d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r162852,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Dag-Erling Smørgrav 2006-09-30 13:29:51 +00:00
commit a435c625d7
182 changed files with 6512 additions and 752 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/openssh/CREDITS
View File

@ -25,6 +25,7 @@ Chris, the Young One <cky@pobox.com> - Password auth fixes
Christos Zoulas <christos@zoulas.com> - Autoconf fixes
Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
Corinna Vinschen <vinschen@redhat.com> - Cygwin support
Chad Mynhier <mynhier@interstel.net> - Solaris Process Contract support
Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
Darren Hall <dhall@virage.org> - AIX patches
Darren Tucker <dtucker@zip.com.au> - AIX BFF package scripts
@ -100,5 +101,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $

1671
crypto/openssh/ChangeLog
View File

File diff suppressed because it is too large Load Diff

35
crypto/openssh/INSTALL
View File

@ -12,6 +12,8 @@ http://www.openssl.org/
(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
Blowfish) do not work correctly.)
The remaining items are optional.
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
supports it. PAM is standard on Redhat and Debian Linux, Solaris and
HP-UX 11.
@ -57,13 +59,29 @@ installed. No other S/Key library is currently known to be supported.
http://www.sparc.spb.su/solaris/skey/
LibEdit:
sftp now supports command-line editing via NetBSD's libedit. If your
platform has it available natively you can use that, alternatively
you might try these multi-platform ports:
sftp supports command-line editing via NetBSD's libedit. If your platform
has it available natively you can use that, alternatively you might try
these multi-platform ports:
http://www.thrysoee.dk/editline/
http://sourceforge.net/projects/libedit/
Autoconf:
If you modify configure.ac or configure doesn't exist (eg if you checked
the code out of CVS yourself) then you will need autoconf-2.60 to rebuild
the automatically generated files by running "autoreconf".
http://www.gnu.org/software/autoconf/
Basic Security Module (BSM):
Native BSM support is know to exist in Solaris from at least 2.5.1,
FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM
implementation (http://www.openbsm.org).
2. Building / Installation
--------------------------
@ -113,6 +131,10 @@ name).
There are a few other options to the configure script:
--with-audit=[module] enable additional auditing via the specified module.
Currently, drivers for "debug" (additional info via syslog) and "bsm"
(Sun's Basic Security Module) are supported.
--with-pam enables PAM support. If PAM support is compiled in, it must
also be enabled in sshd_config (refer to the UsePAM directive).
@ -165,6 +187,8 @@ created.
--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
are installed.
--with-ssl-engine enables OpenSSL's (hardware) ENGINE support
--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
@ -208,7 +232,8 @@ for sshd, ssh and ssh-agent.
-------------------------
$ make survey
[check the contents and make sure there's no sensitive information]
[check the contents of the file "survey" to ensure there's no information
that you consider sensitive]
$ make send-survey
This will send configuration information for the currently configured
@ -225,4 +250,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $
$Id: INSTALL,v 1.76 2006/09/17 12:55:52 dtucker Exp $

22
crypto/openssh/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $
# $Id: Makefile.in,v 1.282 2006/09/12 11:54:10 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -43,6 +43,8 @@ LD=@LD@
CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
LIBSELINUX=@LIBSELINUX@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBPAM=@LIBPAM@
LIBWRAP=@LIBWRAP@
@ -62,11 +64,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o moduli.o nchan.o packet.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
readpass.o rsa.o ttymodes.o xmalloc.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
@ -86,7 +88,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
audit.o audit-bsm.o
audit.o audit-bsm.o platform.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@ -107,7 +109,7 @@ PATHSUBS = \
-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
-e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \
-e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
-e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
-e 's|/var/empty|$(PRIVSEP_PATH)|g' \
-e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
@ -136,7 +138,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -201,8 +203,9 @@ clean: regressclean
distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core opensshd.init
rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~
rm -f *.out core opensshd.init openssh.xml
rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds
rm -f survey.sh openbsd-compat/regress/Makefile *~
rm -rf autom4te.cache
(cd openbsd-compat && $(MAKE) distclean)
(cd scard && $(MAKE) distclean)
@ -410,6 +413,9 @@ tests: $(TARGETS)
EXEEXT="$(EXEEXT)" \
$@
compat-tests: $(LIBCOMPAT)
(cd openbsd-compat/regress && $(MAKE))
regressclean:
if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \
(cd regress && $(MAKE) clean) \

5
crypto/openssh/OVERVIEW
View File

@ -162,8 +162,7 @@ these programs.
- There are several other files in the distribution that contain
various auxiliary routines:
ssh.h the main header file for ssh (various definitions)
getput.h byte-order independent storage of integers
includes.h includes most system headers. Lots of #ifdefs.
tildexpand.c expand tilde in file names
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $

4
crypto/openssh/README
View File

@ -1,4 +1,4 @@
See http://www.openssh.com/txt/release-4.3 for the release notes.
See http://www.openssh.com/txt/release-4.4 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@ -62,4 +62,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.61 2005/12/01 11:21:04 dtucker Exp $
$Id: README,v 1.63 2006/09/01 11:32:53 dtucker Exp $

14
crypto/openssh/README.platform
View File

@ -30,6 +30,18 @@ gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl,
openssl-devel, zlib, minres, minires-devel.
Darwin and MacOS X
------------------
Darwin does not provide a tun(4) driver required for OpenSSH-based
virtual private networks. The BSD manpage still exists, but the driver
has been removed in recent releases of Darwin and MacOS X.
Nevertheless, tunnel support is known to work with Darwin 8 and
MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode
using a third party driver. More information is available at:
http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
Solaris
-------
If you enable BSM auditing on Solaris, you need to update audit_event(4)
@ -55,4 +67,4 @@ account stacks which will prevent authentication entirely, but will still
return the output from pam_nologin to the client.
$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $
$Id: README.platform,v 1.7 2006/06/23 11:05:13 dtucker Exp $

8
crypto/openssh/README.tun
View File

@ -87,12 +87,12 @@ combination with layer 2 tunneling and Ethernet bridging.
| Client |------( Internet )-----| access.somewhere.net |
+--------+ ( ) +----------------------+
: 192.168.1.78 |
:............................. +-------+
:............................. +-------+
Forwarded ssh connection : | dmzgw |
Layer 2 tunnel : +-------+
: |
: |
: +------------+
: +------------+
:......| sshgateway |
| +------------+
--- real connection Bridge -> | +----------+
@ -104,7 +104,7 @@ combination with layer 2 tunneling and Ethernet bridging.
Finally connect to the OpenSSH server to establish the tunnel by using
the following command:
ssh sshgateway
It is also possible to tell the client to fork into the background after
@ -129,4 +129,4 @@ interconnect corporate networks.
Reyk Floeter
$OpenBSD: README.tun,v 1.3 2005/12/08 18:34:10 reyk Exp $
$OpenBSD: README.tun,v 1.4 2006/03/28 00:12:31 deraadt Exp $

5
crypto/openssh/acss.c
View File

@ -1,4 +1,4 @@
/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */
/* $Id: acss.c,v 1.4 2006/07/24 04:51:01 djm Exp $ */
/*
* Copyright (c) 2004 The OpenBSD project
*
@ -16,6 +16,9 @@
*/
#include "includes.h"
#include <string.h>
#include <openssl/evp.h>
#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)

69
crypto/openssh/atomicio.c
View File

@ -1,4 +1,6 @@
/* $OpenBSD: atomicio.c,v 1.23 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2006 Damien Miller. All rights reserved.
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
* All rights reserved.
@ -25,7 +27,12 @@
*/
#include "includes.h"
RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
#include <sys/param.h>
#include <sys/uio.h>
#include <errno.h>
#include <string.h>
#include "atomicio.h"
@ -33,11 +40,7 @@ RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
* ensure all of data on socket comes through. f==read || f==vwrite
*/
size_t
atomicio(f, fd, _s, n)
ssize_t (*f) (int, void *, size_t);
int fd;
void *_s;
size_t n;
atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
{
char *s = _s;
size_t pos = 0;
@ -58,8 +61,60 @@ atomicio(f, fd, _s, n)
errno = EPIPE;
return pos;
default:
pos += (u_int)res;
pos += (size_t)res;
}
}
return (pos);
}
/*
* ensure all of data on socket comes through. f==readv || f==writev
*/
size_t
atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd,
const struct iovec *_iov, int iovcnt)
{
size_t pos = 0, rem;
ssize_t res;
struct iovec iov_array[IOV_MAX], *iov = iov_array;
if (iovcnt > IOV_MAX) {
errno = EINVAL;
return 0;
}
/* Make a copy of the iov array because we may modify it below */
memcpy(iov, _iov, iovcnt * sizeof(*_iov));
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
res = (f) (fd, iov, iovcnt);
switch (res) {
case -1:
if (errno == EINTR || errno == EAGAIN)
continue;
return 0;
case 0:
errno = EPIPE;
return pos;
default:
rem = (size_t)res;
pos += rem;
/* skip completed iov entries */
while (iovcnt > 0 && rem >= iov[0].iov_len) {
rem -= iov[0].iov_len;
iov++;
iovcnt--;
}
/* This shouldn't happen... */
if (rem > 0 && (iovcnt <= 0 || rem > iov[0].iov_len)) {
errno = EFAULT;
return 0;
}
if (iovcnt == 0)
break;
/* update pointer in partially complete iov */
iov[0].iov_base = ((char *)iov[0].iov_base) + rem;
iov[0].iov_len -= rem;
}
}
return pos;
}

14
crypto/openssh/atomicio.h
View File

@ -1,6 +1,7 @@
/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */
/* $OpenBSD: atomicio.h,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2006 Damien Miller. All rights reserved.
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
* All rights reserved.
*
@ -25,9 +26,20 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _ATOMICIO_H
#define _ATOMICIO_H
/*
* Ensure all of data on socket comes through. f==read || f==vwrite
*/
size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
#define vwrite (ssize_t (*)(int, void *, size_t))write
/*
* ensure all of data on socket comes through. f==readv || f==writev
*/
size_t atomiciov(ssize_t (*)(int, const struct iovec *, int),
int, const struct iovec *, int);
#endif /* _ATOMICIO_H */

9
crypto/openssh/audit-bsm.c
View File

@ -1,4 +1,4 @@
/* $Id: audit-bsm.c,v 1.1 2005/02/20 10:08:00 dtucker Exp $ */
/* $Id: audit-bsm.c,v 1.4 2006/09/01 05:38:36 djm Exp $ */
/*
* TODO
@ -37,8 +37,15 @@
#include "includes.h"
#if defined(USE_BSM_AUDIT)
#include <sys/types.h>
#include <stdarg.h>
#include <unistd.h>
#include "ssh.h"
#include "log.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "xmalloc.h"

7
crypto/openssh/audit.c
View File

@ -1,4 +1,4 @@
/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */
/* $Id: audit.c,v 1.5 2006/09/01 05:38:36 djm Exp $ */
/*
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@ -26,10 +26,15 @@
#include "includes.h"
#include <stdarg.h>
#include <string.h>
#ifdef SSH_AUDIT_EVENTS
#include "audit.h"
#include "log.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
/*

4
crypto/openssh/audit.h
View File

@ -1,4 +1,4 @@
/* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
/* $Id: audit.h,v 1.3 2006/08/05 14:05:10 dtucker Exp $ */
/*
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@ -24,8 +24,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "auth.h"
#ifndef _SSH_AUDIT_H
# define _SSH_AUDIT_H
enum ssh_audit_event_type {

18
crypto/openssh/auth-bsdauth.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: auth-bsdauth.c,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -21,13 +22,23 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: auth-bsdauth.c,v 1.6 2005/01/19 13:11:47 dtucker Exp $");
#include <sys/types.h>
#include <stdarg.h>
#ifdef BSD_AUTH
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
#include "buffer.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
static void *
@ -69,9 +80,8 @@ bsdauth_query(void *ctx, char **name, char **infotxt,
*name = xstrdup("");
*infotxt = xstrdup("");
*numprompts = 1;
*prompts = xmalloc(*numprompts * sizeof(char *));
*echo_on = xmalloc(*numprompts * sizeof(u_int));
(*echo_on)[0] = 0;
*prompts = xcalloc(*numprompts, sizeof(char *));
*echo_on = xcalloc(*numprompts, sizeof(u_int));
(*prompts)[0] = xstrdup(challenge);
return 0;

28
crypto/openssh/auth-options.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -10,18 +11,31 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $");
#include <sys/types.h>
#include <netdb.h>
#include <pwd.h>
#include <string.h>
#include <stdio.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "match.h"
#include "log.h"
#include "canohost.h"
#include "buffer.h"
#include "channels.h"
#include "auth-options.h"
#include "servconf.h"
#include "misc.h"
#include "monitor_wrap.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
@ -131,7 +145,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
forced_command = NULL;
goto bad_option;
}
forced_command[i] = 0;
forced_command[i] = '\0';
auth_debug_add("Forced command: %.900s", forced_command);
opts++;
goto next_option;
@ -163,7 +177,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
xfree(s);
goto bad_option;
}
s[i] = 0;
s[i] = '\0';
auth_debug_add("Adding to environment: %.900s", s);
debug("Adding to environment: %.900s", s);
opts++;
@ -200,7 +214,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
xfree(patterns);
goto bad_option;
}
patterns[i] = 0;
patterns[i] = '\0';
opts++;
if (match_host_and_ip(remote_host, remote_ip,
patterns) != 1) {
@ -245,7 +259,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
xfree(patterns);
goto bad_option;
}
patterns[i] = 0;
patterns[i] = '\0';
opts++;
p = patterns;
host = hpdelim(&p);
@ -293,7 +307,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
forced_tun_device = -1;
goto bad_option;
}
tun[i] = 0;
tun[i] = '\0';
forced_tun_device = a2tun(tun, NULL);
xfree(tun);
if (forced_tun_device == SSH_TUNID_ERR) {

2
crypto/openssh/auth-options.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */
/* $OpenBSD: auth-options.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

16
crypto/openssh/auth-rhosts.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -14,14 +15,27 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#endif
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#include "packet.h"
#include "buffer.h"
#include "uidswap.h"
#include "pathnames.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
/* import */

5
crypto/openssh/auth-shadow.c
View File

@ -23,11 +23,14 @@
*/
#include "includes.h"
RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $");
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#include <shadow.h>
#include <stdarg.h>
#include <string.h>
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "buffer.h"
#include "log.h"

19
crypto/openssh/auth-sia.c
View File

@ -25,14 +25,6 @@
#include "includes.h"
#ifdef HAVE_OSF_SIA
#include "ssh.h"
#include "auth.h"
#include "auth-sia.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "uidswap.h"
#include <sia.h>
#include <siad.h>
#include <pwd.h>
@ -40,8 +32,19 @@
#include <setjmp.h>
#include <sys/resource.h>
#include <unistd.h>
#include <stdarg.h>
#include <string.h>
#include "ssh.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "auth-sia.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "uidswap.h"
extern ServerOptions options;
extern int saved_argc;
extern char **saved_argv;

16
crypto/openssh/auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -28,16 +28,22 @@
#ifdef GSSAPI
#include <sys/types.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "log.h"
#include "dispatch.h"
#include "buffer.h"
#include "servconf.h"
#include "packet.h"
#include "monitor_wrap.h"
#include "ssh-gss.h"
#include "monitor_wrap.h"
extern ServerOptions options;
@ -100,6 +106,8 @@ userauth_gssapi(Authctxt *authctxt)
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
xfree(doid);
return (0);
}

17
crypto/openssh/auth2-hostbased.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.11 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -23,19 +24,27 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-hostbased.c,v 1.6 2004/01/19 21:25:15 markus Exp $");
#include "ssh2.h"
#include <sys/types.h>
#include <pwd.h>
#include <string.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "ssh2.h"
#include "packet.h"
#include "buffer.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "bufaux.h"
#include "auth.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "canohost.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "pathnames.h"

18
crypto/openssh/auth2-none.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -23,16 +24,29 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-none.c,v 1.7 2004/05/11 19:01:43 deraadt Exp $");
#include "auth.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <fcntl.h>
#include <stdarg.h>
#include <unistd.h>
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "packet.h"
#include "log.h"
#include "buffer.h"
#include "servconf.h"
#include "atomicio.h"
#include "compat.h"
#include "ssh2.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
/* import */

13
crypto/openssh/auth2-passwd.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -23,12 +24,22 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $");
#include <sys/types.h>
#include <string.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "packet.h"
#include "log.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "buffer.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "servconf.h"

18
crypto/openssh/auth2-pubkey.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -23,23 +24,32 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
#include <stdio.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "bufaux.h"
#include "auth.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "pathnames.h"
#include "uidswap.h"
#include "auth-options.h"
#include "canohost.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
#include "misc.h"

4
crypto/openssh/authfd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */
/* $OpenBSD: authfd.h,v 1.36 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -16,8 +16,6 @@
#ifndef AUTHFD_H
#define AUTHFD_H
#include "buffer.h"
/* Messages for the authentication agent connection. */
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2

5
crypto/openssh/authfile.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfile.h,v 1.10 2002/05/23 19:24:30 markus Exp $ */
/* $OpenBSD: authfile.h,v 1.13 2006/04/25 08:02:27 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -19,7 +19,8 @@ int key_save_private(Key *, const char *, const char *, const char *);
Key *key_load_public(const char *, char **);
Key *key_load_public_type(int, const char *, char **);
Key *key_load_private(const char *, const char *, char **);
Key *key_load_private_type(int, const char *, const char *, char **);
Key *key_load_private_type(int, const char *, const char *, char **, int *);
Key *key_load_private_pem(int, int, const char *, char **);
int key_perm_ok(int, const char *);
#endif

2
crypto/openssh/bufaux.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */
/* $OpenBSD: bufaux.h,v 1.22 2006/03/25 22:22:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

215
crypto/openssh/bufbn.c Normal file
View File

@ -0,0 +1,215 @@
/* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Auxiliary functions for storing and retrieving various data types to/from
* Buffers.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*
*
* SSH2 packet format added by Markus Friedl
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#include <sys/types.h>
#include <openssl/bn.h>
#include <string.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "buffer.h"
#include "log.h"
#include "misc.h"
/*
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
* by (bits+7)/8 bytes of binary data, msb first.
*/
int
buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
{
int bits = BN_num_bits(value);
int bin_size = (bits + 7) / 8;
u_char *buf = xmalloc(bin_size);
int oi;
char msg[2];
/* Get the value of in binary */
oi = BN_bn2bin(value, buf);
if (oi != bin_size) {
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
oi, bin_size);
xfree(buf);
return (-1);
}
/* Store the number of bits in the buffer in two bytes, msb first. */
put_u16(msg, bits);
buffer_append(buffer, msg, 2);
/* Store the binary data. */
buffer_append(buffer, buf, oi);
memset(buf, 0, bin_size);
xfree(buf);
return (0);
}
void
buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
{
if (buffer_put_bignum_ret(buffer, value) == -1)
fatal("buffer_put_bignum: buffer error");
}
/*
* Retrieves an BIGNUM from the buffer.
*/
int
buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
{
u_int bits, bytes;
u_char buf[2], *bin;
/* Get the number for bits. */
if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
error("buffer_get_bignum_ret: invalid length");
return (-1);
}
bits = get_u16(buf);
/* Compute the number of binary bytes that follow. */
bytes = (bits + 7) / 8;
if (bytes > 8 * 1024) {
error("buffer_get_bignum_ret: cannot handle BN of size %d", bytes);
return (-1);
}
if (buffer_len(buffer) < bytes) {
error("buffer_get_bignum_ret: input buffer too small");
return (-1);
}
bin = buffer_ptr(buffer);
BN_bin2bn(bin, bytes, value);
if (buffer_consume_ret(buffer, bytes) == -1) {
error("buffer_get_bignum_ret: buffer_consume failed");
return (-1);
}
return (0);
}
void
buffer_get_bignum(Buffer *buffer, BIGNUM *value)
{
if (buffer_get_bignum_ret(buffer, value) == -1)
fatal("buffer_get_bignum: buffer error");
}
/*
* Stores an BIGNUM in the buffer in SSH2 format.
*/
int
buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
{
u_int bytes;
u_char *buf;
int oi;
u_int hasnohigh = 0;
if (BN_is_zero(value)) {
buffer_put_int(buffer, 0);
return 0;
}
if (value->neg) {
error("buffer_put_bignum2_ret: negative numbers not supported");
return (-1);
}
bytes = BN_num_bytes(value) + 1; /* extra padding byte */
if (bytes < 2) {
error("buffer_put_bignum2_ret: BN too small");
return (-1);
}
buf = xmalloc(bytes);
buf[0] = 0x00;
/* Get the value of in binary */
oi = BN_bn2bin(value, buf+1);
if (oi < 0 || (u_int)oi != bytes - 1) {
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
"oi %d != bin_size %d", oi, bytes);
xfree(buf);
return (-1);
}
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
memset(buf, 0, bytes);
xfree(buf);
return (0);
}
void
buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
{
if (buffer_put_bignum2_ret(buffer, value) == -1)
fatal("buffer_put_bignum2: buffer error");
}
int
buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
{
u_int len;
u_char *bin;
if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
error("buffer_get_bignum2_ret: invalid bignum");
return (-1);
}
if (len > 0 && (bin[0] & 0x80)) {
error("buffer_get_bignum2_ret: negative numbers not supported");
xfree(bin);
return (-1);
}
if (len > 8 * 1024) {
error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
xfree(bin);
return (-1);
}
BN_bin2bn(bin, len, value);
xfree(bin);
return (0);
}
void
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
{
if (buffer_get_bignum2_ret(buffer, value) == -1)
fatal("buffer_get_bignum2: buffer error");
}

71
crypto/openssh/buffer.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: buffer.c,v 1.31 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -12,12 +13,21 @@
*/
#include "includes.h"
RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $");
#include <sys/param.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "buffer.h"
#include "log.h"
#define BUFFER_MAX_CHUNK 0x100000
#define BUFFER_MAX_LEN 0xa00000
#define BUFFER_ALLOCSZ 0x008000
/* Initializes the buffer structure. */
void
@ -66,6 +76,23 @@ buffer_append(Buffer *buffer, const void *data, u_int len)
memcpy(p, data, len);
}
static int
buffer_compact(Buffer *buffer)
{
/*
* If the buffer is quite empty, but all data is at the end, move the
* data to the beginning.
*/
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
memmove(buffer->buf, buffer->buf + buffer->offset,
buffer->end - buffer->offset);
buffer->end -= buffer->offset;
buffer->offset = 0;
return (1);
}
return (0);
}
/*
* Appends space to the buffer, expanding the buffer if necessary. This does
* not actually copy the data into the buffer, but instead returns a pointer
@ -93,29 +120,43 @@ buffer_append_space(Buffer *buffer, u_int len)
buffer->end += len;
return p;
}
/*
* If the buffer is quite empty, but all data is at the end, move the
* data to the beginning and retry.
*/
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
memmove(buffer->buf, buffer->buf + buffer->offset,
buffer->end - buffer->offset);
buffer->end -= buffer->offset;
buffer->offset = 0;
goto restart;
}
/* Increase the size of the buffer and retry. */
newlen = buffer->alloc + len + 32768;
/* Compact data back to the start of the buffer if necessary */
if (buffer_compact(buffer))
goto restart;
/* Increase the size of the buffer and retry. */
newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
if (newlen > BUFFER_MAX_LEN)
fatal("buffer_append_space: alloc %u not supported",
newlen);
buffer->buf = xrealloc(buffer->buf, newlen);
buffer->buf = xrealloc(buffer->buf, 1, newlen);
buffer->alloc = newlen;
goto restart;
/* NOTREACHED */
}
/*
* Check whether an allocation of 'len' will fit in the buffer
* This must follow the same math as buffer_append_space
*/
int
buffer_check_alloc(Buffer *buffer, u_int len)
{
if (buffer->offset == buffer->end) {
buffer->offset = 0;
buffer->end = 0;
}
restart:
if (buffer->end + len < buffer->alloc)
return (1);
if (buffer_compact(buffer))
goto restart;
if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN)
return (1);
return (0);
}
/* Returns the number of bytes of data in the buffer. */
u_int

43
crypto/openssh/buffer.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */
/* $OpenBSD: buffer.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -23,9 +23,6 @@ typedef struct {
u_int end; /* Offset of last byte containing data. */
} Buffer;
#define BUFFER_MAX_CHUNK 0x100000
#define BUFFER_MAX_LEN 0xa00000
void buffer_init(Buffer *);
void buffer_clear(Buffer *);
void buffer_free(Buffer *);
@ -36,6 +33,8 @@ void *buffer_ptr(Buffer *);
void buffer_append(Buffer *, const void *, u_int);
void *buffer_append_space(Buffer *, u_int);
int buffer_check_alloc(Buffer *, u_int);
void buffer_get(Buffer *, void *, u_int);
void buffer_consume(Buffer *, u_int);
@ -47,4 +46,40 @@ int buffer_get_ret(Buffer *, void *, u_int);
int buffer_consume_ret(Buffer *, u_int);
int buffer_consume_end_ret(Buffer *, u_int);
#include <openssl/bn.h>
void buffer_put_bignum(Buffer *, const BIGNUM *);
void buffer_put_bignum2(Buffer *, const BIGNUM *);
void buffer_get_bignum(Buffer *, BIGNUM *);
void buffer_get_bignum2(Buffer *, BIGNUM *);
u_short buffer_get_short(Buffer *);
void buffer_put_short(Buffer *, u_short);
u_int buffer_get_int(Buffer *);
void buffer_put_int(Buffer *, u_int);
u_int64_t buffer_get_int64(Buffer *);
void buffer_put_int64(Buffer *, u_int64_t);
int buffer_get_char(Buffer *);
void buffer_put_char(Buffer *, int);
void *buffer_get_string(Buffer *, u_int *);
void buffer_put_string(Buffer *, const void *, u_int);
void buffer_put_cstring(Buffer *, const char *);
#define buffer_skip_string(b) \
do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
int buffer_put_bignum_ret(Buffer *, const BIGNUM *);
int buffer_get_bignum_ret(Buffer *, BIGNUM *);
int buffer_put_bignum2_ret(Buffer *, const BIGNUM *);
int buffer_get_bignum2_ret(Buffer *, BIGNUM *);
int buffer_get_short_ret(u_short *, Buffer *);
int buffer_get_int_ret(u_int *, Buffer *);
int buffer_get_int64_ret(u_int64_t *, Buffer *);
void *buffer_get_string_ret(Buffer *, u_int *);
int buffer_get_char_ret(char *, Buffer *);
#endif /* BUFFER_H */

186
crypto/openssh/buildpkg.sh.in
View File

@ -35,7 +35,7 @@ SSHDGID=67 # Default privsep gid
SYSVINITSTART=S98
SYSVINITSTOPT=K30
# We will source these if they exist
POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh
POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh
POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
# We'll be one level deeper looking for these
PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
@ -46,6 +46,8 @@ PKG_REQUEST_LOCAL=../pkg-request.local
# end of sourced files
#
OPENSSHD=opensshd.init
OPENSSH_MANIFEST=openssh.xml
OPENSSH_FMRI=svc:/site/openssh:default
PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
PATH_USERADD_PROG=@PATH_USERADD_PROG@
@ -60,6 +62,10 @@ SYSTEM_DIR="/etc \
/etc/rc1.d \
/etc/rc2.d \
/etc/opt \
/lib \
/lib/svc \
/lib/svc/method \
/lib/svc/method/site \
/opt \
/opt/bin \
/usr \
@ -82,6 +88,9 @@ SYSTEM_DIR="/etc \
/var \
/var/opt \
/var/run \
/var/svc \
/var/svc/manifest \
/var/svc/manifest/site \
/var/tmp \
/tmp"
@ -119,6 +128,12 @@ do
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done
## Are we using Solaris' SMF?
DO_SMF=0
if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1
then
DO_SMF=1
fi
## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
@ -168,10 +183,25 @@ then
fi
## Setup our run level stuff while we are at it.
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
if [ $DO_SMF -eq 1 ]
then
# For Solaris' SMF, /lib/svc/method/site is the preferred place
# for start/stop scripts that aren't supplied with the OS, and
# similarly /var/svc/manifest/site for manifests.
mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site
mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST}
else
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
fi
[ "${PERMIT_ROOT_LOGIN}" = no ] && \
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
@ -221,15 +251,22 @@ touch depend
## Build space file
echo "Building space file..."
cat > space << _EOF
# extra space required by start/stop links added by installf in postinstall
if [ $DO_SMF -eq 1 ]
then
# XXX Is this necessary? If not, remove space line from mk-proto.awk.
touch space
else
cat > space << _EOF
# extra space required by start/stop links added by installf
# in postinstall
$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
_EOF
[ "$RC1_D" = no ] || \
echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
[ "$RCS_D" = yes ] && \
echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
[ "$RC1_D" = no ] || \
echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
[ "$RCS_D" = yes ] && \
echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
fi
## Build preinstall file
echo "Building preinstall file..."
@ -243,7 +280,16 @@ _EOF
cat >> preinstall << _EOF
#
[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
if [ "\${PRE_INS_STOP}" = "yes" ]
then
if [ $DO_SMF -eq 1 ]
then
svcadm disable $OPENSSH_FMRI
else
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
fi
fi
exit 0
_EOF
@ -265,28 +311,41 @@ cat > postinstall << _EOF
}
# make rc?.d dirs only if we are doing a test install
[ -n "${TEST_DIR}" ] && {
[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {
[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
mkdir -p ${TEST_DIR}/etc/rc0.d
[ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
mkdir -p ${TEST_DIR}/etc/rc2.d
}
if [ "\${USE_SYM_LINKS}" = yes ]
if [ $DO_SMF -eq 1 ]
then
[ "$RCS_D" = yes ] && \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
[ "$RC1_D" = no ] || \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
# Delete the existing service, if it exists, then import the
# new one.
if svcs $OPENSSH_FMRI > /dev/null 2>&1
then
svccfg delete -f $OPENSSH_FMRI
fi
# NOTE, if manifest enables sshd by default, this will actually
# start the daemon, which may not be what the user wants.
svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST
else
[ "$RCS_D" = yes ] && \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
[ "$RC1_D" = no ] || \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
if [ "\${USE_SYM_LINKS}" = yes ]
then
[ "$RCS_D" = yes ] && \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
[ "$RC1_D" = no ] || \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
else
[ "$RCS_D" = yes ] && \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
[ "$RC1_D" = no ] || \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
fi
fi
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
@ -311,14 +370,7 @@ then
chroot=echo
fi
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
then
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
echo "or group."
else
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
# user required?
echo "PrivilegeSeparation user always required."
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
@ -363,9 +415,18 @@ else
\$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
\$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
}
fi
[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
if [ "\${POST_INS_START}" = "yes" ]
then
if [ $DO_SMF -eq 1 ]
then
# See svccfg import note above. The service may already
# be started.
svcadm enable $OPENSSH_FMRI
else
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
fi
fi
exit 0
_EOF
@ -374,7 +435,12 @@ echo "Building preremove file..."
cat > preremove << _EOF
#! ${SCRIPT_SHELL}
#
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
if [ $DO_SMF -eq 1 ]
then
svcadm disable $OPENSSH_FMRI
else
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
fi
_EOF
# local preremove changes here
@ -389,6 +455,13 @@ echo "Building postremove file..."
cat > postremove << _EOF
#! ${SCRIPT_SHELL}
#
if [ $DO_SMF -eq 1 ]
then
if svcs $OPENSSH_FMRI > /dev/null 2>&1
then
svccfg delete -f $OPENSSH_FMRI
fi
fi
_EOF
# local postremove changes here
@ -454,7 +527,45 @@ done
_EOF
cat >> request << _EOF
if [ $DO_SMF -eq 1 ]
then
# This could get hairy, as the running sshd may not be under SMF.
# We'll assume an earlier version of OpenSSH started via SMF.
cat >> request << _EOF
PRE_INS_STOP=no
POST_INS_START=no
# determine if should restart the daemon
if [ -s ${piddir}/sshd.pid ] && \
/usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
then
ans=\`ckyorn -d n \
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) PRE_INS_STOP=yes
POST_INS_START=yes
;;
esac
else
# determine if we should start sshd
ans=\`ckyorn -d n \
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) POST_INS_START=yes ;;
esac
fi
# make parameters available to installation service,
# and so to any other packaging scripts
cat >\$1 <<!
PRE_INS_STOP='\$PRE_INS_STOP'
POST_INS_START='\$POST_INS_START'
!
_EOF
else
cat >> request << _EOF
USE_SYM_LINKS=no
PRE_INS_STOP=no
POST_INS_START=no
@ -495,6 +606,7 @@ POST_INS_START='\$POST_INS_START'
!
_EOF
fi
# local request changes here
[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}

2
crypto/openssh/canohost.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: canohost.h,v 1.8 2001/06/26 17:27:23 markus Exp $ */
/* $OpenBSD: canohost.h,v 1.9 2006/03/25 22:22:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

8
crypto/openssh/cipher-3des1.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: cipher-3des1.c,v 1.6 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
@ -23,9 +24,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-3des1.c,v 1.2 2003/12/22 20:29:55 markus Exp $");
#include <sys/types.h>
#include <openssl/evp.h>
#include <stdarg.h>
#include <string.h>
#include "xmalloc.h"
#include "log.h"

3
crypto/openssh/cipher-acss.c
View File

@ -15,9 +15,10 @@
*/
#include "includes.h"
#include <openssl/evp.h>
RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $");
#include <string.h>
#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)

6
crypto/openssh/cipher-aes.c
View File

@ -28,9 +28,13 @@
#include "openbsd-compat/openssl-compat.h"
#ifdef USE_BUILTIN_RIJNDAEL
RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
#include <sys/types.h>
#include <openssl/evp.h>
#include <stdarg.h>
#include <string.h>
#include "rijndael.h"
#include "xmalloc.h"
#include "log.h"

8
crypto/openssh/cipher-bf1.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: cipher-bf1.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
@ -23,9 +24,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
#include <sys/types.h>
#include <openssl/evp.h>
#include <stdarg.h>
#include <string.h>
#include "xmalloc.h"
#include "log.h"

9
crypto/openssh/cipher-ctr.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: cipher-ctr.c,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
*
@ -14,12 +15,16 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <string.h>
#include <openssl/evp.h>
#include "log.h"
#include "xmalloc.h"
#include "log.h"
/* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h"

8
crypto/openssh/cleanup.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
*
@ -13,8 +14,13 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: cleanup.c,v 1.1 2003/09/23 20:17:11 markus Exp $");
#include <sys/types.h>
#include <unistd.h>
#include <stdarg.h>
#include "log.h"

87
crypto/openssh/clientloop.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -59,20 +60,43 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.149 2005/12/30 15:56:37 reyk Exp $");
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
#include <sys/socket.h>
#include <ctype.h>
#include <errno.h>
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <pwd.h>
#include <unistd.h>
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
#include "compat.h"
#include "channels.h"
#include "dispatch.h"
#include "buffer.h"
#include "bufaux.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "readconf.h"
@ -118,7 +142,7 @@ static volatile sig_atomic_t received_signal = 0;
static int in_non_blocking_mode = 0;
/* Common data for the client loop code. */
static int quit_pending; /* Set to non-zero to quit the client loop. */
static volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
static int escape_char; /* Escape character. */
static int escape_pending; /* Last character was the escape character */
static int last_was_cr; /* Last character was a newline. */
@ -178,7 +202,7 @@ enter_non_blocking(void)
* Signal handler for the window change signal (SIGWINCH). This just sets a
* flag indicating that the window has changed.
*/
/*ARGSUSED */
static void
window_change_handler(int sig)
{
@ -190,7 +214,7 @@ window_change_handler(int sig)
* Signal handler for signals that cause the program to terminate. These
* signals must be trapped to restore terminal modes.
*/
/*ARGSUSED */
static void
signal_handler(int sig)
{
@ -422,10 +446,10 @@ client_check_window_change(void)
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
return;
packet_start(SSH_CMSG_WINDOW_SIZE);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_col);
packet_put_int(ws.ws_xpixel);
packet_put_int(ws.ws_ypixel);
packet_put_int((u_int)ws.ws_row);
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_xpixel);
packet_put_int((u_int)ws.ws_ypixel);
packet_send();
}
}
@ -569,7 +593,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
}
static void
client_process_net_input(fd_set * readset)
client_process_net_input(fd_set *readset)
{
int len;
char buf[8192];
@ -677,7 +701,7 @@ client_extra_session2_setup(int id, void *arg)
}
static void
client_process_control(fd_set * readset)
client_process_control(fd_set *readset)
{
Buffer m;
Channel *c;
@ -808,8 +832,7 @@ client_process_control(fd_set * readset)
return;
}
cctx = xmalloc(sizeof(*cctx));
memset(cctx, 0, sizeof(*cctx));
cctx = xcalloc(1, sizeof(*cctx));
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
@ -824,7 +847,7 @@ client_process_control(fd_set * readset)
env_len = MIN(env_len, 4096);
debug3("%s: receiving %d env vars", __func__, env_len);
if (env_len != 0) {
cctx->env = xmalloc(sizeof(*cctx->env) * (env_len + 1));
cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env));
for (i = 0; i < env_len; i++)
cctx->env[i] = buffer_get_string(&m, &len);
cctx->env[i] = NULL;
@ -832,6 +855,7 @@ client_process_control(fd_set * readset)
debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
cctx->want_tty, cctx->want_subsys, cmd);
xfree(cmd);
/* Gather fds from client */
new_fd[0] = mm_receive_fd(client_fd);
@ -912,12 +936,16 @@ process_cmdline(void)
if (*s == 'h' || *s == 'H' || *s == '?') {
logit("Commands:");
logit(" -Lport:host:hostport Request local forward");
logit(" -Rport:host:hostport Request remote forward");
logit(" -KRhostport Cancel remote forward");
logit(" -L[bind_address:]port:host:hostport "
"Request local forward");
logit(" -R[bind_address:]port:host:hostport "
"Request remote forward");
logit(" -KR[bind_address:]port "
"Cancel remote forward");
if (!options.permit_local_command)
goto out;
logit(" !args Execute local command");
logit(" !args "
"Execute local command");
goto out;
}
@ -978,9 +1006,12 @@ process_cmdline(void)
goto out;
}
} else {
channel_request_remote_forwarding(fwd.listen_host,
if (channel_request_remote_forwarding(fwd.listen_host,
fwd.listen_port, fwd.connect_host,
fwd.connect_port);
fwd.connect_port) < 0) {
logit("Port forwarding failed.");
goto out;
}
}
logit("Forwarding port.");
@ -1172,7 +1203,7 @@ Supported escape sequences:\r\n\
}
static void
client_process_input(fd_set * readset)
client_process_input(fd_set *readset)
{
int len;
char buf[8192];
@ -1225,7 +1256,7 @@ client_process_input(fd_set * readset)
}
static void
client_process_output(fd_set * writeset)
client_process_output(fd_set *writeset)
{
int len;
char buf[100];
@ -1869,10 +1900,10 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
channel_request_start(id, "pty-req", 0);
packet_put_cstring(term != NULL ? term : "");
packet_put_int(ws.ws_col);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_xpixel);
packet_put_int(ws.ws_ypixel);
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_row);
packet_put_int((u_int)ws.ws_xpixel);
packet_put_int((u_int)ws.ws_ypixel);
tio = get_saved_tio();
tty_make_modes(-1, tiop != NULL ? tiop : &tio);
packet_send();

4
crypto/openssh/clientloop.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */
/* $OpenBSD: clientloop.h,v 1.16 2006/03/25 22:22:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -35,6 +35,8 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <termios.h>
/* Client side main loop for the interactive session. */
int client_loop(int, int, int);
void client_x11_get_proto(const char *, const char *, u_int,

8
crypto/openssh/compress.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: compress.c,v 1.25 2006/08/06 01:13:32 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -12,11 +13,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: compress.c,v 1.21 2004/01/13 19:45:15 markus Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <zlib.h>
#include "log.h"
#include "buffer.h"
#include "zlib.h"
#include "compress.h"
z_stream incoming_stream;

2
crypto/openssh/compress.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: compress.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */
/* $OpenBSD: compress.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

4
crypto/openssh/crc32.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */
/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
@ -99,7 +99,7 @@ ssh_crc32(const u_char *buf, u_int32_t size)
u_int32_t i, crc;
crc = 0;
for (i = 0; i < size; i++)
for (i = 0; i < size; i++)
crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
return crc;
}

2
crypto/openssh/crc32.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */
/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.

76
crypto/openssh/deattack.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */
/*
* Cryptographic attack detector for ssh - source code
*
@ -18,14 +19,36 @@
*/
#include "includes.h"
RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
#include <sys/types.h>
#include <string.h>
#include <stdio.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "deattack.h"
#include "log.h"
#include "crc32.h"
#include "getput.h"
#include "xmalloc.h"
#include "deattack.h"
#include "misc.h"
/*
* CRC attack detection has a worst-case behaviour that is O(N^3) over
* the number of identical blocks in a packet. This behaviour can be
* exploited to create a limited denial of service attack.
*
* However, because we are dealing with encrypted data, identical
* blocks should only occur every 2^35 maximally-sized packets or so.
* Consequently, we can detect this DoS by looking for identical blocks
* in a packet.
*
* The parameter below determines how many identical blocks we will
* accept in a single packet, trading off between attack detection and
* likelihood of terminating a legitimate connection. A value of 32
* corresponds to an average of 2^40 messages before an attack is
* misdetected
*/
#define MAX_IDENTICAL 32
/* SSH Constants */
#define SSH_MAXBLOCKS (32 * 1024)
@ -43,7 +66,7 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
/* Hash function (Input keys are cipher results) */
#define HASH(x) GET_32BIT(x)
#define HASH(x) get_u32(x)
#define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE))
@ -51,22 +74,17 @@ static void
crc_update(u_int32_t *a, u_int32_t b)
{
b ^= *a;
*a = ssh_crc32((u_char *) &b, sizeof(b));
*a = ssh_crc32((u_char *)&b, sizeof(b));
}
/* detect if a block is used in a particular pattern */
static int
check_crc(u_char *S, u_char *buf, u_int32_t len,
u_char *IV)
check_crc(u_char *S, u_char *buf, u_int32_t len)
{
u_int32_t crc;
u_char *c;
crc = 0;
if (IV && !CMP(S, IV)) {
crc_update(&crc, 1);
crc_update(&crc, 0);
}
for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
if (!CMP(S, c)) {
crc_update(&crc, 1);
@ -82,12 +100,12 @@ check_crc(u_char *S, u_char *buf, u_int32_t len,
/* Detect a crc32 compensation attack on a packet */
int
detect_attack(u_char *buf, u_int32_t len, u_char *IV)
detect_attack(u_char *buf, u_int32_t len)
{
static u_int16_t *h = (u_int16_t *) NULL;
static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
u_int32_t i, j;
u_int32_t l;
u_int32_t l, same;
u_char *c;
u_char *d;
@ -100,26 +118,20 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
if (h == NULL) {
debug("Installing crc compensation attack detector.");
h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
n = l;
} else {
if (l > n) {
h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
n = l;
}
}
if (len <= HASH_MINBLOCKS) {
for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
if (IV && (!CMP(c, IV))) {
if ((check_crc(c, buf, len, IV)))
return (DEATTACK_DETECTED);
else
break;
}
for (d = buf; d < c; d += SSH_BLOCKSIZE) {
if (!CMP(c, d)) {
if ((check_crc(c, buf, len, IV)))
if ((check_crc(c, buf, len)))
return (DEATTACK_DETECTED);
else
break;
@ -130,21 +142,13 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
}
memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
if (IV)
h[HASH(IV) & (n - 1)] = HASH_IV;
for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
i = (i + 1) & (n - 1)) {
if (h[i] == HASH_IV) {
if (!CMP(c, IV)) {
if (check_crc(c, buf, len, IV))
return (DEATTACK_DETECTED);
else
break;
}
} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
if (check_crc(c, buf, len, IV))
if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
if (++same > MAX_IDENTICAL)
return (DEATTACK_DOS_DETECTED);
if (check_crc(c, buf, len))
return (DEATTACK_DETECTED);
else
break;

5
crypto/openssh/deattack.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: deattack.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */
/* $OpenBSD: deattack.h,v 1.10 2006/09/16 19:53:37 djm Exp $ */
/*
* Cryptographic attack detector for ssh - Header file
@ -25,6 +25,7 @@
/* Return codes */
#define DEATTACK_OK 0
#define DEATTACK_DETECTED 1
#define DEATTACK_DOS_DETECTED 2
int detect_attack(u_char *, u_int32_t, u_char[8]);
int detect_attack(u_char *, u_int32_t);
#endif

62
crypto/openssh/defines.h
View File

@ -25,12 +25,12 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.130 2005/12/17 11:04:09 dtucker Exp $ */
/* $Id: defines.h,v 1.138 2006/09/21 13:13:30 dtucker Exp $ */
/* Constants */
#ifndef SHUT_RDWR
#if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0
enum
{
SHUT_RD = 0, /* No more receptions. */
@ -90,8 +90,8 @@ enum
#endif
#endif
#ifndef O_NONBLOCK /* Non Blocking Open */
# define O_NONBLOCK 00004
#if defined(HAVE_DECL_O_NONBLOCK) && HAVE_DECL_O_NONBLOCK == 0
# define O_NONBLOCK 00004 /* Non Blocking Open */
#endif
#ifndef S_ISDIR
@ -143,16 +143,11 @@ including rpc/rpc.h breaks Solaris 6
#define INADDR_LOOPBACK ((u_long)0x7f000001)
#endif
#ifndef __unused
#define __unused
#endif
/* Types */
/* If sys/types.h does not supply intXX_t, supply them ourselves */
/* (or die trying) */
#ifndef HAVE_U_INT
typedef unsigned int u_int;
#endif
@ -496,6 +491,22 @@ struct winsize {
# define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
/* Set up BSD-style BYTE_ORDER definition if it isn't there already */
/* XXX: doesn't try to cope with strange byte orders (PDP_ENDIAN) */
#ifndef BYTE_ORDER
# ifndef LITTLE_ENDIAN
# define LITTLE_ENDIAN 1234
# endif /* LITTLE_ENDIAN */
# ifndef BIG_ENDIAN
# define BIG_ENDIAN 4321
# endif /* BIG_ENDIAN */
# ifdef WORDS_BIGENDIAN
# define BYTE_ORDER BIG_ENDIAN
# else /* WORDS_BIGENDIAN */
# define BYTE_ORDER LITTLE_ENDIAN
# endif /* WORDS_BIGENDIAN */
#endif /* BYTE_ORDER */
/* Function replacement / compatibility hacks */
#if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO))
@ -517,19 +528,6 @@ struct winsize {
# define optarg BSDoptarg
#endif
/* In older versions of libpam, pam_strerror takes a single argument */
#ifdef HAVE_OLD_PAM
# define PAM_STRERROR(a,b) pam_strerror((b))
#else
# define PAM_STRERROR(a,b) pam_strerror((a),(b))
#endif
#ifdef PAM_SUN_CODEBASE
# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
#else
# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
#endif
#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO)
# undef HAVE_GETADDRINFO
#endif
@ -544,6 +542,11 @@ struct winsize {
# undef HAVE_UPDWTMPX
#endif
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \
defined(SYSLOG_R_SAFE_IN_SIGHAND)
# define DO_LOG_SAFE_IN_SIGHAND
#endif
#if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
# define memmove(s1, s2, n) bcopy((s2), (s1), (n))
#endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
@ -553,6 +556,7 @@ struct winsize {
#endif /* defined(HAVE_VHANGUP) && !defined(HAVE_DEV_PTMX) */
#ifndef GETPGRP_VOID
# include <unistd.h>
# define getpgrp() getpgrp(0)
#endif
@ -715,12 +719,14 @@ struct winsize {
# undef HAVE_MMAP
#endif
/* some system headers on HP-UX define YES/NO */
#ifdef YES
# undef YES
#endif
#ifdef NO
# undef NO
#ifndef IOV_MAX
# if defined(_XOPEN_IOV_MAX)
# define IOV_MAX _XOPEN_IOV_MAX
# elif defined(DEF_IOV_MAX)
# define IOV_MAX DEF_IOV_MAX
# else
# define IOV_MAX 16
# endif
#endif
#endif /* _DEFINES_H */

39
crypto/openssh/dh.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@ -23,17 +24,17 @@
*/
#include "includes.h"
RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $");
#include "xmalloc.h"
#include <sys/param.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include "buffer.h"
#include "cipher.h"
#include "kex.h"
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "dh.h"
#include "pathnames.h"
#include "log.h"
@ -44,9 +45,11 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
{
char *cp, *arg;
char *strsize, *gen, *prime;
const char *errstr = NULL;
cp = line;
arg = strdelim(&cp);
if ((arg = strdelim(&cp)) == NULL)
return 0;
/* Ignore leading whitespace */
if (*arg == '\0')
arg = strdelim(&cp);
@ -67,7 +70,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
goto fail;
strsize = strsep(&cp, " "); /* size */
if (cp == NULL || *strsize == '\0' ||
(dhg->size = atoi(strsize)) == 0)
(dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
errstr)
goto fail;
/* The whole group is one bit larger */
dhg->size++;
@ -178,19 +182,36 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
int i;
int n = BN_num_bits(dh_pub);
int bits_set = 0;
BIGNUM *tmp;
if (dh_pub->neg) {
logit("invalid public DH value: negativ");
return 0;
}
if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */
logit("invalid public DH value: <= 1");
return 0;
}
if ((tmp = BN_new()) == NULL)
return (-1);
if (!BN_sub(tmp, dh->p, BN_value_one()) ||
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
BN_clear_free(tmp);
logit("invalid public DH value: >= p-1");
return 0;
}
BN_clear_free(tmp);
for (i = 0; i <= n; i++)
if (BN_is_bit_set(dh_pub, i))
bits_set++;
debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
if (bits_set > 1)
return 1;
logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
return 0;
}

2
crypto/openssh/dh.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */
/* $OpenBSD: dh.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.

10
crypto/openssh/dispatch.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: dispatch.c,v 1.21 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -21,8 +22,13 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: dispatch.c,v 1.16 2003/04/08 20:21:28 itojun Exp $");
#include <sys/types.h>
#include <signal.h>
#include <stdarg.h>
#include "ssh1.h"
#include "ssh2.h"
@ -76,7 +82,7 @@ dispatch_set(int type, dispatch_fn *fn)
dispatch[type] = fn;
}
void
dispatch_run(int mode, int *done, void *ctxt)
dispatch_run(int mode, volatile sig_atomic_t *done, void *ctxt)
{
for (;;) {
int type;

7
crypto/openssh/dispatch.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dispatch.h,v 1.9 2002/01/11 13:39:36 markus Exp $ */
/* $OpenBSD: dispatch.h,v 1.11 2006/04/20 09:27:09 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -23,6 +23,9 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <signal.h>
enum {
DISPATCH_BLOCK,
DISPATCH_NONBLOCK
@ -33,6 +36,6 @@ typedef void dispatch_fn(int, u_int32_t, void *);
void dispatch_init(dispatch_fn *);
void dispatch_set(int, dispatch_fn *);
void dispatch_range(u_int, u_int, dispatch_fn *);
void dispatch_run(int, int *, void *);
void dispatch_run(int, volatile sig_atomic_t *, void *);
void dispatch_protocol_error(int, u_int32_t, void *);
void dispatch_protocol_ignore(int, u_int32_t, void *);

11
crypto/openssh/dns.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */
/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -26,9 +26,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include "xmalloc.h"
#include "key.h"
@ -122,7 +127,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
*digest = (u_char *) xmalloc(*digest_len);
memcpy(*digest, rdata + 2, *digest_len);
} else {
*digest = xstrdup("");
*digest = (u_char *)xstrdup("");
}
success = 1;

4
crypto/openssh/dns.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.h,v 1.6 2005/10/17 14:13:35 stevesk Exp $ */
/* $OpenBSD: dns.h,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -25,8 +25,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#ifndef DNS_H
#define DNS_H

16
crypto/openssh/entropy.c
View File

@ -24,6 +24,19 @@
#include "includes.h"
#include <sys/types.h>
#include <sys/wait.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif
#include <stdarg.h>
#include <unistd.h>
#include <openssl/rand.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
@ -35,7 +48,6 @@
#include "pathnames.h"
#include "log.h"
#include "buffer.h"
#include "bufaux.h"
/*
* Portable OpenSSH PRNG seeding:
@ -48,8 +60,6 @@
* XXX: we should tell the child how many bytes we need.
*/
RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $");
#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
static uid_t original_uid, original_euid;

7
crypto/openssh/fatal.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@ -23,7 +24,10 @@
*/
#include "includes.h"
RCSID("$OpenBSD: fatal.c,v 1.2 2003/09/23 20:17:11 markus Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include "log.h"
@ -33,6 +37,7 @@ void
fatal(const char *fmt,...)
{
va_list args;
va_start(args, fmt);
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
va_end(args);

15
crypto/openssh/groupaccess.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: groupaccess.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
*
@ -23,10 +24,16 @@
*/
#include "includes.h"
RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $");
#include "groupaccess.h"
#include <sys/types.h>
#include <sys/param.h>
#include <grp.h>
#include <unistd.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "groupaccess.h"
#include "match.h"
#include "log.h"
@ -52,8 +59,8 @@ ga_init(const char *user, gid_t base)
ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
#endif
groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid));
groups_byname = xcalloc(ngroups, sizeof(*groups_byname));
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
logit("getgrouplist: groups list too small");

4
crypto/openssh/groupaccess.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: groupaccess.h,v 1.4 2001/06/26 17:27:23 markus Exp $ */
/* $OpenBSD: groupaccess.h,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
@ -27,8 +27,6 @@
#ifndef GROUPACCESS_H
#define GROUPACCESS_H
#include <grp.h>
int ga_init(const char *, gid_t);
int ga_match(char * const *, int);
void ga_free(void);

68
crypto/openssh/gss-genr.c
View File

@ -1,7 +1,7 @@
/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */
/* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
* Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -28,8 +28,15 @@
#ifdef GSSAPI
#include <sys/types.h>
#include <sys/param.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include "xmalloc.h"
#include "bufaux.h"
#include "buffer.h"
#include "log.h"
#include "ssh2.h"
@ -72,7 +79,11 @@ ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid)
void
ssh_gssapi_error(Gssctxt *ctxt)
{
debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL));
char *s;
s = ssh_gssapi_last_error(ctxt, NULL, NULL);
debug("%s", s);
xfree(s);
}
char *
@ -131,9 +142,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
void
ssh_gssapi_build_ctx(Gssctxt **ctx)
{
*ctx = xmalloc(sizeof (Gssctxt));
(*ctx)->major = 0;
(*ctx)->minor = 0;
*ctx = xcalloc(1, sizeof (Gssctxt));
(*ctx)->context = GSS_C_NO_CONTEXT;
(*ctx)->name = GSS_C_NO_NAME;
(*ctx)->oid = GSS_C_NO_OID;
@ -203,10 +212,11 @@ OM_uint32
ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
{
gss_buffer_desc gssbuf;
char *val;
gssbuf.length = sizeof("host@") + strlen(host);
gssbuf.value = xmalloc(gssbuf.length);
snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
xasprintf(&val, "host@%s", host);
gssbuf.value = val;
gssbuf.length = strlen(gssbuf.value);
if ((ctx->major = gss_import_name(&ctx->minor,
&gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
@ -231,11 +241,15 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
gss_create_empty_oid_set(&status, &oidset);
gss_add_oid_set_member(&status, ctx->oid, &oidset);
if (gethostname(lname, MAXHOSTNAMELEN))
if (gethostname(lname, MAXHOSTNAMELEN)) {
gss_release_oid_set(&status, &oidset);
return (-1);
}
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
gss_release_oid_set(&status, &oidset);
return (ctx->major);
}
if ((ctx->major = gss_acquire_cred(&ctx->minor,
ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
@ -277,4 +291,34 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
return (ssh_gssapi_acquire_cred(*ctx));
}
int
ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
{
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
OM_uint32 major, minor;
gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
/* RFC 4462 says we MUST NOT do SPNEGO */
if (oid->length == spnego_oid.length &&
(memcmp(oid->elements, spnego_oid.elements, oid->length) == 0))
return 0; /* false */
ssh_gssapi_build_ctx(ctx);
ssh_gssapi_set_oid(*ctx, oid);
major = ssh_gssapi_import_name(*ctx, host);
if (!GSS_ERROR(major)) {
major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
NULL);
gss_release_buffer(&minor, &token);
if ((*ctx)->context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&minor, &(*ctx)->context,
GSS_C_NO_BUFFER);
}
if (GSS_ERROR(major))
ssh_gssapi_delete_ctx(ctx);
return (!GSS_ERROR(major));
}
#endif /* GSSAPI */

16
crypto/openssh/gss-serv-krb5.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.4 2005/10/13 19:08:08 stevesk Exp $ */
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -29,11 +29,19 @@
#ifdef GSSAPI
#ifdef KRB5
#include "auth.h"
#include <sys/types.h>
#include <stdarg.h>
#include <string.h>
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
#include "servconf.h"
#include "buffer.h"
#include "ssh-gss.h"
extern ServerOptions options;
@ -41,9 +49,9 @@ extern ServerOptions options;
#ifdef HEIMDAL
# include <krb5.h>
#else
# ifdef HAVE_GSSAPI_KRB5
# ifdef HAVE_GSSAPI_KRB5_H
# include <gssapi_krb5.h>
# elif HAVE_GSSAPI_GSSAPI_KRB5
# elif HAVE_GSSAPI_GSSAPI_KRB5_H
# include <gssapi/gssapi_krb5.h>
# endif
#endif

28
crypto/openssh/gss-serv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */
/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -28,14 +28,21 @@
#ifdef GSSAPI
#include "bufaux.h"
#include <sys/types.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
#include "channels.h"
#include "session.h"
#include "servconf.h"
#include "xmalloc.h"
#include "getput.h"
#include "misc.h"
#include "ssh-gss.h"
@ -78,6 +85,8 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
&supported_mechs[i]->oid, oidset);
i++;
}
gss_release_oid_set(&min_status, &supported);
}
@ -151,7 +160,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
* second without.
*/
oidl = GET_16BIT(tok+2); /* length including next two bytes */
oidl = get_u16(tok+2); /* length including next two bytes */
oidl = oidl-2; /* turn it into the _real_ length of the variable OID */
/*
@ -168,14 +177,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
if (ename->length < offset+4)
return GSS_S_FAILURE;
name->length = GET_32BIT(tok+offset);
name->length = get_u32(tok+offset);
offset += 4;
if (ename->length < offset+name->length)
return GSS_S_FAILURE;
name->value = xmalloc(name->length+1);
memcpy(name->value, tok+offset,name->length);
memcpy(name->value, tok+offset, name->length);
((char *)name->value)[name->length] = 0;
return GSS_S_COMPLETE;
@ -234,7 +243,8 @@ ssh_gssapi_cleanup_creds(void)
{
if (gssapi_client.store.filename != NULL) {
/* Unlink probably isn't sufficient */
debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename);
debug("removing gssapi cred file\"%s\"",
gssapi_client.store.filename);
unlink(gssapi_client.store.filename);
}
}

2
crypto/openssh/hostfile.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hostfile.h,v 1.15 2005/03/01 10:40:26 djm Exp $ */
/* $OpenBSD: hostfile.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

44
crypto/openssh/kex.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -23,19 +24,25 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
#include <sys/param.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include "ssh2.h"
#include "xmalloc.h"
#include "ssh2.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "compat.h"
#include "cipher.h"
#include "kex.h"
#include "key.h"
#include "kex.h"
#include "log.h"
#include "mac.h"
#include "match.h"
@ -44,6 +51,14 @@ RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
#define KEX_COOKIE_LEN 16
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256
# else
extern const EVP_MD *evp_ssh_sha256(void);
# endif
#endif
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
@ -75,7 +90,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
int i;
char **proposal;
proposal = xmalloc(PROPOSAL_MAX * sizeof(char *));
proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
buffer_init(&b);
buffer_append(&b, buffer_ptr(raw), buffer_len(raw));
@ -210,8 +225,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
{
Kex *kex;
kex = xmalloc(sizeof(*kex));
memset(kex, 0, sizeof(*kex));
kex = xcalloc(1, sizeof(*kex));
buffer_init(&kex->peer);
buffer_init(&kex->my);
kex_prop2buf(&kex->my, proposal);
@ -254,6 +268,7 @@ choose_enc(Enc *enc, char *client, char *server)
enc->key_len = cipher_keylen(enc->cipher);
enc->block_size = cipher_blocksize(enc->cipher);
}
static void
choose_mac(Mac *mac, char *client, char *server)
{
@ -269,6 +284,7 @@ choose_mac(Mac *mac, char *client, char *server)
mac->key = NULL;
mac->enabled = 0;
}
static void
choose_comp(Comp *comp, char *client, char *server)
{
@ -286,6 +302,7 @@ choose_comp(Comp *comp, char *client, char *server)
}
comp->name = name;
}
static void
choose_kex(Kex *k, char *client, char *server)
{
@ -301,6 +318,11 @@ choose_kex(Kex *k, char *client, char *server)
} else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
k->kex_type = KEX_DH_GEX_SHA1;
k->evp_md = EVP_sha1();
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
} else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
k->kex_type = KEX_DH_GEX_SHA256;
k->evp_md = evp_ssh_sha256();
#endif
} else
fatal("bad kex alg %s", k->name);
}
@ -364,8 +386,7 @@ kex_choose_conf(Kex *kex)
/* Algorithm Negotiation */
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = xmalloc(sizeof(*newkeys));
memset(newkeys, 0, sizeof(*newkeys));
newkeys = xcalloc(1, sizeof(*newkeys));
kex->newkeys[mode] = newkeys;
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
@ -420,7 +441,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
fatal("bad kex md size %d", mdsz);
digest = xmalloc(roundup(need, mdsz));
digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
buffer_put_bignum2(&b, shared_secret);
@ -473,7 +494,8 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
for (mode = 0; mode < MODE_MAX; mode++) {
current_keys[mode] = kex->newkeys[mode];
kex->newkeys[mode] = NULL;
ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
ctos = (!kex->server && mode == MODE_OUT) ||
(kex->server && mode == MODE_IN);
current_keys[mode]->enc.iv = keys[ctos ? 0 : 1];
current_keys[mode]->enc.key = keys[ctos ? 2 : 3];
current_keys[mode]->mac.key = keys[ctos ? 4 : 5];

12
crypto/openssh/kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */
/* $OpenBSD: kex.h,v 1.44 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -26,14 +26,13 @@
#ifndef KEX_H
#define KEX_H
#include <signal.h>
#include <openssl/evp.h>
#include "buffer.h"
#include "cipher.h"
#include "key.h"
#define KEX_DH1 "diffie-hellman-group1-sha1"
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
#define COMP_NONE 0
#define COMP_ZLIB 1
@ -63,6 +62,7 @@ enum kex_exchange {
KEX_DH_GRP1_SHA1,
KEX_DH_GRP14_SHA1,
KEX_DH_GEX_SHA1,
KEX_DH_GEX_SHA256,
KEX_MAX
};
@ -112,7 +112,7 @@ struct Kex {
int kex_type;
Buffer my;
Buffer peer;
int done;
sig_atomic_t done;
int flags;
const EVP_MD *evp_md;
char *client_version_string;
@ -142,7 +142,7 @@ kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
void
kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *, u_char **, u_int *);
void

9
crypto/openssh/kexdh.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: kexdh.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -23,13 +24,17 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $");
#include <sys/types.h>
#include <signal.h>
#include <openssl/evp.h>
#include "buffer.h"
#include "bufaux.h"
#include "ssh2.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
void

13
crypto/openssh/kexdhc.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -23,10 +24,18 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
@ -82,7 +91,7 @@ kexdh_client(Kex *kex)
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
/* DH parameter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);

13
crypto/openssh/kexdhs.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -23,15 +24,25 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <string.h>
#include <signal.h>
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
void

8
crypto/openssh/kexgex.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: kexgex.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -24,12 +25,15 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $");
#include <sys/types.h>
#include <openssl/evp.h>
#include <signal.h>
#include "buffer.h"
#include "bufaux.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "ssh2.h"

13
crypto/openssh/kexgexc.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -24,10 +25,18 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
@ -120,7 +129,7 @@ kexgex_client(Kex *kex)
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
/* DH parameter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);

14
crypto/openssh/kexgexs.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -24,16 +25,27 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $");
#include <sys/param.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "compat.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
void

2
crypto/openssh/key.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $ */
/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.

27
crypto/openssh/log.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: log.c,v 1.39 2006/08/18 09:13:25 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -34,16 +35,22 @@
*/
#include "includes.h"
RCSID("$OpenBSD: log.c,v 1.29 2003/09/23 20:17:11 markus Exp $");
#include "log.h"
#include "xmalloc.h"
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
# include <vis.h>
#endif
#include "xmalloc.h"
#include "log.h"
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 1;
static int log_facility = LOG_AUTH;
@ -130,6 +137,20 @@ error(const char *fmt,...)
va_end(args);
}
void
sigdie(const char *fmt,...)
{
#ifdef DO_LOG_SAFE_IN_SIGHAND
va_list args;
va_start(args, fmt);
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
va_end(args);
#endif
_exit(1);
}
/* Log this message (information that usually should go to the log). */
void

6
crypto/openssh/loginrec.h
View File

@ -31,12 +31,6 @@
#include "includes.h"
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */
/**
** you should use the login_* calls to work around platform dependencies
**/

6
crypto/openssh/logintest.c
View File

@ -31,6 +31,10 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
@ -43,8 +47,6 @@
#include "loginrec.h"
RCSID("$Id: logintest.c,v 1.11 2004/07/17 04:07:42 dtucker Exp $");
extern char *__progname;
#define PAUSE_BEFORE_LOGOUT 3

14
crypto/openssh/mac.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: mac.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -23,16 +24,23 @@
*/
#include "includes.h"
RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
#include <sys/types.h>
#include <openssl/hmac.h>
#include <stdarg.h>
#include <string.h>
#include <signal.h>
#include "xmalloc.h"
#include "getput.h"
#include "log.h"
#include "cipher.h"
#include "buffer.h"
#include "key.h"
#include "kex.h"
#include "mac.h"
#include "misc.h"
struct {
char *name;
@ -83,7 +91,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
if (mac->mac_len > sizeof(m))
fatal("mac_compute: mac too long");
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
PUT_32BIT(b, seqno);
put_u32(b, seqno);
HMAC_Update(&c, b, sizeof(b));
HMAC_Update(&c, data, datalen);
HMAC_Final(&c, m, NULL);

2
crypto/openssh/mac.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mac.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */
/* $OpenBSD: mac.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*

11
crypto/openssh/match.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: match.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,10 +36,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
#include "match.h"
#include <sys/types.h>
#include <ctype.h>
#include <string.h>
#include "xmalloc.h"
#include "match.h"
/*
* Returns true if the given string matches the pattern (which may contain ?
@ -136,7 +141,7 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
subi++, i++)
sub[subi] = dolower && isupper(pattern[i]) ?
tolower(pattern[i]) : pattern[i];
(char)tolower(pattern[i]) : pattern[i];
/* If subpattern too long, return failure (no match). */
if (subi >= sizeof(sub) - 1)
return 0;

2
crypto/openssh/match.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: match.h,v 1.12 2002/03/01 13:12:10 markus Exp $ */
/* $OpenBSD: match.h,v 1.13 2006/03/25 22:22:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

86
crypto/openssh/md-sha256.c Normal file
View File

@ -0,0 +1,86 @@
/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2005 Damien Miller <djm@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* EVP wrapper for SHA256 */
#include "includes.h"
#include <sys/types.h>
#include <openssl/opensslv.h>
#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <string.h>
#include <openssl/evp.h>
#ifdef HAVE_SHA256_UPDATE
# ifdef HAVE_SHA2_H
# include <sha2.h>
# elif defined(HAVE_CRYPTO_SHA2_H)
# include <crypto/sha2.h>
# endif
#endif
const EVP_MD *evp_ssh_sha256(void);
static int
ssh_sha256_init(EVP_MD_CTX *ctxt)
{
SHA256_Init(ctxt->md_data);
return (1);
}
static int
ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len)
{
SHA256_Update(ctxt->md_data, data, len);
return (1);
}
static int
ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest)
{
SHA256_Final(digest, ctxt->md_data);
return (1);
}
static int
ssh_sha256_cleanup(EVP_MD_CTX *ctxt)
{
memset(ctxt->md_data, 0, sizeof(SHA256_CTX));
return (1);
}
const EVP_MD *
evp_ssh_sha256(void)
{
static EVP_MD ssh_sha256;
memset(&ssh_sha256, 0, sizeof(ssh_sha256));
ssh_sha256.type = NID_undef;
ssh_sha256.md_size = SHA256_DIGEST_LENGTH;
ssh_sha256.init = ssh_sha256_init;
ssh_sha256.update = ssh_sha256_update;
ssh_sha256.final = ssh_sha256_final;
ssh_sha256.cleanup = ssh_sha256_cleanup;
ssh_sha256.block_size = SHA256_BLOCK_LENGTH;
ssh_sha256.ctx_size = sizeof(SHA256_CTX);
return (&ssh_sha256);
}
#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */

6
crypto/openssh/md5crypt.c
View File

@ -11,9 +11,11 @@
#include "includes.h"
#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
#include <openssl/md5.h>
#include <sys/types.h>
RCSID("$Id: md5crypt.c,v 1.9 2003/11/21 12:56:47 djm Exp $");
#include <string.h>
#include <openssl/md5.h>
/* 0 ... 63 => ascii - 64 */
static unsigned char itoa64[] =

157
crypto/openssh/misc.c
View File

@ -1,6 +1,7 @@
/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005 Damien Miller. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -24,15 +25,35 @@
*/
#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $");
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/param.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <errno.h>
#include <fcntl.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#include <pwd.h>
#endif
#ifdef SSH_TUN_OPENBSD
#include <net/if.h>
#endif
#include "xmalloc.h"
#include "misc.h"
#include "log.h"
#include "xmalloc.h"
#include "ssh.h"
/* remove newline at end of string */
char *
@ -123,6 +144,7 @@ set_nodelay(int fd)
/* Characters considered whitespace in strsep calls. */
#define WHITESPACE " \t\r\n"
#define QUOTE "\""
/* return next token in configuration line */
char *
@ -136,15 +158,27 @@ strdelim(char **s)
old = *s;
*s = strpbrk(*s, WHITESPACE "=");
*s = strpbrk(*s, WHITESPACE QUOTE "=");
if (*s == NULL)
return (old);
if (*s[0] == '\"') {
memmove(*s, *s + 1, strlen(*s)); /* move nul too */
/* Find matching quote */
if ((*s = strpbrk(*s, QUOTE)) == NULL) {
return (NULL); /* no matching quote */
} else {
*s[0] = '\0';
return (old);
}
}
/* Allow only one '=' to be skipped */
if (*s[0] == '=')
wspace = 1;
*s[0] = '\0';
/* Skip any extra whitespace after first token */
*s += strspn(*s + 1, WHITESPACE) + 1;
if (*s[0] == '=' && !wspace)
*s += strspn(*s + 1, WHITESPACE) + 1;
@ -155,9 +189,8 @@ strdelim(char **s)
struct passwd *
pwcopy(struct passwd *pw)
{
struct passwd *copy = xmalloc(sizeof(*copy));
struct passwd *copy = xcalloc(1, sizeof(*copy));
memset(copy, 0, sizeof(*copy));
copy->pw_name = xstrdup(pw->pw_name);
copy->pw_passwd = xstrdup(pw->pw_passwd);
copy->pw_gecos = xstrdup(pw->pw_gecos);
@ -280,6 +313,7 @@ convtime(const char *s)
switch (*endp++) {
case '\0':
endp--;
break;
case 's':
case 'S':
break;
@ -311,6 +345,23 @@ convtime(const char *s)
return total;
}
/*
* Returns a standardized host+port identifier string.
* Caller must free returned string.
*/
char *
put_host_port(const char *host, u_short port)
{
char *hoststr;
if (port == 0 || port == SSH_DEFAULT_PORT)
return(xstrdup(host));
if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
fatal("put_host_port: asprintf: %s", strerror(errno));
debug3("put_host_port: %s", hoststr);
return hoststr;
}
/*
* Search for next delimiter between hostnames/addresses and ports.
* Argument may be modified (for termination).
@ -408,7 +459,7 @@ addargs(arglist *args, char *fmt, ...)
} else if (args->num+2 >= nalloc)
nalloc *= 2;
args->list = xrealloc(args->list, nalloc * sizeof(char *));
args->list = xrealloc(args->list, nalloc, sizeof(char *));
args->nalloc = nalloc;
args->list[args->num++] = cp;
args->list[args->num] = NULL;
@ -673,18 +724,100 @@ sanitise_stdfd(void)
}
char *
tohex(const u_char *d, u_int l)
tohex(const void *vp, size_t l)
{
const u_char *p = (const u_char *)vp;
char b[3], *r;
u_int i, hl;
size_t i, hl;
if (l > 65536)
return xstrdup("tohex: length > 65536");
hl = l * 2 + 1;
r = xmalloc(hl);
*r = '\0';
r = xcalloc(1, hl);
for (i = 0; i < l; i++) {
snprintf(b, sizeof(b), "%02x", d[i]);
snprintf(b, sizeof(b), "%02x", p[i]);
strlcat(r, b, hl);
}
return (r);
}
u_int64_t
get_u64(const void *vp)
{
const u_char *p = (const u_char *)vp;
u_int64_t v;
v = (u_int64_t)p[0] << 56;
v |= (u_int64_t)p[1] << 48;
v |= (u_int64_t)p[2] << 40;
v |= (u_int64_t)p[3] << 32;
v |= (u_int64_t)p[4] << 24;
v |= (u_int64_t)p[5] << 16;
v |= (u_int64_t)p[6] << 8;
v |= (u_int64_t)p[7];
return (v);
}
u_int32_t
get_u32(const void *vp)
{
const u_char *p = (const u_char *)vp;
u_int32_t v;
v = (u_int32_t)p[0] << 24;
v |= (u_int32_t)p[1] << 16;
v |= (u_int32_t)p[2] << 8;
v |= (u_int32_t)p[3];
return (v);
}
u_int16_t
get_u16(const void *vp)
{
const u_char *p = (const u_char *)vp;
u_int16_t v;
v = (u_int16_t)p[0] << 8;
v |= (u_int16_t)p[1];
return (v);
}
void
put_u64(void *vp, u_int64_t v)
{
u_char *p = (u_char *)vp;
p[0] = (u_char)(v >> 56) & 0xff;
p[1] = (u_char)(v >> 48) & 0xff;
p[2] = (u_char)(v >> 40) & 0xff;
p[3] = (u_char)(v >> 32) & 0xff;
p[4] = (u_char)(v >> 24) & 0xff;
p[5] = (u_char)(v >> 16) & 0xff;
p[6] = (u_char)(v >> 8) & 0xff;
p[7] = (u_char)v & 0xff;
}
void
put_u32(void *vp, u_int32_t v)
{
u_char *p = (u_char *)vp;
p[0] = (u_char)(v >> 24) & 0xff;
p[1] = (u_char)(v >> 16) & 0xff;
p[2] = (u_char)(v >> 8) & 0xff;
p[3] = (u_char)v & 0xff;
}
void
put_u16(void *vp, u_int16_t v)
{
u_char *p = (u_char *)vp;
p[0] = (u_char)(v >> 8) & 0xff;
p[1] = (u_char)v & 0xff;
}

47
crypto/openssh/misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */
/* $OpenBSD: misc.h,v 1.36 2006/08/18 10:27:16 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -12,6 +12,9 @@
* called by a name other than "ssh" or "Secure Shell".
*/
#ifndef _MISC_H
#define _MISC_H
/* misc.c */
char *chop(char *);
@ -21,13 +24,14 @@ int unset_nonblock(int);
void set_nodelay(int);
int a2port(const char *);
int a2tun(const char *, int *);
char *put_host_port(const char *, u_short);
char *hpdelim(char **);
char *cleanhostname(char *);
char *colon(char *);
long convtime(const char *);
char *tilde_expand_filename(const char *, uid_t);
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
char *tohex(const u_char *, u_int);
char *tohex(const void *, size_t);
void sanitise_stdfd(void);
struct passwd *pwcopy(struct passwd *);
@ -44,17 +48,6 @@ void replacearg(arglist *, u_int, char *, ...)
__attribute__((format(printf, 3, 4)));
void freeargs(arglist *);
/* readpass.c */
#define RP_ECHO 0x0001
#define RP_ALLOW_STDIN 0x0002
#define RP_ALLOW_EOF 0x0004
#define RP_USE_ASKPASS 0x0008
char *read_passphrase(const char *, int);
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
int tun_open(int, int);
/* Common definitions for ssh tunnel device forwarding */
@ -67,3 +60,31 @@ int tun_open(int, int);
#define SSH_TUNID_ANY 0x7fffffff
#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1)
#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2)
/* Functions to extract or store big-endian words of various sizes */
u_int64_t get_u64(const void *)
__attribute__((__bounded__( __minbytes__, 1, 8)));
u_int32_t get_u32(const void *)
__attribute__((__bounded__( __minbytes__, 1, 4)));
u_int16_t get_u16(const void *)
__attribute__((__bounded__( __minbytes__, 1, 2)));
void put_u64(void *, u_int64_t)
__attribute__((__bounded__( __minbytes__, 1, 8)));
void put_u32(void *, u_int32_t)
__attribute__((__bounded__( __minbytes__, 1, 4)));
void put_u16(void *, u_int16_t)
__attribute__((__bounded__( __minbytes__, 1, 2)));
/* readpass.c */
#define RP_ECHO 0x0001
#define RP_ALLOW_STDIN 0x0002
#define RP_ALLOW_EOF 0x0004
#define RP_USE_ASKPASS 0x0008
char *read_passphrase(const char *, int);
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
#endif /* _MISC_H */

30
crypto/openssh/moduli.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -38,11 +38,20 @@
*/
#include "includes.h"
#include "xmalloc.h"
#include "log.h"
#include <sys/types.h>
#include <openssl/bn.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <time.h>
#include "xmalloc.h"
#include "log.h"
/*
* File output defines
*/
@ -301,21 +310,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
largewords = (largememory << SHIFT_MEGAWORD);
}
TinySieve = calloc(tinywords, sizeof(u_int32_t));
if (TinySieve == NULL) {
error("Insufficient memory for tiny sieve: need %u bytes",
tinywords << SHIFT_BYTE);
exit(1);
}
TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
tinybits = tinywords << SHIFT_WORD;
SmallSieve = calloc(smallwords, sizeof(u_int32_t));
if (SmallSieve == NULL) {
error("Insufficient memory for small sieve: need %u bytes",
smallwords << SHIFT_BYTE);
xfree(TinySieve);
exit(1);
}
SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
smallbits = smallwords << SHIFT_WORD;
/*

8
crypto/openssh/monitor_fdpass.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: monitor_fdpass.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@ -24,10 +25,15 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor_fdpass.c,v 1.6 2004/08/13 02:51:48 djm Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
#include <errno.h>
#include <string.h>
#include <stdarg.h>
#include "log.h"
#include "monitor_fdpass.h"

2
crypto/openssh/monitor_fdpass.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/* $OpenBSD: monitor_fdpass.h,v 1.3 2006/03/25 22:22:43 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>

11
crypto/openssh/monitor_mm.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: monitor_mm.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@ -24,14 +25,20 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor_mm.c,v 1.9 2004/05/11 19:01:43 deraadt Exp $");
#include <sys/types.h>
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
#include <sys/param.h>
#include "openbsd-compat/sys-tree.h"
#include <errno.h>
#include <stdarg.h>
#include <string.h>
#include "ssh.h"
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
#include "monitor_mm.h"

3
crypto/openssh/monitor_mm.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
/* $OpenBSD: monitor_mm.h,v 1.4 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -27,7 +27,6 @@
#ifndef _MM_H_
#define _MM_H_
#include "openbsd-compat/sys-tree.h"
struct mm_share {
RB_ENTRY(mm_share) next;

18
crypto/openssh/msg.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: msg.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@ -21,14 +22,23 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $");
#include <sys/types.h>
#include <sys/uio.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdarg.h>
#include "buffer.h"
#include "getput.h"
#include "log.h"
#include "atomicio.h"
#include "msg.h"
#include "misc.h"
int
ssh_msg_send(int fd, u_char type, Buffer *m)
@ -38,7 +48,7 @@ ssh_msg_send(int fd, u_char type, Buffer *m)
debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff);
PUT_32BIT(buf, mlen + 1);
put_u32(buf, mlen + 1);
buf[4] = type; /* 1st byte of payload is mesg-type */
if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
error("ssh_msg_send: write");
@ -64,7 +74,7 @@ ssh_msg_recv(int fd, Buffer *m)
error("ssh_msg_recv: read: header");
return (-1);
}
msg_len = GET_32BIT(buf);
msg_len = get_u32(buf);
if (msg_len > 256 * 1024) {
error("ssh_msg_recv: read: bad msg_len %u", msg_len);
return (-1);

2
crypto/openssh/msg.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: msg.h,v 1.3 2003/11/17 09:45:39 djm Exp $ */
/* $OpenBSD: msg.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*

9
crypto/openssh/nchan.c
View File

@ -1,3 +1,4 @@
/* $OpenBSD: nchan.c,v 1.57 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@ -23,7 +24,13 @@
*/
#include "includes.h"
RCSID("$OpenBSD: nchan.c,v 1.51 2004/07/11 17:48:47 deraadt Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
#include <string.h>
#include <stdarg.h>
#include "ssh1.h"
#include "ssh2.h"

6
crypto/openssh/openbsd-compat/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $
# $Id: Makefile.in,v 1.40 2006/08/30 17:24:41 djm Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@ -16,11 +16,11 @@ RANLIB=@RANLIB@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
PORTS=port-irix.o port-aix.o port-uw.o port-tun.o
PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

2
crypto/openssh/openbsd-compat/basename.c
View File

@ -20,6 +20,8 @@
#include "includes.h"
#ifndef HAVE_BASENAME
#include <errno.h>
#include <string.h>
char *
basename(const char *path)

8
crypto/openssh/openbsd-compat/bindresvport.c
View File

@ -33,8 +33,14 @@
#include "includes.h"
#ifndef HAVE_BINDRESVPORT_SA
#include <sys/types.h>
#include <sys/socket.h>
#include "includes.h"
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <string.h>
#define STARTPORT 600
#define ENDPORT (IPPORT_RESERVED - 1)

8
crypto/openssh/openbsd-compat/bsd-arc4random.c
View File

@ -15,9 +15,13 @@
*/
#include "includes.h"
#include "log.h"
RCSID("$Id: bsd-arc4random.c,v 1.10 2005/02/16 02:01:28 djm Exp $");
#include <sys/types.h>
#include <string.h>
#include <stdarg.h>
#include "log.h"
#ifndef HAVE_ARC4RANDOM

4
crypto/openssh/openbsd-compat/bsd-asprintf.c
View File

@ -21,6 +21,10 @@
#ifndef HAVE_VASPRINTF
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#ifndef VA_COPY
# ifdef HAVE_VA_COPY
# define VA_COPY(dest, src) va_copy(dest, src)

25
crypto/openssh/openbsd-compat/bsd-closefrom.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -22,9 +22,14 @@
#include <sys/param.h>
#include <unistd.h>
#include <stdio.h>
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif
#include <limits.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_DIRENT_H
# include <dirent.h>
# define NAMLEN(dirent) strlen((dirent)->d_name)
@ -46,15 +51,20 @@
# define OPEN_MAX 256
#endif
RCSID("$Id: bsd-closefrom.c,v 1.2 2005/11/10 08:29:13 dtucker Exp $");
#ifndef lint
static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
#if 0
__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $";
#endif /* lint */
/*
* Close all file descriptors greater than or equal to lowfd.
*/
#ifdef HAVE_FCNTL_CLOSEM
void
closefrom(int lowfd)
{
(void) fcntl(lowfd, F_CLOSEM, 0);
}
#else
void
closefrom(int lowfd)
{
@ -67,7 +77,7 @@ closefrom(int lowfd)
/* Check for a /proc/$$/fd directory. */
len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
if (len >= 0 && (u_int)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
if (len > 0 && (size_t)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
while ((dent = readdir(dirp)) != NULL) {
fd = strtol(dent->d_name, &endp, 10);
if (dent->d_name != endp && *endp == '\0' &&
@ -95,6 +105,5 @@ closefrom(int lowfd)
(void) close((int) fd);
}
}
#endif /* !HAVE_FCNTL_CLOSEM */
#endif /* HAVE_CLOSEFROM */

5
crypto/openssh/openbsd-compat/bsd-cray.c
View File

@ -1,5 +1,5 @@
/*
* $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $
* $Id: bsd-cray.c,v 1.16 2006/09/01 05:38:41 djm Exp $
*
* bsd-cray.c
*
@ -52,7 +52,10 @@
#include <sys/secstat.h>
#include <sys/stat.h>
#include <sys/session.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#include <fcntl.h>
#include <errno.h>

35
crypto/openssh/openbsd-compat/bsd-cygwin_util.c
View File

@ -29,22 +29,8 @@
#include "includes.h"
RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
#ifdef HAVE_CYGWIN
#include <fcntl.h>
#include <stdlib.h>
#include <sys/utsname.h>
#include <sys/vfs.h>
#include <windows.h>
#include "xmalloc.h"
#define is_winnt (GetVersion() < 0x80000000)
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
#if defined(open) && open == binary_open
# undef open
#endif
@ -52,6 +38,23 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
# undef pipe
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/utsname.h>
#include <sys/vfs.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>
#include <windows.h>
#include "xmalloc.h"
#define is_winnt (GetVersion() < 0x80000000)
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
int
binary_open(const char *filename, int flags, ...)
{
@ -268,9 +271,9 @@ char **
fetch_windows_environment(void)
{
char **e, **p;
int i, idx = 0;
unsigned int i, idx = 0;
p = xmalloc((WENV_SIZ + 1) * sizeof(char *));
p = xcalloc(WENV_SIZ + 1, sizeof(char *));
for (e = environ; *e != NULL; ++e) {
for (i = 0; i < WENV_SIZ; ++i) {
if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))

7
crypto/openssh/openbsd-compat/bsd-getpeereid.c
View File

@ -16,10 +16,13 @@
#include "includes.h"
RCSID("$Id: bsd-getpeereid.c,v 1.3 2004/02/17 05:49:55 djm Exp $");
#if !defined(HAVE_GETPEEREID)
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#if defined(SO_PEERCRED)
int
getpeereid(int s, uid_t *euid, gid_t *gid)

14
crypto/openssh/openbsd-compat/bsd-misc.c
View File

@ -16,9 +16,19 @@
*/
#include "includes.h"
#include "xmalloc.h"
RCSID("$Id: bsd-misc.c,v 1.28 2005/11/01 22:07:31 dtucker Exp $");
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
#include <string.h>
#include <signal.h>
#include <stdlib.h>
#include "xmalloc.h"
#ifndef HAVE___PROGNAME
char *__progname;

Some files were not shown because too many files have changed in this diff Show More