d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of OpenSSH 4.1p1.

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2005-06-05 15:41:57 +00:00
parent 5e8dbd04ef
commit 4518870c72
45 changed files with 470 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
crypto/openssh/ChangeLog
View File

@ -1,3 +1,178 @@
20050524
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
USE_POSIX_THREADS will now generate an error so we don't silently change
behaviour. ok djm@
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
allocation when retrieving core Windows environment. Add CYGWIN variable
to propagated variables. Patch from vinschen at redhat.com, ok djm@
- (djm) Release 4.1p1
20050524
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
"looks ok" dtucker@
20050512
- (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
hard link section. Bug 1038.
20050509
- (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
20050504
- (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
unix domain socket, so catch that too; from jakob@ ok dtucker@
20050503
- (dtucker) [canohost.c] normalise socket addresses returned by
get_remote_hostname(). This means that IPv4 addresses in log messages
on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
addresses only for 4-in-6 mapped connections, regardless of whether
or not the machine is IPv6 enabled. ok djm@
20050425
- (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
existence of a process since it's more portable. Found by jbasney at
ncsa.uiuc.edu; ok tim@
- (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
will clean up anyway. From tim@
- (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
"make tests" works even if you're building on a filesystem that doesn't
support sockets. From deengert at anl.gov, ok djm@
20050424
- (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
1.2.1.2 or higher. With tim@, ok djm@
20050423
- (tim) [config.guess] Add support for OpenServer 6.
20050421
- (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
UseLogin is set as PAM is not used to establish credentials in that
case. Found by Michael Selvesteen, ok djm@
20050419
- (dtucker) [INSTALL] Reference README.privsep for the privilege separation
requirements. Pointed out by Bengt Svensson.
- (dtucker) [INSTALL] Put the s/key text and URL back together.
- (dtucker) [INSTALL] Fix s/key text too.
20050411
- (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
20050405
- (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
- (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
Tru64. Patch from cmadams at hiwaay.net.
- (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
20050403
- (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2005/03/31 18:39:21
[scp.c]
copy argv[] element instead of smashing the one that ps will see; ok otto
- djm@cvs.openbsd.org 2005/04/02 12:41:16
[scp.c]
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
build
- (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
will free as needed. ok tim@ djm@
20050331
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
[ssh_config.5]
get the syntax right for {Local,Remote}Forward;
based on a diff from markus;
problem report from ponraj;
ok dtucker@ markus@ deraadt@
- markus@cvs.openbsd.org 2005/03/16 21:17:39
[version.h]
4.1
- jmc@cvs.openbsd.org 2005/03/18 17:05:00
[sshd_config.5]
typo;
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
- (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
message on some platforms. Patch from pete at seebeyond.com via djm.
- (dtucker) [monitor.c] Remaining part of fix for bug #1006.
20050329
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
interested in which is much faster in large (eg LDAP or NIS) environments.
Patch from dleonard at vintela.com.
20050321
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
with & ok tim@
- (dtucker) [configure.ac] Make configure error out if the user specifies
--with-libedit but the required libs can't be found, rather than silently
ignoring and continuing. ok tim@
- (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
20050317
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
Make --without-opensc work.
- (tim) [configure.ac] portability changes on test statements. Some shells
have problems with -a operator.
- (tim) [configure.ac] make some configure options a little more error proof.
- (tim) [configure.ac] remove trailing white space.
20050314
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
[readconf.c]
Check listen addresses for null, prevents xfree from dying during
ClearAllForwardings (bz #996). From Craig Leres, ok markus@
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
readconf.c bufaux.c sftp.c]
spacing
- deraadt@cvs.openbsd.org 2005/03/10 22:40:38
[auth-options.c]
spacing
- markus@cvs.openbsd.org 2005/03/11 14:59:06
[ssh-keygen.c]
typo, missing \n; mpech
- jmc@cvs.openbsd.org 2005/03/12 11:55:03
[ssh_config.5]
escape `.' at eol to avoid double spacing issues;
- dtucker@cvs.openbsd.org 2005/03/14 10:09:03
[ssh-keygen.1]
Correct description of -H (bz #997); ok markus@, punctuation jmc@
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
[auth.c]
Populate host for log message for logins denied by AllowUsers and
DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
- markus@cvs.openbsd.org 2005/03/14 11:46:56
[buffer.c buffer.h channels.c]
limit input buffer size for channels; bugzilla #896; with and ok dtucker@
- (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
with a rpm -F
20050313
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
localized name of the local administrators group more reliable. From
vinschen at redhat.com.
20050312
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
output ends up in the client's output, causing regress failures. Found
by Corinna Vinschen.
20050309
- (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
so that regress tests behave. From Chris Adams.
@ -2321,4 +2496,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $
$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $

18
crypto/openssh/INSTALL
View File

@ -3,7 +3,7 @@
You will need working installations of Zlib and OpenSSL.
Zlib 1.1.4 or greater:
Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
http://www.gzip.org/zlib/
OpenSSL 0.9.6 or greater:
@ -50,20 +50,20 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
http://www.lothar.com/tech/crypto/
S/Key Libraries:
If you wish to use --with-skey then you will need the library below
installed. No other S/Key library is currently known to be supported.
http://www.sparc.spb.su/solaris/skey/
LibEdit:
sftp now supports command-line editing via NetBSD's libedit. If your
platform has it available natively you can use that, alternatively
you might try these multi-platform ports:
http://www.thrysoee.dk/editline/
http://sourceforge.net/projects/libedit/
If you wish to use --with-skey then you will need the above library
installed. No other current S/Key library is currently known to be
supported.
2. Building / Installation
--------------------------
@ -91,6 +91,10 @@ make install
This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.
If you are using Privilege Separation (which is enabled by default)
then you will also need to create the user, group and directory used by
sshd for privilege separation. See README.privsep for details.
If you are using PAM, you may need to manually install a PAM control
file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
them). Note that the service name used to start PAM is __progname,
@ -221,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $
$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $

2
crypto/openssh/README
View File

@ -61,4 +61,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $
$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $

8
crypto/openssh/auth-options.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $");
RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $");
#include "xmalloc.h"
#include "match.h"
@ -247,7 +247,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
host = hpdelim(&p);
if (host == NULL || strlen(host) >= NI_MAXHOST) {
debug("%.100s, line %lu: Bad permitopen "
"specification <%.100s>", file, linenum,
"specification <%.100s>", file, linenum,
patterns);
auth_debug_add("%.100s, line %lu: "
"Bad permitopen specification", file,
@ -255,8 +255,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
xfree(patterns);
goto bad_option;
}
host = cleanhostname(host);
if (p == NULL || (port = a2port(p)) == 0) {
host = cleanhostname(host);
if (p == NULL || (port = a2port(p)) == 0) {
debug("%.100s, line %lu: Bad permitopen port "
"<%.100s>", file, linenum, p ? p : "");
auth_debug_add("%.100s, line %lu: "

22
crypto/openssh/auth-pam.c
View File

@ -47,7 +47,7 @@
/* Based on $FreeBSD$ */
#include "includes.h"
RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $");
RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $");
#ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H)
@ -76,7 +76,17 @@ extern Buffer loginmsg;
extern int compat20;
extern u_int utmp_len;
/* so we don't silently change behaviour */
#ifdef USE_POSIX_THREADS
# error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK"
#endif
/*
* Formerly known as USE_POSIX_THREADS, using this is completely unsupported
* and generally a bad idea. Use at own risk and do not expect support if
* this breaks.
*/
#ifdef UNSUPPORTED_POSIX_THREADS_HACK
#include <pthread.h>
/*
* Avoid namespace clash when *not* using pthreads for systems *with*
@ -98,7 +108,7 @@ struct pam_ctxt {
static void sshpam_free_ctx(void *);
static struct pam_ctxt *cleanup_ctxt;
#ifndef USE_POSIX_THREADS
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
/*
* Simulate threads with processes.
*/
@ -255,7 +265,7 @@ import_environments(Buffer *b)
debug3("PAM: %s entering", __func__);
#ifndef USE_POSIX_THREADS
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
/* Import variables set by do_pam_account */
sshpam_account_status = buffer_get_int(b);
sshpam_password_change_required(buffer_get_int(b));
@ -384,7 +394,7 @@ sshpam_thread(void *ctxtp)
struct pam_conv sshpam_conv;
int flags = (options.permit_empty_passwd == 0 ?
PAM_DISALLOW_NULL_AUTHTOK : 0);
#ifndef USE_POSIX_THREADS
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
extern char **environ;
char **env_from_pam;
u_int i;
@ -428,7 +438,7 @@ sshpam_thread(void *ctxtp)
buffer_put_cstring(&buffer, "OK");
#ifndef USE_POSIX_THREADS
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
/* Export variables set by do_pam_account */
buffer_put_int(&buffer, sshpam_account_status);
buffer_put_int(&buffer, sshpam_authctxt->force_pwchange);
@ -447,7 +457,7 @@ sshpam_thread(void *ctxtp)
buffer_put_int(&buffer, i);
for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
buffer_put_cstring(&buffer, env_from_pam[i]);
#endif /* USE_POSIX_THREADS */
#endif /* UNSUPPORTED_POSIX_THREADS_HACK */
/* XXX - can't do much about an error here */
ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);

1
crypto/openssh/auth-passwd.c
View File

@ -47,7 +47,6 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $");
extern Buffer loginmsg;
extern ServerOptions options;
int sys_auth_passwd(Authctxt *, const char *);
#ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc;

2
crypto/openssh/auth-sia.c
View File

@ -47,7 +47,7 @@ extern int saved_argc;
extern char **saved_argv;
int
sys_auth_passwd(Authctxt *authctxt, char *pass)
sys_auth_passwd(Authctxt *authctxt, const char *pass)
{
int ret;
SIAENTITY *ent = NULL;

1
crypto/openssh/auth-sia.h
View File

@ -26,7 +26,6 @@
#ifdef HAVE_OSF_SIA
int sys_auth_passwd(Authctxt *, char *);
void session_setup_sia(struct passwd *, char *);
#endif /* HAVE_OSF_SIA */

5
crypto/openssh/auth.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $");
RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
@ -145,7 +145,8 @@ allowed_user(struct passwd * pw)
return 0;
}
if (options.num_deny_users > 0 || options.num_allow_users > 0) {
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
options.num_deny_groups > 0 || options.num_allow_groups > 0) {
hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
}

4
crypto/openssh/auth.h
View File

@ -30,6 +30,7 @@
#include "key.h"
#include "hostfile.h"
#include "buffer.h"
#include <openssl/rsa.h>
#ifdef HAVE_LOGIN_CAP
@ -68,6 +69,7 @@ struct Authctxt {
char *krb5_ticket_file;
char *krb5_ccname;
#endif
Buffer *loginmsg;
void *methoddata;
};
/*
@ -185,6 +187,8 @@ void auth_debug_reset(void);
struct passwd *fakepw(void);
int sys_auth_passwd(Authctxt *, const char *);
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
#define SKEY_PROMPT "\nS/Key Password: "

4
crypto/openssh/bufaux.c
View File

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: bufaux.c,v 1.34 2004/12/06 16:00:43 markus Exp $");
RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
@ -179,7 +179,7 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
{
u_int len;
u_char *bin;
if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
error("buffer_get_bignum2_ret: invalid bignum");
return (-1);

4
crypto/openssh/bufaux.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */
/* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -40,7 +40,7 @@ void buffer_put_string(Buffer *, const void *, u_int);
void buffer_put_cstring(Buffer *, const char *);
#define buffer_skip_string(b) \
do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0)
do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
int buffer_put_bignum_ret(Buffer *, const BIGNUM *);
int buffer_get_bignum_ret(Buffer *, BIGNUM *);

8
crypto/openssh/buffer.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $");
RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@ -78,7 +78,7 @@ buffer_append_space(Buffer *buffer, u_int len)
u_int newlen;
void *p;
if (len > 0x100000)
if (len > BUFFER_MAX_CHUNK)
fatal("buffer_append_space: len %u not supported", len);
/* If the buffer is empty, start using it from the beginning. */
@ -97,7 +97,7 @@ buffer_append_space(Buffer *buffer, u_int len)
* If the buffer is quite empty, but all data is at the end, move the
* data to the beginning and retry.
*/
if (buffer->offset > buffer->alloc / 2) {
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
memmove(buffer->buf, buffer->buf + buffer->offset,
buffer->end - buffer->offset);
buffer->end -= buffer->offset;
@ -107,7 +107,7 @@ buffer_append_space(Buffer *buffer, u_int len)
/* Increase the size of the buffer and retry. */
newlen = buffer->alloc + len + 32768;
if (newlen > 0xa00000)
if (newlen > BUFFER_MAX_LEN)
fatal("buffer_append_space: alloc %u not supported",
newlen);
buffer->buf = xrealloc(buffer->buf, newlen);

5
crypto/openssh/buffer.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */
/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -23,6 +23,9 @@ typedef struct {
u_int end; /* Offset of last byte containing data. */
} Buffer;
#define BUFFER_MAX_CHUNK 0x100000
#define BUFFER_MAX_LEN 0xa00000
void buffer_init(Buffer *);
void buffer_clear(Buffer *);
void buffer_free(Buffer *);

8
crypto/openssh/buildpkg.sh.in
View File

@ -282,11 +282,11 @@ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SY
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
else
[ "$RCS_D" = yes ] && \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
[ "$RC1_D" = no ] || \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
fi
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)

2
crypto/openssh/canohost.c
View File

@ -251,6 +251,8 @@ get_socket_address(int sock, int remote, int flags)
if (addr.ss_family == AF_INET6)
addrlen = sizeof(struct sockaddr_in6);
ipv64_normalise_mapped(&addr, &addrlen);
/* Get the address in ascii. */
if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
sizeof(ntop), NULL, 0, flags)) != 0) {

27
crypto/openssh/channels.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $");
RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -58,6 +58,8 @@ RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $");
/* -- channel core */
#define CHAN_RBUF 16*1024
/*
* Pointer to an array containing all allocated channels. The array is
* dynamically extended as needed.
@ -712,6 +714,9 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
{
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
/* check buffer limits */
limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF));
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
buffer_len(&c->input) < limit)
@ -1018,7 +1023,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
debug2("channel %d: only socks5 connect supported", c->self);
return -1;
}
switch(s5_req.atyp){
switch (s5_req.atyp){
case SSH_SOCKS5_IPV4:
addrlen = 4;
af = AF_INET;
@ -1360,7 +1365,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
static int
channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
{
char buf[16*1024];
char buf[CHAN_RBUF];
int len;
if (c->rfd != -1 &&
@ -1454,7 +1459,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
static int
channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
{
char buf[16*1024];
char buf[CHAN_RBUF];
int len;
/** XXX handle drain efd, too */
@ -2199,11 +2204,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
/*
* Determine whether or not a port forward listens to loopback,
* specified address or wildcard. On the client, a specified bind
* address will always override gateway_ports. On the server, a
* gateway_ports of 1 (``yes'') will override the client's
* specification and force a wildcard bind, whereas a value of 2
* (``clientspecified'') will bind to whatever address the client
* specified address or wildcard. On the client, a specified bind
* address will always override gateway_ports. On the server, a
* gateway_ports of 1 (``yes'') will override the client's
* specification and force a wildcard bind, whereas a value of 2
* (``clientspecified'') will bind to whatever address the client
* asked for.
*
* Special-case listen_addrs are:
@ -2317,7 +2322,7 @@ channel_cancel_rport_listener(const char *host, u_short port)
u_int i;
int found = 0;
for(i = 0; i < channels_alloc; i++) {
for (i = 0; i < channels_alloc; i++) {
Channel *c = channels[i];
if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
@ -2629,7 +2634,7 @@ channel_send_window_changes(void)
struct winsize ws;
for (i = 0; i < channels_alloc; i++) {
if (channels[i] == NULL || !channels[i]->client_tty ||
if (channels[i] == NULL || !channels[i]->client_tty ||
channels[i]->type != SSH_CHANNEL_OPEN)
continue;
if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0)

4
crypto/openssh/clientloop.c
View File

@ -59,7 +59,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -627,7 +627,7 @@ client_process_control(fd_set * readset)
"to %s? ", host);
if (allowed)
quit_pending = 1;
/* FALLTHROUGH */
/* FALLTHROUGH */
case SSHMUX_COMMAND_ALIVE_CHECK:
/* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
buffer_clear(&m);

3
crypto/openssh/config.guess vendored
View File

@ -995,7 +995,8 @@ EOF
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
exit 0 ;;
i*86:*:5:[78]*)
i*86:*:5:[678]*)
# Unixware 7.x, OpenUNIX 8, & OpenServer 6
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;

201
crypto/openssh/configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $
# $Id: configure.ac,v 1.260 2005/04/24 07:52:23 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@ -75,7 +75,7 @@ if test -z "$LD" ; then
LD=$CC
fi
AC_SUBST(LD)
AC_C_INLINE
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
@ -84,7 +84,7 @@ fi
AC_ARG_WITH(rpath,
[ --without-rpath Disable auto-added -R linker paths],
[
if test "x$withval" = "xno" ; then
if test "x$withval" = "xno" ; then
need_dash_r=""
fi
if test "x$withval" = "xyes" ; then
@ -123,7 +123,7 @@ case "$host" in
])
dnl Check for various auth function declarations in headers.
AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
passwdexpired], , , [#include <usersec.h>])
passwdexpired, setauthdb], , , [#include <usersec.h>])
dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
AC_CHECK_DECLS(loginfailed,
[AC_MSG_CHECKING(if loginfailed takes 4 arguments)
@ -274,7 +274,7 @@ mips-sony-bsd|mips-sony-newsos4)
;;
*-*-netbsd*)
check_for_libcrypt_before=1
if test "x$withval" != "xno" ; then
if test "x$withval" != "xno" ; then
need_dash_r=1
fi
;;
@ -297,7 +297,7 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE(BROKEN_SAVED_UIDS)
;;
*-*-solaris*)
if test "x$withval" != "xno" ; then
if test "x$withval" != "xno" ; then
need_dash_r=1
fi
AC_DEFINE(PAM_SUN_CODEBASE)
@ -361,6 +361,7 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
;;
# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
@ -368,6 +369,7 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
;;
*-*-sysv*)
;;
@ -472,15 +474,17 @@ esac
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
[
if test "x$withval" != "xno" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
CFLAGS="$CFLAGS $withval"
fi
]
]
)
AC_ARG_WITH(cppflags,
[ --with-cppflags Specify additional flags to pass to preprocessor] ,
[
if test "x$withval" != "xno"; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
CPPFLAGS="$CPPFLAGS $withval"
fi
]
@ -488,18 +492,20 @@ AC_ARG_WITH(cppflags,
AC_ARG_WITH(ldflags,
[ --with-ldflags Specify additional flags to pass to linker],
[
if test "x$withval" != "xno" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
LDFLAGS="$LDFLAGS $withval"
fi
]
]
)
AC_ARG_WITH(libs,
[ --with-libs Specify additional libraries to link with],
[
if test "x$withval" != "xno" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
LIBS="$LIBS $withval"
fi
]
]
)
AC_MSG_CHECKING(compiler and flags for sanity)
@ -583,10 +589,9 @@ AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
dnl zlib is required
AC_ARG_WITH(zlib,
[ --with-zlib=PATH Use zlib in PATH],
[
if test "x$withval" = "xno" ; then
AC_MSG_ERROR([*** zlib is required ***])
fi
[ if test "x$withval" = "xno" ; then
AC_MSG_ERROR([*** zlib is required ***])
elif test "x$withval" != "xyes"; then
if test -d "$withval/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@ -605,7 +610,7 @@ AC_ARG_WITH(zlib,
else
CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
]
fi ]
)
AC_CHECK_LIB(z, deflate, ,
@ -638,29 +643,40 @@ AC_ARG_WITH(zlib-version-check,
]
)
AC_MSG_CHECKING(for zlib 1.1.4 or greater)
AC_MSG_CHECKING(for possibly buggy zlib)
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <stdio.h>
#include <zlib.h>
int main()
{
int a, b, c, v;
if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
int a=0, b=0, c=0, d=0, n, v;
n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
if (n != 3 && n != 4)
exit(1);
v = a*1000000 + b*1000 + c;
if (v >= 1001004)
v = a*1000000 + b*10000 + c*100 + d;
fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
/* 1.1.4 is OK */
if (a == 1 && b == 1 && c >= 4)
exit(0);
/* 1.2.1.2 and up are OK */
if (v >= 1020102)
exit(0);
exit(2);
}
]])],
AC_MSG_RESULT(yes),
[ AC_MSG_RESULT(no)
AC_MSG_RESULT(no),
[ AC_MSG_RESULT(yes)
if test -z "$zlib_check_nonfatal" ; then
AC_MSG_ERROR([*** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible your
vendor has fixed these problems without changing the version number. If you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
See http://www.gzip.org/zlib/ for details.])
else
AC_MSG_WARN([zlib version may have security problems])
fi
@ -730,7 +746,7 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
],
[
[
AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
]
@ -759,7 +775,7 @@ AC_ARG_WITH(skey,
AC_DEFINE(SKEY)
LIBS="-lskey $LIBS"
SKEY_MSG="yes"
AC_MSG_CHECKING([for s/key support])
AC_TRY_RUN(
[
@ -794,7 +810,8 @@ AC_ARG_WITH(tcp-wrappers,
saved_LIBS="$LIBS"
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
if test -n "${withval}" -a "${withval}" != "yes"; then
if test -n "${withval}" && \
test "x${withval}" != "xyes"; then
if test -d "${withval}/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@ -846,13 +863,18 @@ LIBEDIT_MSG="no"
AC_ARG_WITH(libedit,
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
[ if test "x$withval" != "xno" ; then
if test "x$withval" != "xyes"; then
CPPFLAGS="$CPPFLAGS -I$withval/include"
LDFLAGS="$LDFLAGS -L$withval/lib"
fi
AC_CHECK_LIB(edit, el_init,
[ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
LIBEDIT="-ledit -lcurses"
LIBEDIT_MSG="yes"
AC_SUBST(LIBEDIT)
],
[], [-lcurses]
[ AC_MSG_ERROR(libedit not found) ],
[ -lcurses ]
)
fi ]
)
@ -1011,7 +1033,9 @@ if test "x$ac_cv_func_getpeereid" != "xyes" ; then
[#include <sys/types.h>
#include <sys/socket.h>],
[int i = SO_PEERCRED;],
[AC_MSG_RESULT(yes)],
[ AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
],
[AC_MSG_RESULT(no)
NO_PEERCHECK=1]
)
@ -1090,7 +1114,8 @@ main()
)
fi
if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
AC_MSG_CHECKING(if getaddrinfo seems to work)
AC_TRY_RUN(
[
@ -1158,7 +1183,8 @@ main(void)
)
fi
if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
AC_MSG_CHECKING(if getaddrinfo seems to work)
AC_TRY_RUN(
[
@ -1467,7 +1493,7 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
[
AC_MSG_WARN([cross compiling: assuming yes])
# This is safe, since all recent OpenSSL versions will
# complain at runtime if not seeded correctly.
# complain at runtime if not seeded correctly.
OPENSSL_SEEDS_ITSELF=yes
]
)
@ -1489,10 +1515,10 @@ AC_ARG_WITH(rand-helper,
USE_RAND_HELPER=yes
fi
],
)
)
# Which randomness source do we use?
if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
# OpenSSL only
AC_DEFINE(OPENSSL_PRNG_ONLY)
RAND_MSG="OpenSSL internal ONLY"
@ -1582,10 +1608,11 @@ entropy_timeout=200
AC_ARG_WITH(entropy-timeout,
[ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
[
if test "x$withval" != "xno" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
entropy_timeout=$withval
fi
]
]
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
@ -1593,10 +1620,11 @@ SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval"; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
SSH_PRIVSEP_USER=$withval
fi
]
]
)
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
AC_SUBST(SSH_PRIVSEP_USER)
@ -2030,9 +2058,9 @@ fi
AC_CHECK_TYPES(struct timespec)
# We need int64_t or else certian parts of the compile will fail.
if test "x$ac_cv_have_int64_t" = "xno" -a \
"x$ac_cv_sizeof_long_int" != "x8" -a \
"x$ac_cv_sizeof_long_long_int" = "x0" ; then
if test "x$ac_cv_have_int64_t" = "xno" && \
test "x$ac_cv_sizeof_long_int" != "x8" && \
test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
echo "OpenSSH requires int64_t support. Contact your vendor or install"
echo "an alternative compiler (I.E., GCC) before continuing."
echo ""
@ -2324,23 +2352,28 @@ AC_ARG_WITH(sectok,
)
# Check whether user wants OpenSC support
OPENSC_CONFIG="no"
AC_ARG_WITH(opensc,
AC_HELP_STRING([--with-opensc=PFX],
[Enable smartcard support using OpenSC]),
opensc_config_prefix="$withval", opensc_config_prefix="")
if test x$opensc_config_prefix != x ; then
OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
if test "$OPENSC_CONFIG" != "no"; then
LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
AC_DEFINE(SMARTCARD)
AC_DEFINE(USE_OPENSC)
SCARD_MSG="yes, using OpenSC"
fi
fi
[--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
if test "x$withval" != "xyes" ; then
OPENSC_CONFIG=$withval/bin/opensc-config
else
AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
fi
if test "$OPENSC_CONFIG" != "no"; then
LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
AC_DEFINE(SMARTCARD)
AC_DEFINE(USE_OPENSC)
SCARD_MSG="yes, using OpenSC"
fi
fi
]
)
# Check libraries needed by DNS fingerprint support
AC_SEARCH_LIBS(getrrsetbyname, resolv,
@ -2423,7 +2456,7 @@ AC_ARG_WITH(kerberos5,
AC_DEFINE(HEIMDAL)
K5LIBS="-lkrb5 -ldes"
K5LIBS="$K5LIBS -lcom_err -lasn1"
AC_CHECK_LIB(roken, net_write,
AC_CHECK_LIB(roken, net_write,
[K5LIBS="$K5LIBS -lroken"])
],
[ AC_MSG_RESULT(no)
@ -2442,7 +2475,7 @@ AC_ARG_WITH(kerberos5,
$K5LIBS)
],
$K5LIBS)
AC_CHECK_HEADER(gssapi.h, ,
[ unset ac_cv_header_gssapi_h
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
@ -2482,7 +2515,8 @@ PRIVSEP_PATH=/var/empty
AC_ARG_WITH(privsep-path,
[ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
[
if test "x$withval" != "$no" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
PRIVSEP_PATH=$withval
fi
]
@ -2492,7 +2526,8 @@ AC_SUBST(PRIVSEP_PATH)
AC_ARG_WITH(xauth,
[ --with-xauth=PATH Specify path to xauth program ],
[
if test "x$withval" != "xno" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
xauth_path=$withval
fi
],
@ -2610,7 +2645,7 @@ AC_ARG_WITH(md5-passwords,
AC_ARG_WITH(shadow,
[ --without-shadow Disable shadow password support],
[
if test "x$withval" = "xno" ; then
if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_SHADOW)
disable_shadow=yes
fi
@ -2645,7 +2680,7 @@ else
AC_ARG_WITH(ipaddr-display,
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[
if test "x$withval" != "xno" ; then
if test "x$withval" != "xno" ; then
AC_DEFINE(IPADDR_IN_DISPLAY)
DISPLAY_HACK_MSG="yes"
fi
@ -2677,8 +2712,8 @@ if test "x$etc_default_login" != "xno"; then
fi
dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
if test $ac_cv_func_login_getcapbool = "yes" -a \
$ac_cv_header_login_cap_h = "yes" ; then
if test $ac_cv_func_login_getcapbool = "yes" && \
test $ac_cv_header_login_cap_h = "yes" ; then
external_path_file=/etc/login.conf
fi
@ -2691,7 +2726,7 @@ AC_ARG_WITH(default-path,
AC_MSG_WARN([
--with-default-path=PATH has no effect on this system.
Edit /etc/login.conf instead.])
elif test "x$withval" != "xno" ; then
elif test "x$withval" != "xno" ; then
if test ! -z "$external_path_file" ; then
AC_MSG_WARN([
--with-default-path=PATH will only be used if PATH is not defined in
@ -2732,11 +2767,11 @@ main()
{
FILE *fd;
int rc;
fd = fopen(DATA,"w");
if(fd == NULL)
exit(1);
if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
exit(1);
@ -2773,7 +2808,8 @@ fi
AC_ARG_WITH(superuser-path,
[ --with-superuser-path= Specify different path for super-user],
[
if test "x$withval" != "xno" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
superuser_path=$withval
fi
@ -2809,7 +2845,7 @@ BSD_AUTH_MSG=no
AC_ARG_WITH(bsd-auth,
[ --with-bsd-auth Enable BSD auth support],
[
if test "x$withval" != "xno" ; then
if test "x$withval" != "xno" ; then
AC_DEFINE(BSD_AUTH)
BSD_AUTH_MSG=yes
fi
@ -2819,7 +2855,7 @@ AC_ARG_WITH(bsd-auth,
# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists
if test ! -d $piddir ; then
if test ! -d $piddir ; then
piddir=`eval echo ${sysconfdir}`
case $piddir in
NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
@ -2829,9 +2865,10 @@ fi
AC_ARG_WITH(pid-dir,
[ --with-pid-dir=PATH Specify location of ssh.pid file],
[
if test "x$withval" != "xno" ; then
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
piddir=$withval
if test ! -d $piddir ; then
if test ! -d $piddir ; then
AC_MSG_WARN([** no $piddir directory on this system **])
fi
fi
@ -2909,9 +2946,9 @@ AC_ARG_ENABLE(pututxline,
AC_ARG_WITH(lastlog,
[ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
[
if test "x$withval" = "xno" ; then
if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_LASTLOG)
else
elif test -n "$withval" && test "x${withval}" != "xyes"; then
conf_lastlog_location=$withval
fi
]
@ -2978,7 +3015,7 @@ fi
if test -n "$conf_lastlog_location"; then
AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
fi
fi
dnl utmp detection
AC_MSG_CHECKING([if your system defines UTMP_FILE])
@ -3008,7 +3045,7 @@ if test -z "$conf_utmp_location"; then
fi
if test -n "$conf_utmp_location"; then
AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
fi
fi
dnl wtmp detection
AC_MSG_CHECKING([if your system defines WTMP_FILE])
@ -3038,7 +3075,7 @@ if test -z "$conf_wtmp_location"; then
fi
if test -n "$conf_wtmp_location"; then
AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
fi
fi
dnl utmpx detection - I don't know any system so perverse as to require
@ -3066,7 +3103,7 @@ if test -z "$conf_utmpx_location"; then
fi
else
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
fi
fi
dnl wtmpx detection
AC_MSG_CHECKING([if your system defines WTMPX_FILE])
@ -3091,7 +3128,7 @@ if test -z "$conf_wtmpx_location"; then
fi
else
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
fi
fi
if test ! -z "$blibpath" ; then

8
crypto/openssh/hostfile.c
View File

@ -36,7 +36,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: hostfile.c,v 1.33 2005/03/01 10:40:26 djm Exp $");
RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $");
#include <resolv.h>
#include <openssl/hmac.h>
@ -92,7 +92,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
salt_len, ret);
return (-1);
}
return (0);
}
@ -123,7 +123,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
HMAC_Final(&mac_ctx, result, NULL);
HMAC_cleanup(&mac_ctx);
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
__b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
fatal("host_hash: __b64_ntop failed");
@ -310,7 +310,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host,
*/
int
add_host_to_hostfile(const char *filename, const char *host, const Key *key,
add_host_to_hostfile(const char *filename, const char *host, const Key *key,
int store_hash)
{
FILE *f;

1
crypto/openssh/log.c
View File

@ -196,6 +196,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
struct syslog_data sdata = SYSLOG_DATA_INIT;
#endif
argv0 = av0;
switch (level) {

8
crypto/openssh/misc.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $");
RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
#include "misc.h"
#include "log.h"
@ -303,13 +303,13 @@ hpdelim(char **cp)
case '\0':
*cp = NULL; /* no more fields*/
break;
case ':':
case '/':
*s = '\0'; /* terminate */
*cp = s + 1;
break;
default:
return NULL;
}
@ -391,7 +391,7 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
debug("%s: %s line %lu exceeds size limit", __func__,
filename, *lineno);
/* discard remainder of line */
while(fgetc(f) != '\n' && !feof(f))
while (fgetc(f) != '\n' && !feof(f))
; /* nothing */
}
}

8
crypto/openssh/monitor.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $");
RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
#include <openssl/dh.h>
@ -310,6 +310,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
authctxt = _authctxt;
memset(authctxt, 0, sizeof(*authctxt));
authctxt->loginmsg = &loginmsg;
if (compat20) {
mon_dispatch = mon_dispatch_proto20;
@ -976,7 +978,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
debug3("%s: key_from_blob: %p", __func__, key);
if (key != NULL && authctxt->valid) {
switch(type) {
switch (type) {
case MM_USERKEY:
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
@ -1523,7 +1525,6 @@ mm_answer_audit_event(int socket, Buffer *m)
debug3("%s entering", __func__);
event = buffer_get_int(m);
buffer_free(m);
switch(event) {
case SSH_AUTH_FAIL_PUBKEY:
case SSH_AUTH_FAIL_HOSTBASED:
@ -1552,7 +1553,6 @@ mm_answer_audit_command(int socket, Buffer *m)
/* sanity check command, if so how? */
audit_run_command(cmd);
xfree(cmd);
buffer_free(m);
return (0);
}
#endif /* SSH_AUDIT_EVENTS */

7
crypto/openssh/openbsd-compat/bsd-cygwin_util.c
View File

@ -29,7 +29,7 @@
#include "includes.h"
RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $");
RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $");
#ifdef HAVE_CYGWIN
@ -247,6 +247,7 @@ static struct wenv {
{ NL("COMMONPROGRAMFILES=") },
{ NL("COMPUTERNAME=") },
{ NL("COMSPEC=") },
{ NL("CYGWIN=") },
{ NL("NUMBER_OF_PROCESSORS=") },
{ NL("OS=") },
{ NL("PATH=") },
@ -260,7 +261,7 @@ static struct wenv {
{ NL("SYSTEMROOT=") },
{ NL("TMP=") },
{ NL("TEMP=") },
{ NL("WINDIR=") },
{ NL("WINDIR=") }
};
char **
@ -269,7 +270,7 @@ fetch_windows_environment(void)
char **e, **p;
int i, idx = 0;
p = xmalloc(WENV_SIZ * sizeof(char *));
p = xmalloc((WENV_SIZ + 1) * sizeof(char *));
for (e = environ; *e != NULL; ++e) {
for (i = 0; i < WENV_SIZ; ++i) {
if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))

4
crypto/openssh/openbsd-compat/port-aix.c
View File

@ -151,7 +151,7 @@ aix_valid_authentications(const char *user)
* returns 0.
*/
int
sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
sys_auth_passwd(Authctxt *ctxt, const char *password)
{
char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
int authsuccess = 0, expired, reenter, result;
@ -181,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
*/
expired = passwdexpired(name, &msg);
if (msg && *msg) {
buffer_append(loginmsg, msg, strlen(msg));
buffer_append(ctxt->loginmsg, msg, strlen(msg));
aix_remove_embedded_newlines(msg);
}
debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);

4
crypto/openssh/openbsd-compat/port-aix.h
View File

@ -1,4 +1,4 @@
/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */
/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */
/*
*
@ -47,7 +47,9 @@
/* These should be in the system headers but are not. */
int usrinfo(int, char *, int);
#if (HAVE_DECL_SETAUTHDB == 0)
int setauthdb(const char *, char *);
#endif
/* these may or may not be in the headers depending on the version */
#if (HAVE_DECL_AUTHENTICATE == 0)
int authenticate(char *, char *, int *, char **);

7
crypto/openssh/openbsd-compat/readpassphrase.c
View File

@ -137,8 +137,11 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
(void)write(output, "\n", 1);
/* Restore old terminal settings and signals. */
if (memcmp(&term, &oterm, sizeof(term)) != 0)
(void)tcsetattr(input, _T_FLUSH, &oterm);
if (memcmp(&term, &oterm, sizeof(term)) != 0) {
while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
errno == EINTR)
continue;
}
(void)sigaction(SIGALRM, &savealrm, NULL);
(void)sigaction(SIGHUP, &savehup, NULL);
(void)sigaction(SIGINT, &saveint, NULL);

10
crypto/openssh/readconf.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $");
RCSID("$OpenBSD: readconf.c,v 1.139 2005/03/10 22:01:05 deraadt Exp $");
#include "ssh.h"
#include "xmalloc.h"
@ -253,12 +253,14 @@ clear_forwardings(Options *options)
int i;
for (i = 0; i < options->num_local_forwards; i++) {
xfree(options->local_forwards[i].listen_host);
if (options->local_forwards[i].listen_host != NULL)
xfree(options->local_forwards[i].listen_host);
xfree(options->local_forwards[i].connect_host);
}
options->num_local_forwards = 0;
for (i = 0; i < options->num_remote_forwards; i++) {
xfree(options->remote_forwards[i].listen_host);
if (options->remote_forwards[i].listen_host != NULL)
xfree(options->remote_forwards[i].listen_host);
xfree(options->remote_forwards[i].connect_host);
}
options->num_remote_forwards = 0;
@ -299,7 +301,7 @@ process_config_line(Options *options, const char *host,
Forward fwd;
/* Strip trailing whitespace */
for(len = strlen(line) - 1; len > 0; len--) {
for (len = strlen(line) - 1; len > 0; len--) {
if (strchr(WHITESPACE, line[len]) == NULL)
break;
line[len] = '\0';

6
crypto/openssh/regress/multiplex.sh
View File

@ -1,7 +1,7 @@
# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $
# Placed in the Public Domain.
CTL=$OBJ/ctl-sock
CTL=/tmp/openssh.regress.ctl-sock.$$
tid="connection multiplexing"
@ -89,6 +89,4 @@ ${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed"
# Wait for master to exit
sleep 2
ps -p $MASTER_PID >/dev/null && fail "exit command failed"
cleanup
kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed"

2
crypto/openssh/regress/test-exec.sh
View File

@ -197,7 +197,7 @@ cat << EOF > $OBJ/sshd_config
#ListenAddress ::1
PidFile $PIDFILE
AuthorizedKeysFile $OBJ/authorized_keys_%u
LogLevel DEBUG
LogLevel VERBOSE
AcceptEnv _XXX_TEST_*
AcceptEnv _XXX_TEST
Subsystem sftp $SFTPSERVER

11
crypto/openssh/scp.c
View File

@ -71,7 +71,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: scp.c,v 1.119 2005/01/24 10:22:06 dtucker Exp $");
RCSID("$OpenBSD: scp.c,v 1.121 2005/04/02 12:41:16 djm Exp $");
#include "xmalloc.h"
#include "atomicio.h"
@ -361,20 +361,21 @@ void
toremote(char *targ, int argc, char **argv)
{
int i, len;
char *bp, *host, *src, *suser, *thost, *tuser;
char *bp, *host, *src, *suser, *thost, *tuser, *arg;
*targ++ = 0;
if (*targ == 0)
targ = ".";
if ((thost = strrchr(argv[argc - 1], '@'))) {
arg = xstrdup(argv[argc - 1]);
if ((thost = strrchr(arg, '@'))) {
/* user@host */
*thost++ = 0;
tuser = argv[argc - 1];
tuser = arg;
if (*tuser == '\0')
tuser = NULL;
} else {
thost = argv[argc - 1];
thost = arg;
tuser = NULL;
}

4
crypto/openssh/servconf.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $");
RCSID("$OpenBSD: servconf.c,v 1.140 2005/03/10 22:01:05 deraadt Exp $");
#include "ssh.h"
#include "log.h"
@ -1001,7 +1001,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf)
obuf = cbuf = xstrdup(buffer_ptr(conf));
linenum = 1;
while((cp = strsep(&cbuf, "\n")) != NULL) {
while ((cp = strsep(&cbuf, "\n")) != NULL) {
if (process_server_config_line(options, cp, filename,
linenum++) != 0)
bad_options++;

3
crypto/openssh/session.c
View File

@ -1477,7 +1477,8 @@ do_child(Session *s, const char *command)
}
#ifdef USE_PAM
if (options.use_pam && !is_pam_session_open()) {
if (options.use_pam && !options.use_login && !is_pam_session_open()) {
debug3("PAM session not opened, exiting");
display_loginmsg();
exit(254);
}

6
crypto/openssh/sftp-client.c
View File

@ -20,7 +20,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $");
RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $");
#include "openbsd-compat/sys-queue.h"
@ -856,7 +856,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
/* Find the request in our queue */
for(req = TAILQ_FIRST(&requests);
for (req = TAILQ_FIRST(&requests);
req != NULL && req->id != id;
req = TAILQ_NEXT(req, tq))
;
@ -1109,7 +1109,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
debug3("SSH2_FXP_STATUS %d", status);
/* Find the request in our queue */
for(ack = TAILQ_FIRST(&acks);
for (ack = TAILQ_FIRST(&acks);
ack != NULL && ack->id != r_id;
ack = TAILQ_NEXT(ack, tq))
;

4
crypto/openssh/sftp.c
View File

@ -16,7 +16,7 @@
#include "includes.h"
RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $");
RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
#ifdef USE_LIBEDIT
#include <histedit.h>
@ -357,7 +357,7 @@ parse_ls_flags(const char **cpp, int *lflag)
/* Check for flags */
if (cp++[0] == '-') {
for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
for (; strchr(WHITESPACE, *cp) == NULL; cp++) {
switch (*cp) {
case 'l':
*lflag &= ~VIEW_FLAGS;

6
crypto/openssh/ssh-add.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-add.c,v 1.70 2004/05/08 00:21:31 djm Exp $");
RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $");
#include <openssl/evp.h>
@ -389,7 +389,7 @@ main(int argc, char **argv)
goto done;
}
for(i = 0; default_files[i]; i++) {
for (i = 0; default_files[i]; i++) {
snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
default_files[i]);
if (stat(buf, &st) < 0)
@ -402,7 +402,7 @@ main(int argc, char **argv)
if (count == 0)
ret = 1;
} else {
for(i = 0; i < argc; i++) {
for (i = 0; i < argc; i++) {
if (do_file(ac, deleting, argv[i]) == -1)
ret = 1;
}

8
crypto/openssh/ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
.\"
.\" -*- nroff -*-
.\"
@ -232,8 +232,10 @@ command.
.It Fl H
Hash a
.Pa known_hosts
file, printing the result to standard output.
This replaces all hostnames and addresses with hashed representations.
file.
This replaces all hostnames and addresses with hashed representations
within the specified file; the original content is moved to a file with
a .old suffix.
These hashes may be used normally by
.Nm ssh
and

6
crypto/openssh/ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -684,7 +684,7 @@ do_known_hosts(struct passwd *pw, const char *name)
if (delete_host && !c)
print_host(out, cp, public, 0);
} else if (hash_hosts) {
for(cp2 = strsep(&cp, ",");
for (cp2 = strsep(&cp, ",");
cp2 != NULL && *cp2 != '\0';
cp2 = strsep(&cp, ",")) {
if (strcspn(cp2, "*?!") != strlen(cp2))
@ -707,7 +707,7 @@ do_known_hosts(struct passwd *pw, const char *name)
identity_file);
if (inplace) {
fprintf(stderr, "Not replacing existing known_hosts "
"file beacuse of errors");
"file because of errors\n");
fclose(out);
unlink(tmp);
}

12
crypto/openssh/ssh.c
View File

@ -40,7 +40,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $");
RCSID("$OpenBSD: ssh.c,v 1.234 2005/03/10 22:01:06 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@ -856,8 +856,8 @@ ssh_init_forwarding(void)
for (i = 0; i < options.num_local_forwards; i++) {
debug("Local connections to %.200s:%d forwarded to remote "
"address %.200s:%d",
(options.local_forwards[i].listen_host == NULL) ?
(options.gateway_ports ? "*" : "LOCALHOST") :
(options.local_forwards[i].listen_host == NULL) ?
(options.gateway_ports ? "*" : "LOCALHOST") :
options.local_forwards[i].listen_host,
options.local_forwards[i].listen_port,
options.local_forwards[i].connect_host,
@ -876,6 +876,8 @@ ssh_init_forwarding(void)
for (i = 0; i < options.num_remote_forwards; i++) {
debug("Remote connections from %.200s:%d forwarded to "
"local address %.200s:%d",
(options.remote_forwards[i].listen_host == NULL) ?
(options.gateway_ports ? "*" : "LOCALHOST") :
options.remote_forwards[i].listen_host,
options.remote_forwards[i].listen_port,
options.remote_forwards[i].connect_host,
@ -1093,7 +1095,7 @@ ssh_control_listener(void)
old_umask = umask(0177);
if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {
control_fd = -1;
if (errno == EINVAL)
if (errno == EINVAL || errno == EADDRINUSE)
fatal("ControlSocket %s already exists",
options.control_path);
else
@ -1343,7 +1345,7 @@ control_client(const char *path)
switch (mux_command) {
case SSHMUX_COMMAND_ALIVE_CHECK:
fprintf(stderr, "Master running (pid=%d)\r\n",
fprintf(stderr, "Master running (pid=%d)\r\n",
control_server_pid);
exit(0);
case SSHMUX_COMMAND_TERMINATE:

46
crypto/openssh/ssh_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $
.\" $OpenBSD: ssh_config.5,v 1.49 2005/03/16 11:10:38 jmc Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
@ -495,21 +495,17 @@ The default is to use the server specified list.
.It Cm LocalForward
Specifies that a TCP/IP port on the local machine be forwarded over
the secure channel to the specified host and port from the remote machine.
The first argument must be a port number, and the second must be
.Xo
The first argument must be
.Sm off
.Oo Ar bind_address : Oc
.Ar host : port
.Oo Ar bind_address : Oc Ar port
.Sm on
.Xc .
and the second argument must be
.Ar host : Ns Ar hostport .
IPv6 addresses can be specified by enclosing addresses in square brackets or
by using an alternative syntax:
.Sm off
.Xo
.Op Ar bind_address No /
.Ar host No / Ar port
.Xc .
.Sm on
.Oo Ar bind_address Ns / Oc Ns Ar port
and
.Ar host Ns / Ns Ar hostport .
Multiple forwardings may be specified, and additional forwardings can be
given on the command line.
Only the superuser can forward privileged ports.
@ -571,9 +567,9 @@ Default is 22.
.It Cm PreferredAuthentications
Specifies the order in which the client should try protocol 2
authentication methods.
This allows a client to prefer one method (e.g.
This allows a client to prefer one method (e.g.\&
.Cm keyboard-interactive )
over another method (e.g.
over another method (e.g.\&
.Cm password )
The default for this option is:
.Dq hostbased,publickey,keyboard-interactive,password .
@ -632,21 +628,17 @@ This option applies to protocol version 2 only.
.It Cm RemoteForward
Specifies that a TCP/IP port on the remote machine be forwarded over
the secure channel to the specified host and port from the local machine.
The first argument must be a port number, and the second must be
.Xo
The first argument must be
.Sm off
.Oo Ar bind_address : Oc
.Ar host : port
.Sm on
.Xc .
IPv6 addresses can be specified by enclosing any addresses in square brackets
or by using the alternative syntax:
.Sm off
.Xo
.Op Ar bind_address No /
.Ar host No / Ar port
.Xc .
.Oo Ar bind_address : Oc Ar port
.Sm on
and the second argument must be
.Ar host : Ns Ar hostport .
IPv6 addresses can be specified by enclosing addresses in square brackets
or by using an alternative syntax:
.Oo Ar bind_address Ns / Oc Ns Ar port
and
.Ar host Ns / Ns Ar hostport .
Multiple forwardings may be specified, and additional
forwardings can be given on the command line.
Only the superuser can forward privileged ports.

6
crypto/openssh/sshconnect.c
View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.162 2005/03/10 22:01:06 deraadt Exp $");
#include <openssl/bn.h>
@ -247,13 +247,13 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
tv.tv_sec = timeout;
tv.tv_usec = 0;
for(;;) {
for (;;) {
rc = select(sockfd + 1, NULL, fdset, NULL, &tv);
if (rc != -1 || errno != EINTR)
break;
}
switch(rc) {
switch (rc) {
case 0:
/* Timed out */
errno = ETIMEDOUT;

2
crypto/openssh/sshd.c
View File

@ -1673,6 +1673,8 @@ main(int ac, char **av)
authctxt = xmalloc(sizeof(*authctxt));
memset(authctxt, 0, sizeof(*authctxt));
authctxt->loginmsg = &loginmsg;
/* XXX global for cleanup, access from other modules */
the_authctxt = authctxt;

4
crypto/openssh/sshd_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $
.\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@ -630,7 +630,7 @@ To disable TCP keepalive messages, the value should be set to
.It Cm UseDNS
Specifies whether
.Nm sshd
should lookup the remote host name and check that
should look up the remote host name and check that
the resolved host name for the remote IP address maps back to the
very same IP address.
The default is

4
crypto/openssh/version.h
View File

@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */
/* $OpenBSD: version.h,v 1.44 2005/03/16 21:17:39 markus Exp $ */
#define SSH_VERSION "OpenSSH_4.0"
#define SSH_VERSION "OpenSSH_4.1"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE