddr;
#ifdef HAVE_SETRLIMIT
struct rlimit rlim;
@ -935,11 +938,10 @@ main(int ac, char **av)
#ifdef HAVE_CYGWIN
int prev_mask;
#endif
pid_t pid;
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
char *agentsocket = NULL;
extern int optind;
fd_set *readsetp = NULL, *writesetp = NULL;
extern char *optarg;
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
SSLeay_add_all_algorithms();
@ -947,11 +949,7 @@ main(int ac, char **av)
init_rng();
seed_rng();
#ifdef __GNU_LIBRARY__
while ((ch = getopt(ac, av, "+cdksa:")) != -1) {
#else /* __GNU_LIBRARY__ */
while ((ch = getopt(ac, av, "cdksa:")) != -1) {
#endif /* __GNU_LIBRARY__ */
switch (ch) {
case 'c':
if (s_flag)

14
crypto/openssh/ssh-dss.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
@ -40,9 +40,7 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
#define SIGBLOB_LEN (2*INTBLOB_LEN)
int
ssh_dss_sign(
Key *key,
u_char **sigp, u_int *lenp,
ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
DSA_SIG *sig;
@ -71,7 +69,7 @@ ssh_dss_sign(
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
error("bad sig size %d %d", rlen, slen);
error("bad sig size %u %u", rlen, slen);
DSA_SIG_free(sig);
return -1;
}
@ -104,9 +102,7 @@ ssh_dss_sign(
return 0;
}
int
ssh_dss_verify(
Key *key,
u_char *signature, u_int signaturelen,
ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
u_char *data, u_int datalen)
{
DSA_SIG *sig;
@ -151,7 +147,7 @@ ssh_dss_verify(
}
if (len != SIGBLOB_LEN) {
fatal("bad sigbloblen %d != SIGBLOB_LEN", len);
fatal("bad sigbloblen %u != SIGBLOB_LEN", len);
}
/* parse signature */

11
crypto/openssh/ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -170,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw)
}
fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
fprintf(stdout,
"Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
"Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
key_size(k), key_type(k),
pw->pw_name, hostname);
dump_base64(stdout, blob, len);
@ -462,7 +462,7 @@ do_fingerprint(struct passwd *pw)
public = key_load_public(identity_file, &comment);
if (public != NULL) {
fp = key_fingerprint(public, fptype, rep);
printf("%d %s %s\n", key_size(public), fp, comment);
printf("%u %s %s\n", key_size(public), fp, comment);
key_free(public);
xfree(comment);
xfree(fp);
@ -496,7 +496,8 @@ do_fingerprint(struct passwd *pw)
if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
int quoted = 0;
comment = cp;
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
for (; *cp && (quoted || (*cp != ' ' &&
*cp != '\t')); cp++) {
if (*cp == '\\' && cp[1] == '"')
cp++; /* Skip both */
else if (*cp == '"')
@ -519,7 +520,7 @@ do_fingerprint(struct passwd *pw)
}
comment = *cp ? cp : comment;
fp = key_fingerprint(public, fptype, rep);
printf("%d %s %s\n", key_size(public), fp,
printf("%u %s %s\n", key_size(public), fp,
comment ? comment : "no comment");
xfree(fp);
key_free(public);

24
crypto/openssh/ssh-rsa.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@ -39,9 +39,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
int
ssh_rsa_sign(
Key *key,
u_char **sigp, u_int *lenp,
ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
const EVP_MD *evp_md;
@ -72,17 +70,18 @@ ssh_rsa_sign(
if (ok != 1) {
int ecode = ERR_get_error();
error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL));
error("ssh_rsa_sign: RSA_sign failed: %s",
ERR_error_string(ecode, NULL));
xfree(sig);
return -1;
}
if (len < slen) {
int diff = slen - len;
debug("slen %d > len %d", slen, len);
debug("slen %u > len %u", slen, len);
memmove(sig + diff, sig, len);
memset(sig, 0, diff);
} else if (len > slen) {
error("ssh_rsa_sign: slen %d slen2 %d", slen, len);
error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
xfree(sig);
return -1;
}
@ -105,9 +104,7 @@ ssh_rsa_sign(
}
int
ssh_rsa_verify(
Key *key,
u_char *signature, u_int signaturelen,
ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
u_char *data, u_int datalen)
{
Buffer b;
@ -148,12 +145,12 @@ ssh_rsa_verify(
/* RSA_verify expects a signature of RSA_size */
modlen = RSA_size(key->rsa);
if (len > modlen) {
error("ssh_rsa_verify: len %d > modlen %d", len, modlen);
error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
xfree(sigblob);
return -1;
} else if (len < modlen) {
int diff = modlen - len;
debug("ssh_rsa_verify: add padding: modlen %d > len %d",
debug("ssh_rsa_verify: add padding: modlen %u > len %u",
modlen, len);
sigblob = xrealloc(sigblob, modlen);
memmove(sigblob + diff, sigblob, len);
@ -176,7 +173,8 @@ ssh_rsa_verify(
xfree(sigblob);
if (ret == 0) {
int ecode = ERR_get_error();
error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL));
error("ssh_rsa_verify: RSA_verify failed: %s",
ERR_error_string(ecode, NULL));
}
debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
return ret;

6
crypto/openssh/ssh.1
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@ -952,8 +952,8 @@ protocol versions 1.5 and 2.0.
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr telnet 1 ,
.Xr ssh_config 4 ,
.Xr ssh-keysign 8,
.Xr ssh_config 5 ,
.Xr ssh-keysign 8 ,
.Xr sshd 8
.Rs
.%A T. Ylonen

6
crypto/openssh/ssh.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $ */
/* $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -65,8 +65,8 @@
#endif
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
* Name of the environment variable containing the process ID of the
* authentication agent.
*/
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"

5
crypto/openssh/sshconnect.c
View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $");
#include <openssl/bn.h>
@ -266,7 +266,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
fatal("%s: %.100s: %s", __progname, host,
gai_strerror(gaierr));
@ -489,7 +489,6 @@ confirm(const char *prompt)
* check whether the supplied host key is valid, return -1 if the key
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
*/
static int
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
int readonly, const char *user_hostfile, const char *system_hostfile)

13
crypto/openssh/sshconnect2.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $");
#include "ssh.h"
#include "ssh2.h"
@ -299,12 +299,14 @@ userauth(Authctxt *authctxt, char *authlist)
}
}
}
void
input_userauth_error(int type, u_int32_t seq, void *ctxt)
{
fatal("input_userauth_error: bad message during authentication: "
"type %d", type);
}
void
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
@ -316,6 +318,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
xfree(msg);
xfree(lang);
}
void
input_userauth_success(int type, u_int32_t seq, void *ctxt)
{
@ -327,6 +330,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
clear_auth_state(authctxt);
authctxt->success = 1; /* break out */
}
void
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
{
@ -375,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
}
packet_check_eom();
debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
do {
@ -894,9 +898,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
}
static int
ssh_keysign(
Key *key,
u_char **sigp, u_int *lenp,
ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
Buffer b;
@ -1098,6 +1100,7 @@ authmethod_lookup(const char *name)
static Authmethod *current = NULL;
static char *supported = NULL;
static char *preferred = NULL;
/*
* Given the authentication method list sent by the server, return the
* next method we should try. If the server initially sends a nil list,

11
crypto/openssh/sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@ -578,11 +578,18 @@ These files are created using
.Xr ssh-keygen 1 .
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
.It Pa /var/empty
.Xr chroot 2
directory used by
.Nm
during privilege separation in the pre-authentication phase.
The directory should not contain any files and must be owned by root
and not group or world-writable.
.It Pa /var/run/sshd.pid
Contains the process ID of the
.Nm
listening for connections (if there are several daemons running
concurrently for different ports, this contains the pid of the one
concurrently for different ports, this contains the process ID of the one
started last).
The content of this file is not sensitive; it can be world-readable.
.It Pa $HOME/.ssh/authorized_keys

48
crypto/openssh/sshd.c
View File

@ -42,7 +42,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@ -219,6 +219,7 @@ static void
close_listen_socks(void)
{
int i;
for (i = 0; i < num_listen_socks; i++)
close(listen_socks[i]);
num_listen_socks = -1;
@ -228,6 +229,7 @@ static void
close_startup_pipes(void)
{
int i;
if (startup_pipes)
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
@ -260,7 +262,8 @@ sighup_restart(void)
close_listen_socks();
close_startup_pipes();
execv(saved_argv[0], saved_argv);
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
exit(1);
}
@ -280,8 +283,8 @@ sigterm_handler(int sig)
static void
main_sigchld_handler(int sig)
{
pid_t pid;
int save_errno = errno;
pid_t pid;
int status;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
@ -341,6 +344,7 @@ static void
key_regeneration_alarm(int sig)
{
int save_errno = errno;
signal(SIGALRM, SIG_DFL);
errno = save_errno;
key_do_regen = 1;
@ -372,7 +376,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
if (client_version_string == NULL) {
/* Send our protocol version identification. */
if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
if (atomicio(write, sock_out, server_version_string,
strlen(server_version_string))
!= strlen(server_version_string)) {
log("Could not write ident string to %s", get_remote_ipaddr());
fatal_cleanup();
@ -475,7 +480,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
}
/* Destroy the host and server keys. They will no longer be needed. */
void
destroy_sensitive_data(void)
@ -526,8 +530,9 @@ static void
privsep_preauth_child(void)
{
u_int32_t rand[256];
int i;
gid_t gidset[2];
struct passwd *pw;
int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
@ -555,7 +560,17 @@ privsep_preauth_child(void)
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
#if 0
/* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
#else
gidset[0] = pw->pw_gid;
if (setgid(pw->pw_gid) < 0)
fatal("setgid failed for %u", pw->pw_gid );
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(pw);
#endif
}
static Authctxt*
@ -609,7 +624,11 @@ privsep_postauth(Authctxt *authctxt)
/* XXX - Remote port forwarding */
x_authctxt = authctxt;
#ifdef BROKEN_FD_PASSING
if (1) {
#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
@ -683,6 +702,7 @@ Key *
get_hostkey_by_type(int type)
{
int i;
for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key != NULL && key->type == type)
@ -703,6 +723,7 @@ int
get_hostkey_index(Key *key)
{
int i;
for (i = 0; i < options.num_host_key_files; i++) {
if (key == sensitive_data.host_keys[i])
return (i);
@ -991,11 +1012,13 @@ main(int ac, char **av)
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
SSH_KEY_BITS_RESERVED && options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
@ -1012,6 +1035,9 @@ main(int ac, char **av)
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
fatal("Bad owner or mode for %s",
_PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
@ -1351,7 +1377,7 @@ main(int ac, char **av)
*/
#if 0
/* XXX: this breaks Solaris */
if (setsid() < 0)
if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif

14
crypto/openssh/sshd_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@ -305,10 +305,6 @@ To disable keepalives, the value should be set to
.It Cm KerberosAuthentication
Specifies whether Kerberos authentication is allowed.
This can be in the form of a Kerberos ticket, or if
.It Cm PAMAuthenticationViaKbdInt
Specifies whether PAM challenge response authentication is allowed. This
allows the use of most PAM challenge response authentication modules, but
it will allow password authentication regardless of whether
.Cm PasswordAuthentication
is yes, the password provided by the user will be validated through
the Kerberos KDC.
@ -425,6 +421,12 @@ The probability increases linearly and all connection attempts
are refused if the number of unauthenticated connections reaches
.Dq full
(60).
.It Cm PAMAuthenticationViaKbdInt
Specifies whether PAM challenge response authentication is allowed. This
allows the use of most PAM challenge response authentication modules, but
it will allow password authentication regardless of whether
.Cm PasswordAuthentication
is enabled.
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
@ -464,7 +466,7 @@ If this option is set to
.Dq no
root is not allowed to login.
.It Cm PidFile
Specifies the file that contains the process identifier of the
Specifies the file that contains the process ID of the
.Nm sshd
daemon.
The default is

9
crypto/openssh/sshlogin.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $");
#include "loginrec.h"
@ -48,10 +48,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
* information is not available. This must be called before record_login.
* The host the user logged in from will be returned in buf.
*/
u_long
get_last_login_time(uid_t uid, const char *logname,
char *buf, u_int bufsize)
char *buf, u_int bufsize)
{
struct logininfo li;
@ -64,10 +63,9 @@ get_last_login_time(uid_t uid, const char *logname,
* Records that the user has logged in. I these parts of operating systems
* were more standardized.
*/
void
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr * addr)
const char *host, struct sockaddr * addr)
{
struct logininfo *li;
@ -92,7 +90,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user,
#endif
/* Records that the user has logged out. */
void
record_logout(pid_t pid, const char *ttyname, const char *user)
{

16
crypto/openssh/sshpty.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
@ -343,9 +343,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
if (fd < 0)
error("open /dev/tty failed - could not set controlling tty: %.100s",
strerror(errno));
else {
else
close(fd);
}
#endif /* _CRAY */
}
@ -356,6 +355,7 @@ pty_change_window_size(int ptyfd, int row, int col,
int xpixel, int ypixel)
{
struct winsize w;
w.ws_row = row;
w.ws_col = col;
w.ws_xpixel = xpixel;
@ -393,13 +393,13 @@ pty_setowner(struct passwd *pw, const char *ttyname)
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
(st.st_uid == pw->pw_uid || st.st_uid == 0))
error("chown(%.100s, %d, %d) failed: %.100s",
ttyname, pw->pw_uid, gid,
(st.st_uid == pw->pw_uid || st.st_uid == 0))
error("chown(%.100s, %u, %u) failed: %.100s",
ttyname, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));
else
fatal("chown(%.100s, %d, %d) failed: %.100s",
ttyname, pw->pw_uid, gid,
fatal("chown(%.100s, %u, %u) failed: %.100s",
ttyname, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));
}
}

5
crypto/openssh/tildexpand.c
View File

@ -11,7 +11,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: tildexpand.c,v 1.12 2001/08/11 22:51:27 jakob Exp $");
RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
#include "xmalloc.h"
#include "log.h"
@ -67,6 +67,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
if (len > MAXPATHLEN)
fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
expanded = xmalloc(len);
snprintf(expanded, len, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
snprintf(expanded, len, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
return expanded;
}

4
crypto/openssh/version.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */
/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */
#define SSH_VERSION "OpenSSH_3.3"
#define SSH_VERSION "OpenSSH_3.4p1"