d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r149749,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Dag-Erling Smørgrav 2005-09-03 06:59:33 +00:00
commit f8a2a7f14a
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=149750
66 changed files with 2468 additions and 831 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/openssh/CREDITS
View File

@ -3,6 +3,7 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt, and Dug Song - Creators of OpenSSH
Ahsan Rashid <arms@sco.com> - UnixWare long passwords
Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
Andre Lucas <andre@ae-35.com> - new login code, many fixes
@ -32,6 +33,7 @@ David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
Garrick James <garrick@james.net> - configure fixes
Gary E. Miller <gem@rellim.com> - SCO support
@ -98,5 +100,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $
$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $

497
crypto/openssh/ChangeLog
View File

@ -1,3 +1,496 @@
20050901
- (djm) Update RPM spec file versions
20050831
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/08/30 22:08:05
[gss-serv.c sshconnect2.c]
destroy credentials if krb5_kuserok() call fails. Stops credentials being
delegated to users who are not authorised for GSSAPIAuthentication when
GSSAPIDeletegateCredentials=yes and another authentication mechanism
succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
- markus@cvs.openbsd.org 2005/08/31 09:28:42
[version.h]
4.2
- (dtucker) [README] Update release note URL to 4.2
- (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
Feedback and OK dtucker@
20050830
- (tim) [configure.ac] Back out last change. It needs to be done differently.
20050829
- (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
password support to 7.x for now.
20050826
- (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
by tim@. Feedback and OK dtucker@
20050823
- (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
and "//foo" to be different. Spotted by vinschen at redhat.com.
- (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements
and OK dtucker@
- (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@
20050821
- (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@
20050816
- (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE,
from Jacob Nevins; ok dtucker@
20050815
- (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
- (tim) [configure.ac] corrections to libedit tests. Report and patches
by skeleten AT shillest.net
20050812
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/07/28 17:36:22
[packet.c]
missing packet_init_compression(); from solar
- djm@cvs.openbsd.org 2005/07/30 01:26:16
[ssh.c]
fix -D listen_host initialisation, so it picks up gateway_ports setting
correctly
- djm@cvs.openbsd.org 2005/07/30 02:03:47
[readconf.c]
listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
- dtucker@cvs.openbsd.org 2005/08/06 10:03:12
[servconf.c]
Unbreak sshd ListenAddress for bare IPv6 addresses.
Report from Janusz Mucka; ok djm@
- jaredy@cvs.openbsd.org 2005/08/08 13:22:48
[sftp.c]
sftp prompt enhancements:
- in non-interactive mode, do not print an empty prompt at the end
before finishing
- print newline after EOF in editline mode
- call el_end() in editline mode
ok dtucker djm
20050810
- (dtucker) [configure.ac] Test libedit library and headers for compatibility.
Report from skeleten AT shillest.net, ok djm@
- (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
Sync current (thread-safe) version of realpath.c from OpenBSD (which is
in turn based on FreeBSD's). ok djm@
20050809
- (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
Report by skeleten AT shillest.net
20050803
- (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
individually and use a value less likely to collide with real values from
netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@
- (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
latter is specified in the standard.
20050802
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/07/27 10:39:03
[scp.c hostfile.c sftp-client.c]
Silence bogus -Wuninitialized warnings; ok djm@
- (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
with gcc. ok djm@
- (dtucker) [configure.ac] Add a --with-Werror option to configure for
adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
20050726
- (dtucker) [configure.ac] Update zlib warning message too, pointed out by
tim@.
- (djm) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/07/19 15:32:26
[auth-passwd.c]
auth_usercheck(3) can return NULL, so check for that. Report from
mpech@. ok markus@
- markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
[sshconnect2.c sshd.c sshd_config sshd_config.5]
add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed'
for sshd.
this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@
20050725
- (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
20050717
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/07/16 01:35:24
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
[sshconnect.c]
spacing
- (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
- (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
- djm@cvs.openbsd.org 2005/07/17 06:49:04
[channels.c channels.h session.c session.h]
Fix a number of X11 forwarding channel leaks:
1. Refuse multiple X11 forwarding requests on the same session
2. Clean up all listeners after a single_connection X11 forward, not just
the one that made the single connection
3. Destroy X11 listeners when the session owning them goes away
testing and ok dtucker@
- djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
[cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
[serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
[sshconnect.c sshconnect2.c]
knf says that a 2nd level indent is four (not three or five) spaces
-(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
- (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls
20050716
- (dtucker) [auth-pam.c] Ensure that only one side of the authentication
socketpair stays open on in both the monitor and PAM process. Patch from
Joerg Sonnenberger.
20050714
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/07/06 09:33:05
[ssh.1]
clarify meaning of ssh -b ; with & ok jmc@
- dtucker@cvs.openbsd.org 2005/07/08 09:26:18
[misc.c]
Make comment match code; ok djm@
- markus@cvs.openbsd.org 2005/07/08 09:41:33
[channels.h]
race when efd gets closed while there is still buffered data:
change CHANNEL_EFD_OUTPUT_ACTIVE()
1) c->efd must always be valid AND
2a) no EOF has been seen OR
2b) there is buffered data
report, initial fix and testing Chuck Cranor
- dtucker@cvs.openbsd.org 2005/07/08 10:20:41
[ssh_config.5]
change BindAddress to match recent ssh -b change; prompted by markus@
- jmc@cvs.openbsd.org 2005/07/08 12:53:10
[ssh_config.5]
new sentence, new line;
- dtucker@cvs.openbsd.org 2005/07/14 04:00:43
[misc.h]
use __sentinel__ attribute; ok deraadt@ djm@ markus@
- (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
compiler doesn't understand it to prevent warnings. If any mainstream
compiler versions acquire it we can test for those versions. Based on
discussion with djm@.
20050707
- dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for
the MIT Kerberos code path into a common function and expand mkstemp
template to be consistent with the rest of OpenSSH. From sxw at
inf.ed.ac.uk, ok djm@
- (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
in the case where the buffer is insufficient, so always return ENOMEM.
Also pointed out by sxw at inf.ed.ac.uk.
- (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
calls to krb5_init_ets, which has not been required since krb-1.1.x and
most Kerberos versions no longer export in their public API. From sxw
at inf.ed.ac.uk, ok djm@
20050706
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/07/01 13:19:47
[channels.c]
don't free() if getaddrinfo() fails; report mpech@
- djm@cvs.openbsd.org 2005/07/04 00:58:43
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
implement support for X11 and agent forwarding over multiplex slave
connections. Because of protocol limitations, the slave connections inherit
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
their own.
ok dtucker@ "put it in" deraadt@
- jmc@cvs.openbsd.org 2005/07/04 11:29:51
[ssh_config.5]
fix Xr and a little grammar;
- markus@cvs.openbsd.org 2005/07/04 14:04:11
[channels.c]
don't forget to set x11_saved_display
20050626
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/06/17 22:53:47
[ssh.c sshconnect.c]
Fix ControlPath's %p expanding to "0" for a default port,
spotted dwmw2 AT infradead.org; ok markus@
- djm@cvs.openbsd.org 2005/06/18 04:30:36
[ssh.c ssh_config.5]
allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
- djm@cvs.openbsd.org 2005/06/25 22:47:49
[ssh.c]
do the default port filling code a few lines earlier, so it really
does fix %p
20050618
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/05/20 12:57:01;
[auth1.c] split protocol 1 auth methods into separate functions, makes
authloop much more readable; fixes and ok markus@ (portable ok &
polish dtucker@)
- djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
- (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable,
tested and fixes tim@
20050617
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/06/16 03:38:36
[channels.c channels.h clientloop.c clientloop.h ssh.c]
move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
easier later; ok deraadt@
- markus@cvs.openbsd.org 2005/06/16 08:00:00
[canohost.c channels.c sshd.c]
don't exit if getpeername fails for forwarded ports; bugzilla #1054;
ok djm
- djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
- (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
and ok tim@
20050616
- (djm) OpenBSD CVS Sync
- jaredy@cvs.openbsd.org 2005/06/07 13:25:23
[progressmeter.c]
catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
- djm@cvs.openbsd.org 2005/06/06 11:20:36
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
introduce a generic %foo expansion function. replace existing % expansion
and add expansion to ControlPath; ok markus@
- djm@cvs.openbsd.org 2005/06/08 03:50:00
[ssh-keygen.1 ssh-keygen.c sshd.8]
increase default rsa/dsa key length from 1024 to 2048 bits;
ok markus@ deraadt@
- djm@cvs.openbsd.org 2005/06/08 11:25:09
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
add ControlMaster=auto/autoask options to support opportunistic
multiplexing; tested avsm@ and jakob@, ok markus@
- dtucker@cvs.openbsd.org 2005/06/09 13:43:49
[cipher.c]
Correctly initialize end of array sentinel; ok djm@
(Id sync only, change already in portable)
20050609
- (dtucker) [cipher.c openbsd-compat/Makefile.in
openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}]
Move compatibility code for supporting older OpenSSL versions to the
compat layer. Suggested by and "no objection" djm@
20050607
- (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
in today's episode we attempt to coax it from limits.h where it may be
hiding, failing that we take the DIY approach. Tested by tim@
20050603
- (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
defined, and check that it helps before keeping it in CFLAGS. Some old
gcc's don't set an error code when encountering an unknown value in -std.
Found and tested by tim@.
- (dtucker) [configure.ac] Point configure's reporting address at the
openssh-unix-dev list. ok tim@ djm@
20050602
- (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
must be run on all platforms) Add missing ;; to case statement. OK dtucker@
20050601
- (dtucker) [configure.ac] Look for _getshort and _getlong in
arpa/nameser.h.
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c]
Add strtoll to the compat library, from OpenBSD.
- (dtucker) OpenBSD CVS Sync
- avsm@cvs.openbsd.org 2005/05/26 02:08:05
[scp.c]
If copying multiple files to a target file (which normally fails, as it
must be a target directory), kill the spawned ssh child before exiting.
This stops it trying to authenticate and spewing lots of output.
deraadt@ ok
- dtucker@cvs.openbsd.org 2005/05/26 09:08:12
[ssh-keygen.c]
uint32_t -> u_int32_t for consistency; ok djm@
- djm@cvs.openbsd.org 2005/05/27 08:30:37
[ssh.c]
fix -O for cases where no ControlPath has been specified or socket at
ControlPath is not contactable; spotted by and ok avsm@
- (tim) [config.guess config.sub] Update to '2005-05-27' version.
- (tim) [configure.ac] set TEST_SHELL for OpenServer 6
20050531
- (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at
vintela.com.
- (dtucker) [mdoc2man.awk] Teach it to understand .Ox.
20050530
- (dtucker) [README] Link to new release notes. Beter late than never...
20050529
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
argument to passwdexpired to be initialized to NULL. Suggested by tim@
While at it, initialize the other arguments to auth functions in case they
ever acquire this behaviour.
- (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there.
- (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
spotted by tim@.
20050528
- (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have
one entry per line to make it easier to merge changes. ok djm@
- (dtucker) [configure.ac] strsep() may be defined in string.h, so check
for its presence and include it in the strsep check.
- (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for
its presence before doing AC_FUNC_GETPGRP.
- (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor
version-specific variations as required.
- (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as
per the autoconf man page. Configure should always define them but it
doesn't hurt to check.
20050527
- (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by
David Leach; ok dtucker@
- (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c
openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo.
Required changes from Bernhard Simon, integrated by me. ok djm@
20050525
- (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not
been used for a while
- (djm) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/04/05 13:45:31
[ssh-keygen.c]
- djm@cvs.openbsd.org 2005/04/06 09:43:59
[sshd.c]
avoid harmless logspam by not performing setsockopt() on non-socket;
ok markus@
- dtucker@cvs.openbsd.org 2005/04/06 12:26:06
[ssh.c]
Fix debug call for port forwards; patch from pete at seebeyond.com,
ok djm@ (ID sync only - change already in portable)
- djm@cvs.openbsd.org 2005/04/09 04:32:54
[misc.c misc.h tildexpand.c Makefile.in]
replace tilde_expand_filename with a simpler implementation, ahead of
more whacking; ok deraadt@
- jmc@cvs.openbsd.org 2005/04/14 12:30:30
[ssh.1]
arg to -b is an address, not if_name;
ok markus@
- jakob@cvs.openbsd.org 2005/04/20 10:05:45
[dns.c]
do not try to look up SSHFP for numerical hostname. ok djm@
- djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
variable, so don't say that we do (bz #623); ok deraadt@
- djm@cvs.openbsd.org 2005/04/21 11:47:19
[ssh.c]
don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
- dtucker@cvs.openbsd.org 2005/04/23 23:43:47
[readpass.c]
Add debug message if read_passphrase can't open /dev/tty; bz #471;
ok djm@
- jmc@cvs.openbsd.org 2005/04/26 12:59:02
[sftp-client.h]
spelling correction in comment from wiz@netbsd;
- jakob@cvs.openbsd.org 2005/04/26 13:08:37
[ssh.c ssh_config.5]
fallback gracefully if client cannot connect to ControlPath. ok djm@
- moritz@cvs.openbsd.org 2005/04/28 10:17:56
[progressmeter.c ssh-keyscan.c]
add snprintf checks. ok djm@ markus@
- markus@cvs.openbsd.org 2005/05/02 21:13:22
[readpass.c]
missing {}
- djm@cvs.openbsd.org 2005/05/10 10:28:11
[ssh.c]
print nice error message for EADDRINUSE as well (ID sync only)
- djm@cvs.openbsd.org 2005/05/10 10:30:43
[ssh.c]
report real errors on fallback from ControlMaster=no to normal connect
- markus@cvs.openbsd.org 2005/05/16 15:30:51
[readconf.c servconf.c]
check return value from strdelim() for NULL (AddressFamily); mpech
- djm@cvs.openbsd.org 2005/05/19 02:39:55
[sshd_config.5]
sort config options, from grunk AT pestilenz.org; ok jmc@
- djm@cvs.openbsd.org 2005/05/19 02:40:52
[sshd_config]
whitespace nit, from grunk AT pestilenz.org
- djm@cvs.openbsd.org 2005/05/19 02:42:26
[includes.h]
fix cast, from grunk AT pestilenz.org
- djm@cvs.openbsd.org 2005/05/20 10:50:55
[ssh_config.5]
give a ProxyCommand example using nc(1), with and ok jmc@
- jmc@cvs.openbsd.org 2005/05/20 11:23:32
[ssh_config.5]
oops - article and spacing;
- avsm@cvs.openbsd.org 2005/05/23 22:44:01
[moduli.c ssh-keygen.c]
- removes signed/unsigned comparisons in moduli generation
- use strtonum instead of atoi where its easier
- check some strlcpy overflow and fatal instead of truncate
- djm@cvs.openbsd.org 2005/05/23 23:32:46
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
ok markus@
- avsm@cvs.openbsd.org 2005/05/24 02:05:09
[ssh-keygen.c]
some style nits from dmiller@, and use a fatal() instead of a printf()/exit
- avsm@cvs.openbsd.org 2005/05/24 17:32:44
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
[ssh-keyscan.c sshconnect.c]
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
- (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on
Cygwin.
- (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
warning: dereferencing type-punned pointer will break strict-aliasing rules
warning: passing arg 3 of `pam_get_item' from incompatible pointer type
The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide
templates for _getshort and _getlong if missing to prevent compiler warnings
on Linux.
- (djm) [configure.ac openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
Add strtonum(3) from OpenBSD libc, new code needs it.
Unfortunately Linux forces us to do a bizarre dance with compiler
options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
20050524
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
@ -9,7 +502,7 @@
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
allocation when retrieving core Windows environment. Add CYGWIN variable
to propagated variables. Patch from vinschen at redhat.com, ok djm@
- (djm) Release 4.1p1
- Release 4.1p1
20050524
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
@ -2496,4 +2989,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $
$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $

8
crypto/openssh/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $
# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -66,8 +66,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o moduli.o mpaux.o nchan.o packet.o \
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
log.o match.o moduli.o nchan.o packet.o \
readpass.o rsa.o ttymodes.o xmalloc.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
@ -190,7 +190,7 @@ ssh_prng_cmds.out: ssh_prng_cmds
$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
fi
# fake rule to stop make trying to compile moduli.o into a binary "modulo"
# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
moduli:
echo

9
crypto/openssh/README
View File

@ -1,4 +1,4 @@
See http://www.openssh.com/txt/release-4.0 for the release notes.
See http://www.openssh.com/txt/release-4.2 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@ -56,9 +56,10 @@ References -
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.gzip.org/zlib/
[4] http://www.openssl.org/
[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris
and HP-UX 11)
[5] http://www.openpam.org
http://www.kernel.org/pub/linux/libs/pam/
(PAM also is standard on Solaris and HP-UX 11)
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $
$Id: README,v 1.60 2005/08/31 14:05:57 dtucker Exp $

6
crypto/openssh/README.privsep
View File

@ -38,8 +38,8 @@ privsep user and chroot directory:
Privsep requires operating system support for file descriptor passing.
Compression will be disabled on systems without a working mmap MAP_ANON.
PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX
(including Trusted Mode), Linux and Solaris.
PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD,
HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
part of privsep is supported. Post-authentication privsep is disabled
@ -60,4 +60,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $
$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $

4
crypto/openssh/WARNING.RNG
View File

@ -57,7 +57,7 @@ disproportionate time to execute.
Tuning the random helper can be done by running ./ssh-random-helper in
very verbose mode ("-vvv") and identifying the commands that are taking
accessive amounts of time or hanging altogher. Any problem commands can
excessive amounts of time or hanging altogher. Any problem commands can
be modified or removed from ssh_prng_cmds.
The default entropy collector will timeout programs which take too long
@ -92,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading
prngd/egd and configure OpenSSH using --with-prngd-port=xx or
--with-prngd-socket=xx (refer to INSTALL for more information).
$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $
$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $

128
crypto/openssh/acss.c
View File

@ -1,4 +1,4 @@
/* $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */
/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */
/*
* Copyright (c) 2004 The OpenBSD project
*
@ -24,37 +24,37 @@
/* decryption sbox */
static unsigned char sboxdec[] = {
0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
};
@ -95,38 +95,38 @@ static unsigned char sboxenc[] = {
};
static unsigned char reverse[] = {
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
};
/*

14
crypto/openssh/atomicio.c
View File

@ -1,4 +1,5 @@
/*
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
* All rights reserved.
*
@ -24,14 +25,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: atomicio.c,v 1.12 2003/07/31 15:50:16 avsm Exp $");
RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
#include "atomicio.h"
/*
* ensure all of data on socket comes through. f==read || f==vwrite
*/
ssize_t
size_t
atomicio(f, fd, _s, n)
ssize_t (*f) (int, void *, size_t);
int fd;
@ -39,7 +40,8 @@ atomicio(f, fd, _s, n)
size_t n;
{
char *s = _s;
ssize_t res, pos = 0;
size_t pos = 0;
ssize_t res;
while (n > pos) {
res = (f) (fd, s + pos, n - pos);
@ -51,10 +53,12 @@ atomicio(f, fd, _s, n)
if (errno == EINTR || errno == EAGAIN)
#endif
continue;
return 0;
case 0:
return (res);
errno = EPIPE;
return pos;
default:
pos += res;
pos += (u_int)res;
}
}
return (pos);

4
crypto/openssh/atomicio.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: atomicio.h,v 1.5 2003/06/28 16:23:06 deraadt Exp $ */
/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */
/*
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
@ -28,6 +28,6 @@
/*
* Ensure all of data on socket comes through. f==read || f==vwrite
*/
ssize_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
#define vwrite (ssize_t (*)(int, void *, size_t))write

8
crypto/openssh/audit.c
View File

@ -1,4 +1,4 @@
/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */
/*
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@ -120,7 +120,7 @@ void
audit_connection_from(const char *host, int port)
{
debug("audit connection from %s port %d euid %d", host, port,
(int)geteuid());
(int)geteuid());
}
/*
@ -147,7 +147,7 @@ audit_session_open(const char *ttyn)
const char *t = ttyn ? ttyn : "(no tty)";
debug("audit session open euid %d user %s tty name %s", geteuid(),
audit_username(), t);
audit_username(), t);
}
/*
@ -163,7 +163,7 @@ audit_session_close(const char *ttyn)
const char *t = ttyn ? ttyn : "(no tty)";
debug("audit session close euid %d user %s tty name %s", geteuid(),
audit_username(), t);
audit_username(), t);
}
/*

4
crypto/openssh/auth-rhosts.c
View File

@ -14,7 +14,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $");
#include "packet.h"
#include "uidswap.h"
@ -133,7 +133,7 @@ check_rhosts_file(const char *filename, const char *hostname,
/* If the entry was negated, deny access. */
if (negated) {
auth_debug_add("Matched negative entry in %.100s.",
filename);
filename);
return 0;
}
/* Accept authentication. */

4
crypto/openssh/auth-shadow.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $");
RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $");
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#include <shadow.h>
@ -101,7 +101,7 @@ auth_shadow_pwexpired(Authctxt *ctxt)
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
if (iscomsec()) {
struct pr_passwd *pr;
pr = getprpwnam((char *)user);
/* Test for Trusted Mode expiry disabled */

9
crypto/openssh/auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt)
int present;
OM_uint32 ms;
u_int len;
char *doid = NULL;
u_char *doid = NULL;
if (!authctxt->valid || authctxt->user == NULL)
return (0);
@ -82,9 +82,8 @@ userauth_gssapi(Authctxt *authctxt)
present = 0;
doid = packet_get_string(&len);
if (len > 2 &&
doid[0] == SSH_GSS_OIDTYPE &&
doid[1] == len - 2) {
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
doid[1] == len - 2) {
goid.elements = doid + 2;
goid.length = len - 2;
gss_test_oid_set_member(&ms, &goid, supported,

6
crypto/openssh/cipher-acss.c
View File

@ -17,7 +17,7 @@
#include "includes.h"
#include <openssl/evp.h>
RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $");
RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $");
#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
@ -33,7 +33,7 @@ typedef struct {
#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07
static int
acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
@ -41,7 +41,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
}
static int
acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
unsigned int inl)
{
acss(&data(ctx)->ks,inl,in,out);

4
crypto/openssh/cipher-ctr.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $");
RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
#include <openssl/evp.h>
@ -95,7 +95,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
}
if (key != NULL)
AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
&c->aes_ctx);
&c->aes_ctx);
if (iv != NULL)
memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
return (1);

153
crypto/openssh/clientloop.c
View File

@ -59,7 +59,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -140,6 +140,8 @@ int session_ident = -1;
struct confirm_ctx {
int want_tty;
int want_subsys;
int want_x_fwd;
int want_agent_fwd;
Buffer cmd;
char *term;
struct termios tio;
@ -208,6 +210,109 @@ get_current_time(void)
return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
}
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
void
client_x11_get_proto(const char *display, const char *xauth_path,
u_int trusted, char **_proto, char **_data)
{
char cmd[1024];
char line[512];
char xdisplay[512];
static char proto[512], data[512];
FILE *f;
int got_data = 0, generated = 0, do_unlink = 0, i;
char *xauthdir, *xauthfile;
struct stat st;
xauthdir = xauthfile = NULL;
*_proto = proto;
*_data = data;
proto[0] = data[0] = '\0';
if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
debug("No xauth program.");
} else {
if (display == NULL) {
debug("x11_get_proto: DISPLAY not set");
return;
}
/*
* Handle FamilyLocal case where $DISPLAY does
* not match an authorization entry. For this we
* just try "xauth list unix:displaynum.screennum".
* XXX: "localhost" match to determine FamilyLocal
* is not perfect.
*/
if (strncmp(display, "localhost:", 10) == 0) {
snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
display + 10);
display = xdisplay;
}
if (trusted == 0) {
xauthdir = xmalloc(MAXPATHLEN);
xauthfile = xmalloc(MAXPATHLEN);
strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
if (mkdtemp(xauthdir) != NULL) {
do_unlink = 1;
snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
xauthdir);
snprintf(cmd, sizeof(cmd),
"%s -f %s generate %s " SSH_X11_PROTO
" untrusted timeout 1200 2>" _PATH_DEVNULL,
xauth_path, xauthfile, display);
debug2("x11_get_proto: %s", cmd);
if (system(cmd) == 0)
generated = 1;
}
}
snprintf(cmd, sizeof(cmd),
"%s %s%s list %s . 2>" _PATH_DEVNULL,
xauth_path,
generated ? "-f " : "" ,
generated ? xauthfile : "",
display);
debug2("x11_get_proto: %s", cmd);
f = popen(cmd, "r");
if (f && fgets(line, sizeof(line), f) &&
sscanf(line, "%*s %511s %511s", proto, data) == 2)
got_data = 1;
if (f)
pclose(f);
}
if (do_unlink) {
unlink(xauthfile);
rmdir(xauthdir);
}
if (xauthdir)
xfree(xauthdir);
if (xauthfile)
xfree(xauthfile);
/*
* If we didn't get authentication data, just make up some
* data. The forwarding code will check the validity of the
* response anyway, and substitute this data. The X11
* server, however, will ignore this fake data and use
* whatever authentication mechanisms it was using otherwise
* for the local connection.
*/
if (!got_data) {
u_int32_t rnd = 0;
logit("Warning: No xauth data; "
"using fake authentication data for X11 forwarding.");
strlcpy(proto, SSH_X11_PROTO, sizeof proto);
for (i = 0; i < 16; i++) {
if (i % 4 == 0)
rnd = arc4random();
snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
rnd & 0xff);
rnd >>= 8;
}
}
}
/*
* This is called when the interactive is entered. This checks if there is
* an EOF coming on stdin. We must check this explicitly, as select() does
@ -528,6 +633,7 @@ static void
client_extra_session2_setup(int id, void *arg)
{
struct confirm_ctx *cctx = arg;
const char *display;
Channel *c;
int i;
@ -536,6 +642,24 @@ client_extra_session2_setup(int id, void *arg)
if ((c = channel_lookup(id)) == NULL)
fatal("%s: no channel for id %d", __func__, id);
display = getenv("DISPLAY");
if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
char *proto, *data;
/* Get reasonable local authentication information. */
client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted, &proto, &data);
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication spoofing.");
x11_request_forwarding_with_spoofing(id, display, proto, data);
/* XXX wait for reply */
}
if (cctx->want_agent_fwd && options.forward_agent) {
debug("Requesting authentication agent forwarding.");
channel_request_start(id, "auth-agent-req@openssh.com", 0);
packet_send();
}
client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
client_subsystem_reply);
@ -556,12 +680,12 @@ client_process_control(fd_set * readset)
{
Buffer m;
Channel *c;
int client_fd, new_fd[3], ver, i, allowed;
int client_fd, new_fd[3], ver, allowed;
socklen_t addrlen;
struct sockaddr_storage addr;
struct confirm_ctx *cctx;
char *cmd;
u_int len, env_len, command, flags;
u_int i, len, env_len, command, flags;
uid_t euid;
gid_t egid;
@ -601,7 +725,7 @@ client_process_control(fd_set * readset)
buffer_free(&m);
return;
}
if ((ver = buffer_get_char(&m)) != 1) {
if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
error("%s: wrong client version %d", __func__, ver);
buffer_free(&m);
close(client_fd);
@ -616,13 +740,15 @@ client_process_control(fd_set * readset)
switch (command) {
case SSHMUX_COMMAND_OPEN:
if (options.control_master == 2)
if (options.control_master == SSHCTL_MASTER_ASK ||
options.control_master == SSHCTL_MASTER_AUTO_ASK)
allowed = ask_permission("Allow shared connection "
"to %s? ", host);
/* continue below */
break;
case SSHMUX_COMMAND_TERMINATE:
if (options.control_master == 2)
if (options.control_master == SSHCTL_MASTER_ASK ||
options.control_master == SSHCTL_MASTER_AUTO_ASK)
allowed = ask_permission("Terminate shared connection "
"to %s? ", host);
if (allowed)
@ -633,7 +759,7 @@ client_process_control(fd_set * readset)
buffer_clear(&m);
buffer_put_int(&m, allowed);
buffer_put_int(&m, getpid());
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
buffer_free(&m);
@ -653,7 +779,7 @@ client_process_control(fd_set * readset)
buffer_clear(&m);
buffer_put_int(&m, allowed);
buffer_put_int(&m, getpid());
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
buffer_free(&m);
@ -674,7 +800,7 @@ client_process_control(fd_set * readset)
buffer_free(&m);
return;
}
if ((ver = buffer_get_char(&m)) != 1) {
if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
error("%s: wrong client version %d", __func__, ver);
buffer_free(&m);
close(client_fd);
@ -685,6 +811,8 @@ client_process_control(fd_set * readset)
memset(cctx, 0, sizeof(*cctx));
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
cctx->term = buffer_get_string(&m, &len);
cmd = buffer_get_string(&m, &len);
@ -718,7 +846,7 @@ client_process_control(fd_set * readset)
/* This roundtrip is just for synchronisation of ttymodes */
buffer_clear(&m);
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
error("%s: client msg_send failed", __func__);
close(client_fd);
close(new_fd[0]);
@ -866,7 +994,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
u_char ch;
char *s;
for (i = 0; i < len; i++) {
if (len <= 0)
return (0);
for (i = 0; i < (u_int)len; i++) {
/* Get one character at a time. */
ch = buf[i];

9
crypto/openssh/clientloop.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */
/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -37,10 +37,15 @@
/* Client side main loop for the interactive session. */
int client_loop(int, int, int);
void client_x11_get_proto(const char *, const char *, u_int,
char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
int, Buffer *, char **, dispatch_fn *);
/* Multiplexing protocol version */
#define SSHMUX_VER 1
/* Multiplexing control protocol flags */
#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */
@ -48,3 +53,5 @@ void client_session2_setup(int, int, int, const char *, struct termios *,
#define SSHMUX_FLAG_TTY (1) /* Request tty on open */
#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */
#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */
#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */

590
crypto/openssh/config.guess vendored
View File

File diff suppressed because it is too large Load Diff

136
crypto/openssh/config.sub vendored
View File

@ -1,9 +1,9 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
timestamp='2003-08-18'
timestamp='2005-05-12'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@ -21,14 +21,15 @@ timestamp='2003-08-18'
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
# 02110-1301, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry.
#
@ -70,7 +71,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
@ -83,11 +84,11 @@ Try \`$me --help' for more information."
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
echo "$timestamp" ; exit ;;
--version | -v )
echo "$version" ; exit 0 ;;
echo "$version" ; exit ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
@ -99,7 +100,7 @@ while test $# -gt 0 ; do
*local*)
# First pass through any local machine types.
echo $1
exit 0;;
exit ;;
* )
break ;;
@ -118,7 +119,8 @@ esac
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@ -144,7 +146,7 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple | -axis)
-apple | -axis | -knuth | -cray)
os=
basic_machine=$1
;;
@ -230,13 +232,14 @@ case $basic_machine in
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
| bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
| m32r | m68000 | m68k | m88k | mcore \
| m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@ -261,12 +264,13 @@ case $basic_machine in
| pyramid \
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b \
| strongarm \
| tahoe | thumb | tic4x | tic80 | tron \
| v850 | v850e \
| we32k \
| x86 | xscale | xstormy16 | xtensa \
| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
| z8k)
basic_machine=$basic_machine-unknown
;;
@ -297,9 +301,9 @@ case $basic_machine in
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
| bs2000-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | cydra-* \
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
@ -307,9 +311,9 @@ case $basic_machine in
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
| m32r-* \
| m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | mcore-* \
| m88110-* | m88k-* | maxq-* | mcore-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
@ -325,8 +329,9 @@ case $basic_machine in
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipstx39-* | mipstx39el-* \
| mmix-* \
| msp430-* \
| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
| none-* | np1-* | ns16k-* | ns32k-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
@ -334,15 +339,16 @@ case $basic_machine in
| romp-* | rs6000-* \
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
| sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
| xtensa-* \
| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
| xstormy16-* | xtensa-* \
| ymp-* \
| z8k-*)
;;
@ -362,6 +368,9 @@ case $basic_machine in
basic_machine=a29k-amd
os=-udi
;;
abacus)
basic_machine=abacus-unknown
;;
adobe68k)
basic_machine=m68010-adobe
os=-scout
@ -379,6 +388,9 @@ case $basic_machine in
amd64)
basic_machine=x86_64-pc
;;
amd64-*)
basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
amdahl)
basic_machine=580-amdahl
os=-sysv
@ -438,12 +450,27 @@ case $basic_machine in
basic_machine=j90-cray
os=-unicos
;;
craynv)
basic_machine=craynv-cray
os=-unicosmp
;;
cr16c)
basic_machine=cr16c-unknown
os=-elf
;;
crds | unos)
basic_machine=m68k-crds
;;
crisv32 | crisv32-* | etraxfs*)
basic_machine=crisv32-axis
;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
crx)
basic_machine=crx-unknown
os=-elf
;;
da30 | da30-*)
basic_machine=m68k-da30
;;
@ -466,6 +493,10 @@ case $basic_machine in
basic_machine=m88k-motorola
os=-sysv3
;;
djgpp)
basic_machine=i586-pc
os=-msdosdjgpp
;;
dpx20 | dpx20-*)
basic_machine=rs6000-bull
os=-bosx
@ -644,10 +675,6 @@ case $basic_machine in
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
mmix*)
basic_machine=mmix-knuth
os=-mmixware
;;
monitor)
basic_machine=m68k-rom68k
os=-coff
@ -728,10 +755,6 @@ case $basic_machine in
np1)
basic_machine=np1-gould
;;
nv1)
basic_machine=nv1-cray
os=-unicosmp
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
@ -743,6 +766,10 @@ case $basic_machine in
basic_machine=or32-unknown
os=-coff
;;
os400)
basic_machine=powerpc-ibm
os=-os400
;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
os=-ose
@ -963,6 +990,10 @@ case $basic_machine in
tower | tower-32)
basic_machine=m68k-ncr
;;
tpf)
basic_machine=s390x-ibm
os=-tpf
;;
udi29k)
basic_machine=a29k-amd
os=-udi
@ -1006,6 +1037,10 @@ case $basic_machine in
basic_machine=hppa1.1-winbond
os=-proelf
;;
xbox)
basic_machine=i686-pc
os=-mingw32
;;
xps | xps100)
basic_machine=xps100-honeywell
;;
@ -1036,6 +1071,9 @@ case $basic_machine in
romp)
basic_machine=romp-ibm
;;
mmix)
basic_machine=mmix-knuth
;;
rs6000)
basic_machine=rs6000-ibm
;;
@ -1058,7 +1096,7 @@ case $basic_machine in
sh64)
basic_machine=sh64-unknown
;;
sparc | sparcv9 | sparcv9b)
sparc | sparcv8 | sparcv9 | sparcv9b)
basic_machine=sparc-sun
;;
cydra)
@ -1131,19 +1169,20 @@ case $os in
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
| -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* | -skyos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1182,6 +1221,9 @@ case $os in
-opened*)
os=-openedition
;;
-os400*)
os=-os400
;;
-wince*)
os=-wince
;;
@ -1203,6 +1245,9 @@ case $os in
-atheos*)
os=-atheos
;;
-syllable*)
os=-syllable
;;
-386bsd)
os=-bsd
;;
@ -1225,6 +1270,9 @@ case $os in
-sinix*)
os=-sysv4
;;
-tpf*)
os=-tpf
;;
-triton*)
os=-sysv3
;;
@ -1261,6 +1309,9 @@ case $os in
-kaos*)
os=-kaos
;;
-zvmoe)
os=-zvmoe
;;
-none)
;;
*)
@ -1341,6 +1392,9 @@ case $basic_machine in
*-ibm)
os=-aix
;;
*-knuth)
os=-mmixware
;;
*-wec)
os=-proelf
;;
@ -1473,9 +1527,15 @@ case $basic_machine in
-mvs* | -opened*)
vendor=ibm
;;
-os400*)
vendor=ibm
;;
-ptx*)
vendor=sequent
;;
-tpf*)
vendor=ibm
;;
-vxsim* | -vxworks* | -windiss*)
vendor=wrs
;;
@ -1500,7 +1560,7 @@ case $basic_machine in
esac
echo $basic_machine$os
exit 0
exit
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)

51
crypto/openssh/defines.h
View File

@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */
/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */
/* Constants */
@ -54,10 +54,24 @@ enum
# ifdef PATH_MAX
# define MAXPATHLEN PATH_MAX
# else /* PATH_MAX */
# define MAXPATHLEN 64 /* Should be safe */
# define MAXPATHLEN 64
/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */
# ifndef BROKEN_REALPATH
# define BROKEN_REALPATH 1
# endif /* BROKEN_REALPATH */
# endif /* PATH_MAX */
#endif /* MAXPATHLEN */
#ifndef PATH_MAX
# ifdef _POSIX_PATH_MAX
# define PATH_MAX _POSIX_PATH_MAX
# endif
#endif
#ifndef MAXSYMLINKS
# define MAXSYMLINKS 5
#endif
#ifndef STDIN_FILENO
# define STDIN_FILENO 0
#endif
@ -432,6 +446,10 @@ struct winsize {
# define __dead __attribute__((noreturn))
#endif
#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
# define __sentinel__
#endif
/* *-*-nto-qnx doesn't define this macro in the system headers */
#ifdef MISSING_HOWMANY
# define howmany(x,y) (((x)+((y)-1))/(y))
@ -567,6 +585,23 @@ struct winsize {
# define SSH_SYSFDMAX 10000
#endif
#if defined(__Lynx__)
/*
* LynxOS defines these in param.h which we do not want to include since
* it will also pull in a bunch of kernel definitions.
*/
# define ALIGNBYTES (sizeof(int) - 1)
# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES)
/* Missing prototypes on LynxOS */
int snprintf (char *, size_t, const char *, ...);
int mkstemp (char *);
char *crypt (const char *, const char *);
int seteuid (uid_t);
int setegid (gid_t);
char *mkdtemp (char *);
int rresvport_af (int *, sa_family_t);
int innetgr (const char *, const char *, const char *, const char *);
#endif
/*
* Define this to use pipes instead of socketpairs for communicating with the
@ -653,6 +688,10 @@ struct winsize {
# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
/* HP-UX 11.11 */
#ifdef BTMP_FILE
# define _PATH_BTMP BTMP_FILE
@ -664,4 +703,12 @@ struct winsize {
/** end of login recorder definitions */
#ifdef BROKEN_GETGROUPS
# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b)))
#endif
#if defined(HAVE_MMAP) && defined(BROKEN_MMAP)
# undef HAVE_MMAP
#endif
#endif /* _DEFINES_H */

33
crypto/openssh/dns.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */
/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -43,7 +43,7 @@
#include "uuencode.h"
extern char *__progname;
RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $");
RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
#ifndef LWRES
static const char *errset_text[] = {
@ -142,6 +142,26 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
return success;
}
/*
* Check if hostname is numerical.
* Returns -1 if hostname is numeric, 0 otherwise
*/
static int
is_numeric_hostname(const char *hostname)
{
struct addrinfo hints, *ai;
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
freeaddrinfo(ai);
return -1;
}
return 0;
}
/*
* Verify the given hostname, address and host key using DNS.
@ -151,7 +171,7 @@ int
verify_host_key_dns(const char *hostname, struct sockaddr *address,
const Key *hostkey, int *flags)
{
int counter;
u_int counter;
int result;
struct rrsetinfo *fingerprints = NULL;
@ -171,6 +191,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
if (hostkey == NULL)
fatal("No key to look up!");
if (is_numeric_hostname(hostname)) {
debug("skipped DNS lookup for numerical hostname");
return -1;
}
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
DNS_RDATATYPE_SSHFP, 0, &fingerprints);
if (result) {
@ -249,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
u_char *rdata_digest;
u_int rdata_digest_len;
int i;
u_int i;
int success = 0;
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,

6
crypto/openssh/entropy.c
View File

@ -45,7 +45,7 @@
* XXX: we should tell the child how many bytes we need.
*/
RCSID("$Id: entropy.c,v 1.48 2003/11/21 12:56:47 djm Exp $");
RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $");
#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
@ -114,8 +114,8 @@ seed_rng(void)
close(p[0]);
if (waitpid(pid, &ret, 0) == -1)
fatal("Couldn't wait for ssh-rand-helper completion: %s",
strerror(errno));
fatal("Couldn't wait for ssh-rand-helper completion: %s",
strerror(errno));
signal(SIGCHLD, old_sigchld);
/* We don't mind if the child exits upon a SIGPIPE */

6
crypto/openssh/gss-genr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */
/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -78,8 +78,8 @@ ssh_gssapi_error(Gssctxt *ctxt)
}
char *
ssh_gssapi_last_error(Gssctxt *ctxt,
OM_uint32 *major_status, OM_uint32 *minor_status)
ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
OM_uint32 *minor_status)
{
OM_uint32 lmin;
gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;

35
crypto/openssh/gss-serv-krb5.c
View File

@ -65,9 +65,6 @@ ssh_gssapi_krb5_init(void)
logit("Cannot initialize krb5 context");
return 0;
}
#ifdef KRB5_INIT_ETS
krb5_init_ets(krb_context);
#endif
return 1;
}
@ -131,34 +128,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
return;
}
#else
{
int tmpfd;
char ccname[40];
mode_t old_umask;
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
old_umask = umask(0177);
tmpfd = mkstemp(ccname + strlen("FILE:"));
umask(old_umask);
if (tmpfd == -1) {
logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
return;
}
if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
logit("fchmod(): %.100s", strerror(errno));
close(tmpfd);
problem = errno;
return;
}
close(tmpfd);
if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
logit("krb5_cc_resolve(): %.100s",
krb5_get_err_text(krb_context, problem));
return;
}
if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
logit("ssh_krb5_cc_gen(): %.100s",
krb5_get_err_text(krb_context, problem));
return;
}
#endif /* #ifdef HEIMDAL */

21
crypto/openssh/gss-serv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */
/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
static OM_uint32
ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
{
char *tok;
u_char *tok;
OM_uint32 offset;
OM_uint32 oidl;
@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
*/
if (tok[4] != 0x06 || tok[5] != oidl ||
ename->length < oidl+6 ||
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
return GSS_S_FAILURE;
offset = oidl+6;
@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
debug("Setting %s to %s", gssapi_client.store.envvar,
gssapi_client.store.envval);
child_set_env(envp, envsizep, gssapi_client.store.envvar,
gssapi_client.store.envval);
gssapi_client.store.envval);
}
}
@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
int
ssh_gssapi_userok(char *user)
{
OM_uint32 lmin;
if (gssapi_client.exportedname.length == 0 ||
gssapi_client.exportedname.value == NULL) {
debug("No suitable client data");
return 0;
}
if (gssapi_client.mech && gssapi_client.mech->userok)
return ((*gssapi_client.mech->userok)(&gssapi_client, user));
if ((*gssapi_client.mech->userok)(&gssapi_client, user))
return 1;
else {
/* Destroy delegated credentials if userok fails */
gss_release_buffer(&lmin, &gssapi_client.displayname);
gss_release_buffer(&lmin, &gssapi_client.exportedname);
gss_release_cred(&lmin, &gssapi_client.creds);
memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
return 0;
}
else
debug("ssh_gssapi_userok: Unknown GSSAPI mechanism");
return (0);

43
crypto/openssh/kex.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
#include <openssl/crypto.h>
@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *);
static void
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
int i;
u_int i;
buffer_clear(b);
/*
@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
static void
kex_prop_free(char **proposal)
{
int i;
u_int i;
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(proposal[i]);
@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex)
{
u_int32_t rnd = 0;
u_char *cookie;
int i;
u_int i;
if (kex == NULL) {
error("kex_send_kexinit: no kex, cannot rekey");
@ -183,8 +183,7 @@ void
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
{
char *ptr;
int dlen;
int i;
u_int i, dlen;
Kex *kex = (Kex *)ctxt;
debug("SSH2_MSG_KEXINIT received");
@ -276,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server)
char *name = match_list(client, server, NULL);
if (name == NULL)
fatal("no matching comp found: client %s server %s", client, server);
if (strcmp(name, "zlib") == 0) {
comp->type = 1;
if (strcmp(name, "zlib@openssh.com") == 0) {
comp->type = COMP_DELAYED;
} else if (strcmp(name, "zlib") == 0) {
comp->type = COMP_ZLIB;
} else if (strcmp(name, "none") == 0) {
comp->type = 0;
comp->type = COMP_NONE;
} else {
fatal("unsupported comp %s", name);
}
@ -343,9 +344,7 @@ kex_choose_conf(Kex *kex)
char **my, **peer;
char **cprop, **sprop;
int nenc, nmac, ncomp;
int mode;
int ctos; /* direction: if true client-to-server */
int need;
u_int mode, ctos, need;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my, NULL);
@ -395,7 +394,7 @@ kex_choose_conf(Kex *kex)
/* ignore the next message if the proposals do not match */
if (first_kex_follows && !proposals_match(my, peer) &&
!(datafellows & SSH_BUG_FIRSTKEX)) {
!(datafellows & SSH_BUG_FIRSTKEX)) {
type = packet_read();
debug2("skipping next packet (type %u)", type);
}
@ -405,15 +404,19 @@ kex_choose_conf(Kex *kex)
}
static u_char *
derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
{
Buffer b;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
char c = id;
int have;
u_int have;
int mdsz = EVP_MD_size(evp_md);
u_char *digest = xmalloc(roundup(need, mdsz));
u_char *digest;
if (mdsz < 0)
fatal("derive_key: mdsz < 0");
digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
buffer_put_bignum2(&b, shared_secret);
@ -455,7 +458,7 @@ void
kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
{
u_char *keys[NKEYS];
int i, mode, ctos;
u_int i, mode, ctos;
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
@ -493,13 +496,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
EVP_DigestInit(&md, evp_md);
len = BN_num_bytes(host_modulus);
if (len < (512 / 8) || len > sizeof(nbuf))
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad host modulus (len %d)", __func__, len);
BN_bn2bin(host_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
len = BN_num_bytes(server_modulus);
if (len < (512 / 8) || len > sizeof(nbuf))
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad server modulus (len %d)", __func__, len);
BN_bn2bin(server_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
@ -518,7 +521,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
void
dump_digest(char *msg, u_char *digest, int len)
{
int i;
u_int i;
fprintf(stderr, "%s\n", msg);
for (i = 0; i< len; i++) {

12
crypto/openssh/kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */
/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -35,6 +35,10 @@
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
#define COMP_NONE 0
#define COMP_ZLIB 1
#define COMP_DELAYED 2
enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
PROPOSAL_SERVER_HOST_KEY_ALGS,
@ -83,9 +87,9 @@ struct Mac {
char *name;
int enabled;
const EVP_MD *md;
int mac_len;
u_int mac_len;
u_char *key;
int key_len;
u_int key_len;
};
struct Comp {
int type;
@ -101,7 +105,7 @@ struct Kex {
u_char *session_id;
u_int session_id_len;
Newkeys *newkeys[MODE_MAX];
int we_need;
u_int we_need;
int server;
char *name;
int hostkey_type;

4
crypto/openssh/loginrec.h
View File

@ -35,7 +35,7 @@
#include <netinet/in.h>
#include <sys/socket.h>
/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */
/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */
/**
** you should use the login_* calls to work around platform dependencies
@ -128,7 +128,7 @@ struct logininfo *login_get_lastlog(struct logininfo *li, const int uid);
unsigned int login_get_lastlog_time(const int uid);
/* produce various forms of the line filename */
char *line_fullname(char *dst, const char *src, int dstsize);
char *line_fullname(char *dst, const char *src, u_int dstsize);
char *line_stripname(char *dst, const char *src, int dstsize);
char *line_abbrevname(char *dst, const char *src, int dstsize);

11
crypto/openssh/mac.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
#include <openssl/hmac.h>
@ -51,12 +51,15 @@ struct {
int
mac_init(Mac *mac, char *name)
{
int i;
int i, evp_len;
for (i = 0; macs[i].name; i++) {
if (strcmp(name, macs[i].name) == 0) {
if (mac != NULL) {
mac->md = (*macs[i].mdfunc)();
mac->key_len = mac->mac_len = EVP_MD_size(mac->md);
if ((evp_len = EVP_MD_size(mac->md)) <= 0)
fatal("mac %s len %d", name, evp_len);
mac->key_len = mac->mac_len = (u_int)evp_len;
if (macs[i].truncatebits != 0)
mac->mac_len = macs[i].truncatebits/8;
}
@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
if (mac->key == NULL)
fatal("mac_compute: no key");
if ((u_int)mac->mac_len > sizeof(m))
if (mac->mac_len > sizeof(m))
fatal("mac_compute: mac too long");
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
PUT_32BIT(b, seqno);

4
crypto/openssh/match.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
#include "match.h"
#include "xmalloc.h"
@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next)
ret = xstrdup(p);
if (next != NULL)
*next = (cp == NULL) ?
strlen(c) : cp - c;
strlen(c) : (u_int)(cp - c);
xfree(c);
xfree(s);
return ret;

3
crypto/openssh/mdoc2man.awk
View File

@ -140,6 +140,9 @@ function add(str) {
} else if(match(words[w],"^Dt$")) {
id=wtail()
next
} else if(match(words[w],"^Ox$")) {
add("OpenBSD")
skip=1
} else if(match(words[w],"^Os$")) {
add(".TH " id " \"" date "\" \"" wtail() "\"")
} else if(match(words[w],"^Sh$")) {

128
crypto/openssh/misc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -23,7 +24,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
#include "misc.h"
#include "log.h"
@ -375,6 +376,114 @@ addargs(arglist *args, char *fmt, ...)
args->list[args->num] = NULL;
}
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.
* Warning: this calls getpw*.
*/
char *
tilde_expand_filename(const char *filename, uid_t uid)
{
const char *path;
char user[128], ret[MAXPATHLEN];
struct passwd *pw;
u_int len, slash;
if (*filename != '~')
return (xstrdup(filename));
filename++;
path = strchr(filename, '/');
if (path != NULL && path > filename) { /* ~user/path */
slash = path - filename;
if (slash > sizeof(user) - 1)
fatal("tilde_expand_filename: ~username too long");
memcpy(user, filename, slash);
user[slash] = '\0';
if ((pw = getpwnam(user)) == NULL)
fatal("tilde_expand_filename: No such user %s", user);
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
fatal("tilde_expand_filename: No such uid %d", uid);
if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
fatal("tilde_expand_filename: Path too long");
/* Make sure directory has a trailing '/' */
len = strlen(pw->pw_dir);
if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
fatal("tilde_expand_filename: Path too long");
/* Skip leading '/' from specified path */
if (path != NULL)
filename = path + 1;
if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
fatal("tilde_expand_filename: Path too long");
return (xstrdup(ret));
}
/*
* Expand a string with a set of %[char] escapes. A number of escapes may be
* specified as (char *escape_chars, char *replacement) pairs. The list must
* be terminated by a NULL escape_char. Returns replaced string in memory
* allocated by xmalloc.
*/
char *
percent_expand(const char *string, ...)
{
#define EXPAND_MAX_KEYS 16
struct {
const char *key;
const char *repl;
} keys[EXPAND_MAX_KEYS];
u_int num_keys, i, j;
char buf[4096];
va_list ap;
/* Gather keys */
va_start(ap, string);
for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
keys[num_keys].key = va_arg(ap, char *);
if (keys[num_keys].key == NULL)
break;
keys[num_keys].repl = va_arg(ap, char *);
if (keys[num_keys].repl == NULL)
fatal("percent_expand: NULL replacement");
}
va_end(ap);
if (num_keys >= EXPAND_MAX_KEYS)
fatal("percent_expand: too many keys");
/* Expand string */
*buf = '\0';
for (i = 0; *string != '\0'; string++) {
if (*string != '%') {
append:
buf[i++] = *string;
if (i >= sizeof(buf))
fatal("percent_expand: string too long");
buf[i] = '\0';
continue;
}
string++;
if (*string == '%')
goto append;
for (j = 0; j < num_keys; j++) {
if (strchr(keys[j].key, *string) != NULL) {
i = strlcat(buf, keys[j].repl, sizeof(buf));
if (i >= sizeof(buf))
fatal("percent_expand: string too long");
break;
}
}
if (j >= num_keys)
fatal("percent_expand: unknown key %%%c", *string);
}
return (xstrdup(buf));
#undef EXPAND_MAX_KEYS
}
/*
* Read an entire line from a public key file into a static buffer, discarding
* lines that exceed the buffer size. Returns 0 on success, -1 on failure.
@ -397,3 +506,20 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
}
return -1;
}
char *
tohex(const u_char *d, u_int l)
{
char b[3], *r;
u_int i, hl;
hl = l * 2 + 1;
r = xmalloc(hl);
*r = '\0';
for (i = 0; i < l; i++) {
snprintf(b, sizeof(b), "%02x", d[i]);
strlcat(r, b, hl);
}
return (r);
}

9
crypto/openssh/misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */
/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -24,6 +24,9 @@ char *hpdelim(char **);
char *cleanhostname(char *);
char *colon(char *);
long convtime(const char *);
char *tilde_expand_filename(const char *, uid_t);
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
char *tohex(const u_char *, u_int);
struct passwd *pwcopy(struct passwd *);
@ -35,10 +38,6 @@ struct arglist {
};
void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
/* tildexpand.c */
char *tilde_expand_filename(const char *, uid_t);
/* readpass.c */
#define RP_ECHO 0x0001

33
crypto/openssh/moduli.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */
/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -112,22 +112,22 @@
#define TINY_NUMBER (1UL<<16)
/* Ensure enough bit space for testing 2*q. */
#define TEST_MAXIMUM (1UL<<16)
#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
#define TEST_MAXIMUM (1UL<<16)
#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
/* bit operations on 32-bit words */
#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
/*
* Prime testing defines
*/
/* Minimum number of primality tests to perform */
#define TRIAL_MINIMUM (4)
#define TRIAL_MINIMUM (4)
/*
* Sieving data (XXX - move to struct)
@ -144,7 +144,7 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
static u_int32_t largebits, largememory; /* megabytes */
static BIGNUM *largebase;
int gen_candidates(FILE *, int, int, BIGNUM *);
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
/*
@ -241,19 +241,20 @@ sieve_large(u_int32_t s)
* The list is checked against small known primes (less than 2**30).
*/
int
gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
{
BIGNUM *q;
u_int32_t j, r, s, t;
u_int32_t smallwords = TINY_NUMBER >> 6;
u_int32_t tinywords = TINY_NUMBER >> 6;
time_t time_start, time_stop;
int i, ret = 0;
u_int32_t i;
int ret = 0;
largememory = memory;
if (memory != 0 &&
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
error("Invalid memory amount (min %ld, max %ld)",
LARGE_MINIMUM, LARGE_MAXIMUM);
return (-1);
@ -371,8 +372,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
* fencepost errors, the last pass is skipped.
*/
for (smallbase = TINY_NUMBER + 3;
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
smallbase += TINY_NUMBER) {
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
smallbase += TINY_NUMBER) {
for (i = 0; i < tinybits; i++) {
if (BIT_TEST(TinySieve, i))
continue; /* 2*i+3 is composite */
@ -548,7 +549,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
* due to earlier inconsistencies in interpretation, check
* the proposed bit size.
*/
if (BN_num_bits(p) != (in_size + 1)) {
if ((u_int32_t)BN_num_bits(p) != (in_size + 1)) {
debug2("%10u: bit size %u mismatch", count_in, in_size);
continue;
}

15
crypto/openssh/msg.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: msg.c,v 1.7 2003/11/17 09:45:39 djm Exp $");
RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $");
#include "buffer.h"
#include "getput.h"
@ -55,15 +55,13 @@ int
ssh_msg_recv(int fd, Buffer *m)
{
u_char buf[4];
ssize_t res;
u_int msg_len;
debug3("ssh_msg_recv entering");
res = atomicio(read, fd, buf, sizeof(buf));
if (res != sizeof(buf)) {
if (res != 0)
error("ssh_msg_recv: read: header %ld", (long)res);
if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
if (errno != EPIPE)
error("ssh_msg_recv: read: header");
return (-1);
}
msg_len = GET_32BIT(buf);
@ -73,9 +71,8 @@ ssh_msg_recv(int fd, Buffer *m)
}
buffer_clear(m);
buffer_append_space(m, msg_len);
res = atomicio(read, fd, buffer_ptr(m), msg_len);
if (res != msg_len) {
error("ssh_msg_recv: read: %ld != msg_len", (long)res);
if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
error("ssh_msg_recv: read: %s", strerror(errno));
return (-1);
}
return (0);

8
crypto/openssh/openbsd-compat/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $
# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@ -16,11 +16,11 @@ RANLIB=@RANLIB@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
PORTS=port-irix.o port-aix.o
PORTS=port-irix.o port-aix.o port-uw.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

2
crypto/openssh/openbsd-compat/bsd-cygwin_util.c
View File

@ -29,7 +29,7 @@
#include "includes.h"
RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $");
RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
#ifdef HAVE_CYGWIN

20
crypto/openssh/openbsd-compat/bsd-misc.c
View File

@ -18,7 +18,7 @@
#include "includes.h"
#include "xmalloc.h"
RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $");
RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $");
#ifndef HAVE___PROGNAME
char *__progname;
@ -212,3 +212,21 @@ mysignal(int sig, mysig_t act)
return (signal(sig, act));
#endif
}
#ifndef HAVE_STRDUP
char *
strdup(const char *str)
{
size_t len;
char *cp;
len = strlen(str) + 1;
cp = malloc(len);
if (cp != NULL)
if (strlcpy(cp, str, len) != len) {
free(cp);
return NULL;
}
return cp;
}
#endif

4
crypto/openssh/openbsd-compat/getrrsetbyname.c
View File

@ -144,6 +144,8 @@ _getshort(msgp)
GETSHORT(u, msgp);
return (u);
}
#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0)
u_int16_t _getshort(register const u_char *);
#endif
#ifndef HAVE__GETLONG
@ -156,6 +158,8 @@ _getlong(msgp)
GETLONG(u, msgp);
return (u);
}
#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0)
u_int32_t _getlong(register const u_char *);
#endif
int

7
crypto/openssh/openbsd-compat/openbsd-compat.h
View File

@ -1,4 +1,4 @@
/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */
/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@ -152,6 +152,10 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *);
int snprintf(char *, size_t, const char *, ...);
#endif
#ifndef HAVE_STRTONUM
long long strtonum(const char *, long long, long long, const char **);
#endif
#ifndef HAVE_VSNPRINTF
int vsnprintf(char *, size_t, const char *, va_list);
#endif
@ -169,5 +173,6 @@ char *shadow_pw(struct passwd *pw);
#include "bsd-cygwin_util.h"
#include "port-irix.h"
#include "port-aix.h"
#include "port-uw.h"
#endif /* _OPENBSD_COMPAT_H */

46
crypto/openssh/openbsd-compat/openssl-compat.c Normal file
View File

@ -0,0 +1,46 @@
/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#define SSH_DONT_REDEF_EVP
#include "openssl-compat.h"
#ifdef SSH_OLD_EVP
int
ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv, int enc)
{
EVP_CipherInit(evp, type, key, iv, enc);
return 1;
}
int
ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
{
EVP_Cipher(evp, dst, src, len);
return 1;
}
int
ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
{
EVP_CIPHER_CTX_cleanup(evp);
return 1;
}
#endif

65
crypto/openssh/openbsd-compat/openssl-compat.h Normal file
View File

@ -0,0 +1,65 @@
/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER < 0x00906000L
# define SSH_OLD_EVP
# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
#endif
#if OPENSSL_VERSION_NUMBER < 0x00907000L
# define EVP_aes_128_cbc evp_rijndael
# define EVP_aes_192_cbc evp_rijndael
# define EVP_aes_256_cbc evp_rijndael
extern const EVP_CIPHER *evp_rijndael(void);
extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
#endif
#if !defined(EVP_CTRL_SET_ACSS_MODE)
# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
# define USE_CIPHER_ACSS 1
extern const EVP_CIPHER *evp_acss(void);
# define EVP_acss evp_acss
# else
# define EVP_acss NULL
# endif
#endif
/*
* insert comment here
*/
#ifdef SSH_OLD_EVP
# ifndef SSH_DONT_REDEF_EVP
# ifdef EVP_Cipher
# undef EVP_Cipher
# endif
# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e))
# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d))
# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
# endif
int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
unsigned char *, int);
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
#endif

16
crypto/openssh/openbsd-compat/port-aix.c
View File

@ -1,7 +1,7 @@
/*
*
* Copyright (c) 2001 Gert Doering. All rights reserved.
* Copyright (c) 2003,2004 Darren Tucker. All rights reserved.
* Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -42,14 +42,12 @@ static char old_registry[REGISTRY_SIZE] = "";
# endif
/*
* AIX has a "usrinfo" area where logname and other stuff is stored -
* AIX has a "usrinfo" area where logname and other stuff is stored -
* a few applications actually use this and die if it's not set
*
* NOTE: TTY= should be set, but since no one uses it and it's hard to
* acquire due to privsep code. We will just drop support.
*/
void
aix_usrinfo(struct passwd *pw)
{
@ -60,7 +58,7 @@ aix_usrinfo(struct passwd *pw)
len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
cp = xmalloc(len);
i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
pw->pw_name, '\0');
if (usrinfo(SETUINFO, cp, i) == -1)
fatal("Couldn't set usrinfo: %s", strerror(errno));
@ -153,14 +151,14 @@ aix_valid_authentications(const char *user)
int
sys_auth_passwd(Authctxt *ctxt, const char *password)
{
char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name;
int authsuccess = 0, expired, reenter, result;
do {
result = authenticate((char *)name, (char *)password, &reenter,
&authmsg);
aix_remove_embedded_newlines(authmsg);
debug3("AIX/authenticate result %d, msg %.100s", result,
debug3("AIX/authenticate result %d, authmsg %.100s", result,
authmsg);
} while (reenter);
@ -170,7 +168,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
if (result == 0) {
authsuccess = 1;
/*
/*
* Record successful login. We don't have a pty yet, so just
* label the line as "ssh"
*/
@ -257,7 +255,7 @@ int
sys_auth_record_login(const char *user, const char *host, const char *ttynm,
Buffer *loginmsg)
{
char *msg;
char *msg = NULL;
int success = 0;
aix_setauthdb(user);

15
crypto/openssh/openbsd-compat/port-aix.h
View File

@ -1,8 +1,9 @@
/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */
/* $Id: port-aix.h,v 1.26 2005/05/28 10:28:40 dtucker Exp $ */
/*
*
* Copyright (c) 2001 Gert Doering. All rights reserved.
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -47,23 +48,23 @@
/* These should be in the system headers but are not. */
int usrinfo(int, char *, int);
#if (HAVE_DECL_SETAUTHDB == 0)
#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0)
int setauthdb(const char *, char *);
#endif
/* these may or may not be in the headers depending on the version */
#if (HAVE_DECL_AUTHENTICATE == 0)
#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0)
int authenticate(char *, char *, int *, char **);
#endif
#if (HAVE_DECL_LOGINFAILED == 0)
#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0)
int loginfailed(char *, char *, char *);
#endif
#if (HAVE_DECL_LOGINRESTRICTIONS == 0)
#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0)
int loginrestrictions(char *, int, char *, char **);
#endif
#if (HAVE_DECL_LOGINSUCCESS == 0)
#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0)
int loginsuccess(char *, char *, char *, char **);
#endif
#if (HAVE_DECL_PASSWDEXPIRED == 0)
#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0)
int passwdexpired(char *, char **);
#endif

134
crypto/openssh/openbsd-compat/port-uw.c Normal file
View File

@ -0,0 +1,134 @@
/*
* Copyright (c) 2005 The SCO Group. All rights reserved.
* Copyright (c) 2005 Tim Rice. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
#include "packet.h"
#include "buffer.h"
#include "log.h"
#include "servconf.h"
#include "auth.h"
#include "auth-options.h"
int nischeck(char *);
int
sys_auth_passwd(Authctxt *authctxt, const char *password)
{
struct passwd *pw = authctxt->pw;
char *encrypted_password;
char *salt;
int result;
/* Just use the supplied fake password if authctxt is invalid */
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
/* Check for users with no password. */
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
return (1);
/* Encrypt the candidate password using the proper salt. */
salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
#ifdef UNIXWARE_LONG_PASSWORDS
if (!nischeck(pw->pw_name))
encrypted_password = bigcrypt(password, salt);
else
#endif /* UNIXWARE_LONG_PASSWORDS */
encrypted_password = xcrypt(password, salt);
/*
* Authentication is accepted if the encrypted passwords
* are identical.
*/
result = (strcmp(encrypted_password, pw_password) == 0);
if (authctxt->valid)
free(pw_password);
return(result);
}
#ifdef UNIXWARE_LONG_PASSWORDS
int
nischeck(char *namep)
{
char password_file[] = "/etc/passwd";
FILE *fd;
struct passwd *ent = NULL;
if ((fd = fopen (password_file, "r")) == NULL) {
/*
* If the passwd file has dissapeared we are in a bad state.
* However, returning 0 will send us back through the
* authentication scheme that has checked the ia database for
* passwords earlier.
*/
return(0);
}
/*
* fgetpwent() only reads from password file, so we know for certain
* that the user is local.
*/
while (ent = fgetpwent(fd)) {
if (strcmp (ent->pw_name, namep) == 0) {
/* Local user */
fclose (fd);
return(0);
}
}
fclose (fd);
return (1);
}
#endif /* UNIXWARE_LONG_PASSWORDS */
/*
NOTE: ia_get_logpwd() allocates memory for arg 2
functions that call shadow_pw() will need to free
*/
char *
get_iaf_password(struct passwd *pw)
{
char *pw_password = NULL;
uinfo_t uinfo;
if (!ia_openinfo(pw->pw_name,&uinfo)) {
ia_get_logpwd(uinfo, &pw_password);
if (pw_password == NULL)
fatal("ia_get_logpwd: Unable to get the shadow passwd");
ia_closeinfo(uinfo);
return pw_password;
}
else
fatal("ia_openinfo: Unable to open the shadow passwd file");
}
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */

30
crypto/openssh/openbsd-compat/port-uw.h Normal file
View File

@ -0,0 +1,30 @@
/*
* Copyright (c) 2005 Tim Rice. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
char * get_iaf_password(struct passwd *pw);
#endif

268
crypto/openssh/openbsd-compat/realpath.c
View File

@ -1,11 +1,7 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
/*
* Copyright (c) 1994
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Jan-Simon Pendry.
* Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -15,14 +11,14 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. The names of the authors may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
@ -36,169 +32,165 @@
#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
#include <sys/stat.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/*
* MAXSYMLINKS
*/
#ifndef MAXSYMLINKS
#define MAXSYMLINKS 5
#endif
/*
* char *realpath(const char *path, char resolved_path[MAXPATHLEN]);
* char *realpath(const char *path, char resolved[PATH_MAX]);
*
* Find the real name of path, by removing all ".", ".." and symlink
* components. Returns (resolved) on success, or (NULL) on failure,
* in which case the path which caused trouble is left in (resolved).
*/
char *
realpath(const char *path, char *resolved)
realpath(const char *path, char resolved[PATH_MAX])
{
struct stat sb;
int fd, n, needslash, serrno;
char *p, *q, wbuf[MAXPATHLEN];
int symlinks = 0;
char *p, *q, *s;
size_t left_len, resolved_len;
unsigned symlinks;
int serrno, slen;
char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
/* Save the starting point. */
#ifndef HAVE_FCHDIR
char start[MAXPATHLEN];
/* this is potentially racy but without fchdir we have no option */
if (getcwd(start, sizeof(start)) == NULL) {
resolved[0] = '.';
serrno = errno;
symlinks = 0;
if (path[0] == '/') {
resolved[0] = '/';
resolved[1] = '\0';
return (NULL);
}
#endif
if ((fd = open(".", O_RDONLY)) < 0) {
resolved[0] = '.';
resolved[1] = '\0';
return (NULL);
}
/* Convert "." -> "" to optimize away a needless lstat() and chdir() */
if (path[0] == '.' && path[1] == '\0')
path = "";
/*
* Find the dirname and basename from the path to be resolved.
* Change directory to the dirname component.
* lstat the basename part.
* if it is a symlink, read in the value and loop.
* if it is a directory, then change to that directory.
* get the current directory name and append the basename.
*/
if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) {
serrno = ENAMETOOLONG;
goto err2;
}
loop:
q = strrchr(resolved, '/');
if (q != NULL) {
p = q + 1;
if (q == resolved)
q = "/";
else {
do {
--q;
} while (q > resolved && *q == '/');
q[1] = '\0';
q = resolved;
}
if (chdir(q) < 0)
goto err1;
} else
p = resolved;
/* Deal with the last component. */
if (*p != '\0' && lstat(p, &sb) == 0) {
if (S_ISLNK(sb.st_mode)) {
if (++symlinks > MAXSYMLINKS) {
errno = ELOOP;
goto err1;
}
if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0)
goto err1;
resolved[n] = '\0';
goto loop;
}
if (S_ISDIR(sb.st_mode)) {
if (chdir(p) < 0)
goto err1;
p = "";
if (path[1] == '\0')
return (resolved);
resolved_len = 1;
left_len = strlcpy(left, path + 1, sizeof(left));
} else {
if (getcwd(resolved, PATH_MAX) == NULL) {
strlcpy(resolved, ".", PATH_MAX);
return (NULL);
}
resolved_len = strlen(resolved);
left_len = strlcpy(left, path, sizeof(left));
}
/*
* Save the last component name and get the full pathname of
* the current directory.
*/
if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) {
if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
errno = ENAMETOOLONG;
goto err1;
return (NULL);
}
if (getcwd(resolved, MAXPATHLEN) == NULL)
goto err1;
/*
* Join the two strings together, ensuring that the right thing
* happens if the last component is empty, or the dirname is root.
* Iterate over path components in `left'.
*/
if (resolved[0] == '/' && resolved[1] == '\0')
needslash = 0;
else
needslash = 1;
if (*wbuf) {
if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) {
while (left_len != 0) {
/*
* Extract the next path component and adjust `left'
* and its length.
*/
p = strchr(left, '/');
s = p ? p : left + left_len;
if (s - left >= sizeof(next_token)) {
errno = ENAMETOOLONG;
goto err1;
return (NULL);
}
if (needslash) {
if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) {
memcpy(next_token, left, s - left);
next_token[s - left] = '\0';
left_len -= s - left;
if (p != NULL)
memmove(left, s + 1, left_len + 1);
if (resolved[resolved_len - 1] != '/') {
if (resolved_len + 1 >= PATH_MAX) {
errno = ENAMETOOLONG;
goto err1;
return (NULL);
}
resolved[resolved_len++] = '/';
resolved[resolved_len] = '\0';
}
if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) {
if (next_token[0] == '\0')
continue;
else if (strcmp(next_token, ".") == 0)
continue;
else if (strcmp(next_token, "..") == 0) {
/*
* Strip the last path component except when we have
* single "/"
*/
if (resolved_len > 1) {
resolved[resolved_len - 1] = '\0';
q = strrchr(resolved, '/') + 1;
*q = '\0';
resolved_len = q - resolved;
}
continue;
}
/*
* Append the next path component and lstat() it. If
* lstat() fails we still can return successfully if
* there are no more path components left.
*/
resolved_len = strlcat(resolved, next_token, PATH_MAX);
if (resolved_len >= PATH_MAX) {
errno = ENAMETOOLONG;
goto err1;
return (NULL);
}
if (lstat(resolved, &sb) != 0) {
if (errno == ENOENT && p == NULL) {
errno = serrno;
return (resolved);
}
return (NULL);
}
if (S_ISLNK(sb.st_mode)) {
if (symlinks++ > MAXSYMLINKS) {
errno = ELOOP;
return (NULL);
}
slen = readlink(resolved, symlink, sizeof(symlink) - 1);
if (slen < 0)
return (NULL);
symlink[slen] = '\0';
if (symlink[0] == '/') {
resolved[1] = 0;
resolved_len = 1;
} else if (resolved_len > 1) {
/* Strip the last path component. */
resolved[resolved_len - 1] = '\0';
q = strrchr(resolved, '/') + 1;
*q = '\0';
resolved_len = q - resolved;
}
/*
* If there are any path components left, then
* append them to symlink. The result is placed
* in `left'.
*/
if (p != NULL) {
if (symlink[slen - 1] != '/') {
if (slen + 1 >= sizeof(symlink)) {
errno = ENAMETOOLONG;
return (NULL);
}
symlink[slen] = '/';
symlink[slen + 1] = 0;
}
left_len = strlcat(symlink, left, sizeof(left));
if (left_len >= sizeof(left)) {
errno = ENAMETOOLONG;
return (NULL);
}
}
left_len = strlcpy(left, symlink, sizeof(left));
}
}
/* Go back to where we came from. */
#ifdef HAVE_FCHDIR
if (fchdir(fd) < 0) {
#else
if (chdir(start) < 0) {
#endif
serrno = errno;
goto err2;
}
/* It's okay if the close fails, what's an fd more or less? */
(void)close(fd);
/*
* Remove trailing slash except when the resolved pathname
* is a single "/".
*/
if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
resolved[resolved_len - 1] = '\0';
return (resolved);
err1: serrno = errno;
#ifdef HAVE_FCHDIR
(void)fchdir(fd);
#else
chdir(start);
#endif
err2: (void)close(fd);
errno = serrno;
return (NULL);
}
#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */

151
crypto/openssh/openbsd-compat/strtoll.c Normal file
View File

@ -0,0 +1,151 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
/*-
* Copyright (c) 1992 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "includes.h"
#ifndef HAVE_STRTOLL
#if defined(LIBC_SCCS) && !defined(lint)
static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
/*
* Convert a string to a long long.
*
* Ignores `locale' stuff. Assumes that the upper and lower case
* alphabets and digits are each contiguous.
*/
long long
strtoll(const char *nptr, char **endptr, int base)
{
const char *s;
long long acc, cutoff;
int c;
int neg, any, cutlim;
/*
* Skip white space and pick up leading +/- sign if any.
* If base is 0, allow 0x for hex and 0 for octal, else
* assume decimal; if base is already 16, allow 0x.
*/
s = nptr;
do {
c = (unsigned char) *s++;
} while (isspace(c));
if (c == '-') {
neg = 1;
c = *s++;
} else {
neg = 0;
if (c == '+')
c = *s++;
}
if ((base == 0 || base == 16) &&
c == '0' && (*s == 'x' || *s == 'X')) {
c = s[1];
s += 2;
base = 16;
}
if (base == 0)
base = c == '0' ? 8 : 10;
/*
* Compute the cutoff value between legal numbers and illegal
* numbers. That is the largest legal value, divided by the
* base. An input number that is greater than this value, if
* followed by a legal input character, is too big. One that
* is equal to this value may be valid or not; the limit
* between valid and invalid numbers is then based on the last
* digit. For instance, if the range for long longs is
* [-9223372036854775808..9223372036854775807] and the input base
* is 10, cutoff will be set to 922337203685477580 and cutlim to
* either 7 (neg==0) or 8 (neg==1), meaning that if we have
* accumulated a value > 922337203685477580, or equal but the
* next digit is > 7 (or 8), the number is too big, and we will
* return a range error.
*
* Set any if any `digits' consumed; make it negative to indicate
* overflow.
*/
cutoff = neg ? LLONG_MIN : LLONG_MAX;
cutlim = cutoff % base;
cutoff /= base;
if (neg) {
if (cutlim > 0) {
cutlim -= base;
cutoff += 1;
}
cutlim = -cutlim;
}
for (acc = 0, any = 0;; c = (unsigned char) *s++) {
if (isdigit(c))
c -= '0';
else if (isalpha(c))
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
else
break;
if (c >= base)
break;
if (any < 0)
continue;
if (neg) {
if (acc < cutoff || (acc == cutoff && c > cutlim)) {
any = -1;
acc = LLONG_MIN;
errno = ERANGE;
} else {
any = 1;
acc *= base;
acc -= c;
}
} else {
if (acc > cutoff || (acc == cutoff && c > cutlim)) {
any = -1;
acc = LLONG_MAX;
errno = ERANGE;
} else {
any = 1;
acc *= base;
acc += c;
}
}
}
if (endptr != 0)
*endptr = (char *) (any ? s - 1 : nptr);
return (acc);
}
#endif /* HAVE_STRTOLL */

69
crypto/openssh/openbsd-compat/strtonum.c Normal file
View File

@ -0,0 +1,69 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */
/*
* Copyright (c) 2004 Ted Unangst and Todd Miller
* All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifndef HAVE_STRTONUM
#include <limits.h>
#define INVALID 1
#define TOOSMALL 2
#define TOOLARGE 3
long long
strtonum(const char *numstr, long long minval, long long maxval,
const char **errstrp)
{
long long ll = 0;
char *ep;
int error = 0;
struct errval {
const char *errstr;
int err;
} ev[4] = {
{ NULL, 0 },
{ "invalid", EINVAL },
{ "too small", ERANGE },
{ "too large", ERANGE },
};
ev[0].err = errno;
errno = 0;
if (minval > maxval)
error = INVALID;
else {
ll = strtoll(numstr, &ep, 10);
if (numstr == ep || *ep != '\0')
error = INVALID;
else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
error = TOOSMALL;
else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
error = TOOLARGE;
}
if (errstrp != NULL)
*errstrp = ev[error].errstr;
errno = ev[error].err;
if (error)
ll = 0;
return (ll);
}
#endif /* HAVE_STRTONUM */

5
crypto/openssh/openbsd-compat/xcrypt.c
View File

@ -93,6 +93,11 @@ shadow_pw(struct passwd *pw)
if (spw != NULL)
pw_password = spw->sp_pwdp;
# endif
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
return(get_iaf_password(pw));
#endif
# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
struct passwd_adjunct *spw;
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)

63
crypto/openssh/packet.c
View File

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $");
#include "openbsd-compat/sys-queue.h"
@ -116,6 +116,12 @@ static int initialized = 0;
/* Set to true if the connection is interactive. */
static int interactive_mode = 0;
/* Set to true if we are the server side. */
static int server_side = 0;
/* Set to true if we are authenticated. */
static int after_authentication = 0;
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
static struct packet_state {
@ -624,7 +630,9 @@ set_newkeys(int mode)
/* Deleting the keys does not gain extra security */
/* memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len); */
if (comp->type != 0 && comp->enabled == 0) {
if ((comp->type == COMP_ZLIB ||
(comp->type == COMP_DELAYED && after_authentication)) &&
comp->enabled == 0) {
packet_init_compression();
if (mode == MODE_OUT)
buffer_compress_init_send(6);
@ -644,6 +652,35 @@ set_newkeys(int mode)
*max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
}
/*
* Delayed compression for SSH2 is enabled after authentication:
* This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
* and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
*/
static void
packet_enable_delayed_compress(void)
{
Comp *comp = NULL;
int mode;
/*
* Remember that we are past the authentication step, so rekeying
* with COMP_DELAYED will turn on compression immediately.
*/
after_authentication = 1;
for (mode = 0; mode < MODE_MAX; mode++) {
comp = &newkeys[mode]->comp;
if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
packet_init_compression();
if (mode == MODE_OUT)
buffer_compress_init_send(6);
else
buffer_compress_init_recv();
comp->enabled = 1;
}
}
}
/*
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
*/
@ -757,6 +794,8 @@ packet_send2_wrapped(void)
if (type == SSH2_MSG_NEWKEYS)
set_newkeys(MODE_OUT);
else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
packet_enable_delayed_compress();
}
static void
@ -992,7 +1031,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
static u_int packet_length = 0;
u_int padlen, need;
u_char *macbuf, *cp, type;
int maclen, block_size;
u_int maclen, block_size;
Enc *enc = NULL;
Mac *mac = NULL;
Comp *comp = NULL;
@ -1099,6 +1138,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
packet_disconnect("Invalid ssh2 packet type: %d", type);
if (type == SSH2_MSG_NEWKEYS)
set_newkeys(MODE_IN);
else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
packet_enable_delayed_compress();
#ifdef PACKET_DEBUG
fprintf(stderr, "read/plain[%d]:\r\n", type);
buffer_dump(&incoming_packet);
@ -1229,9 +1270,9 @@ packet_get_bignum2(BIGNUM * value)
}
void *
packet_get_raw(int *length_ptr)
packet_get_raw(u_int *length_ptr)
{
int bytes = buffer_len(&incoming_packet);
u_int bytes = buffer_len(&incoming_packet);
if (length_ptr != NULL)
*length_ptr = bytes;
@ -1524,3 +1565,15 @@ packet_set_rekey_limit(u_int32_t bytes)
{
rekey_limit = bytes;
}
void
packet_set_server(void)
{
server_side = 1;
}
void
packet_set_authenticated(void)
{
after_authentication = 1;
}

49
crypto/openssh/progressmeter.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $");
RCSID("$OpenBSD: progressmeter.c,v 1.24 2005/06/07 13:25:23 jaredy Exp $");
#include "progressmeter.h"
#include "atomicio.h"
@ -42,6 +42,10 @@ static int can_output(void);
static void format_size(char *, int, off_t);
static void format_rate(char *, int, off_t);
/* window resizing */
static void sig_winch(int);
static void setscreensize(void);
/* updates the progressmeter to reflect the current state of the transfer */
void refresh_progress_meter(void);
@ -57,6 +61,7 @@ static volatile off_t *counter; /* progress counter */
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
static int win_size; /* terminal window size */
static volatile sig_atomic_t win_resized; /* for window resizing */
/* units for format_size */
static const char unit[] = " KMGT";
@ -147,6 +152,8 @@ refresh_progress_meter(void)
len = snprintf(buf, file_len + 1, "\r%s", file);
if (len < 0)
len = 0;
if (len >= file_len + 1)
len = file_len;
for (i = len; i < file_len; i++ )
buf[i] = ' ';
buf[file_len] = '\0';
@ -215,6 +222,10 @@ update_progress_meter(int ignore)
save_errno = errno;
if (win_resized) {
setscreensize();
win_resized = 0;
}
if (can_output())
refresh_progress_meter();
@ -226,8 +237,6 @@ update_progress_meter(int ignore)
void
start_progress_meter(char *f, off_t filesize, off_t *ctr)
{
struct winsize winsize;
start = last_update = time(NULL);
file = f;
end_pos = filesize;
@ -236,20 +245,12 @@ start_progress_meter(char *f, off_t filesize, off_t *ctr)
stalled = 0;
bytes_per_second = 0;
if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
winsize.ws_col != 0) {
if (winsize.ws_col > MAX_WINSIZE)
win_size = MAX_WINSIZE;
else
win_size = winsize.ws_col;
} else
win_size = DEFAULT_WINSIZE;
win_size += 1; /* trailing \0 */
setscreensize();
if (can_output())
refresh_progress_meter();
signal(SIGALRM, update_progress_meter);
signal(SIGWINCH, sig_winch);
alarm(UPDATE_INTERVAL);
}
@ -267,3 +268,25 @@ stop_progress_meter(void)
atomicio(vwrite, STDOUT_FILENO, "\n", 1);
}
static void
sig_winch(int sig)
{
win_resized = 1;
}
static void
setscreensize(void)
{
struct winsize winsize;
if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
winsize.ws_col != 0) {
if (winsize.ws_col > MAX_WINSIZE)
win_size = MAX_WINSIZE;
else
win_size = winsize.ws_col;
} else
win_size = DEFAULT_WINSIZE;
win_size += 1; /* trailing \0 */
}

11
crypto/openssh/readpass.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $");
RCSID("$OpenBSD: readpass.c,v 1.33 2005/05/02 21:13:22 markus Exp $");
#include "xmalloc.h"
#include "misc.h"
@ -106,15 +106,20 @@ read_passphrase(const char *prompt, int flags)
if (flags & RP_USE_ASKPASS)
use_askpass = 1;
else if (flags & RP_ALLOW_STDIN) {
if (!isatty(STDIN_FILENO))
if (!isatty(STDIN_FILENO)) {
debug("read_passphrase: stdin is not a tty");
use_askpass = 1;
}
} else {
rppflags |= RPP_REQUIRE_TTY;
ttyfd = open(_PATH_TTY, O_RDWR);
if (ttyfd >= 0)
close(ttyfd);
else
else {
debug("read_passphrase: can't open %s: %s", _PATH_TTY,
strerror(errno));
use_askpass = 1;
}
}
if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)

6
crypto/openssh/regress/reexec.sh
View File

@ -3,10 +3,10 @@
tid="reexec tests"
DATA=/bin/ls
DATA=/bin/ls${EXEEXT}
COPY=${OBJ}/copy
SSHD_ORIG=$SSHD
SSHD_COPY=$OBJ/sshd
SSHD_ORIG=$SSHD${EXEEXT}
SSHD_COPY=$OBJ/sshd${EXEEXT}
# Start a sshd and then delete it
start_sshd_copy ()

7
crypto/openssh/regress/test-exec.sh
View File

@ -96,9 +96,10 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then
fi
# Path to sshd must be absolute for rexec
if [ ! -x /$SSHD ]; then
SSHD=`which sshd`
fi
case "$SSHD" in
/*) ;;
*) SSHD=`which sshd` ;;
esac
if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
TEST_SSH_LOGFILE=/dev/null

39
crypto/openssh/sftp-client.c
View File

@ -20,7 +20,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $");
RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $");
#include "openbsd-compat/sys-queue.h"
@ -64,10 +64,10 @@ send_msg(int fd, Buffer *m)
/* Send length first */
PUT_32BIT(mlen, buffer_len(m));
if (atomicio(vwrite, fd, mlen, sizeof(mlen)) <= 0)
if (atomicio(vwrite, fd, mlen, sizeof(mlen)) != sizeof(mlen))
fatal("Couldn't send packet: %s", strerror(errno));
if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) <= 0)
if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) != buffer_len(m))
fatal("Couldn't send packet: %s", strerror(errno));
buffer_clear(m);
@ -76,26 +76,27 @@ send_msg(int fd, Buffer *m)
static void
get_msg(int fd, Buffer *m)
{
ssize_t len;
u_int msg_len;
buffer_append_space(m, 4);
len = atomicio(read, fd, buffer_ptr(m), 4);
if (len == 0)
fatal("Connection closed");
else if (len == -1)
fatal("Couldn't read packet: %s", strerror(errno));
if (atomicio(read, fd, buffer_ptr(m), 4) != 4) {
if (errno == EPIPE)
fatal("Connection closed");
else
fatal("Couldn't read packet: %s", strerror(errno));
}
msg_len = buffer_get_int(m);
if (msg_len > MAX_MSG_LENGTH)
fatal("Received message too long %u", msg_len);
buffer_append_space(m, msg_len);
len = atomicio(read, fd, buffer_ptr(m), msg_len);
if (len == 0)
fatal("Connection closed");
else if (len == -1)
fatal("Read packet: %s", strerror(errno));
if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
if (errno == EPIPE)
fatal("Connection closed");
else
fatal("Read packet: %s", strerror(errno));
}
}
static void
@ -310,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
SFTP_DIRENT ***dir)
{
Buffer msg;
u_int type, id, handle_len, i, expected_id, ents = 0;
u_int count, type, id, handle_len, i, expected_id, ents = 0;
char *handle;
id = conn->msg_id++;
@ -334,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
}
for (; !interrupted;) {
int count;
id = expected_id = conn->msg_id++;
debug3("Sending SSH2_FXP_READDIR I:%u", id);
@ -743,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
Attrib junk, *a;
Buffer msg;
char *handle;
int local_fd, status, num_req, max_req, write_error;
int local_fd, status = 0, write_error;
int read_error, write_errno;
u_int64_t offset, size;
u_int handle_len, mode, type, id, buflen;
u_int handle_len, mode, type, id, buflen, num_req, max_req;
off_t progress_counter;
struct request {
u_int id;
@ -1127,7 +1126,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
goto done;
}
debug3("In write loop, ack for %u %u bytes at %llu",
ack->id, ack->len, (unsigned long long)ack->offset);
ack->id, ack->len, (unsigned long long)ack->offset);
++ackid;
xfree(ack);
}

4
crypto/openssh/sftp-client.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */
/* $OpenBSD: sftp-client.h,v 1.14 2005/04/26 12:59:02 jmc Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@ -30,7 +30,7 @@ struct SFTP_DIRENT {
};
/*
* Initialiase a SSH filexfer connection. Returns NULL on error or
* Initialise a SSH filexfer connection. Returns NULL on error or
* a pointer to a initialized sftp_conn struct on success.
*/
struct sftp_conn *do_init(int, int, u_int, u_int);

12
crypto/openssh/sftp-server.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $");
RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
#include "buffer.h"
#include "bufaux.h"
@ -130,7 +130,7 @@ Handle handles[100];
static void
handle_init(void)
{
int i;
u_int i;
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
handles[i].use = HANDLE_UNUSED;
@ -139,7 +139,7 @@ handle_init(void)
static int
handle_new(int use, const char *name, int fd, DIR *dirp)
{
int i;
u_int i;
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
if (handles[i].use == HANDLE_UNUSED) {
@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp)
static int
handle_is_ok(int i, int type)
{
return i >= 0 && i < sizeof(handles)/sizeof(Handle) &&
return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
handles[i].use == type;
}
@ -477,10 +477,10 @@ process_write(void)
} else {
/* XXX ATOMICIO ? */
ret = write(fd, data, len);
if (ret == -1) {
if (ret < 0) {
error("process_write: write failed");
status = errno_to_portable(errno);
} else if (ret == len) {
} else if ((size_t)ret == len) {
status = SSH2_FX_OK;
} else {
logit("nothing at all written");

53
crypto/openssh/sftp.c
View File

@ -16,7 +16,7 @@
#include "includes.h"
RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
#ifdef USE_LIBEDIT
#include <histedit.h>
@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path)
{
const char *cp = *cpp, *end;
char quot;
int i, j;
u_int i, j;
cp += strspn(cp, WHITESPACE);
if (!*cp) {
@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb)
static int
do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
{
int n, c = 1, colspace = 0, columns = 1;
int n;
u_int c = 1, colspace = 0, columns = 1;
SFTP_DIRENT **d;
if ((n = do_readdir(conn, path, &d)) != 0)
return (n);
if (!(lflag & LS_SHORT_VIEW)) {
int m = 0, width = 80;
u_int m = 0, width = 80;
struct winsize ws;
char *tmp;
@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
int lflag)
{
glob_t g;
int i, c = 1, colspace = 0, columns = 1;
u_int i, c = 1, colspace = 0, columns = 1;
Attrib *a = NULL;
memset(&g, 0, sizeof(g));
@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
}
if (!(lflag & LS_SHORT_VIEW)) {
int m = 0, width = 80;
u_int m = 0, width = 80;
struct winsize ws;
/* Count entries for sort and find longest filename */
@ -1236,7 +1237,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
char *dir = NULL;
char cmd[2048];
struct sftp_conn *conn;
int err;
int err, interactive;
EditLine *el = NULL;
#ifdef USE_LIBEDIT
History *hl = NULL;
@ -1294,14 +1295,15 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
xfree(dir);
}
#if HAVE_SETVBUF
#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF)
setvbuf(stdout, NULL, _IOLBF, 0);
setvbuf(infile, NULL, _IOLBF, 0);
#else
setlinebuf(stdout);
setlinebuf(infile);
setlinebuf(stdout);
setlinebuf(infile);
#endif
interactive = !batchmode && isatty(STDIN_FILENO);
err = 0;
for (;;) {
char *cp;
@ -1309,20 +1311,28 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
signal(SIGINT, SIG_IGN);
if (el == NULL) {
printf("sftp> ");
if (interactive)
printf("sftp> ");
if (fgets(cmd, sizeof(cmd), infile) == NULL) {
printf("\n");
if (interactive)
printf("\n");
break;
}
if (batchmode) /* Echo command */
printf("%s", cmd);
if (!interactive) { /* Echo command */
printf("sftp> %s", cmd);
if (strlen(cmd) > 0 &&
cmd[strlen(cmd) - 1] != '\n')
printf("\n");
}
} else {
#ifdef USE_LIBEDIT
const char *line;
int count = 0;
if ((line = el_gets(el, &count)) == NULL || count <= 0)
break;
if ((line = el_gets(el, &count)) == NULL || count <= 0) {
printf("\n");
break;
}
history(hl, &hev, H_ENTER, line);
if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) {
fprintf(stderr, "Error: input line too long\n");
@ -1345,6 +1355,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
}
xfree(pwd);
#ifdef USE_LIBEDIT
if (el != NULL)
el_end(el);
#endif /* USE_LIBEDIT */
/* err == 1 signifies normal "quit" exit */
return (err >= 0 ? 0 : -1);
}
@ -1475,7 +1490,7 @@ main(int argc, char **argv)
/* Allow "-" as stdin */
if (strcmp(optarg, "-") != 0 &&
(infile = fopen(optarg, "r")) == NULL)
(infile = fopen(optarg, "r")) == NULL)
fatal("%s (%s).", strerror(errno), optarg);
showprogress = 0;
batchmode = 1;
@ -1561,8 +1576,8 @@ main(int argc, char **argv)
err = interactive_loop(in, out, file1, file2);
#if !defined(USE_PIPES)
shutdown(in, SHUT_RDWR);
shutdown(out, SHUT_RDWR);
shutdown(in, SHUT_RDWR);
shutdown(out, SHUT_RDWR);
#endif
close(in);

14
crypto/openssh/ssh-add.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $
.\" $OpenBSD: ssh-add.1,v 1.43 2005/04/21 06:17:50 djm Exp $
.\"
.\" -*- nroff -*-
.\"
@ -57,10 +57,10 @@
adds RSA or DSA identities to the authentication agent,
.Xr ssh-agent 1 .
When run without arguments, it adds the files
.Pa $HOME/.ssh/id_rsa ,
.Pa $HOME/.ssh/id_dsa
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_dsa
and
.Pa $HOME/.ssh/identity .
.Pa ~/.ssh/identity .
Alternative file names can be given on the command line.
If any file requires a passphrase,
.Nm
@ -142,11 +142,11 @@ agent.
.El
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
.It Pa ~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
.It Pa $HOME/.ssh/id_dsa
.It Pa ~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa $HOME/.ssh/id_rsa
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.El
.Pp

14
crypto/openssh/ssh-agent.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $
.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -111,10 +111,10 @@ Keys are added using
When executed without arguments,
.Xr ssh-add 1
adds the files
.Pa $HOME/.ssh/id_rsa ,
.Pa $HOME/.ssh/id_dsa
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_dsa
and
.Pa $HOME/.ssh/identity .
.Pa ~/.ssh/identity .
If the identity has a passphrase,
.Xr ssh-add 1
asks for the passphrase (using a small X11 application if running
@ -179,11 +179,11 @@ The agent exits automatically when the command given on the command
line terminates.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
.It Pa ~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
.It Pa $HOME/.ssh/id_dsa
.It Pa ~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa $HOME/.ssh/id_rsa
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
Unix-domain sockets used to contain the connection to the

30
crypto/openssh/ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
.\"
.\" -*- nroff -*-
.\"
@ -129,10 +129,10 @@ section for details.
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
key in
.Pa $HOME/.ssh/identity ,
.Pa $HOME/.ssh/id_dsa
.Pa ~/.ssh/identity ,
.Pa ~/.ssh/id_dsa
or
.Pa $HOME/.ssh/id_rsa .
.Pa ~/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
Generally, 1024 bits is considered sufficient.
The default is 1024 bits.
Generally, 2048 bits is considered sufficient.
The default is 2048 bits.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
@ -381,7 +381,7 @@ It is important that this file contains moduli of a range of bit lengths and
that both ends of a connection share common moduli.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
.It Pa ~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
@ -392,14 +392,14 @@ This file is not automatically accessed by
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/identity.pub
.It Pa ~/.ssh/identity.pub
Contains the protocol version 1 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
.Pa ~/.ssh/authorized_keys
on all machines
where the user wishes to log in using RSA authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_dsa
.It Pa ~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
@ -410,14 +410,14 @@ This file is not automatically accessed by
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_dsa.pub
Contains the protocol version 2 DSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
.Pa ~/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_rsa
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
@ -428,10 +428,10 @@ This file is not automatically accessed by
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_rsa.pub
.It Pa ~/.ssh/id_rsa.pub
Contains the protocol version 2 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
.Pa ~/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.

96
crypto/openssh/ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
#include "dns.h"
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
int bits = 1024;
u_int32_t bits = 2048;
/*
* Flag indicating that we just want to change the passphrase. This can be
@ -90,7 +90,7 @@ extern char *__progname;
char hostname[MAXHOSTNAMELEN];
/* moduli.c */
int gen_candidates(FILE *, int, int, BIGNUM *);
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
static void
@ -738,7 +738,7 @@ do_known_hosts(struct passwd *pw, const char *name)
fprintf(stderr, "WARNING: %s contains unhashed "
"entries\n", old);
fprintf(stderr, "Delete this file to ensure privacy "
"of hostnames\n");
"of hostnames\n");
}
}
@ -959,31 +959,38 @@ usage(void)
{
fprintf(stderr, "Usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
fprintf(stderr, " -b bits Number of bits in the key to create.\n");
fprintf(stderr, " -c Change comment in private and public key files.\n");
fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
fprintf(stderr, " -f filename Filename of the key file.\n");
fprintf(stderr, " -g Use generic DNS resource record format.\n");
fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
fprintf(stderr, " -l Show fingerprint of key file.\n");
fprintf(stderr, " -p Change passphrase of private key file.\n");
fprintf(stderr, " -q Quiet.\n");
fprintf(stderr, " -y Read private key file and print public key.\n");
fprintf(stderr, " -t type Specify type of key to create.\n");
fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
fprintf(stderr, " -H Hash names in known_hosts file\n");
fprintf(stderr, " -F hostname Find hostname in known hosts file\n");
fprintf(stderr, " -b bits Number of bits in the key to create.\n");
fprintf(stderr, " -C comment Provide new comment.\n");
fprintf(stderr, " -N phrase Provide new passphrase.\n");
fprintf(stderr, " -P phrase Provide old passphrase.\n");
fprintf(stderr, " -r hostname Print DNS resource record.\n");
fprintf(stderr, " -c Change comment in private and public key files.\n");
#ifdef SMARTCARD
fprintf(stderr, " -D reader Download public key from smartcard.\n");
#endif /* SMARTCARD */
fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");
fprintf(stderr, " -f filename Filename of the key file.\n");
fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");
fprintf(stderr, " -g Use generic DNS resource record format.\n");
fprintf(stderr, " -H Hash names in known_hosts file.\n");
fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
fprintf(stderr, " -l Show fingerprint of key file.\n");
fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
fprintf(stderr, " -N phrase Provide new passphrase.\n");
fprintf(stderr, " -P phrase Provide old passphrase.\n");
fprintf(stderr, " -p Change passphrase of private key file.\n");
fprintf(stderr, " -q Quiet.\n");
fprintf(stderr, " -R hostname Remove host from known_hosts file.\n");
fprintf(stderr, " -r hostname Print DNS resource record.\n");
fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n");
fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n");
fprintf(stderr, " -t type Specify type of key to create.\n");
#ifdef SMARTCARD
fprintf(stderr, " -U reader Upload private key to smartcard.\n");
#endif /* SMARTCARD */
fprintf(stderr, " -G file Generate candidates for DH-GEX moduli\n");
fprintf(stderr, " -T file Screen candidates for DH-GEX moduli\n");
fprintf(stderr, " -v Verbose.\n");
fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
fprintf(stderr, " -y Read private key file and print public key.\n");
exit(1);
}
@ -1000,12 +1007,13 @@ main(int ac, char **av)
Key *private, *public;
struct passwd *pw;
struct stat st;
int opt, type, fd, download = 0, memory = 0;
int generator_wanted = 0, trials = 100;
int opt, type, fd, download = 0;
u_int32_t memory = 0, generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0;
int log_level = SYSLOG_LEVEL_INFO;
BIGNUM *start = NULL;
FILE *f;
const char *errstr;
extern int optind;
extern char *optarg;
@ -1033,11 +1041,10 @@ main(int ac, char **av)
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
switch (opt) {
case 'b':
bits = atoi(optarg);
if (bits < 512 || bits > 32768) {
printf("Bits has bad value.\n");
exit(1);
}
bits = strtonum(optarg, 512, 32768, &errstr);
if (errstr)
fatal("Bits has bad value %s (%s)",
optarg, errstr);
break;
case 'F':
find_host = 1;
@ -1063,7 +1070,9 @@ main(int ac, char **av)
change_comment = 1;
break;
case 'f':
strlcpy(identity_file, optarg, sizeof(identity_file));
if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
sizeof(identity_file))
fatal("Identity filename too long");
have_identity = 1;
break;
case 'g':
@ -1118,23 +1127,34 @@ main(int ac, char **av)
rr_hostname = optarg;
break;
case 'W':
generator_wanted = atoi(optarg);
if (generator_wanted < 1)
fatal("Desired generator has bad value.");
generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr);
if (errstr)
fatal("Desired generator has bad value: %s (%s)",
optarg, errstr);
break;
case 'a':
trials = atoi(optarg);
trials = strtonum(optarg, 1, UINT_MAX, &errstr);
if (errstr)
fatal("Invalid number of trials: %s (%s)",
optarg, errstr);
break;
case 'M':
memory = atoi(optarg);
memory = strtonum(optarg, 1, UINT_MAX, &errstr);
if (errstr) {
fatal("Memory limit is %s: %s", errstr, optarg);
}
break;
case 'G':
do_gen_candidates = 1;
strlcpy(out_file, optarg, sizeof(out_file));
if (strlcpy(out_file, optarg, sizeof(out_file)) >=
sizeof(out_file))
fatal("Output filename too long");
break;
case 'T':
do_screen_candidates = 1;
strlcpy(out_file, optarg, sizeof(out_file));
if (strlcpy(out_file, optarg, sizeof(out_file)) >=
sizeof(out_file))
fatal("Output filename too long");
break;
case 'S':
/* XXX - also compare length against bits */

16
crypto/openssh/ssh-rand-helper.c
View File

@ -39,7 +39,7 @@
#include "pathnames.h"
#include "log.h"
RCSID("$Id: ssh-rand-helper.c,v 1.23 2005/02/16 02:32:30 dtucker Exp $");
RCSID("$Id: ssh-rand-helper.c,v 1.26 2005/07/17 07:26:44 djm Exp $");
/* Number of bytes we write out */
#define OUTPUT_SEED_SIZE 48
@ -123,7 +123,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
unsigned short tcp_port, char *socket_path)
{
int fd, addr_len, rval, errors;
char msg[2];
u_char msg[2];
struct sockaddr_storage addr;
struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
@ -135,8 +135,8 @@ get_random_bytes_prngd(unsigned char *buf, int len,
if (socket_path != NULL &&
strlen(socket_path) >= sizeof(addr_un->sun_path))
fatal("Random pool path is too long");
if (len > 255)
fatal("Too many bytes to read from PRNGD");
if (len <= 0 || len > 255)
fatal("Too many bytes (%d) to read from PRNGD", len);
memset(&addr, '\0', sizeof(addr));
@ -190,7 +190,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
goto done;
}
if (atomicio(read, fd, buf, len) != len) {
if (atomicio(read, fd, buf, len) != (size_t)len) {
if (errno == EPIPE && errors < 10) {
close(fd);
errors++;
@ -398,8 +398,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
debug3("Time elapsed: %d msec", msec_elapsed);
if (waitpid(pid, &status, 0) == -1) {
error("Couldn't wait for child '%s' completion: %s",
src->cmdstring, strerror(errno));
error("Couldn't wait for child '%s' completion: %s",
src->cmdstring, strerror(errno));
return 0.0;
}
@ -600,7 +600,7 @@ prng_write_seedfile(void)
save_errno = errno;
unlink(tmpseed);
fatal("problem renaming PRNG seedfile from %.100s "
"to %.100s (%.100s)", tmpseed, filename,
"to %.100s (%.100s)", tmpseed, filename,
strerror(save_errno));
}
}

4
crypto/openssh/ssh-rsa.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");
RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
ERR_error_string(ERR_get_error(), NULL));
goto done;
}
if (len != hlen + oidlen) {
if (len < 0 || (u_int)len != hlen + oidlen) {
error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
goto done;
}

30
crypto/openssh/ttymodes.c
View File

@ -240,6 +240,32 @@ baud_to_speed(int baud)
}
}
/*
* Encode a special character into SSH line format.
*/
static u_int
special_char_encode(cc_t c)
{
#ifdef _POSIX_VDISABLE
if (c == _POSIX_VDISABLE)
return 255;
#endif /* _POSIX_VDISABLE */
return c;
}
/*
* Decode a special character from SSH line format.
*/
static cc_t
special_char_decode(u_int c)
{
#ifdef _POSIX_VDISABLE
if (c == 255)
return _POSIX_VDISABLE;
#endif /* _POSIX_VDISABLE */
return c;
}
/*
* Encodes terminal modes for the terminal referenced by fd
* or tiop in a portable manner, and appends the modes to a packet
@ -287,7 +313,7 @@ tty_make_modes(int fd, struct termios *tiop)
#define TTYCHAR(NAME, OP) \
debug3("tty_make_modes: %d %d", OP, tio.c_cc[NAME]); \
buffer_put_char(&buf, OP); \
put_arg(&buf, tio.c_cc[NAME]);
put_arg(&buf, special_char_encode(tio.c_cc[NAME]));
#define TTYMODE(NAME, FIELD, OP) \
debug3("tty_make_modes: %d %d", OP, ((tio.FIELD & NAME) != 0)); \
@ -375,7 +401,7 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
#define TTYCHAR(NAME, OP) \
case OP: \
n_bytes += arg_size; \
tio.c_cc[NAME] = get_arg(); \
tio.c_cc[NAME] = special_char_decode(get_arg()); \
debug3("tty_parse_modes: %d %d", OP, tio.c_cc[NAME]); \
break;
#define TTYMODE(NAME, FIELD, OP) \