d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r157016,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Dag-Erling Smørgrav 2006-03-22 19:46:12 +00:00
commit 4f87d65874
98 changed files with 2740 additions and 990 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

831
crypto/openssh/ChangeLog
View File

@ -1,3 +1,832 @@
20060201
- (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
determine the user's login name - needed for regress tests on Solaris
10 and OpenSolaris
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/02/01 09:06:50
[sshd.8]
- merge sections on protocols 1 and 2 into a single section
- remove configuration file section
ok markus
- jmc@cvs.openbsd.org 2006/02/01 09:11:41
[sshd.8]
small tweak;
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update versions ahead of release
- markus@cvs.openbsd.org 2006/02/01 11:27:22
[version.h]
openssh 4.3
- (djm) Release OpenSSH 4.3p1
20060131
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/01/20 11:21:45
[ssh_config.5]
- word change, agreed w/ markus
- consistency fixes
- jmc@cvs.openbsd.org 2006/01/25 09:04:34
[sshd.8]
move the options description up the page, and a few additional tweaks
whilst in here;
ok markus
- jmc@cvs.openbsd.org 2006/01/25 09:07:22
[sshd.8]
move subsections to full sections;
- jmc@cvs.openbsd.org 2006/01/26 08:47:56
[ssh.1]
add a section on verifying host keys in dns;
written with a lot of help from jakob;
feedback dtucker/markus;
ok markus
- reyk@cvs.openbsd.org 2006/01/30 12:22:22
[channels.c]
mark channel as write failed or dead instead of read failed on error
of the channel output filter.
ok markus@
- jmc@cvs.openbsd.org 2006/01/30 13:37:49
[ssh.1]
remove an incorrect sentence;
reported by roumen petrov;
ok djm markus
- djm@cvs.openbsd.org 2006/01/31 10:19:02
[misc.c misc.h scp.c sftp.c]
fix local arbitrary command execution vulnerability on local/local and
remote/remote copies (CVE-2006-0225, bz #1094), patch by
t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
- djm@cvs.openbsd.org 2006/01/31 10:35:43
[scp.c]
"scp a b c" shouldn't clobber "c" when it is not a directory, report and
fix from biorn@; ok markus@
- (djm) Sync regress tests to OpenBSD:
- dtucker@cvs.openbsd.org 2005/03/10 10:20:39
[regress/forwarding.sh]
Regress test for ClearAllForwardings (bz #994); ok markus@
- dtucker@cvs.openbsd.org 2005/04/25 09:54:09
[regress/multiplex.sh]
Don't call cleanup in multiplex as test-exec will cleanup anyway
found by tim@, ok djm@
NB. ID sync only, we already had this
- djm@cvs.openbsd.org 2005/05/20 23:14:15
[regress/test-exec.sh]
force addressfamily=inet for tests, unbreaking dynamic-forward regress for
recently committed nc SOCKS5 changes
- djm@cvs.openbsd.org 2005/05/24 04:10:54
[regress/try-ciphers.sh]
oops, new arcfour modes here too
- markus@cvs.openbsd.org 2005/06/30 11:02:37
[regress/scp.sh]
allow SUDO=sudo; from Alexander Bluhm
- grunk@cvs.openbsd.org 2005/11/14 21:25:56
[regress/agent-getpeereid.sh]
all other scripts in this dir use $SUDO, not 'sudo', so pull this even
ok markus@
- dtucker@cvs.openbsd.org 2005/12/14 04:36:39
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
NB. ID sync only, we already had this
- djm@cvs.openbsd.org 2006/01/27 06:49:21
[scp.sh]
regress test for local to local scp copies; ok dtucker@
- djm@cvs.openbsd.org 2006/01/31 10:23:23
[scp.sh]
regression test for CVE-2006-0225 written by dtucker@
- djm@cvs.openbsd.org 2006/01/31 10:36:33
[scp.sh]
regress test for "scp a b c" where "c" is not a directory
20060129
- (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
20060120
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/01/15 17:37:05
[ssh.1]
correction from deraadt
- jmc@cvs.openbsd.org 2006/01/18 10:53:29
[ssh.1]
add a section on ssh-based vpn, based on reyk's README.tun;
- dtucker@cvs.openbsd.org 2006/01/20 00:14:55
[scp.1 ssh.1 ssh_config.5 sftp.1]
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
#1056 with feedback from jmc, djm and markus; ok jmc@ djm@
20060114
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/01/06 13:27:32
[ssh.1]
weed out some duplicate info in the known_hosts FILES entries;
ok djm
- jmc@cvs.openbsd.org 2006/01/06 13:29:10
[ssh.1]
final round of whacking FILES for duplicate info, and some consistency
fixes;
ok djm
- jmc@cvs.openbsd.org 2006/01/12 14:44:12
[ssh.1]
split sections on tcp and x11 forwarding into two sections.
add an example in the tcp section, based on sth i wrote for ssh faq;
help + ok: djm markus dtucker
- jmc@cvs.openbsd.org 2006/01/12 18:48:48
[ssh.1]
refer to `TCP' rather than `TCP/IP' in the context of connection
forwarding;
ok markus
- jmc@cvs.openbsd.org 2006/01/12 22:20:00
[sshd.8]
refer to TCP forwarding, rather than TCP/IP forwarding;
- jmc@cvs.openbsd.org 2006/01/12 22:26:02
[ssh_config.5]
refer to TCP forwarding, rather than TCP/IP forwarding;
- jmc@cvs.openbsd.org 2006/01/12 22:34:12
[ssh.1]
back out a sentence - AUTHENTICATION already documents this;
20060109
- (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
tcpip service so it's always started after IP is up. Patch from
vinschen at redhat.com.
20060106
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/01/03 16:31:10
[ssh.1]
move FILES to a -compact list, and make each files an item in that list.
this avoids nastly line wrap when we have long pathnames, and treats
each file as a separate item;
remove the .Pa too, since it is useless.
- jmc@cvs.openbsd.org 2006/01/03 16:35:30
[ssh.1]
use a larger width for the ENVIRONMENT list;
- jmc@cvs.openbsd.org 2006/01/03 16:52:36
[ssh.1]
put FILES in some sort of order: sort by pathname
- jmc@cvs.openbsd.org 2006/01/03 16:55:18
[ssh.1]
tweak the description of ~/.ssh/environment
- jmc@cvs.openbsd.org 2006/01/04 18:42:46
[ssh.1]
chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
entries;
ok markus
- jmc@cvs.openbsd.org 2006/01/04 18:45:01
[ssh.1]
remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
- jmc@cvs.openbsd.org 2006/01/04 19:40:24
[ssh.1]
+.Xr ssh-keyscan 1 ,
- jmc@cvs.openbsd.org 2006/01/04 19:50:09
[ssh.1]
-.Xr gzip 1 ,
- djm@cvs.openbsd.org 2006/01/05 23:43:53
[misc.c]
check that stdio file descriptors are actually closed before clobbering
them in sanitise_stdfd(). problems occurred when a lower numbered fd was
closed, but higher ones weren't. spotted by, and patch tested by
Frédéric Olivié
20060103
- (djm) [channels.c] clean up harmless merge error, from reyk@
20060103
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/01/02 17:09:49
[ssh_config.5 sshd_config.5]
some corrections from michael knudsen;
20060102
- (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/12/31 10:46:17
[ssh.1]
merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
AUTHENTICATION" sections into "AUTHENTICATION";
some rewording done to make the text read better, plus some
improvements from djm;
ok djm
- jmc@cvs.openbsd.org 2005/12/31 13:44:04
[ssh.1]
clean up ENVIRONMENT a little;
- jmc@cvs.openbsd.org 2005/12/31 13:45:19
[ssh.1]
.Nm does not require an argument;
- stevesk@cvs.openbsd.org 2006/01/01 08:59:27
[includes.h misc.c]
move <net/if.h>; ok djm@
- stevesk@cvs.openbsd.org 2006/01/01 10:08:48
[misc.c]
no trailing "\n" for debug()
- djm@cvs.openbsd.org 2006/01/02 01:20:31
[sftp-client.c sftp-common.h sftp-server.c]
use a common max. packet length, no binary change
- reyk@cvs.openbsd.org 2006/01/02 07:53:44
[misc.c]
clarify tun(4) opening - set the mode and bring the interface up. also
(re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
suggested and ok by djm@
- jmc@cvs.openbsd.org 2006/01/02 12:31:06
[ssh.1]
start to cut some duplicate info from FILES;
help/ok djm
20060101
- (djm) [Makefile.in configure.ac includes.h misc.c]
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
limited to IPv4 tunnels only, and most versions don't support the
tap(4) device at all.
- (djm) [configure.ac] Fix linux/if_tun.h test
- (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
20051229
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2005/12/28 22:46:06
[canohost.c channels.c clientloop.c]
use 'break-in' for consistency; ok deraadt@ ok and input jmc@
- reyk@cvs.openbsd.org 2005/12/30 15:56:37
[channels.c channels.h clientloop.c]
add channel output filter interface.
ok djm@, suggested by markus@
- jmc@cvs.openbsd.org 2005/12/30 16:59:00
[sftp.1]
do not suggest that interactive authentication will work
with the -b flag;
based on a diff from john l. scarfone;
ok djm
- stevesk@cvs.openbsd.org 2005/12/31 01:38:45
[ssh.1]
document -MM; ok djm@
- (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
[serverloop.c ssh.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
compatability support for Linux, diff from reyk@
- (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
not exist
- (djm) [configure.ac] oops, make that linux/if_tun.h
20051229
- (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
20051224
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/12/20 21:59:43
[ssh.1]
merge the sections on protocols 1 and 2 into one section on
authentication;
feedback djm dtucker
ok deraadt markus dtucker
- jmc@cvs.openbsd.org 2005/12/20 22:02:50
[ssh.1]
.Ss -> .Sh: subsections have not made this page more readable
- jmc@cvs.openbsd.org 2005/12/20 22:09:41
[ssh.1]
move info on ssh return values and config files up into the main
description;
- jmc@cvs.openbsd.org 2005/12/21 11:48:16
[ssh.1]
-L and -R descriptions are now above, not below, ~C description;
- jmc@cvs.openbsd.org 2005/12/21 11:57:25
[ssh.1]
options now described `above', rather than `later';
- jmc@cvs.openbsd.org 2005/12/21 12:53:31
[ssh.1]
-Y does X11 forwarding too;
ok markus
- stevesk@cvs.openbsd.org 2005/12/21 22:44:26
[sshd.8]
clarify precedence of -p, Port, ListenAddress; ok and help jmc@
- jmc@cvs.openbsd.org 2005/12/22 10:31:40
[ssh_config.5]
put the description of "UsePrivilegedPort" in the correct place;
- jmc@cvs.openbsd.org 2005/12/22 11:23:42
[ssh.1]
expand the description of -w somewhat;
help/ok reyk
- jmc@cvs.openbsd.org 2005/12/23 14:55:53
[ssh.1]
- sync the description of -e w/ synopsis
- simplify the description of -I
- note that -I is only available if support compiled in, and that it
isn't by default
feedback/ok djm@
- jmc@cvs.openbsd.org 2005/12/23 23:46:23
[ssh.1]
less mark up for -c;
- djm@cvs.openbsd.org 2005/12/24 02:27:41
[session.c sshd.c]
eliminate some code duplicated in privsep and non-privsep paths, and
explicitly clear SIGALRM handler; "groovy" deraadt@
20051220
- (dtucker) OpenBSD CVS Sync
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
[serverloop.c]
if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
- jmc@cvs.openbsd.org 2005/12/16 18:07:08
[ssh.1]
move the option descriptions up the page: start of a restructure;
ok markus deraadt
- jmc@cvs.openbsd.org 2005/12/16 18:08:53
[ssh.1]
simplify a sentence;
- jmc@cvs.openbsd.org 2005/12/16 18:12:22
[ssh.1]
make the description of -c a little nicer;
- jmc@cvs.openbsd.org 2005/12/16 18:14:40
[ssh.1]
signpost the protocol sections;
- stevesk@cvs.openbsd.org 2005/12/17 21:13:05
[ssh_config.5 session.c]
spelling: fowarding, fowarded
- stevesk@cvs.openbsd.org 2005/12/17 21:36:42
[ssh_config.5]
spelling: intented -> intended
- dtucker@cvs.openbsd.org 2005/12/20 04:41:07
[ssh.c]
exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
20051219
- (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
openbsd-compat/openssl-compat.h] Check for and work around broken AES
ciphers >128bit on (some) Solaris 10 systems. ok djm@
20051217
- (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
scp.c also uses, so undef them here.
- (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
snprintf replacement can have a conflicting declaration in HP-UX's system
headers (const vs. no const) so we now check for and work around it. Patch
from the dynamic duo of David Leonard and Ted Percival.
20051214
- (dtucker) OpenBSD CVS Sync (regress/)
- dtucker@cvs.openbsd.org 2005/12/30 04:36:39
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
20051213
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/11/30 11:18:27
[ssh.1]
timezone -> time zone
- jmc@cvs.openbsd.org 2005/11/30 11:45:20
[ssh.1]
avoid ambiguities in describing TZ;
ok djm@
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
- djm@cvs.openbsd.org 2005/12/07 03:52:22
[clientloop.c]
reyk forgot to compile with -Werror (missing header)
- jmc@cvs.openbsd.org 2005/12/07 10:52:13
[ssh.1]
- avoid line split in SYNOPSIS
- add args to -w
- kill trailing whitespace
- jmc@cvs.openbsd.org 2005/12/08 14:59:44
[ssh.1 ssh_config.5]
make `!command' a little clearer;
ok reyk
- jmc@cvs.openbsd.org 2005/12/08 15:06:29
[ssh_config.5]
keep options in order;
- reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
- jmc@cvs.openbsd.org 2005/12/08 21:37:50
[ssh_config.5]
new sentence, new line;
- markus@cvs.openbsd.org 2005/12/12 13:46:18
[channels.c channels.h session.c]
make sure protocol messages for internal channels are ignored.
allow adjust messages for non-open channels; with and ok djm@
- (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
again by providing a sys_tun_open() function for your platform and
setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
OpenBSD's tunnel protocol, which prepends the address family to the
packet
20051201
- (djm) [envpass.sh] Remove regress script that was accidentally committed
in top level directory and not noticed for over a year :)
20051129
- (tim) [ssh-keygen.c] Move DSA length test after setting default when
bits == 0.
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/11/29 02:04:55
[ssh-keygen.c]
Populate default key sizes before checking them; from & ok tim@
- (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
for UnixWare.
20051128
- (dtucker) [regress/yes-head.sh] Work around breakage caused by some
versions of GNU head. Based on patch from zappaman at buraphalinux.org
- (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
_GNU_SOURCE instead. Patch from t8m at centrum.cz.
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/11/28 05:16:53
[ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
increase minumum RSA key size to 768 bits and update man page to reflect
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
ok djm@, grudging ok deraadt@.
- dtucker@cvs.openbsd.org 2005/11/28 06:02:56
[ssh-agent.1]
Update agent socket path templates to reflect reality, correct xref for
time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
20051126
- (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
when they're available) need the real UID set otherwise pam_chauthtok will
set ADMCHG after changing the password, forcing the user to change it
again immediately.
20051125
- (dtucker) [configure.ac] Apply tim's fix for older systems where the
resolver state in resolv.h is "state" not "__res_state". With slight
modification by me to also work on old AIXes. ok djm@
- (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
snprintf formats, fixes warnings on some 64 bit platforms. Patch from
shaw at vranix.com, ok djm@
20051124
- (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
asprintf() implementation, after syncing our {v,}snprintf() implementation
with some extra fixes from Samba's version. With help and debugging from
dtucker and tim; ok dtucker@
- (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
order in Reliant Unix block. Patch from johane at lysator.liu.se.
- (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
many and use them only once. Speeds up testing on older/slower hardware.
20051122
- (dtucker) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2005/11/12 18:37:59
[ssh-add.c]
space
- deraadt@cvs.openbsd.org 2005/11/12 18:38:15
[scp.c]
avoid close(-1), as in rcp; ok cloder
- millert@cvs.openbsd.org 2005/11/15 11:59:54
[includes.h]
Include sys/queue.h explicitly instead of assuming some other header
will pull it in. At the moment it gets pulled in by sys/select.h
(which ssh has no business including) via event.h. OK markus@
(ID sync only in -portable)
- dtucker@cvs.openbsd.org 2005/11/21 09:42:10
[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975, patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
- dtucker@cvs.openbsd.org 2005/11/22 03:36:03
[hostfile.c]
Correct format/arguments to debug call; spotted by shaw at vranix.com
ok djm@
- (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
from shaw at vranix.com.
20051120
- (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
is going on.
20051112
- (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
ifdef lost during sync. Spotted by tim@.
- (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
- (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
- (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
- (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
test: if sshd takes too long to reconfigure the subsequent connection will
fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
20051110
- (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
"register").
- (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
unnecessary prototype.
- (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
revs 1.7 - 1.9.
- (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
Patch from djm@.
- (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
since they're not useful right now. Patch from djm@.
- (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
prototypes, removal of "register").
- (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
of "register").
- (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
after the copyright notices. Having them at the top next to the CVSIDs
guarantees a conflict for each and every sync.
- (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
- (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
- (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
Removal of rcsid, "whiteout" inode type.
- (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
Removal of rcsid, will no longer strlcpy parts of the string.
- (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
- (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
- (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
- (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
- (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
- (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
- (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
- (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
with OpenBSD code since we don't support platforms without fstat any more.
- (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
- (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
- (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
- (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
- (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
- (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
- (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
- (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
- (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
- (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
- (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
Id and copyright sync only, there were no substantial changes we need.
- (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
-Wsign-compare fixes from djm.
- (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
Id and copyright sync only, there were no substantial changes we need.
- (dtucker) [configure.ac] Try to get the gcc version number in a way that
doesn't change between versions, and use a safer default.
20051105
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/10/07 11:13:57
[ssh-keygen.c]
change DSA default back to 1024, as it's defined for 1024 bits only
and this causes interop problems with other clients. moreover,
in order to improve the security of DSA you need to change more
components of DSA key generation (e.g. the internal SHA1 hash);
ok deraadt
- djm@cvs.openbsd.org 2005/10/10 10:23:08
[channels.c channels.h clientloop.c serverloop.c session.c]
fix regression I introduced in 4.2: X11 forwardings initiated after
a session has exited (e.g. "(sleep 5; xterm) &") would not start.
bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
- djm@cvs.openbsd.org 2005/10/11 23:37:37
[channels.c]
bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
bind() failure when a previous connection's listeners are in TIME_WAIT,
reported by plattner AT inf.ethz.ch; ok dtucker@
- stevesk@cvs.openbsd.org 2005/10/13 14:03:01
[auth2-gss.c gss-genr.c gss-serv.c]
remove unneeded #includes; ok markus@
- stevesk@cvs.openbsd.org 2005/10/13 14:20:37
[gss-serv.c]
spelling in comments
- stevesk@cvs.openbsd.org 2005/10/13 19:08:08
[gss-serv-krb5.c gss-serv.c]
unused declarations; ok deraadt@
(id sync only for gss-serv-krb5.c)
- stevesk@cvs.openbsd.org 2005/10/13 19:13:41
[dns.c]
unneeded #include, unused declaration, little knf; ok deraadt@
- stevesk@cvs.openbsd.org 2005/10/13 22:24:31
[auth2-gss.c gss-genr.c gss-serv.c monitor.c]
KNF; ok djm@
- stevesk@cvs.openbsd.org 2005/10/14 02:17:59
[ssh-keygen.c ssh.c sshconnect2.c]
no trailing "\n" for log functions; ok djm@
- stevesk@cvs.openbsd.org 2005/10/14 02:29:37
[channels.c clientloop.c]
free()->xfree(); ok djm@
- stevesk@cvs.openbsd.org 2005/10/15 15:28:12
[sshconnect.c]
make external definition static; ok deraadt@
- stevesk@cvs.openbsd.org 2005/10/17 13:45:05
[dns.c]
fix memory leaks from 2 sources:
1) key_fingerprint_raw()
2) malloc in dns_read_rdata()
ok jakob@
- stevesk@cvs.openbsd.org 2005/10/17 14:01:28
[dns.c]
remove #ifdef LWRES; ok jakob@
- stevesk@cvs.openbsd.org 2005/10/17 14:13:35
[dns.c dns.h]
more cleanups; ok jakob@
- djm@cvs.openbsd.org 2005/10/30 01:23:19
[ssh_config.5]
mention control socket fallback behaviour, reported by
tryponraj AT gmail.com
- djm@cvs.openbsd.org 2005/10/30 04:01:03
[ssh-keyscan.c]
make ssh-keygen discard junk from server before SSH- ident, spotted by
dave AT cirt.net; ok dtucker@
- djm@cvs.openbsd.org 2005/10/30 04:03:24
[ssh.c]
fix misleading debug message; ok dtucker@
- dtucker@cvs.openbsd.org 2005/10/30 08:29:29
[canohost.c sshd.c]
Check for connections with IP options earlier and drop silently. ok djm@
- jmc@cvs.openbsd.org 2005/10/30 08:43:47
[ssh_config.5]
remove trailing whitespace;
- djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
- dtucker@cvs.openbsd.org 2005/10/31 06:15:04
[sftp.c]
Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
- djm@cvs.openbsd.org 2005/10/31 11:12:49
[ssh-keygen.1 ssh-keygen.c]
generate a protocol 2 RSA key by default
- djm@cvs.openbsd.org 2005/10/31 11:48:29
[serverloop.c]
make sure we clean up wtmp, etc. file when we receive a SIGTERM,
SIGINT or SIGQUIT when running without privilege separation (the
normal privsep case is already OK). Patch mainly by dtucker@ and
senthilkumar_sen AT hotpop.com; ok dtucker@
- jmc@cvs.openbsd.org 2005/10/31 19:55:25
[ssh-keygen.1]
grammar;
- dtucker@cvs.openbsd.org 2005/11/03 13:38:29
[canohost.c]
Cache reverse lookups with and without DNS separately; ok markus@
- djm@cvs.openbsd.org 2005/11/04 05:15:59
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@
- djm@cvs.openbsd.org 2005/11/05 05:01:15
[bufaux.c]
Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
cs.stanford.edu; ok dtucker@
- (dtucker) [README.platform] Add PAM section.
- (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
ok dtucker@
20051102
- (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
via FreeBSD.
20051030
- (djm) [contrib/suse/openssh.spec contrib/suse/rc.
sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
files from imorgan AT nas.nasa.gov
- (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
enabled, instead allow PAM to handle it. Note that on platforms using PAM,
the pam_nologin module should be added to sshd's session stack in order to
maintain exising behaviour. Based on patch and discussion from t8m at
centrum.cz, ok djm@
20051025
- (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
sizeof(long long) checks, to make fixing bug #1104 easier (no changes
yet).
- (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
understand "%lld", even though the compiler has "long long", so handle
it as a special case. Patch tested by mcaskill.scott at epa.gov.
- (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
prompt. Patch from vinschen at redhat.com.
20051017
- (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
/etc/default/login report and testing from aabaker at iee.org, corrections
from tim@.
20051009
- (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
versions from OpenBSD. ok djm@
20051008
- (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
brian.smith at agilent com.
- (djm) [configure.ac] missing 'test' call for -with-Werror test
20051005
- (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
"*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
senthilkumar_sen at hotpop.com.
20051003
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/09/07 08:53:53
[channels.c]
enforce chanid != NULL; ok djm
- markus@cvs.openbsd.org 2005/09/09 19:18:05
[clientloop.c]
typo; from mark at mcs.vuw.ac.nz, bug #1082
- djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
ensure that stdio fds are attached; ok deraadt@
- djm@cvs.openbsd.org 2005/09/19 11:37:34
[ssh_config.5 ssh.1]
mention ability to specify bind_address for DynamicForward and -D options;
bz#1077 spotted by Haruyama Seigo
- djm@cvs.openbsd.org 2005/09/19 11:47:09
[sshd.c]
stop connection abort on rekey with delayed compression enabled when
post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
- djm@cvs.openbsd.org 2005/09/19 11:48:10
[gss-serv.c]
typo
- jmc@cvs.openbsd.org 2005/09/19 15:38:27
[ssh.1]
some more .Bk/.Ek to avoid ugly line split;
- jmc@cvs.openbsd.org 2005/09/19 15:42:44
[ssh.c]
update -D usage here too;
- djm@cvs.openbsd.org 2005/09/19 23:31:31
[ssh.1]
spelling nit from stevesk@
- djm@cvs.openbsd.org 2005/09/21 23:36:54
[sshd_config.5]
aquire -> acquire, from stevesk@
- djm@cvs.openbsd.org 2005/09/21 23:37:11
[sshd.c]
change label at markus@'s request
- jaredy@cvs.openbsd.org 2005/09/30 20:34:26
[ssh-keyscan.1]
deploy .An -nosplit; ok jmc
- dtucker@cvs.openbsd.org 2005/10/03 07:44:42
[canohost.c]
Relocate check_ip_options call to prevent logging of garbage for
connections with IP options set. bz#1092 from David Leonard,
"looks good" deraadt@
- (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
is required in the system path for the multiplex test to work.
20050930
- (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
for strtoll. Patch from o.flebbe at science-computing.de.
- (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
child during PAM account check without clearing it. This restores the
post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
with help from several others.
20050929
- (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
introduced during sync.
20050928
- (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
- (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
PAM via keyboard-interactive. Patch tested by the folks at Vintela.
20050927
- (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
calls, since they can't possibly fail. ok djm@
- (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
process when sshd relies on ssh-random-helper. Should result in faster
logins on systems without a real random device or prngd. ok djm@
20050924
- (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
duplicate call. ok djm@
20050922
- (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
skeleten at shillest.net.
- (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
shillest.net.
20050919
- (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
ok dtucker@
20050912
- (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
Mike Frysinger.
20050908
- (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
20050901
- (djm) Update RPM spec file versions
@ -2989,4 +3818,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $
$Id: ChangeLog,v 1.4117.2.1 2006/02/01 11:33:14 djm Exp $

4
crypto/openssh/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $
# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -139,7 +139,7 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)

4
crypto/openssh/README
View File

@ -1,4 +1,4 @@
See http://www.openssh.com/txt/release-4.2 for the release notes.
See http://www.openssh.com/txt/release-4.3 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@ -62,4 +62,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.60 2005/08/31 14:05:57 dtucker Exp $
$Id: README,v 1.61 2005/12/01 11:21:04 dtucker Exp $

12
crypto/openssh/README.platform
View File

@ -45,4 +45,14 @@ number is already in use on your system, you may change it at build time
by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $
Platforms using PAM
-------------------
As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when
PAM is enabled. To maintain existing behaviour, pam_nologin should be
added to sshd's session stack which will prevent users from starting shell
sessions. Alternatively, pam_nologin can be added to either the auth or
account stacks which will prevent authentication entirely, but will still
return the output from pam_nologin to the client.
$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $

132
crypto/openssh/README.tun Normal file
View File

@ -0,0 +1,132 @@
How to use OpenSSH-based virtual private networks
-------------------------------------------------
OpenSSH contains support for VPN tunneling using the tun(4) network
tunnel pseudo-device which is available on most platforms, either for
layer 2 or 3 traffic.
The following brief instructions on how to use this feature use
a network configuration specific to the OpenBSD operating system.
(1) Server: Enable support for SSH tunneling
To enable the ssh server to accept tunnel requests from the client, you
have to add the following option to the ssh server configuration file
(/etc/ssh/sshd_config):
PermitTunnel yes
Restart the server or send the hangup signal (SIGHUP) to let the server
reread it's configuration.
(2) Server: Restrict client access and assign the tunnel
The OpenSSH server simply uses the file /root/.ssh/authorized_keys to
restrict the client to connect to a specified tunnel and to
automatically start the related interface configuration command. These
settings are optional but recommended:
tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... reyk@openbsd.org
(3) Client: Configure the local network tunnel interface
Use the hostname.if(5) interface-specific configuration file to set up
the network tunnel configuration with OpenBSD. For example, use the
following configuration in /etc/hostname.tun0 to set up the layer 3
tunnel on the client:
inet 192.168.5.1 255.255.255.252 192.168.5.2
OpenBSD also supports layer 2 tunneling over the tun device by adding
the link0 flag:
inet 192.168.1.78 255.255.255.0 192.168.1.255 link0
Layer 2 tunnels can be used in combination with an Ethernet bridge(4)
interface, like the following example for /etc/bridgename.bridge0:
add tun0
add sis0
up
(4) Client: Configure the OpenSSH client
To establish tunnel forwarding for connections to a specified
remote host by default, use the following ssh client configuration for
the privileged user (in /root/.ssh/config):
Host sshgateway
Tunnel yes
TunnelDevice 0:any
PermitLocalCommand yes
LocalCommand sh /etc/netstart tun0
A more complicated configuration is possible to establish a tunnel to
a remote host which is not directly accessible by the client.
The following example describes a client configuration to connect to
the remote host over two ssh hops in between. It uses the OpenSSH
ProxyCommand in combination with the nc(1) program to forward the final
ssh tunnel destination over multiple ssh sessions.
Host access.somewhere.net
User puffy
Host dmzgw
User puffy
ProxyCommand ssh access.somewhere.net nc dmzgw 22
Host sshgateway
Tunnel Ethernet
TunnelDevice 0:any
PermitLocalCommand yes
LocalCommand sh /etc/netstart tun0
ProxyCommand ssh dmzgw nc sshgateway 22
The following network plan illustrates the previous configuration in
combination with layer 2 tunneling and Ethernet bridging.
+--------+ ( ) +----------------------+
| Client |------( Internet )-----| access.somewhere.net |
+--------+ ( ) +----------------------+
: 192.168.1.78 |
:............................. +-------+
Forwarded ssh connection : | dmzgw |
Layer 2 tunnel : +-------+
: |
: |
: +------------+
:......| sshgateway |
| +------------+
--- real connection Bridge -> | +----------+
... "virtual connection" [ X ]--------| somehost |
[X] switch +----------+
192.168.1.25
(5) Client: Connect to the server and establish the tunnel
Finally connect to the OpenSSH server to establish the tunnel by using
the following command:
ssh sshgateway
It is also possible to tell the client to fork into the background after
the connection has been successfully established:
ssh -f sshgateway true
Without the ssh configuration done in step (4), it is also possible
to use the following command lines:
ssh -fw 0:1 sshgateway true
ifconfig tun0 192.168.5.1 192.168.5.2 netmask 255.255.255.252
Using OpenSSH tunnel forwarding is a simple way to establish secure
and ad hoc virtual private networks. Possible fields of application
could be wireless networks or administrative VPN tunnels.
Nevertheless, ssh tunneling requires some packet header overhead and
runs on top of TCP. It is still suggested to use the IP Security
Protocol (IPSec) for robust and permanent VPN connections and to
interconnect corporate networks.
Reyk Floeter
$OpenBSD: README.tun,v 1.3 2005/12/08 18:34:10 reyk Exp $

4
crypto/openssh/aclocal.m4 vendored
View File

@ -1,4 +1,4 @@
dnl $Id: aclocal.m4,v 1.5 2001/10/22 00:53:59 tim Exp $
dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $
dnl
dnl OpenSSH-specific autoconf macros
dnl
@ -26,7 +26,7 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
if test -n "`echo $ossh_varname`"; then
AC_MSG_RESULT($ossh_result)
if test "x$ossh_result" = "xyes"; then
AC_DEFINE($3)
AC_DEFINE($3, 1, [Define if you have $1 in $2])
fi
else
AC_MSG_RESULT(no)

41
crypto/openssh/auth-options.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $");
RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $");
#include "xmalloc.h"
#include "match.h"
@ -35,6 +35,9 @@ char *forced_command = NULL;
/* "environment=" options. */
struct envstring *custom_environment = NULL;
/* "tunnel=" option. */
int forced_tun_device = -1;
extern ServerOptions options;
void
@ -54,6 +57,7 @@ auth_clear_options(void)
xfree(forced_command);
forced_command = NULL;
}
forced_tun_device = -1;
channel_clear_permitted_opens();
auth_debug_reset();
}
@ -269,6 +273,41 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
xfree(patterns);
goto next_option;
}
cp = "tunnel=\"";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
char *tun = NULL;
opts += strlen(cp);
tun = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
if (*opts == '"')
break;
tun[i++] = *opts++;
}
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
xfree(tun);
forced_tun_device = -1;
goto bad_option;
}
tun[i] = 0;
forced_tun_device = a2tun(tun, NULL);
xfree(tun);
if (forced_tun_device == SSH_TUNID_ERR) {
debug("%.100s, line %lu: invalid tun device",
file, linenum);
auth_debug_add("%.100s, line %lu: invalid tun device",
file, linenum);
forced_tun_device = -1;
goto bad_option;
}
auth_debug_add("Forced tun device: %d", forced_tun_device);
opts++;
goto next_option;
}
next_option:
/*
* Skip the comma, and move to the next option

3
crypto/openssh/auth-options.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $ */
/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -28,6 +28,7 @@ extern int no_x11_forwarding_flag;
extern int no_pty_flag;
extern char *forced_command;
extern struct envstring *custom_environment;
extern int forced_tun_device;
int auth_parse_options(struct passwd *, char *, char *, u_long);
void auth_clear_options(void);

7
crypto/openssh/auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -34,7 +34,6 @@
#include "log.h"
#include "dispatch.h"
#include "servconf.h"
#include "compat.h"
#include "packet.h"
#include "monitor_wrap.h"
@ -49,7 +48,7 @@ static void input_gssapi_errtok(int, u_int32_t, void *);
/*
* We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like
* how to check local user kuserok and the like)
*/
static int
userauth_gssapi(Authctxt *authctxt)
@ -105,7 +104,7 @@ userauth_gssapi(Authctxt *authctxt)
return (0);
}
authctxt->methoddata=(void *)ctxt;
authctxt->methoddata = (void *)ctxt;
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);

2
crypto/openssh/buildpkg.sh.in
View File

@ -353,7 +353,7 @@ else
# Create user if required
[ "\$DO_PASSWD" = yes ] && {
# Use uid of 67 if possible
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null
then
:
else

12
crypto/openssh/cipher-aes.c
View File

@ -23,7 +23,11 @@
*/
#include "includes.h"
#if OPENSSL_VERSION_NUMBER < 0x00907000L
/* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h"
#ifdef USE_BUILTIN_RIJNDAEL
RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
#include <openssl/evp.h>
@ -31,10 +35,6 @@ RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
#include "xmalloc.h"
#include "log.h"
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
#define RIJNDAEL_BLOCKSIZE 16
struct ssh_rijndael_ctx
{
@ -157,4 +157,4 @@ evp_rijndael(void)
#endif
return (&rijndal_cbc);
}
#endif /* OPENSSL_VERSION_NUMBER */
#endif /* USE_BUILTIN_RIJNDAEL */

7
crypto/openssh/cipher-ctr.c
View File

@ -21,11 +21,10 @@ RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
#include "log.h"
#include "xmalloc.h"
#if OPENSSL_VERSION_NUMBER < 0x00906000L
#define SSH_OLD_EVP
#endif
/* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h"
#if OPENSSL_VERSION_NUMBER < 0x00907000L
#ifdef USE_BUILTIN_RIJNDAEL
#include "rijndael.h"
#define AES_KEY rijndael_ctx
#define AES_BLOCK_SIZE 16

30
crypto/openssh/clientloop.c
View File

@ -59,7 +59,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.149 2005/12/30 15:56:37 reyk Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -77,6 +77,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $");
#include "log.h"
#include "readconf.h"
#include "clientloop.h"
#include "sshconnect.h"
#include "authfd.h"
#include "atomicio.h"
#include "sshpty.h"
@ -113,7 +114,7 @@ extern char *host;
static volatile sig_atomic_t received_window_change_signal = 0;
static volatile sig_atomic_t received_signal = 0;
/* Flag indicating whether the user\'s terminal is in non-blocking mode. */
/* Flag indicating whether the user's terminal is in non-blocking mode. */
static int in_non_blocking_mode = 0;
/* Common data for the client loop code. */
@ -266,7 +267,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
}
}
snprintf(cmd, sizeof(cmd),
"%s %s%s list %s . 2>" _PATH_DEVNULL,
"%s %s%s list %s 2>" _PATH_DEVNULL,
xauth_path,
generated ? "-f " : "" ,
generated ? xauthfile : "",
@ -914,6 +915,15 @@ process_cmdline(void)
logit(" -Lport:host:hostport Request local forward");
logit(" -Rport:host:hostport Request remote forward");
logit(" -KRhostport Cancel remote forward");
if (!options.permit_local_command)
goto out;
logit(" !args Execute local command");
goto out;
}
if (*s == '!' && options.permit_local_command) {
s++;
ssh_local_cmd(s);
goto out;
}
@ -1376,10 +1386,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
session_ident = ssh2_chan_id;
if (escape_char != SSH_ESCAPECHAR_NONE)
channel_register_filter(session_ident,
simple_escape_filter);
simple_escape_filter, NULL);
if (session_ident != -1)
channel_register_cleanup(session_ident,
client_channel_closed);
client_channel_closed, 0);
} else {
/* Check if we should immediately send eof on stdin. */
client_check_initial_eof_on_stdin();
@ -1678,7 +1688,7 @@ client_request_x11(const char *request_type, int rchan)
if (!options.forward_x11) {
error("Warning: ssh server tried X11 forwarding.");
error("Warning: this is probably a break in attempt by a malicious server.");
error("Warning: this is probably a break-in attempt by a malicious server.");
return NULL;
}
originator = packet_get_string(NULL);
@ -1711,7 +1721,7 @@ client_request_agent(const char *request_type, int rchan)
if (!options.forward_agent) {
error("Warning: ssh server tried agent forwarding.");
error("Warning: this is probably a break in attempt by a malicious server.");
error("Warning: this is probably a break-in attempt by a malicious server.");
return NULL;
}
sock = ssh_get_authentication_socket();
@ -1880,7 +1890,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
/* Split */
name = xstrdup(env[i]);
if ((val = strchr(name, '=')) == NULL) {
free(name);
xfree(name);
continue;
}
*val++ = '\0';
@ -1894,7 +1904,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
}
if (!matched) {
debug3("Ignored env %s", name);
free(name);
xfree(name);
continue;
}
@ -1903,7 +1913,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
packet_put_cstring(name);
packet_put_cstring(val);
packet_send();
free(name);
xfree(name);
}
}

16
crypto/openssh/defines.h
View File

@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */
/* $Id: defines.h,v 1.130 2005/12/17 11:04:09 dtucker Exp $ */
/* Constants */
@ -450,6 +450,10 @@ struct winsize {
# define __sentinel__
#endif
#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif
/* *-*-nto-qnx doesn't define this macro in the system headers */
#ifdef MISSING_HOWMANY
# define howmany(x,y) (((x)+((y)-1))/(y))
@ -688,7 +692,7 @@ struct winsize {
# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
#ifdef HAVE_LIBIAF
# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
@ -711,4 +715,12 @@ struct winsize {
# undef HAVE_MMAP
#endif
/* some system headers on HP-UX define YES/NO */
#ifdef YES
# undef YES
#endif
#ifdef NO
# undef NO
#endif
#endif /* _DEFINES_H */

35
crypto/openssh/dns.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */
/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -25,27 +25,16 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $");
#include <openssl/bn.h>
#ifdef LWRES
#include <lwres/netdb.h>
#include <dns/result.h>
#else /* LWRES */
#include <netdb.h>
#endif /* LWRES */
#include "xmalloc.h"
#include "key.h"
#include "dns.h"
#include "log.h"
#include "uuencode.h"
extern char *__progname;
RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
#ifndef LWRES
static const char *errset_text[] = {
"success", /* 0 ERRSET_SUCCESS */
"out of memory", /* 1 ERRSET_NOMEMORY */
@ -75,8 +64,6 @@ dns_result_totext(unsigned int res)
return "unknown error";
}
}
#endif /* LWRES */
/*
* Read SSHFP parameters from key buffer.
@ -95,12 +82,14 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
*algorithm = SSHFP_KEY_DSA;
break;
default:
*algorithm = SSHFP_KEY_RESERVED;
*algorithm = SSHFP_KEY_RESERVED; /* 0 */
}
if (*algorithm) {
*digest_type = SSHFP_HASH_SHA1;
*digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
if (*digest == NULL)
fatal("dns_read_key: null from key_fingerprint_raw()");
success = 1;
} else {
*digest_type = SSHFP_HASH_RESERVED;
@ -133,7 +122,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
*digest = (u_char *) xmalloc(*digest_len);
memcpy(*digest, rdata + 2, *digest_len);
} else {
*digest = NULL;
*digest = xstrdup("");
}
success = 1;
@ -187,7 +176,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
*flags = 0;
debug3("verify_hostkey_dns");
debug3("verify_host_key_dns");
if (hostkey == NULL)
fatal("No key to look up!");
@ -223,7 +212,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
if (fingerprints->rri_nrdatas)
*flags |= DNS_VERIFY_FOUND;
for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) {
for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
/*
* Extract the key from the answer. Ignore any badly
* formatted fingerprints.
@ -247,8 +236,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
*flags |= DNS_VERIFY_MATCH;
}
}
xfree(dnskey_digest);
}
xfree(hostkey_digest); /* from key_fingerprint_raw() */
freerrset(fingerprints);
if (*flags & DNS_VERIFY_FOUND)
@ -262,7 +253,6 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
return 0;
}
/*
* Export the fingerprint of a key as a DNS resource record
*/
@ -278,7 +268,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
int success = 0;
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
&rdata_digest, &rdata_digest_len, key)) {
&rdata_digest, &rdata_digest_len, key)) {
if (generic)
fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
@ -291,9 +281,10 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
for (i = 0; i < rdata_digest_len; i++)
fprintf(f, "%02x", rdata_digest[i]);
fprintf(f, "\n");
xfree(rdata_digest); /* from key_fingerprint_raw() */
success = 1;
} else {
error("dns_export_rr: unsupported algorithm");
error("export_dns_rr: unsupported algorithm");
}
return success;

4
crypto/openssh/dns.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.h,v 1.5 2003/11/12 16:39:58 jakob Exp $ */
/* $OpenBSD: dns.h,v 1.6 2005/10/17 14:13:35 stevesk Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -25,7 +25,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifndef DNS_H
@ -49,7 +48,6 @@ enum sshfp_hashes {
#define DNS_VERIFY_MATCH 0x00000002
#define DNS_VERIFY_SECURE 0x00000004
int verify_host_key_dns(const char *, struct sockaddr *, const Key *, int *);
int export_dns_rr(const char *, const Key *, FILE *, int);

38
crypto/openssh/entropy.c
View File

@ -26,6 +26,7 @@
#include <openssl/rand.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include "ssh.h"
#include "misc.h"
@ -33,6 +34,8 @@
#include "atomicio.h"
#include "pathnames.h"
#include "log.h"
#include "buffer.h"
#include "bufaux.h"
/*
* Portable OpenSSH PRNG seeding:
@ -45,7 +48,7 @@
* XXX: we should tell the child how many bytes we need.
*/
RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $");
RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $");
#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
@ -145,10 +148,35 @@ init_rng(void)
"have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
#ifndef OPENSSL_PRNG_ONLY
if ((original_uid = getuid()) == -1)
fatal("getuid: %s", strerror(errno));
if ((original_euid = geteuid()) == -1)
fatal("geteuid: %s", strerror(errno));
original_uid = getuid();
original_euid = geteuid();
#endif
}
#ifndef OPENSSL_PRNG_ONLY
void
rexec_send_rng_seed(Buffer *m)
{
u_char buf[RANDOM_SEED_SIZE];
if (RAND_bytes(buf, sizeof(buf)) <= 0) {
error("Couldn't obtain random bytes (error %ld)",
ERR_get_error());
buffer_put_string(m, "", 0);
} else
buffer_put_string(m, buf, sizeof(buf));
}
void
rexec_recv_rng_seed(Buffer *m)
{
u_char *buf;
u_int len;
buf = buffer_get_string_ret(m, &len);
if (buf != NULL) {
debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len);
RAND_add(buf, len, len);
}
}
#endif

7
crypto/openssh/entropy.h
View File

@ -22,12 +22,17 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* $Id: entropy.h,v 1.4 2001/02/09 01:55:36 djm Exp $ */
/* $Id: entropy.h,v 1.5 2005/09/27 12:46:32 dtucker Exp $ */
#ifndef _RANDOMS_H
#define _RANDOMS_H
#include "buffer.h"
void seed_rng(void);
void init_rng(void);
void rexec_send_rng_seed(Buffer *);
void rexec_recv_rng_seed(Buffer *);
#endif /* _RANDOMS_H */

7
crypto/openssh/gss-genr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */
/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -30,9 +30,7 @@
#include "xmalloc.h"
#include "bufaux.h"
#include "compat.h"
#include "log.h"
#include "monitor_wrap.h"
#include "ssh2.h"
#include "ssh-gss.h"
@ -270,7 +268,8 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
}
OM_uint32
ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
{
if (*ctx)
ssh_gssapi_delete_ctx(ctx);
ssh_gssapi_build_ctx(ctx);

2
crypto/openssh/gss-serv-krb5.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.3 2004/07/21 10:36:23 djm Exp $ */
/* $OpenBSD: gss-serv-krb5.c,v 1.4 2005/10/13 19:08:08 stevesk Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.

27
crypto/openssh/gss-serv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */
/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -29,20 +29,16 @@
#ifdef GSSAPI
#include "bufaux.h"
#include "compat.h"
#include "auth.h"
#include "log.h"
#include "channels.h"
#include "session.h"
#include "servconf.h"
#include "monitor_wrap.h"
#include "xmalloc.h"
#include "getput.h"
#include "ssh-gss.h"
extern ServerOptions options;
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
@ -61,7 +57,7 @@ ssh_gssapi_mech* supported_mechs[]= {
&gssapi_null_mech,
};
/* Unpriviledged */
/* Unprivileged */
void
ssh_gssapi_supported_oids(gss_OID_set *oidset)
{
@ -90,7 +86,7 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
* oid
* credentials (from ssh_gssapi_acquire_cred)
*/
/* Priviledged */
/* Privileged */
OM_uint32
ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
gss_buffer_desc *send_tok, OM_uint32 *flags)
@ -138,14 +134,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
OM_uint32 offset;
OM_uint32 oidl;
tok=ename->value;
tok = ename->value;
/*
* Check that ename is long enough for all of the fixed length
* header, and that the initial ID bytes are correct
*/
if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0)
if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0)
return GSS_S_FAILURE;
/*
@ -164,7 +160,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
*/
if (tok[4] != 0x06 || tok[5] != oidl ||
ename->length < oidl+6 ||
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
!ssh_gssapi_check_oid(ctx, tok+6, oidl))
return GSS_S_FAILURE;
offset = oidl+6;
@ -179,7 +175,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
return GSS_S_FAILURE;
name->value = xmalloc(name->length+1);
memcpy(name->value,tok+offset,name->length);
memcpy(name->value, tok+offset,name->length);
((char *)name->value)[name->length] = 0;
return GSS_S_COMPLETE;
@ -188,7 +184,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
/* Extract the client details from a given context. This can only reliably
* be called once for a context */
/* Priviledged (called from accept_secure_ctx) */
/* Privileged (called from accept_secure_ctx) */
OM_uint32
ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
{
@ -263,15 +259,14 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
if (gssapi_client.store.envvar != NULL &&
gssapi_client.store.envval != NULL) {
debug("Setting %s to %s", gssapi_client.store.envvar,
gssapi_client.store.envval);
gssapi_client.store.envval);
child_set_env(envp, envsizep, gssapi_client.store.envvar,
gssapi_client.store.envval);
}
}
/* Priviledged */
/* Privileged */
int
ssh_gssapi_userok(char *user)
{
@ -298,7 +293,7 @@ ssh_gssapi_userok(char *user)
return (0);
}
/* Priviledged */
/* Privileged */
OM_uint32
ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
{

36
crypto/openssh/kex.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
#include <openssl/crypto.h>
@ -294,13 +294,17 @@ choose_kex(Kex *k, char *client, char *server)
fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) == 0) {
k->kex_type = KEX_DH_GRP1_SHA1;
k->evp_md = EVP_sha1();
} else if (strcmp(k->name, KEX_DH14) == 0) {
k->kex_type = KEX_DH_GRP14_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
k->evp_md = EVP_sha1();
} else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
k->kex_type = KEX_DH_GEX_SHA1;
k->evp_md = EVP_sha1();
} else
fatal("bad kex alg %s", k->name);
}
static void
choose_hostkeyalg(Kex *k, char *client, char *server)
{
@ -404,28 +408,28 @@ kex_choose_conf(Kex *kex)
}
static u_char *
derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
BIGNUM *shared_secret)
{
Buffer b;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
char c = id;
u_int have;
int mdsz = EVP_MD_size(evp_md);
int mdsz;
u_char *digest;
if (mdsz < 0)
fatal("derive_key: mdsz < 0");
digest = xmalloc(roundup(need, mdsz));
if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
fatal("bad kex md size %d", mdsz);
digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
buffer_put_bignum2(&b, shared_secret);
/* K1 = HASH(K || H || "A" || session_id) */
EVP_DigestInit(&md, evp_md);
EVP_DigestInit(&md, kex->evp_md);
if (!(datafellows & SSH_BUG_DERIVEKEY))
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestUpdate(&md, hash, mdsz);
EVP_DigestUpdate(&md, hash, hashlen);
EVP_DigestUpdate(&md, &c, 1);
EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
EVP_DigestFinal(&md, digest, NULL);
@ -436,10 +440,10 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
* Key = K1 || K2 || ... || Kn
*/
for (have = mdsz; need > have; have += mdsz) {
EVP_DigestInit(&md, evp_md);
EVP_DigestInit(&md, kex->evp_md);
if (!(datafellows & SSH_BUG_DERIVEKEY))
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestUpdate(&md, hash, mdsz);
EVP_DigestUpdate(&md, hash, hashlen);
EVP_DigestUpdate(&md, digest, have);
EVP_DigestFinal(&md, digest + have, NULL);
}
@ -455,13 +459,15 @@ Newkeys *current_keys[MODE_MAX];
#define NKEYS 6
void
kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
{
u_char *keys[NKEYS];
u_int i, mode, ctos;
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
for (i = 0; i < NKEYS; i++) {
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
shared_secret);
}
debug2("kex_derive_keys");
for (mode = 0; mode < MODE_MAX; mode++) {

22
crypto/openssh/kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */
/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -31,9 +31,9 @@
#include "cipher.h"
#include "key.h"
#define KEX_DH1 "diffie-hellman-group1-sha1"
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
#define KEX_DH1 "diffie-hellman-group1-sha1"
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define COMP_NONE 0
#define COMP_ZLIB 1
@ -114,6 +114,7 @@ struct Kex {
Buffer peer;
int done;
int flags;
const EVP_MD *evp_md;
char *client_version_string;
char *server_version_string;
int (*verify_host_key)(Key *);
@ -127,7 +128,7 @@ void kex_finish(Kex *);
void kex_send_kexinit(Kex *);
void kex_input_kexinit(int, u_int32_t, void *);
void kex_derive_keys(Kex *, u_char *, BIGNUM *);
void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *);
Newkeys *kex_get_newkeys(int);
@ -136,12 +137,13 @@ void kexdh_server(Kex *);
void kexgex_client(Kex *);
void kexgex_server(Kex *);
u_char *
void
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
BIGNUM *, BIGNUM *, BIGNUM *);
u_char *
kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
void
kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *, u_char **, u_int *);
void
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);

10
crypto/openssh/kexdh.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $");
RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $");
#include <openssl/evp.h>
@ -32,7 +32,7 @@ RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $");
#include "ssh2.h"
#include "kex.h"
u_char *
void
kex_dh_hash(
char *client_version_string,
char *server_version_string,
@ -41,7 +41,8 @@ kex_dh_hash(
u_char *serverhostkeyblob, int sbloblen,
BIGNUM *client_dh_pub,
BIGNUM *server_dh_pub,
BIGNUM *shared_secret)
BIGNUM *shared_secret,
u_char **hash, u_int *hashlen)
{
Buffer b;
static u_char digest[EVP_MAX_MD_SIZE];
@ -77,5 +78,6 @@ kex_dh_hash(
#ifdef DEBUG_KEX
dump_digest("hash", digest, EVP_MD_size(evp_md));
#endif
return digest;
*hash = digest;
*hashlen = EVP_MD_size(evp_md);
}

15
crypto/openssh/kexdhc.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@ -41,7 +41,7 @@ kexdh_client(Kex *kex)
Key *server_host_key;
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, kout, slen, sbloblen;
u_int klen, kout, slen, sbloblen, hashlen;
/* generate and send 'e', client DH public key */
switch (kex->kex_type) {
@ -114,7 +114,7 @@ kexdh_client(Kex *kex)
xfree(kbuf);
/* calc and verify H */
hash = kex_dh_hash(
kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
@ -122,25 +122,26 @@ kexdh_client(Kex *kex)
server_host_key_blob, sbloblen,
dh->pub_key,
dh_server_pub,
shared_secret
shared_secret,
&hash, &hashlen
);
xfree(server_host_key_blob);
BN_clear_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
kex_derive_keys(kex, hash, shared_secret);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}

17
crypto/openssh/kexdhs.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@ -41,7 +41,7 @@ kexdh_server(Kex *kex)
DH *dh;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout;
u_int sbloblen, klen, kout, hashlen;
u_int slen;
/* generate server DH public key */
@ -103,7 +103,7 @@ kexdh_server(Kex *kex)
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
/* calc H */
hash = kex_dh_hash(
kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
@ -111,21 +111,20 @@ kexdh_server(Kex *kex)
server_host_key_blob, sbloblen,
dh_client_pub,
dh->pub_key,
shared_secret
shared_secret,
&hash, &hashlen
);
BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
/* XXX hashlen depends on KEX */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
/* destroy_sensitive_data(); */
@ -141,7 +140,7 @@ kexdh_server(Kex *kex)
/* have keys, free DH */
DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}

16
crypto/openssh/kexgex.c
View File

@ -24,7 +24,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $");
#include <openssl/evp.h>
@ -33,8 +33,9 @@ RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
#include "kex.h"
#include "ssh2.h"
u_char *
void
kexgex_hash(
const EVP_MD *evp_md,
char *client_version_string,
char *server_version_string,
char *ckexinit, int ckexinitlen,
@ -43,11 +44,11 @@ kexgex_hash(
int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen,
BIGNUM *client_dh_pub,
BIGNUM *server_dh_pub,
BIGNUM *shared_secret)
BIGNUM *shared_secret,
u_char **hash, u_int *hashlen)
{
Buffer b;
static u_char digest[EVP_MAX_MD_SIZE];
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
buffer_init(&b);
@ -79,14 +80,15 @@ kexgex_hash(
#ifdef DEBUG_KEXDH
buffer_dump(&b);
#endif
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestFinal(&md, digest, NULL);
buffer_free(&b);
*hash = digest;
*hashlen = EVP_MD_size(evp_md);
#ifdef DEBUG_KEXDH
dump_digest("hash", digest, EVP_MD_size(evp_md));
dump_digest("hash", digest, *hashlen);
#endif
return digest;
}

17
crypto/openssh/kexgexc.c
View File

@ -24,7 +24,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexgexc.c,v 1.2 2003/12/08 11:00:47 markus Exp $");
RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@ -42,7 +42,7 @@ kexgex_client(Kex *kex)
BIGNUM *p = NULL, *g = NULL;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int klen, kout, slen, sbloblen;
u_int klen, kout, slen, sbloblen, hashlen;
int min, max, nbits;
DH *dh;
@ -155,7 +155,8 @@ kexgex_client(Kex *kex)
min = max = -1;
/* calc and verify H */
hash = kexgex_hash(
kexgex_hash(
kex->evp_md,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
@ -165,25 +166,27 @@ kexgex_client(Kex *kex)
dh->p, dh->g,
dh->pub_key,
dh_server_pub,
shared_secret
shared_secret,
&hash, &hashlen
);
/* have keys, free DH */
DH_free(dh);
xfree(server_host_key_blob);
BN_clear_free(dh_server_pub);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
kex_derive_keys(kex, hash, shared_secret);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);

20
crypto/openssh/kexgexs.c
View File

@ -24,7 +24,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $");
#include "xmalloc.h"
#include "key.h"
@ -43,7 +43,7 @@ kexgex_server(Kex *kex)
Key *server_host_key;
DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout, slen;
u_int sbloblen, klen, kout, slen, hashlen;
int min = -1, max = -1, nbits = -1, type;
if (kex->load_host_key == NULL)
@ -137,8 +137,9 @@ kexgex_server(Kex *kex)
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
min = max = -1;
/* calc H */ /* XXX depends on 'kex' */
hash = kexgex_hash(
/* calc H */
kexgex_hash(
kex->evp_md,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
@ -148,21 +149,20 @@ kexgex_server(Kex *kex)
dh->p, dh->g,
dh_client_pub,
dh->pub_key,
shared_secret
shared_secret,
&hash, &hashlen
);
BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
/* XXX hashlen depends on KEX */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
/* destroy_sensitive_data(); */
@ -179,7 +179,7 @@ kexgex_server(Kex *kex)
/* have keys, free DH */
DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);

173
crypto/openssh/misc.c
View File

@ -24,7 +24,11 @@
*/
#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $");
#ifdef SSH_TUN_OPENBSD
#include <net/if.h>
#endif
#include "misc.h"
#include "log.h"
@ -194,6 +198,37 @@ a2port(const char *s)
return port;
}
int
a2tun(const char *s, int *remote)
{
const char *errstr = NULL;
char *sp, *ep;
int tun;
if (remote != NULL) {
*remote = SSH_TUNID_ANY;
sp = xstrdup(s);
if ((ep = strchr(sp, ':')) == NULL) {
xfree(sp);
return (a2tun(s, NULL));
}
ep[0] = '\0'; ep++;
*remote = a2tun(ep, NULL);
tun = a2tun(sp, NULL);
xfree(sp);
return (*remote == SSH_TUNID_ERR ? *remote : tun);
}
if (strcasecmp(s, "any") == 0)
return (SSH_TUNID_ANY);
tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr);
if (errstr != NULL)
return (SSH_TUNID_ERR);
return (tun);
}
#define SECONDS 1
#define MINUTES (SECONDS * 60)
#define HOURS (MINUTES * 60)
@ -356,12 +391,15 @@ void
addargs(arglist *args, char *fmt, ...)
{
va_list ap;
char buf[1024];
char *cp;
u_int nalloc;
int r;
va_start(ap, fmt);
vsnprintf(buf, sizeof(buf), fmt, ap);
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
fatal("addargs: argument too long");
nalloc = args->nalloc;
if (args->list == NULL) {
@ -372,10 +410,44 @@ addargs(arglist *args, char *fmt, ...)
args->list = xrealloc(args->list, nalloc * sizeof(char *));
args->nalloc = nalloc;
args->list[args->num++] = xstrdup(buf);
args->list[args->num++] = cp;
args->list[args->num] = NULL;
}
void
replacearg(arglist *args, u_int which, char *fmt, ...)
{
va_list ap;
char *cp;
int r;
va_start(ap, fmt);
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
fatal("replacearg: argument too long");
if (which >= args->num)
fatal("replacearg: tried to replace invalid arg %d >= %d",
which, args->num);
xfree(args->list[which]);
args->list[which] = cp;
}
void
freeargs(arglist *args)
{
u_int i;
if (args->list != NULL) {
for (i = 0; i < args->num; i++)
xfree(args->list[i]);
xfree(args->list);
args->nalloc = args->num = 0;
args->list = NULL;
}
}
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.
* Warning: this calls getpw*.
@ -507,6 +579,99 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
return -1;
}
int
tun_open(int tun, int mode)
{
#if defined(CUSTOM_SYS_TUN_OPEN)
return (sys_tun_open(tun, mode));
#elif defined(SSH_TUN_OPENBSD)
struct ifreq ifr;
char name[100];
int fd = -1, sock;
/* Open the tunnel device */
if (tun <= SSH_TUNID_MAX) {
snprintf(name, sizeof(name), "/dev/tun%d", tun);
fd = open(name, O_RDWR);
} else if (tun == SSH_TUNID_ANY) {
for (tun = 100; tun >= 0; tun--) {
snprintf(name, sizeof(name), "/dev/tun%d", tun);
if ((fd = open(name, O_RDWR)) >= 0)
break;
}
} else {
debug("%s: invalid tunnel %u", __func__, tun);
return (-1);
}
if (fd < 0) {
debug("%s: %s open failed: %s", __func__, name, strerror(errno));
return (-1);
}
debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
/* Set the tunnel device operation mode */
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
goto failed;
if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
goto failed;
/* Set interface mode */
ifr.ifr_flags &= ~IFF_UP;
if (mode == SSH_TUNMODE_ETHERNET)
ifr.ifr_flags |= IFF_LINK0;
else
ifr.ifr_flags &= ~IFF_LINK0;
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
goto failed;
/* Bring interface up */
ifr.ifr_flags |= IFF_UP;
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
goto failed;
close(sock);
return (fd);
failed:
if (fd >= 0)
close(fd);
if (sock >= 0)
close(sock);
debug("%s: failed to set %s mode %d: %s", __func__, name,
mode, strerror(errno));
return (-1);
#else
error("Tunnel interfaces are not supported on this platform");
return (-1);
#endif
}
void
sanitise_stdfd(void)
{
int nullfd, dupfd;
if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
exit(1);
}
while (++dupfd <= 2) {
/* Only clobber closed fds */
if (fcntl(dupfd, F_GETFL, 0) >= 0)
continue;
if (dup2(nullfd, dupfd) == -1) {
fprintf(stderr, "dup2: %s", strerror(errno));
exit(1);
}
}
if (nullfd > 2)
close(nullfd);
}
char *
tohex(const u_char *d, u_int l)
{

23
crypto/openssh/misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */
/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -20,6 +20,7 @@ int set_nonblock(int);
int unset_nonblock(int);
void set_nodelay(int);
int a2port(const char *);
int a2tun(const char *, int *);
char *hpdelim(char **);
char *cleanhostname(char *);
char *colon(char *);
@ -27,6 +28,7 @@ long convtime(const char *);
char *tilde_expand_filename(const char *, uid_t);
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
char *tohex(const u_char *, u_int);
void sanitise_stdfd(void);
struct passwd *pwcopy(struct passwd *);
@ -36,7 +38,11 @@ struct arglist {
u_int num;
u_int nalloc;
};
void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
void addargs(arglist *, char *, ...)
__attribute__((format(printf, 2, 3)));
void replacearg(arglist *, u_int, char *, ...)
__attribute__((format(printf, 3, 4)));
void freeargs(arglist *);
/* readpass.c */
@ -48,3 +54,16 @@ void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
char *read_passphrase(const char *, int);
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
int tun_open(int, int);
/* Common definitions for ssh tunnel device forwarding */
#define SSH_TUNMODE_NO 0x00
#define SSH_TUNMODE_POINTOPOINT 0x01
#define SSH_TUNMODE_ETHERNET 0x02
#define SSH_TUNMODE_DEFAULT SSH_TUNMODE_POINTOPOINT
#define SSH_TUNMODE_YES (SSH_TUNMODE_POINTOPOINT|SSH_TUNMODE_ETHERNET)
#define SSH_TUNID_ANY 0x7fffffff
#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1)
#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2)

6
crypto/openssh/openbsd-compat/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $
# $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@ -18,9 +18,9 @@ LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
PORTS=port-irix.o port-aix.o port-uw.o
PORTS=port-irix.o port-aix.o port-uw.o port-tun.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

9
crypto/openssh/openbsd-compat/base64.c
View File

@ -1,5 +1,3 @@
/* OPENBSD ORIGINAL: lib/libc/net/base64.c */
/* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */
/*
@ -44,6 +42,8 @@
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
/* OPENBSD ORIGINAL: lib/libc/net/base64.c */
#include "includes.h"
#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON))
@ -139,7 +139,7 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
size_t datalength = 0;
u_char input[3];
u_char output[4];
int i;
u_int i;
while (2 < srclength) {
input[0] = *src++;
@ -206,7 +206,8 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
int
b64_pton(char const *src, u_char *target, size_t targsize)
{
int tarindex, state, ch;
u_int tarindex, state;
int ch;
char *pos;
state = 0;

39
crypto/openssh/openbsd-compat/basename.c
View File

@ -1,9 +1,7 @@
/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */
/* $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $ */
/* $OpenBSD: basename.c,v 1.14 2005/08/08 08:05:33 espie Exp $ */
/*
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 1997, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -18,34 +16,35 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */
#include "includes.h"
#ifndef HAVE_BASENAME
#ifndef lint
static char rcsid[] = "$OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $";
#endif /* not lint */
char *
basename(const char *path)
{
static char bname[MAXPATHLEN];
register const char *endp, *startp;
size_t len;
const char *endp, *startp;
/* Empty or NULL string gets treated as "." */
if (path == NULL || *path == '\0') {
(void)strlcpy(bname, ".", sizeof bname);
return(bname);
bname[0] = '.';
bname[1] = '\0';
return (bname);
}
/* Strip trailing slashes */
/* Strip any trailing slashes */
endp = path + strlen(path) - 1;
while (endp > path && *endp == '/')
endp--;
/* All slashes become "/" */
/* All slashes becomes "/" */
if (endp == path && *endp == '/') {
(void)strlcpy(bname, "/", sizeof bname);
return(bname);
bname[0] = '/';
bname[1] = '\0';
return (bname);
}
/* Find the start of the base */
@ -53,12 +52,14 @@ basename(const char *path)
while (startp > path && *(startp - 1) != '/')
startp--;
if (endp - startp + 2 > sizeof(bname)) {
len = endp - startp + 1;
if (len >= sizeof(bname)) {
errno = ENAMETOOLONG;
return(NULL);
return (NULL);
}
strlcpy(bname, startp, endp - startp + 2);
return(bname);
memcpy(bname, startp, len);
bname[len] = '\0';
return (bname);
}
#endif /* !defined(HAVE_BASENAME) */

8
crypto/openssh/openbsd-compat/bindresvport.c
View File

@ -1,6 +1,6 @@
/* This file has be substantially modified from the original OpenBSD source */
/* $OpenBSD: bindresvport.c,v 1.15 2003/05/20 22:42:35 deraadt Exp $ */
/* $OpenBSD: bindresvport.c,v 1.16 2005/04/01 07:44:03 otto Exp $ */
/*
* Copyright 1996, Jason Downs. All rights reserved.
@ -28,6 +28,8 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/rpc/bindresvport.c */
#include "includes.h"
#ifndef HAVE_BINDRESVPORT_SA
@ -42,9 +44,7 @@
* Bind a socket to a privileged IP port
*/
int
bindresvport_sa(sd, sa)
int sd;
struct sockaddr *sa;
bindresvport_sa(int sd, struct sockaddr *sa)
{
int error, af;
struct sockaddr_storage myaddr;

95
crypto/openssh/openbsd-compat/bsd-asprintf.c Normal file
View File

@ -0,0 +1,95 @@
/*
* Copyright (c) 2004 Darren Tucker.
*
* Based originally on asprintf.c from OpenBSD:
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#ifndef HAVE_VASPRINTF
#ifndef VA_COPY
# ifdef HAVE_VA_COPY
# define VA_COPY(dest, src) va_copy(dest, src)
# else
# ifdef HAVE___VA_COPY
# define VA_COPY(dest, src) __va_copy(dest, src)
# else
# define VA_COPY(dest, src) (dest) = (src)
# endif
# endif
#endif
#define INIT_SZ 128
int vasprintf(char **str, const char *fmt, va_list ap)
{
int ret = -1;
va_list ap2;
char *string, *newstr;
size_t len;
VA_COPY(ap2, ap);
if ((string = malloc(INIT_SZ)) == NULL)
goto fail;
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
*str = string;
} else if (ret == INT_MAX) { /* shouldn't happen */
goto fail;
} else { /* bigger than initial, realloc allowing for nul */
len = (size_t)ret + 1;
if ((newstr = realloc(string, len)) == NULL) {
free(string);
goto fail;
} else {
va_end(ap2);
VA_COPY(ap2, ap);
ret = vsnprintf(newstr, len, fmt, ap2);
if (ret >= 0 && (size_t)ret < len) {
*str = newstr;
} else { /* failed with realloc'ed string, give up */
free(newstr);
goto fail;
}
}
}
va_end(ap2);
return (ret);
fail:
*str = NULL;
errno = ENOMEM;
va_end(ap2);
return (-1);
}
#endif
#ifndef HAVE_ASPRINTF
int asprintf(char **str, const char *fmt, ...)
{
va_list ap;
int ret;
*str = NULL;
va_start(ap, fmt);
ret = vasprintf(str, fmt, ap);
va_end(ap);
return ret;
}
#endif

4
crypto/openssh/openbsd-compat/bsd-closefrom.c
View File

@ -46,7 +46,7 @@
# define OPEN_MAX 256
#endif
RCSID("$Id: bsd-closefrom.c,v 1.1 2004/08/15 08:41:00 djm Exp $");
RCSID("$Id: bsd-closefrom.c,v 1.2 2005/11/10 08:29:13 dtucker Exp $");
#ifndef lint
static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
@ -67,7 +67,7 @@ closefrom(int lowfd)
/* Check for a /proc/$$/fd directory. */
len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
if (len != -1 && len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
if (len >= 0 && (u_int)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
while ((dent = readdir(dirp)) != NULL) {
fd = strtol(dent->d_name, &endp, 10);
if (dent->d_name != endp && *endp == '\0' &&

9
crypto/openssh/openbsd-compat/bsd-misc.c
View File

@ -18,7 +18,7 @@
#include "includes.h"
#include "xmalloc.h"
RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $");
RCSID("$Id: bsd-misc.c,v 1.28 2005/11/01 22:07:31 dtucker Exp $");
#ifndef HAVE___PROGNAME
char *__progname;
@ -223,10 +223,7 @@ strdup(const char *str)
len = strlen(str) + 1;
cp = malloc(len);
if (cp != NULL)
if (strlcpy(cp, str, len) != len) {
free(cp);
return NULL;
}
return cp;
return(memcpy(cp, str, len));
return NULL;
}
#endif

606
crypto/openssh/openbsd-compat/bsd-snprintf.c
View File

@ -45,45 +45,82 @@
* missing. Some systems only have snprintf() but not vsnprintf(), so
* the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF.
*
* Ben Lindstrom <mouring@eviladmin.org> 09/27/00 for OpenSSH
* Welcome to the world of %lld and %qd support. With other
* long long support. This is needed for sftp-server to work
* right.
* Andrew Tridgell (tridge@samba.org) Oct 1998
* fixed handling of %.0f
* added test for HAVE_LONG_DOUBLE
*
* Ben Lindstrom <mouring@eviladmin.org> 02/12/01 for OpenSSH
* Removed all hint of VARARGS stuff and banished it to the void,
* and did a bit of KNF style work to make things a bit more
* acceptable. Consider stealing from mutt or enlightenment.
* tridge@samba.org, idra@samba.org, April 2001
* got rid of fcvt code (twas buggy and made testing harder)
* added C99 semantics
*
* date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0
* actually print args for %g and %e
*
* date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0
* Since includes.h isn't included here, VA_COPY has to be defined here. I don't
* see any include file that is guaranteed to be here, so I'm defining it
* locally. Fixes AIX and Solaris builds.
*
* date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13
* put the ifdef for HAVE_VA_COPY in one place rather than in lots of
* functions
*
* date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4
* Fix usage of va_list passed as an arg. Use __va_copy before using it
* when it exists.
*
* date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14
* Fix incorrect zpadlen handling in fmtfp.
* Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it.
* few mods to make it easier to compile the tests.
* addedd the "Ollie" test to the floating point ones.
*
* Martin Pool (mbp@samba.org) April 2003
* Remove NO_CONFIG_H so that the test case can be built within a source
* tree with less trouble.
* Remove unnecessary SAFE_FREE() definition.
*
* Martin Pool (mbp@samba.org) May 2003
* Put in a prototype for dummy_snprintf() to quiet compiler warnings.
*
* Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even
* if the C library has some snprintf functions already.
**************************************************************/
#include "includes.h"
RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $");
RCSID("$Id: bsd-snprintf.c,v 1.11 2005/12/17 11:32:04 dtucker Exp $");
#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */
# undef HAVE_SNPRINTF
# undef HAVE_VSNPRINTF
#endif
#ifndef VA_COPY
# ifdef HAVE_VA_COPY
# define VA_COPY(dest, src) va_copy(dest, src)
# else
# ifdef HAVE___VA_COPY
# define VA_COPY(dest, src) __va_copy(dest, src)
# else
# define VA_COPY(dest, src) (dest) = (src)
# endif
# endif
#endif
#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF)
static void
dopr(char *buffer, size_t maxlen, const char *format, va_list args);
#ifdef HAVE_LONG_DOUBLE
# define LDOUBLE long double
#else
# define LDOUBLE double
#endif
static void
fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags,
int min, int max);
static void
fmtint(char *buffer, size_t *currlen, size_t maxlen, long value, int base,
int min, int max, int flags);
static void
fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
int min, int max, int flags);
static void
dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
#ifdef HAVE_LONG_LONG
# define LLONG long long
#else
# define LLONG long
#endif
/*
* dopr(): poor man's version of doprintf
@ -109,28 +146,49 @@ dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
#define DP_F_UNSIGNED (1 << 6)
/* Conversion Flags */
#define DP_C_SHORT 1
#define DP_C_LONG 2
#define DP_C_LDOUBLE 3
#define DP_C_LONG_LONG 4
#define DP_C_SHORT 1
#define DP_C_LONG 2
#define DP_C_LDOUBLE 3
#define DP_C_LLONG 4
#define char_to_int(p) (p - '0')
#define abs_val(p) (p < 0 ? -p : p)
#define char_to_int(p) ((p)- '0')
#ifndef MAX
# define MAX(p,q) (((p) >= (q)) ? (p) : (q))
#endif
static size_t dopr(char *buffer, size_t maxlen, const char *format,
va_list args_in);
static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
char *value, int flags, int min, int max);
static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
long value, int base, int min, int max, int flags);
static void fmtfp(char *buffer, size_t *currlen, size_t maxlen,
LDOUBLE fvalue, int min, int max, int flags);
static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
static void
dopr(char *buffer, size_t maxlen, const char *format, va_list args)
static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
{
char *strvalue, ch;
long value;
long double fvalue;
int min = 0, max = -1, state = DP_S_DEFAULT, flags = 0, cflags = 0;
size_t currlen = 0;
ch = *format++;
char ch;
LLONG value;
LDOUBLE fvalue;
char *strvalue;
int min;
int max;
int state;
int flags;
int cflags;
size_t currlen;
va_list args;
VA_COPY(args, args_in);
state = DP_S_DEFAULT;
currlen = flags = cflags = min = 0;
max = -1;
ch = *format++;
while (state != DP_S_DONE) {
if ((ch == '\0') || (currlen >= maxlen))
if (ch == '\0')
state = DP_S_DONE;
switch(state) {
@ -138,7 +196,7 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
if (ch == '%')
state = DP_S_FLAGS;
else
dopr_outch(buffer, &currlen, maxlen, ch);
dopr_outch (buffer, &currlen, maxlen, ch);
ch = *format++;
break;
case DP_S_FLAGS:
@ -170,34 +228,37 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
break;
case DP_S_MIN:
if (isdigit((unsigned char)ch)) {
min = 10 * min + char_to_int (ch);
min = 10*min + char_to_int (ch);
ch = *format++;
} else if (ch == '*') {
min = va_arg (args, int);
ch = *format++;
state = DP_S_DOT;
} else
} else {
state = DP_S_DOT;
}
break;
case DP_S_DOT:
if (ch == '.') {
state = DP_S_MAX;
ch = *format++;
} else
} else {
state = DP_S_MOD;
}
break;
case DP_S_MAX:
if (isdigit((unsigned char)ch)) {
if (max < 0)
max = 0;
max = 10 * max + char_to_int(ch);
max = 10*max + char_to_int (ch);
ch = *format++;
} else if (ch == '*') {
max = va_arg (args, int);
ch = *format++;
state = DP_S_MOD;
} else
} else {
state = DP_S_MOD;
}
break;
case DP_S_MOD:
switch (ch) {
@ -208,15 +269,11 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
case 'l':
cflags = DP_C_LONG;
ch = *format++;
if (ch == 'l') {
cflags = DP_C_LONG_LONG;
if (ch == 'l') { /* It's a long long */
cflags = DP_C_LLONG;
ch = *format++;
}
break;
case 'q':
cflags = DP_C_LONG_LONG;
ch = *format++;
break;
case 'L':
cflags = DP_C_LDOUBLE;
ch = *format++;
@ -231,37 +288,37 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
case 'd':
case 'i':
if (cflags == DP_C_SHORT)
value = va_arg(args, int);
value = va_arg (args, int);
else if (cflags == DP_C_LONG)
value = va_arg(args, long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg (args, long long);
value = va_arg (args, long int);
else if (cflags == DP_C_LLONG)
value = va_arg (args, LLONG);
else
value = va_arg (args, int);
fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags);
fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
break;
case 'o':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
value = va_arg (args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (long)va_arg (args, unsigned LLONG);
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 8, min, max, flags);
value = (long)va_arg (args, unsigned int);
fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags);
break;
case 'u':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
value = va_arg (args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (LLONG)va_arg (args, unsigned LLONG);
else
value = va_arg(args, unsigned int);
value = (long)va_arg (args, unsigned int);
fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
break;
case 'X':
@ -269,79 +326,86 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
case 'x':
flags |= DP_F_UNSIGNED;
if (cflags == DP_C_SHORT)
value = va_arg(args, unsigned int);
value = va_arg (args, unsigned int);
else if (cflags == DP_C_LONG)
value = va_arg(args, unsigned long int);
else if (cflags == DP_C_LONG_LONG)
value = va_arg(args, unsigned long long);
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (LLONG)va_arg (args, unsigned LLONG);
else
value = va_arg(args, unsigned int);
fmtint(buffer, &currlen, maxlen, value, 16, min, max, flags);
value = (long)va_arg (args, unsigned int);
fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags);
break;
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
fvalue = va_arg (args, LDOUBLE);
else
fvalue = va_arg(args, double);
fvalue = va_arg (args, double);
/* um, floating point? */
fmtfp(buffer, &currlen, maxlen, fvalue, min, max, flags);
fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
break;
case 'E':
flags |= DP_F_UP;
case 'e':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
fvalue = va_arg (args, LDOUBLE);
else
fvalue = va_arg(args, double);
fvalue = va_arg (args, double);
fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
break;
case 'G':
flags |= DP_F_UP;
case 'g':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, long double);
fvalue = va_arg (args, LDOUBLE);
else
fvalue = va_arg(args, double);
fvalue = va_arg (args, double);
fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
break;
case 'c':
dopr_outch(buffer, &currlen, maxlen, va_arg(args, int));
dopr_outch (buffer, &currlen, maxlen, va_arg (args, int));
break;
case 's':
strvalue = va_arg(args, char *);
if (max < 0)
max = maxlen; /* ie, no max */
fmtstr(buffer, &currlen, maxlen, strvalue, flags, min, max);
strvalue = va_arg (args, char *);
if (!strvalue) strvalue = "(NULL)";
if (max == -1) {
max = strlen(strvalue);
}
if (min > 0 && max >= 0 && min > max) max = min;
fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max);
break;
case 'p':
strvalue = va_arg(args, void *);
fmtint(buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
strvalue = va_arg (args, void *);
fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
break;
case 'n':
if (cflags == DP_C_SHORT) {
short int *num;
num = va_arg(args, short int *);
num = va_arg (args, short int *);
*num = currlen;
} else if (cflags == DP_C_LONG) {
long int *num;
num = va_arg(args, long int *);
*num = currlen;
} else if (cflags == DP_C_LONG_LONG) {
long long *num;
num = va_arg(args, long long *);
*num = currlen;
num = va_arg (args, long int *);
*num = (long int)currlen;
} else if (cflags == DP_C_LLONG) {
LLONG *num;
num = va_arg (args, LLONG *);
*num = (LLONG)currlen;
} else {
int *num;
num = va_arg(args, int *);
num = va_arg (args, int *);
*num = currlen;
}
break;
case '%':
dopr_outch(buffer, &currlen, maxlen, ch);
dopr_outch (buffer, &currlen, maxlen, ch);
break;
case 'w': /* not supported yet, treat as next char */
case 'w':
/* not supported yet, treat as next char */
ch = *format++;
break;
default: /* Unknown, skip */
break;
default:
/* Unknown, skip */
break;
}
ch = *format++;
state = DP_S_DEFAULT;
@ -350,24 +414,33 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
break;
case DP_S_DONE:
break;
default: /* hmm? */
default:
/* hmm? */
break; /* some picky compilers need this */
}
}
if (currlen < maxlen - 1)
buffer[currlen] = '\0';
else
buffer[maxlen - 1] = '\0';
if (maxlen != 0) {
if (currlen < maxlen - 1)
buffer[currlen] = '\0';
else if (maxlen > 0)
buffer[maxlen - 1] = '\0';
}
return currlen;
}
static void
fmtstr(char *buffer, size_t *currlen, size_t maxlen,
char *value, int flags, int min, int max)
static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
char *value, int flags, int min, int max)
{
int cnt = 0, padlen, strln; /* amount to pad */
if (value == 0)
int padlen, strln; /* amount to pad */
int cnt = 0;
#ifdef DEBUG_SNPRINTF
printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value);
#endif
if (value == 0) {
value = "<NULL>";
}
for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */
padlen = min - strln;
@ -375,18 +448,18 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen,
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen; /* Left Justify */
while ((padlen > 0) && (cnt < max)) {
dopr_outch(buffer, currlen, maxlen, ' ');
dopr_outch (buffer, currlen, maxlen, ' ');
--padlen;
++cnt;
}
while (*value && (cnt < max)) {
dopr_outch(buffer, currlen, maxlen, *value++);
dopr_outch (buffer, currlen, maxlen, *value++);
++cnt;
}
while ((padlen < 0) && (cnt < max)) {
dopr_outch(buffer, currlen, maxlen, ' ');
dopr_outch (buffer, currlen, maxlen, ' ');
++padlen;
++cnt;
}
@ -394,49 +467,49 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen,
/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
static void
fmtint(char *buffer, size_t *currlen, size_t maxlen,
long value, int base, int min, int max, int flags)
static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
long value, int base, int min, int max, int flags)
{
int signvalue = 0;
unsigned long uvalue;
char convert[20];
int signvalue = 0, place = 0, caps = 0;
int place = 0;
int spadlen = 0; /* amount to space pad */
int zpadlen = 0; /* amount to zero pad */
int caps = 0;
if (max < 0)
max = 0;
uvalue = value;
if (!(flags & DP_F_UNSIGNED)) {
if (value < 0) {
if(!(flags & DP_F_UNSIGNED)) {
if( value < 0 ) {
signvalue = '-';
uvalue = -value;
} else if (flags & DP_F_PLUS) /* Do a sign (+/i) */
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
} else {
if (flags & DP_F_PLUS) /* Do a sign (+/i) */
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
}
}
if (flags & DP_F_UP)
caps = 1; /* Should characters be upper case? */
if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
do {
convert[place++] =
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[uvalue % (unsigned)base];
(caps? "0123456789ABCDEF":"0123456789abcdef")
[uvalue % (unsigned)base ];
uvalue = (uvalue / (unsigned)base );
} while (uvalue && (place < 20));
if (place == 20)
place--;
} while(uvalue && (place < 20));
if (place == 20) place--;
convert[place] = 0;
zpadlen = max - place;
spadlen = min - MAX (max, place) - (signvalue ? 1 : 0);
if (zpadlen < 0)
zpadlen = 0;
if (spadlen < 0)
spadlen = 0;
if (zpadlen < 0) zpadlen = 0;
if (spadlen < 0) spadlen = 0;
if (flags & DP_F_ZERO) {
zpadlen = MAX(zpadlen, spadlen);
spadlen = 0;
@ -444,27 +517,32 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen,
if (flags & DP_F_MINUS)
spadlen = -spadlen; /* Left Justifty */
#ifdef DEBUG_SNPRINTF
printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
zpadlen, spadlen, min, max, place);
#endif
/* Spaces */
while (spadlen > 0) {
dopr_outch(buffer, currlen, maxlen, ' ');
dopr_outch (buffer, currlen, maxlen, ' ');
--spadlen;
}
/* Sign */
if (signvalue)
dopr_outch(buffer, currlen, maxlen, signvalue);
dopr_outch (buffer, currlen, maxlen, signvalue);
/* Zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
dopr_outch(buffer, currlen, maxlen, '0');
dopr_outch (buffer, currlen, maxlen, '0');
--zpadlen;
}
}
/* Digits */
while (place > 0)
dopr_outch(buffer, currlen, maxlen, convert[--place]);
dopr_outch (buffer, currlen, maxlen, convert[--place]);
/* Left Justified spaces */
while (spadlen < 0) {
@ -473,11 +551,20 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen,
}
}
static long double
pow10(int exp)
static LDOUBLE abs_val(LDOUBLE value)
{
long double result = 1;
LDOUBLE result = value;
if (value < 0)
result = -value;
return result;
}
static LDOUBLE POW10(int exp)
{
LDOUBLE result = 1;
while (exp) {
result *= 10;
exp--;
@ -486,28 +573,69 @@ pow10(int exp)
return result;
}
static long
round(long double value)
static LLONG ROUND(LDOUBLE value)
{
long intpart = value;
value -= intpart;
if (value >= 0.5)
intpart++;
LLONG intpart;
intpart = (LLONG)value;
value = value - intpart;
if (value >= 0.5) intpart++;
return intpart;
}
static void
fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
int min, int max, int flags)
/* a replacement for modf that doesn't need the math library. Should
be portable, but slow */
static double my_modf(double x0, double *iptr)
{
char iconvert[20], fconvert[20];
int signvalue = 0, iplace = 0, fplace = 0;
int i;
long l;
double x = x0;
double f = 1.0;
for (i=0;i<100;i++) {
l = (long)x;
if (l <= (x+1) && l >= (x-1)) break;
x *= 0.1;
f *= 10.0;
}
if (i == 100) {
/* yikes! the number is beyond what we can handle. What do we do? */
(*iptr) = 0;
return 0;
}
if (i != 0) {
double i2;
double ret;
ret = my_modf(x0-l*f, &i2);
(*iptr) = l*f + i2;
return ret;
}
(*iptr) = l;
return x - (*iptr);
}
static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
LDOUBLE fvalue, int min, int max, int flags)
{
int signvalue = 0;
double ufvalue;
char iconvert[311];
char fconvert[311];
int iplace = 0;
int fplace = 0;
int padlen = 0; /* amount to pad */
int zpadlen = 0, caps = 0;
long intpart, fracpart;
long double ufvalue;
int zpadlen = 0;
int caps = 0;
int idx;
double intpart;
double fracpart;
double temp;
/*
* AIX manpage says the default is 0, but Solaris says the default
@ -516,137 +644,159 @@ fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
if (max < 0)
max = 6;
ufvalue = abs_val(fvalue);
ufvalue = abs_val (fvalue);
if (fvalue < 0)
if (fvalue < 0) {
signvalue = '-';
else if (flags & DP_F_PLUS) /* Do a sign (+/i) */
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
} else {
if (flags & DP_F_PLUS) { /* Do a sign (+/i) */
signvalue = '+';
} else {
if (flags & DP_F_SPACE)
signvalue = ' ';
}
}
intpart = ufvalue;
#if 0
if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
#endif
#if 0
if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */
#endif
/*
* Sorry, we only support 9 digits past the decimal because of our
* Sorry, we only support 16 digits past the decimal because of our
* conversion method
*/
if (max > 9)
max = 9;
if (max > 16)
max = 16;
/* We "cheat" by converting the fractional part to integer by
* multiplying by a factor of 10
*/
fracpart = round((pow10 (max)) * (ufvalue - intpart));
if (fracpart >= pow10 (max)) {
temp = ufvalue;
my_modf(temp, &intpart);
fracpart = ROUND((POW10(max)) * (ufvalue - intpart));
if (fracpart >= POW10(max)) {
intpart++;
fracpart -= pow10 (max);
fracpart -= POW10(max);
}
/* Convert integer part */
do {
temp = intpart*0.1;
my_modf(temp, &intpart);
idx = (int) ((temp -intpart +0.05)* 10.0);
/* idx = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */
/* printf ("%llf, %f, %x\n", temp, intpart, idx); */
iconvert[iplace++] =
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[intpart % 10];
intpart = (intpart / 10);
} while(intpart && (iplace < 20));
if (iplace == 20)
iplace--;
(caps? "0123456789ABCDEF":"0123456789abcdef")[idx];
} while (intpart && (iplace < 311));
if (iplace == 311) iplace--;
iconvert[iplace] = 0;
/* Convert fractional part */
do {
fconvert[fplace++] =
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[fracpart % 10];
fracpart = (fracpart / 10);
} while(fracpart && (fplace < 20));
if (fplace == 20)
fplace--;
if (fracpart)
{
do {
temp = fracpart*0.1;
my_modf(temp, &fracpart);
idx = (int) ((temp -fracpart +0.05)* 10.0);
/* idx = (int) ((((temp/10) -fracpart) +0.05) *10); */
/* printf ("%lf, %lf, %ld\n", temp, fracpart, idx ); */
fconvert[fplace++] =
(caps? "0123456789ABCDEF":"0123456789abcdef")[idx];
} while(fracpart && (fplace < 311));
if (fplace == 311) fplace--;
}
fconvert[fplace] = 0;
/* -1 for decimal point, another -1 if we are printing a sign */
padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
zpadlen = max - fplace;
if (zpadlen < 0)
zpadlen = 0;
if (zpadlen < 0) zpadlen = 0;
if (padlen < 0)
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen; /* Left Justifty */
if ((flags & DP_F_ZERO) && (padlen > 0)) {
if (signvalue) {
dopr_outch(buffer, currlen, maxlen, signvalue);
dopr_outch (buffer, currlen, maxlen, signvalue);
--padlen;
signvalue = 0;
}
while (padlen > 0) {
dopr_outch(buffer, currlen, maxlen, '0');
dopr_outch (buffer, currlen, maxlen, '0');
--padlen;
}
}
while (padlen > 0) {
dopr_outch(buffer, currlen, maxlen, ' ');
dopr_outch (buffer, currlen, maxlen, ' ');
--padlen;
}
if (signvalue)
dopr_outch(buffer, currlen, maxlen, signvalue);
dopr_outch (buffer, currlen, maxlen, signvalue);
while (iplace > 0)
dopr_outch(buffer, currlen, maxlen, iconvert[--iplace]);
dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]);
#ifdef DEBUG_SNPRINTF
printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);
#endif
/*
* Decimal point. This should probably use locale to find the
* correct char to print out.
* Decimal point. This should probably use locale to find the correct
* char to print out.
*/
dopr_outch(buffer, currlen, maxlen, '.');
if (max > 0) {
dopr_outch (buffer, currlen, maxlen, '.');
while (zpadlen > 0) {
dopr_outch (buffer, currlen, maxlen, '0');
--zpadlen;
}
while (fplace > 0)
dopr_outch(buffer, currlen, maxlen, fconvert[--fplace]);
while (zpadlen > 0) {
dopr_outch(buffer, currlen, maxlen, '0');
--zpadlen;
while (fplace > 0)
dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]);
}
while (padlen < 0) {
dopr_outch(buffer, currlen, maxlen, ' ');
dopr_outch (buffer, currlen, maxlen, ' ');
++padlen;
}
}
static void
dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
{
if (*currlen < maxlen)
buffer[(*currlen)++] = c;
if (*currlen < maxlen) {
buffer[(*currlen)] = c;
}
(*currlen)++;
}
#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */
#ifndef HAVE_VSNPRINTF
int
vsnprintf(char *str, size_t count, const char *fmt, va_list args)
#if !defined(HAVE_VSNPRINTF)
int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
{
str[0] = 0;
dopr(str, count, fmt, args);
return(strlen(str));
return dopr(str, count, fmt, args);
}
#endif /* !HAVE_VSNPRINTF */
#endif
#ifndef HAVE_SNPRINTF
int
snprintf(char *str,size_t count,const char *fmt,...)
#if !defined(HAVE_SNPRINTF)
int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
{
size_t ret;
va_list ap;
va_start(ap, fmt);
(void) vsnprintf(str, count, fmt, ap);
ret = vsnprintf(str, count, fmt, ap);
va_end(ap);
return(strlen(str));
return ret;
}
#endif
#endif /* !HAVE_SNPRINTF */

9
crypto/openssh/openbsd-compat/daemon.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */
/* $OpenBSD: daemon.c,v 1.6 2005/08/08 08:05:33 espie Exp $ */
/*-
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
@ -29,14 +28,12 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */
#include "includes.h"
#ifndef HAVE_DAEMON
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: daemon.c,v 1.5 2003/07/15 17:32:41 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
int
daemon(int nochdir, int noclose)
{

40
crypto/openssh/openbsd-compat/dirname.c
View File

@ -1,9 +1,7 @@
/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */
/* $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $ */
/* $OpenBSD: dirname.c,v 1.13 2005/08/08 08:05:33 espie Exp $ */
/*
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 1997, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -18,13 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */
#include "includes.h"
#ifndef HAVE_DIRNAME
#ifndef lint
static char rcsid[] = "$OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $";
#endif /* not lint */
#include <errno.h>
#include <string.h>
#include <sys/param.h>
@ -32,16 +28,18 @@ static char rcsid[] = "$OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Ex
char *
dirname(const char *path)
{
static char bname[MAXPATHLEN];
register const char *endp;
static char dname[MAXPATHLEN];
size_t len;
const char *endp;
/* Empty or NULL string gets treated as "." */
if (path == NULL || *path == '\0') {
(void)strlcpy(bname, ".", sizeof bname);
return(bname);
dname[0] = '.';
dname[1] = '\0';
return (dname);
}
/* Strip trailing slashes */
/* Strip any trailing slashes */
endp = path + strlen(path) - 1;
while (endp > path && *endp == '/')
endp--;
@ -52,19 +50,23 @@ dirname(const char *path)
/* Either the dir is "/" or there are no slashes */
if (endp == path) {
(void)strlcpy(bname, *endp == '/' ? "/" : ".", sizeof bname);
return(bname);
dname[0] = *endp == '/' ? '/' : '.';
dname[1] = '\0';
return (dname);
} else {
/* Move forward past the separating slashes */
do {
endp--;
} while (endp > path && *endp == '/');
}
if (endp - path + 2 > sizeof(bname)) {
len = endp - path + 1;
if (len >= sizeof(dname)) {
errno = ENAMETOOLONG;
return(NULL);
return (NULL);
}
strlcpy(bname, path, endp - path + 2);
return(bname);
memcpy(dname, path, len);
dname[len] = '\0';
return (dname);
}
#endif

54
crypto/openssh/openbsd-compat/getcwd.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */
/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp $ */
/*
* Copyright (c) 1989, 1991, 1993
* The Regents of the University of California. All rights reserved.
@ -29,14 +28,12 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */
#include "includes.h"
#if !defined(HAVE_GETCWD)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: getcwd.c,v 1.9 2003/06/11 21:03:10 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
#include <sys/stat.h>
#include <errno.h>
@ -54,12 +51,12 @@ static char rcsid[] = "$OpenBSD: getcwd.c,v 1.9 2003/06/11 21:03:10 deraadt Exp
char *
getcwd(char *pt, size_t size)
{
register struct dirent *dp;
register DIR *dir = NULL;
register dev_t dev;
register ino_t ino;
register int first;
register char *bpt, *bup;
struct dirent *dp;
DIR *dir = NULL;
dev_t dev;
ino_t ino;
int first;
char *bpt, *bup;
struct stat s;
dev_t root_dev;
ino_t root_ino;
@ -80,7 +77,7 @@ getcwd(char *pt, size_t size)
}
ept = pt + size;
} else {
if ((pt = malloc(ptsize = 1024 - 4)) == NULL)
if ((pt = malloc(ptsize = MAXPATHLEN)) == NULL)
return (NULL);
ept = pt + ptsize;
}
@ -88,13 +85,13 @@ getcwd(char *pt, size_t size)
*bpt = '\0';
/*
* Allocate bytes (1024 - malloc space) for the string of "../"'s.
* Allocate bytes for the string of "../"'s.
* Should always be enough (it's 340 levels). If it's not, allocate
* as necessary. Special * case the first stat, it's ".", not "..".
*/
if ((up = malloc(upsize = 1024 - 4)) == NULL)
if ((up = malloc(upsize = MAXPATHLEN)) == NULL)
goto err;
eup = up + MAXPATHLEN;
eup = up + upsize;
bup = up;
up[0] = '.';
up[1] = '\0';
@ -139,18 +136,16 @@ getcwd(char *pt, size_t size)
if ((nup = realloc(up, upsize *= 2)) == NULL)
goto err;
bup = nup + (bup - up);
up = nup;
bup = up;
eup = up + upsize;
}
*bup++ = '.';
*bup++ = '.';
*bup = '\0';
/* Open and stat parent directory.
* RACE?? - replaced fstat(dirfd(dir), &s) w/ lstat(up,&s)
*/
if (!(dir = opendir(up)) || lstat(up,&s))
/* Open and stat parent directory. */
if (!(dir = opendir(up)) || fstat(dirfd(dir), &s))
goto err;
/* Add trailing slash for next directory. */
@ -175,7 +170,7 @@ getcwd(char *pt, size_t size)
goto notfound;
if (ISDOT(dp))
continue;
memmove(bup, dp->d_name, dp->d_namlen + 1);
memcpy(bup, dp->d_name, dp->d_namlen + 1);
/* Save the first error for later. */
if (lstat(up, &s)) {
@ -193,19 +188,18 @@ getcwd(char *pt, size_t size)
* leading slash.
*/
if (bpt - pt < dp->d_namlen + (first ? 1 : 2)) {
size_t len, off;
size_t len;
char *npt;
if (!ptsize) {
errno = ERANGE;
goto err;
}
off = bpt - pt;
len = ept - bpt;
if ((npt = realloc(pt, ptsize *= 2)) == NULL)
goto err;
bpt = npt + (bpt - pt);
pt = npt;
bpt = pt + off;
ept = pt + ptsize;
memmove(ept - len, bpt, len);
bpt = ept - len;
@ -213,7 +207,7 @@ getcwd(char *pt, size_t size)
if (!first)
*--bpt = '/';
bpt -= dp->d_namlen;
memmove(bpt, dp->d_name, dp->d_namlen);
memcpy(bpt, dp->d_name, dp->d_namlen);
(void)closedir(dir);
/* Truncate any file name. */
@ -230,12 +224,16 @@ getcwd(char *pt, size_t size)
errno = save_errno ? save_errno : ENOENT;
/* FALLTHROUGH */
err:
save_errno = errno;
if (ptsize)
free(pt);
if (up)
free(up);
free(up);
if (dir)
(void)closedir(dir);
errno = save_errno;
return (NULL);
}

19
crypto/openssh/openbsd-compat/getgrouplist.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */
/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp $ */
/*
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
@ -29,14 +28,12 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */
#include "includes.h"
#ifndef HAVE_GETGROUPLIST
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.9 2003/06/25 21:16:47 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
/*
* get credential
*/
@ -46,14 +43,10 @@ static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.9 2003/06/25 21:16:47 deraad
#include <grp.h>
int
getgrouplist(uname, agroup, groups, grpcnt)
const char *uname;
gid_t agroup;
register gid_t *groups;
int *grpcnt;
getgrouplist(const char *uname, gid_t agroup, gid_t *groups, int *grpcnt)
{
register struct group *grp;
register int i, ngroups;
struct group *grp;
int i, ngroups;
int ret, maxgroups;
int bail;

4
crypto/openssh/openbsd-compat/getopt.c
View File

@ -1,5 +1,3 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
/*
* Copyright (c) 1987, 1993, 1994
* The Regents of the University of California. All rights reserved.
@ -29,6 +27,8 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
#include "includes.h"
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)

114
crypto/openssh/openbsd-compat/getrrsetbyname.c
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
/* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */
/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
/*
* Copyright (c) 2001 Jakob Schlyter. All rights reserved.
@ -45,54 +43,26 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
#include "includes.h"
#ifndef HAVE_GETRRSETBYNAME
#include "getrrsetbyname.h"
#define ANSWER_BUFFER_SIZE 1024*64
#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
extern int h_errno;
#endif
struct dns_query {
char *name;
u_int16_t type;
u_int16_t class;
struct dns_query *next;
};
/* We don't need multithread support here */
#ifdef _THREAD_PRIVATE
# undef _THREAD_PRIVATE
#endif
#define _THREAD_PRIVATE(a,b,c) (c)
struct __res_state _res;
struct dns_rr {
char *name;
u_int16_t type;
u_int16_t class;
u_int16_t ttl;
u_int16_t size;
void *rdata;
struct dns_rr *next;
};
struct dns_response {
HEADER header;
struct dns_query *query;
struct dns_rr *answer;
struct dns_rr *authority;
struct dns_rr *additional;
};
static struct dns_response *parse_dns_response(const u_char *, int);
static struct dns_query *parse_dns_qsection(const u_char *, int,
const u_char **, int);
static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **,
int);
static void free_dns_query(struct dns_query *);
static void free_dns_rr(struct dns_rr *);
static void free_dns_response(struct dns_response *);
static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);
/* Necessary functions and macros */
/*
* Inline versions of get/put short/long. Pointer is advanced.
@ -162,14 +132,56 @@ _getlong(msgp)
u_int32_t _getlong(register const u_char *);
#endif
/* ************** */
#define ANSWER_BUFFER_SIZE 1024*64
struct dns_query {
char *name;
u_int16_t type;
u_int16_t class;
struct dns_query *next;
};
struct dns_rr {
char *name;
u_int16_t type;
u_int16_t class;
u_int16_t ttl;
u_int16_t size;
void *rdata;
struct dns_rr *next;
};
struct dns_response {
HEADER header;
struct dns_query *query;
struct dns_rr *answer;
struct dns_rr *authority;
struct dns_rr *additional;
};
static struct dns_response *parse_dns_response(const u_char *, int);
static struct dns_query *parse_dns_qsection(const u_char *, int,
const u_char **, int);
static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **,
int);
static void free_dns_query(struct dns_query *);
static void free_dns_rr(struct dns_rr *);
static void free_dns_response(struct dns_response *);
static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);
int
getrrsetbyname(const char *hostname, unsigned int rdclass,
unsigned int rdtype, unsigned int flags,
struct rrsetinfo **res)
{
struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);
int result;
struct rrsetinfo *rrset = NULL;
struct dns_response *response;
struct dns_response *response = NULL;
struct dns_rr *rr;
struct rdatainfo *rdata;
int length;
@ -195,19 +207,19 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
}
/* initialize resolver */
if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
result = ERRSET_FAIL;
goto fail;
}
#ifdef DEBUG
_res.options |= RES_DEBUG;
_resp->options |= RES_DEBUG;
#endif /* DEBUG */
#ifdef RES_USE_DNSSEC
/* turn on DNSSEC if EDNS0 is configured */
if (_res.options & RES_USE_EDNS0)
_res.options |= RES_USE_DNSSEC;
if (_resp->options & RES_USE_EDNS0)
_resp->options |= RES_USE_DNSSEC;
#endif /* RES_USE_DNSEC */
/* make query */
@ -257,13 +269,11 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
#endif
/* copy name from answer section */
length = strlen(response->answer->name);
rrset->rri_name = malloc(length + 1);
rrset->rri_name = strdup(response->answer->name);
if (rrset->rri_name == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
strlcpy(rrset->rri_name, response->answer->name, length + 1);
/* count answers */
rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass,
@ -281,7 +291,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
/* allocate memory for signatures */
rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) {
if (rrset->rri_sigs == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
@ -311,6 +321,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
memcpy(rdata->rdi_data, rr->rdata, rr->size);
}
}
free_dns_response(response);
*res = rrset;
return (ERRSET_SUCCESS);
@ -318,6 +329,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
fail:
if (rrset != NULL)
freerrset(rrset);
if (response != NULL)
free_dns_response(response);
return (result);
}
@ -467,7 +480,8 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count)
}
static struct dns_rr *
parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, int count)
parse_dns_rrsection(const u_char *answer, int size, const u_char **cp,
int count)
{
struct dns_rr *head, *curr, *prev;
int i, length;

122
crypto/openssh/openbsd-compat/glob.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */
/* $OpenBSD: glob.c,v 1.25 2005/08/08 08:05:34 espie Exp $ */
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
@ -32,6 +31,8 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */
#include "includes.h"
#include <ctype.h>
@ -50,14 +51,6 @@ get_arg_max(void)
#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \
!defined(GLOB_HAS_GL_MATCHC)
#if defined(LIBC_SCCS) && !defined(lint)
#if 0
static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93";
#else
static char rcsid[] = "$OpenBSD: glob.c,v 1.22 2003/06/25 21:16:47 deraadt Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
/*
* glob(3) -- a superset of the one defined in POSIX 1003.2.
*
@ -158,10 +151,8 @@ static void qprintf(const char *, Char *);
#endif
int
glob(pattern, flags, errfunc, pglob)
const char *pattern;
int flags, (*errfunc)(const char *, int);
glob_t *pglob;
glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
glob_t *pglob)
{
const u_char *patnext;
int c;
@ -209,9 +200,7 @@ glob(pattern, flags, errfunc, pglob)
* characters
*/
static int
globexp1(pattern, pglob)
const Char *pattern;
glob_t *pglob;
globexp1(const Char *pattern, glob_t *pglob)
{
const Char* ptr = pattern;
int rv;
@ -234,10 +223,7 @@ globexp1(pattern, pglob)
* If it fails then it tries to glob the rest of the pattern and returns.
*/
static int
globexp2(ptr, pattern, pglob, rv)
const Char *ptr, *pattern;
glob_t *pglob;
int *rv;
globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
{
int i;
Char *lm, *ls;
@ -342,11 +328,7 @@ globexp2(ptr, pattern, pglob, rv)
* expand tilde from the passwd file.
*/
static const Char *
globtilde(pattern, patbuf, patbuf_len, pglob)
const Char *pattern;
Char *patbuf;
size_t patbuf_len;
glob_t *pglob;
globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob)
{
struct passwd *pwd;
char *h;
@ -414,9 +396,7 @@ globtilde(pattern, patbuf, patbuf_len, pglob)
* to find no matches.
*/
static int
glob0(pattern, pglob)
const Char *pattern;
glob_t *pglob;
glob0(const Char *pattern, glob_t *pglob)
{
const Char *qpatnext;
int c, err, oldpathc;
@ -503,17 +483,13 @@ glob0(pattern, pglob)
}
static int
compare(p, q)
const void *p, *q;
compare(const void *p, const void *q)
{
return(strcmp(*(char **)p, *(char **)q));
}
static int
glob1(pattern, pattern_last, pglob, limitp)
Char *pattern, *pattern_last;
glob_t *pglob;
size_t *limitp;
glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp)
{
Char pathbuf[MAXPATHLEN];
@ -531,12 +507,8 @@ glob1(pattern, pattern_last, pglob, limitp)
* meta characters.
*/
static int
glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
pattern_last, pglob, limitp)
Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
Char *pattern, *pattern_last;
glob_t *pglob;
size_t *limitp;
glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp)
{
struct stat sb;
Char *p, *q;
@ -595,14 +567,11 @@ glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
}
static int
glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
restpattern, restpattern_last, pglob, limitp)
Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
Char *pattern, *pattern_last, *restpattern, *restpattern_last;
glob_t *pglob;
size_t *limitp;
glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
Char *pattern, Char *pattern_last, Char *restpattern,
Char *restpattern_last, glob_t *pglob, size_t *limitp)
{
register struct dirent *dp;
struct dirent *dp;
DIR *dirp;
int err;
char buf[MAXPATHLEN];
@ -640,8 +609,8 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
else
readdirfunc = (struct dirent *(*)(void *))readdir;
while ((dp = (*readdirfunc)(dirp))) {
register u_char *sc;
register Char *dc;
u_char *sc;
Char *dc;
/* Initial DOT must be matched literally. */
if (dp->d_name[0] == DOT && *pattern != DOT)
@ -689,13 +658,10 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
* gl_pathv points to (gl_offs + gl_pathc + 1) items.
*/
static int
globextend(path, pglob, limitp)
const Char *path;
glob_t *pglob;
size_t *limitp;
globextend(const Char *path, glob_t *pglob, size_t *limitp)
{
register char **pathv;
register int i;
char **pathv;
int i;
u_int newsize, len;
char *copy;
const Char *p;
@ -747,8 +713,7 @@ globextend(path, pglob, limitp)
* pattern causes a recursion level.
*/
static int
match(name, pat, patend)
register Char *name, *pat, *patend;
match(Char *name, Char *pat, Char *patend)
{
int ok, negate_range;
Char c, k;
@ -759,11 +724,10 @@ match(name, pat, patend)
case M_ALL:
if (pat == patend)
return(1);
do
do {
if (match(name, pat, patend))
return(1);
while (*name++ != EOS)
;
} while (*name++ != EOS);
return(0);
case M_ONE:
if (*name++ == EOS)
@ -796,11 +760,10 @@ match(name, pat, patend)
/* Free allocated data belonging to a glob_t structure. */
void
globfree(pglob)
glob_t *pglob;
globfree(glob_t *pglob)
{
register int i;
register char **pp;
int i;
char **pp;
if (pglob->gl_pathv != NULL) {
pp = pglob->gl_pathv + pglob->gl_offs;
@ -813,9 +776,7 @@ globfree(pglob)
}
static DIR *
g_opendir(str, pglob)
register Char *str;
glob_t *pglob;
g_opendir(Char *str, glob_t *pglob)
{
char buf[MAXPATHLEN];
@ -833,10 +794,7 @@ g_opendir(str, pglob)
}
static int
g_lstat(fn, sb, pglob)
register Char *fn;
struct stat *sb;
glob_t *pglob;
g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
{
char buf[MAXPATHLEN];
@ -848,10 +806,7 @@ g_lstat(fn, sb, pglob)
}
static int
g_stat(fn, sb, pglob)
register Char *fn;
struct stat *sb;
glob_t *pglob;
g_stat(Char *fn, struct stat *sb, glob_t *pglob)
{
char buf[MAXPATHLEN];
@ -863,9 +818,7 @@ g_stat(fn, sb, pglob)
}
static Char *
g_strchr(str, ch)
Char *str;
int ch;
g_strchr(Char *str, int ch)
{
do {
if (*str == ch)
@ -875,10 +828,7 @@ g_strchr(str, ch)
}
static int
g_Ctoc(str, buf, len)
register const Char *str;
char *buf;
u_int len;
g_Ctoc(const Char *str, char *buf, u_int len)
{
while (len--) {
@ -890,11 +840,9 @@ g_Ctoc(str, buf, len)
#ifdef DEBUG
static void
qprintf(str, s)
const char *str;
register Char *s;
qprintf(const char *str, Char *s)
{
register Char *p;
Char *p;
(void)printf("%s:\n", str);
for (p = s; *p; p++)

8
crypto/openssh/openbsd-compat/glob.h
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: include/glob.h */
/* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */
/* $OpenBSD: glob.h,v 1.9 2004/10/07 16:56:11 millert Exp $ */
/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */
/*
@ -37,6 +35,8 @@
* @(#)glob.h 8.1 (Berkeley) 6/2/93
*/
/* OPENBSD ORIGINAL: include/glob.h */
#if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \
!defined(GLOB_HAS_GL_MATCHC)
@ -72,6 +72,7 @@ typedef struct {
#define GLOB_MARK 0x0008 /* Append / to matching directories. */
#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */
#define GLOB_NOSORT 0x0020 /* Don't sort. */
#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */
#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */
#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */
@ -79,7 +80,6 @@ typedef struct {
#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */
#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */
#define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */
/* Error values returned by glob(3) */

28
crypto/openssh/openbsd-compat/inet_aton.c
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */
/* $OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $ */
/* $OpenBSD: inet_addr.c,v 1.9 2005/08/06 20:30:03 espie Exp $ */
/*
* Copyright (c) 1983, 1990, 1993
@ -51,19 +49,12 @@
* --Copyright--
*/
/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */
#include "includes.h"
#if !defined(HAVE_INET_ATON)
#if defined(LIBC_SCCS) && !defined(lint)
#if 0
static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
static char rcsid[] = "$From: inet_addr.c,v 8.5 1996/08/05 08:31:35 vixie Exp $";
#else
static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <sys/param.h>
#include <netinet/in.h>
@ -76,8 +67,7 @@ static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert E
* The value returned is in network order.
*/
in_addr_t
inet_addr(cp)
register const char *cp;
inet_addr(const char *cp)
{
struct in_addr val;
@ -97,11 +87,11 @@ inet_addr(cp)
int
inet_aton(const char *cp, struct in_addr *addr)
{
register u_int32_t val;
register int base, n;
register char c;
unsigned int parts[4];
register unsigned int *pp = parts;
u_int32_t val;
int base, n;
char c;
u_int parts[4];
u_int *pp = parts;
c = *cp;
for (;;) {

14
crypto/openssh/openbsd-compat/inet_ntoa.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */
/* $OpenBSD: inet_ntoa.c,v 1.6 2005/08/06 20:30:03 espie Exp $ */
/*
* Copyright (c) 1983, 1993
* The Regents of the University of California. All rights reserved.
@ -29,14 +28,12 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */
#include "includes.h"
#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert Exp $";
#endif /* LIBC_SCCS and not lint */
/*
* Convert network-format internet address
* to base 256 d.d.d.d representation.
@ -46,10 +43,11 @@ static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert E
#include <arpa/inet.h>
#include <stdio.h>
char *inet_ntoa(struct in_addr in)
char *
inet_ntoa(struct in_addr in)
{
static char b[18];
register char *p;
char *p;
p = (char *)&in;
#define UC(b) (((int)b)&0xff)

30
crypto/openssh/openbsd-compat/inet_ntop.c
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */
/* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */
/* $OpenBSD: inet_ntop.c,v 1.7 2005/08/06 20:30:03 espie Exp $ */
/* Copyright (c) 1996 by Internet Software Consortium.
*
@ -18,18 +16,12 @@
* SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */
#include "includes.h"
#ifndef HAVE_INET_NTOP
#if defined(LIBC_SCCS) && !defined(lint)
#if 0
static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $";
#else
static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
@ -65,11 +57,7 @@ static const char *inet_ntop6(const u_char *src, char *dst, size_t size);
* Paul Vixie, 1996.
*/
const char *
inet_ntop(af, src, dst, size)
int af;
const void *src;
char *dst;
size_t size;
inet_ntop(int af, const void *src, char *dst, size_t size)
{
switch (af) {
case AF_INET:
@ -95,10 +83,7 @@ inet_ntop(af, src, dst, size)
* Paul Vixie, 1996.
*/
static const char *
inet_ntop4(src, dst, size)
const u_char *src;
char *dst;
size_t size;
inet_ntop4(const u_char *src, char *dst, size_t size)
{
static const char fmt[] = "%u.%u.%u.%u";
char tmp[sizeof "255.255.255.255"];
@ -120,10 +105,7 @@ inet_ntop4(src, dst, size)
* Paul Vixie, 1996.
*/
static const char *
inet_ntop6(src, dst, size)
const u_char *src;
char *dst;
size_t size;
inet_ntop6(const u_char *src, char *dst, size_t size)
{
/*
* Note that int32_t and int16_t need only be "at least" large enough

19
crypto/openssh/openbsd-compat/mktemp.c
View File

@ -1,8 +1,7 @@
/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */
/* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */
/* Changes: Removed mktemp */
/* $OpenBSD: mktemp.c,v 1.19 2005/08/08 08:05:36 espie Exp $ */
/*
* Copyright (c) 1987, 1993
* The Regents of the University of California. All rights reserved.
@ -32,20 +31,16 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */
#include "includes.h"
#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $";
#endif /* LIBC_SCCS and not lint */
static int _gettemp(char *, int *, int, int);
int
mkstemps(path, slen)
char *path;
int slen;
mkstemps(char *path, int slen)
{
int fd;
@ -53,8 +48,7 @@ mkstemps(path, slen)
}
int
mkstemp(path)
char *path;
mkstemp(char *path)
{
int fd;
@ -62,8 +56,7 @@ mkstemp(path)
}
char *
mkdtemp(path)
char *path;
mkdtemp(char *path)
{
return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL);
}

15
crypto/openssh/openbsd-compat/openbsd-compat.h
View File

@ -1,4 +1,4 @@
/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */
/* $Id: openbsd-compat.h,v 1.33 2005/12/31 05:33:37 djm Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@ -142,6 +142,10 @@ unsigned int arc4random(void);
void arc4random_stir(void);
#endif /* !HAVE_ARC4RANDOM */
#ifndef HAVE_ASPRINTF
int asprintf(char **, const char *, ...);
#endif
#ifndef HAVE_OPENPTY
int openpty(int *, int *, char *, struct termios *, struct winsize *);
#endif /* HAVE_OPENPTY */
@ -152,10 +156,18 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *);
int snprintf(char *, size_t, const char *, ...);
#endif
#ifndef HAVE_STRTOLL
long long strtoll(const char *, char **, int);
#endif
#ifndef HAVE_STRTONUM
long long strtonum(const char *, long long, long long, const char **);
#endif
#ifndef HAVE_VASPRINTF
int vasprintf(char **, const char *, va_list);
#endif
#ifndef HAVE_VSNPRINTF
int vsnprintf(char *, size_t, const char *, va_list);
#endif
@ -174,5 +186,6 @@ char *shadow_pw(struct passwd *pw);
#include "port-irix.h"
#include "port-aix.h"
#include "port-uw.h"
#include "port-tun.h"
#endif /* _OPENBSD_COMPAT_H */

15
crypto/openssh/openbsd-compat/openssl-compat.h
View File

@ -1,4 +1,4 @@
/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@ -24,7 +24,11 @@
# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
#endif
#if OPENSSL_VERSION_NUMBER < 0x00907000L
#if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES)
# define USE_BUILTIN_RIJNDAEL
#endif
#ifdef USE_BUILTIN_RIJNDAEL
# define EVP_aes_128_cbc evp_rijndael
# define EVP_aes_192_cbc evp_rijndael
# define EVP_aes_256_cbc evp_rijndael
@ -43,7 +47,12 @@ extern const EVP_CIPHER *evp_acss(void);
#endif
/*
* insert comment here
* We overload some of the OpenSSL crypto functions with ssh_* equivalents
* which cater for older and/or less featureful OpenSSL version.
*
* In order for the compat library to call the real functions, it must
* define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
* implement the ssh_* equivalents.
*/
#ifdef SSH_OLD_EVP

252
crypto/openssh/openbsd-compat/port-tun.c Normal file
View File

@ -0,0 +1,252 @@
/*
* Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#include "log.h"
#include "misc.h"
#include "bufaux.h"
/*
* This is the portable version of the SSH tunnel forwarding, it
* uses some preprocessor definitions for various platform-specific
* settings.
*
* SSH_TUN_LINUX Use the (newer) Linux tun/tap device
* SSH_TUN_COMPAT_AF Translate the OpenBSD address family
* SSH_TUN_PREPEND_AF Prepend/remove the address family
*/
/*
* System-specific tunnel open function
*/
#if defined(SSH_TUN_LINUX)
#include <linux/if.h>
#include <linux/if_tun.h>
int
sys_tun_open(int tun, int mode)
{
struct ifreq ifr;
int fd = -1;
const char *name = NULL;
if ((fd = open("/dev/net/tun", O_RDWR)) == -1) {
debug("%s: failed to open tunnel control interface: %s",
__func__, strerror(errno));
return (-1);
}
bzero(&ifr, sizeof(ifr));
if (mode == SSH_TUNMODE_ETHERNET) {
ifr.ifr_flags = IFF_TAP;
name = "tap%d";
} else {
ifr.ifr_flags = IFF_TUN;
name = "tun%d";
}
ifr.ifr_flags |= IFF_NO_PI;
if (tun != SSH_TUNID_ANY) {
if (tun > SSH_TUNID_MAX) {
debug("%s: invalid tunnel id %x: %s", __func__,
tun, strerror(errno));
goto failed;
}
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
}
if (ioctl(fd, TUNSETIFF, &ifr) == -1) {
debug("%s: failed to configure tunnel (mode %d): %s", __func__,
mode, strerror(errno));
goto failed;
}
if (tun == SSH_TUNID_ANY)
debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
else
debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
return (fd);
failed:
close(fd);
return (-1);
}
#endif /* SSH_TUN_LINUX */
#ifdef SSH_TUN_FREEBSD
#include <sys/socket.h>
#include <net/if.h>
#include <net/if_tun.h>
int
sys_tun_open(int tun, int mode)
{
struct ifreq ifr;
char name[100];
int fd = -1, sock, flag;
const char *tunbase = "tun";
if (mode == SSH_TUNMODE_ETHERNET) {
#ifdef SSH_TUN_NO_L2
debug("%s: no layer 2 tunnelling support", __func__);
return (-1);
#else
tunbase = "tap";
#endif
}
/* Open the tunnel device */
if (tun <= SSH_TUNID_MAX) {
snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun);
fd = open(name, O_RDWR);
} else if (tun == SSH_TUNID_ANY) {
for (tun = 100; tun >= 0; tun--) {
snprintf(name, sizeof(name), "/dev/%s%d",
tunbase, tun);
if ((fd = open(name, O_RDWR)) >= 0)
break;
}
} else {
debug("%s: invalid tunnel %u\n", __func__, tun);
return (-1);
}
if (fd < 0) {
debug("%s: %s open failed: %s", __func__, name,
strerror(errno));
return (-1);
}
/* Turn on tunnel headers */
flag = 1;
#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
if (mode != SSH_TUNMODE_ETHERNET &&
ioctl(fd, TUNSIFHEAD, &flag) == -1) {
debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,
strerror(errno));
close(fd);
}
#endif
debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
/* Set the tunnel device operation mode */
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
goto failed;
if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
goto failed;
ifr.ifr_flags |= IFF_UP;
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
goto failed;
close(sock);
return (fd);
failed:
if (fd >= 0)
close(fd);
if (sock >= 0)
close(sock);
debug("%s: failed to set %s mode %d: %s", __func__, name,
mode, strerror(errno));
return (-1);
}
#endif /* SSH_TUN_FREEBSD */
/*
* System-specific channel filters
*/
#if defined(SSH_TUN_FILTER)
#define OPENBSD_AF_INET 2
#define OPENBSD_AF_INET6 24
int
sys_tun_infilter(struct Channel *c, char *buf, int len)
{
#if defined(SSH_TUN_PREPEND_AF)
char rbuf[CHAN_RBUF];
struct ip *iph;
#endif
u_int32_t *af;
char *ptr = buf;
#if defined(SSH_TUN_PREPEND_AF)
if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af)))
return (-1);
ptr = (char *)&rbuf[0];
bcopy(buf, ptr + sizeof(u_int32_t), len);
len += sizeof(u_int32_t);
af = (u_int32_t *)ptr;
iph = (struct ip *)(ptr + sizeof(u_int32_t));
switch (iph->ip_v) {
case 6:
*af = AF_INET6;
break;
case 4:
default:
*af = AF_INET;
break;
}
#endif
#if defined(SSH_TUN_COMPAT_AF)
if (len < (int)sizeof(u_int32_t))
return (-1);
af = (u_int32_t *)ptr;
if (*af == htonl(AF_INET6))
*af = htonl(OPENBSD_AF_INET6);
else
*af = htonl(OPENBSD_AF_INET);
#endif
buffer_put_string(&c->input, ptr, len);
return (0);
}
u_char *
sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen)
{
u_char *buf;
u_int32_t *af;
*data = buffer_get_string(&c->output, dlen);
if (*dlen < sizeof(*af))
return (NULL);
buf = *data;
#if defined(SSH_TUN_PREPEND_AF)
*dlen -= sizeof(u_int32_t);
buf = *data + sizeof(u_int32_t);
#elif defined(SSH_TUN_COMPAT_AF)
af = ntohl(*(u_int32_t *)buf);
if (*af == OPENBSD_AF_INET6)
*af = htonl(AF_INET6);
else
*af = htonl(AF_INET);
#endif
return (buf);
}
#endif /* SSH_TUN_FILTER */

33
crypto/openssh/openbsd-compat/port-tun.h Normal file
View File

@ -0,0 +1,33 @@
/*
* Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _PORT_TUN_H
#define _PORT_TUN_H
#include "channels.h"
#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD)
# define CUSTOM_SYS_TUN_OPEN
int sys_tun_open(int, int);
#endif
#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF)
# define SSH_TUN_FILTER
int sys_tun_infilter(struct Channel *, char *, int);
u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *);
#endif
#endif

24
crypto/openssh/openbsd-compat/port-uw.c
View File

@ -25,7 +25,7 @@
#include "includes.h"
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
#ifdef HAVE_LIBIAF
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
@ -42,7 +42,6 @@ int
sys_auth_passwd(Authctxt *authctxt, const char *password)
{
struct passwd *pw = authctxt->pw;
char *encrypted_password;
char *salt;
int result;
@ -55,21 +54,24 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
/* Encrypt the candidate password using the proper salt. */
salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
#ifdef UNIXWARE_LONG_PASSWORDS
if (!nischeck(pw->pw_name))
encrypted_password = bigcrypt(password, salt);
else
#endif /* UNIXWARE_LONG_PASSWORDS */
encrypted_password = xcrypt(password, salt);
/*
* Authentication is accepted if the encrypted passwords
* are identical.
*/
result = (strcmp(encrypted_password, pw_password) == 0);
#ifdef UNIXWARE_LONG_PASSWORDS
if (!nischeck(pw->pw_name)) {
result = ((strcmp(bigcrypt(password, salt), pw_password) == 0)
|| (strcmp(osr5bigcrypt(password, salt), pw_password) == 0));
}
else
#endif /* UNIXWARE_LONG_PASSWORDS */
result = (strcmp(xcrypt(password, salt), pw_password) == 0);
#if !defined(BROKEN_LIBIAF)
if (authctxt->valid)
free(pw_password);
#endif
return(result);
}
@ -114,6 +116,7 @@ nischeck(char *namep)
functions that call shadow_pw() will need to free
*/
#if !defined(BROKEN_LIBIAF)
char *
get_iaf_password(struct passwd *pw)
{
@ -130,5 +133,6 @@ get_iaf_password(struct passwd *pw)
else
fatal("ia_openinfo: Unable to open the shadow passwd file");
}
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
#endif /* !BROKEN_LIBIAF */
#endif /* HAVE_LIBIAF */

8
crypto/openssh/openbsd-compat/readpassphrase.c
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
/* $OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $ */
/* $OpenBSD: readpassphrase.c,v 1.18 2005/08/08 08:05:34 espie Exp $ */
/*
* Copyright (c) 2000-2002 Todd C. Miller <Todd.Miller@courtesan.com>
@ -22,9 +20,7 @@
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
#if defined(LIBC_SCCS) && !defined(lint)
static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $";
#endif /* LIBC_SCCS and not lint */
/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
#include "includes.h"

43
crypto/openssh/openbsd-compat/readpassphrase.h
View File

@ -1,34 +1,27 @@
/* OPENBSD ORIGINAL: include/readpassphrase.h */
/* $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $ */
/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */
/*
* Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
* Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
/* OPENBSD ORIGINAL: include/readpassphrase.h */
#ifndef _READPASSPHRASE_H_
#define _READPASSPHRASE_H_

5
crypto/openssh/openbsd-compat/realpath.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
/* $OpenBSD: realpath.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */
/*
* Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
*
@ -28,6 +27,8 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
#include "includes.h"
#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)

16
crypto/openssh/openbsd-compat/rresvport.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */
/* $OpenBSD: rresvport.c,v 1.9 2005/11/10 10:00:17 espie Exp $ */
/*
* Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
* Copyright (c) 1983, 1993, 1994
@ -30,26 +29,21 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */
#include "includes.h"
#ifndef HAVE_RRESVPORT_AF
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: rresvport.c,v 1.6 2003/06/03 02:11:35 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#include "includes.h"
#if 0
int
rresvport(alport)
int *alport;
rresvport(int *alport)
{
return rresvport_af(alport, AF_INET);
}
#endif
int
int
rresvport_af(int *alport, sa_family_t af)
{
struct sockaddr_storage ss;

80
crypto/openssh/openbsd-compat/setenv.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */
/* $OpenBSD: setenv.c,v 1.9 2005/08/08 08:05:37 espie Exp $ */
/*
* Copyright (c) 1987 Regents of the University of California.
* All rights reserved.
@ -29,36 +28,31 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */
#include "includes.h"
#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV)
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdlib.h>
#include <string.h>
char *__findenv(const char *name, int *offset);
extern char **environ;
/* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */
/*
* __findenv --
* Returns pointer to value associated with name, if any, else NULL.
* Sets offset to be the offset of the name/value combination in the
* environmental array, for use by setenv(3) and unsetenv(3).
* Explicitly removes '=' in argument name.
*
* This routine *should* be a static; don't use it.
*/
char *
__findenv(name, offset)
register const char *name;
int *offset;
static char *
__findenv(const char *name, int *offset)
{
extern char **environ;
register int len, i;
register const char *np;
register char **p, *cp;
int len, i;
const char *np;
char **p, *cp;
if (name == NULL || environ == NULL)
return (NULL);
@ -84,14 +78,10 @@ __findenv(name, offset)
* "value". If rewrite is set, replace any current value.
*/
int
setenv(name, value, rewrite)
register const char *name;
register const char *value;
int rewrite;
setenv(const char *name, const char *value, int rewrite)
{
extern char **environ;
static int alloced; /* if allocated space before */
register char *C;
static char **lastenv; /* last value of environ */
char *C;
int l_value, offset;
if (*value == '=') /* no `=' in value */
@ -106,30 +96,23 @@ setenv(name, value, rewrite)
return (0);
}
} else { /* create new slot */
register int cnt;
register char **P;
size_t cnt;
char **P;
for (P = environ, cnt = 0; *P; ++P, ++cnt);
if (alloced) { /* just increase size */
P = (char **)realloc((void *)environ,
(size_t)(sizeof(char *) * (cnt + 2)));
if (!P)
return (-1);
environ = P;
}
else { /* get new space */
alloced = 1; /* copy old entries into it */
P = (char **)malloc((size_t)(sizeof(char *) *
(cnt + 2)));
if (!P)
return (-1);
memmove(P, environ, cnt * sizeof(char *));
environ = P;
}
environ[cnt + 1] = NULL;
for (P = environ; *P != NULL; P++)
;
cnt = P - environ;
P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2));
if (!P)
return (-1);
if (lastenv != environ)
memcpy(P, environ, cnt * sizeof(char *));
lastenv = environ = P;
offset = cnt;
environ[cnt + 1] = NULL;
}
for (C = (char *)name; *C && *C != '='; ++C); /* no `=' in name */
for (C = (char *)name; *C && *C != '='; ++C)
; /* no `=' in name */
if (!(environ[offset] = /* name + `=' + value */
malloc((size_t)((int)(C - name) + l_value + 2))))
return (-1);
@ -147,15 +130,12 @@ setenv(name, value, rewrite)
* Delete environmental variable "name".
*/
void
unsetenv(name)
const char *name;
unsetenv(const char *name)
{
extern char **environ;
register char **P;
char **P;
int offset;
char *__findenv();
while (__findenv(name, &offset)) /* if set multiple times */
while (__findenv(name, &offset)) /* if set multiple times */
for (P = &environ[offset];; ++P)
if (!(*P = *(P + 1)))
break;

8
crypto/openssh/openbsd-compat/sigact.c
View File

@ -1,9 +1,7 @@
/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */
/* $OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $ */
/* $OpenBSD: sigaction.c,v 1.4 2001/01/22 18:01:48 millert Exp $ */
/****************************************************************************
* Copyright (c) 1998 Free Software Foundation, Inc. *
* Copyright (c) 1998,2000 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@ -35,6 +33,8 @@
* and: Eric S. Raymond <esr@snark.thyrsus.com> *
****************************************************************************/
/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */
#include "includes.h"
#include <signal.h>
#include "sigact.h"

8
crypto/openssh/openbsd-compat/sigact.h
View File

@ -1,7 +1,7 @@
/* $OpenBSD: SigAction.h,v 1.2 1999/06/27 08:15:19 millert Exp $ */
/* $OpenBSD: SigAction.h,v 1.3 2001/01/22 18:01:32 millert Exp $ */
/****************************************************************************
* Copyright (c) 1998 Free Software Foundation, Inc. *
* Copyright (c) 1998,2000 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@ -34,12 +34,14 @@
****************************************************************************/
/*
* $From: SigAction.h,v 1.5 1999/06/19 23:00:54 tom Exp $
* $From: SigAction.h,v 1.6 2000/12/10 02:36:10 tom Exp $
*
* This file exists to handle non-POSIX systems which don't have <unistd.h>,
* and usually no sigaction() nor <termios.h>
*/
/* OPENBSD ORIGINAL: lib/libcurses/SigAction.h */
#ifndef _SIGACTION_H
#define _SIGACTION_H

16
crypto/openssh/openbsd-compat/strlcat.c
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */
/* $OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $ */
/* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
@ -18,13 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */
#include "includes.h"
#ifndef HAVE_STRLCAT
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <string.h>
@ -38,9 +34,9 @@ static char *rcsid = "$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp
size_t
strlcat(char *dst, const char *src, size_t siz)
{
register char *d = dst;
register const char *s = src;
register size_t n = siz;
char *d = dst;
const char *s = src;
size_t n = siz;
size_t dlen;
/* Find the end of dst and adjust bytes left but don't go past end */

16
crypto/openssh/openbsd-compat/strlcpy.c
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
/* $OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $ */
/* $OpenBSD: strlcpy.c,v 1.10 2005/08/08 08:05:37 espie Exp $ */
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
@ -18,13 +16,11 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
#include "includes.h"
#ifndef HAVE_STRLCPY
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <string.h>
@ -36,9 +32,9 @@ static char *rcsid = "$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp
size_t
strlcpy(char *dst, const char *src, size_t siz)
{
register char *d = dst;
register const char *s = src;
register size_t n = siz;
char *d = dst;
const char *s = src;
size_t n = siz;
/* Copy as many bytes as will fit */
if (n != 0 && --n != 0) {

14
crypto/openssh/openbsd-compat/strmode.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */
/* $OpenBSD: strmode.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
* All rights reserved.
@ -29,13 +28,11 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */
#include "includes.h"
#ifndef HAVE_STRMODE
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: strmode.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
@ -71,11 +68,6 @@ strmode(int mode, char *p)
case S_IFIFO: /* fifo */
*p++ = 'p';
break;
#endif
#ifdef S_IFWHT
case S_IFWHT: /* whiteout */
*p++ = 'w';
break;
#endif
default: /* unknown */
*p++ = '?';

14
crypto/openssh/openbsd-compat/strsep.c
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */
/* $OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $ */
/* $OpenBSD: strsep.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */
/*-
* Copyright (c) 1990, 1993
@ -31,6 +29,8 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */
#include "includes.h"
#if !defined(HAVE_STRSEP)
@ -38,14 +38,6 @@
#include <string.h>
#include <stdio.h>
#if defined(LIBC_SCCS) && !defined(lint)
#if 0
static char sccsid[] = "@(#)strsep.c 8.1 (Berkeley) 6/4/93";
#else
static char *rcsid = "$OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $";
#endif
#endif /* LIBC_SCCS and not lint */
/*
* Get next token from string *stringp, where tokens are possibly-empty
* strings separated by characters from delim.

9
crypto/openssh/openbsd-compat/strtoll.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
/* $OpenBSD: strtoll.c,v 1.6 2005/11/10 10:00:17 espie Exp $ */
/*-
* Copyright (c) 1992 The Regents of the University of California.
* All rights reserved.
@ -29,13 +28,11 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
#include "includes.h"
#ifndef HAVE_STRTOLL
#if defined(LIBC_SCCS) && !defined(lint)
static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/types.h>
#include <ctype.h>

4
crypto/openssh/openbsd-compat/strtonum.c
View File

@ -1,5 +1,3 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */
/*
@ -19,6 +17,8 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
#include "includes.h"
#ifndef HAVE_STRTONUM
#include <limits.h>

22
crypto/openssh/openbsd-compat/strtoul.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */
/* $OpenBSD: strtoul.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */
/*
* Copyright (c) 1990 Regents of the University of California.
* All rights reserved.
@ -29,13 +28,11 @@
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */
#include "includes.h"
#ifndef HAVE_STRTOUL
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <ctype.h>
#include <errno.h>
#include <limits.h>
@ -48,15 +45,12 @@ static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp
* alphabets and digits are each contiguous.
*/
unsigned long
strtoul(nptr, endptr, base)
const char *nptr;
char **endptr;
register int base;
strtoul(const char *nptr, char **endptr, int base)
{
register const char *s;
register unsigned long acc, cutoff;
register int c;
register int neg, any, cutlim;
const char *s;
unsigned long acc, cutoff;
int c;
int neg, any, cutlim;
/*
* See strtol for comments as to the logic used.

4
crypto/openssh/openbsd-compat/sys-queue.h
View File

@ -1,5 +1,3 @@
/* OPENBSD ORIGINAL: sys/sys/queue.h */
/* $OpenBSD: queue.h,v 1.25 2004/04/08 16:08:21 henning Exp $ */
/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
@ -34,6 +32,8 @@
* @(#)queue.h 8.5 (Berkeley) 8/20/94
*/
/* OPENBSD ORIGINAL: sys/sys/queue.h */
#ifndef _FAKE_QUEUE_H_
#define _FAKE_QUEUE_H_

4
crypto/openssh/openbsd-compat/sys-tree.h
View File

@ -1,5 +1,3 @@
/* OPENBSD ORIGINAL: sys/sys/tree.h */
/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -26,6 +24,8 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: sys/sys/tree.h */
#ifndef _SYS_TREE_H_
#define _SYS_TREE_H_

62
crypto/openssh/openbsd-compat/vis.c
View File

@ -1,5 +1,4 @@
/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */
/* $OpenBSD: vis.c,v 1.19 2005/09/01 17:15:49 millert Exp $ */
/*-
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
@ -28,36 +27,34 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */
#include "includes.h"
#if !defined(HAVE_STRNVIS)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: vis.c,v 1.12 2003/06/02 20:18:35 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <ctype.h>
#include <string.h>
#include "vis.h"
#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
isgraph((u_char)(c))) || \
((flag & VIS_SP) == 0 && (c) == ' ') || \
((flag & VIS_TAB) == 0 && (c) == '\t') || \
((flag & VIS_NL) == 0 && (c) == '\n') || \
((flag & VIS_SAFE) && ((c) == '\b' || \
(c) == '\007' || (c) == '\r' || \
isgraph((u_char)(c)))))
#define isvisible(c) \
(((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
(((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \
(flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \
((flag & VIS_SP) == 0 && (c) == ' ') || \
((flag & VIS_TAB) == 0 && (c) == '\t') || \
((flag & VIS_NL) == 0 && (c) == '\n') || \
((flag & VIS_SAFE) && ((c) == '\b' || \
(c) == '\007' || (c) == '\r' || \
isgraph((u_char)(c)))))
/*
* vis - visually encode characters
*/
char *
vis(dst, c, flag, nextc)
register char *dst;
int c, nextc;
register int flag;
vis(char *dst, int c, int flag, int nextc)
{
if (isvisible(c)) {
*dst++ = c;
@ -111,7 +108,8 @@ vis(dst, c, flag, nextc)
goto done;
}
}
if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) {
if (((c & 0177) == ' ') || (flag & VIS_OCTAL) ||
((flag & VIS_GLOB) && (c == '*' || c == '?' || c == '[' || c == '#'))) {
*dst++ = '\\';
*dst++ = ((u_char)c >> 6 & 07) + '0';
*dst++ = ((u_char)c >> 3 & 07) + '0';
@ -124,7 +122,7 @@ vis(dst, c, flag, nextc)
c &= 0177;
*dst++ = 'M';
}
if (iscntrl(c)) {
if (iscntrl((u_char)c)) {
*dst++ = '^';
if (c == 0177)
*dst++ = '?';
@ -153,12 +151,9 @@ vis(dst, c, flag, nextc)
* This is useful for encoding a block of data.
*/
int
strvis(dst, src, flag)
register char *dst;
register const char *src;
int flag;
strvis(char *dst, const char *src, int flag)
{
register char c;
char c;
char *start;
for (start = dst; (c = *src);)
@ -168,16 +163,11 @@ strvis(dst, src, flag)
}
int
strnvis(dst, src, siz, flag)
char *dst;
const char *src;
size_t siz;
int flag;
strnvis(char *dst, const char *src, size_t siz, int flag)
{
char c;
char *start, *end;
char tbuf[5];
int i;
int c, i;
i = 0;
for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
@ -217,13 +207,9 @@ strnvis(dst, src, siz, flag)
}
int
strvisx(dst, src, len, flag)
register char *dst;
register const char *src;
register size_t len;
int flag;
strvisx(char *dst, const char *src, size_t len, int flag)
{
register char c;
char c;
char *start;
for (start = dst; len > 1; len--) {

15
crypto/openssh/openbsd-compat/vis.h
View File

@ -1,6 +1,4 @@
/* OPENBSD ORIGINAL: include/vis.h */
/* $OpenBSD: vis.h,v 1.6 2003/06/02 19:34:12 millert Exp $ */
/* $OpenBSD: vis.h,v 1.11 2005/08/09 19:38:31 millert Exp $ */
/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */
/*-
@ -34,6 +32,8 @@
* @(#)vis.h 5.9 (Berkeley) 4/3/91
*/
/* OPENBSD ORIGINAL: include/vis.h */
#include "includes.h"
#if !defined(HAVE_STRNVIS)
@ -63,6 +63,7 @@
* other
*/
#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
#define VIS_GLOB 0x100 /* encode glob(3) magics and '#' */
/*
* unvis return codes
@ -80,10 +81,14 @@
char *vis(char *, int, int, int);
int strvis(char *, const char *, int);
int strnvis(char *, const char *, size_t, int);
int strvisx(char *, const char *, size_t, int);
int strnvis(char *, const char *, size_t, int)
__attribute__ ((__bounded__(__string__,1,3)));
int strvisx(char *, const char *, size_t, int)
__attribute__ ((__bounded__(__string__,1,3)));
int strunvis(char *, const char *);
int unvis(char *, char, int *, int);
ssize_t strnunvis(char *, const char *, size_t)
__attribute__ ((__bounded__(__string__,1,3)));
#endif /* !_VIS_H_ */

2
crypto/openssh/opensshd.init.in
View File

@ -1,4 +1,4 @@
#!/sbin/sh
#!@STARTUP_SCRIPT_SHELL@
# Donated code that was put under PD license.
#
# Stripped PRNGd out of it for the time being.

4
crypto/openssh/packet.c
View File

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $");
RCSID("$OpenBSD: packet.c,v 1.120 2005/10/30 08:52:17 djm Exp $");
#include "openbsd-compat/sys-queue.h"
@ -572,7 +572,7 @@ packet_send1(void)
buffer_clear(&outgoing_packet);
/*
* Note that the packet is now only buffered in output. It won\'t be
* Note that the packet is now only buffered in output. It won't be
* actually sent until packet_write_wait or packet_write_poll is
* called.
*/

6
crypto/openssh/progressmeter.c
View File

@ -85,8 +85,8 @@ format_rate(char *buf, int size, off_t bytes)
bytes = (bytes + 512) / 1024;
}
snprintf(buf, size, "%3lld.%1lld%c%s",
(int64_t) (bytes + 5) / 100,
(int64_t) (bytes + 5) / 10 % 10,
(long long) (bytes + 5) / 100,
(long long) (bytes + 5) / 10 % 10,
unit[i],
i ? "B" : " ");
}
@ -99,7 +99,7 @@ format_size(char *buf, int size, off_t bytes)
for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++)
bytes = (bytes + 512) / 1024;
snprintf(buf, size, "%4lld%c%s",
(int64_t) bytes,
(long long) bytes,
unit[i],
i ? "B" : " ");
}

6
crypto/openssh/regress/README.regress
View File

@ -97,8 +97,12 @@ Known Issues.
unless ssh-rand-helper is in pre-installed (the path to
ssh-rand-helper is hard coded).
- Similarly, if you do not have "scp" in your system's $PATH then the
multiplex scp tests will fail (since the system's shell startup scripts
will determine where the shell started by sshd will look for scp).
- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
test to fail. The old behaviour can be restored by setting (and
exporting) _POSIX2_VERSION=199209 before running the tests.
$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $
$Id: README.regress,v 1.10 2005/10/03 10:14:18 dtucker Exp $

4
crypto/openssh/regress/agent-getpeereid.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
# $OpenBSD: agent-getpeereid.sh,v 1.2 2005/11/14 21:25:56 grunk Exp $
# Placed in the Public Domain.
tid="disallow agent attach from other uid"
@ -27,7 +27,7 @@ else
fail "ssh-add failed with $r != 1"
fi
< /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
< /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
r=$?
if [ $r -lt 2 ]; then
fail "ssh-add did not fail for ${UNPRIV}: $r < 2"

33
crypto/openssh/regress/forwarding.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: forwarding.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
# $OpenBSD: forwarding.sh,v 1.5 2005/03/10 10:20:39 dtucker Exp $
# Placed in the Public Domain.
tid="local and remote forwarding"
@ -32,3 +32,34 @@ for p in 1 2; do
sleep 10
done
for p in 1 2; do
trace "simple clear forwarding proto $p"
${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
trace "clear local forward proto $p"
${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
-oClearAllForwardings=yes somehost sleep 10
if [ $? != 0 ]; then
fail "connection failed with cleared local forwarding"
else
# this one should fail
${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
2>${TEST_SSH_LOGFILE} && \
fail "local forwarding not cleared"
fi
sleep 10
trace "clear remote forward proto $p"
${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
-oClearAllForwardings=yes somehost sleep 10
if [ $? != 0 ]; then
fail "connection failed with cleared remote forwarding"
else
# this one should fail
${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
2>${TEST_SSH_LOGFILE} && \
fail "remote forwarding not cleared"
fi
sleep 10
done

2
crypto/openssh/regress/multiplex.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $
# $OpenBSD: multiplex.sh,v 1.11 2005/04/25 09:54:09 dtucker Exp $
# Placed in the Public Domain.
CTL=/tmp/openssh.regress.ctl-sock.$$

5
crypto/openssh/regress/reconfigure.sh
View File

@ -15,8 +15,9 @@ esac
start_sshd
$SUDO kill -HUP `cat $PIDFILE`
sleep 1
PID=`cat $PIDFILE`
rm -f $PIDFILE
$SUDO kill -HUP $PID
trace "wait for sshd to restart"
i=0;

11
crypto/openssh/regress/scp-ssh-wrapper.sh
View File

@ -1,5 +1,5 @@
#!/bin/sh
# $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $
# $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $
# Placed in the Public Domain.
printname () {
@ -16,8 +16,11 @@ printname () {
done
}
# discard first 5 args
shift; shift; shift; shift; shift
# Discard all but last argument. We use arg later.
while test "$1" != ""; do
arg="$1"
shift
done
BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
@ -49,6 +52,6 @@ badserver_4)
echo "X"
;;
*)
exec $1
exec $arg
;;
esac

36
crypto/openssh/regress/scp.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: scp.sh,v 1.3 2004/07/08 12:59:35 dtucker Exp $
# $OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $
# Placed in the Public Domain.
tid="scp"
@ -28,6 +28,11 @@ scpclean() {
mkdir ${DIR} ${DIR2}
}
verbose "$tid: simple copy local file to local file"
scpclean
$SCP $scpopts ${DATA} ${COPY} || fail "copy failed"
cmp ${DATA} ${COPY} || fail "corrupted copy"
verbose "$tid: simple copy local file to remote file"
scpclean
$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
@ -44,6 +49,12 @@ cp ${DATA} ${COPY}
$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
verbose "$tid: simple copy local file to local dir"
scpclean
cp ${DATA} ${COPY}
$SCP $scpopts ${COPY} ${DIR} || fail "copy failed"
cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
verbose "$tid: simple copy remote file to local dir"
scpclean
cp ${DATA} ${COPY}
@ -57,6 +68,13 @@ cp ${DATA} ${DIR}/copy
$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
verbose "$tid: recursive local dir to local dir"
scpclean
rm -rf ${DIR2}
cp ${DATA} ${DIR}/copy
$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed"
diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
verbose "$tid: recursive remote dir to local dir"
scpclean
rm -rf ${DIR2}
@ -64,6 +82,13 @@ cp ${DATA} ${DIR}/copy
$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
verbose "$tid: shell metacharacters"
scpclean
(cd ${DIR} && \
touch '`touch metachartest`' && \
$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \
[ ! -f metachartest ] ) || fail "shell metacharacters"
if [ ! -z "$SUDO" ]; then
verbose "$tid: skipped file after scp -p with failed chown+utimes"
scpclean
@ -73,7 +98,7 @@ if [ ! -z "$SUDO" ]; then
chmod 660 ${DIR2}/copy
$SUDO chown root ${DIR2}/copy
$SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1
diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
$SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
$SUDO rm ${DIR2}/copy
fi
@ -91,5 +116,12 @@ for i in 0 1 2 3 4; do
[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
done
verbose "$tid: detect non-directory target"
scpclean
echo a > ${COPY}
echo b > ${COPY2}
$SCP $scpopts ${DATA} ${COPY} ${COPY2}
cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target"
scpclean
rm -f ${OBJ}/scp-ssh-wrapper.scp

7
crypto/openssh/regress/test-exec.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: test-exec.sh,v 1.27 2005/02/27 11:33:30 dtucker Exp $
# $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@ -24,6 +24,8 @@ if [ -x /usr/ucb/whoami ]; then
USER=`/usr/ucb/whoami`
elif whoami >/dev/null 2>&1; then
USER=`whoami`
elif logname >/dev/null 2>&1; then
USER=`logname`
else
USER=`id -un`
fi
@ -194,6 +196,7 @@ trap fatal 3 2
cat << EOF > $OBJ/sshd_config
StrictModes no
Port $PORT
AddressFamily inet
ListenAddress 127.0.0.1
#ListenAddress ::1
PidFile $PIDFILE
@ -244,7 +247,7 @@ trace "generate keys"
for t in rsa rsa1; do
# generate user key
rm -f $OBJ/$t
${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\
fail "ssh-keygen for $t failed"
# known hosts file for client

5
crypto/openssh/regress/try-ciphers.sh
View File

@ -1,9 +1,10 @@
# $OpenBSD: try-ciphers.sh,v 1.9 2004/02/28 13:44:45 dtucker Exp $
# $OpenBSD: try-ciphers.sh,v 1.10 2005/05/24 04:10:54 djm Exp $
# Placed in the Public Domain.
tid="try ciphers"
ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour
ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
arcfour128 arcfour256 arcfour
aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
aes128-ctr aes192-ctr aes256-ctr"
macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"

2
crypto/openssh/regress/yes-head.sh
View File

@ -4,7 +4,7 @@
tid="yes pipe head"
for p in 1 2; do
lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | head -2000"' | (sleep 3 ; wc -l)`
lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
if [ $? -ne 0 ]; then
fail "yes|head test failed"
lines = 0;

3
crypto/openssh/scp.1
View File

@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.38 2005/03/01 17:19:35 jmc Exp $
.\" $OpenBSD: scp.1,v 1.39 2006/01/20 00:14:55 dtucker Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@ -152,6 +152,7 @@ For full details of the options listed below, and their possible values, see
.It Protocol
.It ProxyCommand
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication
.It RSAAuthentication
.It SendEnv

9
crypto/openssh/sftp-client.c
View File

@ -20,7 +20,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $");
RCSID("$OpenBSD: sftp-client.c,v 1.58 2006/01/02 01:20:31 djm Exp $");
#include "openbsd-compat/sys-queue.h"
@ -42,9 +42,6 @@ extern int showprogress;
/* Minimum amount of data to read at at time */
#define MIN_READ_SIZE 512
/* Maximum packet size */
#define MAX_MSG_LENGTH (256 * 1024)
struct sftp_conn {
int fd_in;
int fd_out;
@ -59,7 +56,7 @@ send_msg(int fd, Buffer *m)
{
u_char mlen[4];
if (buffer_len(m) > MAX_MSG_LENGTH)
if (buffer_len(m) > SFTP_MAX_MSG_LENGTH)
fatal("Outbound message too long %u", buffer_len(m));
/* Send length first */
@ -87,7 +84,7 @@ get_msg(int fd, Buffer *m)
}
msg_len = buffer_get_int(m);
if (msg_len > MAX_MSG_LENGTH)
if (msg_len > SFTP_MAX_MSG_LENGTH)
fatal("Received message too long %u", msg_len);
buffer_append_space(m, msg_len);

5
crypto/openssh/sftp-common.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $ */
/* $OpenBSD: sftp-common.h,v 1.6 2006/01/02 01:20:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -25,6 +25,9 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* Maximum packet that we are willing to send/accept */
#define SFTP_MAX_MSG_LENGTH (256 * 1024)
typedef struct Attrib Attrib;
/* File attributes */

12
crypto/openssh/sftp-server.c
View File

@ -14,13 +14,14 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
RCSID("$OpenBSD: sftp-server.c,v 1.50 2006/01/02 01:20:31 djm Exp $");
#include "buffer.h"
#include "bufaux.h"
#include "getput.h"
#include "log.h"
#include "xmalloc.h"
#include "misc.h"
#include "sftp.h"
#include "sftp-common.h"
@ -427,7 +428,7 @@ process_read(void)
len = get_int();
TRACE("read id %u handle %d off %llu len %d", id, handle,
(u_int64_t)off, len);
(unsigned long long)off, len);
if (len > sizeof buf) {
len = sizeof buf;
logit("read change len %d", len);
@ -468,7 +469,7 @@ process_write(void)
data = get_string(&len);
TRACE("write id %u handle %d off %llu len %d", id, handle,
(u_int64_t)off, len);
(unsigned long long)off, len);
fd = handle_to_fd(handle);
if (fd >= 0) {
if (lseek(fd, off, SEEK_SET) < 0) {
@ -945,7 +946,7 @@ process(void)
return; /* Incomplete message. */
cp = buffer_ptr(&iqueue);
msg_len = GET_32BIT(cp);
if (msg_len > 256 * 1024) {
if (msg_len > SFTP_MAX_MSG_LENGTH) {
error("bad message ");
exit(11);
}
@ -1036,6 +1037,9 @@ main(int ac, char **av)
int in, out, max;
ssize_t len, olen, set_size;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
/* XXX should use getopt */
__progname = ssh_get_progname(av[0]);

5
crypto/openssh/sftp.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.61 2005/03/01 17:19:35 jmc Exp $
.\" $OpenBSD: sftp.1,v 1.63 2006/01/20 00:14:55 dtucker Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@ -78,7 +78,7 @@ to start in a remote directory.
The final usage format allows for automated sessions using the
.Fl b
option.
In such cases, it is usually necessary to configure public key authentication
In such cases, it is necessary to configure non-interactive authentication
to obviate the need to enter a password at connection time (see
.Xr sshd 8
and
@ -180,6 +180,7 @@ For full details of the options listed below, and their possible values, see
.It Protocol
.It ProxyCommand
.It PubkeyAuthentication
.It RekeyLimit
.It RhostsRSAAuthentication
.It RSAAuthentication
.It SendEnv

14
crypto/openssh/sftp.c
View File

@ -16,7 +16,7 @@
#include "includes.h"
RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
RCSID("$OpenBSD: sftp.c,v 1.70 2006/01/31 10:19:02 djm Exp $");
#ifdef USE_LIBEDIT
#include <histedit.h>
@ -697,6 +697,8 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
}
if (lflag & SORT_FLAGS) {
for (n = 0; d[n] != NULL; n++)
; /* count entries */
sort_flag = lflag & (SORT_FLAGS|LS_REVERSE_SORT);
qsort(d, n, sizeof(*d), sdirent_comp);
}
@ -1447,11 +1449,16 @@ main(int argc, char **argv)
extern int optind;
extern char *optarg;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
__progname = ssh_get_progname(argv[0]);
memset(&args, '\0', sizeof(args));
args.list = NULL;
addargs(&args, "ssh"); /* overwritten with ssh_program */
addargs(&args, ssh_program);
addargs(&args, "-oForwardX11 no");
addargs(&args, "-oForwardAgent no");
addargs(&args, "-oPermitLocalCommand no");
addargs(&args, "-oClearAllForwardings yes");
ll = SYSLOG_LEVEL_INFO;
@ -1483,6 +1490,7 @@ main(int argc, char **argv)
break;
case 'S':
ssh_program = optarg;
replacearg(&args, 0, "%s", ssh_program);
break;
case 'b':
if (batchmode)
@ -1559,7 +1567,6 @@ main(int argc, char **argv)
addargs(&args, "%s", host);
addargs(&args, "%s", (sftp_server != NULL ?
sftp_server : "sftp"));
args.list[0] = ssh_program;
if (!batchmode)
fprintf(stderr, "Connecting to %s...\n", host);
@ -1572,6 +1579,7 @@ main(int argc, char **argv)
fprintf(stderr, "Attaching to %s...\n", sftp_direct);
connect_to_server(sftp_direct, args.list, &in, &out);
}
freeargs(&args);
err = interactive_loop(in, out, file1, file2);

8
crypto/openssh/ssh-agent.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $
.\" $OpenBSD: ssh-agent.1,v 1.43 2005/11/28 06:02:56 dtucker Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -70,7 +70,7 @@ The options are as follows:
Bind the agent to the unix-domain socket
.Ar bind_address .
The default is
.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> .
.Pa /tmp/ssh-XXXXXXXXXX/agent.<ppid> .
.It Fl c
Generate C-shell commands on
.Dv stdout .
@ -90,7 +90,7 @@ environment variable).
.It Fl t Ar life
Set a default value for the maximum lifetime of identities added to the agent.
The lifetime may be specified in seconds or in a time format specified in
.Xr sshd 8 .
.Xr sshd_config 5 .
A lifetime specified for an identity with
.Xr ssh-add 1
overrides this value.
@ -185,7 +185,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
.It Pa /tmp/ssh-XXXXXXXXXX/agent.<ppid>
Unix-domain sockets used to contain the connection to the
authentication agent.
These sockets should only be readable by the owner.

9
crypto/openssh/ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $
.\"
.\" -*- nroff -*-
.\"
@ -118,6 +118,9 @@ keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
option.
If invoked without any arguments,
.Nm
will generate an RSA key for use in SSH protocol 2 connections.
.Pp
.Nm
is also used to generate groups for use in Diffie-Hellman group
@ -187,9 +190,9 @@ command.
Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient.
The default is 2048 bits.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
.It Fl C Ar comment
Provides a new comment.
.It Fl c

32
crypto/openssh/ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.135 2005/11/29 02:04:55 dtucker Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
#endif
#include "dns.h"
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
u_int32_t bits = 2048;
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
#define DEFAULT_BITS 2048
#define DEFAULT_BITS_DSA 1024
u_int32_t bits = 0;
/*
* Flag indicating that we just want to change the passphrase. This can be
@ -1018,6 +1020,9 @@ main(int ac, char **av)
extern int optind;
extern char *optarg;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
__progname = ssh_get_progname(av[0]);
SSLeay_add_all_algorithms();
@ -1041,7 +1046,7 @@ main(int ac, char **av)
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
switch (opt) {
case 'b':
bits = strtonum(optarg, 512, 32768, &errstr);
bits = strtonum(optarg, 768, 32768, &errstr);
if (errstr)
fatal("Bits has bad value %s (%s)",
optarg, errstr);
@ -1214,8 +1219,10 @@ main(int ac, char **av)
out_file, strerror(errno));
return (1);
}
if (bits == 0)
bits = DEFAULT_BITS;
if (gen_candidates(out, memory, bits, start) != 0)
fatal("modulus candidate generation failed\n");
fatal("modulus candidate generation failed");
return (0);
}
@ -1238,21 +1245,24 @@ main(int ac, char **av)
out_file, strerror(errno));
}
if (prime_test(in, out, trials, generator_wanted) != 0)
fatal("modulus screening failed\n");
fatal("modulus screening failed");
return (0);
}
arc4random_stir();
if (key_type_name == NULL) {
printf("You must specify a key type (-t).\n");
usage();
}
if (key_type_name == NULL)
key_type_name = "rsa";
type = key_type_from_name(key_type_name);
if (type == KEY_UNSPEC) {
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
if (bits == 0)
bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
if (type == KEY_DSA && bits != 1024)
fatal("DSA keys must be 1024 bits");
if (!quiet)
printf("Generating public/private %s key pair.\n", key_type_name);
private = key_generate(type, bits);
@ -1265,7 +1275,7 @@ main(int ac, char **av)
if (!have_identity)
ask_filename(pw, "Enter file in which to save the key");
/* Create ~/.ssh directory if it doesn\'t already exist. */
/* Create ~/.ssh directory if it doesn't already exist. */
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (strstr(identity_file, dotsshdir) != NULL &&
stat(dotsshdir, &st) < 0) {

3
crypto/openssh/ssh-keyscan.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keyscan.1,v 1.20 2005/03/01 15:47:14 jmc Exp $
.\" $OpenBSD: ssh-keyscan.1,v 1.21 2005/09/30 20:34:26 jaredy Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -156,6 +156,7 @@ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
.Xr ssh 1 ,
.Xr sshd 8
.Sh AUTHORS
.An -nosplit
.An David Mazieres Aq dm@lcs.mit.edu
wrote the initial version, and
.An Wayne Davison Aq wayned@users.sourceforge.net

9
crypto/openssh/ssh-keysign.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $");
RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
@ -148,6 +148,13 @@ main(int argc, char **argv)
u_int slen, dlen;
u_int32_t rnd[256];
/* Ensure that stdin and stdout are connected */
if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
exit(1);
/* Leave /dev/null fd iff it is attached to stderr */
if (fd > 2)
close(fd);
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);