This commit was generated by cvs2svn to compensate for changes in r162852,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
commit
a435c625d7
@ -25,6 +25,7 @@ Chris, the Young One <cky@pobox.com> - Password auth fixes
|
||||
Christos Zoulas <christos@zoulas.com> - Autoconf fixes
|
||||
Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
|
||||
Corinna Vinschen <vinschen@redhat.com> - Cygwin support
|
||||
Chad Mynhier <mynhier@interstel.net> - Solaris Process Contract support
|
||||
Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
|
||||
Darren Hall <dhall@virage.org> - AIX patches
|
||||
Darren Tucker <dtucker@zip.com.au> - AIX BFF package scripts
|
||||
@ -100,5 +101,5 @@ Apologies to anyone I have missed.
|
||||
|
||||
Damien Miller <djm@mindrot.org>
|
||||
|
||||
$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
|
||||
$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -12,6 +12,8 @@ http://www.openssl.org/
|
||||
(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
|
||||
Blowfish) do not work correctly.)
|
||||
|
||||
The remaining items are optional.
|
||||
|
||||
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
|
||||
supports it. PAM is standard on Redhat and Debian Linux, Solaris and
|
||||
HP-UX 11.
|
||||
@ -57,13 +59,29 @@ installed. No other S/Key library is currently known to be supported.
|
||||
http://www.sparc.spb.su/solaris/skey/
|
||||
|
||||
LibEdit:
|
||||
sftp now supports command-line editing via NetBSD's libedit. If your
|
||||
platform has it available natively you can use that, alternatively
|
||||
you might try these multi-platform ports:
|
||||
|
||||
sftp supports command-line editing via NetBSD's libedit. If your platform
|
||||
has it available natively you can use that, alternatively you might try
|
||||
these multi-platform ports:
|
||||
|
||||
http://www.thrysoee.dk/editline/
|
||||
http://sourceforge.net/projects/libedit/
|
||||
|
||||
Autoconf:
|
||||
|
||||
If you modify configure.ac or configure doesn't exist (eg if you checked
|
||||
the code out of CVS yourself) then you will need autoconf-2.60 to rebuild
|
||||
the automatically generated files by running "autoreconf".
|
||||
|
||||
http://www.gnu.org/software/autoconf/
|
||||
|
||||
Basic Security Module (BSM):
|
||||
|
||||
Native BSM support is know to exist in Solaris from at least 2.5.1,
|
||||
FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM
|
||||
implementation (http://www.openbsm.org).
|
||||
|
||||
|
||||
2. Building / Installation
|
||||
--------------------------
|
||||
|
||||
@ -113,6 +131,10 @@ name).
|
||||
|
||||
There are a few other options to the configure script:
|
||||
|
||||
--with-audit=[module] enable additional auditing via the specified module.
|
||||
Currently, drivers for "debug" (additional info via syslog) and "bsm"
|
||||
(Sun's Basic Security Module) are supported.
|
||||
|
||||
--with-pam enables PAM support. If PAM support is compiled in, it must
|
||||
also be enabled in sshd_config (refer to the UsePAM directive).
|
||||
|
||||
@ -165,6 +187,8 @@ created.
|
||||
--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
|
||||
are installed.
|
||||
|
||||
--with-ssl-engine enables OpenSSL's (hardware) ENGINE support
|
||||
|
||||
--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
|
||||
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
|
||||
|
||||
@ -208,7 +232,8 @@ for sshd, ssh and ssh-agent.
|
||||
-------------------------
|
||||
|
||||
$ make survey
|
||||
[check the contents and make sure there's no sensitive information]
|
||||
[check the contents of the file "survey" to ensure there's no information
|
||||
that you consider sensitive]
|
||||
$ make send-survey
|
||||
|
||||
This will send configuration information for the currently configured
|
||||
@ -225,4 +250,4 @@ Please refer to the "reporting bugs" section of the webpage at
|
||||
http://www.openssh.com/
|
||||
|
||||
|
||||
$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $
|
||||
$Id: INSTALL,v 1.76 2006/09/17 12:55:52 dtucker Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $
|
||||
# $Id: Makefile.in,v 1.282 2006/09/12 11:54:10 djm Exp $
|
||||
|
||||
# uncomment if you run a non bourne compatable shell. Ie. csh
|
||||
#SHELL = @SH@
|
||||
@ -43,6 +43,8 @@ LD=@LD@
|
||||
CFLAGS=@CFLAGS@
|
||||
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
||||
LIBS=@LIBS@
|
||||
LIBSELINUX=@LIBSELINUX@
|
||||
SSHDLIBS=@SSHDLIBS@
|
||||
LIBEDIT=@LIBEDIT@
|
||||
LIBPAM=@LIBPAM@
|
||||
LIBWRAP=@LIBWRAP@
|
||||
@ -62,11 +64,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
|
||||
|
||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
|
||||
|
||||
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
|
||||
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
||||
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
||||
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
|
||||
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
||||
log.o match.o moduli.o nchan.o packet.o \
|
||||
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
|
||||
readpass.o rsa.o ttymodes.o xmalloc.o \
|
||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||
@ -86,7 +88,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
|
||||
auth-krb5.o \
|
||||
auth2-gss.o gss-serv.o gss-serv-krb5.o \
|
||||
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
|
||||
audit.o audit-bsm.o
|
||||
audit.o audit-bsm.o platform.o
|
||||
|
||||
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
|
||||
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
|
||||
@ -107,7 +109,7 @@ PATHSUBS = \
|
||||
-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
|
||||
-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
|
||||
-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
|
||||
-e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \
|
||||
-e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
|
||||
-e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
|
||||
-e 's|/var/empty|$(PRIVSEP_PATH)|g' \
|
||||
-e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
|
||||
@ -136,7 +138,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
|
||||
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS)
|
||||
|
||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
||||
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
@ -201,8 +203,9 @@ clean: regressclean
|
||||
|
||||
distclean: regressclean
|
||||
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
|
||||
rm -f *.out core opensshd.init
|
||||
rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~
|
||||
rm -f *.out core opensshd.init openssh.xml
|
||||
rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds
|
||||
rm -f survey.sh openbsd-compat/regress/Makefile *~
|
||||
rm -rf autom4te.cache
|
||||
(cd openbsd-compat && $(MAKE) distclean)
|
||||
(cd scard && $(MAKE) distclean)
|
||||
@ -410,6 +413,9 @@ tests: $(TARGETS)
|
||||
EXEEXT="$(EXEEXT)" \
|
||||
$@
|
||||
|
||||
compat-tests: $(LIBCOMPAT)
|
||||
(cd openbsd-compat/regress && $(MAKE))
|
||||
|
||||
regressclean:
|
||||
if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \
|
||||
(cd regress && $(MAKE) clean) \
|
||||
|
@ -162,8 +162,7 @@ these programs.
|
||||
- There are several other files in the distribution that contain
|
||||
various auxiliary routines:
|
||||
ssh.h the main header file for ssh (various definitions)
|
||||
getput.h byte-order independent storage of integers
|
||||
includes.h includes most system headers. Lots of #ifdefs.
|
||||
tildexpand.c expand tilde in file names
|
||||
uidswap.c uid-swapping
|
||||
xmalloc.c "safe" malloc routines
|
||||
|
||||
$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
See http://www.openssh.com/txt/release-4.3 for the release notes.
|
||||
See http://www.openssh.com/txt/release-4.4 for the release notes.
|
||||
|
||||
- A Japanese translation of this document and of the OpenSSH FAQ is
|
||||
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
||||
@ -62,4 +62,4 @@ References -
|
||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||
[7] http://www.openssh.com/faq.html
|
||||
|
||||
$Id: README,v 1.61 2005/12/01 11:21:04 dtucker Exp $
|
||||
$Id: README,v 1.63 2006/09/01 11:32:53 dtucker Exp $
|
||||
|
@ -30,6 +30,18 @@ gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl,
|
||||
openssl-devel, zlib, minres, minires-devel.
|
||||
|
||||
|
||||
Darwin and MacOS X
|
||||
------------------
|
||||
Darwin does not provide a tun(4) driver required for OpenSSH-based
|
||||
virtual private networks. The BSD manpage still exists, but the driver
|
||||
has been removed in recent releases of Darwin and MacOS X.
|
||||
|
||||
Nevertheless, tunnel support is known to work with Darwin 8 and
|
||||
MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode
|
||||
using a third party driver. More information is available at:
|
||||
http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
|
||||
|
||||
|
||||
Solaris
|
||||
-------
|
||||
If you enable BSM auditing on Solaris, you need to update audit_event(4)
|
||||
@ -55,4 +67,4 @@ account stacks which will prevent authentication entirely, but will still
|
||||
return the output from pam_nologin to the client.
|
||||
|
||||
|
||||
$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $
|
||||
$Id: README.platform,v 1.7 2006/06/23 11:05:13 dtucker Exp $
|
||||
|
@ -87,12 +87,12 @@ combination with layer 2 tunneling and Ethernet bridging.
|
||||
| Client |------( Internet )-----| access.somewhere.net |
|
||||
+--------+ ( ) +----------------------+
|
||||
: 192.168.1.78 |
|
||||
:............................. +-------+
|
||||
:............................. +-------+
|
||||
Forwarded ssh connection : | dmzgw |
|
||||
Layer 2 tunnel : +-------+
|
||||
: |
|
||||
: |
|
||||
: +------------+
|
||||
: +------------+
|
||||
:......| sshgateway |
|
||||
| +------------+
|
||||
--- real connection Bridge -> | +----------+
|
||||
@ -104,7 +104,7 @@ combination with layer 2 tunneling and Ethernet bridging.
|
||||
|
||||
Finally connect to the OpenSSH server to establish the tunnel by using
|
||||
the following command:
|
||||
|
||||
|
||||
ssh sshgateway
|
||||
|
||||
It is also possible to tell the client to fork into the background after
|
||||
@ -129,4 +129,4 @@ interconnect corporate networks.
|
||||
|
||||
Reyk Floeter
|
||||
|
||||
$OpenBSD: README.tun,v 1.3 2005/12/08 18:34:10 reyk Exp $
|
||||
$OpenBSD: README.tun,v 1.4 2006/03/28 00:12:31 deraadt Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */
|
||||
/* $Id: acss.c,v 1.4 2006/07/24 04:51:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2004 The OpenBSD project
|
||||
*
|
||||
@ -16,6 +16,9 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
|
||||
|
@ -1,4 +1,6 @@
|
||||
/* $OpenBSD: atomicio.c,v 1.23 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2006 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
* All rights reserved.
|
||||
@ -25,7 +27,12 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "atomicio.h"
|
||||
|
||||
@ -33,11 +40,7 @@ RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
|
||||
* ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
size_t
|
||||
atomicio(f, fd, _s, n)
|
||||
ssize_t (*f) (int, void *, size_t);
|
||||
int fd;
|
||||
void *_s;
|
||||
size_t n;
|
||||
atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
|
||||
{
|
||||
char *s = _s;
|
||||
size_t pos = 0;
|
||||
@ -58,8 +61,60 @@ atomicio(f, fd, _s, n)
|
||||
errno = EPIPE;
|
||||
return pos;
|
||||
default:
|
||||
pos += (u_int)res;
|
||||
pos += (size_t)res;
|
||||
}
|
||||
}
|
||||
return (pos);
|
||||
}
|
||||
|
||||
/*
|
||||
* ensure all of data on socket comes through. f==readv || f==writev
|
||||
*/
|
||||
size_t
|
||||
atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd,
|
||||
const struct iovec *_iov, int iovcnt)
|
||||
{
|
||||
size_t pos = 0, rem;
|
||||
ssize_t res;
|
||||
struct iovec iov_array[IOV_MAX], *iov = iov_array;
|
||||
|
||||
if (iovcnt > IOV_MAX) {
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
}
|
||||
/* Make a copy of the iov array because we may modify it below */
|
||||
memcpy(iov, _iov, iovcnt * sizeof(*_iov));
|
||||
|
||||
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
|
||||
res = (f) (fd, iov, iovcnt);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
continue;
|
||||
return 0;
|
||||
case 0:
|
||||
errno = EPIPE;
|
||||
return pos;
|
||||
default:
|
||||
rem = (size_t)res;
|
||||
pos += rem;
|
||||
/* skip completed iov entries */
|
||||
while (iovcnt > 0 && rem >= iov[0].iov_len) {
|
||||
rem -= iov[0].iov_len;
|
||||
iov++;
|
||||
iovcnt--;
|
||||
}
|
||||
/* This shouldn't happen... */
|
||||
if (rem > 0 && (iovcnt <= 0 || rem > iov[0].iov_len)) {
|
||||
errno = EFAULT;
|
||||
return 0;
|
||||
}
|
||||
if (iovcnt == 0)
|
||||
break;
|
||||
/* update pointer in partially complete iov */
|
||||
iov[0].iov_base = ((char *)iov[0].iov_base) + rem;
|
||||
iov[0].iov_len -= rem;
|
||||
}
|
||||
}
|
||||
return pos;
|
||||
}
|
||||
|
@ -1,6 +1,7 @@
|
||||
/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */
|
||||
/* $OpenBSD: atomicio.h,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2006 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -25,9 +26,20 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _ATOMICIO_H
|
||||
#define _ATOMICIO_H
|
||||
|
||||
/*
|
||||
* Ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
|
||||
|
||||
#define vwrite (ssize_t (*)(int, void *, size_t))write
|
||||
|
||||
/*
|
||||
* ensure all of data on socket comes through. f==readv || f==writev
|
||||
*/
|
||||
size_t atomiciov(ssize_t (*)(int, const struct iovec *, int),
|
||||
int, const struct iovec *, int);
|
||||
|
||||
#endif /* _ATOMICIO_H */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: audit-bsm.c,v 1.1 2005/02/20 10:08:00 dtucker Exp $ */
|
||||
/* $Id: audit-bsm.c,v 1.4 2006/09/01 05:38:36 djm Exp $ */
|
||||
|
||||
/*
|
||||
* TODO
|
||||
@ -37,8 +37,15 @@
|
||||
#include "includes.h"
|
||||
#if defined(USE_BSM_AUDIT)
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */
|
||||
/* $Id: audit.c,v 1.5 2006/09/01 05:38:36 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
|
||||
@ -26,10 +26,15 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
|
||||
#include "audit.h"
|
||||
#include "log.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
|
||||
/*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
|
||||
/* $Id: audit.h,v 1.3 2006/08/05 14:05:10 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
|
||||
@ -24,8 +24,6 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "auth.h"
|
||||
|
||||
#ifndef _SSH_AUDIT_H
|
||||
# define _SSH_AUDIT_H
|
||||
enum ssh_audit_event_type {
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: auth-bsdauth.c,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -21,13 +22,23 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
|
||||
#ifdef BSD_AUTH
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
static void *
|
||||
@ -69,9 +80,8 @@ bsdauth_query(void *ctx, char **name, char **infotxt,
|
||||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char *));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
(*prompts)[0] = xstrdup(challenge);
|
||||
|
||||
return 0;
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -10,18 +11,31 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <netdb.h>
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
#include "log.h"
|
||||
#include "canohost.h"
|
||||
#include "buffer.h"
|
||||
#include "channels.h"
|
||||
#include "auth-options.h"
|
||||
#include "servconf.h"
|
||||
#include "misc.h"
|
||||
#include "monitor_wrap.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* Flags set authorized_keys flags */
|
||||
int no_port_forwarding_flag = 0;
|
||||
@ -131,7 +145,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
forced_command = NULL;
|
||||
goto bad_option;
|
||||
}
|
||||
forced_command[i] = 0;
|
||||
forced_command[i] = '\0';
|
||||
auth_debug_add("Forced command: %.900s", forced_command);
|
||||
opts++;
|
||||
goto next_option;
|
||||
@ -163,7 +177,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
xfree(s);
|
||||
goto bad_option;
|
||||
}
|
||||
s[i] = 0;
|
||||
s[i] = '\0';
|
||||
auth_debug_add("Adding to environment: %.900s", s);
|
||||
debug("Adding to environment: %.900s", s);
|
||||
opts++;
|
||||
@ -200,7 +214,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
xfree(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
patterns[i] = 0;
|
||||
patterns[i] = '\0';
|
||||
opts++;
|
||||
if (match_host_and_ip(remote_host, remote_ip,
|
||||
patterns) != 1) {
|
||||
@ -245,7 +259,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
xfree(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
patterns[i] = 0;
|
||||
patterns[i] = '\0';
|
||||
opts++;
|
||||
p = patterns;
|
||||
host = hpdelim(&p);
|
||||
@ -293,7 +307,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
forced_tun_device = -1;
|
||||
goto bad_option;
|
||||
}
|
||||
tun[i] = 0;
|
||||
tun[i] = '\0';
|
||||
forced_tun_device = a2tun(tun, NULL);
|
||||
xfree(tun);
|
||||
if (forced_tun_device == SSH_TUNID_ERR) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */
|
||||
/* $OpenBSD: auth-options.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -14,14 +15,27 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#ifdef HAVE_NETGROUP_H
|
||||
# include <netgroup.h>
|
||||
#endif
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "uidswap.h"
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "canohost.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
|
||||
/* import */
|
||||
|
@ -23,11 +23,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $");
|
||||
|
||||
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
#include <shadow.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
|
@ -25,14 +25,6 @@
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_OSF_SIA
|
||||
#include "ssh.h"
|
||||
#include "auth.h"
|
||||
#include "auth-sia.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "canohost.h"
|
||||
#include "uidswap.h"
|
||||
|
||||
#include <sia.h>
|
||||
#include <siad.h>
|
||||
#include <pwd.h>
|
||||
@ -40,8 +32,19 @@
|
||||
#include <setjmp.h>
|
||||
#include <sys/resource.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "ssh.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "auth-sia.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "canohost.h"
|
||||
#include "uidswap.h"
|
||||
|
||||
extern ServerOptions options;
|
||||
extern int saved_argc;
|
||||
extern char **saved_argv;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -28,16 +28,22 @@
|
||||
|
||||
#ifdef GSSAPI
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
#include "dispatch.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "packet.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
#include "ssh-gss.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
extern ServerOptions options;
|
||||
|
||||
@ -100,6 +106,8 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
}
|
||||
|
||||
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
|
||||
if (ctxt != NULL)
|
||||
ssh_gssapi_delete_ctx(&ctxt);
|
||||
xfree(doid);
|
||||
return (0);
|
||||
}
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.11 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,19 +24,27 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-hostbased.c,v 1.6 2004/01/19 21:25:15 markus Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "compat.h"
|
||||
#include "bufaux.h"
|
||||
#include "auth.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "canohost.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "pathnames.h"
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,16 +24,29 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-none.c,v 1.7 2004/05/11 19:01:43 deraadt Exp $");
|
||||
|
||||
#include "auth.h"
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <stdarg.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "servconf.h"
|
||||
#include "atomicio.h"
|
||||
#include "compat.h"
|
||||
#include "ssh2.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
/* import */
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,12 +24,22 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "buffer.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "servconf.h"
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,23 +24,32 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "compat.h"
|
||||
#include "bufaux.h"
|
||||
#include "auth.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "pathnames.h"
|
||||
#include "uidswap.h"
|
||||
#include "auth-options.h"
|
||||
#include "canohost.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "misc.h"
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */
|
||||
/* $OpenBSD: authfd.h,v 1.36 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -16,8 +16,6 @@
|
||||
#ifndef AUTHFD_H
|
||||
#define AUTHFD_H
|
||||
|
||||
#include "buffer.h"
|
||||
|
||||
/* Messages for the authentication agent connection. */
|
||||
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
|
||||
#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: authfile.h,v 1.10 2002/05/23 19:24:30 markus Exp $ */
|
||||
/* $OpenBSD: authfile.h,v 1.13 2006/04/25 08:02:27 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -19,7 +19,8 @@ int key_save_private(Key *, const char *, const char *, const char *);
|
||||
Key *key_load_public(const char *, char **);
|
||||
Key *key_load_public_type(int, const char *, char **);
|
||||
Key *key_load_private(const char *, const char *, char **);
|
||||
Key *key_load_private_type(int, const char *, const char *, char **);
|
||||
Key *key_load_private_type(int, const char *, const char *, char **, int *);
|
||||
Key *key_load_private_pem(int, int, const char *, char **);
|
||||
int key_perm_ok(int, const char *);
|
||||
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */
|
||||
/* $OpenBSD: bufaux.h,v 1.22 2006/03/25 22:22:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
215
crypto/openssh/bufbn.c
Normal file
215
crypto/openssh/bufbn.c
Normal file
@ -0,0 +1,215 @@
|
||||
/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
* Auxiliary functions for storing and retrieving various data types to/from
|
||||
* Buffers.
|
||||
*
|
||||
* As far as I am concerned, the code I have written for this software
|
||||
* can be used freely for any purpose. Any derived versions of this
|
||||
* software must be clearly marked as such, and if the derived work is
|
||||
* incompatible with the protocol description in the RFC file, it must be
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*
|
||||
*
|
||||
* SSH2 packet format added by Markus Friedl
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
|
||||
/*
|
||||
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
|
||||
* by (bits+7)/8 bytes of binary data, msb first.
|
||||
*/
|
||||
int
|
||||
buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
int bits = BN_num_bits(value);
|
||||
int bin_size = (bits + 7) / 8;
|
||||
u_char *buf = xmalloc(bin_size);
|
||||
int oi;
|
||||
char msg[2];
|
||||
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf);
|
||||
if (oi != bin_size) {
|
||||
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
|
||||
oi, bin_size);
|
||||
xfree(buf);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* Store the number of bits in the buffer in two bytes, msb first. */
|
||||
put_u16(msg, bits);
|
||||
buffer_append(buffer, msg, 2);
|
||||
/* Store the binary data. */
|
||||
buffer_append(buffer, buf, oi);
|
||||
|
||||
memset(buf, 0, bin_size);
|
||||
xfree(buf);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
if (buffer_put_bignum_ret(buffer, value) == -1)
|
||||
fatal("buffer_put_bignum: buffer error");
|
||||
}
|
||||
|
||||
/*
|
||||
* Retrieves an BIGNUM from the buffer.
|
||||
*/
|
||||
int
|
||||
buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
u_int bits, bytes;
|
||||
u_char buf[2], *bin;
|
||||
|
||||
/* Get the number for bits. */
|
||||
if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
|
||||
error("buffer_get_bignum_ret: invalid length");
|
||||
return (-1);
|
||||
}
|
||||
bits = get_u16(buf);
|
||||
/* Compute the number of binary bytes that follow. */
|
||||
bytes = (bits + 7) / 8;
|
||||
if (bytes > 8 * 1024) {
|
||||
error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
|
||||
return (-1);
|
||||
}
|
||||
if (buffer_len(buffer) < bytes) {
|
||||
error("buffer_get_bignum_ret: input buffer too small");
|
||||
return (-1);
|
||||
}
|
||||
bin = buffer_ptr(buffer);
|
||||
BN_bin2bn(bin, bytes, value);
|
||||
if (buffer_consume_ret(buffer, bytes) == -1) {
|
||||
error("buffer_get_bignum_ret: buffer_consume failed");
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
if (buffer_get_bignum_ret(buffer, value) == -1)
|
||||
fatal("buffer_get_bignum: buffer error");
|
||||
}
|
||||
|
||||
/*
|
||||
* Stores an BIGNUM in the buffer in SSH2 format.
|
||||
*/
|
||||
int
|
||||
buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
u_int bytes;
|
||||
u_char *buf;
|
||||
int oi;
|
||||
u_int hasnohigh = 0;
|
||||
|
||||
if (BN_is_zero(value)) {
|
||||
buffer_put_int(buffer, 0);
|
||||
return 0;
|
||||
}
|
||||
if (value->neg) {
|
||||
error("buffer_put_bignum2_ret: negative numbers not supported");
|
||||
return (-1);
|
||||
}
|
||||
bytes = BN_num_bytes(value) + 1; /* extra padding byte */
|
||||
if (bytes < 2) {
|
||||
error("buffer_put_bignum2_ret: BN too small");
|
||||
return (-1);
|
||||
}
|
||||
buf = xmalloc(bytes);
|
||||
buf[0] = 0x00;
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf+1);
|
||||
if (oi < 0 || (u_int)oi != bytes - 1) {
|
||||
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
|
||||
"oi %d != bin_size %d", oi, bytes);
|
||||
xfree(buf);
|
||||
return (-1);
|
||||
}
|
||||
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
|
||||
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
|
||||
memset(buf, 0, bytes);
|
||||
xfree(buf);
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
|
||||
{
|
||||
if (buffer_put_bignum2_ret(buffer, value) == -1)
|
||||
fatal("buffer_put_bignum2: buffer error");
|
||||
}
|
||||
|
||||
int
|
||||
buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
u_int len;
|
||||
u_char *bin;
|
||||
|
||||
if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
|
||||
error("buffer_get_bignum2_ret: invalid bignum");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (len > 0 && (bin[0] & 0x80)) {
|
||||
error("buffer_get_bignum2_ret: negative numbers not supported");
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
if (len > 8 * 1024) {
|
||||
error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
|
||||
xfree(bin);
|
||||
return (-1);
|
||||
}
|
||||
BN_bin2bn(bin, len, value);
|
||||
xfree(bin);
|
||||
return (0);
|
||||
}
|
||||
|
||||
void
|
||||
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
if (buffer_get_bignum2_ret(buffer, value) == -1)
|
||||
fatal("buffer_get_bignum2: buffer error");
|
||||
}
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: buffer.c,v 1.31 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -12,12 +13,21 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
|
||||
#define BUFFER_MAX_CHUNK 0x100000
|
||||
#define BUFFER_MAX_LEN 0xa00000
|
||||
#define BUFFER_ALLOCSZ 0x008000
|
||||
|
||||
/* Initializes the buffer structure. */
|
||||
|
||||
void
|
||||
@ -66,6 +76,23 @@ buffer_append(Buffer *buffer, const void *data, u_int len)
|
||||
memcpy(p, data, len);
|
||||
}
|
||||
|
||||
static int
|
||||
buffer_compact(Buffer *buffer)
|
||||
{
|
||||
/*
|
||||
* If the buffer is quite empty, but all data is at the end, move the
|
||||
* data to the beginning.
|
||||
*/
|
||||
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
|
||||
memmove(buffer->buf, buffer->buf + buffer->offset,
|
||||
buffer->end - buffer->offset);
|
||||
buffer->end -= buffer->offset;
|
||||
buffer->offset = 0;
|
||||
return (1);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Appends space to the buffer, expanding the buffer if necessary. This does
|
||||
* not actually copy the data into the buffer, but instead returns a pointer
|
||||
@ -93,29 +120,43 @@ restart:
|
||||
buffer->end += len;
|
||||
return p;
|
||||
}
|
||||
/*
|
||||
* If the buffer is quite empty, but all data is at the end, move the
|
||||
* data to the beginning and retry.
|
||||
*/
|
||||
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
|
||||
memmove(buffer->buf, buffer->buf + buffer->offset,
|
||||
buffer->end - buffer->offset);
|
||||
buffer->end -= buffer->offset;
|
||||
buffer->offset = 0;
|
||||
goto restart;
|
||||
}
|
||||
/* Increase the size of the buffer and retry. */
|
||||
|
||||
newlen = buffer->alloc + len + 32768;
|
||||
/* Compact data back to the start of the buffer if necessary */
|
||||
if (buffer_compact(buffer))
|
||||
goto restart;
|
||||
|
||||
/* Increase the size of the buffer and retry. */
|
||||
newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
|
||||
if (newlen > BUFFER_MAX_LEN)
|
||||
fatal("buffer_append_space: alloc %u not supported",
|
||||
newlen);
|
||||
buffer->buf = xrealloc(buffer->buf, newlen);
|
||||
buffer->buf = xrealloc(buffer->buf, 1, newlen);
|
||||
buffer->alloc = newlen;
|
||||
goto restart;
|
||||
/* NOTREACHED */
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether an allocation of 'len' will fit in the buffer
|
||||
* This must follow the same math as buffer_append_space
|
||||
*/
|
||||
int
|
||||
buffer_check_alloc(Buffer *buffer, u_int len)
|
||||
{
|
||||
if (buffer->offset == buffer->end) {
|
||||
buffer->offset = 0;
|
||||
buffer->end = 0;
|
||||
}
|
||||
restart:
|
||||
if (buffer->end + len < buffer->alloc)
|
||||
return (1);
|
||||
if (buffer_compact(buffer))
|
||||
goto restart;
|
||||
if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN)
|
||||
return (1);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/* Returns the number of bytes of data in the buffer. */
|
||||
|
||||
u_int
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */
|
||||
/* $OpenBSD: buffer.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -23,9 +23,6 @@ typedef struct {
|
||||
u_int end; /* Offset of last byte containing data. */
|
||||
} Buffer;
|
||||
|
||||
#define BUFFER_MAX_CHUNK 0x100000
|
||||
#define BUFFER_MAX_LEN 0xa00000
|
||||
|
||||
void buffer_init(Buffer *);
|
||||
void buffer_clear(Buffer *);
|
||||
void buffer_free(Buffer *);
|
||||
@ -36,6 +33,8 @@ void *buffer_ptr(Buffer *);
|
||||
void buffer_append(Buffer *, const void *, u_int);
|
||||
void *buffer_append_space(Buffer *, u_int);
|
||||
|
||||
int buffer_check_alloc(Buffer *, u_int);
|
||||
|
||||
void buffer_get(Buffer *, void *, u_int);
|
||||
|
||||
void buffer_consume(Buffer *, u_int);
|
||||
@ -47,4 +46,40 @@ int buffer_get_ret(Buffer *, void *, u_int);
|
||||
int buffer_consume_ret(Buffer *, u_int);
|
||||
int buffer_consume_end_ret(Buffer *, u_int);
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
void buffer_put_bignum(Buffer *, const BIGNUM *);
|
||||
void buffer_put_bignum2(Buffer *, const BIGNUM *);
|
||||
void buffer_get_bignum(Buffer *, BIGNUM *);
|
||||
void buffer_get_bignum2(Buffer *, BIGNUM *);
|
||||
|
||||
u_short buffer_get_short(Buffer *);
|
||||
void buffer_put_short(Buffer *, u_short);
|
||||
|
||||
u_int buffer_get_int(Buffer *);
|
||||
void buffer_put_int(Buffer *, u_int);
|
||||
|
||||
u_int64_t buffer_get_int64(Buffer *);
|
||||
void buffer_put_int64(Buffer *, u_int64_t);
|
||||
|
||||
int buffer_get_char(Buffer *);
|
||||
void buffer_put_char(Buffer *, int);
|
||||
|
||||
void *buffer_get_string(Buffer *, u_int *);
|
||||
void buffer_put_string(Buffer *, const void *, u_int);
|
||||
void buffer_put_cstring(Buffer *, const char *);
|
||||
|
||||
#define buffer_skip_string(b) \
|
||||
do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
|
||||
|
||||
int buffer_put_bignum_ret(Buffer *, const BIGNUM *);
|
||||
int buffer_get_bignum_ret(Buffer *, BIGNUM *);
|
||||
int buffer_put_bignum2_ret(Buffer *, const BIGNUM *);
|
||||
int buffer_get_bignum2_ret(Buffer *, BIGNUM *);
|
||||
int buffer_get_short_ret(u_short *, Buffer *);
|
||||
int buffer_get_int_ret(u_int *, Buffer *);
|
||||
int buffer_get_int64_ret(u_int64_t *, Buffer *);
|
||||
void *buffer_get_string_ret(Buffer *, u_int *);
|
||||
int buffer_get_char_ret(char *, Buffer *);
|
||||
|
||||
#endif /* BUFFER_H */
|
||||
|
@ -35,7 +35,7 @@ SSHDGID=67 # Default privsep gid
|
||||
SYSVINITSTART=S98
|
||||
SYSVINITSTOPT=K30
|
||||
# We will source these if they exist
|
||||
POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh
|
||||
POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh
|
||||
POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
|
||||
# We'll be one level deeper looking for these
|
||||
PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
|
||||
@ -46,6 +46,8 @@ PKG_REQUEST_LOCAL=../pkg-request.local
|
||||
# end of sourced files
|
||||
#
|
||||
OPENSSHD=opensshd.init
|
||||
OPENSSH_MANIFEST=openssh.xml
|
||||
OPENSSH_FMRI=svc:/site/openssh:default
|
||||
|
||||
PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
|
||||
PATH_USERADD_PROG=@PATH_USERADD_PROG@
|
||||
@ -60,6 +62,10 @@ SYSTEM_DIR="/etc \
|
||||
/etc/rc1.d \
|
||||
/etc/rc2.d \
|
||||
/etc/opt \
|
||||
/lib \
|
||||
/lib/svc \
|
||||
/lib/svc/method \
|
||||
/lib/svc/method/site \
|
||||
/opt \
|
||||
/opt/bin \
|
||||
/usr \
|
||||
@ -82,6 +88,9 @@ SYSTEM_DIR="/etc \
|
||||
/var \
|
||||
/var/opt \
|
||||
/var/run \
|
||||
/var/svc \
|
||||
/var/svc/manifest \
|
||||
/var/svc/manifest/site \
|
||||
/var/tmp \
|
||||
/tmp"
|
||||
|
||||
@ -119,6 +128,12 @@ do
|
||||
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
|
||||
done
|
||||
|
||||
## Are we using Solaris' SMF?
|
||||
DO_SMF=0
|
||||
if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1
|
||||
then
|
||||
DO_SMF=1
|
||||
fi
|
||||
|
||||
## Collect value of privsep user
|
||||
for confvar in SSH_PRIVSEP_USER
|
||||
@ -168,10 +183,25 @@ then
|
||||
fi
|
||||
|
||||
## Setup our run level stuff while we are at it.
|
||||
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
# For Solaris' SMF, /lib/svc/method/site is the preferred place
|
||||
# for start/stop scripts that aren't supplied with the OS, and
|
||||
# similarly /var/svc/manifest/site for manifests.
|
||||
mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site
|
||||
mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
|
||||
|
||||
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
|
||||
chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
|
||||
|
||||
cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
|
||||
chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST}
|
||||
else
|
||||
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
|
||||
|
||||
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||
fi
|
||||
|
||||
[ "${PERMIT_ROOT_LOGIN}" = no ] && \
|
||||
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
|
||||
@ -221,15 +251,22 @@ touch depend
|
||||
|
||||
## Build space file
|
||||
echo "Building space file..."
|
||||
cat > space << _EOF
|
||||
# extra space required by start/stop links added by installf in postinstall
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
# XXX Is this necessary? If not, remove space line from mk-proto.awk.
|
||||
touch space
|
||||
else
|
||||
cat > space << _EOF
|
||||
# extra space required by start/stop links added by installf
|
||||
# in postinstall
|
||||
$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
|
||||
$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
|
||||
_EOF
|
||||
[ "$RC1_D" = no ] || \
|
||||
echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
|
||||
[ "$RCS_D" = yes ] && \
|
||||
echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
|
||||
[ "$RC1_D" = no ] || \
|
||||
echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
|
||||
[ "$RCS_D" = yes ] && \
|
||||
echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
|
||||
fi
|
||||
|
||||
## Build preinstall file
|
||||
echo "Building preinstall file..."
|
||||
@ -243,7 +280,16 @@ _EOF
|
||||
|
||||
cat >> preinstall << _EOF
|
||||
#
|
||||
[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||
if [ "\${PRE_INS_STOP}" = "yes" ]
|
||||
then
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
svcadm disable $OPENSSH_FMRI
|
||||
else
|
||||
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
_EOF
|
||||
|
||||
@ -265,28 +311,41 @@ cat > postinstall << _EOF
|
||||
}
|
||||
|
||||
# make rc?.d dirs only if we are doing a test install
|
||||
[ -n "${TEST_DIR}" ] && {
|
||||
[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {
|
||||
[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
|
||||
mkdir -p ${TEST_DIR}/etc/rc0.d
|
||||
[ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
|
||||
mkdir -p ${TEST_DIR}/etc/rc2.d
|
||||
}
|
||||
|
||||
if [ "\${USE_SYM_LINKS}" = yes ]
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
[ "$RCS_D" = yes ] && \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
[ "$RC1_D" = no ] || \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
# Delete the existing service, if it exists, then import the
|
||||
# new one.
|
||||
if svcs $OPENSSH_FMRI > /dev/null 2>&1
|
||||
then
|
||||
svccfg delete -f $OPENSSH_FMRI
|
||||
fi
|
||||
# NOTE, if manifest enables sshd by default, this will actually
|
||||
# start the daemon, which may not be what the user wants.
|
||||
svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST
|
||||
else
|
||||
[ "$RCS_D" = yes ] && \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
[ "$RC1_D" = no ] || \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
if [ "\${USE_SYM_LINKS}" = yes ]
|
||||
then
|
||||
[ "$RCS_D" = yes ] && \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
[ "$RC1_D" = no ] || \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
else
|
||||
[ "$RCS_D" = yes ] && \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
[ "$RC1_D" = no ] || \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
fi
|
||||
fi
|
||||
|
||||
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
|
||||
@ -311,14 +370,7 @@ then
|
||||
chroot=echo
|
||||
fi
|
||||
|
||||
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
|
||||
then
|
||||
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
|
||||
echo "or group."
|
||||
else
|
||||
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
|
||||
|
||||
# user required?
|
||||
echo "PrivilegeSeparation user always required."
|
||||
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||
then
|
||||
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
|
||||
@ -363,9 +415,18 @@ else
|
||||
\$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
|
||||
\$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
|
||||
}
|
||||
fi
|
||||
|
||||
[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
|
||||
if [ "\${POST_INS_START}" = "yes" ]
|
||||
then
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
# See svccfg import note above. The service may already
|
||||
# be started.
|
||||
svcadm enable $OPENSSH_FMRI
|
||||
else
|
||||
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
|
||||
fi
|
||||
fi
|
||||
exit 0
|
||||
_EOF
|
||||
|
||||
@ -374,7 +435,12 @@ echo "Building preremove file..."
|
||||
cat > preremove << _EOF
|
||||
#! ${SCRIPT_SHELL}
|
||||
#
|
||||
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
svcadm disable $OPENSSH_FMRI
|
||||
else
|
||||
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||
fi
|
||||
_EOF
|
||||
|
||||
# local preremove changes here
|
||||
@ -389,6 +455,13 @@ echo "Building postremove file..."
|
||||
cat > postremove << _EOF
|
||||
#! ${SCRIPT_SHELL}
|
||||
#
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
if svcs $OPENSSH_FMRI > /dev/null 2>&1
|
||||
then
|
||||
svccfg delete -f $OPENSSH_FMRI
|
||||
fi
|
||||
fi
|
||||
_EOF
|
||||
|
||||
# local postremove changes here
|
||||
@ -454,7 +527,45 @@ done
|
||||
|
||||
_EOF
|
||||
|
||||
cat >> request << _EOF
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
# This could get hairy, as the running sshd may not be under SMF.
|
||||
# We'll assume an earlier version of OpenSSH started via SMF.
|
||||
cat >> request << _EOF
|
||||
PRE_INS_STOP=no
|
||||
POST_INS_START=no
|
||||
# determine if should restart the daemon
|
||||
if [ -s ${piddir}/sshd.pid ] && \
|
||||
/usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
|
||||
then
|
||||
ans=\`ckyorn -d n \
|
||||
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
|
||||
case \$ans in
|
||||
[y,Y]*) PRE_INS_STOP=yes
|
||||
POST_INS_START=yes
|
||||
;;
|
||||
esac
|
||||
|
||||
else
|
||||
|
||||
# determine if we should start sshd
|
||||
ans=\`ckyorn -d n \
|
||||
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
|
||||
case \$ans in
|
||||
[y,Y]*) POST_INS_START=yes ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# make parameters available to installation service,
|
||||
# and so to any other packaging scripts
|
||||
cat >\$1 <<!
|
||||
PRE_INS_STOP='\$PRE_INS_STOP'
|
||||
POST_INS_START='\$POST_INS_START'
|
||||
!
|
||||
|
||||
_EOF
|
||||
else
|
||||
cat >> request << _EOF
|
||||
USE_SYM_LINKS=no
|
||||
PRE_INS_STOP=no
|
||||
POST_INS_START=no
|
||||
@ -495,6 +606,7 @@ POST_INS_START='\$POST_INS_START'
|
||||
!
|
||||
|
||||
_EOF
|
||||
fi
|
||||
|
||||
# local request changes here
|
||||
[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: canohost.h,v 1.8 2001/06/26 17:27:23 markus Exp $ */
|
||||
/* $OpenBSD: canohost.h,v 1.9 2006/03/25 22:22:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: cipher-3des1.c,v 1.6 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,9 +24,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-3des1.c,v 1.2 2003/12/22 20:29:55 markus Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
|
@ -15,9 +15,10 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $");
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||
|
||||
|
@ -28,9 +28,13 @@
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#ifdef USE_BUILTIN_RIJNDAEL
|
||||
RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "rijndael.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: cipher-bf1.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,9 +24,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
|
||||
*
|
||||
@ -14,12 +15,16 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
/* compatibility with old or broken OpenSSL versions */
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
|
||||
*
|
||||
@ -13,8 +14,13 @@
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cleanup.c,v 1.1 2003/09/23 20:17:11 markus Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -59,20 +60,43 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.149 2005/12/30 15:56:37 reyk Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/param.h>
|
||||
#ifdef HAVE_SYS_STAT_H
|
||||
# include <sys/stat.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_TIME_H
|
||||
# include <sys/time.h>
|
||||
#endif
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
#include <paths.h>
|
||||
#endif
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <termios.h>
|
||||
#include <pwd.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "compat.h"
|
||||
#include "channels.h"
|
||||
#include "dispatch.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "readconf.h"
|
||||
@ -118,7 +142,7 @@ static volatile sig_atomic_t received_signal = 0;
|
||||
static int in_non_blocking_mode = 0;
|
||||
|
||||
/* Common data for the client loop code. */
|
||||
static int quit_pending; /* Set to non-zero to quit the client loop. */
|
||||
static volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
|
||||
static int escape_char; /* Escape character. */
|
||||
static int escape_pending; /* Last character was the escape character */
|
||||
static int last_was_cr; /* Last character was a newline. */
|
||||
@ -178,7 +202,7 @@ enter_non_blocking(void)
|
||||
* Signal handler for the window change signal (SIGWINCH). This just sets a
|
||||
* flag indicating that the window has changed.
|
||||
*/
|
||||
|
||||
/*ARGSUSED */
|
||||
static void
|
||||
window_change_handler(int sig)
|
||||
{
|
||||
@ -190,7 +214,7 @@ window_change_handler(int sig)
|
||||
* Signal handler for signals that cause the program to terminate. These
|
||||
* signals must be trapped to restore terminal modes.
|
||||
*/
|
||||
|
||||
/*ARGSUSED */
|
||||
static void
|
||||
signal_handler(int sig)
|
||||
{
|
||||
@ -422,10 +446,10 @@ client_check_window_change(void)
|
||||
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
|
||||
return;
|
||||
packet_start(SSH_CMSG_WINDOW_SIZE);
|
||||
packet_put_int(ws.ws_row);
|
||||
packet_put_int(ws.ws_col);
|
||||
packet_put_int(ws.ws_xpixel);
|
||||
packet_put_int(ws.ws_ypixel);
|
||||
packet_put_int((u_int)ws.ws_row);
|
||||
packet_put_int((u_int)ws.ws_col);
|
||||
packet_put_int((u_int)ws.ws_xpixel);
|
||||
packet_put_int((u_int)ws.ws_ypixel);
|
||||
packet_send();
|
||||
}
|
||||
}
|
||||
@ -569,7 +593,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
|
||||
}
|
||||
|
||||
static void
|
||||
client_process_net_input(fd_set * readset)
|
||||
client_process_net_input(fd_set *readset)
|
||||
{
|
||||
int len;
|
||||
char buf[8192];
|
||||
@ -677,7 +701,7 @@ client_extra_session2_setup(int id, void *arg)
|
||||
}
|
||||
|
||||
static void
|
||||
client_process_control(fd_set * readset)
|
||||
client_process_control(fd_set *readset)
|
||||
{
|
||||
Buffer m;
|
||||
Channel *c;
|
||||
@ -808,8 +832,7 @@ client_process_control(fd_set * readset)
|
||||
return;
|
||||
}
|
||||
|
||||
cctx = xmalloc(sizeof(*cctx));
|
||||
memset(cctx, 0, sizeof(*cctx));
|
||||
cctx = xcalloc(1, sizeof(*cctx));
|
||||
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
|
||||
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
|
||||
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
|
||||
@ -824,7 +847,7 @@ client_process_control(fd_set * readset)
|
||||
env_len = MIN(env_len, 4096);
|
||||
debug3("%s: receiving %d env vars", __func__, env_len);
|
||||
if (env_len != 0) {
|
||||
cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
|
||||
cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env));
|
||||
for (i = 0; i < env_len; i++)
|
||||
cctx->env[i] = buffer_get_string(&m, &len);
|
||||
cctx->env[i] = NULL;
|
||||
@ -832,6 +855,7 @@ client_process_control(fd_set * readset)
|
||||
|
||||
debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
|
||||
cctx->want_tty, cctx->want_subsys, cmd);
|
||||
xfree(cmd);
|
||||
|
||||
/* Gather fds from client */
|
||||
new_fd[0] = mm_receive_fd(client_fd);
|
||||
@ -912,12 +936,16 @@ process_cmdline(void)
|
||||
|
||||
if (*s == 'h' || *s == 'H' || *s == '?') {
|
||||
logit("Commands:");
|
||||
logit(" -Lport:host:hostport Request local forward");
|
||||
logit(" -Rport:host:hostport Request remote forward");
|
||||
logit(" -KRhostport Cancel remote forward");
|
||||
logit(" -L[bind_address:]port:host:hostport "
|
||||
"Request local forward");
|
||||
logit(" -R[bind_address:]port:host:hostport "
|
||||
"Request remote forward");
|
||||
logit(" -KR[bind_address:]port "
|
||||
"Cancel remote forward");
|
||||
if (!options.permit_local_command)
|
||||
goto out;
|
||||
logit(" !args Execute local command");
|
||||
logit(" !args "
|
||||
"Execute local command");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -978,9 +1006,12 @@ process_cmdline(void)
|
||||
goto out;
|
||||
}
|
||||
} else {
|
||||
channel_request_remote_forwarding(fwd.listen_host,
|
||||
if (channel_request_remote_forwarding(fwd.listen_host,
|
||||
fwd.listen_port, fwd.connect_host,
|
||||
fwd.connect_port);
|
||||
fwd.connect_port) < 0) {
|
||||
logit("Port forwarding failed.");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
logit("Forwarding port.");
|
||||
@ -1172,7 +1203,7 @@ Supported escape sequences:\r\n\
|
||||
}
|
||||
|
||||
static void
|
||||
client_process_input(fd_set * readset)
|
||||
client_process_input(fd_set *readset)
|
||||
{
|
||||
int len;
|
||||
char buf[8192];
|
||||
@ -1225,7 +1256,7 @@ client_process_input(fd_set * readset)
|
||||
}
|
||||
|
||||
static void
|
||||
client_process_output(fd_set * writeset)
|
||||
client_process_output(fd_set *writeset)
|
||||
{
|
||||
int len;
|
||||
char buf[100];
|
||||
@ -1869,10 +1900,10 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
|
||||
|
||||
channel_request_start(id, "pty-req", 0);
|
||||
packet_put_cstring(term != NULL ? term : "");
|
||||
packet_put_int(ws.ws_col);
|
||||
packet_put_int(ws.ws_row);
|
||||
packet_put_int(ws.ws_xpixel);
|
||||
packet_put_int(ws.ws_ypixel);
|
||||
packet_put_int((u_int)ws.ws_col);
|
||||
packet_put_int((u_int)ws.ws_row);
|
||||
packet_put_int((u_int)ws.ws_xpixel);
|
||||
packet_put_int((u_int)ws.ws_ypixel);
|
||||
tio = get_saved_tio();
|
||||
tty_make_modes(-1, tiop != NULL ? tiop : &tio);
|
||||
packet_send();
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.16 2006/03/25 22:22:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -35,6 +35,8 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <termios.h>
|
||||
|
||||
/* Client side main loop for the interactive session. */
|
||||
int client_loop(int, int, int);
|
||||
void client_x11_get_proto(const char *, const char *, u_int,
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: compress.c,v 1.25 2006/08/06 01:13:32 stevesk Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -12,11 +13,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: compress.c,v 1.21 2004/01/13 19:45:15 markus Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <zlib.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "zlib.h"
|
||||
#include "compress.h"
|
||||
|
||||
z_stream incoming_stream;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: compress.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */
|
||||
/* $OpenBSD: compress.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */
|
||||
/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
@ -99,7 +99,7 @@ ssh_crc32(const u_char *buf, u_int32_t size)
|
||||
u_int32_t i, crc;
|
||||
|
||||
crc = 0;
|
||||
for (i = 0; i < size; i++)
|
||||
for (i = 0; i < size; i++)
|
||||
crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
|
||||
return crc;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */
|
||||
/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */
|
||||
/*
|
||||
* Cryptographic attack detector for ssh - source code
|
||||
*
|
||||
@ -18,14 +19,36 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "deattack.h"
|
||||
#include "log.h"
|
||||
#include "crc32.h"
|
||||
#include "getput.h"
|
||||
#include "xmalloc.h"
|
||||
#include "deattack.h"
|
||||
#include "misc.h"
|
||||
|
||||
/*
|
||||
* CRC attack detection has a worst-case behaviour that is O(N^3) over
|
||||
* the number of identical blocks in a packet. This behaviour can be
|
||||
* exploited to create a limited denial of service attack.
|
||||
*
|
||||
* However, because we are dealing with encrypted data, identical
|
||||
* blocks should only occur every 2^35 maximally-sized packets or so.
|
||||
* Consequently, we can detect this DoS by looking for identical blocks
|
||||
* in a packet.
|
||||
*
|
||||
* The parameter below determines how many identical blocks we will
|
||||
* accept in a single packet, trading off between attack detection and
|
||||
* likelihood of terminating a legitimate connection. A value of 32
|
||||
* corresponds to an average of 2^40 messages before an attack is
|
||||
* misdetected
|
||||
*/
|
||||
#define MAX_IDENTICAL 32
|
||||
|
||||
/* SSH Constants */
|
||||
#define SSH_MAXBLOCKS (32 * 1024)
|
||||
@ -43,7 +66,7 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
|
||||
|
||||
|
||||
/* Hash function (Input keys are cipher results) */
|
||||
#define HASH(x) GET_32BIT(x)
|
||||
#define HASH(x) get_u32(x)
|
||||
|
||||
#define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE))
|
||||
|
||||
@ -51,22 +74,17 @@ static void
|
||||
crc_update(u_int32_t *a, u_int32_t b)
|
||||
{
|
||||
b ^= *a;
|
||||
*a = ssh_crc32((u_char *) &b, sizeof(b));
|
||||
*a = ssh_crc32((u_char *)&b, sizeof(b));
|
||||
}
|
||||
|
||||
/* detect if a block is used in a particular pattern */
|
||||
static int
|
||||
check_crc(u_char *S, u_char *buf, u_int32_t len,
|
||||
u_char *IV)
|
||||
check_crc(u_char *S, u_char *buf, u_int32_t len)
|
||||
{
|
||||
u_int32_t crc;
|
||||
u_char *c;
|
||||
|
||||
crc = 0;
|
||||
if (IV && !CMP(S, IV)) {
|
||||
crc_update(&crc, 1);
|
||||
crc_update(&crc, 0);
|
||||
}
|
||||
for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
|
||||
if (!CMP(S, c)) {
|
||||
crc_update(&crc, 1);
|
||||
@ -82,12 +100,12 @@ check_crc(u_char *S, u_char *buf, u_int32_t len,
|
||||
|
||||
/* Detect a crc32 compensation attack on a packet */
|
||||
int
|
||||
detect_attack(u_char *buf, u_int32_t len, u_char *IV)
|
||||
detect_attack(u_char *buf, u_int32_t len)
|
||||
{
|
||||
static u_int16_t *h = (u_int16_t *) NULL;
|
||||
static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
|
||||
u_int32_t i, j;
|
||||
u_int32_t l;
|
||||
u_int32_t l, same;
|
||||
u_char *c;
|
||||
u_char *d;
|
||||
|
||||
@ -100,26 +118,20 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
|
||||
|
||||
if (h == NULL) {
|
||||
debug("Installing crc compensation attack detector.");
|
||||
h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
|
||||
h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
|
||||
n = l;
|
||||
} else {
|
||||
if (l > n) {
|
||||
h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
|
||||
h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
|
||||
n = l;
|
||||
}
|
||||
}
|
||||
|
||||
if (len <= HASH_MINBLOCKS) {
|
||||
for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
|
||||
if (IV && (!CMP(c, IV))) {
|
||||
if ((check_crc(c, buf, len, IV)))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
}
|
||||
for (d = buf; d < c; d += SSH_BLOCKSIZE) {
|
||||
if (!CMP(c, d)) {
|
||||
if ((check_crc(c, buf, len, IV)))
|
||||
if ((check_crc(c, buf, len)))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
@ -130,21 +142,13 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
|
||||
}
|
||||
memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
|
||||
|
||||
if (IV)
|
||||
h[HASH(IV) & (n - 1)] = HASH_IV;
|
||||
|
||||
for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
|
||||
for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
|
||||
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
|
||||
i = (i + 1) & (n - 1)) {
|
||||
if (h[i] == HASH_IV) {
|
||||
if (!CMP(c, IV)) {
|
||||
if (check_crc(c, buf, len, IV))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
}
|
||||
} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
|
||||
if (check_crc(c, buf, len, IV))
|
||||
if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
|
||||
if (++same > MAX_IDENTICAL)
|
||||
return (DEATTACK_DOS_DETECTED);
|
||||
if (check_crc(c, buf, len))
|
||||
return (DEATTACK_DETECTED);
|
||||
else
|
||||
break;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: deattack.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */
|
||||
/* $OpenBSD: deattack.h,v 1.10 2006/09/16 19:53:37 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Cryptographic attack detector for ssh - Header file
|
||||
@ -25,6 +25,7 @@
|
||||
/* Return codes */
|
||||
#define DEATTACK_OK 0
|
||||
#define DEATTACK_DETECTED 1
|
||||
#define DEATTACK_DOS_DETECTED 2
|
||||
|
||||
int detect_attack(u_char *, u_int32_t, u_char[8]);
|
||||
int detect_attack(u_char *, u_int32_t);
|
||||
#endif
|
||||
|
@ -25,12 +25,12 @@
|
||||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.130 2005/12/17 11:04:09 dtucker Exp $ */
|
||||
/* $Id: defines.h,v 1.138 2006/09/21 13:13:30 dtucker Exp $ */
|
||||
|
||||
|
||||
/* Constants */
|
||||
|
||||
#ifndef SHUT_RDWR
|
||||
#if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0
|
||||
enum
|
||||
{
|
||||
SHUT_RD = 0, /* No more receptions. */
|
||||
@ -90,8 +90,8 @@ enum
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef O_NONBLOCK /* Non Blocking Open */
|
||||
# define O_NONBLOCK 00004
|
||||
#if defined(HAVE_DECL_O_NONBLOCK) && HAVE_DECL_O_NONBLOCK == 0
|
||||
# define O_NONBLOCK 00004 /* Non Blocking Open */
|
||||
#endif
|
||||
|
||||
#ifndef S_ISDIR
|
||||
@ -143,16 +143,11 @@ including rpc/rpc.h breaks Solaris 6
|
||||
#define INADDR_LOOPBACK ((u_long)0x7f000001)
|
||||
#endif
|
||||
|
||||
#ifndef __unused
|
||||
#define __unused
|
||||
#endif
|
||||
|
||||
/* Types */
|
||||
|
||||
/* If sys/types.h does not supply intXX_t, supply them ourselves */
|
||||
/* (or die trying) */
|
||||
|
||||
|
||||
#ifndef HAVE_U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
@ -496,6 +491,22 @@ struct winsize {
|
||||
# define offsetof(type, member) ((size_t) &((type *)0)->member)
|
||||
#endif
|
||||
|
||||
/* Set up BSD-style BYTE_ORDER definition if it isn't there already */
|
||||
/* XXX: doesn't try to cope with strange byte orders (PDP_ENDIAN) */
|
||||
#ifndef BYTE_ORDER
|
||||
# ifndef LITTLE_ENDIAN
|
||||
# define LITTLE_ENDIAN 1234
|
||||
# endif /* LITTLE_ENDIAN */
|
||||
# ifndef BIG_ENDIAN
|
||||
# define BIG_ENDIAN 4321
|
||||
# endif /* BIG_ENDIAN */
|
||||
# ifdef WORDS_BIGENDIAN
|
||||
# define BYTE_ORDER BIG_ENDIAN
|
||||
# else /* WORDS_BIGENDIAN */
|
||||
# define BYTE_ORDER LITTLE_ENDIAN
|
||||
# endif /* WORDS_BIGENDIAN */
|
||||
#endif /* BYTE_ORDER */
|
||||
|
||||
/* Function replacement / compatibility hacks */
|
||||
|
||||
#if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO))
|
||||
@ -517,19 +528,6 @@ struct winsize {
|
||||
# define optarg BSDoptarg
|
||||
#endif
|
||||
|
||||
/* In older versions of libpam, pam_strerror takes a single argument */
|
||||
#ifdef HAVE_OLD_PAM
|
||||
# define PAM_STRERROR(a,b) pam_strerror((b))
|
||||
#else
|
||||
# define PAM_STRERROR(a,b) pam_strerror((a),(b))
|
||||
#endif
|
||||
|
||||
#ifdef PAM_SUN_CODEBASE
|
||||
# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
|
||||
#else
|
||||
# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
|
||||
#endif
|
||||
|
||||
#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO)
|
||||
# undef HAVE_GETADDRINFO
|
||||
#endif
|
||||
@ -544,6 +542,11 @@ struct winsize {
|
||||
# undef HAVE_UPDWTMPX
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \
|
||||
defined(SYSLOG_R_SAFE_IN_SIGHAND)
|
||||
# define DO_LOG_SAFE_IN_SIGHAND
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
|
||||
# define memmove(s1, s2, n) bcopy((s2), (s1), (n))
|
||||
#endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
|
||||
@ -553,6 +556,7 @@ struct winsize {
|
||||
#endif /* defined(HAVE_VHANGUP) && !defined(HAVE_DEV_PTMX) */
|
||||
|
||||
#ifndef GETPGRP_VOID
|
||||
# include <unistd.h>
|
||||
# define getpgrp() getpgrp(0)
|
||||
#endif
|
||||
|
||||
@ -715,12 +719,14 @@ struct winsize {
|
||||
# undef HAVE_MMAP
|
||||
#endif
|
||||
|
||||
/* some system headers on HP-UX define YES/NO */
|
||||
#ifdef YES
|
||||
# undef YES
|
||||
#endif
|
||||
#ifdef NO
|
||||
# undef NO
|
||||
#ifndef IOV_MAX
|
||||
# if defined(_XOPEN_IOV_MAX)
|
||||
# define IOV_MAX _XOPEN_IOV_MAX
|
||||
# elif defined(DEF_IOV_MAX)
|
||||
# define IOV_MAX DEF_IOV_MAX
|
||||
# else
|
||||
# define IOV_MAX 16
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#endif /* _DEFINES_H */
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
*
|
||||
@ -23,17 +24,17 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "dh.h"
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
@ -44,9 +45,11 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
||||
{
|
||||
char *cp, *arg;
|
||||
char *strsize, *gen, *prime;
|
||||
const char *errstr = NULL;
|
||||
|
||||
cp = line;
|
||||
arg = strdelim(&cp);
|
||||
if ((arg = strdelim(&cp)) == NULL)
|
||||
return 0;
|
||||
/* Ignore leading whitespace */
|
||||
if (*arg == '\0')
|
||||
arg = strdelim(&cp);
|
||||
@ -67,7 +70,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
||||
goto fail;
|
||||
strsize = strsep(&cp, " "); /* size */
|
||||
if (cp == NULL || *strsize == '\0' ||
|
||||
(dhg->size = atoi(strsize)) == 0)
|
||||
(dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
|
||||
errstr)
|
||||
goto fail;
|
||||
/* The whole group is one bit larger */
|
||||
dhg->size++;
|
||||
@ -178,19 +182,36 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
|
||||
int i;
|
||||
int n = BN_num_bits(dh_pub);
|
||||
int bits_set = 0;
|
||||
BIGNUM *tmp;
|
||||
|
||||
if (dh_pub->neg) {
|
||||
logit("invalid public DH value: negativ");
|
||||
return 0;
|
||||
}
|
||||
if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */
|
||||
logit("invalid public DH value: <= 1");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((tmp = BN_new()) == NULL)
|
||||
return (-1);
|
||||
if (!BN_sub(tmp, dh->p, BN_value_one()) ||
|
||||
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
|
||||
BN_clear_free(tmp);
|
||||
logit("invalid public DH value: >= p-1");
|
||||
return 0;
|
||||
}
|
||||
BN_clear_free(tmp);
|
||||
|
||||
for (i = 0; i <= n; i++)
|
||||
if (BN_is_bit_set(dh_pub, i))
|
||||
bits_set++;
|
||||
debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
|
||||
|
||||
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
|
||||
if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
|
||||
if (bits_set > 1)
|
||||
return 1;
|
||||
|
||||
logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */
|
||||
/* $OpenBSD: dh.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: dispatch.c,v 1.21 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -21,8 +22,13 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dispatch.c,v 1.16 2003/04/08 20:21:28 itojun Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
@ -76,7 +82,7 @@ dispatch_set(int type, dispatch_fn *fn)
|
||||
dispatch[type] = fn;
|
||||
}
|
||||
void
|
||||
dispatch_run(int mode, int *done, void *ctxt)
|
||||
dispatch_run(int mode, volatile sig_atomic_t *done, void *ctxt)
|
||||
{
|
||||
for (;;) {
|
||||
int type;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dispatch.h,v 1.9 2002/01/11 13:39:36 markus Exp $ */
|
||||
/* $OpenBSD: dispatch.h,v 1.11 2006/04/20 09:27:09 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -23,6 +23,9 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <signal.h>
|
||||
|
||||
enum {
|
||||
DISPATCH_BLOCK,
|
||||
DISPATCH_NONBLOCK
|
||||
@ -33,6 +36,6 @@ typedef void dispatch_fn(int, u_int32_t, void *);
|
||||
void dispatch_init(dispatch_fn *);
|
||||
void dispatch_set(int, dispatch_fn *);
|
||||
void dispatch_range(u_int, u_int, dispatch_fn *);
|
||||
void dispatch_run(int, int *, void *);
|
||||
void dispatch_run(int, volatile sig_atomic_t *, void *);
|
||||
void dispatch_protocol_error(int, u_int32_t, void *);
|
||||
void dispatch_protocol_ignore(int, u_int32_t, void *);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -26,9 +26,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <netdb.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
@ -122,7 +127,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
|
||||
*digest = (u_char *) xmalloc(*digest_len);
|
||||
memcpy(*digest, rdata + 2, *digest_len);
|
||||
} else {
|
||||
*digest = xstrdup("");
|
||||
*digest = (u_char *)xstrdup("");
|
||||
}
|
||||
|
||||
success = 1;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.h,v 1.6 2005/10/17 14:13:35 stevesk Exp $ */
|
||||
/* $OpenBSD: dns.h,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -25,8 +25,6 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifndef DNS_H
|
||||
#define DNS_H
|
||||
|
||||
|
@ -24,6 +24,19 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
#ifdef HAVE_SYS_STAT_H
|
||||
# include <sys/stat.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FCNTL_H
|
||||
# include <fcntl.h>
|
||||
#endif
|
||||
#include <stdarg.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
@ -35,7 +48,6 @@
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
|
||||
/*
|
||||
* Portable OpenSSH PRNG seeding:
|
||||
@ -48,8 +60,6 @@
|
||||
* XXX: we should tell the child how many bytes we need.
|
||||
*/
|
||||
|
||||
RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $");
|
||||
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
#define RANDOM_SEED_SIZE 48
|
||||
static uid_t original_uid, original_euid;
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,7 +24,10 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: fatal.c,v 1.2 2003/09/23 20:17:11 markus Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
|
||||
@ -33,6 +37,7 @@ void
|
||||
fatal(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
|
||||
va_end(args);
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: groupaccess.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Kevin Steves. All rights reserved.
|
||||
*
|
||||
@ -23,10 +24,16 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $");
|
||||
|
||||
#include "groupaccess.h"
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <grp.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "groupaccess.h"
|
||||
#include "match.h"
|
||||
#include "log.h"
|
||||
|
||||
@ -52,8 +59,8 @@ ga_init(const char *user, gid_t base)
|
||||
ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
|
||||
#endif
|
||||
|
||||
groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
|
||||
groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
|
||||
groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid));
|
||||
groups_byname = xcalloc(ngroups, sizeof(*groups_byname));
|
||||
|
||||
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
|
||||
logit("getgrouplist: groups list too small");
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: groupaccess.h,v 1.4 2001/06/26 17:27:23 markus Exp $ */
|
||||
/* $OpenBSD: groupaccess.h,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001 Kevin Steves. All rights reserved.
|
||||
@ -27,8 +27,6 @@
|
||||
#ifndef GROUPACCESS_H
|
||||
#define GROUPACCESS_H
|
||||
|
||||
#include <grp.h>
|
||||
|
||||
int ga_init(const char *, gid_t);
|
||||
int ga_match(char * const *, int);
|
||||
void ga_free(void);
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
* Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -28,8 +28,15 @@
|
||||
|
||||
#ifdef GSSAPI
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "bufaux.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "ssh2.h"
|
||||
|
||||
@ -72,7 +79,11 @@ ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid)
|
||||
void
|
||||
ssh_gssapi_error(Gssctxt *ctxt)
|
||||
{
|
||||
debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL));
|
||||
char *s;
|
||||
|
||||
s = ssh_gssapi_last_error(ctxt, NULL, NULL);
|
||||
debug("%s", s);
|
||||
xfree(s);
|
||||
}
|
||||
|
||||
char *
|
||||
@ -131,9 +142,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
||||
void
|
||||
ssh_gssapi_build_ctx(Gssctxt **ctx)
|
||||
{
|
||||
*ctx = xmalloc(sizeof (Gssctxt));
|
||||
(*ctx)->major = 0;
|
||||
(*ctx)->minor = 0;
|
||||
*ctx = xcalloc(1, sizeof (Gssctxt));
|
||||
(*ctx)->context = GSS_C_NO_CONTEXT;
|
||||
(*ctx)->name = GSS_C_NO_NAME;
|
||||
(*ctx)->oid = GSS_C_NO_OID;
|
||||
@ -203,10 +212,11 @@ OM_uint32
|
||||
ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
|
||||
{
|
||||
gss_buffer_desc gssbuf;
|
||||
char *val;
|
||||
|
||||
gssbuf.length = sizeof("host@") + strlen(host);
|
||||
gssbuf.value = xmalloc(gssbuf.length);
|
||||
snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
|
||||
xasprintf(&val, "host@%s", host);
|
||||
gssbuf.value = val;
|
||||
gssbuf.length = strlen(gssbuf.value);
|
||||
|
||||
if ((ctx->major = gss_import_name(&ctx->minor,
|
||||
&gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
|
||||
@ -231,11 +241,15 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
||||
gss_create_empty_oid_set(&status, &oidset);
|
||||
gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
||||
|
||||
if (gethostname(lname, MAXHOSTNAMELEN))
|
||||
if (gethostname(lname, MAXHOSTNAMELEN)) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
|
||||
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (ctx->major);
|
||||
}
|
||||
|
||||
if ((ctx->major = gss_acquire_cred(&ctx->minor,
|
||||
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
|
||||
@ -277,4 +291,34 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
|
||||
return (ssh_gssapi_acquire_cred(*ctx));
|
||||
}
|
||||
|
||||
int
|
||||
ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
|
||||
{
|
||||
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
|
||||
OM_uint32 major, minor;
|
||||
gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
|
||||
|
||||
/* RFC 4462 says we MUST NOT do SPNEGO */
|
||||
if (oid->length == spnego_oid.length &&
|
||||
(memcmp(oid->elements, spnego_oid.elements, oid->length) == 0))
|
||||
return 0; /* false */
|
||||
|
||||
ssh_gssapi_build_ctx(ctx);
|
||||
ssh_gssapi_set_oid(*ctx, oid);
|
||||
major = ssh_gssapi_import_name(*ctx, host);
|
||||
if (!GSS_ERROR(major)) {
|
||||
major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
|
||||
NULL);
|
||||
gss_release_buffer(&minor, &token);
|
||||
if ((*ctx)->context != GSS_C_NO_CONTEXT)
|
||||
gss_delete_sec_context(&minor, &(*ctx)->context,
|
||||
GSS_C_NO_BUFFER);
|
||||
}
|
||||
|
||||
if (GSS_ERROR(major))
|
||||
ssh_gssapi_delete_ctx(ctx);
|
||||
|
||||
return (!GSS_ERROR(major));
|
||||
}
|
||||
|
||||
#endif /* GSSAPI */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-serv-krb5.c,v 1.4 2005/10/13 19:08:08 stevesk Exp $ */
|
||||
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -29,11 +29,19 @@
|
||||
#ifdef GSSAPI
|
||||
#ifdef KRB5
|
||||
|
||||
#include "auth.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
|
||||
#include "buffer.h"
|
||||
#include "ssh-gss.h"
|
||||
|
||||
extern ServerOptions options;
|
||||
@ -41,9 +49,9 @@ extern ServerOptions options;
|
||||
#ifdef HEIMDAL
|
||||
# include <krb5.h>
|
||||
#else
|
||||
# ifdef HAVE_GSSAPI_KRB5
|
||||
# ifdef HAVE_GSSAPI_KRB5_H
|
||||
# include <gssapi_krb5.h>
|
||||
# elif HAVE_GSSAPI_GSSAPI_KRB5
|
||||
# elif HAVE_GSSAPI_GSSAPI_KRB5_H
|
||||
# include <gssapi/gssapi_krb5.h>
|
||||
# endif
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -28,14 +28,21 @@
|
||||
|
||||
#ifdef GSSAPI
|
||||
|
||||
#include "bufaux.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "log.h"
|
||||
#include "channels.h"
|
||||
#include "session.h"
|
||||
#include "servconf.h"
|
||||
#include "xmalloc.h"
|
||||
#include "getput.h"
|
||||
#include "misc.h"
|
||||
|
||||
#include "ssh-gss.h"
|
||||
|
||||
@ -78,6 +85,8 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
|
||||
&supported_mechs[i]->oid, oidset);
|
||||
i++;
|
||||
}
|
||||
|
||||
gss_release_oid_set(&min_status, &supported);
|
||||
}
|
||||
|
||||
|
||||
@ -151,7 +160,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
||||
* second without.
|
||||
*/
|
||||
|
||||
oidl = GET_16BIT(tok+2); /* length including next two bytes */
|
||||
oidl = get_u16(tok+2); /* length including next two bytes */
|
||||
oidl = oidl-2; /* turn it into the _real_ length of the variable OID */
|
||||
|
||||
/*
|
||||
@ -168,14 +177,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
||||
if (ename->length < offset+4)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
name->length = GET_32BIT(tok+offset);
|
||||
name->length = get_u32(tok+offset);
|
||||
offset += 4;
|
||||
|
||||
if (ename->length < offset+name->length)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
name->value = xmalloc(name->length+1);
|
||||
memcpy(name->value, tok+offset,name->length);
|
||||
memcpy(name->value, tok+offset, name->length);
|
||||
((char *)name->value)[name->length] = 0;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
@ -234,7 +243,8 @@ ssh_gssapi_cleanup_creds(void)
|
||||
{
|
||||
if (gssapi_client.store.filename != NULL) {
|
||||
/* Unlink probably isn't sufficient */
|
||||
debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename);
|
||||
debug("removing gssapi cred file\"%s\"",
|
||||
gssapi_client.store.filename);
|
||||
unlink(gssapi_client.store.filename);
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: hostfile.h,v 1.15 2005/03/01 10:40:26 djm Exp $ */
|
||||
/* $OpenBSD: hostfile.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,19 +24,25 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "packet.h"
|
||||
#include "compat.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "key.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "mac.h"
|
||||
#include "match.h"
|
||||
@ -44,6 +51,14 @@ RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#define KEX_COOKIE_LEN 16
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
# if defined(HAVE_EVP_SHA256)
|
||||
# define evp_ssh_sha256 EVP_sha256
|
||||
# else
|
||||
extern const EVP_MD *evp_ssh_sha256(void);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* prototype */
|
||||
static void kex_kexinit_finish(Kex *);
|
||||
static void kex_choose_conf(Kex *);
|
||||
@ -75,7 +90,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
|
||||
int i;
|
||||
char **proposal;
|
||||
|
||||
proposal = xmalloc(PROPOSAL_MAX * sizeof(char *));
|
||||
proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_append(&b, buffer_ptr(raw), buffer_len(raw));
|
||||
@ -210,8 +225,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
|
||||
{
|
||||
Kex *kex;
|
||||
|
||||
kex = xmalloc(sizeof(*kex));
|
||||
memset(kex, 0, sizeof(*kex));
|
||||
kex = xcalloc(1, sizeof(*kex));
|
||||
buffer_init(&kex->peer);
|
||||
buffer_init(&kex->my);
|
||||
kex_prop2buf(&kex->my, proposal);
|
||||
@ -254,6 +268,7 @@ choose_enc(Enc *enc, char *client, char *server)
|
||||
enc->key_len = cipher_keylen(enc->cipher);
|
||||
enc->block_size = cipher_blocksize(enc->cipher);
|
||||
}
|
||||
|
||||
static void
|
||||
choose_mac(Mac *mac, char *client, char *server)
|
||||
{
|
||||
@ -269,6 +284,7 @@ choose_mac(Mac *mac, char *client, char *server)
|
||||
mac->key = NULL;
|
||||
mac->enabled = 0;
|
||||
}
|
||||
|
||||
static void
|
||||
choose_comp(Comp *comp, char *client, char *server)
|
||||
{
|
||||
@ -286,6 +302,7 @@ choose_comp(Comp *comp, char *client, char *server)
|
||||
}
|
||||
comp->name = name;
|
||||
}
|
||||
|
||||
static void
|
||||
choose_kex(Kex *k, char *client, char *server)
|
||||
{
|
||||
@ -301,6 +318,11 @@ choose_kex(Kex *k, char *client, char *server)
|
||||
} else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
|
||||
k->kex_type = KEX_DH_GEX_SHA1;
|
||||
k->evp_md = EVP_sha1();
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
} else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
|
||||
k->kex_type = KEX_DH_GEX_SHA256;
|
||||
k->evp_md = evp_ssh_sha256();
|
||||
#endif
|
||||
} else
|
||||
fatal("bad kex alg %s", k->name);
|
||||
}
|
||||
@ -364,8 +386,7 @@ kex_choose_conf(Kex *kex)
|
||||
|
||||
/* Algorithm Negotiation */
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
newkeys = xmalloc(sizeof(*newkeys));
|
||||
memset(newkeys, 0, sizeof(*newkeys));
|
||||
newkeys = xcalloc(1, sizeof(*newkeys));
|
||||
kex->newkeys[mode] = newkeys;
|
||||
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
|
||||
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
|
||||
@ -420,7 +441,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
|
||||
|
||||
if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
|
||||
fatal("bad kex md size %d", mdsz);
|
||||
digest = xmalloc(roundup(need, mdsz));
|
||||
digest = xmalloc(roundup(need, mdsz));
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_put_bignum2(&b, shared_secret);
|
||||
@ -473,7 +494,8 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
current_keys[mode] = kex->newkeys[mode];
|
||||
kex->newkeys[mode] = NULL;
|
||||
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
|
||||
ctos = (!kex->server && mode == MODE_OUT) ||
|
||||
(kex->server && mode == MODE_IN);
|
||||
current_keys[mode]->enc.iv = keys[ctos ? 0 : 1];
|
||||
current_keys[mode]->enc.key = keys[ctos ? 2 : 3];
|
||||
current_keys[mode]->mac.key = keys[ctos ? 4 : 5];
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.44 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -26,14 +26,13 @@
|
||||
#ifndef KEX_H
|
||||
#define KEX_H
|
||||
|
||||
#include <signal.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "buffer.h"
|
||||
#include "cipher.h"
|
||||
#include "key.h"
|
||||
|
||||
#define KEX_DH1 "diffie-hellman-group1-sha1"
|
||||
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
||||
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
|
||||
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
|
||||
|
||||
#define COMP_NONE 0
|
||||
#define COMP_ZLIB 1
|
||||
@ -63,6 +62,7 @@ enum kex_exchange {
|
||||
KEX_DH_GRP1_SHA1,
|
||||
KEX_DH_GRP14_SHA1,
|
||||
KEX_DH_GEX_SHA1,
|
||||
KEX_DH_GEX_SHA256,
|
||||
KEX_MAX
|
||||
};
|
||||
|
||||
@ -112,7 +112,7 @@ struct Kex {
|
||||
int kex_type;
|
||||
Buffer my;
|
||||
Buffer peer;
|
||||
int done;
|
||||
sig_atomic_t done;
|
||||
int flags;
|
||||
const EVP_MD *evp_md;
|
||||
char *client_version_string;
|
||||
@ -142,7 +142,7 @@ kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
|
||||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||
void
|
||||
kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
|
||||
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
|
||||
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
|
||||
BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||
|
||||
void
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: kexdh.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,13 +24,17 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <signal.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "ssh2.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
|
||||
void
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,10 +24,18 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
@ -82,7 +91,7 @@ kexdh_client(Kex *kex)
|
||||
if (kex->verify_host_key(server_host_key) == -1)
|
||||
fatal("server_host_key verification failed");
|
||||
|
||||
/* DH paramter f, server public DH key */
|
||||
/* DH parameter f, server public DH key */
|
||||
if ((dh_server_pub = BN_new()) == NULL)
|
||||
fatal("dh_server_pub == NULL");
|
||||
packet_get_bignum2(dh_server_pub);
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,15 +24,25 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
#include "dh.h"
|
||||
#include "ssh2.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
void
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: kexgex.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -24,12 +25,15 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "ssh2.h"
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -24,10 +25,18 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
@ -120,7 +129,7 @@ kexgex_client(Kex *kex)
|
||||
if (kex->verify_host_key(server_host_key) == -1)
|
||||
fatal("server_host_key verification failed");
|
||||
|
||||
/* DH paramter f, server public DH key */
|
||||
/* DH parameter f, server public DH key */
|
||||
if ((dh_server_pub = BN_new()) == NULL)
|
||||
fatal("dh_server_pub == NULL");
|
||||
packet_get_bignum2(dh_server_pub);
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -24,16 +25,27 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "cipher.h"
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
#include "packet.h"
|
||||
#include "dh.h"
|
||||
#include "ssh2.h"
|
||||
#include "compat.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
void
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $ */
|
||||
/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: log.c,v 1.39 2006/08/18 09:13:25 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -34,16 +35,22 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: log.c,v 1.29 2003/09/23 20:17:11 markus Exp $");
|
||||
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
|
||||
# include <vis.h>
|
||||
#endif
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
||||
static int log_on_stderr = 1;
|
||||
static int log_facility = LOG_AUTH;
|
||||
@ -130,6 +137,20 @@ error(const char *fmt,...)
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
void
|
||||
sigdie(const char *fmt,...)
|
||||
{
|
||||
#ifdef DO_LOG_SAFE_IN_SIGHAND
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
|
||||
va_end(args);
|
||||
#endif
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
|
||||
/* Log this message (information that usually should go to the log). */
|
||||
|
||||
void
|
||||
|
@ -31,12 +31,6 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */
|
||||
|
||||
/**
|
||||
** you should use the login_* calls to work around platform dependencies
|
||||
**/
|
||||
|
@ -31,6 +31,10 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
@ -43,8 +47,6 @@
|
||||
|
||||
#include "loginrec.h"
|
||||
|
||||
RCSID("$Id: logintest.c,v 1.11 2004/07/17 04:07:42 dtucker Exp $");
|
||||
|
||||
extern char *__progname;
|
||||
|
||||
#define PAUSE_BEFORE_LOGOUT 3
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: mac.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,16 +24,23 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "getput.h"
|
||||
#include "log.h"
|
||||
#include "cipher.h"
|
||||
#include "buffer.h"
|
||||
#include "key.h"
|
||||
#include "kex.h"
|
||||
#include "mac.h"
|
||||
#include "misc.h"
|
||||
|
||||
struct {
|
||||
char *name;
|
||||
@ -83,7 +91,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
||||
if (mac->mac_len > sizeof(m))
|
||||
fatal("mac_compute: mac too long");
|
||||
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
|
||||
PUT_32BIT(b, seqno);
|
||||
put_u32(b, seqno);
|
||||
HMAC_Update(&c, b, sizeof(b));
|
||||
HMAC_Update(&c, data, datalen);
|
||||
HMAC_Final(&c, m, NULL);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: mac.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */
|
||||
/* $OpenBSD: mac.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: match.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -35,10 +36,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include "match.h"
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
|
||||
/*
|
||||
* Returns true if the given string matches the pattern (which may contain ?
|
||||
@ -136,7 +141,7 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
|
||||
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
|
||||
subi++, i++)
|
||||
sub[subi] = dolower && isupper(pattern[i]) ?
|
||||
tolower(pattern[i]) : pattern[i];
|
||||
(char)tolower(pattern[i]) : pattern[i];
|
||||
/* If subpattern too long, return failure (no match). */
|
||||
if (subi >= sizeof(sub) - 1)
|
||||
return 0;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */
|
||||
/* $OpenBSD: match.h,v 1.13 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
86
crypto/openssh/md-sha256.c
Normal file
86
crypto/openssh/md-sha256.c
Normal file
@ -0,0 +1,86 @@
|
||||
/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2005 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* EVP wrapper for SHA256 */
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
#ifdef HAVE_SHA256_UPDATE
|
||||
# ifdef HAVE_SHA2_H
|
||||
# include <sha2.h>
|
||||
# elif defined(HAVE_CRYPTO_SHA2_H)
|
||||
# include <crypto/sha2.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
const EVP_MD *evp_ssh_sha256(void);
|
||||
|
||||
static int
|
||||
ssh_sha256_init(EVP_MD_CTX *ctxt)
|
||||
{
|
||||
SHA256_Init(ctxt->md_data);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len)
|
||||
{
|
||||
SHA256_Update(ctxt->md_data, data, len);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest)
|
||||
{
|
||||
SHA256_Final(digest, ctxt->md_data);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_sha256_cleanup(EVP_MD_CTX *ctxt)
|
||||
{
|
||||
memset(ctxt->md_data, 0, sizeof(SHA256_CTX));
|
||||
return (1);
|
||||
}
|
||||
|
||||
const EVP_MD *
|
||||
evp_ssh_sha256(void)
|
||||
{
|
||||
static EVP_MD ssh_sha256;
|
||||
|
||||
memset(&ssh_sha256, 0, sizeof(ssh_sha256));
|
||||
ssh_sha256.type = NID_undef;
|
||||
ssh_sha256.md_size = SHA256_DIGEST_LENGTH;
|
||||
ssh_sha256.init = ssh_sha256_init;
|
||||
ssh_sha256.update = ssh_sha256_update;
|
||||
ssh_sha256.final = ssh_sha256_final;
|
||||
ssh_sha256.cleanup = ssh_sha256_cleanup;
|
||||
ssh_sha256.block_size = SHA256_BLOCK_LENGTH;
|
||||
ssh_sha256.ctx_size = sizeof(SHA256_CTX);
|
||||
|
||||
return (&ssh_sha256);
|
||||
}
|
||||
|
||||
#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
|
||||
|
@ -11,9 +11,11 @@
|
||||
#include "includes.h"
|
||||
|
||||
#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
|
||||
#include <openssl/md5.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
RCSID("$Id: md5crypt.c,v 1.9 2003/11/21 12:56:47 djm Exp $");
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
||||
/* 0 ... 63 => ascii - 64 */
|
||||
static unsigned char itoa64[] =
|
||||
|
@ -1,6 +1,7 @@
|
||||
/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2005 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -24,15 +25,35 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
# include <paths.h>
|
||||
#include <pwd.h>
|
||||
#endif
|
||||
#ifdef SSH_TUN_OPENBSD
|
||||
#include <net/if.h>
|
||||
#endif
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "misc.h"
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
|
||||
/* remove newline at end of string */
|
||||
char *
|
||||
@ -123,6 +144,7 @@ set_nodelay(int fd)
|
||||
|
||||
/* Characters considered whitespace in strsep calls. */
|
||||
#define WHITESPACE " \t\r\n"
|
||||
#define QUOTE "\""
|
||||
|
||||
/* return next token in configuration line */
|
||||
char *
|
||||
@ -136,15 +158,27 @@ strdelim(char **s)
|
||||
|
||||
old = *s;
|
||||
|
||||
*s = strpbrk(*s, WHITESPACE "=");
|
||||
*s = strpbrk(*s, WHITESPACE QUOTE "=");
|
||||
if (*s == NULL)
|
||||
return (old);
|
||||
|
||||
if (*s[0] == '\"') {
|
||||
memmove(*s, *s + 1, strlen(*s)); /* move nul too */
|
||||
/* Find matching quote */
|
||||
if ((*s = strpbrk(*s, QUOTE)) == NULL) {
|
||||
return (NULL); /* no matching quote */
|
||||
} else {
|
||||
*s[0] = '\0';
|
||||
return (old);
|
||||
}
|
||||
}
|
||||
|
||||
/* Allow only one '=' to be skipped */
|
||||
if (*s[0] == '=')
|
||||
wspace = 1;
|
||||
*s[0] = '\0';
|
||||
|
||||
/* Skip any extra whitespace after first token */
|
||||
*s += strspn(*s + 1, WHITESPACE) + 1;
|
||||
if (*s[0] == '=' && !wspace)
|
||||
*s += strspn(*s + 1, WHITESPACE) + 1;
|
||||
@ -155,9 +189,8 @@ strdelim(char **s)
|
||||
struct passwd *
|
||||
pwcopy(struct passwd *pw)
|
||||
{
|
||||
struct passwd *copy = xmalloc(sizeof(*copy));
|
||||
struct passwd *copy = xcalloc(1, sizeof(*copy));
|
||||
|
||||
memset(copy, 0, sizeof(*copy));
|
||||
copy->pw_name = xstrdup(pw->pw_name);
|
||||
copy->pw_passwd = xstrdup(pw->pw_passwd);
|
||||
copy->pw_gecos = xstrdup(pw->pw_gecos);
|
||||
@ -280,6 +313,7 @@ convtime(const char *s)
|
||||
switch (*endp++) {
|
||||
case '\0':
|
||||
endp--;
|
||||
break;
|
||||
case 's':
|
||||
case 'S':
|
||||
break;
|
||||
@ -311,6 +345,23 @@ convtime(const char *s)
|
||||
return total;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns a standardized host+port identifier string.
|
||||
* Caller must free returned string.
|
||||
*/
|
||||
char *
|
||||
put_host_port(const char *host, u_short port)
|
||||
{
|
||||
char *hoststr;
|
||||
|
||||
if (port == 0 || port == SSH_DEFAULT_PORT)
|
||||
return(xstrdup(host));
|
||||
if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
|
||||
fatal("put_host_port: asprintf: %s", strerror(errno));
|
||||
debug3("put_host_port: %s", hoststr);
|
||||
return hoststr;
|
||||
}
|
||||
|
||||
/*
|
||||
* Search for next delimiter between hostnames/addresses and ports.
|
||||
* Argument may be modified (for termination).
|
||||
@ -408,7 +459,7 @@ addargs(arglist *args, char *fmt, ...)
|
||||
} else if (args->num+2 >= nalloc)
|
||||
nalloc *= 2;
|
||||
|
||||
args->list = xrealloc(args->list, nalloc * sizeof(char *));
|
||||
args->list = xrealloc(args->list, nalloc, sizeof(char *));
|
||||
args->nalloc = nalloc;
|
||||
args->list[args->num++] = cp;
|
||||
args->list[args->num] = NULL;
|
||||
@ -673,18 +724,100 @@ sanitise_stdfd(void)
|
||||
}
|
||||
|
||||
char *
|
||||
tohex(const u_char *d, u_int l)
|
||||
tohex(const void *vp, size_t l)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
char b[3], *r;
|
||||
u_int i, hl;
|
||||
size_t i, hl;
|
||||
|
||||
if (l > 65536)
|
||||
return xstrdup("tohex: length > 65536");
|
||||
|
||||
hl = l * 2 + 1;
|
||||
r = xmalloc(hl);
|
||||
*r = '\0';
|
||||
r = xcalloc(1, hl);
|
||||
for (i = 0; i < l; i++) {
|
||||
snprintf(b, sizeof(b), "%02x", d[i]);
|
||||
snprintf(b, sizeof(b), "%02x", p[i]);
|
||||
strlcat(r, b, hl);
|
||||
}
|
||||
return (r);
|
||||
}
|
||||
|
||||
u_int64_t
|
||||
get_u64(const void *vp)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
u_int64_t v;
|
||||
|
||||
v = (u_int64_t)p[0] << 56;
|
||||
v |= (u_int64_t)p[1] << 48;
|
||||
v |= (u_int64_t)p[2] << 40;
|
||||
v |= (u_int64_t)p[3] << 32;
|
||||
v |= (u_int64_t)p[4] << 24;
|
||||
v |= (u_int64_t)p[5] << 16;
|
||||
v |= (u_int64_t)p[6] << 8;
|
||||
v |= (u_int64_t)p[7];
|
||||
|
||||
return (v);
|
||||
}
|
||||
|
||||
u_int32_t
|
||||
get_u32(const void *vp)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
u_int32_t v;
|
||||
|
||||
v = (u_int32_t)p[0] << 24;
|
||||
v |= (u_int32_t)p[1] << 16;
|
||||
v |= (u_int32_t)p[2] << 8;
|
||||
v |= (u_int32_t)p[3];
|
||||
|
||||
return (v);
|
||||
}
|
||||
|
||||
u_int16_t
|
||||
get_u16(const void *vp)
|
||||
{
|
||||
const u_char *p = (const u_char *)vp;
|
||||
u_int16_t v;
|
||||
|
||||
v = (u_int16_t)p[0] << 8;
|
||||
v |= (u_int16_t)p[1];
|
||||
|
||||
return (v);
|
||||
}
|
||||
|
||||
void
|
||||
put_u64(void *vp, u_int64_t v)
|
||||
{
|
||||
u_char *p = (u_char *)vp;
|
||||
|
||||
p[0] = (u_char)(v >> 56) & 0xff;
|
||||
p[1] = (u_char)(v >> 48) & 0xff;
|
||||
p[2] = (u_char)(v >> 40) & 0xff;
|
||||
p[3] = (u_char)(v >> 32) & 0xff;
|
||||
p[4] = (u_char)(v >> 24) & 0xff;
|
||||
p[5] = (u_char)(v >> 16) & 0xff;
|
||||
p[6] = (u_char)(v >> 8) & 0xff;
|
||||
p[7] = (u_char)v & 0xff;
|
||||
}
|
||||
|
||||
void
|
||||
put_u32(void *vp, u_int32_t v)
|
||||
{
|
||||
u_char *p = (u_char *)vp;
|
||||
|
||||
p[0] = (u_char)(v >> 24) & 0xff;
|
||||
p[1] = (u_char)(v >> 16) & 0xff;
|
||||
p[2] = (u_char)(v >> 8) & 0xff;
|
||||
p[3] = (u_char)v & 0xff;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
put_u16(void *vp, u_int16_t v)
|
||||
{
|
||||
u_char *p = (u_char *)vp;
|
||||
|
||||
p[0] = (u_char)(v >> 8) & 0xff;
|
||||
p[1] = (u_char)v & 0xff;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */
|
||||
/* $OpenBSD: misc.h,v 1.36 2006/08/18 10:27:16 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -12,6 +12,9 @@
|
||||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
#ifndef _MISC_H
|
||||
#define _MISC_H
|
||||
|
||||
/* misc.c */
|
||||
|
||||
char *chop(char *);
|
||||
@ -21,13 +24,14 @@ int unset_nonblock(int);
|
||||
void set_nodelay(int);
|
||||
int a2port(const char *);
|
||||
int a2tun(const char *, int *);
|
||||
char *put_host_port(const char *, u_short);
|
||||
char *hpdelim(char **);
|
||||
char *cleanhostname(char *);
|
||||
char *colon(char *);
|
||||
long convtime(const char *);
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
||||
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
|
||||
char *tohex(const u_char *, u_int);
|
||||
char *tohex(const void *, size_t);
|
||||
void sanitise_stdfd(void);
|
||||
|
||||
struct passwd *pwcopy(struct passwd *);
|
||||
@ -44,17 +48,6 @@ void replacearg(arglist *, u_int, char *, ...)
|
||||
__attribute__((format(printf, 3, 4)));
|
||||
void freeargs(arglist *);
|
||||
|
||||
/* readpass.c */
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
#define RP_ALLOW_STDIN 0x0002
|
||||
#define RP_ALLOW_EOF 0x0004
|
||||
#define RP_USE_ASKPASS 0x0008
|
||||
|
||||
char *read_passphrase(const char *, int);
|
||||
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
|
||||
|
||||
int tun_open(int, int);
|
||||
|
||||
/* Common definitions for ssh tunnel device forwarding */
|
||||
@ -67,3 +60,31 @@ int tun_open(int, int);
|
||||
#define SSH_TUNID_ANY 0x7fffffff
|
||||
#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1)
|
||||
#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2)
|
||||
|
||||
/* Functions to extract or store big-endian words of various sizes */
|
||||
u_int64_t get_u64(const void *)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 8)));
|
||||
u_int32_t get_u32(const void *)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 4)));
|
||||
u_int16_t get_u16(const void *)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 2)));
|
||||
void put_u64(void *, u_int64_t)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 8)));
|
||||
void put_u32(void *, u_int32_t)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 4)));
|
||||
void put_u16(void *, u_int16_t)
|
||||
__attribute__((__bounded__( __minbytes__, 1, 2)));
|
||||
|
||||
|
||||
/* readpass.c */
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
#define RP_ALLOW_STDIN 0x0002
|
||||
#define RP_ALLOW_EOF 0x0004
|
||||
#define RP_USE_ASKPASS 0x0008
|
||||
|
||||
char *read_passphrase(const char *, int);
|
||||
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
|
||||
|
||||
#endif /* _MISC_H */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
@ -38,11 +38,20 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <time.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
/*
|
||||
* File output defines
|
||||
*/
|
||||
@ -301,21 +310,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
|
||||
largewords = (largememory << SHIFT_MEGAWORD);
|
||||
}
|
||||
|
||||
TinySieve = calloc(tinywords, sizeof(u_int32_t));
|
||||
if (TinySieve == NULL) {
|
||||
error("Insufficient memory for tiny sieve: need %u bytes",
|
||||
tinywords << SHIFT_BYTE);
|
||||
exit(1);
|
||||
}
|
||||
TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
|
||||
tinybits = tinywords << SHIFT_WORD;
|
||||
|
||||
SmallSieve = calloc(smallwords, sizeof(u_int32_t));
|
||||
if (SmallSieve == NULL) {
|
||||
error("Insufficient memory for small sieve: need %u bytes",
|
||||
smallwords << SHIFT_BYTE);
|
||||
xfree(TinySieve);
|
||||
exit(1);
|
||||
}
|
||||
SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
|
||||
smallbits = smallwords << SHIFT_WORD;
|
||||
|
||||
/*
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: monitor_fdpass.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
|
||||
* All rights reserved.
|
||||
@ -24,10 +25,15 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor_fdpass.c,v 1.6 2004/08/13 02:51:48 djm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "monitor_fdpass.h"
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
/* $OpenBSD: monitor_fdpass.h,v 1.3 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: monitor_mm.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* All rights reserved.
|
||||
@ -24,14 +25,20 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004/05/11 19:01:43 deraadt Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_SYS_MMAN_H
|
||||
#include <sys/mman.h>
|
||||
#endif
|
||||
#include <sys/param.h>
|
||||
#include "openbsd-compat/sys-tree.h"
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
#include "monitor_mm.h"
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
/* $OpenBSD: monitor_mm.h,v 1.4 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
@ -27,7 +27,6 @@
|
||||
|
||||
#ifndef _MM_H_
|
||||
#define _MM_H_
|
||||
#include "openbsd-compat/sys-tree.h"
|
||||
|
||||
struct mm_share {
|
||||
RB_ENTRY(mm_share) next;
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: msg.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -21,14 +22,23 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/uio.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "buffer.h"
|
||||
#include "getput.h"
|
||||
#include "log.h"
|
||||
#include "atomicio.h"
|
||||
#include "msg.h"
|
||||
#include "misc.h"
|
||||
|
||||
int
|
||||
ssh_msg_send(int fd, u_char type, Buffer *m)
|
||||
@ -38,7 +48,7 @@ ssh_msg_send(int fd, u_char type, Buffer *m)
|
||||
|
||||
debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff);
|
||||
|
||||
PUT_32BIT(buf, mlen + 1);
|
||||
put_u32(buf, mlen + 1);
|
||||
buf[4] = type; /* 1st byte of payload is mesg-type */
|
||||
if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
error("ssh_msg_send: write");
|
||||
@ -64,7 +74,7 @@ ssh_msg_recv(int fd, Buffer *m)
|
||||
error("ssh_msg_recv: read: header");
|
||||
return (-1);
|
||||
}
|
||||
msg_len = GET_32BIT(buf);
|
||||
msg_len = get_u32(buf);
|
||||
if (msg_len > 256 * 1024) {
|
||||
error("ssh_msg_recv: read: bad msg_len %u", msg_len);
|
||||
return (-1);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: msg.h,v 1.3 2003/11/17 09:45:39 djm Exp $ */
|
||||
/* $OpenBSD: msg.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* $OpenBSD: nchan.c,v 1.57 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -23,7 +24,13 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $
|
||||
# $Id: Makefile.in,v 1.40 2006/08/30 17:24:41 djm Exp $
|
||||
|
||||
sysconfdir=@sysconfdir@
|
||||
piddir=@piddir@
|
||||
@ -16,11 +16,11 @@ RANLIB=@RANLIB@
|
||||
INSTALL=@INSTALL@
|
||||
LDFLAGS=-L. @LDFLAGS@
|
||||
|
||||
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
|
||||
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
|
||||
|
||||
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||
|
||||
PORTS=port-irix.o port-aix.o port-uw.o port-tun.o
|
||||
PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
|
@ -20,6 +20,8 @@
|
||||
|
||||
#include "includes.h"
|
||||
#ifndef HAVE_BASENAME
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
char *
|
||||
basename(const char *path)
|
||||
|
@ -33,8 +33,14 @@
|
||||
#include "includes.h"
|
||||
|
||||
#ifndef HAVE_BINDRESVPORT_SA
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include "includes.h"
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
#define STARTPORT 600
|
||||
#define ENDPORT (IPPORT_RESERVED - 1)
|
||||
|
@ -15,9 +15,13 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "log.h"
|
||||
|
||||
RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
|
||||
|
@ -21,6 +21,10 @@
|
||||
|
||||
#ifndef HAVE_VASPRINTF
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifndef VA_COPY
|
||||
# ifdef HAVE_VA_COPY
|
||||
# define VA_COPY(dest, src) va_copy(dest, src)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
* Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -22,9 +22,14 @@
|
||||
#include <sys/param.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#ifdef HAVE_FCNTL_H
|
||||
# include <fcntl.h>
|
||||
#endif
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#ifdef HAVE_DIRENT_H
|
||||
# include <dirent.h>
|
||||
# define NAMLEN(dirent) strlen((dirent)->d_name)
|
||||
@ -46,15 +51,20 @@
|
||||
# define OPEN_MAX 256
|
||||
#endif
|
||||
|
||||
RCSID("$Id: bsd-closefrom.c,v 1.2 2005/11/10 08:29:13 dtucker Exp $");
|
||||
|
||||
#ifndef lint
|
||||
static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
|
||||
#if 0
|
||||
__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $";
|
||||
#endif /* lint */
|
||||
|
||||
/*
|
||||
* Close all file descriptors greater than or equal to lowfd.
|
||||
*/
|
||||
#ifdef HAVE_FCNTL_CLOSEM
|
||||
void
|
||||
closefrom(int lowfd)
|
||||
{
|
||||
(void) fcntl(lowfd, F_CLOSEM, 0);
|
||||
}
|
||||
#else
|
||||
void
|
||||
closefrom(int lowfd)
|
||||
{
|
||||
@ -67,7 +77,7 @@ closefrom(int lowfd)
|
||||
|
||||
/* Check for a /proc/$$/fd directory. */
|
||||
len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
|
||||
if (len >= 0 && (u_int)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
|
||||
if (len > 0 && (size_t)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
|
||||
while ((dent = readdir(dirp)) != NULL) {
|
||||
fd = strtol(dent->d_name, &endp, 10);
|
||||
if (dent->d_name != endp && *endp == '\0' &&
|
||||
@ -95,6 +105,5 @@ closefrom(int lowfd)
|
||||
(void) close((int) fd);
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* !HAVE_FCNTL_CLOSEM */
|
||||
#endif /* HAVE_CLOSEFROM */
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $
|
||||
* $Id: bsd-cray.c,v 1.16 2006/09/01 05:38:41 djm Exp $
|
||||
*
|
||||
* bsd-cray.c
|
||||
*
|
||||
@ -52,7 +52,10 @@
|
||||
#include <sys/secstat.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/session.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <pwd.h>
|
||||
#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
|
@ -29,22 +29,8 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/utsname.h>
|
||||
#include <sys/vfs.h>
|
||||
#include <windows.h>
|
||||
#include "xmalloc.h"
|
||||
#define is_winnt (GetVersion() < 0x80000000)
|
||||
|
||||
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
|
||||
#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
|
||||
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
|
||||
|
||||
#if defined(open) && open == binary_open
|
||||
# undef open
|
||||
#endif
|
||||
@ -52,6 +38,23 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
|
||||
# undef pipe
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/utsname.h>
|
||||
#include <sys/vfs.h>
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <windows.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#define is_winnt (GetVersion() < 0x80000000)
|
||||
|
||||
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
|
||||
#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
|
||||
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
|
||||
|
||||
int
|
||||
binary_open(const char *filename, int flags, ...)
|
||||
{
|
||||
@ -268,9 +271,9 @@ char **
|
||||
fetch_windows_environment(void)
|
||||
{
|
||||
char **e, **p;
|
||||
int i, idx = 0;
|
||||
unsigned int i, idx = 0;
|
||||
|
||||
p = xmalloc((WENV_SIZ + 1) * sizeof(char *));
|
||||
p = xcalloc(WENV_SIZ + 1, sizeof(char *));
|
||||
for (e = environ; *e != NULL; ++e) {
|
||||
for (i = 0; i < WENV_SIZ; ++i) {
|
||||
if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))
|
||||
|
@ -16,10 +16,13 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$Id: bsd-getpeereid.c,v 1.3 2004/02/17 05:49:55 djm Exp $");
|
||||
|
||||
#if !defined(HAVE_GETPEEREID)
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
#if defined(SO_PEERCRED)
|
||||
int
|
||||
getpeereid(int s, uid_t *euid, gid_t *gid)
|
||||
|
@ -16,9 +16,19 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
RCSID("$Id: bsd-misc.c,v 1.28 2005/11/01 22:07:31 dtucker Exp $");
|
||||
#ifdef HAVE_SYS_SELECT_H
|
||||
# include <sys/select.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_TIME_H
|
||||
# include <sys/time.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
|
||||
#ifndef HAVE___PROGNAME
|
||||
char *__progname;
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user