Resolve conflicts.
Sponsored by: DARPA, NAI Labs
This commit is contained in:
parent
d2a34caedb
commit
a82e551f0f
@ -1,4 +1,4 @@
|
||||
/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */
|
||||
/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef _CONFIG_H
|
||||
@ -232,9 +232,6 @@
|
||||
/* Define if xauth is found in your path */
|
||||
#undef XAUTH_PATH
|
||||
|
||||
/* Define if rsh is found in your path */
|
||||
#undef RSH_PATH
|
||||
|
||||
/* Define if you want to allow MD5 passwords */
|
||||
#undef HAVE_MD5_PASSWORDS
|
||||
|
||||
@ -362,6 +359,12 @@
|
||||
/* Path that unprivileged child will chroot() to in privep mode */
|
||||
#undef PRIVSEP_PATH
|
||||
|
||||
/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
|
||||
#undef HAVE_MMAP_ANON_SHARED
|
||||
|
||||
/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
|
||||
#undef BROKEN_FD_PASSING
|
||||
|
||||
@BOTTOM@
|
||||
|
||||
/* ******************* Shouldn't need to edit below this line ************** */
|
||||
|
@ -23,7 +23,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include "ssh2.h"
|
||||
@ -70,6 +70,7 @@ struct KbdintAuthctxt
|
||||
char *devices;
|
||||
void *ctxt;
|
||||
KbdintDevice *device;
|
||||
u_int nreq;
|
||||
};
|
||||
|
||||
static KbdintAuthctxt *
|
||||
@ -97,6 +98,7 @@ kbdint_alloc(const char *devs)
|
||||
debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
|
||||
kbdintctxt->ctxt = NULL;
|
||||
kbdintctxt->device = NULL;
|
||||
kbdintctxt->nreq = 0;
|
||||
|
||||
return kbdintctxt;
|
||||
}
|
||||
@ -216,26 +218,26 @@ send_userauth_info_request(Authctxt *authctxt)
|
||||
KbdintAuthctxt *kbdintctxt;
|
||||
char *name, *instr, **prompts;
|
||||
int i;
|
||||
u_int numprompts, *echo_on;
|
||||
u_int *echo_on;
|
||||
|
||||
kbdintctxt = authctxt->kbdintctxt;
|
||||
if (kbdintctxt->device->query(kbdintctxt->ctxt,
|
||||
&name, &instr, &numprompts, &prompts, &echo_on))
|
||||
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
|
||||
return 0;
|
||||
|
||||
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
|
||||
packet_put_cstring(name);
|
||||
packet_put_cstring(instr);
|
||||
packet_put_cstring(""); /* language not used */
|
||||
packet_put_int(numprompts);
|
||||
for (i = 0; i < numprompts; i++) {
|
||||
packet_put_int(kbdintctxt->nreq);
|
||||
for (i = 0; i < kbdintctxt->nreq; i++) {
|
||||
packet_put_cstring(prompts[i]);
|
||||
packet_put_char(echo_on[i]);
|
||||
}
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
for (i = 0; i < numprompts; i++)
|
||||
for (i = 0; i < kbdintctxt->nreq; i++)
|
||||
xfree(prompts[i]);
|
||||
xfree(prompts);
|
||||
xfree(echo_on);
|
||||
@ -263,6 +265,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
|
||||
|
||||
authctxt->postponed = 0; /* reset */
|
||||
nresp = packet_get_int();
|
||||
if (nresp != kbdintctxt->nreq)
|
||||
fatal("input_userauth_info_response: wrong number of replies");
|
||||
if (nresp > 100)
|
||||
fatal("input_userauth_info_response: too many replies");
|
||||
if (nresp > 0) {
|
||||
response = xmalloc(nresp * sizeof(char*));
|
||||
for (i = 0; i < nresp; i++)
|
||||
|
@ -1,5 +1,6 @@
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $");
|
||||
RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#ifdef USE_PAM
|
||||
#include <security/pam_appl.h>
|
||||
@ -140,6 +141,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
|
||||
nresp = packet_get_int(); /* Number of responses. */
|
||||
debug("got %d responses", nresp);
|
||||
|
||||
|
||||
if (nresp != context_pam2.num_expected)
|
||||
fatal("%s: Received incorrect number of responses "
|
||||
"(expected %u, received %u)", __func__, nresp,
|
||||
context_pam2.num_expected);
|
||||
|
||||
if (nresp > 100)
|
||||
fatal("%s: too many replies", __func__);
|
||||
|
||||
for (i = 0; i < nresp; i++) {
|
||||
int j = context_pam2.prompts[i];
|
||||
|
||||
|
@ -35,7 +35,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -144,7 +145,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
|
||||
error("Error reading response from authentication socket.");
|
||||
return 0;
|
||||
}
|
||||
buffer_append(reply, (char *) buf, l);
|
||||
buffer_append(reply, buf, l);
|
||||
len -= l;
|
||||
}
|
||||
return 1;
|
||||
|
@ -36,7 +36,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $");
|
||||
RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
@ -270,7 +271,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
|
||||
(void) buffer_get_int(&buffer); /* reserved */
|
||||
|
||||
/* Read the public key from the buffer. */
|
||||
buffer_get_int(&buffer);
|
||||
(void) buffer_get_int(&buffer);
|
||||
pub = key_new(KEY_RSA1);
|
||||
buffer_get_bignum(&buffer, pub->rsa->n);
|
||||
buffer_get_bignum(&buffer, pub->rsa->e);
|
||||
@ -357,7 +358,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
|
||||
(void) buffer_get_int(&buffer); /* Reserved data. */
|
||||
|
||||
/* Read the public key from the buffer. */
|
||||
buffer_get_int(&buffer);
|
||||
(void) buffer_get_int(&buffer);
|
||||
prv = key_new_private(KEY_RSA1);
|
||||
|
||||
buffer_get_bignum(&buffer, prv->rsa->n);
|
||||
|
@ -37,7 +37,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include "bufaux.h"
|
||||
@ -88,6 +89,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
||||
bits = GET_16BIT(buf);
|
||||
/* Compute the number of binary bytes that follow. */
|
||||
bytes = (bits + 7) / 8;
|
||||
if (bytes > 8 * 1024)
|
||||
fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
|
||||
if (buffer_len(buffer) < bytes)
|
||||
fatal("buffer_get_bignum: input buffer too small");
|
||||
bin = buffer_ptr(buffer);
|
||||
@ -105,6 +108,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
u_char *buf = xmalloc(bytes);
|
||||
int oi;
|
||||
int hasnohigh = 0;
|
||||
|
||||
buf[0] = '\0';
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf+1);
|
||||
@ -128,12 +132,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
xfree(buf);
|
||||
}
|
||||
|
||||
/* XXX does not handle negative BNs */
|
||||
void
|
||||
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
/**XXX should be two's-complement */
|
||||
int len;
|
||||
u_char *bin = buffer_get_string(buffer, (u_int *)&len);
|
||||
u_int len;
|
||||
u_char *bin = buffer_get_string(buffer, &len);
|
||||
|
||||
if (len > 8 * 1024)
|
||||
fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
|
||||
BN_bin2bn(bin, len, value);
|
||||
xfree(bin);
|
||||
}
|
||||
@ -145,6 +152,7 @@ u_short
|
||||
buffer_get_short(Buffer *buffer)
|
||||
{
|
||||
u_char buf[2];
|
||||
|
||||
buffer_get(buffer, (char *) buf, 2);
|
||||
return GET_16BIT(buf);
|
||||
}
|
||||
@ -153,6 +161,7 @@ u_int
|
||||
buffer_get_int(Buffer *buffer)
|
||||
{
|
||||
u_char buf[4];
|
||||
|
||||
buffer_get(buffer, (char *) buf, 4);
|
||||
return GET_32BIT(buf);
|
||||
}
|
||||
@ -162,6 +171,7 @@ u_int64_t
|
||||
buffer_get_int64(Buffer *buffer)
|
||||
{
|
||||
u_char buf[8];
|
||||
|
||||
buffer_get(buffer, (char *) buf, 8);
|
||||
return GET_64BIT(buf);
|
||||
}
|
||||
@ -174,6 +184,7 @@ void
|
||||
buffer_put_short(Buffer *buffer, u_short value)
|
||||
{
|
||||
char buf[2];
|
||||
|
||||
PUT_16BIT(buf, value);
|
||||
buffer_append(buffer, buf, 2);
|
||||
}
|
||||
@ -182,6 +193,7 @@ void
|
||||
buffer_put_int(Buffer *buffer, u_int value)
|
||||
{
|
||||
char buf[4];
|
||||
|
||||
PUT_32BIT(buf, value);
|
||||
buffer_append(buffer, buf, 4);
|
||||
}
|
||||
@ -191,6 +203,7 @@ void
|
||||
buffer_put_int64(Buffer *buffer, u_int64_t value)
|
||||
{
|
||||
char buf[8];
|
||||
|
||||
PUT_64BIT(buf, value);
|
||||
buffer_append(buffer, buf, 8);
|
||||
}
|
||||
@ -207,8 +220,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
|
||||
void *
|
||||
buffer_get_string(Buffer *buffer, u_int *length_ptr)
|
||||
{
|
||||
u_int len;
|
||||
u_char *value;
|
||||
u_int len;
|
||||
|
||||
/* Get the length. */
|
||||
len = buffer_get_int(buffer);
|
||||
if (len > 256 * 1024)
|
||||
@ -249,6 +263,7 @@ int
|
||||
buffer_get_char(Buffer *buffer)
|
||||
{
|
||||
char ch;
|
||||
|
||||
buffer_get(buffer, &ch, 1);
|
||||
return (u_char) ch;
|
||||
}
|
||||
@ -260,5 +275,6 @@ void
|
||||
buffer_put_char(Buffer *buffer, int value)
|
||||
{
|
||||
char ch = value;
|
||||
|
||||
buffer_append(buffer, &ch, 1);
|
||||
}
|
||||
|
@ -39,7 +39,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
|
||||
RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -205,7 +206,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
|
||||
Channel *
|
||||
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
||||
int window, int maxpack, int extusage, char *remote_name, int nonblock)
|
||||
u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
|
||||
{
|
||||
int i, found;
|
||||
Channel *c;
|
||||
@ -229,6 +230,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
||||
/* There are no free slots. Take last+1 slot and expand the array. */
|
||||
found = channels_alloc;
|
||||
channels_alloc += 10;
|
||||
if (channels_alloc > 10000)
|
||||
fatal("channel_new: internal error: channels_alloc %d "
|
||||
"too big.", channels_alloc);
|
||||
debug2("channel: expanding %d", channels_alloc);
|
||||
channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
|
||||
for (i = found; i < channels_alloc; i++)
|
||||
@ -1568,8 +1572,9 @@ channel_after_select(fd_set * readset, fd_set * writeset)
|
||||
void
|
||||
channel_output_poll(void)
|
||||
{
|
||||
int len, i;
|
||||
Channel *c;
|
||||
int i;
|
||||
u_int len;
|
||||
|
||||
for (i = 0; i < channels_alloc; i++) {
|
||||
c = channels[i];
|
||||
@ -1647,7 +1652,7 @@ channel_output_poll(void)
|
||||
c->remote_window > 0 &&
|
||||
(len = buffer_len(&c->extended)) > 0 &&
|
||||
c->extended_usage == CHAN_EXTENDED_READ) {
|
||||
debug2("channel %d: rwin %d elen %d euse %d",
|
||||
debug2("channel %d: rwin %u elen %u euse %d",
|
||||
c->self, c->remote_window, buffer_len(&c->extended),
|
||||
c->extended_usage);
|
||||
if (len > c->remote_window)
|
||||
@ -1717,9 +1722,8 @@ void
|
||||
channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
int id;
|
||||
int tcode;
|
||||
char *data;
|
||||
u_int data_len;
|
||||
u_int data_len, tcode;
|
||||
Channel *c;
|
||||
|
||||
/* Get the channel number and verify it. */
|
||||
@ -1874,7 +1878,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
|
||||
c->confirm(c->self, NULL);
|
||||
debug2("callback done");
|
||||
}
|
||||
debug("channel %d: open confirm rwindow %d rmax %d", c->self,
|
||||
debug("channel %d: open confirm rwindow %u rmax %u", c->self,
|
||||
c->remote_window, c->remote_maxpacket);
|
||||
}
|
||||
packet_check_eom();
|
||||
@ -1931,7 +1935,8 @@ void
|
||||
channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
Channel *c;
|
||||
int id, adjust;
|
||||
int id;
|
||||
u_int adjust;
|
||||
|
||||
if (!compat20)
|
||||
return;
|
||||
@ -1947,7 +1952,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
adjust = packet_get_int();
|
||||
packet_check_eom();
|
||||
debug2("channel %d: rcvd adjust %d", id, adjust);
|
||||
debug2("channel %d: rcvd adjust %u", id, adjust);
|
||||
c->remote_window += adjust;
|
||||
}
|
||||
|
||||
@ -2328,12 +2333,12 @@ channel_connect_to(const char *host, u_short port)
|
||||
|
||||
/*
|
||||
* Creates an internet domain socket for listening for X11 connections.
|
||||
* Returns a suitable display number for the DISPLAY variable, or -1 if
|
||||
* an error occurs.
|
||||
* Returns 0 and a suitable display number for the DISPLAY variable
|
||||
* stored in display_numberp , or -1 if an error occurs.
|
||||
*/
|
||||
int
|
||||
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
int single_connection)
|
||||
int single_connection, u_int *display_numberp)
|
||||
{
|
||||
Channel *nc = NULL;
|
||||
int display_number, sock;
|
||||
@ -2431,7 +2436,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
}
|
||||
|
||||
/* Return the display number for the DISPLAY environment variable. */
|
||||
return display_number;
|
||||
*display_numberp = display_number;
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -90,12 +91,12 @@ struct Channel {
|
||||
int host_port; /* remote port to connect for forwards */
|
||||
char *remote_name; /* remote hostname */
|
||||
|
||||
int remote_window;
|
||||
int remote_maxpacket;
|
||||
int local_window;
|
||||
int local_window_max;
|
||||
int local_consumed;
|
||||
int local_maxpacket;
|
||||
u_int remote_window;
|
||||
u_int remote_maxpacket;
|
||||
u_int local_window;
|
||||
u_int local_window_max;
|
||||
u_int local_consumed;
|
||||
u_int local_maxpacket;
|
||||
int extended_usage;
|
||||
int single_connection;
|
||||
|
||||
@ -151,7 +152,7 @@ struct Channel {
|
||||
/* channel management */
|
||||
|
||||
Channel *channel_lookup(int);
|
||||
Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int);
|
||||
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
|
||||
void channel_set_fds(int, int, int, int, int, int, u_int);
|
||||
void channel_free(Channel *);
|
||||
void channel_free_all(void);
|
||||
@ -205,7 +206,7 @@ int channel_setup_remote_fwd_listener(const char *, u_short, int);
|
||||
/* x11 forwarding */
|
||||
|
||||
int x11_connect_display(void);
|
||||
int x11_create_display_inet(int, int, int);
|
||||
int x11_create_display_inet(int, int, int, u_int *);
|
||||
void x11_input_open(int, u_int32_t, void *);
|
||||
void x11_request_forwarding_with_spoofing(int, const char *, const char *);
|
||||
void deny_input_open(int, u_int32_t, void *);
|
||||
|
@ -35,7 +35,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
|
||||
RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
@ -95,11 +96,13 @@ cipher_blocksize(Cipher *c)
|
||||
{
|
||||
return (c->block_size);
|
||||
}
|
||||
|
||||
u_int
|
||||
cipher_keylen(Cipher *c)
|
||||
{
|
||||
return (c->key_len);
|
||||
}
|
||||
|
||||
u_int
|
||||
cipher_get_number(Cipher *c)
|
||||
{
|
||||
@ -314,6 +317,7 @@ struct ssh1_3des_ctx
|
||||
{
|
||||
EVP_CIPHER_CTX k1, k2, k3;
|
||||
};
|
||||
|
||||
static int
|
||||
ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
int enc)
|
||||
@ -356,6 +360,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
#endif
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
|
||||
{
|
||||
@ -377,6 +382,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
|
||||
#endif
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
@ -389,6 +395,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
static const EVP_CIPHER *
|
||||
evp_ssh1_3des(void)
|
||||
{
|
||||
@ -430,7 +437,9 @@ swap_bytes(const u_char *src, u_char *dst, int n)
|
||||
*dst++ = c[3];
|
||||
}
|
||||
}
|
||||
|
||||
static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
|
||||
|
||||
static int
|
||||
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
|
||||
{
|
||||
@ -441,6 +450,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
|
||||
swap_bytes(out, out, len);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
static const EVP_CIPHER *
|
||||
evp_ssh1_bf(void)
|
||||
{
|
||||
@ -483,6 +493,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
|
||||
u_int len)
|
||||
@ -528,6 +539,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
@ -540,6 +552,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
static const EVP_CIPHER *
|
||||
evp_rijndael(void)
|
||||
{
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
|
||||
# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $
|
||||
# $FreeBSD$
|
||||
|
||||
AC_INIT
|
||||
@ -77,6 +77,7 @@ case "$host" in
|
||||
AC_DEFINE(BROKEN_REALPATH)
|
||||
dnl AIX handles lastlog as part of its login message
|
||||
AC_DEFINE(DISABLE_LASTLOG)
|
||||
AC_DEFINE(LOGIN_NEEDS_UTMPX)
|
||||
;;
|
||||
*-*-cygwin*)
|
||||
LIBS="$LIBS /usr/lib/textmode.o"
|
||||
@ -86,6 +87,7 @@ case "$host" in
|
||||
AC_DEFINE(IPV4_DEFAULT)
|
||||
AC_DEFINE(IP_TOS_IS_BROKEN)
|
||||
AC_DEFINE(NO_X11_UNIX_SOCKETS)
|
||||
AC_DEFINE(BROKEN_FD_PASSING)
|
||||
AC_DEFINE(SETGROUPS_NOOP)
|
||||
;;
|
||||
*-*-dgux*)
|
||||
@ -247,7 +249,6 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
|
||||
LDFLAGS="$LDFLAGS -L/usr/local/lib"
|
||||
LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
|
||||
rsh_path="/usr/bin/rcmd"
|
||||
RANLIB=true
|
||||
no_dev_ptmx=1
|
||||
AC_DEFINE(BROKEN_SYS_TERMIO_H)
|
||||
@ -264,10 +265,10 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
LDFLAGS="$LDFLAGS -L/usr/local/lib"
|
||||
LIBS="$LIBS -lprot -lx -ltinfo -lm"
|
||||
no_dev_ptmx=1
|
||||
rsh_path="/usr/bin/rcmd"
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(HAVE_SECUREWARE)
|
||||
AC_DEFINE(DISABLE_SHADOW)
|
||||
AC_DEFINE(BROKEN_FD_PASSING)
|
||||
AC_CHECK_FUNCS(getluid setluid)
|
||||
MANTYPE=man
|
||||
;;
|
||||
@ -275,6 +276,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
no_libsocket=1
|
||||
no_libnsl=1
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(BROKEN_FD_PASSING)
|
||||
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
|
||||
LIBS="$LIBS -lgen -lrsc"
|
||||
;;
|
||||
@ -611,6 +613,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
|
||||
socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
|
||||
truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
|
||||
|
||||
if test $ac_cv_func_mmap = yes ; then
|
||||
AC_MSG_CHECKING([for mmap anon shared])
|
||||
AC_TRY_RUN(
|
||||
[
|
||||
#include <stdio.h>
|
||||
#include <sys/mman.h>
|
||||
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
|
||||
#define MAP_ANON MAP_ANONYMOUS
|
||||
#endif
|
||||
main() { char *p;
|
||||
p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
|
||||
if (p == (char *)-1)
|
||||
exit(1);
|
||||
exit(0);
|
||||
}
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_MMAP_ANON_SHARED)
|
||||
],
|
||||
[ AC_MSG_RESULT(no) ]
|
||||
)
|
||||
fi
|
||||
|
||||
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
|
||||
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
|
||||
AC_CHECK_LIB(gen, dirname,[
|
||||
@ -943,16 +969,17 @@ AC_ARG_WITH(entropy-timeout,
|
||||
)
|
||||
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
|
||||
|
||||
ssh_privsep_user=sshd
|
||||
SSH_PRIVSEP_USER=sshd
|
||||
AC_ARG_WITH(privsep-user,
|
||||
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
|
||||
[
|
||||
if test -n "$withval"; then
|
||||
ssh_privsep_user=$withval
|
||||
SSH_PRIVSEP_USER=$withval
|
||||
fi
|
||||
]
|
||||
)
|
||||
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")
|
||||
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
|
||||
AC_SUBST(SSH_PRIVSEP_USER)
|
||||
|
||||
# We do this little dance with the search path to insure
|
||||
# that programs that we select for use by installed programs
|
||||
@ -1829,17 +1856,6 @@ AC_ARG_WITH(afs,
|
||||
LIBS="$LIBS $KLIBS $K5LIBS"
|
||||
|
||||
# Looking for programs, paths and files
|
||||
AC_ARG_WITH(rsh,
|
||||
[ --with-rsh=PATH Specify path to remote shell program ],
|
||||
[
|
||||
if test "x$withval" != "$no" ; then
|
||||
rsh_path=$withval
|
||||
fi
|
||||
],
|
||||
[
|
||||
AC_PATH_PROG(rsh_path, rsh)
|
||||
]
|
||||
)
|
||||
|
||||
PRIVSEP_PATH=/var/empty
|
||||
AC_ARG_WITH(privsep-path,
|
||||
@ -1875,9 +1891,6 @@ else
|
||||
XAUTH_PATH=$xauth_path
|
||||
AC_SUBST(XAUTH_PATH)
|
||||
fi
|
||||
if test ! -z "$rsh_path" ; then
|
||||
AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
|
||||
fi
|
||||
|
||||
# Check for mail directory (last resort if we cannot get it from headers)
|
||||
if test ! -z "$MAIL" ; then
|
||||
|
@ -32,7 +32,8 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $");
|
||||
RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -89,6 +90,7 @@ key_new(int type)
|
||||
}
|
||||
return k;
|
||||
}
|
||||
|
||||
Key *
|
||||
key_new_private(int type)
|
||||
{
|
||||
@ -120,6 +122,7 @@ key_new_private(int type)
|
||||
}
|
||||
return k;
|
||||
}
|
||||
|
||||
void
|
||||
key_free(Key *k)
|
||||
{
|
||||
@ -359,6 +362,7 @@ read_bignum(char **cpp, BIGNUM * value)
|
||||
*cpp = cp;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
write_bignum(FILE *f, BIGNUM *num)
|
||||
{
|
||||
@ -485,6 +489,7 @@ key_read(Key *ret, char **cpp)
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
int
|
||||
key_write(Key *key, FILE *f)
|
||||
{
|
||||
@ -516,6 +521,7 @@ key_write(Key *key, FILE *f)
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
char *
|
||||
key_type(Key *k)
|
||||
{
|
||||
@ -532,6 +538,7 @@ key_type(Key *k)
|
||||
}
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
char *
|
||||
key_ssh_name(Key *k)
|
||||
{
|
||||
@ -545,6 +552,7 @@ key_ssh_name(Key *k)
|
||||
}
|
||||
return "ssh-unknown";
|
||||
}
|
||||
|
||||
u_int
|
||||
key_size(Key *k)
|
||||
{
|
||||
@ -807,7 +815,6 @@ key_verify(
|
||||
}
|
||||
|
||||
/* Converts a private to a public key */
|
||||
|
||||
Key *
|
||||
key_demote(Key *k)
|
||||
{
|
||||
|
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $");
|
||||
RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
@ -205,13 +205,6 @@ struct mon_table mon_dispatch_proto15[] = {
|
||||
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
|
||||
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
|
||||
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
|
||||
#ifdef USE_PAM
|
||||
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
|
||||
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
|
||||
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
|
||||
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
|
||||
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
|
||||
#endif
|
||||
#ifdef BSD_AUTH
|
||||
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
||||
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
|
||||
@ -219,6 +212,13 @@ struct mon_table mon_dispatch_proto15[] = {
|
||||
#ifdef SKEY
|
||||
{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
|
||||
{MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
|
||||
#endif
|
||||
#ifdef USE_PAM
|
||||
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
|
||||
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
|
||||
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
|
||||
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
|
||||
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
|
||||
#endif
|
||||
{0, 0, NULL}
|
||||
};
|
||||
@ -1090,14 +1090,14 @@ mm_answer_keyverify(int socket, Buffer *m)
|
||||
xfree(signature);
|
||||
xfree(data);
|
||||
|
||||
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
|
||||
|
||||
monitor_reset_key_state();
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, verified);
|
||||
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
|
||||
|
||||
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
|
||||
|
||||
return (verified);
|
||||
}
|
||||
|
||||
@ -1564,9 +1564,13 @@ mm_get_keystate(struct monitor *pmonitor)
|
||||
void *
|
||||
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
|
||||
{
|
||||
int len = size * ncount;
|
||||
void *address;
|
||||
|
||||
address = mm_malloc(mm, size * ncount);
|
||||
if (len <= 0)
|
||||
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
|
||||
|
||||
address = mm_malloc(mm, len);
|
||||
|
||||
return (address);
|
||||
}
|
||||
|
@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
|
||||
RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#if defined(KRB4)
|
||||
@ -268,7 +268,7 @@ fill_default_server_options(ServerOptions *options)
|
||||
if (use_privsep == -1)
|
||||
use_privsep = 1;
|
||||
|
||||
#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
|
||||
#if !defined(HAVE_MMAP_ANON_SHARED)
|
||||
if (use_privsep && options->compression == 1) {
|
||||
error("This platform does not support both privilege "
|
||||
"separation and compression");
|
||||
@ -438,7 +438,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
|
||||
hints.ai_family = IPv4or6;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
|
||||
snprintf(strport, sizeof strport, "%d", port);
|
||||
snprintf(strport, sizeof strport, "%u", port);
|
||||
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
|
||||
fatal("bad addr or host: %s (%s)",
|
||||
addr ? addr : "<NULL>",
|
||||
@ -454,9 +454,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
const char *filename, int linenum)
|
||||
{
|
||||
char *cp, **charptr, *arg, *p;
|
||||
int *intptr, value;
|
||||
int *intptr, value, i, n;
|
||||
ServerOpCodes opcode;
|
||||
int i, n;
|
||||
|
||||
cp = line;
|
||||
arg = strdelim(&cp);
|
||||
@ -780,7 +779,8 @@ parse_flag:
|
||||
if (options->num_allow_users >= MAX_ALLOW_USERS)
|
||||
fatal("%s line %d: too many allow users.",
|
||||
filename, linenum);
|
||||
options->allow_users[options->num_allow_users++] = xstrdup(arg);
|
||||
options->allow_users[options->num_allow_users++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -789,7 +789,8 @@ parse_flag:
|
||||
if (options->num_deny_users >= MAX_DENY_USERS)
|
||||
fatal( "%s line %d: too many deny users.",
|
||||
filename, linenum);
|
||||
options->deny_users[options->num_deny_users++] = xstrdup(arg);
|
||||
options->deny_users[options->num_deny_users++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -798,7 +799,8 @@ parse_flag:
|
||||
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
|
||||
fatal("%s line %d: too many allow groups.",
|
||||
filename, linenum);
|
||||
options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
|
||||
options->allow_groups[options->num_allow_groups++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -943,10 +945,9 @@ parse_flag:
|
||||
void
|
||||
read_server_config(ServerOptions *options, const char *filename)
|
||||
{
|
||||
FILE *f;
|
||||
int linenum, bad_options = 0;
|
||||
char line[1024];
|
||||
int linenum;
|
||||
int bad_options = 0;
|
||||
FILE *f;
|
||||
|
||||
f = fopen(filename, "r");
|
||||
if (!f) {
|
||||
|
@ -35,7 +35,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $");
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
@ -902,10 +903,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
Channel *c = NULL;
|
||||
char *ctype;
|
||||
u_int len;
|
||||
int rchan;
|
||||
int rmaxpack;
|
||||
int rwindow;
|
||||
u_int rmaxpack, rwindow, len;
|
||||
|
||||
ctype = packet_get_string(&len);
|
||||
rchan = packet_get_int();
|
||||
|
@ -33,7 +33,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include "ssh.h"
|
||||
@ -253,8 +253,8 @@ do_authenticated1(Authctxt *authctxt)
|
||||
Session *s;
|
||||
char *command;
|
||||
int success, type, screen_flag;
|
||||
int compression_level = 0, enable_compression_after_reply = 0;
|
||||
u_int proto_len, data_len, dlen;
|
||||
int enable_compression_after_reply = 0;
|
||||
u_int proto_len, data_len, dlen, compression_level = 0;
|
||||
|
||||
s = session_new();
|
||||
s->authctxt = authctxt;
|
||||
@ -850,6 +850,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
|
||||
} else {
|
||||
/* New variable. Expand if necessary. */
|
||||
if (i >= (*envsizep) - 1) {
|
||||
if (*envsizep >= 1000)
|
||||
fatal("child_set_env: too many env vars,"
|
||||
" skipping: %.100s", name);
|
||||
(*envsizep) += 50;
|
||||
env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
|
||||
}
|
||||
@ -875,12 +878,15 @@ read_environment_file(char ***env, u_int *envsize,
|
||||
FILE *f;
|
||||
char buf[4096];
|
||||
char *cp, *value;
|
||||
u_int lineno = 0;
|
||||
|
||||
f = fopen(filename, "r");
|
||||
if (!f)
|
||||
return;
|
||||
|
||||
while (fgets(buf, sizeof(buf), f)) {
|
||||
if (++lineno > 1000)
|
||||
fatal("Too many lines in environment file %s", filename);
|
||||
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
|
||||
;
|
||||
if (!*cp || *cp == '#' || *cp == '\n')
|
||||
@ -889,7 +895,8 @@ read_environment_file(char ***env, u_int *envsize,
|
||||
*strchr(cp, '\n') = '\0';
|
||||
value = strchr(cp, '=');
|
||||
if (value == NULL) {
|
||||
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
|
||||
fprintf(stderr, "Bad line %u in %.100s\n", lineno,
|
||||
filename);
|
||||
continue;
|
||||
}
|
||||
/*
|
||||
@ -1166,6 +1173,8 @@ do_nologin(struct passwd *pw)
|
||||
void
|
||||
do_setusercontext(struct passwd *pw)
|
||||
{
|
||||
char tty='\0';
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (is_winnt) {
|
||||
#else /* HAVE_CYGWIN */
|
||||
@ -1175,6 +1184,9 @@ do_setusercontext(struct passwd *pw)
|
||||
setpcred(pw->pw_name);
|
||||
#endif /* HAVE_SETPCRED */
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
#ifdef __bsdi__
|
||||
setpgid(0, 0);
|
||||
#endif
|
||||
if (setusercontext(lc, pw, pw->pw_uid,
|
||||
(LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) {
|
||||
perror("unable to set user context");
|
||||
@ -1210,6 +1222,10 @@ do_setusercontext(struct passwd *pw)
|
||||
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
|
||||
irix_setusercontext(pw);
|
||||
# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
|
||||
# ifdef _AIX
|
||||
/* XXX: Disable tty setting. Enabled if required later */
|
||||
aix_usrinfo(pw, &tty, -1);
|
||||
# endif /* _AIX */
|
||||
/* Permanently switch to the desired uid. */
|
||||
permanently_set_uid(pw);
|
||||
#endif
|
||||
@ -1272,9 +1288,6 @@ do_child(Session *s, const char *command)
|
||||
do_motd();
|
||||
#else /* HAVE_OSF_SIA */
|
||||
do_nologin(pw);
|
||||
# ifdef _AIX
|
||||
aix_usrinfo(pw, s->tty, s->ttyfd);
|
||||
# endif /* _AIX */
|
||||
do_setusercontext(pw);
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
}
|
||||
@ -1984,9 +1997,9 @@ session_setup_x11fwd(Session *s)
|
||||
debug("X11 display already set.");
|
||||
return 0;
|
||||
}
|
||||
s->display_number = x11_create_display_inet(options.x11_display_offset,
|
||||
options.x11_use_localhost, s->single_connection);
|
||||
if (s->display_number == -1) {
|
||||
if (x11_create_display_inet(options.x11_display_offset,
|
||||
options.x11_use_localhost, s->single_connection,
|
||||
&s->display_number) == -1) {
|
||||
debug("x11_create_display_inet failed.");
|
||||
return 0;
|
||||
}
|
||||
@ -2000,9 +2013,9 @@ session_setup_x11fwd(Session *s)
|
||||
* different than the DISPLAY string for localhost displays.
|
||||
*/
|
||||
if (options.x11_use_localhost) {
|
||||
snprintf(display, sizeof display, "localhost:%d.%d",
|
||||
snprintf(display, sizeof display, "localhost:%u.%u",
|
||||
s->display_number, s->screen);
|
||||
snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
|
||||
snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
|
||||
s->display_number, s->screen);
|
||||
s->display = xstrdup(display);
|
||||
s->auth_display = xstrdup(auth_display);
|
||||
@ -2018,10 +2031,10 @@ session_setup_x11fwd(Session *s)
|
||||
return 0;
|
||||
}
|
||||
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
|
||||
snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
|
||||
snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
|
||||
s->display_number, s->screen);
|
||||
#else
|
||||
snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
|
||||
snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
|
||||
s->display_number, s->screen);
|
||||
#endif
|
||||
s->display = xstrdup(display);
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */
|
||||
/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -37,15 +38,15 @@ struct Session {
|
||||
/* tty */
|
||||
char *term;
|
||||
int ptyfd, ttyfd, ptymaster;
|
||||
int row, col, xpixel, ypixel;
|
||||
u_int row, col, xpixel, ypixel;
|
||||
char tty[TTYSZ];
|
||||
/* last login */
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
time_t last_login_time;
|
||||
/* X11 */
|
||||
int display_number;
|
||||
u_int display_number;
|
||||
char *display;
|
||||
int screen;
|
||||
u_int screen;
|
||||
char *auth_display;
|
||||
char *auth_proto;
|
||||
char *auth_data;
|
||||
|
@ -35,7 +35,8 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "openbsd-compat/fake-queue.h"
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
@ -110,6 +111,7 @@ static void
|
||||
idtab_init(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i <=2; i++) {
|
||||
TAILQ_INIT(&idtable[i].idlist);
|
||||
idtable[i].nentries = 0;
|
||||
@ -152,8 +154,8 @@ static void
|
||||
process_request_identities(SocketEntry *e, int version)
|
||||
{
|
||||
Idtab *tab = idtab_lookup(version);
|
||||
Buffer msg;
|
||||
Identity *id;
|
||||
Buffer msg;
|
||||
|
||||
buffer_init(&msg);
|
||||
buffer_put_char(&msg, (version == 1) ?
|
||||
@ -182,21 +184,21 @@ process_request_identities(SocketEntry *e, int version)
|
||||
static void
|
||||
process_authentication_challenge1(SocketEntry *e)
|
||||
{
|
||||
Identity *id;
|
||||
Key *key;
|
||||
u_char buf[32], mdbuf[16], session_id[16];
|
||||
u_int response_type;
|
||||
BIGNUM *challenge;
|
||||
Identity *id;
|
||||
int i, len;
|
||||
Buffer msg;
|
||||
MD5_CTX md;
|
||||
u_char buf[32], mdbuf[16], session_id[16];
|
||||
u_int response_type;
|
||||
Key *key;
|
||||
|
||||
buffer_init(&msg);
|
||||
key = key_new(KEY_RSA1);
|
||||
if ((challenge = BN_new()) == NULL)
|
||||
fatal("process_authentication_challenge1: BN_new failed");
|
||||
|
||||
buffer_get_int(&e->request); /* ignored */
|
||||
(void) buffer_get_int(&e->request); /* ignored */
|
||||
buffer_get_bignum(&e->request, key->rsa->e);
|
||||
buffer_get_bignum(&e->request, key->rsa->n);
|
||||
buffer_get_bignum(&e->request, challenge);
|
||||
@ -251,13 +253,12 @@ send:
|
||||
static void
|
||||
process_sign_request2(SocketEntry *e)
|
||||
{
|
||||
extern int datafellows;
|
||||
Key *key;
|
||||
u_char *blob, *data, *signature = NULL;
|
||||
u_int blen, dlen, slen = 0;
|
||||
int flags;
|
||||
extern int datafellows;
|
||||
int ok = -1, flags;
|
||||
Buffer msg;
|
||||
int ok = -1;
|
||||
Key *key;
|
||||
|
||||
datafellows = 0;
|
||||
|
||||
@ -296,11 +297,10 @@ process_sign_request2(SocketEntry *e)
|
||||
static void
|
||||
process_remove_identity(SocketEntry *e, int version)
|
||||
{
|
||||
u_int blen, bits;
|
||||
int success = 0;
|
||||
Key *key = NULL;
|
||||
u_char *blob;
|
||||
u_int blen;
|
||||
u_int bits;
|
||||
int success = 0;
|
||||
|
||||
switch (version) {
|
||||
case 1:
|
||||
@ -310,7 +310,7 @@ process_remove_identity(SocketEntry *e, int version)
|
||||
buffer_get_bignum(&e->request, key->rsa->n);
|
||||
|
||||
if (bits != key_size(key))
|
||||
log("Warning: identity keysize mismatch: actual %d, announced %d",
|
||||
log("Warning: identity keysize mismatch: actual %u, announced %u",
|
||||
key_size(key), bits);
|
||||
break;
|
||||
case 2:
|
||||
@ -370,10 +370,10 @@ process_remove_all_identities(SocketEntry *e, int version)
|
||||
static void
|
||||
reaper(void)
|
||||
{
|
||||
Idtab *tab;
|
||||
u_int now = time(NULL);
|
||||
Identity *id, *nxt;
|
||||
int version;
|
||||
u_int now = time(NULL);
|
||||
Idtab *tab;
|
||||
|
||||
for (version = 1; version < 3; version++) {
|
||||
tab = idtab_lookup(version);
|
||||
@ -391,16 +391,15 @@ reaper(void)
|
||||
static void
|
||||
process_add_identity(SocketEntry *e, int version)
|
||||
{
|
||||
Key *k = NULL;
|
||||
char *type_name;
|
||||
char *comment;
|
||||
int type, success = 0, death = 0;
|
||||
Idtab *tab = idtab_lookup(version);
|
||||
int type, success = 0, death = 0;
|
||||
char *type_name, *comment;
|
||||
Key *k = NULL;
|
||||
|
||||
switch (version) {
|
||||
case 1:
|
||||
k = key_new_private(KEY_RSA1);
|
||||
buffer_get_int(&e->request); /* ignored */
|
||||
(void) buffer_get_int(&e->request); /* ignored */
|
||||
buffer_get_bignum(&e->request, k->rsa->n);
|
||||
buffer_get_bignum(&e->request, k->rsa->e);
|
||||
buffer_get_bignum(&e->request, k->rsa->d);
|
||||
@ -481,8 +480,8 @@ send:
|
||||
static void
|
||||
process_lock_agent(SocketEntry *e, int lock)
|
||||
{
|
||||
char *passwd;
|
||||
int success = 0;
|
||||
char *passwd;
|
||||
|
||||
passwd = buffer_get_string(&e->request, NULL);
|
||||
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
|
||||
@ -523,11 +522,11 @@ no_identities(SocketEntry *e, u_int type)
|
||||
static void
|
||||
process_add_smartcard_key (SocketEntry *e)
|
||||
{
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
Key **keys, *k;
|
||||
char *sc_reader_id = NULL, *pin;
|
||||
int i, version, success = 0;
|
||||
Key **keys, *k;
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->request, NULL);
|
||||
pin = buffer_get_string(&e->request, NULL);
|
||||
@ -566,11 +565,11 @@ send:
|
||||
static void
|
||||
process_remove_smartcard_key(SocketEntry *e)
|
||||
{
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
Key **keys, *k = NULL;
|
||||
char *sc_reader_id = NULL, *pin;
|
||||
int i, version, success = 0;
|
||||
Key **keys, *k = NULL;
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->request, NULL);
|
||||
pin = buffer_get_string(&e->request, NULL);
|
||||
@ -608,8 +607,7 @@ send:
|
||||
static void
|
||||
process_message(SocketEntry *e)
|
||||
{
|
||||
u_int msg_len;
|
||||
u_int type;
|
||||
u_int msg_len, type;
|
||||
u_char *cp;
|
||||
|
||||
/* kill dead keys */
|
||||
@ -622,6 +620,7 @@ process_message(SocketEntry *e)
|
||||
if (msg_len > 256 * 1024) {
|
||||
shutdown(e->fd, SHUT_RDWR);
|
||||
close(e->fd);
|
||||
e->fd = -1;
|
||||
e->type = AUTH_UNUSED;
|
||||
buffer_free(&e->input);
|
||||
buffer_free(&e->output);
|
||||
@ -717,6 +716,7 @@ static void
|
||||
new_socket(sock_type type, int fd)
|
||||
{
|
||||
u_int i, old_alloc;
|
||||
|
||||
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
|
||||
error("fcntl O_NONBLOCK: %s", strerror(errno));
|
||||
|
||||
@ -801,11 +801,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp)
|
||||
static void
|
||||
after_select(fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
u_int i;
|
||||
int len, sock;
|
||||
struct sockaddr_un sunaddr;
|
||||
socklen_t slen;
|
||||
char buf[1024];
|
||||
struct sockaddr_un sunaddr;
|
||||
int len, sock;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < sockets_alloc; i++)
|
||||
switch (sockets[i].type) {
|
||||
@ -839,6 +839,7 @@ after_select(fd_set *readset, fd_set *writeset)
|
||||
if (len <= 0) {
|
||||
shutdown(sockets[i].fd, SHUT_RDWR);
|
||||
close(sockets[i].fd);
|
||||
sockets[i].fd = -1;
|
||||
sockets[i].type = AUTH_UNUSED;
|
||||
buffer_free(&sockets[i].input);
|
||||
buffer_free(&sockets[i].output);
|
||||
@ -858,6 +859,7 @@ after_select(fd_set *readset, fd_set *writeset)
|
||||
if (len <= 0) {
|
||||
shutdown(sockets[i].fd, SHUT_RDWR);
|
||||
close(sockets[i].fd);
|
||||
sockets[i].fd = -1;
|
||||
sockets[i].type = AUTH_UNUSED;
|
||||
buffer_free(&sockets[i].input);
|
||||
buffer_free(&sockets[i].output);
|
||||
@ -928,6 +930,8 @@ int
|
||||
main(int ac, char **av)
|
||||
{
|
||||
int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
|
||||
char *shell, *format, *pidstr, *agentsocket = NULL;
|
||||
fd_set *readsetp = NULL, *writesetp = NULL;
|
||||
struct sockaddr_un sunaddr;
|
||||
#ifdef HAVE_SETRLIMIT
|
||||
struct rlimit rlim;
|
||||
@ -935,11 +939,10 @@ main(int ac, char **av)
|
||||
#ifdef HAVE_CYGWIN
|
||||
int prev_mask;
|
||||
#endif
|
||||
pid_t pid;
|
||||
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
|
||||
char *agentsocket = NULL;
|
||||
extern int optind;
|
||||
fd_set *readsetp = NULL, *writesetp = NULL;
|
||||
extern char *optarg;
|
||||
pid_t pid;
|
||||
char pidstrbuf[1 + 3 * sizeof pid];
|
||||
|
||||
SSLeay_add_all_algorithms();
|
||||
|
||||
@ -947,11 +950,7 @@ main(int ac, char **av)
|
||||
init_rng();
|
||||
seed_rng();
|
||||
|
||||
#ifdef __GNU_LIBRARY__
|
||||
while ((ch = getopt(ac, av, "+cdksa:")) != -1) {
|
||||
#else /* __GNU_LIBRARY__ */
|
||||
while ((ch = getopt(ac, av, "cdksa:")) != -1) {
|
||||
#endif /* __GNU_LIBRARY__ */
|
||||
switch (ch) {
|
||||
case 'c':
|
||||
if (s_flag)
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $
|
||||
.\" $FreeBSD$
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
@ -955,8 +955,8 @@ protocol versions 1.5 and 2.0.
|
||||
.Xr ssh-agent 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr telnet 1 ,
|
||||
.Xr ssh_config 4 ,
|
||||
.Xr ssh-keysign 8,
|
||||
.Xr ssh_config 5 ,
|
||||
.Xr ssh-keysign 8 ,
|
||||
.Xr sshd 8
|
||||
.Rs
|
||||
.%A T. Ylonen
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $ */
|
||||
/* $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -65,8 +66,8 @@
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Name of the environment variable containing the pathname of the
|
||||
* authentication socket.
|
||||
* Name of the environment variable containing the process ID of the
|
||||
* authentication agent.
|
||||
*/
|
||||
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
|
||||
|
||||
|
@ -13,7 +13,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
@ -266,7 +267,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = family;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
snprintf(strport, sizeof strport, "%d", port);
|
||||
snprintf(strport, sizeof strport, "%u", port);
|
||||
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
|
||||
fatal("%s: %.100s: %s", __progname, host,
|
||||
gai_strerror(gaierr));
|
||||
@ -489,7 +490,6 @@ confirm(const char *prompt)
|
||||
* check whether the supplied host key is valid, return -1 if the key
|
||||
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
|
||||
*/
|
||||
|
||||
static int
|
||||
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||
int readonly, const char *user_hostfile, const char *system_hostfile)
|
||||
|
@ -23,7 +23,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh2.h"
|
||||
@ -299,12 +300,14 @@ userauth(Authctxt *authctxt, char *authlist)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_error(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
fatal("input_userauth_error: bad message during authentication: "
|
||||
"type %d", type);
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
@ -316,6 +319,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
|
||||
xfree(msg);
|
||||
xfree(lang);
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_success(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
@ -327,6 +331,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
|
||||
clear_auth_state(authctxt);
|
||||
authctxt->success = 1; /* break out */
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
@ -375,7 +380,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
packet_check_eom();
|
||||
|
||||
debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
|
||||
debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
|
||||
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
|
||||
|
||||
do {
|
||||
@ -894,9 +899,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_keysign(
|
||||
Key *key,
|
||||
u_char **sigp, u_int *lenp,
|
||||
ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
|
||||
u_char *data, u_int datalen)
|
||||
{
|
||||
Buffer b;
|
||||
@ -1098,6 +1101,7 @@ authmethod_lookup(const char *name)
|
||||
static Authmethod *current = NULL;
|
||||
static char *supported = NULL;
|
||||
static char *preferred = NULL;
|
||||
|
||||
/*
|
||||
* Given the authentication method list sent by the server, return the
|
||||
* next method we should try. If the server initially sends a nil list,
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $
|
||||
.\" $FreeBSD$
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
@ -581,11 +581,18 @@ These files are created using
|
||||
.Xr ssh-keygen 1 .
|
||||
.It Pa /etc/ssh/moduli
|
||||
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
|
||||
.It Pa /var/empty
|
||||
.Xr chroot 2
|
||||
directory used by
|
||||
.Nm
|
||||
during privilege separation in the pre-authentication phase.
|
||||
The directory should not contain any files and must be owned by root
|
||||
and not group or world-writable.
|
||||
.It Pa /var/run/sshd.pid
|
||||
Contains the process ID of the
|
||||
.Nm
|
||||
listening for connections (if there are several daemons running
|
||||
concurrently for different ports, this contains the pid of the one
|
||||
concurrently for different ports, this contains the process ID of the one
|
||||
started last).
|
||||
The content of this file is not sensitive; it can be world-readable.
|
||||
.It Pa $HOME/.ssh/authorized_keys
|
||||
|
@ -42,7 +42,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
|
||||
RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
@ -219,6 +220,7 @@ static void
|
||||
close_listen_socks(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < num_listen_socks; i++)
|
||||
close(listen_socks[i]);
|
||||
num_listen_socks = -1;
|
||||
@ -228,6 +230,7 @@ static void
|
||||
close_startup_pipes(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (startup_pipes)
|
||||
for (i = 0; i < options.max_startups; i++)
|
||||
if (startup_pipes[i] != -1)
|
||||
@ -260,7 +263,8 @@ sighup_restart(void)
|
||||
close_listen_socks();
|
||||
close_startup_pipes();
|
||||
execv(saved_argv[0], saved_argv);
|
||||
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
|
||||
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
|
||||
strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -280,8 +284,8 @@ sigterm_handler(int sig)
|
||||
static void
|
||||
main_sigchld_handler(int sig)
|
||||
{
|
||||
pid_t pid;
|
||||
int save_errno = errno;
|
||||
pid_t pid;
|
||||
int status;
|
||||
|
||||
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
|
||||
@ -341,6 +345,7 @@ static void
|
||||
key_regeneration_alarm(int sig)
|
||||
{
|
||||
int save_errno = errno;
|
||||
|
||||
signal(SIGALRM, SIG_DFL);
|
||||
errno = save_errno;
|
||||
key_do_regen = 1;
|
||||
@ -372,7 +377,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
|
||||
|
||||
if (client_version_string == NULL) {
|
||||
/* Send our protocol version identification. */
|
||||
if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
|
||||
if (atomicio(write, sock_out, server_version_string,
|
||||
strlen(server_version_string))
|
||||
!= strlen(server_version_string)) {
|
||||
log("Could not write ident string to %s", get_remote_ipaddr());
|
||||
fatal_cleanup();
|
||||
@ -475,7 +481,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Destroy the host and server keys. They will no longer be needed. */
|
||||
void
|
||||
destroy_sensitive_data(void)
|
||||
@ -526,8 +531,9 @@ static void
|
||||
privsep_preauth_child(void)
|
||||
{
|
||||
u_int32_t rand[256];
|
||||
int i;
|
||||
gid_t gidset[2];
|
||||
struct passwd *pw;
|
||||
int i;
|
||||
|
||||
/* Enable challenge-response authentication for privilege separation */
|
||||
privsep_challenge_enable();
|
||||
@ -555,7 +561,17 @@ privsep_preauth_child(void)
|
||||
/* Drop our privileges */
|
||||
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
|
||||
(u_int)pw->pw_gid);
|
||||
#if 0
|
||||
/* XXX not ready, to heavy after chroot */
|
||||
do_setusercontext(pw);
|
||||
#else
|
||||
gidset[0] = pw->pw_gid;
|
||||
if (setgid(pw->pw_gid) < 0)
|
||||
fatal("setgid failed for %u", pw->pw_gid );
|
||||
if (setgroups(1, gidset) < 0)
|
||||
fatal("setgroups: %.100s", strerror(errno));
|
||||
permanently_set_uid(pw);
|
||||
#endif
|
||||
}
|
||||
|
||||
static Authctxt*
|
||||
@ -609,7 +625,11 @@ privsep_postauth(Authctxt *authctxt)
|
||||
/* XXX - Remote port forwarding */
|
||||
x_authctxt = authctxt;
|
||||
|
||||
#ifdef BROKEN_FD_PASSING
|
||||
if (1) {
|
||||
#else
|
||||
if (authctxt->pw->pw_uid == 0 || options.use_login) {
|
||||
#endif
|
||||
/* File descriptor passing is broken or root login */
|
||||
monitor_apply_keystate(pmonitor);
|
||||
use_privsep = 0;
|
||||
@ -683,6 +703,7 @@ Key *
|
||||
get_hostkey_by_type(int type)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
Key *key = sensitive_data.host_keys[i];
|
||||
if (key != NULL && key->type == type)
|
||||
@ -703,6 +724,7 @@ int
|
||||
get_hostkey_index(Key *key)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
if (key == sensitive_data.host_keys[i])
|
||||
return (i);
|
||||
@ -991,11 +1013,13 @@ main(int ac, char **av)
|
||||
* hate software patents. I dont know if this can go? Niels
|
||||
*/
|
||||
if (options.server_key_bits >
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
|
||||
options.server_key_bits <
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
|
||||
SSH_KEY_BITS_RESERVED && options.server_key_bits <
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
|
||||
SSH_KEY_BITS_RESERVED) {
|
||||
options.server_key_bits =
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
|
||||
SSH_KEY_BITS_RESERVED;
|
||||
debug("Forcing server key to %d bits to make it differ from host key.",
|
||||
options.server_key_bits);
|
||||
}
|
||||
@ -1012,6 +1036,9 @@ main(int ac, char **av)
|
||||
(S_ISDIR(st.st_mode) == 0))
|
||||
fatal("Missing privilege separation directory: %s",
|
||||
_PATH_PRIVSEP_CHROOT_DIR);
|
||||
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
|
||||
fatal("Bad owner or mode for %s",
|
||||
_PATH_PRIVSEP_CHROOT_DIR);
|
||||
}
|
||||
|
||||
/* Configuration looks good, so exit if in test mode. */
|
||||
@ -1351,7 +1378,7 @@ main(int ac, char **av)
|
||||
*/
|
||||
#if 0
|
||||
/* XXX: this breaks Solaris */
|
||||
if (setsid() < 0)
|
||||
if (!debug_flag && !inetd_flag && setsid() < 0)
|
||||
error("setsid: %.100s", strerror(errno));
|
||||
#endif
|
||||
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
|
||||
.\" $FreeBSD$
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD_CONFIG 5
|
||||
@ -422,6 +422,12 @@ The probability increases linearly and all connection attempts
|
||||
are refused if the number of unauthenticated connections reaches
|
||||
.Dq full
|
||||
(60).
|
||||
.It Cm PAMAuthenticationViaKbdInt
|
||||
Specifies whether PAM challenge response authentication is allowed. This
|
||||
allows the use of most PAM challenge response authentication modules, but
|
||||
it will allow password authentication regardless of whether
|
||||
.Cm PasswordAuthentication
|
||||
is enabled.
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether password authentication is allowed.
|
||||
The default is
|
||||
@ -461,7 +467,7 @@ If this option is set to
|
||||
.Dq no
|
||||
root is not allowed to login.
|
||||
.It Cm PidFile
|
||||
Specifies the file that contains the process identifier of the
|
||||
Specifies the file that contains the process ID of the
|
||||
.Nm sshd
|
||||
daemon.
|
||||
The default is
|
||||
|
@ -39,7 +39,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#include "loginrec.h"
|
||||
|
||||
@ -48,10 +49,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
|
||||
* information is not available. This must be called before record_login.
|
||||
* The host the user logged in from will be returned in buf.
|
||||
*/
|
||||
|
||||
u_long
|
||||
get_last_login_time(uid_t uid, const char *logname,
|
||||
char *buf, u_int bufsize)
|
||||
char *buf, u_int bufsize)
|
||||
{
|
||||
struct logininfo li;
|
||||
|
||||
@ -64,10 +64,9 @@ get_last_login_time(uid_t uid, const char *logname,
|
||||
* Records that the user has logged in. I these parts of operating systems
|
||||
* were more standardized.
|
||||
*/
|
||||
|
||||
void
|
||||
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
|
||||
const char *host, struct sockaddr * addr)
|
||||
const char *host, struct sockaddr * addr)
|
||||
{
|
||||
struct logininfo *li;
|
||||
|
||||
@ -92,7 +91,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user,
|
||||
#endif
|
||||
|
||||
/* Records that the user has logged out. */
|
||||
|
||||
void
|
||||
record_logout(pid_t pid, const char *ttyname, const char *user)
|
||||
{
|
||||
|
@ -12,7 +12,8 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $");
|
||||
RCSID("$FreeBSD$");
|
||||
|
||||
#ifdef HAVE_UTIL_H
|
||||
# include <util.h>
|
||||
@ -343,9 +344,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
|
||||
if (fd < 0)
|
||||
error("open /dev/tty failed - could not set controlling tty: %.100s",
|
||||
strerror(errno));
|
||||
else {
|
||||
else
|
||||
close(fd);
|
||||
}
|
||||
#endif /* _CRAY */
|
||||
}
|
||||
|
||||
@ -356,6 +356,7 @@ pty_change_window_size(int ptyfd, int row, int col,
|
||||
int xpixel, int ypixel)
|
||||
{
|
||||
struct winsize w;
|
||||
|
||||
w.ws_row = row;
|
||||
w.ws_col = col;
|
||||
w.ws_xpixel = xpixel;
|
||||
@ -393,13 +394,13 @@ pty_setowner(struct passwd *pw, const char *ttyname)
|
||||
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
|
||||
if (chown(ttyname, pw->pw_uid, gid) < 0) {
|
||||
if (errno == EROFS &&
|
||||
(st.st_uid == pw->pw_uid || st.st_uid == 0))
|
||||
error("chown(%.100s, %d, %d) failed: %.100s",
|
||||
ttyname, pw->pw_uid, gid,
|
||||
(st.st_uid == pw->pw_uid || st.st_uid == 0))
|
||||
error("chown(%.100s, %u, %u) failed: %.100s",
|
||||
ttyname, (u_int)pw->pw_uid, (u_int)gid,
|
||||
strerror(errno));
|
||||
else
|
||||
fatal("chown(%.100s, %d, %d) failed: %.100s",
|
||||
ttyname, pw->pw_uid, gid,
|
||||
fatal("chown(%.100s, %u, %u) failed: %.100s",
|
||||
ttyname, (u_int)pw->pw_uid, (u_int)gid,
|
||||
strerror(errno));
|
||||
}
|
||||
}
|
||||
|
@ -1,11 +1,11 @@
|
||||
/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */
|
||||
/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef SSH_VERSION
|
||||
|
||||
#define SSH_VERSION (ssh_version_get())
|
||||
#define SSH_VERSION_BASE "OpenSSH_3.3"
|
||||
#define SSH_VERSION_ADDENDUM "FreeBSD-20020625"
|
||||
#define SSH_VERSION_BASE "OpenSSH_3.4p1"
|
||||
#define SSH_VERSION_ADDENDUM "FreeBSD-20020629"
|
||||
|
||||
const char *ssh_version_get(void);
|
||||
void ssh_version_set_addendum(const char *add);
|
||||
|
Loading…
x
Reference in New Issue
Block a user