d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r124208,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Dag-Erling Smørgrav 2004-01-07 11:10:17 +00:00
commit fb7dd0a77c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=124209
155 changed files with 9004 additions and 3719 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/openssh/CREDITS
View File

@ -5,7 +5,7 @@ Theo de Raadt, and Dug Song - Creators of OpenSSH
Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes
Andre Lucas <andre@ae-35.com> - new login code, many fixes
Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
Andrew McGill <andrewm@datrix.co.za> - SCO fixes
Andrew Morgan <morgan@transmeta.com> - PAM bugfixes
@ -23,7 +23,7 @@ Chris Saia <csaia@wtower.com> - SuSE packaging
Chris, the Young One <cky@pobox.com> - Password auth fixes
Christos Zoulas <christos@zoulas.com> - Autoconf fixes
Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
Corinna Vinschen <vinschen@cygnus.com> - Cygwin support
Corinna Vinschen <vinschen@redhat.com> - Cygwin support
Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
Darren Hall <dhall@virage.org> - AIX patches
Darren Tucker <dtucker@zip.com.au> - AIX BFF package scripts
@ -49,6 +49,7 @@ Juergen Keil <jk@tools.de> - scp bugfixing
KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
Kees Cook <cook@cpoint.net> - scp fixes
Kenji Miyake <kenji@miyake.org> - Configure fixes
Kevin Cawlfield <cawlfiel@us.ibm.com> - AIX fixes.
Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation
Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements
Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
@ -69,11 +70,13 @@ Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> - Security fixes
Pavel Troller <patrol@omni.sinus.cz> - Bugfixes
Pekka Savola <pekkas@netcore.fi> - Bugfixes
Peter Kocks <peter.kocks@baygate.com> - Makefile fixes
Peter Stuge <stuge@cdy.org> - mdoc2man.awk script
Phil Hands <phil@hands.com> - Debian scripts, assorted patches
Phil Karn <karn@ka9q.ampr.org> - Autoconf fixes
Philippe WILLEM <Philippe.WILLEM@urssaf.fr> - Bugfixes
Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
Roumen Petrov <openssh@roumenpetrov.info> - Compile & configure fixes
SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV
Solar Designer <solar@openwall.com> - many patches and technical assistance
@ -91,5 +94,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
$Id: CREDITS,v 1.67 2002/07/28 20:31:19 stevesk Exp $
$Id: CREDITS,v 1.74 2003/09/07 02:34:54 dtucker Exp $

2377
crypto/openssh/ChangeLog
View File

File diff suppressed because it is too large Load Diff

31
crypto/openssh/INSTALL
View File

@ -3,7 +3,7 @@
You will need working installations of Zlib and OpenSSL.
Zlib:
Zlib 1.1.4 or greater:
http://www.gzip.org/zlib/
OpenSSL 0.9.6 or greater:
@ -33,7 +33,7 @@ http://www.gnome.org/
Alternatively, Jim Knoble <jmknoble@jmknoble.cx> has written an excellent X11
passphrase requester. This is maintained separately at:
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
http://www.jmknoble.net/software/x11-ssh-askpass/
PRNGD:
@ -101,11 +101,8 @@ name).
There are a few other options to the configure script:
--with-pam enables PAM support.
--enable-gnome-askpass will build the GNOME passphrase dialog. You
need a working installation of GNOME, including the development
headers, for this to work.
--with-pam enables PAM support. If PAM support is compiled in, it must
also be enabled in sshd_config (refer to the UsePAM directive).
--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
support and to specify a PRNGd socket. Use this if your Unix lacks
@ -123,19 +120,9 @@ it if lastlog is installed in a different place.
--without-lastlog will disable lastlog support entirely.
--with-sia, --without-sia will enable or disable OSF1's Security
--with-osfsia, --without-osfsia will enable or disable OSF1's Security
Integration Architecture. The default for OSF1 machines is enable.
--with-kerberos4=PATH will enable Kerberos IV support. You will need
to have the Kerberos libraries and header files installed for this
to work. Use the optional PATH argument to specify the root of your
Kerberos installation.
--with-afs=PATH will enable AFS support. You will need to have the
Kerberos IV and the AFS libraries and header files installed for this
to work. Use the optional PATH argument to specify the root of your
AFS installation. AFS requires Kerberos support to be enabled.
--with-skey=PATH will enable S/Key one time password support. You will
need the S/Key libraries and header files installed for this to work.
@ -161,12 +148,6 @@ created.
--with-xauth=PATH specifies the location of the xauth binary
--with-ipv4-default instructs OpenSSH to use IPv4 by default for new
connections. Normally OpenSSH will try attempt to lookup both IPv6 and
IPv4 addresses. On Linux/glibc-2.1.2 this causes long delays in name
resolution. If this option is specified, you can still attempt to
connect to IPv6 addresses using the command line option '-6'.
--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
are installed.
@ -217,4 +198,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.55 2002/07/25 04:36:25 djm Exp $
$Id: INSTALL,v 1.56.2.4 2003/09/23 09:24:21 djm Exp $

94
crypto/openssh/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.228 2003/03/21 00:34:34 mouring Exp $
# $Id: Makefile.in,v 1.249.2.1 2003/09/22 01:00:12 dtucker Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -46,6 +46,7 @@ LIBS=@LIBS@
LIBPAM=@LIBPAM@
LIBWRAP=@LIBWRAP@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
INSTALL=@INSTALL@
PERL=@PERL@
@ -61,13 +62,14 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \
cipher.o compat.o compress.o crc32.o deattack.o fatal.o \
hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \
rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
cipher.o cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \
compat.o compress.o crc32.o deattack.o fatal.o \
hostfile.o log.o match.o moduli.o mpaux.o nchan.o packet.o \
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
key.o dispatch.o kex.o mac.o uuencode.o misc.o \
rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
kexdhc.o kexgexc.o scard.o msg.o progressmeter.o \
entropy.o
kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
entropy.o scard-opensc.o gss-genr.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o
@ -80,8 +82,9 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
kexdhs.o kexgexs.o \
auth-krb5.o auth-krb4.o \
loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-sia.o md5crypt.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@ -109,11 +112,11 @@ PATHSUBS = \
FIXPATHSCMD = $(SED) $(PATHSUBS)
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
all: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
$(LIBSSH_OBJS): config.h
$(SSHOBJS): config.h
$(SSHDOBJS): config.h
$(LIBSSH_OBJS): Makefile.in config.h
$(SSHOBJS): Makefile.in config.h
$(SSHDOBJS): Makefile.in config.h
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
@ -171,7 +174,7 @@ $(MANPAGES): $(MANPAGES_IN)
manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
fi; \
if test "$(MANTYPE)" = "man"; then \
$(FIXPATHSCMD) $${manpage} | $(PERL) $(srcdir)/mdoc2man.pl > $@; \
$(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
else \
$(FIXPATHSCMD) $${manpage} > $@; \
fi
@ -180,12 +183,21 @@ $(CONFIGFILES): $(CONFIGFILES_IN)
conffile=`echo $@ | sed 's/.out$$//'`; \
$(FIXPATHSCMD) $(srcdir)/$${conffile} > $@
clean:
ssh_prng_cmds.out: ssh_prng_cmds
if test ! -z "$(INSTALL_SSH_PRNG_CMDS)"; then \
$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
fi
# fake rule to stop make trying to compile moduli.o into a binary "modulo"
moduli:
echo
clean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
(cd openbsd-compat && $(MAKE) clean)
distclean:
distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
rm -f Makefile config.h config.status ssh_prng_cmds *~
@ -193,15 +205,12 @@ distclean:
(cd openbsd-compat && $(MAKE) distclean)
(cd scard && $(MAKE) distclean)
veryclean:
veryclean: distclean
rm -f configure config.h.in *.0
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
rm -f Makefile config.h config.status ssh_prng_cmds *~
(cd openbsd-compat && $(MAKE) distclean)
(cd scard && $(MAKE) distclean)
mrproper: distclean
mrproper: veryclean
realclean: veryclean
catman-do:
@for f in $(MANPAGES_IN) ; do \
@ -215,8 +224,8 @@ distprep: catman-do
$(AUTORECONF)
(cd scard && $(MAKE) -f Makefile.in distprep)
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-config
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config
install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
check-config:
-$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
@ -280,7 +289,6 @@ install-files: scard-install
echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
fi
@if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
else \
@ -359,3 +367,39 @@ uninstall:
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
tests: $(TARGETS)
BUILDDIR=`pwd`; \
[ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \
[ -f `pwd`/regress/Makefile ] || \
ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
cd $(srcdir)/regress || exit $$?; \
$(MAKE) \
.OBJDIR="$${BUILDDIR}/regress" \
.CURDIR="`pwd`" \
BUILDDIR="$${BUILDDIR}" \
OBJ="$${BUILDDIR}/regress/" \
PATH="$${BUILDDIR}:$${PATH}" \
TEST_SSH_SSH="$${TEST_SSH_SSH}" \
TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \
TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \
TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
EXEEXT="$(EXEEXT)" \
$@
regressclean:
if [ -f regress/Makefile -a -r regress/Makefile ]; then \
(cd regress && $(MAKE) clean) \
fi

52
crypto/openssh/README.dns Normal file
View File

@ -0,0 +1,52 @@
How to verify host keys using OpenSSH and DNS
---------------------------------------------
OpenSSH contains experimental support for verifying host keys using DNS
as described in draft-ietf-secsh-dns-xx.txt. The document contains
very brief instructions on how to test this feature. Configuring DNS
and DNSSEC is out of the scope of this document.
(1) Enable DNS fingerprint support in OpenSSH
configure --with-dns
(2) Generate and publish the DNS RR
To create a DNS resource record (RR) containing a fingerprint of the
public host key, use the following command:
ssh-keygen -r hostname -f keyfile -g
where "hostname" is your fully qualified hostname and "keyfile" is the
file containing the public host key file. If you have multiple keys,
you should generate one RR for each key.
In the example above, ssh-keygen will print the fingerprint in a
generic DNS RR format parsable by most modern name server
implementations. If your nameserver has support for the SSHFP RR, as
defined by the draft, you can omit the -g flag and ssh-keygen will
print a standard RR.
To publish the fingerprint using the DNS you must add the generated RR
to your DNS zone file and sign your zone.
(3) Enable the ssh client to verify host keys using DNS
To enable the ssh client to verify host keys using DNS, you have to
add the following option to the ssh configuration file
($HOME/.ssh/config or /etc/ssh/ssh_config):
VerifyHostKeyDNS yes
Upon connection the client will try to look up the fingerprint RR
using DNS. If the fingerprint received from the DNS server matches
the remote host key, the user will be notified.
Jakob Schlyter
Wesley Griffin
$OpenBSD: README.dns,v 1.1 2003/05/14 18:16:20 jakob Exp $

5
crypto/openssh/README.privsep
View File

@ -40,8 +40,7 @@ Compression will be disabled on systems without a working mmap MAP_ANON.
PAM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
configuration. PAMAuthenticationViaKbdInt does not function with
privsep.
configuration.
On Compaq Tru64 Unix, only the pre-authentication part of privsep is
supported. Post-authentication privsep is disabled automatically (so
@ -62,4 +61,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
$Id: README.privsep,v 1.11 2003/03/21 01:18:09 mouring Exp $
$Id: README.privsep,v 1.12 2003/08/26 00:48:15 djm Exp $

90
crypto/openssh/README.smartcard
View File

@ -1,54 +1,36 @@
How to use smartcards with OpenSSH?
OpenSSH contains experimental support for authentication using Cyberflex
smartcards and TODOS card readers, in addition to the cards with PKCS#15
structure supported by OpenSC.
OpenSSH contains experimental support for authentication using
Cyberflex smartcards and TODOS card readers, in addition to the cards
with PKCS#15 structure supported by OpenSC. To enable this you
need to:
WARNING: Smartcard support is still in development.
Keyfile formats, etc are still subject to change.
Using libsectok:
To enable sectok support:
(1) enable sectok support in OpenSSH:
(1) install sectok:
$ ./configure --with-sectok
Sources and instructions are available from
http://www.citi.umich.edu/projects/smartcard/sectok.html
(2) If you have used a previous version of ssh with your card, you
must remove the old applet and keys.
(2) enable sectok support in OpenSSH:
$ sectok
sectok> login -d
sectok> junload Ssh.bin
sectok> delete 0012
sectok> delete sh
sectok> quit
$ ./configure --with-sectok[=/path/to/libsectok] [options]
(3) load the Java Cardlet to the Cyberflex card:
(3) load the Java Cardlet to the Cyberflex card and set card passphrase:
$ sectok
sectok> login -d
sectok> jload /usr/libdata/ssh/Ssh.bin
sectok> quit
(4) load a RSA key to the card:
Please don't use your production RSA keys, since
with the current version of sectok/ssh-keygen
the private key file is still readable.
$ ssh-keygen -f /path/to/rsakey -U <readernum, eg. 0>
In spite of the name, this does not generate a key.
It just loads an already existing key on to the card.
(5) optional:
Change the card password so that only you can
read the private key:
$ sectok
sectok> login -d
sectok> setpass
Enter new AUT0 passphrase:
Re-enter passphrase:
sectok> quit
This prevents reading the key but not use of the
key by the card applet.
Do not forget the passphrase. There is no way to
recover if you do.
@ -56,7 +38,29 @@ To enable sectok support:
wrong passphrase three times in a row, you will
destroy your card.
To enable OpenSC support:
(4) load a RSA key to the card:
$ ssh-keygen -f /path/to/rsakey -U 1
(where 1 is the reader number, you can also try 0)
In spite of the name, this does not generate a key.
It just loads an already existing key on to the card.
(5) Optional: If you don't want to use a card passphrase, change the
acl on the private key file:
$ sectok
sectok> login -d
sectok> acl 0012 world: w
world: w
AUT0: w inval
sectok> quit
If you do this, anyone who has access to your card
can assume your identity. This is not recommended.
Using OpenSC:
(1) install OpenSC:
@ -71,15 +75,19 @@ To enable OpenSC support:
Not supported yet.
Common smartcard options:
Common operations:
(1) tell the ssh client to use the card reader:
$ ssh -I <readernum, eg. 0> otherhost
$ ssh -I 1 otherhost
(2) or tell the agent (don't forget to restart) to use the smartcard:
$ ssh-add -s <readernum, eg. 0>
$ ssh-add -s 1
-markus,
Sat Apr 13 13:48:10 EEST 2002
Tue Jul 17 23:54:51 CEST 2001
$OpenBSD: README.smartcard,v 1.8 2002/03/26 18:56:23 rees Exp $

80
crypto/openssh/TODO
View File

@ -1,4 +1,19 @@
Documentation:
- Update the docs
- Update README
- Update INSTALL
- Merge INSTALL & README.privsep
- Install FAQ?
- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
would be best to use them.
- Create a Documentation/ directory?
Programming:
- Grep for 'XXX' comments and fix
- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
@ -21,8 +36,9 @@ Programming:
and maybe support alternate forms of authentications like OPIE via
pam?
- Rework PAM ChallengeResponseAuthentication
- Use kbdint request packet with 0 prompts for informational messages
- Improve PAM ChallengeResponseAuthentication
- Informational messages
- chauthtok
- Use different PAM service name for kbdint vs regular auth (suggest from
Solar Designer)
- Ability to select which ChallengeResponseAuthentications may be used
@ -35,70 +51,17 @@ Programming:
- Finish integrating kernel-level auditing code for IRIX and SOLARIS
(Gilbert.r.loomis@saic.com)
- sftp-server: Rework to step down to 32bit ints if the platform
lacks 'long long' == 64bit (Notable SCO w/ SCO compiler)
- Linux hangs for 20 seconds when you do "sleep 20&exit". All current
solutions break scp or leaves processes hanging around after the ssh
connection has ended. It seems to be linked to two things. One
select() under Linux is not as nice as others, and two the children
of the shell are not killed on exiting the shell.
A short run-down of what happens:
- The shell starts up, and starts its own session. As a side-effect, it
gets its own process group.
- The child forks off sleep, and because it's in the background, puts it
into its own process group. The sleep command inherits a copy of the
shell's descriptor for the tty as its stdout.
- The shell exits, but doesn't SIGHUP all of its child PIDs like it probably
should(?)
- The sshd server attempts to read from the master side of the pty, and
while there are still process with the pty open, no EOF is produced.
- The sleep command exits, closes its descriptor, sshd detects the EOF, and
the connection gets closed.
Ways we've tried fixing this in sshd, and why they didn't work out:
- SIGHUP the sshd's process group.
- The shell is in its own process group.
- Track process group IDs of all children before we reap them (via an extra
field in Session structures which holds the pgid for each child pid), and
SIGHUP the pgid when we reap.
- Background commands are in yet another process group.
- Close the connection when the child dies.
- Background commands may need to write data to the connection. Also
prematurely truncates output from some commands (scp server, the
famous "dd if=/dev/zero bs=1000 count=100" case).
Known workarounds:
- bash: shopt huponexit on
- tcsh: none
- zsh: setopt HUP (usually the default setting)
(taken from email from Jason Stone to openssh-unix-dev, 5 May 2001)
- pdksh: ?
This appears to affect NetKit rsh under Linux as well: it behaves the same
with 'sleep 20 & exit'.
- Build an automated test suite
- 64-bit builds on HP-UX 11.X (stevesk@pobox.com):
- utmp/wtmp get corrupted (something in loginrec?)
- can't build with PAM (no 64-bit libpam yet)
Documentation:
- More and better
- Install FAQ?
- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
would be best to use them.
- Create a Documentation/ directory?
Clean up configure/makefiles:
- Clean up configure.ac - There are a few double #defined variables
left to do. HAVE_LOGIN is one of them. Consider NOT looking for
information in wtmpx or utmpx or any of that stuff if it's not detected
from the start
- Fails to compile when cross compile.
(vinschen@redhat.com)
- Fails to compile when cross compile. (vinschen@redhat.com)
- Replace the whole u_intXX_t evilness in acconfig.h with something better???
- Do it in configure.ac
@ -118,7 +81,6 @@ Packaging:
- HP-UX: Provide DEPOT package scripts.
(gilbert.r.loomis@saic.com)
PrivSep Issues:
- mmap() issues.
+ /dev/zero solution (Solaris)
@ -127,11 +89,11 @@ PrivSep Issues:
- PAM
+ See above PAM notes
- AIX
+ usrinfo() does not set TTY, but only required for legicy systems. Works
+ usrinfo() does not set TTY, but only required for legacy systems. Works
with PrivSep.
- OSF
+ SIA is broken
- Cygwin
+ Privsep for Pre-auth only (no fd passing)
$Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $
$Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $

6
crypto/openssh/atomicio.c
View File

@ -24,16 +24,16 @@
*/
#include "includes.h"
RCSID("$OpenBSD: atomicio.c,v 1.10 2001/05/08 22:48:07 markus Exp $");
RCSID("$OpenBSD: atomicio.c,v 1.12 2003/07/31 15:50:16 avsm Exp $");
#include "atomicio.h"
/*
* ensure all of data on socket comes through. f==read || f==write
* ensure all of data on socket comes through. f==read || f==vwrite
*/
ssize_t
atomicio(f, fd, _s, n)
ssize_t (*f) ();
ssize_t (*f) (int, void *, size_t);
int fd;
void *_s;
size_t n;

8
crypto/openssh/atomicio.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: atomicio.h,v 1.4 2001/06/26 06:32:46 itojun Exp $ */
/* $OpenBSD: atomicio.h,v 1.5 2003/06/28 16:23:06 deraadt Exp $ */
/*
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
@ -26,6 +26,8 @@
*/
/*
* Ensure all of data on socket comes through. f==read || f==write
* Ensure all of data on socket comes through. f==read || f==vwrite
*/
ssize_t atomicio(ssize_t (*)(), int, void *, size_t);
ssize_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
#define vwrite (ssize_t (*)(int, void *, size_t))write

8
crypto/openssh/auth-options.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $");
RCSID("$OpenBSD: auth-options.c,v 1.28 2003/06/02 09:17:34 markus Exp $");
#include "xmalloc.h"
#include "match.h"
@ -173,7 +173,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
const char *remote_ip = get_remote_ipaddr();
const char *remote_host = get_canonical_hostname(
options.verify_reverse_mapping);
options.use_dns);
char *patterns = xmalloc(strlen(opts) + 1);
opts += strlen(cp);
@ -201,7 +201,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
if (match_host_and_ip(remote_host, remote_ip,
patterns) != 1) {
xfree(patterns);
log("Authentication tried for %.100s with "
logit("Authentication tried for %.100s with "
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
pw->pw_name, remote_host, remote_ip);
@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
return 1;
bad_option:
log("Bad options in %.100s file, line %lu: %.50s",
logit("Bad options in %.100s file, line %lu: %.50s",
file, linenum, opts);
auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
file, linenum, opts);

13
crypto/openssh/auth-rhosts.c
View File

@ -14,7 +14,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-rhosts.c,v 1.28 2002/05/13 21:26:49 markus Exp $");
RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $");
#include "packet.h"
#include "uidswap.h"
@ -68,7 +68,8 @@ check_rhosts_file(const char *filename, const char *hostname,
* This should be safe because each buffer is as big as the
* whole string, and thus cannot be overwritten.
*/
switch (sscanf(buf, "%s %s %s", hostbuf, userbuf, dummy)) {
switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf,
dummy)) {
case 0:
auth_debug_add("Found empty line in %.100s.", filename);
continue;
@ -155,7 +156,7 @@ auth_rhosts(struct passwd *pw, const char *client_user)
{
const char *hostname, *ipaddr;
hostname = get_canonical_hostname(options.verify_reverse_mapping);
hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
return auth_rhosts2(pw, client_user, hostname, ipaddr);
}
@ -220,7 +221,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
* not group or world writable.
*/
if (stat(pw->pw_dir, &st) < 0) {
log("Rhosts authentication refused for %.100s: "
logit("Rhosts authentication refused for %.100s: "
"no home directory %.200s", pw->pw_name, pw->pw_dir);
auth_debug_add("Rhosts authentication refused for %.100s: "
"no home directory %.200s", pw->pw_name, pw->pw_dir);
@ -229,7 +230,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
log("Rhosts authentication refused for %.100s: "
logit("Rhosts authentication refused for %.100s: "
"bad ownership or modes for home directory.", pw->pw_name);
auth_debug_add("Rhosts authentication refused for %.100s: "
"bad ownership or modes for home directory.", pw->pw_name);
@ -256,7 +257,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
log("Rhosts authentication refused for %.100s: bad modes for %.200s",
logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
pw->pw_name, buf);
auth_debug_add("Bad file modes for %.200s", buf);
continue;

27
crypto/openssh/auth-sia.c
View File

@ -52,26 +52,27 @@ auth_sia_password(Authctxt *authctxt, char *pass)
SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname(options.verify_reverse_mapping);
host = get_canonical_hostname(options.use_dns);
if (!authctxt->user || !pass || pass[0] == '\0')
return(0);
if (!authctxt->user || pass == NULL || pass[0] == '\0')
return (0);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
NULL, 0, NULL) != SIASUCCESS)
return(0);
return (0);
if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
error("Couldn't authenticate %s from %s", authctxt->user,
host);
error("Couldn't authenticate %s from %s",
authctxt->user, host);
if (ret & SIASTOP)
sia_ses_release(&ent);
return(0);
return (0);
}
sia_ses_release(&ent);
return(1);
return (1);
}
void
@ -80,10 +81,10 @@ session_setup_sia(struct passwd *pw, char *tty)
SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname(options.verify_reverse_mapping);
host = get_canonical_hostname(options.use_dns);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty,
0, NULL) != SIASUCCESS)
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
tty, 0, NULL) != SIASUCCESS)
fatal("sia_ses_init failed");
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
@ -97,8 +98,8 @@ session_setup_sia(struct passwd *pw, char *tty)
pw->pw_name, host);
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
fatal("Couldn't launch session for %s from %s", pw->pw_name,
host);
fatal("Couldn't launch session for %s from %s",
pw->pw_name, host);
sia_ses_release(&ent);

4
crypto/openssh/auth-sia.h
View File

@ -26,7 +26,7 @@
#ifdef HAVE_OSF_SIA
int auth_sia_password(Authctxt *authctxt, char *pass);
void session_setup_sia(struct passwd *pw, char *tty);
int auth_sia_password(Authctxt *, char *);
void session_setup_sia(struct passwd *, char *);
#endif /* HAVE_OSF_SIA */

247
crypto/openssh/auth2-gss.c Normal file
View File

@ -0,0 +1,247 @@
/* $OpenBSD: auth2-gss.c,v 1.3 2003/09/01 20:44:54 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifdef GSSAPI
#include "auth.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "log.h"
#include "dispatch.h"
#include "servconf.h"
#include "compat.h"
#include "packet.h"
#include "monitor_wrap.h"
#include "ssh-gss.h"
extern ServerOptions options;
static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
static void input_gssapi_errtok(int, u_int32_t, void *);
/*
* We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like
*/
static int
userauth_gssapi(Authctxt *authctxt)
{
gss_OID_desc oid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
gss_OID_set supported;
int present;
OM_uint32 ms;
u_int len;
char *doid = NULL;
if (!authctxt->valid || authctxt->user == NULL)
return (0);
mechs = packet_get_int();
if (mechs == 0) {
debug("Mechanism negotiation is not supported");
return (0);
}
ssh_gssapi_supported_oids(&supported);
do {
mechs--;
if (doid)
xfree(doid);
doid = packet_get_string(&len);
if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) {
logit("Mechanism OID received using the old encoding form");
oid.elements = doid;
oid.length = len;
} else {
oid.elements = doid + 2;
oid.length = len - 2;
}
gss_test_oid_set_member(&ms, &oid, supported, &present);
} while (mechs > 0 && !present);
gss_release_oid_set(&ms, &supported);
if (!present) {
xfree(doid);
return (0);
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) {
xfree(doid);
return (0);
}
authctxt->methoddata=(void *)ctxt;
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
/* Return OID in same format as we received it*/
packet_put_string(doid, len);
packet_send();
xfree(doid);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
authctxt->postponed = 1;
return (0);
}
static void
input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok;
OM_uint32 maj_status, min_status;
u_int len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
recv_tok.value = packet_get_string(&len);
recv_tok.length = len; /* u_int vs. size_t */
packet_check_eom();
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
xfree(recv_tok.value);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
userauth_finish(authctxt, 0, "gssapi");
} else {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
if (maj_status == GSS_S_COMPLETE) {
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
&input_gssapi_exchange_complete);
}
}
gss_release_buffer(&min_status, &send_tok);
}
static void
input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok;
OM_uint32 maj_status;
u_int len;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
recv_tok.value = packet_get_string(&len);
recv_tok.length = len;
packet_check_eom();
/* Push the error token into GSSAPI to see what it says */
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
xfree(recv_tok.value);
/* We can't return anything to the client, even if we wanted to */
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
/* The client will have already moved on to the next auth */
gss_release_buffer(&maj_status, &send_tok);
}
/*
* This is called when the client thinks we've completed authentication.
* It should only be enabled in the dispatch handler by the function above,
* which only enables it once the GSSAPI exchange is complete.
*/
static void
input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
int authenticated;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
gssctxt = authctxt->methoddata;
/*
* We don't need to check the status, because the stored credentials
* which userok uses are only populated once the context init step
* has returned complete.
*/
packet_check_eom();
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
userauth_finish(authctxt, authenticated, "gssapi");
}
Authmethod method_gssapi = {
"gssapi",
userauth_gssapi,
&options.gss_authentication
};
#endif /* GSSAPI */

10
crypto/openssh/auth2-hostbased.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-hostbased.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
RCSID("$OpenBSD: auth2-hostbased.c,v 1.5 2003/06/24 08:23:46 markus Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@ -42,7 +42,7 @@ RCSID("$OpenBSD: auth2-hostbased.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
/* import */
extern ServerOptions options;
extern u_char *session_id2;
extern int session_id2_len;
extern u_int session_id2_len;
static int
userauth_hostbased(Authctxt *authctxt)
@ -77,7 +77,7 @@ userauth_hostbased(Authctxt *authctxt)
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
log("userauth_hostbased: unsupported "
logit("userauth_hostbased: unsupported "
"public key algorithm: %s", pkalg);
goto done;
}
@ -136,7 +136,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
HostStatus host_status;
int len;
resolvedname = get_canonical_hostname(options.verify_reverse_mapping);
resolvedname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
@ -152,7 +152,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
chost[len - 1] = '\0';
}
if (strcasecmp(resolvedname, chost) != 0)
log("userauth_hostbased mismatch: "
logit("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s",
chost, ipaddr, resolvedname);
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)

6
crypto/openssh/auth2-none.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-none.c,v 1.4 2002/06/27 10:35:47 deraadt Exp $");
RCSID("$OpenBSD: auth2-none.c,v 1.6 2003/08/26 09:58:43 markus Exp $");
#include "auth.h"
#include "xmalloc.h"
@ -100,7 +100,9 @@ userauth_none(Authctxt *authctxt)
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);
if (options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);
}
Authmethod method_none = {

10
crypto/openssh/auth2-passwd.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-passwd.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
@ -44,14 +44,14 @@ userauth_passwd(Authctxt *authctxt)
u_int len;
change = packet_get_char();
if (change)
log("password change not supported");
logit("password change not supported");
password = packet_get_string(&len);
packet_check_eom();
if (authctxt->valid &&
if (PRIVSEP(auth_password(authctxt, password)) == 1
#ifdef HAVE_CYGWIN
check_nt_auth(1, authctxt->pw) &&
&& check_nt_auth(1, authctxt->pw)
#endif
PRIVSEP(auth_password(authctxt, password)) == 1)
)
authenticated = 1;
memset(password, 0, len);
xfree(password);

8
crypto/openssh/auth2-pubkey.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-pubkey.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@ -44,7 +44,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
/* import */
extern ServerOptions options;
extern u_char *session_id2;
extern int session_id2_len;
extern u_int session_id2_len;
static int
userauth_pubkey(Authctxt *authctxt)
@ -78,7 +78,7 @@ userauth_pubkey(Authctxt *authctxt)
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
log("userauth_pubkey: unsupported public key algorithm: %s",
logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
@ -199,7 +199,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
if (options.strict_modes &&
secure_filename(f, file, pw, line, sizeof(line)) != 0) {
fclose(f);
log("Authentication refused: %s", line);
logit("Authentication refused: %s", line);
restore_uid();
return 0;
}

6
crypto/openssh/authfd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */
/* $OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -49,6 +49,7 @@
/* add key with constraints */
#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
#define SSH_AGENT_CONSTRAIN_CONFIRM 2
@ -82,7 +83,8 @@ int ssh_add_identity_constrained(AuthenticationConnection *, Key *,
int ssh_remove_identity(AuthenticationConnection *, Key *);
int ssh_remove_all_identities(AuthenticationConnection *, int);
int ssh_lock_agent(AuthenticationConnection *, int, const char *);
int ssh_update_card(AuthenticationConnection *, int, const char *, const char *);
int ssh_update_card(AuthenticationConnection *, int, const char *,
const char *, u_int, u_int);
int
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],

2
crypto/openssh/bufaux.h
View File

@ -29,10 +29,8 @@ void buffer_put_short(Buffer *, u_short);
u_int buffer_get_int(Buffer *);
void buffer_put_int(Buffer *, u_int);
#ifdef HAVE_U_INT64_T
u_int64_t buffer_get_int64(Buffer *);
void buffer_put_int64(Buffer *, u_int64_t);
#endif
int buffer_get_char(Buffer *);
void buffer_put_char(Buffer *, int);

3
crypto/openssh/buffer.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $");
RCSID("$OpenBSD: buffer.c,v 1.19 2003/09/18 07:54:48 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@ -39,6 +39,7 @@ buffer_free(Buffer *buffer)
{
if (buffer->alloc > 0) {
memset(buffer->buf, 0, buffer->alloc);
buffer->alloc = 0;
xfree(buffer->buf);
}
}

175
crypto/openssh/cipher-3des1.c Normal file
View File

@ -0,0 +1,175 @@
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-3des1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
#include <openssl/evp.h>
#include "xmalloc.h"
#include "log.h"
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
/*
* This is used by SSH1:
*
* What kind of triple DES are these 2 routines?
*
* Why is there a redundant initialization vector?
*
* If only iv3 was used, then, this would till effect have been
* outer-cbc. However, there is also a private iv1 == iv2 which
* perhaps makes differential analysis easier. On the other hand, the
* private iv1 probably makes the CRC-32 attack ineffective. This is a
* result of that there is no longer any known iv1 to use when
* choosing the X block.
*/
struct ssh1_3des_ctx
{
EVP_CIPHER_CTX k1, k2, k3;
};
const EVP_CIPHER * evp_ssh1_3des(void);
void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
static int
ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
int enc)
{
struct ssh1_3des_ctx *c;
u_char *k1, *k2, *k3;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
c = xmalloc(sizeof(*c));
EVP_CIPHER_CTX_set_app_data(ctx, c);
}
if (key == NULL)
return (1);
if (enc == -1)
enc = ctx->encrypt;
k1 = k2 = k3 = (u_char *) key;
k2 += 8;
if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
if (enc)
k3 += 16;
else
k1 += 16;
}
EVP_CIPHER_CTX_init(&c->k1);
EVP_CIPHER_CTX_init(&c->k2);
EVP_CIPHER_CTX_init(&c->k3);
#ifdef SSH_OLD_EVP
EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc);
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc);
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc);
#else
if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
memset(c, 0, sizeof(*c));
xfree(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
return (0);
}
#endif
return (1);
}
static int
ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
{
struct ssh1_3des_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
error("ssh1_3des_cbc: no context");
return (0);
}
#ifdef SSH_OLD_EVP
EVP_Cipher(&c->k1, dest, (u_char *)src, len);
EVP_Cipher(&c->k2, dest, dest, len);
EVP_Cipher(&c->k3, dest, dest, len);
#else
if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
EVP_Cipher(&c->k3, dest, dest, len) == 0)
return (0);
#endif
return (1);
}
static int
ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
{
struct ssh1_3des_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
memset(c, 0, sizeof(*c));
xfree(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
return (1);
}
void
ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len)
{
struct ssh1_3des_ctx *c;
if (len != 24)
fatal("%s: bad 3des iv length: %d", __func__, len);
if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
fatal("%s: no 3des context", __func__);
if (doset) {
debug3("%s: Installed 3DES IV", __func__);
memcpy(c->k1.iv, iv, 8);
memcpy(c->k2.iv, iv + 8, 8);
memcpy(c->k3.iv, iv + 16, 8);
} else {
debug3("%s: Copying 3DES IV", __func__);
memcpy(iv, c->k1.iv, 8);
memcpy(iv + 8, c->k2.iv, 8);
memcpy(iv + 16, c->k3.iv, 8);
}
}
const EVP_CIPHER *
evp_ssh1_3des(void)
{
static EVP_CIPHER ssh1_3des;
memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
ssh1_3des.nid = NID_undef;
ssh1_3des.block_size = 8;
ssh1_3des.iv_len = 0;
ssh1_3des.key_len = 16;
ssh1_3des.init = ssh1_3des_init;
ssh1_3des.cleanup = ssh1_3des_cleanup;
ssh1_3des.do_cipher = ssh1_3des_cbc;
#ifndef SSH_OLD_EVP
ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
#endif
return (&ssh1_3des);
}

160
crypto/openssh/cipher-aes.c Normal file
View File

@ -0,0 +1,160 @@
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#if OPENSSL_VERSION_NUMBER < 0x00907000L
RCSID("$OpenBSD: cipher-aes.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
#include <openssl/evp.h>
#include "rijndael.h"
#include "xmalloc.h"
#include "log.h"
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
#define RIJNDAEL_BLOCKSIZE 16
struct ssh_rijndael_ctx
{
rijndael_ctx r_ctx;
u_char r_iv[RIJNDAEL_BLOCKSIZE];
};
const EVP_CIPHER * evp_rijndael(void);
void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
static int
ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
int enc)
{
struct ssh_rijndael_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
c = xmalloc(sizeof(*c));
EVP_CIPHER_CTX_set_app_data(ctx, c);
}
if (key != NULL) {
if (enc == -1)
enc = ctx->encrypt;
rijndael_set_key(&c->r_ctx, (u_char *)key,
8*EVP_CIPHER_CTX_key_length(ctx), enc);
}
if (iv != NULL)
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
return (1);
}
static int
ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
u_int len)
{
struct ssh_rijndael_ctx *c;
u_char buf[RIJNDAEL_BLOCKSIZE];
u_char *cprev, *cnow, *plain, *ivp;
int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
if (len == 0)
return (1);
if (len % RIJNDAEL_BLOCKSIZE)
fatal("ssh_rijndael_cbc: bad len %d", len);
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
error("ssh_rijndael_cbc: no context");
return (0);
}
if (ctx->encrypt) {
cnow = dest;
plain = (u_char *)src;
cprev = c->r_iv;
for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE,
cnow+=RIJNDAEL_BLOCKSIZE) {
for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
buf[j] = plain[j] ^ cprev[j];
rijndael_encrypt(&c->r_ctx, buf, cnow);
cprev = cnow;
}
memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE);
} else {
cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE);
plain = dest+len-RIJNDAEL_BLOCKSIZE;
memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE);
for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE,
plain-=RIJNDAEL_BLOCKSIZE) {
rijndael_decrypt(&c->r_ctx, cnow, plain);
ivp = (i == 1) ? c->r_iv : cnow-RIJNDAEL_BLOCKSIZE;
for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
plain[j] ^= ivp[j];
}
memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE);
}
return (1);
}
static int
ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
{
struct ssh_rijndael_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
memset(c, 0, sizeof(*c));
xfree(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
return (1);
}
void
ssh_rijndael_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
{
struct ssh_rijndael_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
fatal("ssh_rijndael_iv: no context");
if (doset)
memcpy(c->r_iv, iv, len);
else
memcpy(iv, c->r_iv, len);
}
const EVP_CIPHER *
evp_rijndael(void)
{
static EVP_CIPHER rijndal_cbc;
memset(&rijndal_cbc, 0, sizeof(EVP_CIPHER));
rijndal_cbc.nid = NID_undef;
rijndal_cbc.block_size = RIJNDAEL_BLOCKSIZE;
rijndal_cbc.iv_len = RIJNDAEL_BLOCKSIZE;
rijndal_cbc.key_len = 16;
rijndal_cbc.init = ssh_rijndael_init;
rijndal_cbc.cleanup = ssh_rijndael_cleanup;
rijndal_cbc.do_cipher = ssh_rijndael_cbc;
#ifndef SSH_OLD_EVP
rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
#endif
return (&rijndal_cbc);
}
#endif /* OPENSSL_VERSION_NUMBER */

102
crypto/openssh/cipher-bf1.c Normal file
View File

@ -0,0 +1,102 @@
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
#include <openssl/evp.h>
#include "xmalloc.h"
#include "log.h"
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
/*
* SSH1 uses a variation on Blowfish, all bytes must be swapped before
* and after encryption/decryption. Thus the swap_bytes stuff (yuk).
*/
const EVP_CIPHER * evp_ssh1_bf(void);
static void
swap_bytes(const u_char *src, u_char *dst, int n)
{
u_char c[4];
/* Process 4 bytes every lap. */
for (n = n / 4; n > 0; n--) {
c[3] = *src++;
c[2] = *src++;
c[1] = *src++;
c[0] = *src++;
*dst++ = c[0];
*dst++ = c[1];
*dst++ = c[2];
*dst++ = c[3];
}
}
#ifdef SSH_OLD_EVP
static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
if (iv != NULL)
memcpy (&(ctx->oiv[0]), iv, 8);
memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8);
if (key != NULL)
BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx),
key);
}
#endif
static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
static int
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
{
int ret;
swap_bytes(in, out, len);
ret = (*orig_bf)(ctx, out, out, len);
swap_bytes(out, out, len);
return (ret);
}
const EVP_CIPHER *
evp_ssh1_bf(void)
{
static EVP_CIPHER ssh1_bf;
memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
orig_bf = ssh1_bf.do_cipher;
ssh1_bf.nid = NID_undef;
#ifdef SSH_OLD_EVP
ssh1_bf.init = bf_ssh1_init;
#endif
ssh1_bf.do_cipher = bf_ssh1_cipher;
ssh1_bf.key_len = 32;
return (&ssh1_bf);
}

147
crypto/openssh/cipher-ctr.c Normal file
View File

@ -0,0 +1,147 @@
/*
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $");
#include <openssl/evp.h>
#include "log.h"
#include "xmalloc.h"
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
#if OPENSSL_VERSION_NUMBER < 0x00907000L
#include "rijndael.h"
#define AES_KEY rijndael_ctx
#define AES_BLOCK_SIZE 16
#define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
#define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
#else
#include <openssl/aes.h>
#endif
const EVP_CIPHER *evp_aes_128_ctr(void);
void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
struct ssh_aes_ctr_ctx
{
AES_KEY aes_ctx;
u_char aes_counter[AES_BLOCK_SIZE];
};
/*
* increment counter 'ctr',
* the counter is of size 'len' bytes and stored in network-byte-order.
* (LSB at ctr[len-1], MSB at ctr[0])
*/
static void
ssh_ctr_inc(u_char *ctr, u_int len)
{
int i;
for (i = len - 1; i >= 0; i--)
if (++ctr[i]) /* continue on overflow */
return;
}
static int
ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
u_int len)
{
struct ssh_aes_ctr_ctx *c;
u_int n = 0;
u_char buf[AES_BLOCK_SIZE];
if (len == 0)
return (1);
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
return (0);
while ((len--) > 0) {
if (n == 0) {
AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
}
*(dest++) = *(src++) ^ buf[n];
n = (n + 1) % AES_BLOCK_SIZE;
}
return (1);
}
static int
ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
int enc)
{
struct ssh_aes_ctr_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
c = xmalloc(sizeof(*c));
EVP_CIPHER_CTX_set_app_data(ctx, c);
}
if (key != NULL)
AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
if (iv != NULL)
memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
return (1);
}
static int
ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
{
struct ssh_aes_ctr_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
memset(c, 0, sizeof(*c));
xfree(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
return (1);
}
void
ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
{
struct ssh_aes_ctr_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
fatal("ssh_aes_ctr_iv: no context");
if (doset)
memcpy(c->aes_counter, iv, len);
else
memcpy(iv, c->aes_counter, len);
}
const EVP_CIPHER *
evp_aes_128_ctr(void)
{
static EVP_CIPHER aes_ctr;
memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
aes_ctr.nid = NID_undef;
aes_ctr.block_size = AES_BLOCK_SIZE;
aes_ctr.iv_len = AES_BLOCK_SIZE;
aes_ctr.key_len = 16;
aes_ctr.init = ssh_aes_ctr_init;
aes_ctr.cleanup = ssh_aes_ctr_cleanup;
aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP
aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
#endif
return (&aes_ctr);
}

48
crypto/openssh/clientloop.c
View File

@ -59,7 +59,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.107 2003/04/01 10:22:21 markus Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.112 2003/06/28 16:23:06 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -395,9 +395,9 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
/* Flush stdout and stderr buffers. */
if (buffer_len(bout) > 0)
atomicio(write, fileno(stdout), buffer_ptr(bout), buffer_len(bout));
atomicio(vwrite, fileno(stdout), buffer_ptr(bout), buffer_len(bout));
if (buffer_len(berr) > 0)
atomicio(write, fileno(stderr), buffer_ptr(berr), buffer_len(berr));
atomicio(vwrite, fileno(stderr), buffer_ptr(berr), buffer_len(berr));
leave_raw_mode();
@ -490,13 +490,13 @@ process_cmdline(void)
if (*s == 0)
goto out;
if (strlen(s) < 2 || s[0] != '-' || !(s[1] == 'L' || s[1] == 'R')) {
log("Invalid command.");
logit("Invalid command.");
goto out;
}
if (s[1] == 'L')
local = 1;
if (!local && !compat20) {
log("Not supported for SSH protocol version 1.");
logit("Not supported for SSH protocol version 1.");
goto out;
}
s += 2;
@ -507,24 +507,24 @@ process_cmdline(void)
sfwd_port, buf, sfwd_host_port) != 3 &&
sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
sfwd_port, buf, sfwd_host_port) != 3) {
log("Bad forwarding specification.");
logit("Bad forwarding specification.");
goto out;
}
if ((fwd_port = a2port(sfwd_port)) == 0 ||
(fwd_host_port = a2port(sfwd_host_port)) == 0) {
log("Bad forwarding port(s).");
logit("Bad forwarding port(s).");
goto out;
}
if (local) {
if (channel_setup_local_fwd_listener(fwd_port, buf,
fwd_host_port, options.gateway_ports) < 0) {
log("Port forwarding failed.");
logit("Port forwarding failed.");
goto out;
}
} else
channel_request_remote_forwarding(fwd_port, buf,
fwd_host_port);
log("Forwarding port.");
logit("Forwarding port.");
out:
signal(SIGINT, handler);
enter_raw_mode();
@ -574,10 +574,23 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
/* We have been continued. */
continue;
case 'B':
if (compat20) {
snprintf(string, sizeof string,
"%cB\r\n", escape_char);
buffer_append(berr, string,
strlen(string));
channel_request_start(session_ident,
"break", 0);
packet_put_int(1000);
packet_send();
}
continue;
case 'R':
if (compat20) {
if (datafellows & SSH_BUG_NOREKEY)
log("Server does not support re-keying");
logit("Server does not support re-keying");
else
need_rekeying = 1;
}
@ -636,6 +649,7 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
"%c?\r\n\
Supported escape sequences:\r\n\
%c. - terminate connection\r\n\
%cB - send a BREAK to the remote system\r\n\
%cC - open a command line\r\n\
%cR - Request rekey (SSH protocol 2 only)\r\n\
%c^Z - suspend ssh\r\n\
@ -646,7 +660,7 @@ Supported escape sequences:\r\n\
(Note that escapes are only recognized immediately after newline.)\r\n",
escape_char, escape_char, escape_char, escape_char,
escape_char, escape_char, escape_char, escape_char,
escape_char, escape_char);
escape_char, escape_char, escape_char);
buffer_append(berr, string, strlen(string));
continue;
@ -968,9 +982,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
/* Do channel operations unless rekeying in progress. */
if (!rekeying) {
channel_after_select(readset, writeset);
if (need_rekeying) {
debug("user requests rekeying");
if (need_rekeying || packet_need_rekeying()) {
debug("need rekeying");
xxx_kex->done = 0;
kex_send_kexinit(xxx_kex);
need_rekeying = 0;
@ -1146,7 +1159,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
c = channel_new("forwarded-tcpip",
SSH_CHANNEL_CONNECTING, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
xstrdup(originator_address), 1);
originator_address, 1);
xfree(originator_address);
xfree(listen_address);
return c;
@ -1182,8 +1195,7 @@ client_request_x11(const char *request_type, int rchan)
return NULL;
c = channel_new("x11",
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0,
xstrdup("x11"), 1);
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
c->force_drain = 1;
return c;
}
@ -1205,7 +1217,7 @@ client_request_agent(const char *request_type, int rchan)
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
xstrdup("authentication agent connection"), 1);
"authentication agent connection", 1);
c->force_drain = 1;
return c;
}

2
crypto/openssh/deattack.c
View File

@ -18,7 +18,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: deattack.c,v 1.18 2002/03/04 17:27:39 stevesk Exp $");
RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
#include "deattack.h"
#include "log.h"

58
crypto/openssh/defines.h
View File

@ -1,7 +1,31 @@
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.97 2003/01/24 00:50:32 djm Exp $ */
/* $Id: defines.h,v 1.103 2003/09/16 01:52:19 dtucker Exp $ */
/* Constants */
@ -188,28 +212,21 @@ typedef unsigned long u_int32_t;
#ifndef HAVE_INT64_T
# if (SIZEOF_LONG_INT == 8)
typedef long int int64_t;
# define HAVE_INT64_T 1
# else
# if (SIZEOF_LONG_LONG_INT == 8)
typedef long long int int64_t;
# define HAVE_INT64_T 1
# endif
# endif
#endif
#ifndef HAVE_U_INT64_T
# if (SIZEOF_LONG_INT == 8)
typedef unsigned long int u_int64_t;
# define HAVE_U_INT64_T 1
# else
# if (SIZEOF_LONG_LONG_INT == 8)
typedef unsigned long long int u_int64_t;
# define HAVE_U_INT64_T 1
# endif
# endif
#endif
#if !defined(HAVE_LONG_LONG_INT) && (SIZEOF_LONG_LONG_INT == 8)
# define HAVE_LONG_LONG_INT 1
#endif
#ifndef HAVE_U_CHAR
typedef unsigned char u_char;
@ -304,6 +321,10 @@ struct winsize {
# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
#endif
#ifndef SUPERUSER_PATH
# define SUPERUSER_PATH _PATH_STDPATH
#endif
#ifndef _PATH_DEVNULL
# define _PATH_DEVNULL "/dev/null"
#endif
@ -420,6 +441,23 @@ struct winsize {
#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len))
#endif
/* given pointer to struct cmsghdr, return pointer to data */
#ifndef CMSG_DATA
#define CMSG_DATA(cmsg) ((u_char *)(cmsg) + __CMSG_ALIGN(sizeof(struct cmsghdr)))
#endif /* CMSG_DATA */
/*
* RFC 2292 requires to check msg_controllen, in case that the kernel returns
* an empty list for some reasons.
*/
#ifndef CMSG_FIRSTHDR
#define CMSG_FIRSTHDR(mhdr) \
((mhdr)->msg_controllen >= sizeof(struct cmsghdr) ? \
(struct cmsghdr *)(mhdr)->msg_control : \
(struct cmsghdr *)NULL)
#endif /* CMSG_FIRSTHDR */
/* Function replacement / compatibility hacks */
#if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO))
@ -487,6 +525,10 @@ struct winsize {
# define __func__ ""
#endif
#if defined(KRB5) && !defined(HEIMDAL)
# define krb5_get_err_text(context,code) error_message(code)
#endif
/*
* Define this to use pipes instead of socketpairs for communicating with the
* client program. Socketpairs do not seem to work on all systems.

10
crypto/openssh/dh.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: dh.c,v 1.23 2002/11/21 22:22:50 markus Exp $");
RCSID("$OpenBSD: dh.c,v 1.24 2003/04/08 20:21:28 itojun Exp $");
#include "xmalloc.h"
@ -112,7 +112,7 @@ choose_dh(int min, int wantbits, int max)
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
log("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI);
logit("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI);
return (dh_new_group1());
}
@ -140,7 +140,7 @@ choose_dh(int min, int wantbits, int max)
if (bestcount == 0) {
fclose(f);
log("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
return (NULL);
}
@ -176,7 +176,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
int bits_set = 0;
if (dh_pub->neg) {
log("invalid public DH value: negativ");
logit("invalid public DH value: negativ");
return 0;
}
for (i = 0; i <= n; i++)
@ -187,7 +187,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
return 1;
log("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
return 0;
}

6
crypto/openssh/dispatch.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: dispatch.c,v 1.15 2002/01/11 13:39:36 markus Exp $");
RCSID("$OpenBSD: dispatch.c,v 1.16 2003/04/08 20:21:28 itojun Exp $");
#include "ssh1.h"
#include "ssh2.h"
@ -39,7 +39,7 @@ dispatch_fn *dispatch[DISPATCH_MAX];
void
dispatch_protocol_error(int type, u_int32_t seq, void *ctxt)
{
log("dispatch_protocol_error: type %d seq %u", type, seq);
logit("dispatch_protocol_error: type %d seq %u", type, seq);
if (!compat20)
fatal("protocol error");
packet_start(SSH2_MSG_UNIMPLEMENTED);
@ -50,7 +50,7 @@ dispatch_protocol_error(int type, u_int32_t seq, void *ctxt)
void
dispatch_protocol_ignore(int type, u_int32_t seq, void *ctxt)
{
log("dispatch_protocol_ignore: type %d seq %u", type, seq);
logit("dispatch_protocol_ignore: type %d seq %u", type, seq);
}
void
dispatch_init(dispatch_fn *dflt)

290
crypto/openssh/dns.c Normal file
View File

@ -0,0 +1,290 @@
/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
* Copyright (c) 2003 Jakob Schlyter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifdef DNS
#include <openssl/bn.h>
#ifdef LWRES
#include <lwres/netdb.h>
#include <dns/result.h>
#else /* LWRES */
#include <netdb.h>
#endif /* LWRES */
#include "xmalloc.h"
#include "key.h"
#include "dns.h"
#include "log.h"
#include "uuencode.h"
extern char *__progname;
RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $");
#ifndef LWRES
static const char *errset_text[] = {
"success", /* 0 ERRSET_SUCCESS */
"out of memory", /* 1 ERRSET_NOMEMORY */
"general failure", /* 2 ERRSET_FAIL */
"invalid parameter", /* 3 ERRSET_INVAL */
"name does not exist", /* 4 ERRSET_NONAME */
"data does not exist", /* 5 ERRSET_NODATA */
};
static const char *
dns_result_totext(unsigned int error)
{
switch (error) {
case ERRSET_SUCCESS:
return errset_text[ERRSET_SUCCESS];
case ERRSET_NOMEMORY:
return errset_text[ERRSET_NOMEMORY];
case ERRSET_FAIL:
return errset_text[ERRSET_FAIL];
case ERRSET_INVAL:
return errset_text[ERRSET_INVAL];
case ERRSET_NONAME:
return errset_text[ERRSET_NONAME];
case ERRSET_NODATA:
return errset_text[ERRSET_NODATA];
default:
return "unknown error";
}
}
#endif /* LWRES */
/*
* Read SSHFP parameters from key buffer.
*/
static int
dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
u_char **digest, u_int *digest_len, Key *key)
{
int success = 0;
switch (key->type) {
case KEY_RSA:
*algorithm = SSHFP_KEY_RSA;
break;
case KEY_DSA:
*algorithm = SSHFP_KEY_DSA;
break;
default:
*algorithm = SSHFP_KEY_RESERVED;
}
if (*algorithm) {
*digest_type = SSHFP_HASH_SHA1;
*digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
success = 1;
} else {
*digest_type = SSHFP_HASH_RESERVED;
*digest = NULL;
*digest_len = 0;
success = 0;
}
return success;
}
/*
* Read SSHFP parameters from rdata buffer.
*/
static int
dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
u_char **digest, u_int *digest_len, u_char *rdata, int rdata_len)
{
int success = 0;
*algorithm = SSHFP_KEY_RESERVED;
*digest_type = SSHFP_HASH_RESERVED;
if (rdata_len >= 2) {
*algorithm = rdata[0];
*digest_type = rdata[1];
*digest_len = rdata_len - 2;
if (*digest_len > 0) {
*digest = (u_char *) xmalloc(*digest_len);
memcpy(*digest, rdata + 2, *digest_len);
} else {
*digest = NULL;
}
success = 1;
}
return success;
}
/*
* Verify the given hostname, address and host key using DNS.
* Returns 0 if key verifies or -1 if key does NOT verify
*/
int
verify_host_key_dns(const char *hostname, struct sockaddr *address,
Key *hostkey)
{
int counter;
int result;
struct rrsetinfo *fingerprints = NULL;
int failures = 0;
u_int8_t hostkey_algorithm;
u_int8_t hostkey_digest_type;
u_char *hostkey_digest;
u_int hostkey_digest_len;
u_int8_t dnskey_algorithm;
u_int8_t dnskey_digest_type;
u_char *dnskey_digest;
u_int dnskey_digest_len;
debug3("verify_hostkey_dns");
if (hostkey == NULL)
fatal("No key to look up!");
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
DNS_RDATATYPE_SSHFP, 0, &fingerprints);
if (result) {
verbose("DNS lookup error: %s", dns_result_totext(result));
return DNS_VERIFY_ERROR;
}
#ifdef DNSSEC
/* Only accept validated answers */
if (!fingerprints->rri_flags & RRSET_VALIDATED) {
error("Ignored unvalidated fingerprint from DNS.");
freerrset(fingerprints);
return DNS_VERIFY_ERROR;
}
#endif
debug("found %d fingerprints in DNS", fingerprints->rri_nrdatas);
/* Initialize host key parameters */
if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
&hostkey_digest, &hostkey_digest_len, hostkey)) {
error("Error calculating host key fingerprint.");
freerrset(fingerprints);
return DNS_VERIFY_ERROR;
}
for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) {
/*
* Extract the key from the answer. Ignore any badly
* formatted fingerprints.
*/
if (!dns_read_rdata(&dnskey_algorithm, &dnskey_digest_type,
&dnskey_digest, &dnskey_digest_len,
fingerprints->rri_rdatas[counter].rdi_data,
fingerprints->rri_rdatas[counter].rdi_length)) {
verbose("Error parsing fingerprint from DNS.");
continue;
}
/* Check if the current key is the same as the given key */
if (hostkey_algorithm == dnskey_algorithm &&
hostkey_digest_type == dnskey_digest_type) {
if (hostkey_digest_len == dnskey_digest_len &&
memcmp(hostkey_digest, dnskey_digest,
hostkey_digest_len) == 0) {
/* Matching algoritm and digest. */
freerrset(fingerprints);
debug("matching host key fingerprint found in DNS");
return DNS_VERIFY_OK;
} else {
/* Correct algorithm but bad digest */
debug("verify_hostkey_dns: failed");
failures++;
}
}
}
freerrset(fingerprints);
if (failures) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the %s host key has just been changed.",
key_type(hostkey));
error("Please contact your system administrator.");
return DNS_VERIFY_FAILED;
}
debug("fingerprints found in DNS, but none of them matched");
return DNS_VERIFY_ERROR;
}
/*
* Export the fingerprint of a key as a DNS resource record
*/
int
export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
{
u_int8_t rdata_pubkey_algorithm = 0;
u_int8_t rdata_digest_type = SSHFP_HASH_SHA1;
u_char *rdata_digest;
u_int rdata_digest_len;
int i;
int success = 0;
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
&rdata_digest, &rdata_digest_len, key)) {
if (generic)
fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
DNS_RDATATYPE_SSHFP, 2 + rdata_digest_len,
rdata_pubkey_algorithm, rdata_digest_type);
else
fprintf(f, "%s IN SSHFP %d %d ", hostname,
rdata_pubkey_algorithm, rdata_digest_type);
for (i = 0; i < rdata_digest_len; i++)
fprintf(f, "%02x", rdata_digest[i]);
fprintf(f, "\n");
success = 1;
} else {
error("dns_export_rr: unsupported algorithm");
}
return success;
}
#endif /* DNS */

57
crypto/openssh/dns.h Normal file
View File

@ -0,0 +1,57 @@
/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
* Copyright (c) 2003 Jakob Schlyter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifdef DNS
#ifndef DNS_H
#define DNS_H
enum sshfp_types {
SSHFP_KEY_RESERVED,
SSHFP_KEY_RSA,
SSHFP_KEY_DSA
};
enum sshfp_hashes {
SSHFP_HASH_RESERVED,
SSHFP_HASH_SHA1
};
#define DNS_RDATACLASS_IN 1
#define DNS_RDATATYPE_SSHFP 44
#define DNS_VERIFY_FAILED -1
#define DNS_VERIFY_OK 0
#define DNS_VERIFY_ERROR 1
int verify_host_key_dns(const char *, struct sockaddr *, Key *);
int export_dns_rr(const char *, Key *, FILE *, int);
#endif /* DNS_H */
#endif /* DNS */

10
crypto/openssh/entropy.c
View File

@ -45,7 +45,7 @@
* XXX: we should tell the child how many bytes we need.
*/
RCSID("$Id: entropy.c,v 1.44 2002/06/09 19:41:48 mouring Exp $");
RCSID("$Id: entropy.c,v 1.46 2003/08/25 01:16:21 mouring Exp $");
#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
@ -75,7 +75,7 @@ seed_rng(void)
if (pipe(p) == -1)
fatal("pipe: %s", strerror(errno));
old_sigchld = mysignal(SIGCHLD, SIG_DFL);
old_sigchld = signal(SIGCHLD, SIG_DFL);
if ((pid = fork()) == -1)
fatal("Couldn't fork: %s", strerror(errno));
if (pid == 0) {
@ -89,8 +89,8 @@ seed_rng(void)
if (original_uid != original_euid &&
( seteuid(getuid()) == -1 ||
setuid(original_uid) == -1) ) {
fprintf(stderr, "(rand child) setuid(%d): %s\n",
original_uid, strerror(errno));
fprintf(stderr, "(rand child) setuid(%li): %s\n",
(long int)original_uid, strerror(errno));
_exit(1);
}
@ -116,7 +116,7 @@ seed_rng(void)
if (waitpid(pid, &ret, 0) == -1)
fatal("Couldn't wait for ssh-rand-helper completion: %s",
strerror(errno));
mysignal(SIGCHLD, old_sigchld);
signal(SIGCHLD, old_sigchld);
/* We don't mind if the child exits upon a SIGPIPE */
if (!WIFEXITED(ret) &&

4
crypto/openssh/groupaccess.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: groupaccess.c,v 1.5 2002/03/04 17:27:39 stevesk Exp $");
RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $");
#include "groupaccess.h"
#include "xmalloc.h"
@ -49,7 +49,7 @@ ga_init(const char *user, gid_t base)
ngroups = sizeof(groups_bygid) / sizeof(gid_t);
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
log("getgrouplist: groups list too small");
logit("getgrouplist: groups list too small");
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
groups_byname[j++] = xstrdup(gr->gr_name);

256
crypto/openssh/gss-genr.c Normal file
View File

@ -0,0 +1,256 @@
/* $OpenBSD: gss-genr.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifdef GSSAPI
#include "xmalloc.h"
#include "bufaux.h"
#include "compat.h"
#include "log.h"
#include "monitor_wrap.h"
#include "ssh-gss.h"
/* Check that the OID in a data stream matches that in the context */
int
ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
{
return (ctx != NULL && ctx->oid != GSS_C_NO_OID &&
ctx->oid->length == len &&
memcmp(ctx->oid->elements, data, len) == 0);
}
/* Set the contexts OID from a data stream */
void
ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len)
{
if (ctx->oid != GSS_C_NO_OID) {
xfree(ctx->oid->elements);
xfree(ctx->oid);
}
ctx->oid = xmalloc(sizeof(gss_OID_desc));
ctx->oid->length = len;
ctx->oid->elements = xmalloc(len);
memcpy(ctx->oid->elements, data, len);
}
/* Set the contexts OID */
void
ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid)
{
ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length);
}
/* All this effort to report an error ... */
void
ssh_gssapi_error(Gssctxt *ctxt)
{
debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL));
}
char *
ssh_gssapi_last_error(Gssctxt *ctxt,
OM_uint32 *major_status, OM_uint32 *minor_status)
{
OM_uint32 lmin;
gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
OM_uint32 ctx;
Buffer b;
char *ret;
buffer_init(&b);
if (major_status != NULL)
*major_status = ctxt->major;
if (minor_status != NULL)
*minor_status = ctxt->minor;
ctx = 0;
/* The GSSAPI error */
do {
gss_display_status(&lmin, ctxt->major,
GSS_C_GSS_CODE, GSS_C_NULL_OID, &ctx, &msg);
buffer_append(&b, msg.value, msg.length);
buffer_put_char(&b, '\n');
gss_release_buffer(&lmin, &msg);
} while (ctx != 0);
/* The mechanism specific error */
do {
gss_display_status(&lmin, ctxt->minor,
GSS_C_MECH_CODE, GSS_C_NULL_OID, &ctx, &msg);
buffer_append(&b, msg.value, msg.length);
buffer_put_char(&b, '\n');
gss_release_buffer(&lmin, &msg);
} while (ctx != 0);
buffer_put_char(&b, '\0');
ret = xmalloc(buffer_len(&b));
buffer_get(&b, ret, buffer_len(&b));
buffer_free(&b);
return (ret);
}
/*
* Initialise our GSSAPI context. We use this opaque structure to contain all
* of the data which both the client and server need to persist across
* {accept,init}_sec_context calls, so that when we do it from the userauth
* stuff life is a little easier
*/
void
ssh_gssapi_build_ctx(Gssctxt **ctx)
{
*ctx = xmalloc(sizeof (Gssctxt));
(*ctx)->major = 0;
(*ctx)->minor = 0;
(*ctx)->context = GSS_C_NO_CONTEXT;
(*ctx)->name = GSS_C_NO_NAME;
(*ctx)->oid = GSS_C_NO_OID;
(*ctx)->creds = GSS_C_NO_CREDENTIAL;
(*ctx)->client = GSS_C_NO_NAME;
(*ctx)->client_creds = GSS_C_NO_CREDENTIAL;
}
/* Delete our context, providing it has been built correctly */
void
ssh_gssapi_delete_ctx(Gssctxt **ctx)
{
OM_uint32 ms;
if ((*ctx) == NULL)
return;
if ((*ctx)->context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER);
if ((*ctx)->name != GSS_C_NO_NAME)
gss_release_name(&ms, &(*ctx)->name);
if ((*ctx)->oid != GSS_C_NO_OID) {
xfree((*ctx)->oid->elements);
xfree((*ctx)->oid);
(*ctx)->oid = GSS_C_NO_OID;
}
if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
gss_release_cred(&ms, &(*ctx)->creds);
if ((*ctx)->client != GSS_C_NO_NAME)
gss_release_name(&ms, &(*ctx)->client);
if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
gss_release_cred(&ms, &(*ctx)->client_creds);
xfree(*ctx);
*ctx = NULL;
}
/*
* Wrapper to init_sec_context
* Requires that the context contains:
* oid
* server name (from ssh_gssapi_import_name)
*/
OM_uint32
ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
gss_buffer_desc* send_tok, OM_uint32 *flags)
{
int deleg_flag = 0;
if (deleg_creds) {
deleg_flag = GSS_C_DELEG_FLAG;
debug("Delegating credentials");
}
ctx->major = gss_init_sec_context(&ctx->minor,
GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
0, NULL, recv_tok, NULL, send_tok, flags, NULL);
if (GSS_ERROR(ctx->major))
ssh_gssapi_error(ctx);
return (ctx->major);
}
/* Create a service name for the given host */
OM_uint32
ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
{
gss_buffer_desc gssbuf;
gssbuf.length = sizeof("host@") + strlen(host);
gssbuf.value = xmalloc(gssbuf.length);
snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
if ((ctx->major = gss_import_name(&ctx->minor,
&gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
ssh_gssapi_error(ctx);
xfree(gssbuf.value);
return (ctx->major);
}
/* Acquire credentials for a server running on the current host.
* Requires that the context structure contains a valid OID
*/
/* Returns a GSSAPI error code */
OM_uint32
ssh_gssapi_acquire_cred(Gssctxt *ctx)
{
OM_uint32 status;
char lname[MAXHOSTNAMELEN];
gss_OID_set oidset;
gss_create_empty_oid_set(&status, &oidset);
gss_add_oid_set_member(&status, ctx->oid, &oidset);
if (gethostname(lname, MAXHOSTNAMELEN))
return (-1);
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
return (ctx->major);
if ((ctx->major = gss_acquire_cred(&ctx->minor,
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
ssh_gssapi_error(ctx);
gss_release_oid_set(&status, &oidset);
return (ctx->major);
}
OM_uint32
ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
if (*ctx)
ssh_gssapi_delete_ctx(ctx);
ssh_gssapi_build_ctx(ctx);
ssh_gssapi_set_oid(*ctx, oid);
return (ssh_gssapi_acquire_cred(*ctx));
}
#endif /* GSSAPI */

205
crypto/openssh/gss-serv-krb5.c Normal file
View File

@ -0,0 +1,205 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifdef GSSAPI
#ifdef KRB5
#include "auth.h"
#include "xmalloc.h"
#include "log.h"
#include "servconf.h"
#include "ssh-gss.h"
extern ServerOptions options;
#ifdef HEIMDAL
#include <krb5.h>
#else
#include <gssapi_krb5.h>
#endif
static krb5_context krb_context = NULL;
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
static int
ssh_gssapi_krb5_init()
{
krb5_error_code problem;
if (krb_context != NULL)
return 1;
problem = krb5_init_context(&krb_context);
if (problem) {
logit("Cannot initialize krb5 context");
return 0;
}
krb5_init_ets(krb_context);
return 1;
}
/* Check if this user is OK to login. This only works with krb5 - other
* GSSAPI mechanisms will need their own.
* Returns true if the user is OK to log in, otherwise returns 0
*/
static int
ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
{
krb5_principal princ;
int retval;
if (ssh_gssapi_krb5_init() == 0)
return 0;
if ((retval = krb5_parse_name(krb_context, client->exportedname.value,
&princ))) {
logit("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context, retval));
return 0;
}
if (krb5_kuserok(krb_context, princ, name)) {
retval = 1;
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
name, (char *)client->displayname.value);
} else
retval = 0;
krb5_free_principal(krb_context, princ);
return retval;
}
/* This writes out any forwarded credentials from the structure populated
* during userauth. Called after we have setuid to the user */
static void
ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
{
krb5_ccache ccache;
krb5_error_code problem;
krb5_principal princ;
OM_uint32 maj_status, min_status;
if (client->creds == NULL) {
debug("No credentials stored");
return;
}
if (ssh_gssapi_krb5_init() == 0)
return;
#ifdef HEIMDAL
if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
logit("krb5_cc_gen_new(): %.100s",
krb5_get_err_text(krb_context, problem));
return;
}
#else
{
int tmpfd;
char ccname[40];
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
return;
}
if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
logit("fchmod(): %.100s", strerror(errno));
close(tmpfd);
problem = errno;
return;
}
close(tmpfd);
if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
logit("krb5_cc_resolve(): %.100s",
krb5_get_err_text(krb_context, problem));
return;
}
}
#endif /* #ifdef HEIMDAL */
if ((problem = krb5_parse_name(krb_context,
client->exportedname.value, &princ))) {
logit("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context, problem));
krb5_cc_destroy(krb_context, ccache);
return;
}
if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
logit("krb5_cc_initialize(): %.100s",
krb5_get_err_text(krb_context, problem));
krb5_free_principal(krb_context, princ);
krb5_cc_destroy(krb_context, ccache);
return;
}
krb5_free_principal(krb_context, princ);
if ((maj_status = gss_krb5_copy_ccache(&min_status,
client->creds, ccache))) {
logit("gss_krb5_copy_ccache() failed");
krb5_cc_destroy(krb_context, ccache);
return;
}
client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
client->store.envvar = "KRB5CCNAME";
client->store.envval = xstrdup(client->store.filename);
#ifdef USE_PAM
if (options.use_pam)
do_pam_putenv(client->store.envvar,client->store.envval);
#endif
krb5_cc_close(krb_context, ccache);
return;
}
ssh_gssapi_mech gssapi_kerberos_mech = {
"toWM5Slw5Ew8Mqkay+al2g==",
"Kerberos",
{9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"},
NULL,
&ssh_gssapi_krb5_userok,
NULL,
&ssh_gssapi_krb5_storecreds
};
#endif /* KRB5 */
#endif /* GSSAPI */

292
crypto/openssh/gss-serv.c Normal file
View File

@ -0,0 +1,292 @@
/* $OpenBSD: gss-serv.c,v 1.3 2003/08/31 13:31:57 markus Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifdef GSSAPI
#include "bufaux.h"
#include "compat.h"
#include "auth.h"
#include "log.h"
#include "channels.h"
#include "session.h"
#include "servconf.h"
#include "monitor_wrap.h"
#include "xmalloc.h"
#include "getput.h"
#include "ssh-gss.h"
extern ServerOptions options;
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
ssh_gssapi_mech gssapi_null_mech =
{ NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
#ifdef KRB5
extern ssh_gssapi_mech gssapi_kerberos_mech;
#endif
ssh_gssapi_mech* supported_mechs[]= {
#ifdef KRB5
&gssapi_kerberos_mech,
#endif
&gssapi_null_mech,
};
/* Unpriviledged */
void
ssh_gssapi_supported_oids(gss_OID_set *oidset)
{
int i = 0;
OM_uint32 min_status;
int present;
gss_OID_set supported;
gss_create_empty_oid_set(&min_status, oidset);
gss_indicate_mechs(&min_status, &supported);
while (supported_mechs[i]->name != NULL) {
if (GSS_ERROR(gss_test_oid_set_member(&min_status,
&supported_mechs[i]->oid, supported, &present)))
present = 0;
if (present)
gss_add_oid_set_member(&min_status,
&supported_mechs[i]->oid, oidset);
i++;
}
}
/* Wrapper around accept_sec_context
* Requires that the context contains:
* oid
* credentials (from ssh_gssapi_acquire_cred)
*/
/* Priviledged */
OM_uint32
ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
gss_buffer_desc *send_tok, OM_uint32 *flags)
{
OM_uint32 status;
gss_OID mech;
ctx->major = gss_accept_sec_context(&ctx->minor,
&ctx->context, ctx->creds, recv_tok,
GSS_C_NO_CHANNEL_BINDINGS, &ctx->client, &mech,
send_tok, flags, NULL, &ctx->client_creds);
if (GSS_ERROR(ctx->major))
ssh_gssapi_error(ctx);
if (ctx->client_creds)
debug("Received some client credentials");
else
debug("Got no client credentials");
status = ctx->major;
/* Now, if we're complete and we have the right flags, then
* we flag the user as also having been authenticated
*/
if (((flags == NULL) || ((*flags & GSS_C_MUTUAL_FLAG) &&
(*flags & GSS_C_INTEG_FLAG))) && (ctx->major == GSS_S_COMPLETE)) {
if (ssh_gssapi_getclient(ctx, &gssapi_client))
fatal("Couldn't convert client name");
}
return (status);
}
/*
* This parses an exported name, extracting the mechanism specific portion
* to use for ACL checking. It verifies that the name belongs the mechanism
* originally selected.
*/
static OM_uint32
ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
{
char *tok;
OM_uint32 offset;
OM_uint32 oidl;
tok=ename->value;
/*
* Check that ename is long enough for all of the fixed length
* header, and that the initial ID bytes are correct
*/
if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0)
return GSS_S_FAILURE;
/*
* Extract the OID, and check it. Here GSSAPI breaks with tradition
* and does use the OID type and length bytes. To confuse things
* there are two lengths - the first including these, and the
* second without.
*/
oidl = GET_16BIT(tok+2); /* length including next two bytes */
oidl = oidl-2; /* turn it into the _real_ length of the variable OID */
/*
* Check the BER encoding for correct type and length, that the
* string is long enough and that the OID matches that in our context
*/
if (tok[4] != 0x06 || tok[5] != oidl ||
ename->length < oidl+6 ||
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
return GSS_S_FAILURE;
offset = oidl+6;
if (ename->length < offset+4)
return GSS_S_FAILURE;
name->length = GET_32BIT(tok+offset);
offset += 4;
if (ename->length < offset+name->length)
return GSS_S_FAILURE;
name->value = xmalloc(name->length+1);
memcpy(name->value,tok+offset,name->length);
((char *)name->value)[name->length] = 0;
return GSS_S_COMPLETE;
}
/* Extract the client details from a given context. This can only reliably
* be called once for a context */
/* Priviledged (called from accept_secure_ctx) */
OM_uint32
ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
{
int i = 0;
gss_buffer_desc ename;
client->mech = NULL;
while (supported_mechs[i]->name != NULL) {
if (supported_mechs[i]->oid.length == ctx->oid->length &&
(memcmp(supported_mechs[i]->oid.elements,
ctx->oid->elements, ctx->oid->length) == 0))
client->mech = supported_mechs[i];
i++;
}
if (client->mech == NULL)
return GSS_S_FAILURE;
if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
&client->displayname, NULL))) {
ssh_gssapi_error(ctx);
return (ctx->major);
}
if ((ctx->major = gss_export_name(&ctx->minor, ctx->client,
&ename))) {
ssh_gssapi_error(ctx);
return (ctx->major);
}
if ((ctx->major = ssh_gssapi_parse_ename(ctx,&ename,
&client->exportedname))) {
return (ctx->major);
}
/* We can't copy this structure, so we just move the pointer to it */
client->creds = ctx->client_creds;
ctx->client_creds = GSS_C_NO_CREDENTIAL;
return (ctx->major);
}
/* As user - called through fatal cleanup hook */
void
ssh_gssapi_cleanup_creds(void *ignored)
{
if (gssapi_client.store.filename != NULL) {
/* Unlink probably isn't sufficient */
debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename);
unlink(gssapi_client.store.filename);
}
}
/* As user */
void
ssh_gssapi_storecreds(void)
{
if (gssapi_client.mech && gssapi_client.mech->storecreds) {
(*gssapi_client.mech->storecreds)(&gssapi_client);
if (options.gss_cleanup_creds)
fatal_add_cleanup(ssh_gssapi_cleanup_creds, NULL);
} else
debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism");
}
/* This allows GSSAPI methods to do things to the childs environment based
* on the passed authentication process and credentials.
*/
/* As user */
void
ssh_gssapi_do_child(char ***envp, u_int *envsizep)
{
if (gssapi_client.store.envvar != NULL &&
gssapi_client.store.envval != NULL) {
debug("Setting %s to %s", gssapi_client.store.envvar,
gssapi_client.store.envval);
child_set_env(envp, envsizep, gssapi_client.store.envvar,
gssapi_client.store.envval);
}
}
/* Priviledged */
int
ssh_gssapi_userok(char *user)
{
if (gssapi_client.exportedname.length == 0 ||
gssapi_client.exportedname.value == NULL) {
debug("No suitable client data");
return 0;
}
if (gssapi_client.mech && gssapi_client.mech->userok)
return ((*gssapi_client.mech->userok)(&gssapi_client, user));
else
debug("ssh_gssapi_userok: Unknown GSSAPI mechanism");
return (0);
}
#endif

5
crypto/openssh/key.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */
/* $OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -61,6 +61,7 @@ void key_free(Key *);
Key *key_demote(Key *);
int key_equal(Key *, Key *);
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *);
char *key_type(Key *);
int key_write(Key *, FILE *);
int key_read(Key *, char **);
@ -70,7 +71,7 @@ Key *key_generate(int, u_int);
Key *key_from_private(Key *);
int key_type_from_name(char *);
Key *key_from_blob(u_char *, int);
Key *key_from_blob(u_char *, u_int);
int key_to_blob(Key *, u_char **, u_int *);
char *key_ssh_name(Key *);
int key_names_valid2(const char *);

23
crypto/openssh/log.c
View File

@ -34,12 +34,15 @@
*/
#include "includes.h"
RCSID("$OpenBSD: log.c,v 1.25 2003/01/11 18:29:43 markus Exp $");
RCSID("$OpenBSD: log.c,v 1.28 2003/05/24 09:02:22 djm Exp $");
#include "log.h"
#include "xmalloc.h"
#include <syslog.h>
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
# include <vis.h>
#endif
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 1;
@ -127,7 +130,7 @@ error(const char *fmt,...)
/* Log this message (information that usually should go to the log). */
void
log(const char *fmt,...)
logit(const char *fmt,...)
{
va_list args;
@ -339,6 +342,9 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
void
do_log(LogLevel level, const char *fmt, va_list args)
{
#ifdef OPENLOG_R
struct syslog_data sdata = SYSLOG_DATA_INIT;
#endif
char msgbuf[MSGBUFSIZ];
char fmtbuf[MSGBUFSIZ];
char *txt = NULL;
@ -387,14 +393,19 @@ do_log(LogLevel level, const char *fmt, va_list args)
} else {
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
}
/* Escape magic chars in output. */
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_OCTAL);
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_SAFE|VIS_OCTAL);
if (log_on_stderr) {
fprintf(stderr, "%s\r\n", fmtbuf);
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
} else {
#ifdef OPENLOG_R
openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
syslog_r(pri, &sdata, "%.500s", fmtbuf);
closelog_r(&sdata);
#else
openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
syslog(pri, "%.500s", fmtbuf);
closelog();
#endif
}
}

7
crypto/openssh/loginrec.h
View File

@ -12,11 +12,6 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Markus Friedl.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
@ -40,7 +35,7 @@
#include <netinet/in.h>
#include <sys/socket.h>
/* RCSID("$Id: loginrec.h,v 1.6 2001/05/08 20:33:06 mouring Exp $"); */
/* RCSID("$Id: loginrec.h,v 1.7 2003/06/03 02:18:50 djm Exp $"); */
/**
** you should use the login_* calls to work around platform dependencies

9
crypto/openssh/logintest.c
View File

@ -9,11 +9,6 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Markus Friedl.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
@ -48,7 +43,7 @@
#include "loginrec.h"
RCSID("$Id: logintest.c,v 1.8 2001/04/05 23:05:22 stevesk Exp $");
RCSID("$Id: logintest.c,v 1.10 2003/08/21 23:34:41 djm Exp $");
#ifdef HAVE___PROGNAME
extern char *__progname;
@ -292,7 +287,7 @@ main(int argc, char *argv[])
{
printf("Platform-independent login recording test driver\n");
__progname = get_progname(argv[0]);
__progname = ssh_get_progname(argv[0]);
if (argc == 2) {
if (strncmp(argv[1], "-i", 3) == 0)
compile_opts_only = 1;

162
crypto/openssh/md5crypt.c
View File

@ -1,159 +1,165 @@
/*
* ----------------------------------------------------------------------------
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
* <phk@login.dknet.dk> wrote this file. As long as you retain this
* notice you can do whatever you want with this stuff. If we meet some
* day, and you think this stuff is worth it, you can buy me a beer in
* return. Poul-Henning Kamp
* ----------------------------------------------------------------------------
*/
/*
* Ported from FreeBSD to Linux, only minimal changes. --marekm
*/
/*
* Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
*/
#include "includes.h"
RCSID("$Id: md5crypt.c,v 1.5 2001/02/09 01:55:36 djm Exp $");
#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
#include <openssl/md5.h>
static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
RCSID("$Id: md5crypt.c,v 1.7 2003/05/30 06:58:23 dtucker Exp $");
static char *magic = "$1$"; /*
* This string is magic for
* this algorithm. Having
* it this way, we can get
* get better later on
*/
/* 0 ... 63 => ascii - 64 */
static unsigned char itoa64[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static void
to64(char *s, unsigned long v, int n)
static char *magic = "$1$";
static char *
to64(unsigned long v, int n)
{
static char buf[5];
char *s = buf;
if (n > 4)
return (NULL);
memset(buf, '\0', sizeof(buf));
while (--n >= 0) {
*s++ = itoa64[v&0x3f];
v >>= 6;
}
return (buf);
}
int
is_md5_salt(const char *salt)
{
return (!strncmp(salt, magic, strlen(magic)));
return (strncmp(salt, magic, strlen(magic)) == 0);
}
/*
* UNIX password
*
* Use MD5 for what it is best at...
*/
char *
md5_crypt(const char *pw, const char *salt)
{
static char passwd[120], *p;
static const char *sp,*ep;
unsigned char final[16];
int sl,pl,i,j;
MD5_CTX ctx,ctx1;
static char passwd[120], salt_copy[9], *p;
static const char *sp, *ep;
unsigned char final[16];
int sl, pl, i, j;
MD5_CTX ctx, ctx1;
unsigned long l;
/* Refine the Salt first */
sp = salt;
/* If it starts with the magic string, then skip that */
if(!strncmp(sp,magic,strlen(magic)))
if(strncmp(sp, magic, strlen(magic)) == 0)
sp += strlen(magic);
/* It stops at the first '$', max 8 chars */
for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
continue;
for (ep = sp; *ep != '$'; ep++) {
if (*ep == '\0' || ep >= (sp + 8))
return (NULL);
}
/* get the length of the true salt */
sl = ep - sp;
/* Stash the salt */
memcpy(salt_copy, sp, sl);
salt_copy[sl] = '\0';
MD5_Init(&ctx);
/* The password first, since that is what is most unknown */
MD5_Update(&ctx,pw,strlen(pw));
MD5_Update(&ctx, pw, strlen(pw));
/* Then our magic string */
MD5_Update(&ctx,magic,strlen(magic));
MD5_Update(&ctx, magic, strlen(magic));
/* Then the raw salt */
MD5_Update(&ctx,sp,sl);
MD5_Update(&ctx, sp, sl);
/* Then just as many characters of the MD5(pw,salt,pw) */
/* Then just as many characters of the MD5(pw, salt, pw) */
MD5_Init(&ctx1);
MD5_Update(&ctx1,pw,strlen(pw));
MD5_Update(&ctx1,sp,sl);
MD5_Update(&ctx1,pw,strlen(pw));
MD5_Final(final,&ctx1);
MD5_Update(&ctx1, pw, strlen(pw));
MD5_Update(&ctx1, sp, sl);
MD5_Update(&ctx1, pw, strlen(pw));
MD5_Final(final, &ctx1);
for(pl = strlen(pw); pl > 0; pl -= 16)
MD5_Update(&ctx,final,pl>16 ? 16 : pl);
MD5_Update(&ctx, final, pl > 16 ? 16 : pl);
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
memset(final, '\0', sizeof final);
/* Then something really weird... */
for (j=0,i = strlen(pw); i ; i >>= 1)
if(i&1)
MD5_Update(&ctx, final+j, 1);
for (j = 0, i = strlen(pw); i != 0; i >>= 1)
if (i & 1)
MD5_Update(&ctx, final + j, 1);
else
MD5_Update(&ctx, pw+j, 1);
MD5_Update(&ctx, pw + j, 1);
/* Now make the output string */
strcpy(passwd,magic);
strncat(passwd,sp,sl);
strcat(passwd,"$");
snprintf(passwd, sizeof(passwd), "%s%s$", magic, salt_copy);
MD5_Final(final,&ctx);
MD5_Final(final, &ctx);
/*
* and now, just to make sure things don't run too fast
* On a 60 Mhz Pentium this takes 34 msec, so you would
* need 30 seconds to build a 1000 entry dictionary...
*/
for(i=0;i<1000;i++) {
for(i = 0; i < 1000; i++) {
MD5_Init(&ctx1);
if(i & 1)
MD5_Update(&ctx1,pw,strlen(pw));
if (i & 1)
MD5_Update(&ctx1, pw, strlen(pw));
else
MD5_Update(&ctx1,final,16);
MD5_Update(&ctx1, final, 16);
if(i % 3)
MD5_Update(&ctx1,sp,sl);
if (i % 3)
MD5_Update(&ctx1, sp, sl);
if(i % 7)
MD5_Update(&ctx1,pw,strlen(pw));
if (i % 7)
MD5_Update(&ctx1, pw, strlen(pw));
if(i & 1)
MD5_Update(&ctx1,final,16);
if (i & 1)
MD5_Update(&ctx1, final, 16);
else
MD5_Update(&ctx1,pw,strlen(pw));
MD5_Final(final,&ctx1);
MD5_Update(&ctx1, pw, strlen(pw));
MD5_Final(final, &ctx1);
}
p = passwd + strlen(passwd);
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
l = final[11] ; to64(p,l,2); p += 2;
*p = '\0';
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
strlcat(passwd, to64(l, 4), sizeof(passwd));
l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
strlcat(passwd, to64(l, 4), sizeof(passwd));
l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
strlcat(passwd, to64(l, 4), sizeof(passwd));
l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
strlcat(passwd, to64(l, 4), sizeof(passwd));
l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
strlcat(passwd, to64(l, 4), sizeof(passwd));
l = final[11] ;
strlcat(passwd, to64(l, 2), sizeof(passwd));
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
memset(final, 0, sizeof(final));
memset(salt_copy, 0, sizeof(salt_copy));
memset(&ctx, 0, sizeof(ctx));
memset(&ctx1, 0, sizeof(ctx1));
(void)to64(0, 4);
return passwd;
return (passwd);
}
#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */

14
crypto/openssh/md5crypt.h
View File

@ -7,15 +7,7 @@
* ----------------------------------------------------------------------------
*/
/*
* Ported from FreeBSD to Linux, only minimal changes. --marekm
*/
/*
* Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
*/
/* $Id: md5crypt.h,v 1.3 2001/02/09 01:55:36 djm Exp $ */
/* $Id: md5crypt.h,v 1.4 2003/05/18 14:46:46 djm Exp $ */
#ifndef _MD5CRYPT_H
#define _MD5CRYPT_H
@ -24,8 +16,8 @@
#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
int is_md5_salt(const char *salt);
char *md5_crypt(const char *pw, const char *salt);
int is_md5_salt(const char *);
char *md5_crypt(const char *, const char *);
#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */

340
crypto/openssh/mdoc2man.awk Normal file
View File

@ -0,0 +1,340 @@
#!/usr/bin/awk
#
# Version history:
# v3, I put the program under a proper license
# Dan Nelson <dnelson@allantgroup.com> added .An, .Aq and fixed a typo
# v2, fixed to work on GNU awk --posix and MacOS X
# v1, first attempt, didn't work on MacOS X
#
# Copyright (c) 2003 Peter Stuge <stuge-mdoc2man@cdy.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
BEGIN {
optlist=0
oldoptlist=0
nospace=0
synopsis=0
reference=0
block=0
ext=0
extopt=0
literal=0
prenl=0
line=""
}
function wtail() {
retval=""
while(w<nwords) {
if(length(retval))
retval=retval OFS
retval=retval words[++w]
}
return retval
}
function add(str) {
for(;prenl;prenl--)
line=line "\n"
line=line str
}
! /^\./ {
for(;prenl;prenl--)
print ""
print
if(literal)
print ".br"
next
}
/^\.\\"/ { next }
{
option=0
parens=0
angles=0
sub("^\\.","")
nwords=split($0,words)
for(w=1;w<=nwords;w++) {
skip=0
if(match(words[w],"^Li|Pf$")) {
skip=1
} else if(match(words[w],"^Xo$")) {
skip=1
ext=1
if(length(line)&&!(match(line," $")||prenl))
add(OFS)
} else if(match(words[w],"^Xc$")) {
skip=1
ext=0
if(!extopt)
prenl++
w=nwords
} else if(match(words[w],"^Bd$")) {
skip=1
if(match(words[w+1],"-literal")) {
literal=1
prenl++
w=nwords
}
} else if(match(words[w],"^Ed$")) {
skip=1
literal=0
} else if(match(words[w],"^Ns$")) {
skip=1
if(!nospace)
nospace=1
sub(" $","",line)
} else if(match(words[w],"^No$")) {
skip=1
sub(" $","",line)
add(words[++w])
} else if(match(words[w],"^Dq$")) {
skip=1
add("``")
add(words[++w])
while(w<nwords&&!match(words[w+1],"^[\\.,]"))
add(OFS words[++w])
add("''")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
} else if(match(words[w],"^Sq|Ql$")) {
skip=1
add("`" words[++w] "'")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
} else if(match(words[w],"^Oo$")) {
skip=1
extopt=1
if(!nospace)
nospace=1
add("[")
} else if(match(words[w],"^Oc$")) {
skip=1
extopt=0
add("]")
}
if(!skip) {
if(!nospace&&length(line)&&!(match(line," $")||prenl))
add(OFS)
if(nospace==1)
nospace=0
}
if(match(words[w],"^Dd$")) {
date=wtail()
next
} else if(match(words[w],"^Dt$")) {
id=wtail()
next
} else if(match(words[w],"^Os$")) {
add(".TH " id " \"" date "\" \"" wtail() "\"")
} else if(match(words[w],"^Sh$")) {
add(".SH")
synopsis=match(words[w+1],"SYNOPSIS")
} else if(match(words[w],"^Xr$")) {
add("\\fB" words[++w] "\\fP(" words[++w] ")" words[++w])
} else if(match(words[w],"^Rs$")) {
split("",refauthors)
nrefauthors=0
reftitle=""
refissue=""
refdate=""
refopt=""
reference=1
next
} else if(match(words[w],"^Re$")) {
prenl++
for(i=nrefauthors-1;i>0;i--) {
add(refauthors[i])
if(i>1)
add(", ")
}
if(nrefauthors>1)
add(" and ")
add(refauthors[0] ", \\fI" reftitle "\\fP")
if(length(refissue))
add(", " refissue)
if(length(refdate))
add(", " refdate)
if(length(refopt))
add(", " refopt)
add(".")
reference=0
} else if(reference) {
if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() }
if(match(words[w],"^%T$")) {
reftitle=wtail()
sub("^\"","",reftitle)
sub("\"$","",reftitle)
}
if(match(words[w],"^%N$")) { refissue=wtail() }
if(match(words[w],"^%D$")) { refdate=wtail() }
if(match(words[w],"^%O$")) { refopt=wtail() }
} else if(match(words[w],"^Nm$")) {
if(synopsis) {
add(".br")
prenl++
}
n=words[++w]
if(!length(name))
name=n
if(!length(n))
n=name
add("\\fB" n "\\fP")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
} else if(match(words[w],"^Nd$")) {
add("\\- " wtail())
} else if(match(words[w],"^Fl$")) {
add("\\fB\\-" words[++w] "\\fP")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
} else if(match(words[w],"^Ar$")) {
add("\\fI")
if(w==nwords)
add("file ...\\fP")
else {
add(words[++w] "\\fP")
while(match(words[w+1],"^\\|$"))
add(OFS words[++w] " \\fI" words[++w] "\\fP")
}
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
} else if(match(words[w],"^Cm$")) {
add("\\fB" words[++w] "\\fP")
while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
add(words[++w])
} else if(match(words[w],"^Op$")) {
option=1
if(!nospace)
nospace=1
add("[")
} else if(match(words[w],"^Pp$")) {
prenl++
} else if(match(words[w],"^An$")) {
prenl++
} else if(match(words[w],"^Ss$")) {
add(".SS")
} else if(match(words[w],"^Pa$")&&!option) {
add("\\fI")
w++
if(match(words[w],"^\\."))
add("\\&")
add(words[w] "\\fP")
while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
add(words[++w])
} else if(match(words[w],"^Dv$")) {
add(".BR")
} else if(match(words[w],"^Em|Ev$")) {
add(".IR")
} else if(match(words[w],"^Pq$")) {
add("(")
nospace=1
parens=1
} else if(match(words[w],"^Aq$")) {
add("<")
nospace=1
angles=1
} else if(match(words[w],"^S[xy]$")) {
add(".B " wtail())
} else if(match(words[w],"^Ic$")) {
plain=1
add("\\fB")
while(w<nwords) {
w++
if(match(words[w],"^Op$")) {
w++
add("[")
words[nwords]=words[nwords] "]"
}
if(match(words[w],"^Ar$")) {
add("\\fI" words[++w] "\\fP")
} else if(match(words[w],"^[\\.,]")) {
sub(" $","",line)
if(plain) {
add("\\fP")
plain=0
}
add(words[w])
} else {
if(!plain) {
add("\\fB")
plain=1
}
add(words[w])
}
if(!nospace)
add(OFS)
}
sub(" $","",line)
if(plain)
add("\\fP")
} else if(match(words[w],"^Bl$")) {
oldoptlist=optlist
if(match(words[w+1],"-bullet"))
optlist=1
else if(match(words[w+1],"-enum")) {
optlist=2
enum=0
} else if(match(words[w+1],"-tag"))
optlist=3
else if(match(words[w+1],"-item"))
optlist=4
else if(match(words[w+1],"-bullet"))
optlist=1
w=nwords
} else if(match(words[w],"^El$")) {
optlist=oldoptlist
} else if(match(words[w],"^It$")&&optlist) {
if(optlist==1)
add(".IP \\(bu")
else if(optlist==2)
add(".IP " ++enum ".")
else if(optlist==3) {
add(".TP")
prenl++
if(match(words[w+1],"^Pa|Ev$")) {
add(".B")
w++
}
} else if(optlist==4)
add(".IP")
} else if(match(words[w],"^Sm$")) {
if(match(words[w+1],"off"))
nospace=2
else if(match(words[w+1],"on"))
nospace=0
w++
} else if(!skip) {
add(words[w])
}
}
if(match(line,"^\\.[^a-zA-Z]"))
sub("^\\.","",line)
if(parens)
add(")")
if(angles)
add(">")
if(option)
add("]")
if(ext&&!extopt&&!match(line," $"))
add(OFS)
if(!ext&&!extopt&&length(line)) {
print line
prenl=0
line=""
}
}

30
crypto/openssh/misc.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.20 2002/12/13 10:03:15 markus Exp $");
RCSID("$OpenBSD: misc.c,v 1.22 2003/09/18 08:49:45 markus Exp $");
#include "misc.h"
#include "log.h"
@ -60,7 +60,7 @@ set_nonblock(int fd)
debug2("fd %d is O_NONBLOCK", fd);
return;
}
debug("fd %d setting O_NONBLOCK", fd);
debug2("fd %d setting O_NONBLOCK", fd);
val |= O_NONBLOCK;
if (fcntl(fd, F_SETFL, val) == -1)
debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
@ -326,29 +326,3 @@ addargs(arglist *args, char *fmt, ...)
args->list[args->num++] = xstrdup(buf);
args->list[args->num] = NULL;
}
mysig_t
mysignal(int sig, mysig_t act)
{
#ifdef HAVE_SIGACTION
struct sigaction sa, osa;
if (sigaction(sig, NULL, &osa) == -1)
return (mysig_t) -1;
if (osa.sa_handler != act) {
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
#if defined(SA_INTERRUPT)
if (sig == SIGALRM)
sa.sa_flags |= SA_INTERRUPT;
#endif
sa.sa_handler = act;
if (sigaction(sig, &sa, NULL) == -1)
return (mysig_t) -1;
}
return (osa.sa_handler);
#else
return (signal(sig, act));
#endif
}

4
crypto/openssh/misc.h
View File

@ -31,7 +31,3 @@ struct arglist {
int nalloc;
};
void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
/* wrapper for signal interface */
typedef void (*mysig_t)(int);
mysig_t mysignal(int sig, mysig_t act);

617
crypto/openssh/moduli.c Normal file
View File

@ -0,0 +1,617 @@
/* $OpenBSD: moduli.c,v 1.1 2003/07/28 09:49:56 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
* Copyright 2000 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Two-step process to generate safe primes for DHGEX
*
* Sieve candidates for "safe" primes,
* suitable for use as Diffie-Hellman moduli;
* that is, where q = (p-1)/2 is also prime.
*
* First step: generate candidate primes (memory intensive)
* Second step: test primes' safety (processor intensive)
*/
#include "includes.h"
#include "moduli.h"
#include "xmalloc.h"
#include "log.h"
#include <openssl/bn.h>
/*
* Debugging defines
*/
/* define DEBUG_LARGE 1 */
/* define DEBUG_SMALL 1 */
/* define DEBUG_TEST 1 */
/*
* File output defines
*/
/* need line long enough for largest moduli plus headers */
#define QLINESIZE (100+8192)
/* Type: decimal.
* Specifies the internal structure of the prime modulus.
*/
#define QTYPE_UNKNOWN (0)
#define QTYPE_UNSTRUCTURED (1)
#define QTYPE_SAFE (2)
#define QTYPE_SCHNOOR (3)
#define QTYPE_SOPHIE_GERMAINE (4)
#define QTYPE_STRONG (5)
/* Tests: decimal (bit field).
* Specifies the methods used in checking for primality.
* Usually, more than one test is used.
*/
#define QTEST_UNTESTED (0x00)
#define QTEST_COMPOSITE (0x01)
#define QTEST_SIEVE (0x02)
#define QTEST_MILLER_RABIN (0x04)
#define QTEST_JACOBI (0x08)
#define QTEST_ELLIPTIC (0x10)
/* Size: decimal.
* Specifies the number of the most significant bit (0 to M).
** WARNING: internally, usually 1 to N.
*/
#define QSIZE_MINIMUM (511)
/*
* Prime sieving defines
*/
/* Constant: assuming 8 bit bytes and 32 bit words */
#define SHIFT_BIT (3)
#define SHIFT_BYTE (2)
#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE)
#define SHIFT_MEGABYTE (20)
#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE)
/*
* Constant: when used with 32-bit integers, the largest sieve prime
* has to be less than 2**32.
*/
#define SMALL_MAXIMUM (0xffffffffUL)
/* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */
#define TINY_NUMBER (1UL<<16)
/* Ensure enough bit space for testing 2*q. */
#define TEST_MAXIMUM (1UL<<16)
#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
/* bit operations on 32-bit words */
#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
/*
* Prime testing defines
*/
/*
* Sieving data (XXX - move to struct)
*/
/* sieve 2**16 */
static u_int32_t *TinySieve, tinybits;
/* sieve 2**30 in 2**16 parts */
static u_int32_t *SmallSieve, smallbits, smallbase;
/* sieve relative to the initial value */
static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
static u_int32_t largebits, largememory; /* megabytes */
static BIGNUM *largebase;
/*
* print moduli out in consistent form,
*/
static int
qfileout(FILE * ofile, u_int32_t otype, u_int32_t otests, u_int32_t otries,
u_int32_t osize, u_int32_t ogenerator, BIGNUM * omodulus)
{
struct tm *gtm;
time_t time_now;
int res;
time(&time_now);
gtm = gmtime(&time_now);
res = fprintf(ofile, "%04d%02d%02d%02d%02d%02d %u %u %u %u %x ",
gtm->tm_year + 1900, gtm->tm_mon + 1, gtm->tm_mday,
gtm->tm_hour, gtm->tm_min, gtm->tm_sec,
otype, otests, otries, osize, ogenerator);
if (res < 0)
return (-1);
if (BN_print_fp(ofile, omodulus) < 1)
return (-1);
res = fprintf(ofile, "\n");
fflush(ofile);
return (res > 0 ? 0 : -1);
}
/*
** Sieve p's and q's with small factors
*/
static void
sieve_large(u_int32_t s)
{
u_int32_t r, u;
debug2("sieve_large %u", s);
largetries++;
/* r = largebase mod s */
r = BN_mod_word(largebase, s);
if (r == 0)
u = 0; /* s divides into largebase exactly */
else
u = s - r; /* largebase+u is first entry divisible by s */
if (u < largebits * 2) {
/*
* The sieve omits p's and q's divisible by 2, so ensure that
* largebase+u is odd. Then, step through the sieve in
* increments of 2*s
*/
if (u & 0x1)
u += s; /* Make largebase+u odd, and u even */
/* Mark all multiples of 2*s */
for (u /= 2; u < largebits; u += s)
BIT_SET(LargeSieve, u);
}
/* r = p mod s */
r = (2 * r + 1) % s;
if (r == 0)
u = 0; /* s divides p exactly */
else
u = s - r; /* p+u is first entry divisible by s */
if (u < largebits * 4) {
/*
* The sieve omits p's divisible by 4, so ensure that
* largebase+u is not. Then, step through the sieve in
* increments of 4*s
*/
while (u & 0x3) {
if (SMALL_MAXIMUM - u < s)
return;
u += s;
}
/* Mark all multiples of 4*s */
for (u /= 4; u < largebits; u += s)
BIT_SET(LargeSieve, u);
}
}
/*
* list candidates for Sophie-Germaine primes (where q = (p-1)/2)
* to standard output.
* The list is checked against small known primes (less than 2**30).
*/
int
gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
{
BIGNUM *q;
u_int32_t j, r, s, t;
u_int32_t smallwords = TINY_NUMBER >> 6;
u_int32_t tinywords = TINY_NUMBER >> 6;
time_t time_start, time_stop;
int i, ret = 0;
largememory = memory;
/*
* Set power to the length in bits of the prime to be generated.
* This is changed to 1 less than the desired safe prime moduli p.
*/
if (power > TEST_MAXIMUM) {
error("Too many bits: %u > %lu", power, TEST_MAXIMUM);
return (-1);
} else if (power < TEST_MINIMUM) {
error("Too few bits: %u < %u", power, TEST_MINIMUM);
return (-1);
}
power--; /* decrement before squaring */
/*
* The density of ordinary primes is on the order of 1/bits, so the
* density of safe primes should be about (1/bits)**2. Set test range
* to something well above bits**2 to be reasonably sure (but not
* guaranteed) of catching at least one safe prime.
*/
largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER));
/*
* Need idea of how much memory is available. We don't have to use all
* of it.
*/
if (largememory > LARGE_MAXIMUM) {
logit("Limited memory: %u MB; limit %lu MB",
largememory, LARGE_MAXIMUM);
largememory = LARGE_MAXIMUM;
}
if (largewords <= (largememory << SHIFT_MEGAWORD)) {
logit("Increased memory: %u MB; need %u bytes",
largememory, (largewords << SHIFT_BYTE));
largewords = (largememory << SHIFT_MEGAWORD);
} else if (largememory > 0) {
logit("Decreased memory: %u MB; want %u bytes",
largememory, (largewords << SHIFT_BYTE));
largewords = (largememory << SHIFT_MEGAWORD);
}
TinySieve = calloc(tinywords, sizeof(u_int32_t));
if (TinySieve == NULL) {
error("Insufficient memory for tiny sieve: need %u bytes",
tinywords << SHIFT_BYTE);
exit(1);
}
tinybits = tinywords << SHIFT_WORD;
SmallSieve = calloc(smallwords, sizeof(u_int32_t));
if (SmallSieve == NULL) {
error("Insufficient memory for small sieve: need %u bytes",
smallwords << SHIFT_BYTE);
xfree(TinySieve);
exit(1);
}
smallbits = smallwords << SHIFT_WORD;
/*
* dynamically determine available memory
*/
while ((LargeSieve = calloc(largewords, sizeof(u_int32_t))) == NULL)
largewords -= (1L << (SHIFT_MEGAWORD - 2)); /* 1/4 MB chunks */
largebits = largewords << SHIFT_WORD;
largenumbers = largebits * 2; /* even numbers excluded */
/* validation check: count the number of primes tried */
largetries = 0;
q = BN_new();
/*
* Generate random starting point for subprime search, or use
* specified parameter.
*/
largebase = BN_new();
if (start == NULL)
BN_rand(largebase, power, 1, 1);
else
BN_copy(largebase, start);
/* ensure odd */
BN_set_bit(largebase, 0);
time(&time_start);
logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start),
largenumbers, power);
debug2("start point: 0x%s", BN_bn2hex(largebase));
/*
* TinySieve
*/
for (i = 0; i < tinybits; i++) {
if (BIT_TEST(TinySieve, i))
continue; /* 2*i+3 is composite */
/* The next tiny prime */
t = 2 * i + 3;
/* Mark all multiples of t */
for (j = i + t; j < tinybits; j += t)
BIT_SET(TinySieve, j);
sieve_large(t);
}
/*
* Start the small block search at the next possible prime. To avoid
* fencepost errors, the last pass is skipped.
*/
for (smallbase = TINY_NUMBER + 3;
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
smallbase += TINY_NUMBER) {
for (i = 0; i < tinybits; i++) {
if (BIT_TEST(TinySieve, i))
continue; /* 2*i+3 is composite */
/* The next tiny prime */
t = 2 * i + 3;
r = smallbase % t;
if (r == 0) {
s = 0; /* t divides into smallbase exactly */
} else {
/* smallbase+s is first entry divisible by t */
s = t - r;
}
/*
* The sieve omits even numbers, so ensure that
* smallbase+s is odd. Then, step through the sieve
* in increments of 2*t
*/
if (s & 1)
s += t; /* Make smallbase+s odd, and s even */
/* Mark all multiples of 2*t */
for (s /= 2; s < smallbits; s += t)
BIT_SET(SmallSieve, s);
}
/*
* SmallSieve
*/
for (i = 0; i < smallbits; i++) {
if (BIT_TEST(SmallSieve, i))
continue; /* 2*i+smallbase is composite */
/* The next small prime */
sieve_large((2 * i) + smallbase);
}
memset(SmallSieve, 0, smallwords << SHIFT_BYTE);
}
time(&time_stop);
logit("%.24s Sieved with %u small primes in %ld seconds",
ctime(&time_stop), largetries, (long) (time_stop - time_start));
for (j = r = 0; j < largebits; j++) {
if (BIT_TEST(LargeSieve, j))
continue; /* Definitely composite, skip */
debug2("test q = largebase+%u", 2 * j);
BN_set_word(q, 2 * j);
BN_add(q, q, largebase);
if (qfileout(out, QTYPE_SOPHIE_GERMAINE, QTEST_SIEVE,
largetries, (power - 1) /* MSB */, (0), q) == -1) {
ret = -1;
break;
}
r++; /* count q */
}
time(&time_stop);
xfree(LargeSieve);
xfree(SmallSieve);
xfree(TinySieve);
logit("%.24s Found %u candidates", ctime(&time_stop), r);
return (ret);
}
/*
* perform a Miller-Rabin primality test
* on the list of candidates
* (checking both q and p)
* The result is a list of so-call "safe" primes
*/
int
prime_test(FILE *in, FILE *out, u_int32_t trials,
u_int32_t generator_wanted)
{
BIGNUM *q, *p, *a;
BN_CTX *ctx;
char *cp, *lp;
u_int32_t count_in = 0, count_out = 0, count_possible = 0;
u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
time_t time_start, time_stop;
int res;
time(&time_start);
p = BN_new();
q = BN_new();
ctx = BN_CTX_new();
debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
ctime(&time_start), trials, generator_wanted);
res = 0;
lp = xmalloc(QLINESIZE + 1);
while (fgets(lp, QLINESIZE, in) != NULL) {
int ll = strlen(lp);
count_in++;
if (ll < 14 || *lp == '!' || *lp == '#') {
debug2("%10u: comment or short line", count_in);
continue;
}
/* XXX - fragile parser */
/* time */
cp = &lp[14]; /* (skip) */
/* type */
in_type = strtoul(cp, &cp, 10);
/* tests */
in_tests = strtoul(cp, &cp, 10);
if (in_tests & QTEST_COMPOSITE) {
debug2("%10u: known composite", count_in);
continue;
}
/* tries */
in_tries = strtoul(cp, &cp, 10);
/* size (most significant bit) */
in_size = strtoul(cp, &cp, 10);
/* generator (hex) */
generator_known = strtoul(cp, &cp, 16);
/* Skip white space */
cp += strspn(cp, " ");
/* modulus (hex) */
switch (in_type) {
case QTYPE_SOPHIE_GERMAINE:
debug2("%10u: (%u) Sophie-Germaine", count_in, in_type);
a = q;
BN_hex2bn(&a, cp);
/* p = 2*q + 1 */
BN_lshift(p, q, 1);
BN_add_word(p, 1);
in_size += 1;
generator_known = 0;
break;
default:
debug2("%10u: (%u)", count_in, in_type);
a = p;
BN_hex2bn(&a, cp);
/* q = (p-1) / 2 */
BN_rshift(q, p, 1);
break;
}
/*
* due to earlier inconsistencies in interpretation, check
* the proposed bit size.
*/
if (BN_num_bits(p) != (in_size + 1)) {
debug2("%10u: bit size %u mismatch", count_in, in_size);
continue;
}
if (in_size < QSIZE_MINIMUM) {
debug2("%10u: bit size %u too short", count_in, in_size);
continue;
}
if (in_tests & QTEST_MILLER_RABIN)
in_tries += trials;
else
in_tries = trials;
/*
* guess unknown generator
*/
if (generator_known == 0) {
if (BN_mod_word(p, 24) == 11)
generator_known = 2;
else if (BN_mod_word(p, 12) == 5)
generator_known = 3;
else {
u_int32_t r = BN_mod_word(p, 10);
if (r == 3 || r == 7) {
generator_known = 5;
}
}
}
/*
* skip tests when desired generator doesn't match
*/
if (generator_wanted > 0 &&
generator_wanted != generator_known) {
debug2("%10u: generator %d != %d",
count_in, generator_known, generator_wanted);
continue;
}
count_possible++;
/*
* The (1/4)^N performance bound on Miller-Rabin is
* extremely pessimistic, so don't spend a lot of time
* really verifying that q is prime until after we know
* that p is also prime. A single pass will weed out the
* vast majority of composite q's.
*/
if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
debug2("%10u: q failed first possible prime test",
count_in);
continue;
}
/*
* q is possibly prime, so go ahead and really make sure
* that p is prime. If it is, then we can go back and do
* the same for q. If p is composite, chances are that
* will show up on the first Rabin-Miller iteration so it
* doesn't hurt to specify a high iteration count.
*/
if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
debug2("%10u: p is not prime", count_in);
continue;
}
debug("%10u: p is almost certainly prime", count_in);
/* recheck q more rigorously */
if (!BN_is_prime(q, trials - 1, NULL, ctx, NULL)) {
debug("%10u: q is not prime", count_in);
continue;
}
debug("%10u: q is almost certainly prime", count_in);
if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN),
in_tries, in_size, generator_known, p)) {
res = -1;
break;
}
count_out++;
}
time(&time_stop);
xfree(lp);
BN_free(p);
BN_free(q);
BN_CTX_free(ctx);
logit("%.24s Found %u safe primes of %u candidates in %ld seconds",
ctime(&time_stop), count_out, count_possible,
(long) (time_stop - time_start));
return (res);
}

23
crypto/openssh/moduli.h Normal file
View File

@ -0,0 +1,23 @@
/* $OpenBSD: moduli.h,v 1.1 2003/07/28 09:49:56 djm Exp $ */
#include <sys/types.h>
#include <openssl/bn.h>
/*
* Using virtual memory can cause thrashing. This should be the largest
* number that is supported without a large amount of disk activity --
* that would increase the run time from hours to days or weeks!
*/
#define LARGE_MINIMUM (8UL) /* megabytes */
/*
* Do not increase this number beyond the unsigned integer bit size.
* Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits).
*/
#define LARGE_MAXIMUM (127UL) /* megabytes */
/* Minimum number of primality tests to perform */
#define TRIAL_MINIMUM (4)
int gen_candidates(FILE *, int, int, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);

2
crypto/openssh/monitor_fdpass.c
View File

@ -113,9 +113,11 @@ mm_receive_fd(int socket)
fatal("%s: no fd", __func__);
#else
cmsg = CMSG_FIRSTHDR(&msg);
#ifndef BROKEN_CMSG_TYPE
if (cmsg->cmsg_type != SCM_RIGHTS)
fatal("%s: expected type %d got %d", __func__,
SCM_RIGHTS, cmsg->cmsg_type);
#endif
fd = (*(int *)CMSG_DATA(cmsg));
#endif
return fd;

1
crypto/openssh/monitor_mm.c
View File

@ -30,7 +30,6 @@ RCSID("$OpenBSD: monitor_mm.c,v 1.8 2002/08/02 14:43:15 millert Exp $");
#include <sys/mman.h>
#endif
#include "openbsd-compat/xmmap.h"
#include "ssh.h"
#include "xmalloc.h"
#include "log.h"

6
crypto/openssh/msg.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: msg.c,v 1.5 2002/12/19 00:07:02 djm Exp $");
RCSID("$OpenBSD: msg.c,v 1.6 2003/06/28 16:23:06 deraadt Exp $");
#include "buffer.h"
#include "getput.h"
@ -40,9 +40,9 @@ ssh_msg_send(int fd, u_char type, Buffer *m)
PUT_32BIT(buf, mlen + 1);
buf[4] = type; /* 1st byte of payload is mesg-type */
if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf))
if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf))
fatal("ssh_msg_send: write");
if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen)
if (atomicio(vwrite, fd, buffer_ptr(m), mlen) != mlen)
fatal("ssh_msg_send: write");
}

50
crypto/openssh/nchan.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: nchan.c,v 1.47 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: nchan.c,v 1.49 2003/08/29 10:04:36 markus Exp $");
#include "ssh1.h"
#include "ssh2.h"
@ -83,7 +83,7 @@ chan_set_istate(Channel *c, u_int next)
{
if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED)
fatal("chan_set_istate: bad state %d -> %d", c->istate, next);
debug("channel %d: input %s -> %s", c->self, istates[c->istate],
debug2("channel %d: input %s -> %s", c->self, istates[c->istate],
istates[next]);
c->istate = next;
}
@ -92,7 +92,7 @@ chan_set_ostate(Channel *c, u_int next)
{
if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED)
fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next);
debug("channel %d: output %s -> %s", c->self, ostates[c->ostate],
debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate],
ostates[next]);
c->ostate = next;
}
@ -104,7 +104,7 @@ chan_set_ostate(Channel *c, u_int next)
static void
chan_rcvd_oclose1(Channel *c)
{
debug("channel %d: rcvd oclose", c->self);
debug2("channel %d: rcvd oclose", c->self);
switch (c->istate) {
case CHAN_INPUT_WAIT_OCLOSE:
chan_set_istate(c, CHAN_INPUT_CLOSED);
@ -128,7 +128,7 @@ chan_rcvd_oclose1(Channel *c)
void
chan_read_failed(Channel *c)
{
debug("channel %d: read failed", c->self);
debug2("channel %d: read failed", c->self);
switch (c->istate) {
case CHAN_INPUT_OPEN:
chan_shutdown_read(c);
@ -143,7 +143,7 @@ chan_read_failed(Channel *c)
void
chan_ibuf_empty(Channel *c)
{
debug("channel %d: ibuf empty", c->self);
debug2("channel %d: ibuf empty", c->self);
if (buffer_len(&c->input)) {
error("channel %d: chan_ibuf_empty for non empty buffer",
c->self);
@ -169,7 +169,7 @@ chan_ibuf_empty(Channel *c)
static void
chan_rcvd_ieof1(Channel *c)
{
debug("channel %d: rcvd ieof", c->self);
debug2("channel %d: rcvd ieof", c->self);
switch (c->ostate) {
case CHAN_OUTPUT_OPEN:
chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
@ -186,7 +186,7 @@ chan_rcvd_ieof1(Channel *c)
static void
chan_write_failed1(Channel *c)
{
debug("channel %d: write failed", c->self);
debug2("channel %d: write failed", c->self);
switch (c->ostate) {
case CHAN_OUTPUT_OPEN:
chan_shutdown_write(c);
@ -207,7 +207,7 @@ chan_write_failed1(Channel *c)
void
chan_obuf_empty(Channel *c)
{
debug("channel %d: obuf empty", c->self);
debug2("channel %d: obuf empty", c->self);
if (buffer_len(&c->output)) {
error("channel %d: chan_obuf_empty for non empty buffer",
c->self);
@ -229,7 +229,7 @@ chan_obuf_empty(Channel *c)
static void
chan_send_ieof1(Channel *c)
{
debug("channel %d: send ieof", c->self);
debug2("channel %d: send ieof", c->self);
switch (c->istate) {
case CHAN_INPUT_OPEN:
case CHAN_INPUT_WAIT_DRAIN:
@ -246,7 +246,7 @@ chan_send_ieof1(Channel *c)
static void
chan_send_oclose1(Channel *c)
{
debug("channel %d: send oclose", c->self);
debug2("channel %d: send oclose", c->self);
switch (c->ostate) {
case CHAN_OUTPUT_OPEN:
case CHAN_OUTPUT_WAIT_DRAIN:
@ -268,7 +268,7 @@ chan_send_oclose1(Channel *c)
static void
chan_rcvd_close2(Channel *c)
{
debug("channel %d: rcvd close", c->self);
debug2("channel %d: rcvd close", c->self);
if (c->flags & CHAN_CLOSE_RCVD)
error("channel %d: protocol error: close rcvd twice", c->self);
c->flags |= CHAN_CLOSE_RCVD;
@ -301,7 +301,7 @@ chan_rcvd_close2(Channel *c)
static void
chan_rcvd_eof2(Channel *c)
{
debug("channel %d: rcvd eof", c->self);
debug2("channel %d: rcvd eof", c->self);
c->flags |= CHAN_EOF_RCVD;
if (c->ostate == CHAN_OUTPUT_OPEN)
chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
@ -309,7 +309,7 @@ chan_rcvd_eof2(Channel *c)
static void
chan_write_failed2(Channel *c)
{
debug("channel %d: write failed", c->self);
debug2("channel %d: write failed", c->self);
switch (c->ostate) {
case CHAN_OUTPUT_OPEN:
case CHAN_OUTPUT_WAIT_DRAIN:
@ -325,7 +325,7 @@ chan_write_failed2(Channel *c)
static void
chan_send_eof2(Channel *c)
{
debug("channel %d: send eof", c->self);
debug2("channel %d: send eof", c->self);
switch (c->istate) {
case CHAN_INPUT_WAIT_DRAIN:
packet_start(SSH2_MSG_CHANNEL_EOF);
@ -342,7 +342,7 @@ chan_send_eof2(Channel *c)
static void
chan_send_close2(Channel *c)
{
debug("channel %d: send close", c->self);
debug2("channel %d: send close", c->self);
if (c->ostate != CHAN_OUTPUT_CLOSED ||
c->istate != CHAN_INPUT_CLOSED) {
error("channel %d: cannot send close for istate/ostate %d/%d",
@ -398,13 +398,13 @@ int
chan_is_dead(Channel *c, int send)
{
if (c->type == SSH_CHANNEL_ZOMBIE) {
debug("channel %d: zombie", c->self);
debug2("channel %d: zombie", c->self);
return 1;
}
if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
return 0;
if (!compat20) {
debug("channel %d: is dead", c->self);
debug2("channel %d: is dead", c->self);
return 1;
}
if ((datafellows & SSH_BUG_EXTEOF) &&
@ -421,7 +421,7 @@ chan_is_dead(Channel *c, int send)
} else {
/* channel would be dead if we sent a close */
if (c->flags & CHAN_CLOSE_RCVD) {
debug("channel %d: almost dead",
debug2("channel %d: almost dead",
c->self);
return 1;
}
@ -429,7 +429,7 @@ chan_is_dead(Channel *c, int send)
}
if ((c->flags & CHAN_CLOSE_SENT) &&
(c->flags & CHAN_CLOSE_RCVD)) {
debug("channel %d: is dead", c->self);
debug2("channel %d: is dead", c->self);
return 1;
}
return 0;
@ -443,15 +443,15 @@ chan_shutdown_write(Channel *c)
if (compat20 && c->type == SSH_CHANNEL_LARVAL)
return;
/* shutdown failure is allowed if write failed already */
debug("channel %d: close_write", c->self);
debug2("channel %d: close_write", c->self);
if (c->sock != -1) {
if (shutdown(c->sock, SHUT_WR) < 0)
debug("channel %d: chan_shutdown_write: "
debug2("channel %d: chan_shutdown_write: "
"shutdown() failed for fd%d: %.100s",
c->self, c->sock, strerror(errno));
} else {
if (channel_close_fd(&c->wfd) < 0)
log("channel %d: chan_shutdown_write: "
logit("channel %d: chan_shutdown_write: "
"close() failed for fd%d: %.100s",
c->self, c->wfd, strerror(errno));
}
@ -461,7 +461,7 @@ chan_shutdown_read(Channel *c)
{
if (compat20 && c->type == SSH_CHANNEL_LARVAL)
return;
debug("channel %d: close_read", c->self);
debug2("channel %d: close_read", c->self);
if (c->sock != -1) {
/*
* shutdown(sock, SHUT_READ) may return ENOTCONN if the
@ -476,7 +476,7 @@ chan_shutdown_read(Channel *c)
strerror(errno));
} else {
if (channel_close_fd(&c->rfd) < 0)
log("channel %d: chan_shutdown_read: "
logit("channel %d: chan_shutdown_read: "
"close() failed for fd%d: %.100s",
c->self, c->rfd, strerror(errno));
}

6
crypto/openssh/openbsd-compat/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.25 2003/02/24 01:55:56 djm Exp $
# $Id: Makefile.in,v 1.28 2003/07/24 06:52:14 mouring Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@ -16,9 +16,9 @@ RANLIB=@RANLIB@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o
COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o
COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
PORTS=port-irix.o port-aix.o

50
crypto/openssh/openbsd-compat/base64.h
View File

@ -1,23 +1,65 @@
/* $Id: base64.h,v 1.4 2003/02/24 04:45:43 djm Exp $ */
/* $Id: base64.h,v 1.6 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 1996 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
/*
* Portions Copyright (c) 1995 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* To the extent it has a right to do so, IBM grants an immunity from suit
* under its patents, if any, for the use, sale or manufacture of products to
* the extent that such products are used for performing Domain Name System
* dynamic updates in TCP/IP networks by means of the Software. No immunity is
* granted for any product per se or for any other function of any product.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
#ifndef _BSD_BASE64_H
#define _BSD_BASE64_H
#include "config.h"
#include "includes.h"
#ifndef HAVE___B64_NTOP
# ifndef HAVE_B64_NTOP
int b64_ntop(u_char const *src, size_t srclength, char *target,
size_t targsize);
# endif /* !HAVE_B64_NTOP */
# define __b64_ntop b64_ntop
# define __b64_ntop(a,b,c,d) b64_ntop(a,b,c,d)
#endif /* HAVE___B64_NTOP */
#ifndef HAVE___B64_PTON
# ifndef HAVE_B64_PTON
int b64_pton(char const *src, u_char *target, size_t targsize);
# endif /* !HAVE_B64_PTON */
# define __b64_pton b64_pton
# define __b64_pton(a,b,c) b64_pton(a,b,c)
#endif /* HAVE___B64_PTON */
#endif /* _BSD_BASE64_H */

39
crypto/openssh/openbsd-compat/basename.c
View File

@ -1,37 +1,26 @@
/* $OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $ */
/* $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $ */
/*
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#if !defined(HAVE_BASENAME)
#include "includes.h"
#ifndef HAVE_BASENAME
#ifndef lint
static char rcsid[] = "$OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $";
static char rcsid[] = "$OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $";
#endif /* not lint */
char *

63
crypto/openssh/openbsd-compat/bindresvport.c
View File

@ -1,48 +1,37 @@
/* This file has be modified from the original OpenBSD source */
/* This file has be substantially modified from the original OpenBSD source */
/* $OpenBSD: bindresvport.c,v 1.15 2003/05/20 22:42:35 deraadt Exp $ */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
* unrestricted use provided that this legend is included on all tape
* media and as a part of the software program in whole or part. Users
* may copy or modify Sun RPC without charge, but are not authorized
* to license or distribute it to anyone else except as part of a product or
* program developed by the user.
*
* SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
* WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
* PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
*
* Sun RPC is provided with no support and without any obligation on the
* part of Sun Microsystems, Inc. to assist in its use, correction,
* modification or enhancement.
*
* SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
* INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
* OR ANY PART THEREOF.
*
* In no event will Sun Microsystems, Inc. be liable for any lost revenue
* or profits or other special, indirect and consequential damages, even if
* Sun has been advised of the possibility of such damages.
*
* Sun Microsystems, Inc.
* 2550 Garcia Avenue
* Mountain View, California 94043
* Copyright 1996, Jason Downs. All rights reserved.
* Copyright 1998, Theo de Raadt. All rights reserved.
* Copyright 2000, Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifndef HAVE_BINDRESVPORT_SA
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: bindresvport.c,v 1.13 2000/01/26 03:43:21 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
/*
* Copyright (c) 1987 by Sun Microsystems, Inc.
*
* Portions Copyright(C) 1996, Jason Downs. All rights reserved.
*/
#include "includes.h"
#define STARTPORT 600

3
crypto/openssh/openbsd-compat/bsd-arc4random.c
View File

@ -25,7 +25,7 @@
#include "includes.h"
#include "log.h"
RCSID("$Id: bsd-arc4random.c,v 1.6 2003/03/17 05:13:53 djm Exp $");
RCSID("$Id: bsd-arc4random.c,v 1.7 2003/05/18 14:13:38 djm Exp $");
#ifndef HAVE_ARC4RANDOM
@ -70,6 +70,7 @@ void arc4random_stir(void)
fatal("Couldn't obtain random bytes (error %ld)",
ERR_get_error());
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
memset(rand_buf, 0, sizeof(rand_buf));
rc4_ready = REKEY_BYTES;

796
crypto/openssh/openbsd-compat/bsd-cray.c
View File

@ -1,5 +1,5 @@
/*
* $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
* $Id: bsd-cray.c,v 1.12 2003/06/03 02:45:27 dtucker Exp $
*
* bsd-cray.c
*
@ -67,10 +67,10 @@
extern ServerOptions options;
char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */
char cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */
struct sysv sysv; /* system security structure */
struct usrv usrv; /* user security structure */
struct sysv sysv; /* system security structure */
struct usrv usrv; /* user security structure */
/*
* Functions.
@ -86,39 +86,40 @@ int cray_access_denied(char *);
void
cray_login_failure(char *username, int errcode)
{
struct udb *ueptr; /* UDB pointer for username */
ia_failure_t fsent; /* ia_failure structure */
struct udb *ueptr; /* UDB pointer for username */
ia_failure_t fsent; /* ia_failure structure */
ia_failure_ret_t fret; /* ia_failure return stuff */
struct jtab jtab; /* job table structure */
int jid = 0; /* job id */
struct jtab jtab; /* job table structure */
int jid = 0; /* job id */
if ((jid = getjtab(&jtab)) < 0) {
if ((jid = getjtab(&jtab)) < 0)
debug("cray_login_failure(): getjtab error");
}
getsysudb();
if ((ueptr = getudbnam(username)) == UDB_NULL) {
debug("cray_login_failure(): getudbname() returned NULL");
}
endudb();
fsent.revision = 0;
fsent.uname = username;
fsent.host = (char *)get_canonical_hostname(options.verify_reverse_mapping);
fsent.ttyn = "sshd";
fsent.caller = IA_SSHD;
fsent.flags = IA_INTERACTIVE;
fsent.ueptr = ueptr;
fsent.jid = jid;
fsent.errcode = errcode;
fsent.pwdp = NULL;
fsent.exitcode = 0; /* dont exit in ia_failure() */
fret.revision = 0;
fret.normal = 0;
getsysudb();
if ((ueptr = getudbnam(username)) == UDB_NULL)
debug("cray_login_failure(): getudbname() returned NULL");
endudb();
memset(&fsent, '\0', sizeof(fsent));
fsent.revision = 0;
fsent.uname = username;
fsent.host = (char *)get_canonical_hostname(options.use_dns);
fsent.ttyn = "sshd";
fsent.caller = IA_SSHD;
fsent.flags = IA_INTERACTIVE;
fsent.ueptr = ueptr;
fsent.jid = jid;
fsent.errcode = errcode;
fsent.pwdp = NULL;
fsent.exitcode = 0; /* dont exit in ia_failure() */
fret.revision = 0;
fret.normal = 0;
/*
* Call ia_failure because of an login failure.
*/
ia_failure(&fsent,&fret);
ia_failure(&fsent, &fret);
}
/*
@ -127,338 +128,316 @@ cray_login_failure(char *username, int errcode)
int
cray_access_denied(char *username)
{
struct udb *ueptr; /* UDB pointer for username */
int errcode; /* IA errorcode */
struct udb *ueptr; /* UDB pointer for username */
int errcode; /* IA errorcode */
errcode = 0;
getsysudb();
if ((ueptr = getudbnam(username)) == UDB_NULL) {
if ((ueptr = getudbnam(username)) == UDB_NULL)
debug("cray_login_failure(): getudbname() returned NULL");
}
endudb();
if (ueptr && ueptr->ue_disabled)
if (ueptr != NULL && ueptr->ue_disabled)
errcode = IA_DISABLED;
if (errcode)
cray_login_failure(username, errcode);
return (errcode);
}
/*
* record_failed_login: generic "login failed" interface function
*/
void
record_failed_login(const char *user, const char *ttyname)
{
cray_login_failure((char *)user, IA_UDBERR);
}
int
cray_setup (uid_t uid, char *username, const char *command)
{
extern struct udb *getudb();
extern char *setlimits();
int err; /* error return */
time_t system_time; /* current system clock */
time_t expiration_time; /* password expiration time */
int maxattempts; /* maximum no. of failed login attempts */
int SecureSys; /* unicos security flag */
int minslevel = 0; /* system minimum security level */
int i, j;
int valid_acct = -1; /* flag for reading valid acct */
char acct_name[MAXACID] = { "" }; /* used to read acct name */
struct jtab jtab; /* Job table struct */
struct udb ue; /* udb entry for logging-in user */
struct udb *up; /* pointer to UDB entry */
struct secstat secinfo; /* file security attributes */
struct servprov init_info; /* used for sesscntl() call */
int jid; /* job ID */
int pid; /* process ID */
char *sr; /* status return from setlimits() */
char *ttyn = NULL; /* ttyname or command name*/
char hostname[MAXHOSTNAMELEN];
passwd_t pwdacm,
pwddialup,
pwdudb,
pwdwal,
pwddce; /* passwd stuff for ia_user */
ia_user_ret_t uret; /* stuff returned from ia_user */
ia_user_t usent; /* ia_user main structure */
int ia_rcode; /* ia_user return code */
ia_failure_t fsent; /* ia_failure structure */
int err; /* error return */
time_t system_time; /* current system clock */
time_t expiration_time; /* password expiration time */
int maxattempts; /* maximum no. of failed login attempts */
int SecureSys; /* unicos security flag */
int minslevel = 0; /* system minimum security level */
int i, j;
int valid_acct = -1; /* flag for reading valid acct */
char acct_name[MAXACID] = { "" }; /* used to read acct name */
struct jtab jtab; /* Job table struct */
struct udb ue; /* udb entry for logging-in user */
struct udb *up; /* pointer to UDB entry */
struct secstat secinfo; /* file security attributes */
struct servprov init_info; /* used for sesscntl() call */
int jid; /* job ID */
int pid; /* process ID */
char *sr; /* status return from setlimits() */
char *ttyn = NULL; /* ttyname or command name*/
char hostname[MAXHOSTNAMELEN];
/* passwd stuff for ia_user */
passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce;
ia_user_ret_t uret; /* stuff returned from ia_user */
ia_user_t usent /* ia_user main structure */
int ia_rcode; /* ia_user return code */
ia_failure_t fsent; /* ia_failure structure */
ia_failure_ret_t fret; /* ia_failure return stuff */
ia_success_t ssent; /* ia_success structure */
ia_success_t ssent; /* ia_success structure */
ia_success_ret_t sret; /* ia_success return stuff */
int ia_mlsrcode; /* ia_mlsuser return code */
int secstatrc; /* [f]secstat return code */
int ia_mlsrcode; /* ia_mlsuser return code */
int secstatrc; /* [f]secstat return code */
if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) {
getsysv(&sysv, sizeof(struct sysv));
minslevel = sysv.sy_minlvl;
if (getusrv(&usrv) < 0) {
debug("getusrv() failed, errno = %d",errno);
exit(1);
}
if (getusrv(&usrv) < 0)
fatal("getusrv() failed, errno = %d", errno);
}
hostname[0] = '\0';
strncpy(hostname,
(char *)get_canonical_hostname(options.verify_reverse_mapping),
strlcpy(hostname,
(char *)get_canonical_hostname(options.use_dns),
MAXHOSTNAMELEN);
/*
* Fetch user's UDB entry.
*/
getsysudb();
if ((up = getudbnam(username)) == UDB_NULL) {
debug("cannot fetch user's UDB entry");
exit(1);
}
/*
* Fetch user's UDB entry.
*/
getsysudb();
if ((up = getudbnam(username)) == UDB_NULL)
fatal("cannot fetch user's UDB entry");
/*
* Prevent any possible fudging so perform a data
* safety check and compare the supplied uid against
* the udb's uid.
*/
if (up->ue_uid != uid) {
debug("IA uid missmatch");
exit(1);
}
/*
* Prevent any possible fudging so perform a data
* safety check and compare the supplied uid against
* the udb's uid.
*/
if (up->ue_uid != uid)
fatal("IA uid missmatch");
endudb();
if ((jid = getjtab (&jtab)) < 0) {
if ((jid = getjtab(&jtab)) < 0) {
debug("getjtab");
return -1;
return(-1);
}
pid = getpid();
ttyn = ttyname(0);
if (SecureSys) {
if (ttyn) {
if (ttyn != NULL)
secstatrc = secstat(ttyn, &secinfo);
} else {
else
secstatrc = fsecstat(1, &secinfo);
}
if (secstatrc == 0) {
if (secstatrc == 0)
debug("[f]secstat() successful");
} else {
debug("[f]secstat() error, rc = %d", secstatrc);
exit(1);
}
else
fatal("[f]secstat() error, rc = %d", secstatrc);
}
if ((ttyn == NULL) && ((char *)command != NULL))
ttyn = (char *)command;
/*
* Initialize all structures to call ia_user
*/
usent.revision = 0;
usent.uname = username;
usent.host = hostname;
usent.ttyn = ttyn;
usent.caller = IA_SSHD;
usent.pswdlist = &pwdacm;
usent.ueptr = &ue;
usent.flags = IA_INTERACTIVE | IA_FFLAG;
pwdacm.atype = IA_SECURID;
pwdacm.pwdp = NULL;
pwdacm.next = &pwdudb;
/*
* Initialize all structures to call ia_user
*/
usent.revision = 0;
usent.uname = username;
usent.host = hostname;
usent.ttyn = ttyn;
usent.caller = IA_SSHD;
usent.pswdlist = &pwdacm;
usent.ueptr = &ue;
usent.flags = IA_INTERACTIVE | IA_FFLAG;
pwdacm.atype = IA_SECURID;
pwdacm.pwdp = NULL;
pwdacm.next = &pwdudb;
pwdudb.atype = IA_UDB;
pwdudb.pwdp = NULL;
pwdudb.next = &pwddce;
pwdudb.atype = IA_UDB;
pwdudb.pwdp = NULL;
pwdudb.next = &pwddce;
pwddce.atype = IA_DCE;
pwddce.pwdp = NULL;
pwddce.next = &pwddialup;
pwddce.atype = IA_DCE;
pwddce.pwdp = NULL;
pwddce.next = &pwddialup;
pwddialup.atype = IA_DIALUP;
pwddialup.pwdp = NULL;
/* pwddialup.next = &pwdwal; */
pwddialup.next = NULL;
pwddialup.atype = IA_DIALUP;
pwddialup.pwdp = NULL;
/* pwddialup.next = &pwdwal; */
pwddialup.next = NULL;
pwdwal.atype = IA_WAL;
pwdwal.pwdp = NULL;
pwdwal.next = NULL;
pwdwal.atype = IA_WAL;
pwdwal.pwdp = NULL;
pwdwal.next = NULL;
uret.revision = 0;
uret.pswd = NULL;
uret.normal = 0;
uret.revision = 0;
uret.pswd = NULL;
uret.normal = 0;
ia_rcode = ia_user(&usent, &uret);
ia_rcode = ia_user(&usent, &uret);
switch (ia_rcode) {
/*
* These are acceptable return codes from ia_user()
*/
case IA_UDBWEEK: /* Password Expires in 1 week */
expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
printf ("WARNING - your current password will expire %s\n",
ctime((const time_t *)&expiration_time));
break;
case IA_UDBEXPIRED:
if (ttyname(0) != NULL) {
/* Force a password change */
printf("Your password has expired; Choose a new one.\n");
execl("/bin/passwd", "passwd", username, 0);
exit(9);
}
break;
case IA_NORMAL: /* Normal Return Code */
break;
case IA_BACKDOOR:
/* XXX: can we memset it to zero here so save some of this */
strlcpy(ue.ue_name, "root", sizeof(ue.ue_name));
strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir));
strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell));
switch (ia_rcode) {
/*
* These are acceptable return codes from ia_user()
*/
case IA_UDBWEEK: /* Password Expires in 1 week */
expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
printf ("WARNING - your current password will expire %s\n",
ctime((const time_t *)&expiration_time));
break;
case IA_UDBEXPIRED:
if (ttyname(0) != NULL) {
/* Force a password change */
printf("Your password has expired; Choose a new one.\n");
execl("/bin/passwd", "passwd", username, 0);
exit(9);
}
ue.ue_passwd[0] = '\0';
ue.ue_age[0] = '\0';
ue.ue_comment[0] = '\0';
ue.ue_loghost[0] = '\0';
ue.ue_logline[0] = '\0';
break;
case IA_NORMAL: /* Normal Return Code */
break;
case IA_BACKDOOR:
strcpy(ue.ue_name, "root");
strcpy(ue.ue_passwd, "");
strcpy(ue.ue_dir, "/");
strcpy(ue.ue_shell, "/bin/sh");
strcpy(ue.ue_age, "");
strcpy(ue.ue_comment, "");
strcpy(ue.ue_loghost, "");
strcpy(ue.ue_logline, "");
ue.ue_uid=-1;
ue.ue_nice[UDBRC_INTER]=0;
for (i=0;i<MAXVIDS;i++)
ue.ue_gids[i]=0;
ue.ue_logfails=0;
ue.ue_minlvl=minslevel;
ue.ue_maxlvl=minslevel;
ue.ue_deflvl=minslevel;
ue.ue_defcomps=0;
ue.ue_comparts=0;
ue.ue_permits=0;
ue.ue_trap=0;
ue.ue_disabled=0;
ue.ue_logtime=0;
break;
case IA_CONSOLE: /* Superuser not from Console */
case IA_TRUSTED: /* Trusted user */
if (options.permit_root_login > PERMIT_NO)
break; /* Accept root login */
default:
/*
* These are failed return codes from ia_user()
*/
switch (ia_rcode)
{
case IA_BADAUTH:
printf ("Bad authorization, access denied.\n");
break;
case IA_DIALUPERR:
break;
case IA_DISABLED:
printf ("Your login has been disabled. Contact the system ");
printf ("administrator for assistance.\n");
break;
case IA_GETSYSV:
printf ("getsysv() failed - errno = %d\n", errno);
break;
case IA_LOCALHOST:
break;
case IA_MAXLOGS:
printf ("Maximum number of failed login attempts exceeded.\n");
printf ("Access denied.\n");
break;
case IA_NOPASS:
break;
case IA_PUBLIC:
break;
case IA_SECURIDERR:
break;
case IA_CONSOLE:
break;
case IA_TRUSTED:
break;
case IA_UDBERR:
break;
case IA_UDBPWDNULL:
/*
* NULL password not allowed on MLS systems
*/
if (SecureSys) {
printf("NULL Password not allowed on MLS systems.\n");
}
break;
case IA_UNKNOWN:
break;
case IA_UNKNOWNYP:
break;
case IA_WALERR:
break;
default:
/* nothing special */
;
} /* 2. switch (ia_rcode) */
/*
* Authentication failed.
*/
printf("sshd: Login incorrect, (0%o)\n",
ia_rcode-IA_ERRORCODE);
/*
* Initialize structure for ia_failure
* which will exit.
*/
fsent.revision = 0;
fsent.uname = username;
fsent.host = hostname;
fsent.ttyn = ttyn;
fsent.caller = IA_SSHD;
fsent.flags = IA_INTERACTIVE;
fsent.ueptr = &ue;
fsent.jid = jid;
fsent.errcode = ia_rcode;
fsent.pwdp = uret.pswd;
fsent.exitcode = 1;
fret.revision = 0;
fret.normal = 0;
/*
* Call ia_failure because of an IA failure.
* There is no return because ia_failure exits.
*/
ia_failure(&fsent,&fret);
ue.ue_uid = -1;
ue.ue_nice[UDBRC_INTER] = 0;
for (i = 0; i < MAXVIDS; i++)
ue.ue_gids[i] = 0;
ue.ue_logfails = 0;
ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel;
ue.ue_defcomps = 0;
ue.ue_comparts = 0;
ue.ue_permits = 0;
ue.ue_trap = 0;
ue.ue_disabled = 0;
ue.ue_logtime = 0;
break;
case IA_CONSOLE: /* Superuser not from Console */
case IA_TRUSTED: /* Trusted user */
if (options.permit_root_login > PERMIT_NO)
break; /* Accept root login */
default:
/*
* These are failed return codes from ia_user()
*/
switch (ia_rcode)
{
case IA_BADAUTH:
printf("Bad authorization, access denied.\n");
break;
case IA_DISABLED:
printf("Your login has been disabled. Contact the system ");
printf("administrator for assistance.\n");
break;
case IA_GETSYSV:
printf("getsysv() failed - errno = %d\n", errno);
break;
case IA_MAXLOGS:
printf("Maximum number of failed login attempts exceeded.\n");
printf("Access denied.\n");
break;
case IA_UDBPWDNULL:
if (SecureSys)
printf("NULL Password not allowed on MLS systems.\n");
break;
default:
break;
}
exit(1);
} /* 1. switch (ia_rcode) */
ia_mlsrcode = IA_NORMAL;
if (SecureSys) {
debug("calling ia_mlsuser()");
ia_mlsrcode = ia_mlsuser (&ue, &secinfo, &usrv, NULL, 0);
}
if (ia_mlsrcode != IA_NORMAL) {
printf("sshd: Login incorrect, (0%o)\n",
ia_mlsrcode-IA_ERRORCODE);
/*
* Initialize structure for ia_failure
* which will exit.
*/
* Authentication failed.
*/
printf("sshd: Login incorrect, (0%o)\n",
ia_rcode-IA_ERRORCODE);
/*
* Initialize structure for ia_failure
* which will exit.
*/
fsent.revision = 0;
fsent.uname = username;
fsent.host = hostname;
fsent.ttyn = ttyn;
fsent.caller = IA_SSHD;
fsent.flags = IA_INTERACTIVE;
fsent.ueptr = &ue;
fsent.jid = jid;
fsent.errcode = ia_mlsrcode;
fsent.pwdp = uret.pswd;
fsent.uname = username;
fsent.host = hostname;
fsent.ttyn = ttyn;
fsent.caller = IA_SSHD;
fsent.flags = IA_INTERACTIVE;
fsent.ueptr = &ue;
fsent.jid = jid;
fsent.errcode = ia_rcode;
fsent.pwdp = uret.pswd;
fsent.exitcode = 1;
fret.revision = 0;
fret.normal = 0;
fret.revision = 0;
fret.normal = 0;
/*
* Call ia_failure because of an IA failure.
* There is no return because ia_failure exits.
*/
ia_failure(&fsent, &fret);
exit(1);
}
ia_mlsrcode = IA_NORMAL;
if (SecureSys) {
debug("calling ia_mlsuser()");
ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0);
}
if (ia_mlsrcode != IA_NORMAL) {
printf("sshd: Login incorrect, (0%o)\n",
ia_mlsrcode-IA_ERRORCODE);
/*
* Initialize structure for ia_failure
* which will exit.
*/
fsent.revision = 0;
fsent.uname = username;
fsent.host = hostname;
fsent.ttyn = ttyn;
fsent.caller = IA_SSHD;
fsent.flags = IA_INTERACTIVE;
fsent.ueptr = &ue;
fsent.jid = jid;
fsent.errcode = ia_mlsrcode;
fsent.pwdp = uret.pswd;
fsent.exitcode = 1;
fret.revision = 0;
fret.normal = 0;
/*
* Call ia_failure because of an IA failure.
* There is no return because ia_failure exits.
*/
ia_failure(&fsent,&fret);
exit(1);
}
/* Provide login status information */
if (options.print_lastlog && ue.ue_logtime != 0) {
printf("Last successful login was : %.*s ",
19, (char *)ctime(&ue.ue_logtime));
if (*ue.ue_loghost != '\0')
printf("from %.*s\n", sizeof(ue.ue_loghost), ue.ue_loghost);
else printf("on %.*s\n", sizeof(ue.ue_logline), ue.ue_logline);
if ( SecureSys && (ue.ue_logfails != 0))
printf(" followed by %d failed attempts\n", ue.ue_logfails);
}
/* Provide login status information */
if (options.print_lastlog && ue.ue_logtime != 0) {
printf("Last successful login was : %.*s ", 19,
(char *)ctime(&ue.ue_logtime));
if (*ue.ue_loghost != '\0') {
printf("from %.*s\n", sizeof(ue.ue_loghost),
ue.ue_loghost);
} else {
printf("on %.*s\n", sizeof(ue.ue_logline),
ue.ue_logline);
}
if (SecureSys && (ue.ue_logfails != 0)) {
printf(" followed by %d failed attempts\n",
ue.ue_logfails);
}
}
/*
* Call ia_success to process successful I/A.
*/
@ -472,109 +451,116 @@ cray_setup (uid_t uid, char *username, const char *command)
ssent.jid = jid;
ssent.errcode = ia_rcode;
ssent.us = NULL;
ssent.time = 1; /* Set ue_logtime */
ssent.time = 1; /* Set ue_logtime */
sret.revision = 0;
sret.normal = 0;
ia_success(&ssent,&sret);
ia_success(&ssent, &sret);
/*
* Query for account, iff > 1 valid acid & askacid permbit
*/
if (((ue.ue_permbits & PERMBITS_ACCTID) ||
(ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
ue.ue_permbits & PERMBITS_ASKACID) {
/*
* Query for account, iff > 1 valid acid & askacid permbit
*/
if (((ue.ue_permbits & PERMBITS_ACCTID) ||
(ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
ue.ue_permbits & PERMBITS_ASKACID) {
if (ttyname(0) != NULL) {
debug("cray_setup: ttyname true case, %.100s", ttyname);
while (valid_acct == -1) {
printf("Account (? for available accounts)"
" [%s]: ", acid2nam(ue.ue_acids[0]));
gets(acct_name);
switch (acct_name[0]) {
case EOF:
exit(0);
break;
case '\0':
valid_acct = ue.ue_acids[0];
strcpy(acct_name, acid2nam(valid_acct));
break;
case '?':
/* Print the list 3 wide */
for (i = 0, j = 0; i < MAXVIDS; i++) {
if (ue.ue_acids[i] == -1) {
printf("\n");
break;
}
if (++j == 4) {
j = 1;
printf("\n");
}
printf(" %s",
acid2nam(ue.ue_acids[i]));
}
if (ue.ue_permbits & PERMBITS_ACCTID)
printf("\"acctid\" permbit also allows"
" you to select any valid "
"account name.\n");
printf("\n");
break;
default:
if ((valid_acct = nam2acid(acct_name)) == -1) printf("Account id not found for"
" account name \"%s\"\n\n",
acct_name);
break;
}
/*
* If an account was given, search the user's
* acids array to verify they can use this account.
*/
if ((valid_acct != -1) &&
!(ue.ue_permbits & PERMBITS_ACCTID)) {
for (i = 0; i < MAXVIDS; i++) {
if (ue.ue_acids[i] == -1)
break;
if (valid_acct == ue.ue_acids[i])
break;
}
if (i == MAXVIDS ||
ue.ue_acids[i] == -1) {
fprintf(stderr, "Cannot set"
" account name to "
"\"%s\", permission "
"denied\n\n", acct_name);
valid_acct = -1;
}
}
}
debug("cray_setup: ttyname true case, %.100s", ttyname);
while (valid_acct == -1) {
printf("Account (? for available accounts)"
" [%s]: ", acid2nam(ue.ue_acids[0]));
fgets(acct_name, MAXACID, stdin);
switch (acct_name[0]) {
case EOF:
exit(0);
break;
case '\0':
valid_acct = ue.ue_acids[0];
strlcpy(acct_name, acid2nam(valid_acct), MAXACID);
break;
case '?':
/* Print the list 3 wide */
for (i = 0, j = 0; i < MAXVIDS; i++) {
if (ue.ue_acids[i] == -1) {
printf("\n");
break;
}
if (++j == 4) {
j = 1;
printf("\n");
}
printf(" %s",
acid2nam(ue.ue_acids[i]));
}
if (ue.ue_permbits & PERMBITS_ACCTID) {
printf("\"acctid\" permbit also allows"
" you to select any valid "
"account name.\n");
}
printf("\n");
break;
default:
valid_acct = nam2acid(acct_name);
if (valid_acct == -1) {
printf(
"Account id not found for"
" account name \"%s\"\n\n",
acct_name);
break;
}
/*
* If an account was given, search the user's
* acids array to verify they can use this account.
*/
if ((valid_acct != -1) &&
!(ue.ue_permbits & PERMBITS_ACCTID)) {
for (i = 0; i < MAXVIDS; i++) {
if (ue.ue_acids[i] == -1)
break;
if (valid_acct == ue.ue_acids[i])
break;
}
if (i == MAXVIDS ||
ue.ue_acids[i] == -1) {
fprintf(stderr, "Cannot set"
" account name to "
"\"%s\", permission "
"denied\n\n", acct_name);
valid_acct = -1;
}
}
}
} else {
/*
* The client isn't connected to a terminal and can't
* respond to an acid prompt. Use default acid.
*/
debug("cray_setup: ttyname false case, %.100s",
ttyname);
valid_acct = ue.ue_acids[0];
}
} else {
/*
* The client isn't connected to a terminal and can't
* respond to an acid prompt. Use default acid.
* The user doesn't have the askacid permbit set or
* only has one valid account to use.
*/
debug("cray_setup: ttyname false case, %.100s", ttyname);
valid_acct = ue.ue_acids[0];
}
} else {
/*
* The user doesn't have the askacid permbit set or
* only has one valid account to use.
*/
valid_acct = ue.ue_acids[0];
}
if (acctid(0, valid_acct) < 0) {
printf ("Bad account id: %d\n", valid_acct);
exit(1);
}
if (acctid(0, valid_acct) < 0) {
printf ("Bad account id: %d\n", valid_acct);
exit(1);
}
/* set up shares and quotas */
/* Now set shares, quotas, limits, including CPU time for the (interactive)
* job and process, and set up permissions (for chown etc), etc.
*/
/*
* Now set shares, quotas, limits, including CPU time for the
* (interactive) job and process, and set up permissions
* (for chown etc), etc.
*/
if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
printf("Unable to give %d shares to <%s>(%d/%d)\n", ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
printf("Unable to give %d shares to <%s>(%d/%d)\n",
ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
exit(1);
}
}
sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
if (sr != NULL) {
@ -587,17 +573,15 @@ cray_setup (uid_t uid, char *username, const char *command)
exit(1);
}
/*
* Place the service provider information into
* Place the service provider information into
* the session table (Unicos) or job table (Unicos/mk).
* There exist double defines for the job/session table in
* unicos/mk (jtab.h) so no need for a compile time switch.
*/
bzero((char *)&init_info, sizeof(struct servprov));
init_info.s_sessinit.si_id = URM_SPT_LOGIN;
memset(&init_info, '\0', sizeof(init_info));
init_info.s_sessinit.si_id = URM_SPT_LOGIN;
init_info.s_sessinit.si_pid = getpid();
init_info.s_sessinit.si_sid = jid;
init_info.s_routing.seqno = 0;
init_info.s_routing.iadrs = 0;
sesscntl(0, S_SETSERVPO, (int)&init_info);
/*
@ -610,7 +594,7 @@ cray_setup (uid_t uid, char *username, const char *command)
}
}
return(0);
return (0);
}
/*
@ -623,10 +607,10 @@ void
drop_cray_privs()
{
#if defined(_SC_CRAY_PRIV_SU)
priv_proc_t* privstate;
int result;
extern int priv_set_proc();
extern priv_proc_t* priv_init_proc();
priv_proc_t *privstate;
int result;
extern int priv_set_proc();
extern priv_proc_t *priv_init_proc();
/*
* If ether of theses two flags are not set
@ -654,15 +638,17 @@ drop_cray_privs()
usrv.sv_intcat = TFM_SYSTEM;
usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE);
if (setusrv(&usrv) < 0)
if (setusrv(&usrv) < 0) {
fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
strerror(errno));
}
if ((privstate = priv_init_proc()) != NULL) {
result = priv_set_proc(privstate);
if (result != 0 )
if (result != 0 ) {
fatal("%s(%d): priv_set_proc(): %s",
__FILE__, __LINE__, strerror(errno));
}
priv_free_proc(privstate);
}
debug ("Privileges should be cleared...");
@ -683,6 +669,7 @@ cray_retain_utmp(struct utmp *ut, int pid)
struct utmp utmp;
if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
/* XXX use atomicio */
while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
if (pid == utmp.ut_pid) {
ut->ut_jid = utmp.ut_jid;
@ -693,9 +680,8 @@ cray_retain_utmp(struct utmp *ut, int pid)
}
}
close(fd);
}
else
fatal("Unable to open utmp file");
} else
fatal("Unable to open utmp file");
}
/*
@ -708,11 +694,9 @@ cray_retain_utmp(struct utmp *ut, int pid)
void
cray_delete_tmpdir(char *login, int jid, uid_t uid)
{
int child;
static char jtmp[TPATHSIZ];
struct stat statbuf;
int c;
int wstat;
int child, c, wstat;
for (c = 'a'; c <= 'z'; c++) {
snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);

34
crypto/openssh/openbsd-compat/bsd-cray.h
View File

@ -1,8 +1,6 @@
/*
* $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $
*
* bsd-cray.h
*
/* $Id: bsd-cray.h,v 1.10 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>)
* Significant portions provided by
* Wayne Schroeder, SDSC <schroeder@sdsc.edu>
@ -34,25 +32,31 @@
* on UNICOS systems.
*
*/
#ifndef _BSD_CRAY_H
#define _BSD_CRAY_H
#ifdef _UNICOS
void cray_init_job(struct passwd *); /* init cray job */
void cray_job_termination_handler(int); /* process end of job signal */
void cray_login_failure(char *username, int errcode);
int cray_access_denied(char *username);
extern char cray_tmpdir[]; /* cray tmpdir */
void cray_init_job(struct passwd *);
void cray_job_termination_handler(int);
void cray_login_failure(char *, int );
int cray_access_denied(char *);
#define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *, const char *);
extern char cray_tmpdir[];
#ifndef IA_SSHD
#define IA_SSHD IA_LOGIN
# define IA_SSHD IA_LOGIN
#endif
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
# define MAXHOSTNAMELEN 64
#endif
#ifndef _CRAYT3E
#include <sys/ttold.h>
#define TIOCGPGRP (tIOC|20)
#endif
# include <sys/ttold.h>
# define TIOCGPGRP (tIOC|20)
#endif
#endif /* UNICOS */
#endif /* _BSD_CRAY_H */

95
crypto/openssh/openbsd-compat/bsd-cygwin_util.c
View File

@ -1,6 +1,4 @@
/*
* cygwin_util.c
*
* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
*
* Redistribution and use in source and binary forms, with or without
@ -31,7 +29,7 @@
#include "includes.h"
RCSID("$Id: bsd-cygwin_util.c,v 1.9 2002/11/09 15:59:29 mouring Exp $");
RCSID("$Id: bsd-cygwin_util.c,v 1.11 2003/08/07 06:23:43 dtucker Exp $");
#ifdef HAVE_CYGWIN
@ -53,7 +51,8 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.9 2002/11/09 15:59:29 mouring Exp $");
# undef pipe
#endif
int binary_open(const char *filename, int flags, ...)
int
binary_open(const char *filename, int flags, ...)
{
va_list ap;
mode_t mode;
@ -61,55 +60,56 @@ int binary_open(const char *filename, int flags, ...)
va_start(ap, flags);
mode = va_arg(ap, mode_t);
va_end(ap);
return open(filename, flags | O_BINARY, mode);
return (open(filename, flags | O_BINARY, mode));
}
int binary_pipe(int fd[2])
int
binary_pipe(int fd[2])
{
int ret = pipe(fd);
if (!ret) {
setmode (fd[0], O_BINARY);
setmode (fd[1], O_BINARY);
setmode(fd[0], O_BINARY);
setmode(fd[1], O_BINARY);
}
return ret;
return (ret);
}
#define HAS_CREATE_TOKEN 1
#define HAS_NTSEC_BY_DEFAULT 2
static int has_capability(int what)
static int
has_capability(int what)
{
/* has_capability() basically calls uname() and checks if
specific capabilities of Cygwin can be evaluated from that.
This simplifies the calling functions which only have to ask
for a capability using has_capability() instead of having
to figure that out by themselves. */
static int inited;
static int has_create_token;
static int has_ntsec_by_default;
/*
* has_capability() basically calls uname() and checks if
* specific capabilities of Cygwin can be evaluated from that.
* This simplifies the calling functions which only have to ask
* for a capability using has_capability() instead of having
* to figure that out by themselves.
*/
if (!inited) {
struct utsname uts;
char *c;
if (!uname(&uts)) {
int major_high = 0;
int major_low = 0;
int minor = 0;
int api_major_version = 0;
int api_minor_version = 0;
int major_high = 0, major_low = 0, minor = 0;
int api_major_version = 0, api_minor_version = 0;
char *c;
sscanf(uts.release, "%d.%d.%d", &major_high,
&major_low, &minor);
c = strchr(uts.release, '(');
if (c)
&major_low, &minor);
if ((c = strchr(uts.release, '(')) != NULL) {
sscanf(c + 1, "%d.%d", &api_major_version,
&api_minor_version);
&api_minor_version);
}
if (major_high > 1 ||
(major_high == 1 && (major_low > 3 ||
(major_low == 3 && minor >= 2))))
(major_low == 3 && minor >= 2))))
has_create_token = 1;
if (api_major_version > 0 || api_minor_version >= 56)
has_ntsec_by_default = 1;
@ -118,14 +118,15 @@ static int has_capability(int what)
}
switch (what) {
case HAS_CREATE_TOKEN:
return has_create_token;
return (has_create_token);
case HAS_NTSEC_BY_DEFAULT:
return has_ntsec_by_default;
return (has_ntsec_by_default);
}
return 0;
return (0);
}
int check_nt_auth(int pwd_authenticated, struct passwd *pw)
int
check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
/*
* The only authentication which is able to change the user
@ -149,34 +150,33 @@ int check_nt_auth(int pwd_authenticated, struct passwd *pw)
has_create_token = 0;
if (has_capability(HAS_CREATE_TOKEN) &&
(ntsec_on(cygwin) ||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
!ntsec_off(cygwin))))
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
!ntsec_off(cygwin))))
has_create_token = 1;
}
if (has_create_token < 1 &&
!pwd_authenticated && geteuid() != pw->pw_uid)
return 0;
return (0);
}
return 1;
return (1);
}
int check_ntsec(const char *filename)
int
check_ntsec(const char *filename)
{
char *cygwin;
int allow_ntea = 0;
int allow_ntsec = 0;
int allow_ntea = 0, allow_ntsec = 0;
struct statfs fsstat;
/* Windows 95/98/ME don't support file system security at all. */
if (!is_winnt)
return 0;
return (0);
/* Evaluate current CYGWIN settings. */
cygwin = getenv("CYGWIN");
allow_ntea = ntea_on(cygwin);
allow_ntsec = ntsec_on(cygwin) ||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
!ntsec_off(cygwin));
(has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
/*
* `ntea' is an emulation of POSIX attributes. It doesn't support
@ -185,14 +185,14 @@ int check_ntsec(const char *filename)
* for security checks.
*/
if (allow_ntea)
return 1;
return (1);
/*
* Retrieve file system flags. In Cygwin, file system flags are
* copied to f_type which has no meaning in Win32 itself.
*/
if (statfs(filename, &fsstat))
return 1;
return (1);
/*
* Only file systems supporting ACLs are able to set permissions.
@ -200,12 +200,13 @@ int check_ntsec(const char *filename)
* ACLs to support POSIX permissions on files.
*/
if (fsstat.f_type & FS_PERSISTENT_ACLS)
return allow_ntsec;
return (allow_ntsec);
return 0;
return (0);
}
void register_9x_service(void)
void
register_9x_service(void)
{
HINSTANCE kerneldll;
DWORD (*RegisterServiceProcess)(DWORD, DWORD);
@ -219,10 +220,10 @@ void register_9x_service(void)
*/
if (is_winnt)
return;
if (! (kerneldll = LoadLibrary("KERNEL32.DLL")))
if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
return;
if (! (RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
GetProcAddress(kerneldll, "RegisterServiceProcess")))
if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
GetProcAddress(kerneldll, "RegisterServiceProcess")))
return;
RegisterServiceProcess(0, 1);
}

15
crypto/openssh/openbsd-compat/bsd-cygwin_util.h
View File

@ -1,8 +1,6 @@
/* $Id: bsd-cygwin_util.h,v 1.7 2002/04/15 22:00:52 stevesk Exp $ */
/* $Id: bsd-cygwin_util.h,v 1.10 2003/08/07 06:28:16 dtucker Exp $ */
/*
* cygwin_util.c
*
* Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
*
* Redistribution and use in source and binary forms, with or without
@ -36,12 +34,17 @@
#ifdef HAVE_CYGWIN
#undef ERROR
#define is_winnt (GetVersion() < 0x80000000)
#include <windows.h>
#include <sys/cygwin.h>
#include <io.h>
int binary_open(const char *filename, int flags, ...);
int binary_open(const char *, int , ...);
int binary_pipe(int fd[2]);
int check_nt_auth(int pwd_authenticated, struct passwd *pw);
int check_ntsec(const char *filename);
int check_nt_auth(int, struct passwd *);
int check_ntsec(const char *);
void register_9x_service(void);
#define open binary_open

94
crypto/openssh/openbsd-compat/bsd-misc.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999-2000 Damien Miller. All rights reserved.
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -25,13 +25,13 @@
#include "includes.h"
#include "xmalloc.h"
RCSID("$Id: bsd-misc.c,v 1.12 2003/03/18 18:21:41 tim Exp $");
RCSID("$Id: bsd-misc.c,v 1.19 2003/08/25 01:16:21 mouring Exp $");
/*
* NB. duplicate __progname in case it is an alias for argv[0]
* Otherwise it may get clobbered by setproctitle()
*/
char *get_progname(char *argv0)
char *ssh_get_progname(char *argv0)
{
#ifdef HAVE___PROGNAME
extern char *__progname;
@ -41,21 +41,21 @@ char *get_progname(char *argv0)
char *p;
if (argv0 == NULL)
return "unknown"; /* XXX */
return ("unknown"); /* XXX */
p = strrchr(argv0, '/');
if (p == NULL)
p = argv0;
else
p++;
return xstrdup(p);
return (xstrdup(p));
#endif
}
#ifndef HAVE_SETLOGIN
int setlogin(const char *name)
{
return(0);
return (0);
}
#endif /* !HAVE_SETLOGIN */
@ -63,21 +63,21 @@ int setlogin(const char *name)
int innetgr(const char *netgroup, const char *host,
const char *user, const char *domain)
{
return(0);
return (0);
}
#endif /* HAVE_INNETGR */
#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
int seteuid(uid_t euid)
{
return(setreuid(-1,euid));
return (setreuid(-1, euid));
}
#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
int setegid(uid_t egid)
{
return(setresgid(-1,egid,-1));
return(setresgid(-1, egid, -1));
}
#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */
@ -88,9 +88,9 @@ const char *strerror(int e)
extern char *sys_errlist[];
if ((e >= 0) && (e < sys_nerr))
return(sys_errlist[e]);
else
return("unlisted error");
return (sys_errlist[e]);
return ("unlisted error");
}
#endif
@ -102,24 +102,25 @@ int utimes(char *filename, struct timeval *tvp)
ub.actime = tvp[0].tv_sec;
ub.modtime = tvp[1].tv_sec;
return(utime(filename, &ub));
return (utime(filename, &ub));
}
#endif
#ifndef HAVE_TRUNCATE
int truncate (const char *path, off_t length)
int truncate(const char *path, off_t length)
{
int fd, ret, saverrno;
fd = open(path, O_WRONLY);
if (fd < 0)
return -1;
return (-1);
ret = ftruncate(fd, length);
saverrno = errno;
(void) close (fd);
close(fd);
if (ret == -1)
errno = saverrno;
return(ret);
}
#endif /* HAVE_TRUNCATE */
@ -131,7 +132,7 @@ int truncate (const char *path, off_t length)
int
setgroups(size_t size, const gid_t *list)
{
return 0;
return (0);
}
#endif
@ -166,3 +167,62 @@ int nanosleep(const struct timespec *req, struct timespec *rem)
#endif
#ifndef HAVE_TCGETPGRP
pid_t
tcgetpgrp(int fd)
{
int ctty_pgrp;
if (ioctl(fd, TIOCGPGRP, &ctty_pgrp) == -1)
return(-1);
else
return(ctty_pgrp);
}
#endif /* HAVE_TCGETPGRP */
#ifndef HAVE_TCSENDBREAK
int
tcsendbreak(int fd, int duration)
{
# if defined(TIOCSBRK) && defined(TIOCCBRK)
struct timeval sleepytime;
sleepytime.tv_sec = 0;
sleepytime.tv_usec = 400000;
if (ioctl(fd, TIOCSBRK, 0) == -1)
return (-1);
(void)select(0, 0, 0, 0, &sleepytime);
if (ioctl(fd, TIOCCBRK, 0) == -1)
return (-1);
return (0);
# else
return -1;
# endif
}
#endif /* HAVE_TCSENDBREAK */
mysig_t
mysignal(int sig, mysig_t act)
{
#ifdef HAVE_SIGACTION
struct sigaction sa, osa;
if (sigaction(sig, NULL, &osa) == -1)
return (mysig_t) -1;
if (osa.sa_handler != act) {
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
#ifdef SA_INTERRUPT
if (sig == SIGALRM)
sa.sa_flags |= SA_INTERRUPT;
#endif
sa.sa_handler = act;
if (sigaction(sig, &sa, NULL) == -1)
return (mysig_t) -1;
}
return (osa.sa_handler);
#else
return (signal(sig, act));
#endif
}

45
crypto/openssh/openbsd-compat/bsd-misc.h
View File

@ -1,5 +1,7 @@
/* $Id: bsd-misc.h,v 1.13 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 1999-2000 Damien Miller. All rights reserved.
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -22,42 +24,39 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* $Id: bsd-misc.h,v 1.7 2003/03/18 18:21:41 tim Exp $ */
#ifndef _BSD_MISC_H
#define _BSD_MISC_H
#include "config.h"
#include "includes.h"
char *get_progname(char *argv0);
char *ssh_get_progname(char *);
#ifndef HAVE_SETSID
#define setsid() setpgrp(0, getpid())
#endif /* !HAVE_SETSID */
#ifndef HAVE_SETENV
int setenv(const char *name, const char *value, int overwrite);
int setenv(const char *, const char *, int);
#endif /* !HAVE_SETENV */
#ifndef HAVE_SETLOGIN
int setlogin(const char *name);
int setlogin(const char *);
#endif /* !HAVE_SETLOGIN */
#ifndef HAVE_INNETGR
int innetgr(const char *netgroup, const char *host,
const char *user, const char *domain);
int innetgr(const char *, const char *, const char *, const char *);
#endif /* HAVE_INNETGR */
#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
int seteuid(uid_t euid);
int seteuid(uid_t);
#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
int setegid(uid_t egid);
int setegid(uid_t);
#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */
#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR)
const char *strerror(int e);
const char *strerror(int);
#endif
@ -69,15 +68,15 @@ struct timeval {
}
#endif /* HAVE_STRUCT_TIMEVAL */
int utimes(char *filename, struct timeval *tvp);
int utimes(char *, struct timeval *);
#endif /* HAVE_UTIMES */
#ifndef HAVE_TRUNCATE
int truncate (const char *path, off_t length);
int truncate (const char *, off_t);
#endif /* HAVE_TRUNCATE */
#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP)
int setgroups(size_t size, const gid_t *list);
int setgroups(size_t, const gid_t *);
#endif
#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
@ -87,7 +86,21 @@ struct timespec {
long tv_nsec;
};
#endif
int nanosleep(const struct timespec *req, struct timespec *rem);
int nanosleep(const struct timespec *, struct timespec *);
#endif
#ifndef HAVE_TCGETPGRP
pid_t tcgetpgrp(int);
#endif
#ifndef HAVE_TCSENDBREAK
int tcsendbreak(int, int);
#endif
/* wrapper for signal interface */
typedef void (*mysig_t)(int);
mysig_t mysignal(int sig, mysig_t act);
#define signal(a,b) mysignal(a,b)
#endif /* _BSD_MISC_H */

6
crypto/openssh/openbsd-compat/bsd-nextstep.c
View File

@ -1,4 +1,6 @@
/*
* Copyright (c) 2000,2001 Ben Lindstrom. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -22,7 +24,7 @@
#include "includes.h"
RCSID("$Id: bsd-nextstep.c,v 1.4 2001/03/26 05:35:34 mouring Exp $");
RCSID("$Id: bsd-nextstep.c,v 1.6 2003/06/01 03:23:57 mouring Exp $");
#ifdef HAVE_NEXT
#include <errno.h>
@ -40,7 +42,7 @@ posix_wait(int *status)
if (status)
*status = (int) statusp.w_status;
return wait_pid;
return (wait_pid);
}
int

25
crypto/openssh/openbsd-compat/bsd-nextstep.h
View File

@ -1,4 +1,8 @@
/* $Id: bsd-nextstep.h,v 1.9 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 2000,2001 Ben Lindstrom. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -21,8 +25,6 @@
*
*/
/* $Id: bsd-nextstep.h,v 1.6 2001/03/19 13:42:22 mouring Exp $ */
#ifndef _NEXT_POSIX_H
#define _NEXT_POSIX_H
@ -37,22 +39,21 @@
#define dirent direct
/* Swap out NeXT's BSD wait() for a more POSIX complient one */
pid_t posix_wait(int *status);
pid_t posix_wait(int *);
#define wait(a) posix_wait(a)
/* #ifdef wrapped functions that need defining for clean compiling */
pid_t getppid(void);
void vhangup(void);
int innetgr(const char *netgroup, const char *host, const char *user,
const char *domain);
int innetgr(const char *, const char *, const char *, const char *);
/* TERMCAP */
int tcgetattr(int fd, struct termios *t);
int tcsetattr(int fd, int opt, const struct termios *t);
int tcsetpgrp(int fd, pid_t pgrp);
speed_t cfgetospeed(const struct termios *t);
speed_t cfgetispeed(const struct termios *t);
int cfsetospeed(struct termios *t, int speed);
int cfsetispeed(struct termios *t, int speed);
int tcgetattr(int, struct termios *);
int tcsetattr(int, int, const struct termios *);
int tcsetpgrp(int, pid_t);
speed_t cfgetospeed(const struct termios *);
speed_t cfgetispeed(const struct termios *);
int cfsetospeed(struct termios *, int);
int cfsetispeed(struct termios *, int);
#endif /* HAVE_NEXT */
#endif /* _NEXT_POSIX_H */

569
crypto/openssh/openbsd-compat/bsd-snprintf.c
View File

@ -58,7 +58,7 @@
#include "includes.h"
RCSID("$Id: bsd-snprintf.c,v 1.6 2003/04/01 11:31:56 djm Exp $");
RCSID("$Id: bsd-snprintf.c,v 1.7 2003/05/18 14:13:39 djm Exp $");
#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */
# undef HAVE_SNPRINTF
@ -72,15 +72,15 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args);
static void
fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags,
int min, int max);
int min, int max);
static void
fmtint(char *buffer, size_t *currlen, size_t maxlen, long value, int base,
int min, int max, int flags);
int min, int max, int flags);
static void
fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
int min, int max, int flags);
int min, int max, int flags);
static void
dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
@ -121,15 +121,10 @@ dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
static void
dopr(char *buffer, size_t maxlen, const char *format, va_list args)
{
char *strvalue;
char ch;
char *strvalue, ch;
long value;
long double fvalue;
int min = 0;
int max = -1;
int state = DP_S_DEFAULT;
int flags = 0;
int cflags = 0;
int min = 0, max = -1, state = DP_S_DEFAULT, flags = 0, cflags = 0;
size_t currlen = 0;
ch = *format++;
@ -139,224 +134,224 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
state = DP_S_DONE;
switch(state) {
case DP_S_DEFAULT:
if (ch == '%')
state = DP_S_FLAGS;
else
dopr_outch(buffer, &currlen, maxlen, ch);
case DP_S_DEFAULT:
if (ch == '%')
state = DP_S_FLAGS;
else
dopr_outch(buffer, &currlen, maxlen, ch);
ch = *format++;
break;
case DP_S_FLAGS:
switch (ch) {
case '-':
flags |= DP_F_MINUS;
ch = *format++;
break;
case DP_S_FLAGS:
switch (ch) {
case '-':
flags |= DP_F_MINUS;
ch = *format++;
break;
case '+':
flags |= DP_F_PLUS;
ch = *format++;
break;
case ' ':
flags |= DP_F_SPACE;
ch = *format++;
break;
case '#':
flags |= DP_F_NUM;
ch = *format++;
break;
case '0':
flags |= DP_F_ZERO;
ch = *format++;
break;
default:
state = DP_S_MIN;
break;
}
break;
case DP_S_MIN:
if (isdigit((unsigned char)ch)) {
min = 10*min + char_to_int (ch);
ch = *format++;
} else if (ch == '*') {
min = va_arg (args, int);
ch = *format++;
state = DP_S_DOT;
} else
state = DP_S_DOT;
break;
case DP_S_DOT:
if (ch == '.') {
state = DP_S_MAX;
ch = *format++;
} else
state = DP_S_MOD;
break;
case DP_S_MAX:
if (isdigit((unsigned char)ch)) {
if (max < 0)
max = 0;
max = 10*max + char_to_int(ch);
ch = *format++;
} else if (ch == '*') {
max = va_arg (args, int);
ch = *format++;
state = DP_S_MOD;
} else
state = DP_S_MOD;
break;
case DP_S_MOD:
switch (ch) {
case 'h':
cflags = DP_C_SHORT;
ch = *format++;
break;
case 'l':
cflags = DP_C_LONG;
ch = *format++;
if (ch == 'l') {
cflags = DP_C_LONG_LONG;
ch = *format++;
}
break;
case 'q':
cflags = DP_C_LONG_LONG;
ch = *format++;
break;
case 'L':
cflags = DP_C_LDOUBLE;
ch = *format++;
break;
default:
break;
}
state = DP_S_CONV;
break;
case DP_S_CONV:
switch (ch) {
case 'd':
case 'i':
if (cflags == DP_C_SHORT)
value = va_arg(args, int);
else if (cflags == DP_C_LONG)
value = va_arg(args, long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg (args, long long);
else
value = va_arg (args, int);
fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags);
break;
case 'o':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 8, min, max, flags);
break;
case 'u':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
else
value = va_arg(args, unsigned int);
fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
break;
case 'X':
flags |= DP_F_UP;
case 'x':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 16, min, max, flags);
break;
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
else
fvalue = va_arg(args, double);
/* um, floating point? */
fmtfp(buffer, &currlen, maxlen, fvalue, min, max, flags);
break;
case 'E':
flags |= DP_F_UP;
case 'e':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
else
fvalue = va_arg(args, double);
break;
case 'G':
flags |= DP_F_UP;
case 'g':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
else
fvalue = va_arg(args, double);
break;
case 'c':
dopr_outch(buffer, &currlen, maxlen, va_arg(args, int));
break;
case 's':
strvalue = va_arg(args, char *);
if (max < 0)
max = maxlen; /* ie, no max */
fmtstr(buffer, &currlen, maxlen, strvalue, flags, min, max);
break;
case 'p':
strvalue = va_arg(args, void *);
fmtint(buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
break;
case 'n':
if (cflags == DP_C_SHORT) {
short int *num;
num = va_arg(args, short int *);
*num = currlen;
} else if (cflags == DP_C_LONG) {
long int *num;
num = va_arg(args, long int *);
*num = currlen;
} else if (cflags == DP_C_LONG_LONG) {
long long *num;
num = va_arg(args, long long *);
*num = currlen;
} else {
int *num;
num = va_arg(args, int *);
*num = currlen;
}
break;
case '%':
dopr_outch(buffer, &currlen, maxlen, ch);
break;
case 'w': /* not supported yet, treat as next char */
ch = *format++;
break;
default: /* Unknown, skip */
break;
}
case '+':
flags |= DP_F_PLUS;
ch = *format++;
state = DP_S_DEFAULT;
flags = cflags = min = 0;
max = -1;
break;
case DP_S_DONE:
case ' ':
flags |= DP_F_SPACE;
ch = *format++;
break;
default: /* hmm? */
break; /* some picky compilers need this */
case '#':
flags |= DP_F_NUM;
ch = *format++;
break;
case '0':
flags |= DP_F_ZERO;
ch = *format++;
break;
default:
state = DP_S_MIN;
break;
}
break;
case DP_S_MIN:
if (isdigit((unsigned char)ch)) {
min = 10 * min + char_to_int (ch);
ch = *format++;
} else if (ch == '*') {
min = va_arg (args, int);
ch = *format++;
state = DP_S_DOT;
} else
state = DP_S_DOT;
break;
case DP_S_DOT:
if (ch == '.') {
state = DP_S_MAX;
ch = *format++;
} else
state = DP_S_MOD;
break;
case DP_S_MAX:
if (isdigit((unsigned char)ch)) {
if (max < 0)
max = 0;
max = 10 * max + char_to_int(ch);
ch = *format++;
} else if (ch == '*') {
max = va_arg (args, int);
ch = *format++;
state = DP_S_MOD;
} else
state = DP_S_MOD;
break;
case DP_S_MOD:
switch (ch) {
case 'h':
cflags = DP_C_SHORT;
ch = *format++;
break;
case 'l':
cflags = DP_C_LONG;
ch = *format++;
if (ch == 'l') {
cflags = DP_C_LONG_LONG;
ch = *format++;
}
break;
case 'q':
cflags = DP_C_LONG_LONG;
ch = *format++;
break;
case 'L':
cflags = DP_C_LDOUBLE;
ch = *format++;
break;
default:
break;
}
state = DP_S_CONV;
break;
case DP_S_CONV:
switch (ch) {
case 'd':
case 'i':
if (cflags == DP_C_SHORT)
value = va_arg(args, int);
else if (cflags == DP_C_LONG)
value = va_arg(args, long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg (args, long long);
else
value = va_arg (args, int);
fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags);
break;
case 'o':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 8, min, max, flags);
break;
case 'u':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
else
value = va_arg(args, unsigned int);
fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
break;
case 'X':
flags |= DP_F_UP;
case 'x':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 16, min, max, flags);
break;
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
else
fvalue = va_arg(args, double);
/* um, floating point? */
fmtfp(buffer, &currlen, maxlen, fvalue, min, max, flags);
break;
case 'E':
flags |= DP_F_UP;
case 'e':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
else
fvalue = va_arg(args, double);
break;
case 'G':
flags |= DP_F_UP;
case 'g':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
else
fvalue = va_arg(args, double);
break;
case 'c':
dopr_outch(buffer, &currlen, maxlen, va_arg(args, int));
break;
case 's':
strvalue = va_arg(args, char *);
if (max < 0)
max = maxlen; /* ie, no max */
fmtstr(buffer, &currlen, maxlen, strvalue, flags, min, max);
break;
case 'p':
strvalue = va_arg(args, void *);
fmtint(buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
break;
case 'n':
if (cflags == DP_C_SHORT) {
short int *num;
num = va_arg(args, short int *);
*num = currlen;
} else if (cflags == DP_C_LONG) {
long int *num;
num = va_arg(args, long int *);
*num = currlen;
} else if (cflags == DP_C_LONG_LONG) {
long long *num;
num = va_arg(args, long long *);
*num = currlen;
} else {
int *num;
num = va_arg(args, int *);
*num = currlen;
}
break;
case '%':
dopr_outch(buffer, &currlen, maxlen, ch);
break;
case 'w': /* not supported yet, treat as next char */
ch = *format++;
break;
default: /* Unknown, skip */
break;
}
ch = *format++;
state = DP_S_DEFAULT;
flags = cflags = min = 0;
max = -1;
break;
case DP_S_DONE:
break;
default: /* hmm? */
break; /* some picky compilers need this */
}
}
if (currlen < maxlen - 1)
@ -367,10 +362,9 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
static void
fmtstr(char *buffer, size_t *currlen, size_t maxlen,
char *value, int flags, int min, int max)
char *value, int flags, int min, int max)
{
int padlen, strln; /* amount to pad */
int cnt = 0;
int cnt = 0, padlen, strln; /* amount to pad */
if (value == 0)
value = "<NULL>";
@ -402,15 +396,13 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen,
static void
fmtint(char *buffer, size_t *currlen, size_t maxlen,
long value, int base, int min, int max, int flags)
long value, int base, int min, int max, int flags)
{
unsigned long uvalue;
char convert[20];
int signvalue = 0;
int place = 0;
int signvalue = 0, place = 0, caps = 0;
int spadlen = 0; /* amount to space pad */
int zpadlen = 0; /* amount to zero pad */
int caps = 0;
if (max < 0)
max = 0;
@ -429,11 +421,10 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen,
if (flags & DP_F_UP)
caps = 1; /* Should characters be upper case? */
do {
convert[place++] =
(caps? "0123456789ABCDEF":"0123456789abcdef")
[uvalue % (unsigned)base];
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[uvalue % (unsigned)base];
uvalue = (uvalue / (unsigned)base );
} while (uvalue && (place < 20));
if (place == 20)
@ -453,7 +444,6 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen,
if (flags & DP_F_MINUS)
spadlen = -spadlen; /* Left Justifty */
/* Spaces */
while (spadlen > 0) {
dopr_outch(buffer, currlen, maxlen, ' ');
@ -512,16 +502,11 @@ static void
fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
int min, int max, int flags)
{
char iconvert[20];
char fconvert[20];
int signvalue = 0;
int iplace = 0;
int fplace = 0;
char iconvert[20], fconvert[20];
int signvalue = 0, iplace = 0, fplace = 0;
int padlen = 0; /* amount to pad */
int zpadlen = 0;
int caps = 0;
long intpart;
long fracpart;
int zpadlen = 0, caps = 0;
long intpart, fracpart;
long double ufvalue;
/*
@ -562,7 +547,8 @@ fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
/* Convert integer part */
do {
iconvert[iplace++] =
(caps? "0123456789ABCDEF":"0123456789abcdef")[intpart % 10];
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[intpart % 10];
intpart = (intpart / 10);
} while(intpart && (iplace < 20));
if (iplace == 20)
@ -572,7 +558,8 @@ fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
/* Convert fractional part */
do {
fconvert[fplace++] =
(caps? "0123456789ABCDEF":"0123456789abcdef")[fracpart % 10];
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[fracpart % 10];
fracpart = (fracpart / 10);
} while(fracpart && (fplace < 20));
if (fplace == 20)
@ -611,8 +598,8 @@ fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
dopr_outch(buffer, currlen, maxlen, iconvert[--iplace]);
/*
* Decimal point. This should probably use locale to find the correct
* char to print out.
* Decimal point. This should probably use locale to find the
* correct char to print out.
*/
dopr_outch(buffer, currlen, maxlen, '.');
@ -662,90 +649,4 @@ snprintf(char *str,size_t count,const char *fmt,...)
return(strlen(str));
}
#ifdef TEST_SNPRINTF
int
main(void)
{
#define LONG_STRING 1024
char buf1[LONG_STRING];
char buf2[LONG_STRING];
char *fp_fmt[] = {
"%-1.5f",
"%1.5f",
"%123.9f",
"%10.5f",
"% 10.5f",
"%+22.9f",
"%+4.9f",
"%01.3f",
"%4f",
"%3.1f",
"%3.2f",
NULL
};
double fp_nums[] = {
-1.5,
134.21,
91340.2,
341.1234,
0203.9,
0.96,
0.996,
0.9996,
1.996,
4.136,
0
};
char *int_fmt[] = {
"%-1.5d",
"%1.5d",
"%123.9d",
"%5.5d",
"%10.5d",
"% 10.5d",
"%+22.33d",
"%01.3d",
"%4d",
"%lld",
"%qd",
NULL
};
long long int_nums[] = { -1, 134, 91340, 341, 0203, 0, 9999999 };
int x, y;
int fail = 0;
int num = 0;
printf("Testing snprintf format codes against system sprintf...\n");
for (x = 0; fp_fmt[x] != NULL ; x++) {
for (y = 0; fp_nums[y] != 0 ; y++) {
snprintf(buf1, sizeof (buf1), fp_fmt[x], fp_nums[y]);
sprintf (buf2, fp_fmt[x], fp_nums[y]);
if (strcmp (buf1, buf2)) {
printf("snprintf doesn't match Format: %s\n\t"
"snprintf = %s\n\tsprintf = %s\n",
fp_fmt[x], buf1, buf2);
fail++;
}
num++;
}
}
for (x = 0; int_fmt[x] != NULL ; x++) {
for (y = 0; int_nums[y] != 0 ; y++) {
snprintf(buf1, sizeof (buf1), int_fmt[x], int_nums[y]);
sprintf(buf2, int_fmt[x], int_nums[y]);
if (strcmp (buf1, buf2)) {
printf("snprintf doesn't match Format: %s\n\t"
"snprintf = %s\n\tsprintf = %s\n",
int_fmt[x], buf1, buf2);
fail++;
}
num++;
}
}
printf("%d tests failed out of %d.\n", fail, num);
return(0);
}
#endif /* SNPRINTF_TEST */
#endif /* !HAVE_SNPRINTF */

11
crypto/openssh/openbsd-compat/bsd-waitpid.c
View File

@ -1,4 +1,6 @@
/*
* Copyright (c) 2000 Ben Lindstrom. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -22,7 +24,7 @@
#include "includes.h"
RCSID("$Id: bsd-waitpid.c,v 1.3 2001/03/26 05:35:34 mouring Exp $");
RCSID("$Id: bsd-waitpid.c,v 1.5 2003/06/01 03:23:57 mouring Exp $");
#ifndef HAVE_WAITPID
#include <errno.h>
@ -38,15 +40,16 @@ waitpid(int pid, int *stat_loc, int options)
if (pid <= 0) {
if (pid != -1) {
errno = EINVAL;
return -1;
return (-1);
}
pid = 0; /* wait4() wants pid=0 for indiscriminate wait. */
/* wait4() wants pid=0 for indiscriminate wait. */
pid = 0;
}
wait_pid = wait4(pid, &statusp, options, NULL);
if (stat_loc)
*stat_loc = (int) statusp.w_status;
return wait_pid;
return (wait_pid);
}
#endif /* !HAVE_WAITPID */

8
crypto/openssh/openbsd-compat/bsd-waitpid.h
View File

@ -1,4 +1,8 @@
/* $Id: bsd-waitpid.h,v 1.5 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 2000 Ben Lindstrom. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -21,8 +25,6 @@
*
*/
/* $Id: bsd-waitpid.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
#ifndef _BSD_WAITPID_H
#define _BSD_WAITPID_H
@ -43,7 +45,7 @@
#define WCOREDUMP(w) ((_W_INT(w)) & WCOREFLAG)
/* Prototype */
pid_t waitpid(int pid, int *stat_loc, int options);
pid_t waitpid(int, int *, int);
#endif /* !HAVE_WAITPID */
#endif /* _BSD_WAITPID_H */

11
crypto/openssh/openbsd-compat/daemon.c
View File

@ -10,11 +10,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,12 +32,11 @@
#ifndef HAVE_DAEMON
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: daemon.c,v 1.2 1996/08/19 08:22:13 tholo Exp $";
static char rcsid[] = "$OpenBSD: daemon.c,v 1.5 2003/07/15 17:32:41 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
int
daemon(nochdir, noclose)
int nochdir, noclose;
daemon(int nochdir, int noclose)
{
int fd;

42
crypto/openssh/openbsd-compat/dirname.c
View File

@ -1,46 +1,34 @@
/* $OpenBSD: dirname.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $ */
/* $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $ */
/*
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifndef HAVE_DIRNAME
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: dirname.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#ifndef lint
static char rcsid[] = "$OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $";
#endif /* not lint */
#include <errno.h>
#include <string.h>
#include <sys/param.h>
char *
dirname(path)
const char *path;
dirname(const char *path)
{
static char bname[MAXPATHLEN];
register const char *endp;

224
crypto/openssh/openbsd-compat/fake-rfc2553.c Normal file
View File

@ -0,0 +1,224 @@
/*
* Copyright (C) 2000-2003 Damien Miller. All rights reserved.
* Copyright (C) 1999 WIDE Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Pseudo-implementation of RFC2553 name / address resolution functions
*
* But these functions are not implemented correctly. The minimum subset
* is implemented for ssh use only. For example, this routine assumes
* that ai_family is AF_INET. Don't use it for another purpose.
*/
#include "includes.h"
RCSID("$Id: fake-rfc2553.c,v 1.4.2.1 2003/09/22 02:09:18 dtucker Exp $");
#ifndef HAVE_GETNAMEINFO
int getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
size_t hostlen, char *serv, size_t servlen, int flags)
{
struct sockaddr_in *sin = (struct sockaddr_in *)sa;
struct hostent *hp;
char tmpserv[16];
if (serv != NULL) {
snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
if (strlcpy(serv, tmpserv, servlen) >= servlen)
return (EAI_MEMORY);
}
if (host != NULL) {
if (flags & NI_NUMERICHOST) {
if (strlcpy(host, inet_ntoa(sin->sin_addr),
hostlen) >= hostlen)
return (EAI_MEMORY);
else
return (0);
} else {
hp = gethostbyaddr((char *)&sin->sin_addr,
sizeof(struct in_addr), AF_INET);
if (hp == NULL)
return (EAI_NODATA);
if (strlcpy(host, hp->h_name, hostlen) >= hostlen)
return (EAI_MEMORY);
else
return (0);
}
}
return (0);
}
#endif /* !HAVE_GETNAMEINFO */
#ifndef HAVE_GAI_STRERROR
#ifdef HAVE_CONST_GAI_STRERROR_PROTO
const char *
#else
char *
#endif
gai_strerror(int err)
{
switch (err) {
case EAI_NODATA:
return ("no address associated with name");
case EAI_MEMORY:
return ("memory allocation failure.");
case EAI_NONAME:
return ("nodename nor servname provided, or not known");
default:
return ("unknown/invalid error.");
}
}
#endif /* !HAVE_GAI_STRERROR */
#ifndef HAVE_FREEADDRINFO
void
freeaddrinfo(struct addrinfo *ai)
{
struct addrinfo *next;
for(; ai != NULL;) {
next = ai->ai_next;
free(ai);
ai = next;
}
}
#endif /* !HAVE_FREEADDRINFO */
#ifndef HAVE_GETADDRINFO
static struct
addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints)
{
struct addrinfo *ai;
ai = malloc(sizeof(*ai) + sizeof(struct sockaddr_in));
if (ai == NULL)
return (NULL);
memset(ai, '\0', sizeof(*ai) + sizeof(struct sockaddr_in));
ai->ai_addr = (struct sockaddr *)(ai + 1);
/* XXX -- ssh doesn't use sa_len */
ai->ai_addrlen = sizeof(struct sockaddr_in);
ai->ai_addr->sa_family = ai->ai_family = AF_INET;
((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port;
((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr;
/* XXX: the following is not generally correct, but does what we want */
if (hints->ai_socktype)
ai->ai_socktype = hints->ai_socktype;
else
ai->ai_socktype = SOCK_STREAM;
if (hints->ai_protocol)
ai->ai_protocol = hints->ai_protocol;
return (ai);
}
int
getaddrinfo(const char *hostname, const char *servname,
const struct addrinfo *hints, struct addrinfo **res)
{
struct hostent *hp;
struct servent *sp;
struct in_addr in;
int i;
long int port;
u_long addr;
port = 0;
if (servname != NULL) {
char *cp;
port = strtol(servname, &cp, 10);
if (port > 0 && port <= 65535 && *cp == '\0')
port = htons(port);
else if ((sp = getservbyname(servname, NULL)) != NULL)
port = sp->s_port;
else
port = 0;
}
if (hints && hints->ai_flags & AI_PASSIVE) {
addr = htonl(0x00000000);
if (hostname && inet_aton(hostname, &in) != 0)
addr = in.s_addr;
*res = malloc_ai(port, addr, hints);
if (*res == NULL)
return (EAI_MEMORY);
return (0);
}
if (!hostname) {
*res = malloc_ai(port, htonl(0x7f000001), hints);
if (*res == NULL)
return (EAI_MEMORY);
return (0);
}
if (inet_aton(hostname, &in)) {
*res = malloc_ai(port, in.s_addr, hints);
if (*res == NULL)
return (EAI_MEMORY);
return (0);
}
/* Don't try DNS if AI_NUMERICHOST is set */
if (hints && hints->ai_flags & AI_NUMERICHOST)
return (EAI_NONAME);
hp = gethostbyname(hostname);
if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
struct addrinfo *cur, *prev;
cur = prev = *res = NULL;
for (i = 0; hp->h_addr_list[i]; i++) {
struct in_addr *in = (struct in_addr *)hp->h_addr_list[i];
cur = malloc_ai(port, in->s_addr, hints);
if (cur == NULL) {
if (*res != NULL)
freeaddrinfo(*res);
return (EAI_MEMORY);
}
if (prev)
prev->ai_next = cur;
else
*res = cur;
prev = cur;
}
return (0);
}
return (EAI_NODATA);
}
#endif /* !HAVE_GETADDRINFO */

154
crypto/openssh/openbsd-compat/fake-rfc2553.h Normal file
View File

@ -0,0 +1,154 @@
/* $Id: fake-rfc2553.h,v 1.6.2.1 2003/09/22 02:09:18 dtucker Exp $ */
/*
* Copyright (C) 2000-2003 Damien Miller. All rights reserved.
* Copyright (C) 1999 WIDE Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Pseudo-implementation of RFC2553 name / address resolution functions
*
* But these functions are not implemented correctly. The minimum subset
* is implemented for ssh use only. For example, this routine assumes
* that ai_family is AF_INET. Don't use it for another purpose.
*/
#ifndef _FAKE_RFC2553_H
#define _FAKE_RFC2553_H
#include "includes.h"
#include "sys/types.h"
/*
* First, socket and INET6 related definitions
*/
#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
# define _SS_MAXSIZE 128 /* Implementation specific max size */
# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr))
struct sockaddr_storage {
struct sockaddr ss_sa;
char __ss_pad2[_SS_PADSIZE];
};
# define ss_family ss_sa.sa_family
#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
#ifndef IN6_IS_ADDR_LOOPBACK
# define IN6_IS_ADDR_LOOPBACK(a) \
(((u_int32_t *)(a))[0] == 0 && ((u_int32_t *)(a))[1] == 0 && \
((u_int32_t *)(a))[2] == 0 && ((u_int32_t *)(a))[3] == htonl(1))
#endif /* !IN6_IS_ADDR_LOOPBACK */
#ifndef HAVE_STRUCT_IN6_ADDR
struct in6_addr {
u_int8_t s6_addr[16];
};
#endif /* !HAVE_STRUCT_IN6_ADDR */
#ifndef HAVE_STRUCT_SOCKADDR_IN6
struct sockaddr_in6 {
unsigned short sin6_family;
u_int16_t sin6_port;
u_int32_t sin6_flowinfo;
struct in6_addr sin6_addr;
};
#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */
#ifndef AF_INET6
/* Define it to something that should never appear */
#define AF_INET6 AF_MAX
#endif
/*
* Next, RFC2553 name / address resolution API
*/
#ifndef NI_NUMERICHOST
# define NI_NUMERICHOST (1)
#endif
#ifndef NI_NAMEREQD
# define NI_NAMEREQD (1<<1)
#endif
#ifndef NI_NUMERICSERV
# define NI_NUMERICSERV (1<<2)
#endif
#ifndef AI_PASSIVE
# define AI_PASSIVE (1)
#endif
#ifndef AI_CANONNAME
# define AI_CANONNAME (1<<1)
#endif
#ifndef AI_NUMERICHOST
# define AI_NUMERICHOST (1<<2)
#endif
#ifndef NI_MAXSERV
# define NI_MAXSERV 32
#endif /* !NI_MAXSERV */
#ifndef NI_MAXHOST
# define NI_MAXHOST 1025
#endif /* !NI_MAXHOST */
#ifndef EAI_NODATA
# define EAI_NODATA 1
# define EAI_MEMORY 2
# define EAI_NONAME 3
#endif
#ifndef HAVE_STRUCT_ADDRINFO
struct addrinfo {
int ai_flags; /* AI_PASSIVE, AI_CANONNAME */
int ai_family; /* PF_xxx */
int ai_socktype; /* SOCK_xxx */
int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
size_t ai_addrlen; /* length of ai_addr */
char *ai_canonname; /* canonical name for hostname */
struct sockaddr *ai_addr; /* binary address */
struct addrinfo *ai_next; /* next structure in linked list */
};
#endif /* !HAVE_STRUCT_ADDRINFO */
#ifndef HAVE_GETADDRINFO
int getaddrinfo(const char *, const char *,
const struct addrinfo *, struct addrinfo **);
#endif /* !HAVE_GETADDRINFO */
#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO)
char *gai_strerror(int);
#endif /* !HAVE_GAI_STRERROR */
#ifndef HAVE_FREEADDRINFO
void freeaddrinfo(struct addrinfo *);
#endif /* !HAVE_FREEADDRINFO */
#ifndef HAVE_GETNAMEINFO
int getnameinfo(const struct sockaddr *, size_t, char *, size_t,
char *, size_t, int);
#endif /* !HAVE_GETNAMEINFO */
#endif /* !_FAKE_RFC2553_H */

7
crypto/openssh/openbsd-compat/getcwd.c
View File

@ -10,6 +10,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -29,7 +32,7 @@
#if !defined(HAVE_GETCWD)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: getcwd.c,v 1.7 2002/11/24 01:52:27 cloder Exp $";
static char rcsid[] = "$OpenBSD: getcwd.c,v 1.9 2003/06/11 21:03:10 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@ -47,7 +50,7 @@ static char rcsid[] = "$OpenBSD: getcwd.c,v 1.7 2002/11/24 01:52:27 cloder Exp $
(dp->d_name[1] == '.' && dp->d_name[2] == '\0')))
char *
getcwd(char *pt,size_t size)
getcwd(char *pt, size_t size)
{
register struct dirent *dp;
register DIR *dir = NULL;

9
crypto/openssh/openbsd-compat/getgrouplist.c
View File

@ -10,11 +10,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +32,7 @@
#ifndef HAVE_GETGROUPLIST
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.7 1997/08/19 19:13:27 deraadt Exp $";
static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.9 2003/06/25 21:16:47 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
/*
@ -44,6 +40,7 @@ static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.7 1997/08/19 19:13:27 deraad
*/
#include <sys/types.h>
#include <string.h>
#include <unistd.h>
#include <grp.h>
int

8
crypto/openssh/openbsd-compat/getopt.c
View File

@ -10,11 +10,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -35,7 +31,7 @@
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: getopt.c,v 1.4 2002/12/08 22:57:14 millert Exp $";
static char *rcsid = "$OpenBSD: getopt.c,v 1.5 2003/06/02 20:18:37 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdio.h>

578
crypto/openssh/openbsd-compat/getrrsetbyname.c Normal file
View File

@ -0,0 +1,578 @@
/* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */
/*
* Copyright (c) 2001 Jakob Schlyter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Portions Copyright (c) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
#include "getrrsetbyname.h"
/* #include "thread_private.h" */
#define ANSWER_BUFFER_SIZE 1024*64
struct dns_query {
char *name;
u_int16_t type;
u_int16_t class;
struct dns_query *next;
};
struct dns_rr {
char *name;
u_int16_t type;
u_int16_t class;
u_int16_t ttl;
u_int16_t size;
void *rdata;
struct dns_rr *next;
};
struct dns_response {
HEADER header;
struct dns_query *query;
struct dns_rr *answer;
struct dns_rr *authority;
struct dns_rr *additional;
};
static struct dns_response *parse_dns_response(const u_char *, int);
static struct dns_query *parse_dns_qsection(const u_char *, int,
const u_char **, int);
static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **,
int);
static void free_dns_query(struct dns_query *);
static void free_dns_rr(struct dns_rr *);
static void free_dns_response(struct dns_response *);
static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);
/*
* Inline versions of get/put short/long. Pointer is advanced.
*
* These macros demonstrate the property of C whereby it can be
* portable or it can be elegant but rarely both.
*/
#ifndef INT32SZ
# define INT32SZ 4
#endif
#ifndef INT16SZ
# define INT16SZ 2
#endif
#ifndef GETSHORT
#define GETSHORT(s, cp) { \
register u_char *t_cp = (u_char *)(cp); \
(s) = ((u_int16_t)t_cp[0] << 8) \
| ((u_int16_t)t_cp[1]) \
; \
(cp) += INT16SZ; \
}
#endif
#ifndef GETLONG
#define GETLONG(l, cp) { \
register u_char *t_cp = (u_char *)(cp); \
(l) = ((u_int32_t)t_cp[0] << 24) \
| ((u_int32_t)t_cp[1] << 16) \
| ((u_int32_t)t_cp[2] << 8) \
| ((u_int32_t)t_cp[3]) \
; \
(cp) += INT32SZ; \
}
#endif
/*
* Routines to insert/extract short/long's.
*/
#ifndef HAVE__GETSHORT
static u_int16_t
_getshort(msgp)
register const u_char *msgp;
{
register u_int16_t u;
GETSHORT(u, msgp);
return (u);
}
#endif
#ifndef HAVE__GETLONG
static u_int32_t
_getlong(msgp)
register const u_char *msgp;
{
register u_int32_t u;
GETLONG(u, msgp);
return (u);
}
#endif
int
getrrsetbyname(const char *hostname, unsigned int rdclass,
unsigned int rdtype, unsigned int flags,
struct rrsetinfo **res)
{
struct __res_state *_resp = &_res;
int result;
struct rrsetinfo *rrset = NULL;
struct dns_response *response;
struct dns_rr *rr;
struct rdatainfo *rdata;
int length;
unsigned int index_ans, index_sig;
u_char answer[ANSWER_BUFFER_SIZE];
/* check for invalid class and type */
if (rdclass > 0xffff || rdtype > 0xffff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow queries of class or type ANY */
if (rdclass == 0xff || rdtype == 0xff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow flags yet, unimplemented */
if (flags) {
result = ERRSET_INVAL;
goto fail;
}
/* initialize resolver */
if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
result = ERRSET_FAIL;
goto fail;
}
#ifdef DEBUG
_resp->options |= RES_DEBUG;
#endif /* DEBUG */
#ifdef RES_USE_DNSSEC
/* turn on DNSSEC if EDNS0 is configured */
if (_resp->options & RES_USE_EDNS0)
_resp->options |= RES_USE_DNSSEC;
#endif /* RES_USE_DNSEC */
/* make query */
length = res_query(hostname, (signed int) rdclass, (signed int) rdtype,
answer, sizeof(answer));
if (length < 0) {
switch(h_errno) {
case HOST_NOT_FOUND:
result = ERRSET_NONAME;
goto fail;
case NO_DATA:
result = ERRSET_NODATA;
goto fail;
default:
result = ERRSET_FAIL;
goto fail;
}
}
/* parse result */
response = parse_dns_response(answer, length);
if (response == NULL) {
result = ERRSET_FAIL;
goto fail;
}
if (response->header.qdcount != 1) {
result = ERRSET_FAIL;
goto fail;
}
/* initialize rrset */
rrset = calloc(1, sizeof(struct rrsetinfo));
if (rrset == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
rrset->rri_rdclass = response->query->class;
rrset->rri_rdtype = response->query->type;
rrset->rri_ttl = response->answer->ttl;
rrset->rri_nrdatas = response->header.ancount;
#ifdef HAVE_HEADER_AD
/* check for authenticated data */
if (response->header.ad == 1)
rrset->rri_flags |= RRSET_VALIDATED;
#endif
/* copy name from answer section */
length = strlen(response->answer->name);
rrset->rri_name = malloc(length + 1);
if (rrset->rri_name == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
strlcpy(rrset->rri_name, response->answer->name, length + 1);
/* count answers */
rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass,
rrset->rri_rdtype);
rrset->rri_nsigs = count_dns_rr(response->answer, rrset->rri_rdclass,
T_SIG);
/* allocate memory for answers */
rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
sizeof(struct rdatainfo));
if (rrset->rri_rdatas == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* allocate memory for signatures */
rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
if (rrset->rri_sigs == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* copy answers & signatures */
for (rr = response->answer, index_ans = 0, index_sig = 0;
rr; rr = rr->next) {
rdata = NULL;
if (rr->class == rrset->rri_rdclass &&
rr->type == rrset->rri_rdtype)
rdata = &rrset->rri_rdatas[index_ans++];
if (rr->class == rrset->rri_rdclass &&
rr->type == T_SIG)
rdata = &rrset->rri_sigs[index_sig++];
if (rdata) {
rdata->rdi_length = rr->size;
rdata->rdi_data = malloc(rr->size);
if (rdata->rdi_data == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
memcpy(rdata->rdi_data, rr->rdata, rr->size);
}
}
*res = rrset;
return (ERRSET_SUCCESS);
fail:
if (rrset != NULL)
freerrset(rrset);
return (result);
}
void
freerrset(struct rrsetinfo *rrset)
{
u_int16_t i;
if (rrset == NULL)
return;
if (rrset->rri_rdatas) {
for (i = 0; i < rrset->rri_nrdatas; i++) {
if (rrset->rri_rdatas[i].rdi_data == NULL)
break;
free(rrset->rri_rdatas[i].rdi_data);
}
free(rrset->rri_rdatas);
}
if (rrset->rri_sigs) {
for (i = 0; i < rrset->rri_nsigs; i++) {
if (rrset->rri_sigs[i].rdi_data == NULL)
break;
free(rrset->rri_sigs[i].rdi_data);
}
free(rrset->rri_sigs);
}
if (rrset->rri_name)
free(rrset->rri_name);
free(rrset);
}
/*
* DNS response parsing routines
*/
static struct dns_response *
parse_dns_response(const u_char *answer, int size)
{
struct dns_response *resp;
const u_char *cp;
/* allocate memory for the response */
resp = calloc(1, sizeof(*resp));
if (resp == NULL)
return (NULL);
/* initialize current pointer */
cp = answer;
/* copy header */
memcpy(&resp->header, cp, HFIXEDSZ);
cp += HFIXEDSZ;
/* fix header byte order */
resp->header.qdcount = ntohs(resp->header.qdcount);
resp->header.ancount = ntohs(resp->header.ancount);
resp->header.nscount = ntohs(resp->header.nscount);
resp->header.arcount = ntohs(resp->header.arcount);
/* there must be at least one query */
if (resp->header.qdcount < 1) {
free_dns_response(resp);
return (NULL);
}
/* parse query section */
resp->query = parse_dns_qsection(answer, size, &cp,
resp->header.qdcount);
if (resp->header.qdcount && resp->query == NULL) {
free_dns_response(resp);
return (NULL);
}
/* parse answer section */
resp->answer = parse_dns_rrsection(answer, size, &cp,
resp->header.ancount);
if (resp->header.ancount && resp->answer == NULL) {
free_dns_response(resp);
return (NULL);
}
/* parse authority section */
resp->authority = parse_dns_rrsection(answer, size, &cp,
resp->header.nscount);
if (resp->header.nscount && resp->authority == NULL) {
free_dns_response(resp);
return (NULL);
}
/* parse additional section */
resp->additional = parse_dns_rrsection(answer, size, &cp,
resp->header.arcount);
if (resp->header.arcount && resp->additional == NULL) {
free_dns_response(resp);
return (NULL);
}
return (resp);
}
static struct dns_query *
parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count)
{
struct dns_query *head, *curr, *prev;
int i, length;
char name[MAXDNAME];
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
/* allocate and initialize struct */
curr = calloc(1, sizeof(struct dns_query));
if (curr == NULL) {
free_dns_query(head);
return (NULL);
}
if (head == NULL)
head = curr;
if (prev != NULL)
prev->next = curr;
/* name */
length = dn_expand(answer, answer + size, *cp, name,
sizeof(name));
if (length < 0) {
free_dns_query(head);
return (NULL);
}
curr->name = strdup(name);
if (curr->name == NULL) {
free_dns_query(head);
return (NULL);
}
*cp += length;
/* type */
curr->type = _getshort(*cp);
*cp += INT16SZ;
/* class */
curr->class = _getshort(*cp);
*cp += INT16SZ;
}
return (head);
}
static struct dns_rr *
parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, int count)
{
struct dns_rr *head, *curr, *prev;
int i, length;
char name[MAXDNAME];
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
/* allocate and initialize struct */
curr = calloc(1, sizeof(struct dns_rr));
if (curr == NULL) {
free_dns_rr(head);
return (NULL);
}
if (head == NULL)
head = curr;
if (prev != NULL)
prev->next = curr;
/* name */
length = dn_expand(answer, answer + size, *cp, name,
sizeof(name));
if (length < 0) {
free_dns_rr(head);
return (NULL);
}
curr->name = strdup(name);
if (curr->name == NULL) {
free_dns_rr(head);
return (NULL);
}
*cp += length;
/* type */
curr->type = _getshort(*cp);
*cp += INT16SZ;
/* class */
curr->class = _getshort(*cp);
*cp += INT16SZ;
/* ttl */
curr->ttl = _getlong(*cp);
*cp += INT32SZ;
/* rdata size */
curr->size = _getshort(*cp);
*cp += INT16SZ;
/* rdata itself */
curr->rdata = malloc(curr->size);
if (curr->rdata == NULL) {
free_dns_rr(head);
return (NULL);
}
memcpy(curr->rdata, *cp, curr->size);
*cp += curr->size;
}
return (head);
}
static void
free_dns_query(struct dns_query *p)
{
if (p == NULL)
return;
if (p->name)
free(p->name);
free_dns_query(p->next);
free(p);
}
static void
free_dns_rr(struct dns_rr *p)
{
if (p == NULL)
return;
if (p->name)
free(p->name);
if (p->rdata)
free(p->rdata);
free_dns_rr(p->next);
free(p);
}
static void
free_dns_response(struct dns_response *p)
{
if (p == NULL)
return;
free_dns_query(p->query);
free_dns_rr(p->answer);
free_dns_rr(p->authority);
free_dns_rr(p->additional);
free(p);
}
static int
count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type)
{
int n = 0;
while(p) {
if (p->class == class && p->type == type)
n++;
p = p->next;
}
return (n);
}
#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */

100
crypto/openssh/openbsd-compat/getrrsetbyname.h Normal file
View File

@ -0,0 +1,100 @@
/* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */
/*
* Copyright (c) 2001 Jakob Schlyter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Portions Copyright (c) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _GETRRSETBYNAME_H
#define _GETRRSETBYNAME_H
#include "includes.h"
#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <netdb.h>
#include <resolv.h>
/*
* Flags for getrrsetbyname()
*/
#ifndef RRSET_VALIDATED
# define RRSET_VALIDATED 1
#endif
/*
* Return codes for getrrsetbyname()
*/
#ifndef ERRSET_SUCCESS
# define ERRSET_SUCCESS 0
# define ERRSET_NOMEMORY 1
# define ERRSET_FAIL 2
# define ERRSET_INVAL 3
# define ERRSET_NONAME 4
# define ERRSET_NODATA 5
#endif
struct rdatainfo {
unsigned int rdi_length; /* length of data */
unsigned char *rdi_data; /* record data */
};
struct rrsetinfo {
unsigned int rri_flags; /* RRSET_VALIDATED ... */
unsigned int rri_rdclass; /* class number */
unsigned int rri_rdtype; /* RR type number */
unsigned int rri_ttl; /* time to live */
unsigned int rri_nrdatas; /* size of rdatas array */
unsigned int rri_nsigs; /* size of sigs array */
char *rri_name; /* canonical name */
struct rdatainfo *rri_rdatas; /* individual records */
struct rdatainfo *rri_sigs; /* individual signatures */
};
int getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **);
void freerrset(struct rrsetinfo *);
#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */
#endif /* _GETRRSETBYNAME_H */

12
crypto/openssh/openbsd-compat/glob.c
View File

@ -13,11 +13,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -56,7 +52,7 @@ get_arg_max(void)
#if 0
static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93";
#else
static char rcsid[] = "$OpenBSD: glob.c,v 1.20 2002/06/14 21:34:58 todd Exp $";
static char rcsid[] = "$OpenBSD: glob.c,v 1.22 2003/06/25 21:16:47 deraadt Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
@ -615,7 +611,7 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
* and dirent.h as taking pointers to differently typed opaque
* structures.
*/
struct dirent *(*readdirfunc)();
struct dirent *(*readdirfunc)(void *);
if (pathend > pathend_last)
return (1);
@ -640,7 +636,7 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
if (pglob->gl_flags & GLOB_ALTDIRFUNC)
readdirfunc = pglob->gl_readdir;
else
readdirfunc = readdir;
readdirfunc = (struct dirent *(*)(void *))readdir;
while ((dp = (*readdirfunc)(dirp))) {
register u_char *sc;
register Char *dc;

8
crypto/openssh/openbsd-compat/glob.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: glob.h,v 1.7 2002/02/17 19:42:21 millert Exp $ */
/* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */
/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */
/*
@ -16,11 +16,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*

12
crypto/openssh/openbsd-compat/inet_aton.c
View File

@ -1,8 +1,6 @@
/* $OpenBSD: inet_addr.c,v 1.6 1999/05/03 22:31:14 yanick Exp $ */
/* $OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $ */
/*
* ++Copyright++ 1983, 1990, 1993
* -
* Copyright (c) 1983, 1990, 1993
* The Regents of the University of California. All rights reserved.
*
@ -14,11 +12,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -64,7 +58,7 @@
static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
static char rcsid[] = "$From: inet_addr.c,v 8.5 1996/08/05 08:31:35 vixie Exp $";
#else
static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.6 1999/05/03 22:31:14 yanick Exp $";
static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $";
#endif
#endif /* LIBC_SCCS and not lint */

9
crypto/openssh/openbsd-compat/inet_ntoa.c
View File

@ -10,11 +10,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +32,7 @@
#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.3 2002/06/27 10:14:01 itojun Exp $";
static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert Exp $";
#endif /* LIBC_SCCS and not lint */
/*
@ -47,7 +43,6 @@ static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.3 2002/06/27 10:14:01 itojun Ex
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include "inet_ntoa.h"
char *inet_ntoa(struct in_addr in)
{

1
crypto/openssh/openbsd-compat/inet_ntop.c
View File

@ -31,7 +31,6 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Ex
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include "openbsd-compat/fake-socket.h"
#include <netinet/in.h>
#include <arpa/inet.h>
#ifndef HAVE_CYGWIN

8
crypto/openssh/openbsd-compat/mktemp.c
View File

@ -13,11 +13,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -39,7 +35,7 @@
#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $";
static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#ifdef HAVE_CYGWIN

175
crypto/openssh/openbsd-compat/openbsd-compat.h
View File

@ -1,49 +1,168 @@
/* $Id: openbsd-compat.h,v 1.19 2003/02/24 01:55:56 djm Exp $ */
/* $Id: openbsd-compat.h,v 1.24 2003/08/29 16:59:52 mouring Exp $ */
#ifndef _OPENBSD_H
#define _OPENBSD_H
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
* Copyright (c) 2003 Ben Lindstrom. All rights reserved.
* Copyright (c) 2002 Tim Rice. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#ifndef _OPENBSD_COMPAT_H
#define _OPENBSD_COMPAT_H
#include "includes.h"
/* OpenBSD function replacements */
#include "basename.h"
#include "bindresvport.h"
#include "getcwd.h"
#include "realpath.h"
#include "rresvport.h"
#include "strlcpy.h"
#include "strlcat.h"
#include "strmode.h"
#include "mktemp.h"
#include "daemon.h"
#include "dirname.h"
#include "base64.h"
#include "sigact.h"
#include "inet_ntoa.h"
#include "inet_ntop.h"
#include "strsep.h"
#include "setproctitle.h"
#include "getgrouplist.h"
#include "glob.h"
#include "readpassphrase.h"
#include "getopt.h"
#include "vis.h"
#include "getrrsetbyname.h"
#ifndef HAVE_BASENAME
char *basename(const char *path);
#endif
#ifndef HAVE_BINDRESVPORT_SA
int bindresvport_sa(int sd, struct sockaddr *sa);
#endif
#ifndef HAVE_GETCWD
char *getcwd(char *pt, size_t size);
#endif
#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
char *realpath(const char *path, char *resolved);
#endif
#ifndef HAVE_RRESVPORT_AF
int rresvport_af(int *alport, sa_family_t af);
#endif
#ifndef HAVE_STRLCPY
/* #include <sys/types.h> XXX Still needed? */
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRLCAT
/* #include <sys/types.h> XXX Still needed? */
size_t strlcat(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_SETENV
int setenv(register const char *name, register const char *value, int rewrite);
#endif
#ifndef HAVE_STRMODE
void strmode(int mode, char *p);
#endif
#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
int mkstemps(char *path, int slen);
int mkstemp(char *path);
char *mkdtemp(char *path);
#endif
#ifndef HAVE_DAEMON
int daemon(int nochdir, int noclose);
#endif
#ifndef HAVE_DIRNAME
char *dirname(const char *path);
#endif
#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
char *inet_ntoa(struct in_addr in);
#endif
#ifndef HAVE_INET_NTOP
const char *inet_ntop(int af, const void *src, char *dst, size_t size);
#endif
#ifndef HAVE_INET_ATON
int inet_aton(const char *cp, struct in_addr *addr);
#endif
#ifndef HAVE_STRSEP
char *strsep(char **stringp, const char *delim);
#endif
#ifndef HAVE_SETPROCTITLE
void setproctitle(const char *fmt, ...);
void compat_init_setproctitle(int argc, char *argv[]);
#endif
#ifndef HAVE_GETGROUPLIST
/* #include <grp.h> XXXX Still needed ? */
int getgrouplist(const char *, gid_t, gid_t *, int *);
#endif
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
int BSDgetopt(int argc, char * const *argv, const char *opts);
#endif
/* Home grown routines */
#include "bsd-arc4random.h"
#include "bsd-getpeereid.h"
#include "bsd-misc.h"
#include "bsd-snprintf.h"
#include "bsd-waitpid.h"
/*#include <sys/types.h> XXX Still needed? * For uid_t, gid_t * */
#ifndef HAVE_GETPEEREID
int getpeereid(int , uid_t *, gid_t *);
#endif
#ifndef HAVE_ARC4RANDOM
unsigned int arc4random(void);
void arc4random_stir(void);
#endif /* !HAVE_ARC4RANDOM */
/* #include <sys/types.h> XXX needed? For size_t */
#ifndef HAVE_SNPRINTF
int snprintf(char *, size_t, const char *, ...);
#endif
#ifndef HAVE_VSNPRINTF
int vsnprintf(char *, size_t, const char *, va_list);
#endif
void *xmmap(size_t size);
char *xcrypt(const char *password, const char *salt);
char *shadow_pw(struct passwd *pw);
/* rfc2553 socket API replacements */
#include "fake-getaddrinfo.h"
#include "fake-getnameinfo.h"
#include "fake-socket.h"
#include "fake-rfc2553.h"
/* Routines for a single OS platform */
#include "bsd-cray.h"
#include "bsd-cygwin_util.h"
#include "port-irix.h"
#include "port-aix.h"
#endif /* _OPENBSD_H */
#endif /* _OPENBSD_COMPAT_H */

94
crypto/openssh/openbsd-compat/port-aix.c
View File

@ -24,11 +24,18 @@
*
*/
#include "includes.h"
#include "ssh.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "xmalloc.h"
#ifdef _AIX
#include <uinfo.h>
#include <../xmalloc.h>
#include "port-aix.h"
extern ServerOptions options;
/*
* AIX has a "usrinfo" area where logname and other stuff is stored -
@ -41,16 +48,95 @@ void
aix_usrinfo(struct passwd *pw)
{
u_int i;
size_t len;
char *cp;
cp = xmalloc(16 + 2 * strlen(pw->pw_name));
i = sprintf(cp, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, 0,
pw->pw_name, 0);
len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
cp = xmalloc(len);
i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
pw->pw_name, '\0');
if (usrinfo(SETUINFO, cp, i) == -1)
fatal("Couldn't set usrinfo: %s", strerror(errno));
debug3("AIX/UsrInfo: set len %d", i);
xfree(cp);
}
#ifdef WITH_AIXAUTHENTICATE
/*
* Remove embedded newlines in string (if any).
* Used before logging messages returned by AIX authentication functions
* so the message is logged on one line.
*/
void
aix_remove_embedded_newlines(char *p)
{
if (p == NULL)
return;
for (; *p; p++) {
if (*p == '\n')
*p = ' ';
}
/* Remove trailing whitespace */
if (*--p == ' ')
*p = '\0';
}
#endif /* WITH_AIXAUTHENTICATE */
# ifdef CUSTOM_FAILED_LOGIN
/*
* record_failed_login: generic "login failed" interface function
*/
void
record_failed_login(const char *user, const char *ttyname)
{
char *hostname = get_canonical_hostname(options.use_dns);
if (geteuid() != 0)
return;
aix_setauthdb(user);
# ifdef AIX_LOGINFAILED_4ARG
loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
# else
loginfailed((char *)user, hostname, (char *)ttyname);
# endif
}
/*
* If we have setauthdb, retrieve the password registry for the user's
* account then feed it to setauthdb. This may load registry-specific method
* code. If we don't have setauthdb or have already called it this is a no-op.
*/
void
aix_setauthdb(const char *user)
{
# ifdef HAVE_SETAUTHDB
static char *registry = NULL;
if (registry != NULL) /* have already done setauthdb */
return;
if (setuserdb(S_READ) == -1) {
debug3("%s: Could not open userdb to read", __func__);
return;
}
if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
if (setauthdb(registry, NULL) == 0)
debug3("%s: AIX/setauthdb set registry %s", __func__,
registry);
else
debug3("%s: AIX/setauthdb set registry %s failed: %s",
__func__, registry, strerror(errno));
} else
debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
strerror(errno));
enduserdb();
# endif
}
# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */

26
crypto/openssh/openbsd-compat/port-aix.h
View File

@ -1,3 +1,5 @@
/* $Id: port-aix.h,v 1.14.2.1 2003/09/19 10:46:22 dtucker Exp $ */
/*
*
* Copyright (c) 2001 Gert Doering. All rights reserved.
@ -21,11 +23,24 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifdef _AIX
#ifdef WITH_AIXAUTHENTICATE
# include <login.h>
# include <userpw.h>
# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG)
# include <sys/audit.h>
# endif
# include <usersec.h>
#endif
/* Some versions define r_type in the above headers, which causes a conflict */
#ifdef r_type
# undef r_type
#endif
/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
# define nanosleep(a,b) nsleep(a,b)
@ -36,5 +51,12 @@
# include <sys/timers.h>
#endif
void aix_usrinfo(struct passwd *pw);
#ifdef WITH_AIXAUTHENTICATE
# define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *, const char *);
void aix_setauthdb(const char *);
#endif
void aix_usrinfo(struct passwd *);
void aix_remove_embedded_newlines(char *);
#endif /* _AIX */

43
crypto/openssh/openbsd-compat/port-irix.c
View File

@ -1,15 +1,42 @@
/*
* Copyright (c) 2000 Denis Parker. All rights reserved.
* Copyright (c) 2000 Michael Stone. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
#if defined(WITH_IRIX_PROJECT) || \
defined(WITH_IRIX_JOBS) || \
defined(WITH_IRIX_ARRAY)
#ifdef WITH_IRIX_PROJECT
#include <proj.h>
# include <proj.h>
#endif /* WITH_IRIX_PROJECT */
#ifdef WITH_IRIX_JOBS
#include <sys/resource.h>
# include <sys/resource.h>
#endif
#ifdef WITH_IRIX_AUDIT
#include <sat.h>
# include <sat.h>
#endif /* WITH_IRIX_AUDIT */
void
@ -17,14 +44,12 @@ irix_setusercontext(struct passwd *pw)
{
#ifdef WITH_IRIX_PROJECT
prid_t projid;
#endif /* WITH_IRIX_PROJECT */
#endif
#ifdef WITH_IRIX_JOBS
jid_t jid = 0;
#else
# ifdef WITH_IRIX_ARRAY
#elif defined(WITH_IRIX_ARRAY)
int jid = 0;
# endif /* WITH_IRIX_ARRAY */
#endif /* WITH_IRIX_JOBS */
#endif
#ifdef WITH_IRIX_JOBS
jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive");

36
crypto/openssh/openbsd-compat/port-irix.h
View File

@ -1,5 +1,39 @@
#if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
/* $Id: port-irix.h,v 1.4 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 2000 Denis Parker. All rights reserved.
* Copyright (c) 2000 Michael Stone. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _PORT_IRIX_H
#define _PORT_IRIX_H
#if defined(WITH_IRIX_PROJECT) || \
defined(WITH_IRIX_JOBS) || \
defined(WITH_IRIX_ARRAY)
void irix_setusercontext(struct passwd *pw);
#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
#endif /* ! _PORT_IRIX_H */

40
crypto/openssh/openbsd-compat/readpassphrase.c
View File

@ -1,34 +1,27 @@
/* $OpenBSD: readpassphrase.c,v 1.14 2002/06/28 01:43:58 millert Exp $ */
/* $OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $ */
/*
* Copyright (c) 2000-2002 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
#if defined(LIBC_SCCS) && !defined(lint)
static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.14 2002/06/28 01:43:58 millert Exp $";
static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include "includes.h"
@ -185,6 +178,7 @@ getpass(const char *prompt)
static void handler(int s)
{
signo = s;
}
#endif /* HAVE_READPASSPHRASE */

19
crypto/openssh/openbsd-compat/realpath.c
View File

@ -13,6 +13,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -32,7 +35,7 @@
#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: realpath.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $";
static char *rcsid = "$OpenBSD: realpath.c,v 1.10 2003/08/01 21:04:59 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@ -62,7 +65,7 @@ char *
realpath(const char *path, char *resolved)
{
struct stat sb;
int fd, n, rootd, serrno = 0;
int fd, n, needslash, serrno = 0;
char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN];
int symlinks = 0;
@ -138,18 +141,18 @@ realpath(const char *path, char *resolved)
* happens if the last component is empty, or the dirname is root.
*/
if (resolved[0] == '/' && resolved[1] == '\0')
rootd = 1;
needslash = 0;
else
rootd = 0;
needslash = 1;
if (*wbuf) {
if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) {
serrno = ENAMETOOLONG;
goto err1;
}
if (rootd == 0)
(void)strcat(resolved, "/");
(void)strcat(resolved, wbuf);
if (needslash == 0)
strlcat(resolved, "/", MAXPATHLEN);
strlcat(resolved, wbuf, MAXPATHLEN);
}
/* Go back to where we came from. */

9
crypto/openssh/openbsd-compat/rresvport.c
View File

@ -11,12 +11,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* This product includes software developed by Theo de Raadt.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#ifndef HAVE_RRESVPORT_AF
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: rresvport.c,v 1.5 2000/01/26 03:43:20 deraadt Exp $";
static char *rcsid = "$OpenBSD: rresvport.c,v 1.6 2003/06/03 02:11:35 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#include "includes.h"

8
crypto/openssh/openbsd-compat/setenv.c
View File

@ -10,11 +10,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -35,7 +31,7 @@
#ifndef HAVE_SETENV
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: setenv.c,v 1.5 2002/12/10 22:44:13 mickey Exp $";
static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdlib.h>

318
crypto/openssh/openbsd-compat/setproctitle.c
View File

@ -1,41 +1,34 @@
/*
* Based on src/backend/utils/misc/pg_status.c from
* PostgreSQL Database Management System
*
* Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group
*
* Portions Copyright (c) 1994, The Regents of the University of California
*
* Permission to use, copy, modify, and distribute this software and its
* documentation for any purpose, without fee, and without a written agreement
* is hereby granted, provided that the above copyright notice and this
* paragraph and the following two paragraphs appear in all copies.
*
* IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
* DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING
* LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS
* DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
* ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
* PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
*/
/* Based on conf.c from UCB sendmail 8.8.8 */
/*--------------------------------------------------------------------
* ps_status.c
/*
* Copyright 2003 Damien Miller
* Copyright (c) 1983, 1995-1997 Eric P. Allman
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* Routines to support changing the ps display of PostgreSQL backends
* to contain some useful information. Mechanism differs wildly across
* platforms.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.5 2003/01/20 02:15:11 djm Exp $
*
* Copyright 2000 by PostgreSQL Global Development Group
* various details abducted from various places
*--------------------------------------------------------------------
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "includes.h"
@ -44,200 +37,121 @@
#include <unistd.h>
#ifdef HAVE_SYS_PSTAT_H
#include <sys/pstat.h> /* for HP-UX */
#endif
#ifdef HAVE_PS_STRINGS
#include <machine/vmparam.h> /* for old BSD */
#include <sys/exec.h>
#include <sys/pstat.h>
#endif
/*------
* Alternative ways of updating ps display:
*
* SETPROCTITLE_STRATEGY == PS_USE_PSTAT
* use the pstat(PSTAT_SETCMD, )
* (HPUX)
* SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
* assign PS_STRINGS->ps_argvstr = "string"
* (some BSD systems)
* SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
* assign argv[0] = "string"
* (some other BSD systems)
* SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
* write over the argv and environment area
* (most SysV-like systems)
* SETPROCTITLE_STRATEGY == PS_USE_NONE
* don't update ps display
* (This is the default, as it is safest.)
*/
#define SPT_NONE 0 /* don't use it at all */
#define SPT_PSTAT 1 /* cover argv with title information */
#define SPT_REUSEARGV 2 /* use pstat(PSTAT_SETCMD, ...) */
#define PS_USE_NONE 0
#define PS_USE_PSTAT 1
#define PS_USE_PS_STRINGS 2
#define PS_USE_CHANGE_ARGV 3
#define PS_USE_CLOBBER_ARGV 4
#ifndef SETPROCTITLE_STRATEGY
# define SETPROCTITLE_STRATEGY PS_USE_NONE
#ifndef SPT_TYPE
# define SPT_TYPE SPT_NONE
#endif
#ifndef SETPROCTITLE_PS_PADDING
# define SETPROCTITLE_PS_PADDING ' '
#endif
#endif /* HAVE_SETPROCTITLE */
extern char **environ;
/*
* argv clobbering uses existing argv space, all other methods need a buffer
*/
#if SETPROCTITLE_STRATEGY != PS_USE_CLOBBER_ARGV
static char ps_buffer[256];
static const size_t ps_buffer_size = sizeof(ps_buffer);
#else
static char *ps_buffer; /* will point to argv area */
static size_t ps_buffer_size; /* space determined at run time */
#ifndef SPT_PADCHAR
# define SPT_PADCHAR '\0'
#endif
/* save the original argv[] location here */
static int save_argc;
static char **save_argv;
extern char *__progname;
#ifndef HAVE_SETPROCTITLE
/*
* Call this to update the ps status display to a fixed prefix plus an
* indication of what you're currently doing passed in the argument.
*/
void
setproctitle(const char *fmt, ...)
{
#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
union pstun pst;
#if SPT_TYPE == SPT_REUSEARGV
static char *argv_start = NULL;
static size_t argv_env_len = 0;
#endif
#if SETPROCTITLE_STRATEGY != PS_USE_NONE
ssize_t used;
va_list ap;
/* no ps display if you didn't call save_ps_display_args() */
if (save_argv == NULL)
return;
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
/* If ps_buffer is a pointer, it might still be null */
if (ps_buffer == NULL)
return;
#endif /* PS_USE_CLOBBER_ARGV */
/*
* Overwrite argv[] to point at appropriate space, if needed
*/
#if SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
save_argv[0] = ps_buffer;
save_argv[1] = NULL;
#endif /* PS_USE_CHANGE_ARGV */
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
save_argv[1] = NULL;
#endif /* PS_USE_CLOBBER_ARGV */
/*
* Make fixed prefix of ps display.
*/
va_start(ap, fmt);
if (fmt == NULL)
snprintf(ps_buffer, ps_buffer_size, "%s", __progname);
else {
used = snprintf(ps_buffer, ps_buffer_size, "%s: ", __progname);
if (used == -1 || used >= ps_buffer_size)
used = ps_buffer_size;
vsnprintf(ps_buffer + used, ps_buffer_size - used, fmt, ap);
}
va_end(ap);
#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
pst.pst_command = ps_buffer;
pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0);
#endif /* PS_USE_PSTAT */
#if SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
PS_STRINGS->ps_nargvstr = 1;
PS_STRINGS->ps_argvstr = ps_buffer;
#endif /* PS_USE_PS_STRINGS */
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
/* pad unused memory */
used = strlen(ps_buffer);
memset(ps_buffer + used, SETPROCTITLE_PS_PADDING,
ps_buffer_size - used);
#endif /* PS_USE_CLOBBER_ARGV */
#endif /* PS_USE_NONE */
}
#endif /* HAVE_SETPROCTITLE */
/*
* Call this early in startup to save the original argc/argv values.
*
* argv[] will not be overwritten by this routine, but may be overwritten
* during setproctitle. Also, the physical location of the environment
* strings may be moved, so this should be called before any code that
* might try to hang onto a getenv() result.
*/
void
compat_init_setproctitle(int argc, char *argv[])
{
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
char *end_of_area = NULL;
char **new_environ;
#if defined(SPT_TYPE) && SPT_TYPE == SPT_REUSEARGV
extern char **environ;
char *lastargv = NULL;
char **envp = environ;
int i;
#endif
save_argc = argc;
save_argv = argv;
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
/*
* If we're going to overwrite the argv area, count the available
* space. Also move the environment to make additional room.
*/
/*
* check for contiguous argv strings
* NB: This assumes that argv has already been copied out of the
* way. This is true for sshd, but may not be true for other
* programs. Beware.
*/
for (i = 0; i < argc; i++) {
if (i == 0 || end_of_area + 1 == argv[i])
end_of_area = argv[i] + strlen(argv[i]);
}
/* probably can't happen? */
if (end_of_area == NULL) {
ps_buffer = NULL;
ps_buffer_size = 0;
if (argc == 0 || argv[0] == NULL)
return;
/* Fail if we can't allocate room for the new environment */
for (i = 0; envp[i] != NULL; i++)
;
if ((environ = malloc(sizeof(*environ) * (i + 1))) == NULL) {
environ = envp; /* put it back */
return;
}
/*
* check for contiguous environ strings following argv
* Find the last argv string or environment variable within
* our process memory area.
*/
for (i = 0; environ[i] != NULL; i++) {
if (end_of_area + 1 == environ[i])
end_of_area = environ[i] + strlen(environ[i]);
for (i = 0; i < argc; i++) {
if (lastargv == NULL || lastargv + 1 == argv[i])
lastargv = argv[i] + strlen(argv[i]);
}
for (i = 0; envp[i] != NULL; i++) {
if (lastargv + 1 == envp[i])
lastargv = envp[i] + strlen(envp[i]);
}
ps_buffer = argv[0];
ps_buffer_size = end_of_area - argv[0] - 1;
argv[1] = NULL;
argv_start = argv[0];
argv_env_len = lastargv - argv[0] - 1;
/*
* Duplicate and move the environment out of the way
/*
* Copy environment
* XXX - will truncate env on strdup fail
*/
new_environ = malloc(sizeof(char *) * (i + 1));
for (i = 0; environ[i] != NULL; i++)
new_environ[i] = strdup(environ[i]);
new_environ[i] = NULL;
environ = new_environ;
#endif /* PS_USE_CLOBBER_ARGV */
for (i = 0; envp[i] != NULL; i++)
environ[i] = strdup(envp[i]);
environ[i] = NULL;
#endif /* SPT_REUSEARGV */
}
#ifndef HAVE_SETPROCTITLE
void
setproctitle(const char *fmt, ...)
{
#if SPT_TYPE != SPT_NONE
va_list ap;
char buf[1024];
size_t len;
extern char *__progname;
#if SPT_TYPE == SPT_PSTAT
union pstun pst;
#endif
#if SPT_TYPE == SPT_REUSEARGV
if (argv_env_len <= 0)
return;
#endif
strlcpy(buf, __progname, sizeof(buf));
va_start(ap, fmt);
if (fmt != NULL) {
len = strlcat(buf, ": ", sizeof(buf));
if (len < sizeof(buf))
vsnprintf(buf + len, sizeof(buf) - len , fmt, ap);
}
va_end(ap);
#if SPT_TYPE == SPT_PSTAT
pst.pst_command = buf;
pstat(PSTAT_SETCMD, pst, strlen(buf), 0, 0);
#elif SPT_TYPE == SPT_REUSEARGV
/* debug("setproctitle: copy \"%s\" into len %d",
buf, argv_env_len); */
len = strlcpy(argv_start, buf, argv_env_len);
for(; len < argv_env_len; len++)
argv_start[len] = SPT_PADCHAR;
#endif
#endif /* SPT_NONE */
}
#endif /* HAVE_SETPROCTITLE */

41
crypto/openssh/openbsd-compat/strlcat.c
View File

@ -1,42 +1,30 @@
/* $OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $ */
/* $OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $ */
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifndef HAVE_STRLCAT
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $";
static char *rcsid = "$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <string.h>
#include "strlcat.h"
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
@ -46,10 +34,7 @@ static char *rcsid = "$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp
* If retval >= siz, truncation occurred.
*/
size_t
strlcat(dst, src, siz)
char *dst;
const char *src;
size_t siz;
strlcat(char *dst, const char *src, size_t siz)
{
register char *d = dst;
register const char *s = src;

41
crypto/openssh/openbsd-compat/strlcpy.c
View File

@ -1,42 +1,30 @@
/* $OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $ */
/* $OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $ */
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifndef HAVE_STRLCPY
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $";
static char *rcsid = "$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <string.h>
#include "strlcpy.h"
/*
* Copy src to string dst of size siz. At most siz-1 characters
@ -44,10 +32,7 @@ static char *rcsid = "$OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp
* Returns strlen(src); if retval >= siz, truncation occurred.
*/
size_t
strlcpy(dst, src, siz)
char *dst;
const char *src;
size_t siz;
strlcpy(char *dst, const char *src, size_t siz)
{
register char *d = dst;
register const char *s = src;

12
crypto/openssh/openbsd-compat/strmode.c
View File

@ -10,11 +10,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -35,15 +31,17 @@
#ifndef HAVE_STRMODE
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $";
static char *rcsid = "$OpenBSD: strmode.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
/* XXX mode should be mode_t */
void
strmode(register mode_t mode, register char *p)
strmode(int mode, char *p)
{
/* print type */
switch (mode & S_IFMT) {

16
crypto/openssh/openbsd-compat/strsep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $ */
/* $OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $ */
/*-
* Copyright (c) 1990, 1993
@ -12,11 +12,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -44,7 +40,7 @@
#if 0
static char sccsid[] = "@(#)strsep.c 8.1 (Berkeley) 6/4/93";
#else
static char *rcsid = "$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $";
static char *rcsid = "$OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
@ -62,9 +58,9 @@ static char *rcsid = "$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $
char *
strsep(char **stringp, const char *delim)
{
register char *s;
register const char *spanp;
register int c, sc;
char *s;
const char *spanp;
int c, sc;
char *tok;
if ((s = *stringp) == NULL)

8
crypto/openssh/openbsd-compat/sys-queue.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: queue.h,v 1.22 2001/06/23 04:39:35 angelos Exp $ */
/* $OpenBSD: queue.h,v 1.23 2003/06/02 23:28:21 millert Exp $ */
/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
/*
@ -13,11 +13,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*

45
crypto/openssh/openbsd-compat/vis.c
View File

@ -10,11 +10,7 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -30,14 +26,15 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "config.h"
#include "includes.h"
#if !defined(HAVE_STRNVIS)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $";
static char rcsid[] = "$OpenBSD: vis.c,v 1.12 2003/06/02 20:18:35 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <ctype.h>
#include <string.h>
#include "vis.h"
@ -47,8 +44,9 @@ static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $";
((flag & VIS_SP) == 0 && (c) == ' ') || \
((flag & VIS_TAB) == 0 && (c) == '\t') || \
((flag & VIS_NL) == 0 && (c) == '\n') || \
((flag & VIS_SAFE) && \
((c) == '\b' || (c) == '\007' || (c) == '\r')))
((flag & VIS_SAFE) && ((c) == '\b' || \
(c) == '\007' || (c) == '\r' || \
isgraph((u_char)(c)))))
/*
* vis - visually encode characters
@ -169,16 +167,20 @@ strvis(dst, src, flag)
int
strnvis(dst, src, siz, flag)
register char *dst;
register const char *src;
char *dst;
const char *src;
size_t siz;
int flag;
{
register char c;
char c;
char *start, *end;
char tbuf[5];
int i;
i = 0;
for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
if (isvisible(c)) {
i = 1;
*dst++ = c;
if (c == '\\' && (flag & VIS_NOSLASH) == 0) {
/* need space for the extra '\\' */
@ -186,22 +188,25 @@ strnvis(dst, src, siz, flag)
*dst++ = '\\';
else {
dst--;
i = 2;
break;
}
}
src++;
} else {
/* vis(3) requires up to 4 chars */
if (dst + 3 < end)
dst = vis(dst, c, flag, *++src);
else
i = vis(tbuf, c, flag, *++src) - tbuf;
if (dst + i <= end) {
memcpy(dst, tbuf, i);
dst += i;
} else {
src--;
break;
}
}
}
*dst = '\0';
if (dst >= end) {
char tbuf[5];
if (siz > 0)
*dst = '\0';
if (dst + i > end) {
/* adjust return value for truncation */
while ((c = *src))
dst += vis(tbuf, c, flag, *++src) - tbuf;

Some files were not shown because too many files have changed in this diff Show More