d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge conflicts.

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2006-03-22 20:41:37 +00:00
parent 4f87d65874
commit b74df5b26f
39 changed files with 2527 additions and 1949 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

462
crypto/openssh/acconfig.h
View File

@ -1,462 +0,0 @@
/* $Id: acconfig.h,v 1.183 2005/07/07 10:33:36 dtucker Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _CONFIG_H
#define _CONFIG_H
/* Generated automatically from acconfig.h by autoheader. */
/* Please make your changes there */
@TOP@
/* Define if your platform breaks doing a seteuid before a setuid */
#undef SETEUID_BREAKS_SETUID
/* Define if your setreuid() is broken */
#undef BROKEN_SETREUID
/* Define if your setregid() is broken */
#undef BROKEN_SETREGID
/* Define if your setresuid() is broken */
#undef BROKEN_SETRESUID
/* Define if your setresgid() is broken */
#undef BROKEN_SETRESGID
/* Define to a Set Process Title type if your system is */
/* supported by bsd-setproctitle.c */
#undef SPT_TYPE
#undef SPT_PADCHAR
/* SCO workaround */
#undef BROKEN_SYS_TERMIO_H
/* Define if you have SecureWare-based protected password database */
#undef HAVE_SECUREWARE
/* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
/* from environment and PATH */
#undef LOGIN_PROGRAM_FALLBACK
/* Full path of your "passwd" program */
#undef _PATH_PASSWD_PROG
/* Define if your password has a pw_class field */
#undef HAVE_PW_CLASS_IN_PASSWD
/* Define if your password has a pw_expire field */
#undef HAVE_PW_EXPIRE_IN_PASSWD
/* Define if your password has a pw_change field */
#undef HAVE_PW_CHANGE_IN_PASSWD
/* Define if your system uses access rights style file descriptor passing */
#undef HAVE_ACCRIGHTS_IN_MSGHDR
/* Define if your system uses ancillary data style file descriptor passing */
#undef HAVE_CONTROL_IN_MSGHDR
/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
#undef BROKEN_INET_NTOA
/* Define if your system defines sys_errlist[] */
#undef HAVE_SYS_ERRLIST
/* Define if your system defines sys_nerr */
#undef HAVE_SYS_NERR
/* Define if your system choked on IP TOS setting */
#undef IP_TOS_IS_BROKEN
/* Define if you have the getuserattr function. */
#undef HAVE_GETUSERATTR
/* Define if you have the basename function. */
#undef HAVE_BASENAME
/* Work around problematic Linux PAM modules handling of PAM_TTY */
#undef PAM_TTY_KLUDGE
/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
#undef SSHPAM_CHAUTHTOK_NEEDS_RUID
/* Use PIPES instead of a socketpair() */
#undef USE_PIPES
/* Define if your snprintf is busted */
#undef BROKEN_SNPRINTF
/* Define if you are on Cygwin */
#undef HAVE_CYGWIN
/* Define if you have a broken realpath. */
#undef BROKEN_REALPATH
/* Define if you are on NeXT */
#undef HAVE_NEXT
/* Define if you want to enable PAM support */
#undef USE_PAM
/* Define if you want to enable AIX4's authenticate function */
#undef WITH_AIXAUTHENTICATE
/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
#undef AIX_LOGINFAILED_4ARG
/* Define if your skeychallenge() function takes 4 arguments (eg NetBSD) */
#undef SKEYCHALLENGE_4ARG
/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
#undef WITH_IRIX_ARRAY
/* Define if you want IRIX project management */
#undef WITH_IRIX_PROJECT
/* Define if you want IRIX audit trails */
#undef WITH_IRIX_AUDIT
/* Define if you want IRIX kernel jobs */
#undef WITH_IRIX_JOBS
/* Location of PRNGD/EGD random number socket */
#undef PRNGD_SOCKET
/* Port number of PRNGD/EGD random number socket */
#undef PRNGD_PORT
/* Builtin PRNG command timeout */
#undef ENTROPY_TIMEOUT_MSEC
/* non-privileged user for privilege separation */
#undef SSH_PRIVSEP_USER
/* Define if you want to install preformatted manpages.*/
#undef MANTYPE
/* Define if your ssl headers are included with #include <openssl/header.h> */
#undef HAVE_OPENSSL
/* Define if you are linking against RSAref. Used only to print the right
* message at run-time. */
#undef RSAREF
/* struct timeval */
#undef HAVE_STRUCT_TIMEVAL
/* struct utmp and struct utmpx fields */
#undef HAVE_HOST_IN_UTMP
#undef HAVE_HOST_IN_UTMPX
#undef HAVE_ADDR_IN_UTMP
#undef HAVE_ADDR_IN_UTMPX
#undef HAVE_ADDR_V6_IN_UTMP
#undef HAVE_ADDR_V6_IN_UTMPX
#undef HAVE_SYSLEN_IN_UTMPX
#undef HAVE_PID_IN_UTMP
#undef HAVE_TYPE_IN_UTMP
#undef HAVE_TYPE_IN_UTMPX
#undef HAVE_TV_IN_UTMP
#undef HAVE_TV_IN_UTMPX
#undef HAVE_ID_IN_UTMP
#undef HAVE_ID_IN_UTMPX
#undef HAVE_EXIT_IN_UTMP
#undef HAVE_TIME_IN_UTMP
#undef HAVE_TIME_IN_UTMPX
/* Define if you don't want to use your system's login() call */
#undef DISABLE_LOGIN
/* Define if you don't want to use pututline() etc. to write [uw]tmp */
#undef DISABLE_PUTUTLINE
/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
#undef DISABLE_PUTUTXLINE
/* Define if you don't want to use lastlog */
#undef DISABLE_LASTLOG
/* Define if you don't want to use lastlog in session.c */
#undef NO_SSH_LASTLOG
/* Define if you don't want to use utmp */
#undef DISABLE_UTMP
/* Define if you don't want to use utmpx */
#undef DISABLE_UTMPX
/* Define if you don't want to use wtmp */
#undef DISABLE_WTMP
/* Define if you don't want to use wtmpx */
#undef DISABLE_WTMPX
/* Some systems need a utmpx entry for /bin/login to work */
#undef LOGIN_NEEDS_UTMPX
/* Some versions of /bin/login need the TERM supplied on the commandline */
#undef LOGIN_NEEDS_TERM
/* Define if your login program cannot handle end of options ("--") */
#undef LOGIN_NO_ENDOPT
/* Define if you want to specify the path to your lastlog file */
#undef CONF_LASTLOG_FILE
/* Define if you want to specify the path to your utmp file */
#undef CONF_UTMP_FILE
/* Define if you want to specify the path to your wtmp file */
#undef CONF_WTMP_FILE
/* Define if you want to specify the path to your utmpx file */
#undef CONF_UTMPX_FILE
/* Define if you want to specify the path to your wtmpx file */
#undef CONF_WTMPX_FILE
/* Define if you want external askpass support */
#undef USE_EXTERNAL_ASKPASS
/* Define if libc defines __progname */
#undef HAVE___PROGNAME
/* Define if compiler implements __FUNCTION__ */
#undef HAVE___FUNCTION__
/* Define if compiler implements __func__ */
#undef HAVE___func__
/* Define this is you want GSSAPI support in the version 2 protocol */
#undef GSSAPI
/* Define if you want Kerberos 5 support */
#undef KRB5
/* Define this if you are using the Heimdal version of Kerberos V5 */
#undef HEIMDAL
/* Define this if you want to use libkafs' AFS support */
#undef USE_AFS
/* Define if you want S/Key support */
#undef SKEY
/* Define if you want OPIE support */
#undef OPIE
/* Define if you want TCP Wrappers support */
#undef LIBWRAP
/* Define if your libraries define login() */
#undef HAVE_LOGIN
/* Define if your libraries define daemon() */
#undef HAVE_DAEMON
/* Define if your libraries define getpagesize() */
#undef HAVE_GETPAGESIZE
/* Define if xauth is found in your path */
#undef XAUTH_PATH
/* Define if you want to allow MD5 passwords */
#undef HAVE_MD5_PASSWORDS
/* Define if you want to disable shadow passwords */
#undef DISABLE_SHADOW
/* Define if you want to use shadow password expire field */
#undef HAS_SHADOW_EXPIRE
/* Define if you have Digital Unix Security Integration Architecture */
#undef HAVE_OSF_SIA
/* Define if you have getpwanam(3) [SunOS 4.x] */
#undef HAVE_GETPWANAM
/* Define if you have an old version of PAM which takes only one argument */
/* to pam_strerror */
#undef HAVE_OLD_PAM
/* Define if you are using Solaris-derived PAM which passes pam_messages */
/* to the conversation function with an extra level of indirection */
#undef PAM_SUN_CODEBASE
/* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY
/* Data types */
#undef HAVE_U_INT
#undef HAVE_INTXX_T
#undef HAVE_U_INTXX_T
#undef HAVE_UINTXX_T
#undef HAVE_INT64_T
#undef HAVE_U_INT64_T
#undef HAVE_U_CHAR
#undef HAVE_SIZE_T
#undef HAVE_SSIZE_T
#undef HAVE_CLOCK_T
#undef HAVE_MODE_T
#undef HAVE_PID_T
#undef HAVE_SA_FAMILY_T
#undef HAVE_STRUCT_SOCKADDR_STORAGE
#undef HAVE_STRUCT_ADDRINFO
#undef HAVE_STRUCT_IN6_ADDR
#undef HAVE_STRUCT_SOCKADDR_IN6
/* Fields in struct sockaddr_storage */
#undef HAVE_SS_FAMILY_IN_SS
#undef HAVE___SS_FAMILY_IN_SS
/* Define if you have /dev/ptmx */
#undef HAVE_DEV_PTMX
/* Define if you have /dev/ptc */
#undef HAVE_DEV_PTS_AND_PTC
/* Define if you need to use IP address instead of hostname in $DISPLAY */
#undef IPADDR_IN_DISPLAY
/* Specify default $PATH */
#undef USER_PATH
/* Specify location of ssh.pid */
#undef _PATH_SSH_PIDDIR
/* getaddrinfo is broken (if present) */
#undef BROKEN_GETADDRINFO
/* updwtmpx is broken (if present) */
#undef BROKEN_UPDWTMPX
/* Workaround more Linux IPv6 quirks */
#undef DONT_TRY_OTHER_AF
/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
#undef IPV4_IN_IPV6
/* Define if you have BSD auth support */
#undef BSD_AUTH
/* Define if X11 doesn't support AF_UNIX sockets on that system */
#undef NO_X11_UNIX_SOCKETS
/* Define if the concept of ports only accessible to superusers isn't known */
#undef NO_IPPORT_RESERVED_CONCEPT
/* Needed for SCO and NeXT */
#undef BROKEN_SAVED_UIDS
/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
#undef GLOB_HAS_ALTDIRFUNC
/* Define if your system glob() function has gl_matchc options in glob_t */
#undef GLOB_HAS_GL_MATCHC
/* Define in your struct dirent expects you to allocate extra space for d_name */
#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
/* Define if your system has /etc/default/login */
#undef HAVE_ETC_DEFAULT_LOGIN
/* Define if your getopt(3) defines and uses optreset */
#undef HAVE_GETOPT_OPTRESET
/* Define on *nto-qnx systems */
#undef MISSING_NFDBITS
/* Define on *nto-qnx systems */
#undef MISSING_HOWMANY
/* Define on *nto-qnx systems */
#undef MISSING_FD_MASK
/* Define if you want smartcard support */
#undef SMARTCARD
/* Define if you want smartcard support using sectok */
#undef USE_SECTOK
/* Define if you want smartcard support using OpenSC */
#undef USE_OPENSC
/* Define if you want to use OpenSSL's internally seeded PRNG only */
#undef OPENSSL_PRNG_ONLY
/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
#undef WITH_ABBREV_NO_TTY
/* Define if you want a different $PATH for the superuser */
#undef SUPERUSER_PATH
/* Path that unprivileged child will chroot() to in privep mode */
#undef PRIVSEP_PATH
/* Define if your platform needs to skip post auth file descriptor passing */
#undef DISABLE_FD_PASSING
/* Silly mkstemp() */
#undef HAVE_STRICT_MKSTEMP
/* Some systems put this outside of libc */
#undef HAVE_NANOSLEEP
/* Define if sshd somehow reacquires a controlling TTY after setsid() */
#undef SSHD_ACQUIRES_CTTY
/* Define if cmsg_type is not passed correctly */
#undef BROKEN_CMSG_TYPE
/*
* Define to whatever link() returns for "not supported" if it doesn't
* return EOPNOTSUPP.
*/
#undef LINK_OPNOTSUPP_ERRNO
/* Strings used in /etc/passwd to denote locked account */
#undef LOCKED_PASSWD_STRING
#undef LOCKED_PASSWD_PREFIX
#undef LOCKED_PASSWD_SUBSTR
/* Define if getrrsetbyname() exists */
#undef HAVE_GETRRSETBYNAME
/* Define if HEADER.ad exists in arpa/nameser.h */
#undef HAVE_HEADER_AD
/* Define if your resolver libs need this for getrrsetbyname */
#undef BIND_8_COMPAT
/* Define if you have /proc/$pid/fd */
#undef HAVE_PROC_PID
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */
#endif /* _CONFIG_H */

9
crypto/openssh/auth-krb5.c
View File

@ -28,7 +28,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
@ -70,9 +70,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
krb5_ccache ccache = NULL;
int len;
if (!authctxt->valid)
return (0);
temporarily_use_uid(authctxt->pw);
problem = krb5_init(authctxt);
@ -189,7 +186,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
else
return (0);
}
return (1);
return (authctxt->valid ? 1 : 0);
}
void
@ -219,7 +216,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
ret = snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
if (ret == -1 || ret >= sizeof(ccname))
if (ret < 0 || (size_t)ret >= sizeof(ccname))
return ENOMEM;
old_umask = umask(0177);

16
crypto/openssh/auth-pam.c
View File

@ -47,7 +47,7 @@
/* Based on $xFreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
RCSID("$Id: auth-pam.c,v 1.126 2005/07/17 07:18:50 djm Exp $");
RCSID("$Id: auth-pam.c,v 1.128 2006/01/29 05:46:13 dtucker Exp $");
RCSID("$FreeBSD$");
#ifdef USE_PAM
@ -717,8 +717,18 @@ sshpam_query(void *ctx, char **name, char **info,
plen++;
xfree(msg);
break;
case PAM_SUCCESS:
case PAM_AUTH_ERR:
debug3("PAM: PAM_AUTH_ERR");
if (**prompts != NULL && strlen(**prompts) != 0) {
*info = **prompts;
**prompts = NULL;
*num = 0;
**echo_on = 0;
ctxt->pam_done = -1;
return 0;
}
/* FALLTHROUGH */
case PAM_SUCCESS:
if (**prompts != NULL) {
/* drain any accumulated messages */
debug("PAM: %s", **prompts);
@ -764,7 +774,7 @@ sshpam_respond(void *ctx, u_int num, char **resp)
Buffer buffer;
struct pam_ctxt *ctxt = ctx;
debug2("PAM: %s entering, %d responses", __func__, num);
debug2("PAM: %s entering, %u responses", __func__, num);
switch (ctxt->pam_done) {
case 1:
sshpam_authenticated = 1;

12
crypto/openssh/auth2.c
View File

@ -165,21 +165,17 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
} else {
logit("input_userauth_request: invalid user %s", user);
authctxt->pw = fakepw();
#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_INVALID_USER));
#endif
}
#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service);

5
crypto/openssh/bufaux.c
View File

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $");
RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $");
RCSID("$FreeBSD$");
#include <openssl/bn.h>
@ -64,6 +64,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
if (oi != bin_size) {
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
oi, bin_size);
xfree(buf);
return (-1);
}
@ -188,10 +189,12 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
if (len > 0 && (bin[0] & 0x80)) {
error("buffer_get_bignum2_ret: negative numbers not supported");
xfree(bin);
return (-1);
}
if (len > 8 * 1024) {
error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
xfree(bin);
return (-1);
}
BN_bin2bn(bin, len, value);

41
crypto/openssh/canohost.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $");
RCSID("$OpenBSD: canohost.c,v 1.48 2005/12/28 22:46:06 stevesk Exp $");
#include "packet.h"
#include "xmalloc.h"
@ -43,9 +43,6 @@ get_remote_hostname(int sock, int use_dns)
cleanup_exit(255);
}
if (from.ss_family == AF_INET)
check_ip_options(sock, ntop);
ipv64_normalise_mapped(&from, &fromlen);
if (from.ss_family == AF_INET6)
@ -55,6 +52,9 @@ get_remote_hostname(int sock, int use_dns)
NULL, 0, NI_NUMERICHOST) != 0)
fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
if (from.ss_family == AF_INET)
check_ip_options(sock, ntop);
if (!use_dns)
return xstrdup(ntop);
@ -102,7 +102,7 @@ get_remote_hostname(int sock, int use_dns)
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
logit("reverse mapping checking getaddrinfo for %.700s "
"failed - POSSIBLE BREAKIN ATTEMPT!", name);
"failed - POSSIBLE BREAK-IN ATTEMPT!", name);
return xstrdup(ntop);
}
/* Look for the address from the list of addresses. */
@ -117,7 +117,7 @@ get_remote_hostname(int sock, int use_dns)
if (!ai) {
/* Address not found for the host name. */
logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAKIN ATTEMPT!",
"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
ntop, name);
return xstrdup(ntop);
}
@ -158,9 +158,7 @@ check_ip_options(int sock, char *ipaddr)
for (i = 0; i < option_size; i++)
snprintf(text + i*3, sizeof(text) - i*3,
" %2.2x", options[i]);
logit("Connection from %.100s with IP options:%.800s",
ipaddr, text);
packet_disconnect("Connection from %.100s with IP options:%.800s",
fatal("Connection from %.100s with IP options:%.800s",
ipaddr, text);
}
#endif /* IP_OPTIONS */
@ -200,26 +198,27 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
const char *
get_canonical_hostname(int use_dns)
{
char *host;
static char *canonical_host_name = NULL;
static int use_dns_done = 0;
static char *remote_ip = NULL;
/* Check if we have previously retrieved name with same option. */
if (canonical_host_name != NULL) {
if (use_dns_done != use_dns)
xfree(canonical_host_name);
else
return canonical_host_name;
}
if (use_dns && canonical_host_name != NULL)
return canonical_host_name;
if (!use_dns && remote_ip != NULL)
return remote_ip;
/* Get the real hostname if socket; otherwise return UNKNOWN. */
if (packet_connection_is_on_socket())
canonical_host_name = get_remote_hostname(
packet_get_connection_in(), use_dns);
host = get_remote_hostname(packet_get_connection_in(), use_dns);
else
canonical_host_name = xstrdup("UNKNOWN");
host = "UNKNOWN";
use_dns_done = use_dns;
return canonical_host_name;
if (use_dns)
canonical_host_name = host;
else
remote_ip = host;
return host;
}
/*

168
crypto/openssh/channels.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $");
RCSID("$OpenBSD: channels.c,v 1.232 2006/01/30 12:22:22 reyk Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -58,8 +58,6 @@ RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $");
/* -- channel core */
#define CHAN_RBUF 16*1024
/*
* Pointer to an array containing all allocated channels. The array is
* dynamically extended as needed.
@ -142,22 +140,50 @@ static void port_open_helper(Channel *c, char *rtype);
/* -- channel core */
Channel *
channel_lookup(int id)
channel_by_id(int id)
{
Channel *c;
if (id < 0 || (u_int)id >= channels_alloc) {
logit("channel_lookup: %d: bad id", id);
logit("channel_by_id: %d: bad id", id);
return NULL;
}
c = channels[id];
if (c == NULL) {
logit("channel_lookup: %d: bad id: channel free", id);
logit("channel_by_id: %d: bad id: channel free", id);
return NULL;
}
return c;
}
/*
* Returns the channel if it is allowed to receive protocol messages.
* Private channels, like listening sockets, may not receive messages.
*/
Channel *
channel_lookup(int id)
{
Channel *c;
if ((c = channel_by_id(id)) == NULL)
return (NULL);
switch(c->type) {
case SSH_CHANNEL_X11_OPEN:
case SSH_CHANNEL_LARVAL:
case SSH_CHANNEL_CONNECTING:
case SSH_CHANNEL_DYNAMIC:
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_OPEN:
case SSH_CHANNEL_INPUT_DRAINING:
case SSH_CHANNEL_OUTPUT_DRAINING:
return (c);
break;
}
logit("Non-public channel %d, type %d.", id, c->type);
return (NULL);
}
/*
* Register filedescriptors for a channel, used when allocating a channel or
* when the channel consumer/producer is ready, e.g. shell exec'd
@ -269,9 +295,11 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
c->force_drain = 0;
c->single_connection = 0;
c->detach_user = NULL;
c->detach_close = 0;
c->confirm = NULL;
c->confirm_ctx = NULL;
c->input_filter = NULL;
c->output_filter = NULL;
debug("channel %d: new [%s]", found, remote_name);
return c;
}
@ -628,29 +656,32 @@ channel_register_confirm(int id, channel_callback_fn *fn, void *ctx)
c->confirm_ctx = ctx;
}
void
channel_register_cleanup(int id, channel_callback_fn *fn)
channel_register_cleanup(int id, channel_callback_fn *fn, int do_close)
{
Channel *c = channel_lookup(id);
Channel *c = channel_by_id(id);
if (c == NULL) {
logit("channel_register_cleanup: %d: bad id", id);
return;
}
c->detach_user = fn;
c->detach_close = do_close;
}
void
channel_cancel_cleanup(int id)
{
Channel *c = channel_lookup(id);
Channel *c = channel_by_id(id);
if (c == NULL) {
logit("channel_cancel_cleanup: %d: bad id", id);
return;
}
c->detach_user = NULL;
c->detach_close = 0;
}
void
channel_register_filter(int id, channel_filter_fn *fn)
channel_register_filter(int id, channel_infilter_fn *ifn,
channel_outfilter_fn *ofn)
{
Channel *c = channel_lookup(id);
@ -658,7 +689,8 @@ channel_register_filter(int id, channel_filter_fn *fn)
logit("channel_register_filter: %d: bad id", id);
return;
}
c->input_filter = fn;
c->input_filter = ifn;
c->output_filter = ofn;
}
void
@ -1227,6 +1259,19 @@ port_open_helper(Channel *c, char *rtype)
xfree(remote_ipaddr);
}
static void
channel_set_reuseaddr(int fd)
{
int on = 1;
/*
* Set socket options.
* Allow local port reuse in TIME_WAIT.
*/
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
}
/*
* This socket is listening for connections to a forwarded TCP/IP port.
*/
@ -1398,6 +1443,8 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
debug2("channel %d: filter stops", c->self);
chan_read_failed(c);
}
} else if (c->datagram) {
buffer_put_string(&c->input, buf, len);
} else {
buffer_append(&c->input, buf, len);
}
@ -1408,7 +1455,7 @@ static int
channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
{
struct termios tio;
u_char *data;
u_char *data = NULL, *buf;
u_int dlen;
int len;
@ -1416,14 +1463,45 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
if (c->wfd != -1 &&
FD_ISSET(c->wfd, writeset) &&
buffer_len(&c->output) > 0) {
data = buffer_ptr(&c->output);
dlen = buffer_len(&c->output);
if (c->output_filter != NULL) {
if ((buf = c->output_filter(c, &data, &dlen)) == NULL) {
debug2("channel %d: filter stops", c->self);
if (c->type != SSH_CHANNEL_OPEN)
chan_mark_dead(c);
else
chan_write_failed(c);
return -1;
}
} else if (c->datagram) {
buf = data = buffer_get_string(&c->output, &dlen);
} else {
buf = data = buffer_ptr(&c->output);
dlen = buffer_len(&c->output);
}
if (c->datagram) {
/* ignore truncated writes, datagrams might get lost */
c->local_consumed += dlen + 4;
len = write(c->wfd, buf, dlen);
xfree(data);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN)
chan_mark_dead(c);
else
chan_write_failed(c);
return -1;
}
return 1;
}
#ifdef _AIX
/* XXX: Later AIX versions can't push as much data to tty */
if (compat20 && c->wfd_isatty)
dlen = MIN(dlen, 8*1024);
#endif
len = write(c->wfd, data, dlen);
len = write(c->wfd, buf, dlen);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
@ -1440,14 +1518,14 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
}
return -1;
}
if (compat20 && c->isatty && dlen >= 1 && data[0] != '\r') {
if (compat20 && c->isatty && dlen >= 1 && buf[0] != '\r') {
if (tcgetattr(c->wfd, &tio) == 0 &&
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
/*
* Simulate echo to reduce the impact of
* traffic analysis. We need to match the
* size of a SSH2_MSG_CHANNEL_DATA message
* (4 byte channel id + data)
* (4 byte channel id + buf)
*/
packet_send_ignore(4 + len);
packet_send();
@ -1666,7 +1744,7 @@ channel_garbage_collect(Channel *c)
if (c == NULL)
return;
if (c->detach_user != NULL) {
if (!chan_is_dead(c, 0))
if (!chan_is_dead(c, c->detach_close))
return;
debug2("channel %d: gc: notify user", c->self);
c->detach_user(c->self, NULL);
@ -1776,6 +1854,22 @@ channel_output_poll(void)
if ((c->istate == CHAN_INPUT_OPEN ||
c->istate == CHAN_INPUT_WAIT_DRAIN) &&
(len = buffer_len(&c->input)) > 0) {
if (c->datagram) {
if (len > 0) {
u_char *data;
u_int dlen;
data = buffer_get_string(&c->input,
&dlen);
packet_start(SSH2_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(data, dlen);
packet_send();
c->remote_window -= dlen + 4;
xfree(data);
}
continue;
}
/*
* Send some data for the other side over the secure
* connection.
@ -1898,7 +1992,10 @@ channel_input_data(int type, u_int32_t seq, void *ctxt)
c->local_window -= data_len;
}
packet_check_eom();
buffer_append(&c->output, data, data_len);
if (c->datagram)
buffer_put_string(&c->output, data, data_len);
else
buffer_append(&c->output, data, data_len);
xfree(data);
}
@ -2129,9 +2226,8 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
id = packet_get_int();
c = channel_lookup(id);
if (c == NULL || c->type != SSH_CHANNEL_OPEN) {
logit("Received window adjust for "
"non-open channel %d.", id);
if (c == NULL) {
logit("Received window adjust for non-open channel %d.", id);
return;
}
adjust = packet_get_int();
@ -2188,7 +2284,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
const char *host_to_connect, u_short port_to_connect, int gateway_ports)
{
Channel *c;
int sock, r, success = 0, on = 1, wildcard = 0, is_client;
int sock, r, success = 0, wildcard = 0, is_client;
struct addrinfo hints, *ai, *aitop;
const char *host, *addr;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@ -2275,13 +2371,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
verbose("socket: %.100s", strerror(errno));
continue;
}
/*
* Set socket options.
* Allow local port reuse in TIME_WAIT.
*/
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on,
sizeof(on)) == -1)
error("setsockopt SO_REUSEADDR: %s", strerror(errno));
channel_set_reuseaddr(sock);
debug("Local forwarding listening on %s port %s.", ntop, strport);
@ -2453,7 +2544,7 @@ channel_request_rforward_cancel(const char *host, u_short port)
permitted_opens[i].listen_port = 0;
permitted_opens[i].port_to_connect = 0;
free(permitted_opens[i].host_to_connect);
xfree(permitted_opens[i].host_to_connect);
permitted_opens[i].host_to_connect = NULL;
}
@ -2668,6 +2759,9 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
char strport[NI_MAXSERV];
int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
if (chanids == NULL)
return -1;
for (display_number = x11_display_offset;
display_number < MAX_DISPLAYS;
display_number++) {
@ -2704,6 +2798,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
}
#endif
channel_set_reuseaddr(sock);
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
debug2("bind port %d: %.100s", port, strerror(errno));
close(sock);
@ -2749,8 +2844,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
}
/* Allocate a channel for each socket. */
if (chanids != NULL)
*chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
*chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
nc = channel_new("x11 listener",
@ -2758,11 +2852,9 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, "X11 inet listener", 1);
nc->single_connection = single_connection;
if (*chanids != NULL)
(*chanids)[n] = nc->self;
(*chanids)[n] = nc->self;
}
if (*chanids != NULL)
(*chanids)[n] = -1;
(*chanids)[n] = -1;
/* Return the display number for the DISPLAY environment variable. */
*display_numberp = display_number;
@ -2948,7 +3040,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt)
error("deny_input_open: type %d", type);
break;
}
error("Warning: this is probably a break in attempt by a malicious server.");
error("Warning: this is probably a break-in attempt by a malicious server.");
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(rchan);
packet_send();

20
crypto/openssh/channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.79 2005/07/17 06:49:04 djm Exp $ */
/* $OpenBSD: channels.h,v 1.83 2005/12/30 15:56:37 reyk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -63,7 +63,8 @@ struct Channel;
typedef struct Channel Channel;
typedef void channel_callback_fn(int, void *);
typedef int channel_filter_fn(struct Channel *, char *, int);
typedef int channel_infilter_fn(struct Channel *, char *, int);
typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *);
struct Channel {
int type; /* channel type/state */
@ -106,11 +107,15 @@ struct Channel {
/* callback */
channel_callback_fn *confirm;
channel_callback_fn *detach_user;
void *confirm_ctx;
channel_callback_fn *detach_user;
int detach_close;
/* filter */
channel_filter_fn *input_filter;
channel_infilter_fn *input_filter;
channel_outfilter_fn *output_filter;
int datagram; /* keep boundaries */
};
#define CHAN_EXTENDED_IGNORE 0
@ -142,6 +147,8 @@ struct Channel {
#define CHAN_EOF_SENT 0x04
#define CHAN_EOF_RCVD 0x08
#define CHAN_RBUF 16*1024
/* check whether 'efd' is still in use */
#define CHANNEL_EFD_INPUT_ACTIVE(c) \
(compat20 && c->extended_usage == CHAN_EXTENDED_READ && \
@ -154,6 +161,7 @@ struct Channel {
/* channel management */
Channel *channel_by_id(int);
Channel *channel_lookup(int);
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
void channel_set_fds(int, int, int, int, int, int, u_int);
@ -163,9 +171,9 @@ void channel_stop_listening(void);
void channel_send_open(int);
void channel_request_start(int, char *, int);
void channel_register_cleanup(int, channel_callback_fn *);
void channel_register_cleanup(int, channel_callback_fn *, int);
void channel_register_confirm(int, channel_callback_fn *, void *);
void channel_register_filter(int, channel_filter_fn *);
void channel_register_filter(int, channel_infilter_fn *, channel_outfilter_fn *);
void channel_cancel_cleanup(int);
int channel_close_fd(int *);
void channel_send_window_changes(void);

4
crypto/openssh/cipher.c
View File

@ -334,7 +334,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
if ((u_int)evplen != len)
fatal("%s: wrong iv length %d != %d", __func__,
evplen, len);
#if OPENSSL_VERSION_NUMBER < 0x00907000L
#ifdef USE_BUILTIN_RIJNDAEL
if (c->evptype == evp_rijndael)
ssh_rijndael_iv(&cc->evp, 0, iv, len);
else
@ -365,7 +365,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
if (evplen == 0)
return;
#if OPENSSL_VERSION_NUMBER < 0x00907000L
#ifdef USE_BUILTIN_RIJNDAEL
if (c->evptype == evp_rijndael)
ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
else

840
crypto/openssh/configure.ac
View File

File diff suppressed because it is too large Load Diff

44
crypto/openssh/envpass.sh
View File

@ -1,44 +0,0 @@
# $OpenBSD: envpass.sh,v 1.1 2004/04/27 09:47:30 djm Exp $
# Placed in the Public Domain.
tid="environment passing"
# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
trace "pass env, don't accept"
verbose "test $tid: pass env, don't accept"
_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
'[ -z "$_TEST_ENV" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment found"
fi
trace "don't pass env, accept"
verbose "test $tid: don't pass env, accept"
${SSH} -F $OBJ/ssh_proxy otherhost \
'[ -z "$_XXX_TEST_A" -a -z "$_XXX_TEST_B" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment found"
fi
trace "pass single env, accept single env"
verbose "test $tid: pass single env, accept single env"
_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
'[ "x$_XXX_TEST" = "xblah" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment not found"
fi
trace "pass multiple env, accept multiple env"
verbose "test $tid: pass multiple env, accept multiple env"
_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
-F $OBJ/ssh_proxy otherhost \
'[ "x$_XXX_TEST_A" = "x1" -a "x$_XXX_TEST_B" = "x2" ]'
r=$?
if [ $r -ne 0 ]; then
fail "environment not found"
fi

6
crypto/openssh/hostfile.c
View File

@ -36,7 +36,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: hostfile.c,v 1.35 2005/07/27 10:39:03 dtucker Exp $");
RCSID("$OpenBSD: hostfile.c,v 1.36 2005/11/22 03:36:03 dtucker Exp $");
#include <resolv.h>
#include <openssl/hmac.h>
@ -88,8 +88,8 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
return (-1);
}
if (ret != SHA_DIGEST_LENGTH) {
debug2("extract_salt: expected salt len %u, got %u",
salt_len, ret);
debug2("extract_salt: expected salt len %d, got %d",
SHA_DIGEST_LENGTH, ret);
return (-1);
}

5
crypto/openssh/includes.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: includes.h,v 1.19 2005/05/19 02:42:26 djm Exp $ */
/* $OpenBSD: includes.h,v 1.22 2006/01/01 08:59:27 stevesk Exp $ */
/* $FreeBSD$ */
/*
@ -22,6 +22,8 @@ __RCSID(msg)
#include "config.h"
#define _GNU_SOURCE /* activate extra prototypes for glibc */
#include <stdarg.h>
#include <stdio.h>
#include <ctype.h>
@ -68,7 +70,6 @@ __RCSID(msg)
#ifdef HAVE_NEXT
# include <libc.h>
#endif
#define __USE_GNU /* before unistd.h, activate extra prototypes for glibc */
#include <unistd.h> /* For STDIN_FILENO, etc */
#include <termios.h> /* Struct winsize */

6
crypto/openssh/loginrec.c
View File

@ -165,7 +165,7 @@
# include <libutil.h>
#endif
RCSID("$Id: loginrec.c,v 1.70 2005/07/17 07:26:44 djm Exp $");
RCSID("$Id: loginrec.c,v 1.71 2005/11/22 08:55:13 dtucker Exp $");
RCSID("$FreeBSD$");
/**
@ -1590,7 +1590,7 @@ lastlog_get_entry(struct logininfo *li)
return (0);
default:
error("%s: Error reading from %s: Expecting %d, got %d",
__func__, LASTLOG_FILE, sizeof(last), ret);
__func__, LASTLOG_FILE, (int)sizeof(last), ret);
return (0);
}
@ -1614,7 +1614,7 @@ record_failed_login(const char *username, const char *hostname,
int fd;
struct utmp ut;
struct sockaddr_storage from;
size_t fromlen = sizeof(from);
socklen_t fromlen = sizeof(from);
struct sockaddr_in *a4;
struct sockaddr_in6 *a6;
time_t t;

14
crypto/openssh/monitor.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $");
RCSID("$FreeBSD$");
#include <openssl/dh.h>
@ -843,9 +843,7 @@ mm_answer_pam_account(int sock, Buffer *m)
ret = do_pam_account();
buffer_put_int(m, ret);
buffer_append(&loginmsg, "\0", 1);
buffer_put_cstring(m, buffer_ptr(&loginmsg));
buffer_clear(&loginmsg);
buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
@ -1840,7 +1838,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
buffer_clear(m);
buffer_put_int(m, major);
mm_request_send(sock,MONITOR_ANS_GSSSETUP, m);
mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
/* Now we have a context, enable the step */
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
@ -1853,7 +1851,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
{
gss_buffer_desc in;
gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
OM_uint32 major,minor;
OM_uint32 major, minor;
OM_uint32 flags = 0; /* GSI needs this */
u_int len;
@ -1870,7 +1868,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
gss_release_buffer(&minor, &out);
if (major==GSS_S_COMPLETE) {
if (major == GSS_S_COMPLETE) {
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@ -1919,7 +1917,7 @@ mm_answer_gss_userok(int sock, Buffer *m)
debug3("%s: sending result %d", __func__, authenticated);
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
auth_method="gssapi-with-mic";
auth_method = "gssapi-with-mic";
/* Monitor loop will terminate if authenticated */
return (authenticated);

1
crypto/openssh/monitor_wrap.c
View File

@ -73,7 +73,6 @@ extern struct monitor *pmonitor;
extern Buffer input, output;
extern Buffer loginmsg;
extern ServerOptions options;
extern Buffer loginmsg;
int
mm_is_monitor(void)

74
crypto/openssh/readconf.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $");
RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
@ -71,6 +71,10 @@ RCSID("$FreeBSD$");
Cipher none
PasswordAuthentication no
Host vpn.fake.com
Tunnel yes
TunnelDevice 3
# Defaults for various options
Host *
ForwardAgent no
@ -108,6 +112,7 @@ typedef enum {
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVersionAddendum,
oDeprecated, oUnsupported
} OpCodes;
@ -200,6 +205,10 @@ static struct {
{ "controlpath", oControlPath },
{ "controlmaster", oControlMaster },
{ "hashknownhosts", oHashKnownHosts },
{ "tunnel", oTunnel },
{ "tunneldevice", oTunnelDevice },
{ "localcommand", oLocalCommand },
{ "permitlocalcommand", oPermitLocalCommand },
{ "versionaddendum", oVersionAddendum },
{ NULL, oBadOption }
};
@ -267,6 +276,7 @@ clear_forwardings(Options *options)
xfree(options->remote_forwards[i].connect_host);
}
options->num_remote_forwards = 0;
options->tun_open = SSH_TUNMODE_NO;
}
/*
@ -299,7 +309,7 @@ process_config_line(Options *options, const char *host,
int *activep)
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
int opcode, *intptr, value;
int opcode, *intptr, value, value2;
size_t len;
Forward fwd;
@ -556,9 +566,10 @@ process_config_line(Options *options, const char *host,
goto parse_string;
case oProxyCommand:
charptr = &options->proxy_command;
parse_command:
if (s == NULL)
fatal("%.200s line %d: Missing argument.", filename, linenum);
charptr = &options->proxy_command;
len = strspn(s, WHITESPACE "=");
if (*activep && *charptr == NULL)
*charptr = xstrdup(s + len);
@ -825,6 +836,49 @@ process_config_line(Options *options, const char *host,
intptr = &options->hash_known_hosts;
goto parse_flag;
case oTunnel:
intptr = &options->tun_open;
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%s line %d: Missing yes/point-to-point/"
"ethernet/no argument.", filename, linenum);
value = 0; /* silence compiler */
if (strcasecmp(arg, "ethernet") == 0)
value = SSH_TUNMODE_ETHERNET;
else if (strcasecmp(arg, "point-to-point") == 0)
value = SSH_TUNMODE_POINTOPOINT;
else if (strcasecmp(arg, "yes") == 0)
value = SSH_TUNMODE_DEFAULT;
else if (strcasecmp(arg, "no") == 0)
value = SSH_TUNMODE_NO;
else
fatal("%s line %d: Bad yes/point-to-point/ethernet/"
"no argument: %s", filename, linenum, arg);
if (*activep)
*intptr = value;
break;
case oTunnelDevice:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
value = a2tun(arg, &value2);
if (value == SSH_TUNID_ERR)
fatal("%.200s line %d: Bad tun device.", filename, linenum);
if (*activep) {
options->tun_local = value;
options->tun_remote = value2;
}
break;
case oLocalCommand:
charptr = &options->local_command;
goto parse_command;
case oPermitLocalCommand:
intptr = &options->permit_local_command;
goto parse_flag;
case oVersionAddendum:
ssh_version_set_addendum(strtok(s, "\n"));
do {
@ -976,6 +1030,11 @@ initialize_options(Options * options)
options->control_path = NULL;
options->control_master = -1;
options->hash_known_hosts = -1;
options->tun_open = -1;
options->tun_local = -1;
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
}
/*
@ -1100,6 +1159,15 @@ fill_default_options(Options * options)
options->control_master = 0;
if (options->hash_known_hosts == -1)
options->hash_known_hosts = 0;
if (options->tun_open == -1)
options->tun_open = SSH_TUNMODE_NO;
if (options->tun_local == -1)
options->tun_local = SSH_TUNID_ANY;
if (options->tun_remote == -1)
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
/* options->local_command should not be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */

10
crypto/openssh/readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */
/* $OpenBSD: readconf.h,v 1.68 2005/12/06 22:38:27 reyk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -114,6 +114,14 @@ typedef struct {
int control_master;
int hash_known_hosts;
int tun_open; /* tun(4) */
int tun_local; /* force tun device (optional) */
int tun_remote; /* force tun device (optional) */
char *local_command;
int permit_local_command;
} Options;
#define SSHCTL_MASTER_NO 0

152
crypto/openssh/scp.c
View File

@ -71,7 +71,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $");
RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $");
#include "xmalloc.h"
#include "atomicio.h"
@ -118,6 +118,48 @@ killchild(int signo)
exit(1);
}
static int
do_local_cmd(arglist *a)
{
u_int i;
int status;
pid_t pid;
if (a->num == 0)
fatal("do_local_cmd: no arguments");
if (verbose_mode) {
fprintf(stderr, "Executing:");
for (i = 0; i < a->num; i++)
fprintf(stderr, " %s", a->list[i]);
fprintf(stderr, "\n");
}
if ((pid = fork()) == -1)
fatal("do_local_cmd: fork: %s", strerror(errno));
if (pid == 0) {
execvp(a->list[0], a->list);
perror(a->list[0]);
exit(1);
}
do_cmd_pid = pid;
signal(SIGTERM, killchild);
signal(SIGINT, killchild);
signal(SIGHUP, killchild);
while (waitpid(pid, &status, 0) == -1)
if (errno != EINTR)
fatal("do_local_cmd: waitpid: %s", strerror(errno));
do_cmd_pid = -1;
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
return (-1);
return (0);
}
/*
* This function executes the given command as the specified user on the
* given host. This returns < 0 if execution fails, and >= 0 otherwise. This
@ -162,7 +204,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
close(pin[0]);
close(pout[1]);
args.list[0] = ssh_program;
replacearg(&args, 0, "%s", ssh_program);
if (remuser != NULL)
addargs(&args, "-l%s", remuser);
addargs(&args, "%s", host);
@ -222,12 +264,17 @@ main(int argc, char **argv)
extern char *optarg;
extern int optind;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
__progname = ssh_get_progname(argv[0]);
memset(&args, '\0', sizeof(args));
args.list = NULL;
addargs(&args, "ssh"); /* overwritten with ssh_program */
addargs(&args, "%s", ssh_program);
addargs(&args, "-x");
addargs(&args, "-oForwardAgent no");
addargs(&args, "-oPermitLocalCommand no");
addargs(&args, "-oClearAllForwardings yes");
fflag = tflag = 0;
@ -336,9 +383,9 @@ main(int argc, char **argv)
if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */
toremote(targ, argc, argv);
else {
tolocal(argc, argv); /* Dest is local host. */
if (targetshouldbedirectory)
verifydir(argv[argc - 1]);
tolocal(argc, argv); /* Dest is local host. */
}
/*
* Finally check the exit status of the ssh process, if one was forked
@ -364,6 +411,10 @@ toremote(char *targ, int argc, char **argv)
{
int i, len;
char *bp, *host, *src, *suser, *thost, *tuser, *arg;
arglist alist;
memset(&alist, '\0', sizeof(alist));
alist.list = NULL;
*targ++ = 0;
if (*targ == 0)
@ -381,56 +432,48 @@ toremote(char *targ, int argc, char **argv)
tuser = NULL;
}
if (tuser != NULL && !okname(tuser)) {
xfree(arg);
return;
}
for (i = 0; i < argc - 1; i++) {
src = colon(argv[i]);
if (src) { /* remote to remote */
static char *ssh_options =
"-x -o'ClearAllForwardings yes'";
freeargs(&alist);
addargs(&alist, "%s", ssh_program);
if (verbose_mode)
addargs(&alist, "-v");
addargs(&alist, "-x");
addargs(&alist, "-oClearAllForwardings yes");
addargs(&alist, "-n");
*src++ = 0;
if (*src == 0)
src = ".";
host = strrchr(argv[i], '@');
len = strlen(ssh_program) + strlen(argv[i]) +
strlen(src) + (tuser ? strlen(tuser) : 0) +
strlen(thost) + strlen(targ) +
strlen(ssh_options) + CMDNEEDS + 20;
bp = xmalloc(len);
if (host) {
*host++ = 0;
host = cleanhostname(host);
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
else if (!okname(suser)) {
xfree(bp);
else if (!okname(suser))
continue;
}
if (tuser && !okname(tuser)) {
xfree(bp);
continue;
}
snprintf(bp, len,
"%s%s %s -n "
"-l %s %s %s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
ssh_options, suser, host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
addargs(&alist, "-l");
addargs(&alist, "%s", suser);
} else {
host = cleanhostname(argv[i]);
snprintf(bp, len,
"exec %s%s %s -n %s "
"%s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
ssh_options, host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
}
if (verbose_mode)
fprintf(stderr, "Executing: %s\n", bp);
if (system(bp) != 0)
addargs(&alist, "%s", host);
addargs(&alist, "%s", cmd);
addargs(&alist, "%s", src);
addargs(&alist, "%s%s%s:%s",
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
if (do_local_cmd(&alist) != 0)
errs = 1;
(void) xfree(bp);
} else { /* local to remote */
if (remin == -1) {
len = strlen(targ) + CMDNEEDS + 20;
@ -454,20 +497,23 @@ tolocal(int argc, char **argv)
{
int i, len;
char *bp, *host, *src, *suser;
arglist alist;
memset(&alist, '\0', sizeof(alist));
alist.list = NULL;
for (i = 0; i < argc - 1; i++) {
if (!(src = colon(argv[i]))) { /* Local to local. */
len = strlen(_PATH_CP) + strlen(argv[i]) +
strlen(argv[argc - 1]) + 20;
bp = xmalloc(len);
(void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
iamrecursive ? " -r" : "", pflag ? " -p" : "",
argv[i], argv[argc - 1]);
if (verbose_mode)
fprintf(stderr, "Executing: %s\n", bp);
if (system(bp))
freeargs(&alist);
addargs(&alist, "%s", _PATH_CP);
if (iamrecursive)
addargs(&alist, "-r");
if (pflag)
addargs(&alist, "-p");
addargs(&alist, "%s", argv[i]);
addargs(&alist, "%s", argv[argc-1]);
if (do_local_cmd(&alist))
++errs;
(void) xfree(bp);
continue;
}
*src++ = 0;
@ -560,7 +606,7 @@ syserr: run_err("%s: %s", name, strerror(errno));
#define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO)
snprintf(buf, sizeof buf, "C%04o %lld %s\n",
(u_int) (stb.st_mode & FILEMODEMASK),
(int64_t)stb.st_size, last);
(long long)stb.st_size, last);
if (verbose_mode) {
fprintf(stderr, "Sending file modes: %s", buf);
}
@ -568,7 +614,10 @@ syserr: run_err("%s: %s", name, strerror(errno));
if (response() < 0)
goto next;
if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) {
next: (void) close(fd);
next: if (fd != -1) {
(void) close(fd);
fd = -1;
}
continue;
}
if (showprogress)
@ -597,8 +646,11 @@ next: (void) close(fd);
if (showprogress)
stop_progress_meter();
if (close(fd) < 0 && !haderr)
haderr = errno;
if (fd != -1) {
if (close(fd) < 0 && !haderr)
haderr = errno;
fd = -1;
}
if (!haderr)
(void) atomicio(vwrite, remout, "", 1);
else

30
crypto/openssh/servconf.c
View File

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $");
RCSID("$OpenBSD: servconf.c,v 1.146 2005/12/08 18:34:11 reyk Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
@ -102,6 +102,7 @@ initialize_server_options(ServerOptions *options)
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
options->num_accept_env = 0;
options->permit_tun = -1;
/* Needs to be accessable in many places */
use_privsep = -1;
@ -232,6 +233,8 @@ fill_default_server_options(ServerOptions *options)
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
/* Turn privilege separation on by default */
if (use_privsep == -1)
@ -273,7 +276,7 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sUsePrivilegeSeparation,
sVersionAddendum,
sDeprecated, sUnsupported
@ -377,6 +380,7 @@ static struct {
{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
{ "useprivilegeseparation", sUsePrivilegeSeparation},
{ "acceptenv", sAcceptEnv },
{ "permittunnel", sPermitTunnel },
{ "versionaddendum", sVersionAddendum },
{ NULL, sBadOption }
};
@ -967,6 +971,28 @@ process_server_config_line(ServerOptions *options, char *line,
}
break;
case sPermitTunnel:
intptr = &options->permit_tun;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: Missing yes/point-to-point/"
"ethernet/no argument.", filename, linenum);
value = 0; /* silence compiler */
if (strcasecmp(arg, "ethernet") == 0)
value = SSH_TUNMODE_ETHERNET;
else if (strcasecmp(arg, "point-to-point") == 0)
value = SSH_TUNMODE_POINTOPOINT;
else if (strcasecmp(arg, "yes") == 0)
value = SSH_TUNMODE_YES;
else if (strcasecmp(arg, "no") == 0)
value = SSH_TUNMODE_NO;
else
fatal("%s line %d: Bad yes/point-to-point/ethernet/"
"no argument: %s", filename, linenum, arg);
if (*intptr == -1)
*intptr = value;
break;
case sVersionAddendum:
ssh_version_set_addendum(strtok(cp, "\n"));
do {

5
crypto/openssh/servconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */
/* $OpenBSD: servconf.h,v 1.72 2005/12/06 22:38:27 reyk Exp $ */
/* $FreeBSD$ */
/*
@ -134,7 +134,10 @@ typedef struct {
char *authorized_keys_file; /* File containing public keys */
char *authorized_keys_file2;
int use_pam; /* Enable auth via PAM */
int permit_tun;
} ServerOptions;
void initialize_server_options(ServerOptions *);

88
crypto/openssh/serverloop.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: serverloop.c,v 1.118 2005/07/17 07:17:55 djm Exp $");
RCSID("$OpenBSD: serverloop.c,v 1.124 2005/12/13 15:03:02 reyk Exp $");
#include "xmalloc.h"
#include "packet.h"
@ -61,6 +61,7 @@ extern ServerOptions options;
/* XXX */
extern Kex *xxx_kex;
extern Authctxt *the_authctxt;
extern int use_privsep;
static Buffer stdin_buffer; /* Buffer for stdin data. */
static Buffer stdout_buffer; /* Buffer for stdout data. */
@ -90,6 +91,9 @@ static int client_alive_timeouts = 0;
static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */
/* Cleanup on signals (!use_privsep case only) */
static volatile sig_atomic_t received_sigterm = 0;
/* prototypes */
static void server_init_dispatch(void);
@ -151,6 +155,12 @@ sigchld_handler(int sig)
errno = save_errno;
}
static void
sigterm_handler(int sig)
{
received_sigterm = sig;
}
/*
* Make packets from buffered stderr data, and buffer it for sending
* to the client.
@ -502,6 +512,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
child_terminated = 0;
mysignal(SIGCHLD, sigchld_handler);
if (!use_privsep) {
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
}
/* Initialize our global variables. */
fdin = fdin_arg;
fdout = fdout_arg;
@ -548,7 +564,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
* If we have no separate fderr (which is the case when we have a pty
* - there we cannot make difference between data sent to stdout and
* stderr), indicate that we have seen an EOF from stderr. This way
* we don\'t need to check the descriptor everywhere.
* we don't need to check the descriptor everywhere.
*/
if (fderr == -1)
fderr_eof = 1;
@ -629,6 +645,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
wait_until_can_do_something(&readset, &writeset, &max_fd,
&nalloc, max_time_milliseconds);
if (received_sigterm) {
logit("Exiting on signal %d", received_sigterm);
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
/* Process any channel events. */
channel_after_select(readset, writeset);
@ -749,6 +771,12 @@ server_loop2(Authctxt *authctxt)
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
if (!use_privsep) {
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
}
notify_setup();
max_fd = MAX(connection_in, connection_out);
@ -766,6 +794,12 @@ server_loop2(Authctxt *authctxt)
wait_until_can_do_something(&readset, &writeset, &max_fd,
&nalloc, 0);
if (received_sigterm) {
logit("Exiting on signal %d", received_sigterm);
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
collect_children();
if (!rekeying) {
channel_after_select(readset, writeset);
@ -879,6 +913,52 @@ server_request_direct_tcpip(void)
return c;
}
static Channel *
server_request_tun(void)
{
Channel *c = NULL;
int mode, tun;
int sock;
mode = packet_get_int();
switch (mode) {
case SSH_TUNMODE_POINTOPOINT:
case SSH_TUNMODE_ETHERNET:
break;
default:
packet_send_debug("Unsupported tunnel device mode.");
return NULL;
}
if ((options.permit_tun & mode) == 0) {
packet_send_debug("Server has rejected tunnel device "
"forwarding");
return NULL;
}
tun = packet_get_int();
if (forced_tun_device != -1) {
if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
goto done;
tun = forced_tun_device;
}
sock = tun_open(tun, mode);
if (sock < 0)
goto done;
c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
sys_tun_outfilter);
#endif
done:
if (c == NULL)
packet_send_debug("Failed to open the tunnel device.");
return c;
}
static Channel *
server_request_session(void)
{
@ -900,7 +980,7 @@ server_request_session(void)
channel_free(c);
return NULL;
}
channel_register_cleanup(c->self, session_close_by_channel);
channel_register_cleanup(c->self, session_close_by_channel, 0);
return c;
}
@ -924,6 +1004,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
c = server_request_session();
} else if (strcmp(ctype, "direct-tcpip") == 0) {
c = server_request_direct_tcpip();
} else if (strcmp(ctype, "tun@openssh.com") == 0) {
c = server_request_tun();
}
if (c != NULL) {
debug("server_input_channel_open: confirm %s", ctype);

58
crypto/openssh/session.c
View File

@ -33,7 +33,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $");
RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
@ -210,15 +210,6 @@ do_authenticated(Authctxt *authctxt)
{
setproctitle("%s", authctxt->pw->pw_name);
/*
* Cancel the alarm we set to limit the time taken for
* authentication.
*/
alarm(0);
if (startup_pipe != -1) {
close(startup_pipe);
startup_pipe = -1;
}
/* setup the channel layer */
if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
channel_permit_all_opens();
@ -1450,7 +1441,7 @@ child_close_fds(void)
endpwent();
/*
* Close any extra open file descriptors so that we don\'t have them
* Close any extra open file descriptors so that we don't have them
* hanging around in clients. Note that we want to do this after
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
@ -1505,7 +1496,9 @@ do_child(Session *s, const char *command)
if (!check_quietlogin(s, command))
do_motd();
#else /* HAVE_OSF_SIA */
do_nologin(pw);
/* When PAM is enabled we rely on it to do the nologin check */
if (!options.use_pam)
do_nologin(pw);
do_setusercontext(pw);
/*
* PAM session modules in do_setusercontext may have
@ -1590,7 +1583,7 @@ do_child(Session *s, const char *command)
}
#endif
/* Change current directory to the user\'s home directory. */
/* Change current directory to the user's home directory. */
if (chdir(pw->pw_dir) < 0) {
fprintf(stderr, "Could not chdir to home directory %s: %s\n",
pw->pw_dir, strerror(errno));
@ -1905,7 +1898,7 @@ session_x11_req(Session *s)
if (s->auth_proto != NULL || s->auth_data != NULL) {
error("session_x11_req: session %d: "
"x11 fowarding already active", s->self);
"x11 forwarding already active", s->self);
return 0;
}
s->single_connection = packet_get_char();
@ -2137,7 +2130,7 @@ session_close_x11(int id)
{
Channel *c;
if ((c = channel_lookup(id)) == NULL) {
if ((c = channel_by_id(id)) == NULL) {
debug("session_close_x11: x11 channel %d missing", id);
} else {
/* Detach X11 listener */
@ -2192,7 +2185,6 @@ static void
session_exit_message(Session *s, int status)
{
Channel *c;
u_int i;
if ((c = channel_lookup(s->chanid)) == NULL)
fatal("session_exit_message: session %d: no channel %d",
@ -2222,7 +2214,15 @@ session_exit_message(Session *s, int status)
/* disconnect channel */
debug("session_exit_message: release channel %d", s->chanid);
channel_cancel_cleanup(s->chanid);
s->pid = 0;
/*
* Adjust cleanup callback attachment to send close messages when
* the channel gets EOF. The session will be then be closed
* by session_close_by_channel when the childs close their fds.
*/
channel_register_cleanup(c->self, session_close_by_channel, 1);
/*
* emulate a write failure with 'chan_write_failed', nobody will be
* interested in data we write.
@ -2231,15 +2231,6 @@ session_exit_message(Session *s, int status)
*/
if (c->ostate != CHAN_OUTPUT_CLOSED)
chan_write_failed(c);
s->chanid = -1;
/* Close any X11 listeners associated with this session */
if (s->x11_chanids != NULL) {
for (i = 0; s->x11_chanids[i] != -1; i++) {
session_close_x11(s->x11_chanids[i]);
s->x11_chanids[i] = -1;
}
}
}
void
@ -2283,7 +2274,8 @@ session_close_by_pid(pid_t pid, int status)
}
if (s->chanid != -1)
session_exit_message(s, status);
session_close(s);
if (s->ttyfd != -1)
session_pty_cleanup(s);
}
/*
@ -2294,6 +2286,7 @@ void
session_close_by_channel(int id, void *arg)
{
Session *s = session_by_channel(id);
u_int i;
if (s == NULL) {
debug("session_close_by_channel: no session for id %d", id);
@ -2313,6 +2306,15 @@ session_close_by_channel(int id, void *arg)
}
/* detach by removing callback */
channel_cancel_cleanup(s->chanid);
/* Close any X11 listeners associated with this session */
if (s->x11_chanids != NULL) {
for (i = 0; s->x11_chanids[i] != -1; i++) {
session_close_x11(s->x11_chanids[i]);
s->x11_chanids[i] = -1;
}
}
s->chanid = -1;
session_close(s);
}
@ -2407,7 +2409,7 @@ session_setup_x11fwd(Session *s)
}
for (i = 0; s->x11_chanids[i] != -1; i++) {
channel_register_cleanup(s->x11_chanids[i],
session_close_single_x11);
session_close_single_x11, 0);
}
/* Set up a suitable value for the DISPLAY variable. */

8
crypto/openssh/ssh-add.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $");
RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $");
#include <openssl/evp.h>
@ -312,6 +312,9 @@ main(int argc, char **argv)
char *sc_reader_id = NULL;
int i, ch, deleting = 0, ret = 0;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
__progname = ssh_get_progname(argv[0]);
init_rng();
seed_rng();
@ -321,7 +324,8 @@ main(int argc, char **argv)
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
if (ac == NULL) {
fprintf(stderr, "Could not open a connection to your authentication agent.\n");
fprintf(stderr,
"Could not open a connection to your authentication agent.\n");
exit(2);
}
while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {

7
crypto/openssh/ssh-agent.c
View File

@ -35,7 +35,7 @@
#include "includes.h"
#include "openbsd-compat/sys-queue.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $");
RCSID("$OpenBSD: ssh-agent.c,v 1.124 2005/10/30 08:52:18 djm Exp $");
RCSID("$FreeBSD$");
#include <openssl/evp.h>
@ -356,7 +356,7 @@ process_remove_identity(SocketEntry *e, int version)
if (id != NULL) {
/*
* We have this key. Free the old key. Since we
* don\'t want to leave empty slots in the middle of
* don't want to leave empty slots in the middle of
* the array, we actually free the key there and move
* all the entries between the empty slot and the end
* of the array.
@ -1009,6 +1009,9 @@ main(int ac, char **av)
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
/* drop */
setegid(getgid());
setgid(getgid());

23
crypto/openssh/ssh-keyscan.c
View File

@ -7,7 +7,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
RCSID("$OpenBSD: ssh-keyscan.c,v 1.57 2005/10/30 04:01:03 djm Exp $");
#include "openbsd-compat/sys-queue.h"
@ -499,12 +499,18 @@ congreet(int s)
size_t bufsiz;
con *c = &fdcon[s];
bufsiz = sizeof(buf);
cp = buf;
while (bufsiz-- && (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
if (*cp == '\r')
*cp = '\n';
cp++;
for (;;) {
memset(buf, '\0', sizeof(buf));
bufsiz = sizeof(buf);
cp = buf;
while (bufsiz-- &&
(n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
if (*cp == '\r')
*cp = '\n';
cp++;
}
if (n != 1 || strncmp(buf, "SSH-", 4) == 0)
break;
}
if (n == 0) {
switch (errno) {
@ -712,6 +718,9 @@ main(int argc, char **argv)
seed_rng();
TAILQ_INIT(&tq);
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
if (argc <= 1)
usage();

1718
crypto/openssh/ssh.1
View File

File diff suppressed because it is too large Load Diff

89
crypto/openssh/ssh.c
View File

@ -40,7 +40,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $");
RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $");
RCSID("$FreeBSD$");
#include <openssl/evp.h>
@ -159,13 +159,13 @@ usage(void)
{
fprintf(stderr,
"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
" [-D port] [-e escape_char] [-F configfile]\n"
" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
" [user@]hostname [command]\n"
" [-w tunnel:tunnel] [user@]hostname [command]\n"
);
exit(1);
exit(255);
}
static int ssh_session(void);
@ -189,6 +189,9 @@ main(int ac, char **av)
struct servent *sp;
Forward fwd;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
__progname = ssh_get_progname(av[0]);
init_rng();
@ -221,7 +224,7 @@ main(int ac, char **av)
pw = getpwuid(original_real_uid);
if (!pw) {
logit("You don't exist, go away!");
exit(1);
exit(255);
}
/* Take a copy of the returned structure. */
pw = pwcopy(pw);
@ -242,7 +245,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av,
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) {
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
@ -338,6 +341,15 @@ main(int ac, char **av)
if (opt == 'V')
exit(0);
break;
case 'w':
if (options.tun_open == -1)
options.tun_open = SSH_TUNMODE_DEFAULT;
options.tun_local = a2tun(optarg, &options.tun_remote);
if (options.tun_local == SSH_TUNID_ERR) {
fprintf(stderr, "Bad tun device '%s'\n", optarg);
exit(255);
}
break;
case 'q':
options.log_level = SYSLOG_LEVEL_QUIET;
break;
@ -353,7 +365,7 @@ main(int ac, char **av)
else {
fprintf(stderr, "Bad escape character '%s'.\n",
optarg);
exit(1);
exit(255);
}
break;
case 'c':
@ -368,7 +380,7 @@ main(int ac, char **av)
fprintf(stderr,
"Unknown cipher type '%s'\n",
optarg);
exit(1);
exit(255);
}
if (options.cipher == SSH_CIPHER_3DES)
options.ciphers = "3des-cbc";
@ -384,7 +396,7 @@ main(int ac, char **av)
else {
fprintf(stderr, "Unknown mac type '%s'\n",
optarg);
exit(1);
exit(255);
}
break;
case 'M':
@ -397,7 +409,7 @@ main(int ac, char **av)
options.port = a2port(optarg);
if (options.port == 0) {
fprintf(stderr, "Bad port '%s'\n", optarg);
exit(1);
exit(255);
}
break;
case 'l':
@ -411,7 +423,7 @@ main(int ac, char **av)
fprintf(stderr,
"Bad local forwarding specification '%s'\n",
optarg);
exit(1);
exit(255);
}
break;
@ -422,7 +434,7 @@ main(int ac, char **av)
fprintf(stderr,
"Bad remote forwarding specification "
"'%s'\n", optarg);
exit(1);
exit(255);
}
break;
@ -433,7 +445,7 @@ main(int ac, char **av)
if ((fwd.listen_host = hpdelim(&cp)) == NULL) {
fprintf(stderr, "Bad dynamic forwarding "
"specification '%.100s'\n", optarg);
exit(1);
exit(255);
}
if (cp != NULL) {
fwd.listen_port = a2port(cp);
@ -446,7 +458,7 @@ main(int ac, char **av)
if (fwd.listen_port == 0) {
fprintf(stderr, "Bad dynamic port '%s'\n",
optarg);
exit(1);
exit(255);
}
add_local_forward(&options, &fwd);
xfree(p);
@ -467,7 +479,7 @@ main(int ac, char **av)
line = xstrdup(optarg);
if (process_config_line(&options, host ? host : "",
line, "command-line", 0, &dummy) != 0)
exit(1);
exit(255);
xfree(line);
break;
case 's':
@ -660,7 +672,7 @@ main(int ac, char **av)
original_effective_uid == 0 && options.use_privileged_port,
#endif
options.proxy_command) != 0)
exit(1);
exit(255);
/*
* If we successfully made the connection, load the host private key
@ -713,7 +725,7 @@ main(int ac, char **av)
/*
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn\'t already exist.
* directory if it doesn't already exist.
*/
snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (stat(buf, &st) < 0)
@ -809,8 +821,7 @@ ssh_init_forwarding(void)
debug("Remote connections from %.200s:%d forwarded to "
"local address %.200s:%d",
(options.remote_forwards[i].listen_host == NULL) ?
(options.gateway_ports ? "*" : "LOCALHOST") :
options.remote_forwards[i].listen_host,
"LOCALHOST" : options.remote_forwards[i].listen_host,
options.remote_forwards[i].listen_port,
options.remote_forwards[i].connect_host,
options.remote_forwards[i].connect_port);
@ -826,7 +837,7 @@ static void
check_agent_present(void)
{
if (options.forward_agent) {
/* Clear agent forwarding if we don\'t have an agent. */
/* Clear agent forwarding if we don't have an agent. */
if (!ssh_agent_present())
options.forward_agent = 0;
}
@ -1028,7 +1039,7 @@ ssh_control_listener(void)
fatal("ControlPath too long");
if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
fatal("%s socket(): %s\n", __func__, strerror(errno));
fatal("%s socket(): %s", __func__, strerror(errno));
old_umask = umask(0177);
if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {
@ -1037,12 +1048,12 @@ ssh_control_listener(void)
fatal("ControlSocket %s already exists",
options.control_path);
else
fatal("%s bind(): %s\n", __func__, strerror(errno));
fatal("%s bind(): %s", __func__, strerror(errno));
}
umask(old_umask);
if (listen(control_fd, 64) == -1)
fatal("%s listen(): %s\n", __func__, strerror(errno));
fatal("%s listen(): %s", __func__, strerror(errno));
set_nonblock(control_fd);
}
@ -1075,6 +1086,33 @@ ssh_session2_setup(int id, void *arg)
packet_send();
}
if (options.tun_open != SSH_TUNMODE_NO) {
Channel *c;
int fd;
debug("Requesting tun.");
if ((fd = tun_open(options.tun_local,
options.tun_open)) >= 0) {
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, "tun", 1);
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
sys_tun_outfilter);
#endif
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("tun@openssh.com");
packet_put_int(c->self);
packet_put_int(c->local_window_max);
packet_put_int(c->local_maxpacket);
packet_put_int(options.tun_open);
packet_put_int(options.tun_remote);
packet_send();
}
}
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply);
@ -1139,6 +1177,11 @@ ssh_session2(void)
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
id = ssh_session2_open();
/* Execute a local command */
if (options.local_command != NULL &&
options.permit_local_command)
ssh_local_cmd(options.local_command);
/* If requested, let ssh continue in the background. */
if (fork_after_authentication_flag)
if (daemon(1, 1) < 0)

7
crypto/openssh/ssh_config
View File

@ -1,4 +1,4 @@
# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $
# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $
# $FreeBSD$
# This is the ssh client system-wide configuration file. See
@ -38,4 +38,7 @@
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# VersionAddendum FreeBSD-20050903
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VersionAddendum FreeBSD-20060322

155
crypto/openssh/ssh_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.61 2005/07/08 12:53:10 jmc Exp $
.\" $OpenBSD: ssh_config.5,v 1.76 2006/01/20 11:21:45 jmc Exp $
.\" $FreeBSD$
.Dd September 25, 1999
.Dt SSH_CONFIG 5
@ -264,8 +264,10 @@ with
set to
.Dq no
(the default).
These sessions will reuse the master instance's network connection rather
than initiating new ones.
These sessions will try to reuse the master instance's network connection
rather than initiating new ones, but will fall back to connecting normally
if the control socket does not exist, or is not listening.
.Pp
Setting this to
.Dq ask
will cause
@ -284,7 +286,7 @@ will continue without connecting to a master instance.
X11 and
.Xr ssh-agent 1
forwarding is supported over these multiplexed connections, however the
display and agent fowarded will be the one belonging to the master
display and agent forwarded will be the one belonging to the master
connection i.e. it is not possible to forward multiple displays or agents.
.Pp
Two additional options allow for opportunistic multiplexing: try to use a
@ -317,11 +319,33 @@ used for opportunistic connection sharing include
all three of these escape sequences.
This ensures that shared connections are uniquely identified.
.It Cm DynamicForward
Specifies that a TCP/IP port on the local machine be forwarded
Specifies that a TCP port on the local machine be forwarded
over the secure channel, and the application
protocol is then used to determine where to connect to from the
remote machine.
The argument must be a port number.
.Pp
The argument must be
.Sm off
.Oo Ar bind_address : Oc Ar port .
.Sm on
IPv6 addresses can be specified by enclosing addresses in square brackets or
by using an alternative syntax:
.Oo Ar bind_address Ns / Oc Ns Ar port .
By default, the local port is bound in accordance with the
.Cm GatewayPorts
setting.
However, an explicit
.Ar bind_address
may be used to bind the connection to a specific address.
The
.Ar bind_address
of
.Dq localhost
indicates that the listening port be bound for local use only, while an
empty address or
.Sq *
indicates that the port should be available from all interfaces.
.Pp
Currently the SOCKS4 and SOCKS5 protocols are supported, and
.Nm ssh
will act as a SOCKS server.
@ -494,6 +518,24 @@ Default is the name given on the command line.
Numeric IP addresses are also permitted (both on the command line and in
.Cm HostName
specifications).
.It Cm IdentitiesOnly
Specifies that
.Nm ssh
should only use the authentication identity files configured in the
.Nm
files,
even if the
.Nm ssh-agent
offers more identities.
The argument to this keyword must be
.Dq yes
or
.Dq no .
This option is intended for situations where
.Nm ssh-agent
offers many different identities.
The default is
.Dq no .
.It Cm IdentityFile
Specifies a file from which the user's RSA or DSA authentication identity
is read.
@ -511,30 +553,20 @@ syntax to refer to a user's home directory.
It is possible to have
multiple identity files specified in configuration files; all these
identities will be tried in sequence.
.It Cm IdentitiesOnly
Specifies that
.Nm ssh
should only use the authentication identity files configured in the
.Nm
files,
even if the
.Nm ssh-agent
offers more identities.
The argument to this keyword must be
.Dq yes
or
.Dq no .
This option is intented for situations where
.Nm ssh-agent
offers many different identities.
The default is
.Dq no .
.It Cm KbdInteractiveDevices
Specifies the list of methods to use in keyboard-interactive authentication.
Multiple method names must be comma-separated.
The default is to use the server specified list.
.It Cm LocalCommand
Specifies a command to execute on the local machine after successfully
connecting to the server.
The command string extends to the end of the line, and is executed with
.Pa /bin/sh .
This directive is ignored unless
.Cm PermitLocalCommand
has been enabled.
.It Cm LocalForward
Specifies that a TCP/IP port on the local machine be forwarded over
Specifies that a TCP port on the local machine be forwarded over
the secure channel to the specified host and port from the remote machine.
The first argument must be
.Sm off
@ -602,6 +634,19 @@ or
.Dq no .
The default is
.Dq yes .
.It Cm PermitLocalCommand
Allow local command execution via the
.Ic LocalCommand
option or using the
.Ic !\& Ns Ar command
escape sequence in
.Xr ssh 1 .
The argument must be
.Dq yes
or
.Dq no .
The default is
.Dq no .
.It Cm Port
Specifies the port number to connect on the remote host.
Default is 22.
@ -674,8 +719,23 @@ or
The default is
.Dq yes .
This option applies to protocol version 2 only.
.It Cm RekeyLimit
Specifies the maximum amount of data that may be transmitted before the
session key is renegotiated.
The argument is the number of bytes, with an optional suffix of
.Sq K ,
.Sq M ,
or
.Sq G
to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
The default is between
.Dq 1G
and
.Dq 4G ,
depending on the cipher.
This option applies to protocol version 2 only.
.It Cm RemoteForward
Specifies that a TCP/IP port on the remote machine be forwarded over
Specifies that a TCP port on the remote machine be forwarded over
the secure channel to the specified host and port from the local machine.
The first argument must be
.Sm off
@ -752,17 +812,8 @@ across multiple
.Cm SendEnv
directives.
The default is not to send any environment variables.
.It Cm ServerAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the server,
.Nm ssh
will send a message through the encrypted
channel to request a response from the server.
The default
is 0, indicating that these messages will not be sent to the server.
This option applies to protocol version 2 only.
.It Cm ServerAliveCountMax
Sets the number of server alive messages (see above) which may be
Sets the number of server alive messages (see below) which may be
sent without
.Nm ssh
receiving any messages back from the server.
@ -784,10 +835,19 @@ server depend on knowing when a connection has become inactive.
The default value is 3.
If, for example,
.Cm ServerAliveInterval
(above) is set to 15, and
(see below) is set to 15, and
.Cm ServerAliveCountMax
is left at the default, if the server becomes unresponsive ssh
will disconnect after approximately 45 seconds.
.It Cm ServerAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the server,
.Nm ssh
will send a message through the encrypted
channel to request a response from the server.
The default
is 0, indicating that these messages will not be sent to the server.
This option applies to protocol version 2 only.
.It Cm SmartcardDevice
Specifies which smartcard device to use.
The argument to this keyword is the device
@ -847,6 +907,25 @@ This is important in scripts, and many users want it too.
.Pp
To disable TCP keepalive messages, the value should be set to
.Dq no .
.It Cm Tunnel
Request starting
.Xr tun 4
device forwarding between the client and the server.
This option also allows requesting layer 2 (ethernet)
instead of layer 3 (point-to-point) tunneling from the server.
The argument must be
.Dq yes ,
.Dq point-to-point ,
.Dq ethernet
or
.Dq no .
The default is
.Dq no .
.It Cm TunnelDevice
Force a specified
.Xr tun 4
device on the client.
Without this option, the next available device will be used.
.It Cm UsePrivilegedPort
Specifies whether to use a privileged port for outgoing connections.
The argument must be
@ -900,7 +979,7 @@ Note that this option applies to protocol version 2 only.
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
.Dq FreeBSD-20050903 .
.Dq FreeBSD-20060322 .
.It Cm XAuthLocation
Specifies the full pathname of the
.Xr xauth 1

43
crypto/openssh/sshconnect.c
View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
#include <openssl/bn.h>
@ -31,13 +31,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $");
#include "readconf.h"
#include "atomicio.h"
#include "misc.h"
#include "dns.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
int matching_host_key_dns = 0;
static int matching_host_key_dns = 0;
/* import */
extern Options options;
@ -604,7 +603,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
file_key = key_new(host_key->type);
/*
* Check if the host key is present in the user\'s list of known
* Check if the host key is present in the user's list of known
* hosts or in the systemwide list.
*/
host_file = user_hostfile;
@ -1035,3 +1034,39 @@ warn_changed_key(Key *host_key)
xfree(fp);
}
/*
* Execute a local command
*/
int
ssh_local_cmd(const char *args)
{
char *shell;
pid_t pid;
int status;
if (!options.permit_local_command ||
args == NULL || !*args)
return (1);
if ((shell = getenv("SHELL")) == NULL)
shell = _PATH_BSHELL;
pid = fork();
if (pid == 0) {
debug3("Executing %s -c \"%s\"", shell, args);
execl(shell, shell, "-c", args, (char *)NULL);
error("Couldn't execute %s -c \"%s\": %s",
shell, args, strerror(errno));
_exit(1);
} else if (pid == -1)
fatal("fork failed: %.100s", strerror(errno));
while (waitpid(pid, &status, 0) == -1)
if (errno != EINTR)
fatal("Couldn't wait for child: %s", strerror(errno));
if (!WIFEXITED(status))
return (1);
return (WEXITSTATUS(status));
}

4
crypto/openssh/sshconnect.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.h,v 1.17 2002/06/19 00:27:55 deraadt Exp $ */
/* $OpenBSD: sshconnect.h,v 1.18 2005/12/06 22:38:28 reyk Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -49,7 +49,7 @@ void ssh_userauth1(const char *, const char *, char *, Sensitive *);
void ssh_userauth2(const char *, const char *, char *, Sensitive *);
void ssh_put_password(char *);
int ssh_local_cmd(const char *);
/*
* Macros to raise/lower permissions.

8
crypto/openssh/sshconnect1.c
View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $");
RCSID("$OpenBSD: sshconnect1.c,v 1.62 2005/10/30 08:52:18 djm Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@ -84,7 +84,7 @@ try_agent_authentication(void)
/* Wait for server's response. */
type = packet_read();
/* The server sends failure if it doesn\'t like our key or
/* The server sends failure if it doesn't like our key or
does not support RSA authentication. */
if (type == SSH_SMSG_FAILURE) {
debug("Server refused our key.");
@ -215,8 +215,8 @@ try_rsa_authentication(int idx)
type = packet_read();
/*
* The server responds with failure if it doesn\'t like our key or
* doesn\'t support RSA authentication.
* The server responds with failure if it doesn't like our key or
* doesn't support RSA authentication.
*/
if (type == SSH_SMSG_FAILURE) {
debug("Server refused our key.");

4
crypto/openssh/sshconnect2.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.142 2005/08/30 22:08:05 djm Exp $");
RCSID("$OpenBSD: sshconnect2.c,v 1.143 2005/10/14 02:17:59 stevesk Exp $");
#include "openbsd-compat/sys-queue.h"
@ -702,7 +702,7 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
packet_check_eom();
debug("Server GSSAPI Error:\n%s\n", msg);
debug("Server GSSAPI Error:\n%s", msg);
xfree(msg);
xfree(lang);
}

255
crypto/openssh/sshd.8
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $
.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $
.\" $FreeBSD$
.Dd September 25, 1999
.Dt SSHD 8
@ -57,16 +57,14 @@
.Ek
.Sh DESCRIPTION
.Nm
(SSH Daemon) is the daemon program for
(OpenSSH Daemon) is the daemon program for
.Xr ssh 1 .
Together these programs replace rlogin and rsh, and
provide secure encrypted communications between two untrusted hosts
over an insecure network.
The programs are intended to be as easy to
install and use as possible.
.Pp
.Nm
is the daemon that listens for connections from clients.
listens for connections from clients.
It is normally started at boot from
.Pa /etc/rc.d/sshd .
It forks a new
@ -74,119 +72,13 @@ daemon for each incoming connection.
The forked daemons handle
key exchange, encryption, authentication, command execution,
and data exchange.
This implementation of
.Nm
supports both SSH protocol version 1 and 2 simultaneously.
.Nm
works as follows:
.Ss SSH protocol version 1
Each host has a host-specific RSA key
(normally 2048 bits) used to identify the host.
Additionally, when
the daemon starts, it generates a server RSA key (normally 768 bits).
This key is normally regenerated every hour if it has been used, and
is never stored on disk.
.Pp
Whenever a client connects, the daemon responds with its public
host and server keys.
The client compares the
RSA host key against its own database to verify that it has not changed.
The client then generates a 256-bit random number.
It encrypts this
random number using both the host key and the server key, and sends
the encrypted number to the server.
Both sides then use this
random number as a session key which is used to encrypt all further
communications in the session.
The rest of the session is encrypted
using a conventional cipher, currently Blowfish or 3DES, with 3DES
being used by default.
The client selects the encryption algorithm
to use from those offered by the server.
.Pp
Next, the server and the client enter an authentication dialog.
The client tries to authenticate itself using
.Em .rhosts
authentication combined with RSA host
authentication, RSA challenge-response authentication, or password
based authentication.
.Pp
Regardless of the authentication type, the account is checked to
ensure that it is accessible. An account is not accessible if it is
locked, listed in
.Cm DenyUsers
or its group is listed in
.Cm DenyGroups
\&. The definition of a locked account is system dependant. Some platforms
have their own account database (eg AIX) and some modify the passwd field (
.Ql \&*LK\&*
on Solaris,
.Ql \&*
on HP-UX, containing
.Ql Nologin
on Tru64 and a leading
.Ql \&!!
on Linux). If there is a requirement to disable password authentication
for the account while allowing still public-key, then the passwd field
should be set to something other than these values (eg
.Ql NP
or
.Ql \&*NP\&*
).
.Pp
.Nm rshd ,
.Nm rlogind ,
and
.Nm rexecd
are disabled (thus completely disabling
.Xr rlogin
and
.Xr rsh
into the machine).
.Ss SSH protocol version 2
Version 2 works similarly:
Each host has a host-specific key (RSA or DSA) used to identify the host.
However, when the daemon starts, it does not generate a server key.
Forward security is provided through a Diffie-Hellman key agreement.
This key agreement results in a shared session key.
.Pp
The rest of the session is encrypted using a symmetric cipher, currently
128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
The client selects the encryption algorithm
to use from those offered by the server.
Additionally, session integrity is provided
through a cryptographic message authentication code
(hmac-sha1 or hmac-md5).
.Pp
Protocol version 2 provides a public key based
user (PubkeyAuthentication) or
client host (HostbasedAuthentication) authentication method,
conventional password authentication and challenge response based methods.
.Ss Command execution and data forwarding
If the client successfully authenticates itself, a dialog for
preparing the session is entered.
At this time the client may request
things like allocating a pseudo-tty, forwarding X11 connections,
forwarding TCP/IP connections, or forwarding the authentication agent
connection over the secure channel.
.Pp
Finally, the client either requests a shell or execution of a command.
The sides then enter session mode.
In this mode, either side may send
data at any time, and such data is forwarded to/from the shell or
command on the server side, and the user terminal in the client side.
.Pp
When the user program terminates and all forwarded X11 and other
connections have been closed, the server sends command exit status to
the client, and both sides exit.
.Pp
.Nm
can be configured using command-line options or a configuration file
(by default
.Xr sshd_config 5 ) .
Command-line options override values specified in the
.Xr sshd_config 5 ) ;
command-line options override values specified in the
configuration file.
.Pp
.Nm
rereads its configuration file when it receives a hangup signal,
.Dv SIGHUP ,
@ -284,8 +176,12 @@ For full details of the options, and their values, see
Specifies the port on which the server listens for connections
(default 22).
Multiple port options are permitted.
Ports specified in the configuration file are ignored when a
command-line port is specified.
Ports specified in the configuration file with the
.Cm Port
option are ignored when a command-line port is specified.
Ports specified using the
.Cm ListenAddress
option override command-line ports.
.It Fl q
Quiet mode.
Nothing is sent to the system log.
@ -320,7 +216,7 @@ from making DNS requests unless the authentication
mechanism or configuration requires it.
Authentication mechanisms that may require DNS include
.Cm RhostsRSAAuthentication ,
.Cm HostbasedAuthentication
.Cm HostbasedAuthentication ,
and using a
.Cm from="pattern-list"
option in a key file.
@ -330,15 +226,114 @@ USER@HOST pattern in
or
.Cm DenyUsers .
.El
.Sh CONFIGURATION FILE
.Nm
reads configuration data from
.Pa /etc/ssh/sshd_config
(or the file specified with
.Fl f
on the command line).
The file format and configuration options are described in
.Sh AUTHENTICATION
The OpenSSH SSH daemon supports SSH protocols 1 and 2.
Both protocols are supported by default,
though this can be changed via the
.Cm Protocol
option in
.Xr sshd_config 5 .
Protocol 2 supports both RSA and DSA keys;
protocol 1 only supports RSA keys.
For both protocols,
each host has a host-specific key,
normally 2048 bits,
used to identify the host.
.Pp
Forward security for protocol 1 is provided through
an additional server key,
normally 768 bits,
generated when the server starts.
This key is normally regenerated every hour if it has been used, and
is never stored on disk.
Whenever a client connects, the daemon responds with its public
host and server keys.
The client compares the
RSA host key against its own database to verify that it has not changed.
The client then generates a 256-bit random number.
It encrypts this
random number using both the host key and the server key, and sends
the encrypted number to the server.
Both sides then use this
random number as a session key which is used to encrypt all further
communications in the session.
The rest of the session is encrypted
using a conventional cipher, currently Blowfish or 3DES, with 3DES
being used by default.
The client selects the encryption algorithm
to use from those offered by the server.
.Pp
For protocol 2,
forward security is provided through a Diffie-Hellman key agreement.
This key agreement results in a shared session key.
The rest of the session is encrypted using a symmetric cipher, currently
128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
The client selects the encryption algorithm
to use from those offered by the server.
Additionally, session integrity is provided
through a cryptographic message authentication code
(hmac-sha1 or hmac-md5).
.Pp
Finally, the server and the client enter an authentication dialog.
The client tries to authenticate itself using
host-based authentication,
public key authentication,
challenge-response authentication,
or password authentication.
.Pp
Regardless of the authentication type, the account is checked to
ensure that it is accessible. An account is not accessible if it is
locked, listed in
.Cm DenyUsers
or its group is listed in
.Cm DenyGroups
\&. The definition of a locked account is system dependant. Some platforms
have their own account database (eg AIX) and some modify the passwd field (
.Ql \&*LK\&*
on Solaris and UnixWare,
.Ql \&*
on HP-UX, containing
.Ql Nologin
on Tru64,
a leading
.Ql \&*LOCKED\&*
on FreeBSD and a leading
.Ql \&!!
on Linux). If there is a requirement to disable password authentication
for the account while allowing still public-key, then the passwd field
should be set to something other than these values (eg
.Ql NP
or
.Ql \&*NP\&*
).
.Pp
System security is not improved unless
.Nm rshd ,
.Nm rlogind ,
and
.Nm rexecd
are disabled (thus completely disabling
.Xr rlogin
and
.Xr rsh
into the machine).
.Sh COMMAND EXECUTION AND DATA FORWARDING
If the client successfully authenticates itself, a dialog for
preparing the session is entered.
At this time the client may request
things like allocating a pseudo-tty, forwarding X11 connections,
forwarding TCP connections, or forwarding the authentication agent
connection over the secure channel.
.Pp
Finally, the client either requests a shell or execution of a command.
The sides then enter session mode.
In this mode, either side may send
data at any time, and such data is forwarded to/from the shell or
command on the server side, and the user terminal in the client side.
.Pp
When the user program terminates and all forwarded X11 and other
connections have been closed, the server sends command exit status to
the client, and both sides exit.
.Sh LOGIN PROCESS
When a user successfully logs in,
.Nm
@ -474,7 +469,7 @@ A quote may be included in the command by quoting it with a backslash.
This option might be useful
to restrict certain public keys to perform just a specific operation.
An example might be a key that permits remote backups but nothing else.
Note that the client may specify TCP/IP and/or X11
Note that the client may specify TCP and/or X11
forwarding unless they are explicitly prohibited.
Note that this option applies to shell, command or subsystem execution.
.It Cm environment="NAME=value"
@ -491,7 +486,7 @@ This option is automatically disabled if
.Cm UseLogin
is enabled.
.It Cm no-port-forwarding
Forbids TCP/IP forwarding when this key is used for authentication.
Forbids TCP forwarding when this key is used for authentication.
Any port forward requests by the client will return an error.
This might be used, e.g., in connection with the
.Cm command
@ -516,6 +511,12 @@ Multiple
options may be applied separated by commas.
No pattern matching is performed on the specified hostnames,
they must be literal domains or addresses.
.It Cm tunnel="n"
Force a
.Xr tun 4
device on the server.
Without this option, the next available device will be used if
the client requests a tunnel.
.El
.Ss Examples
1024 33 12121...312314325 ylo@foo.bar
@ -525,6 +526,8 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
.Pp
permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
.Pp
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org
.Sh SSH_KNOWN_HOSTS FILE FORMAT
The
.Pa /etc/ssh/ssh_known_hosts

52
crypto/openssh/sshd.c
View File

@ -42,7 +42,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
RCSID("$FreeBSD$");
#include <openssl/dh.h>
@ -641,16 +641,8 @@ privsep_postauth(Authctxt *authctxt)
if (authctxt->pw->pw_uid == 0 || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
return;
}
/* Authentication complete */
alarm(0);
if (startup_pipe != -1) {
close(startup_pipe);
startup_pipe = -1;
goto skip;
}
/* New socket pair */
@ -677,6 +669,7 @@ privsep_postauth(Authctxt *authctxt)
/* Drop privileges */
do_setusercontext(authctxt->pw);
skip:
/* It is safe now to apply the key state */
monitor_apply_keystate(pmonitor);
@ -808,6 +801,7 @@ send_rexec_state(int fd, Buffer *conf)
* bignum iqmp "
* bignum p "
* bignum q "
* string rngseed (only if OpenSSL is not self-seeded)
*/
buffer_init(&m);
buffer_put_cstring(&m, buffer_ptr(conf));
@ -824,6 +818,10 @@ send_rexec_state(int fd, Buffer *conf)
} else
buffer_put_int(&m, 0);
#ifndef OPENSSL_PRNG_ONLY
rexec_send_rng_seed(&m);
#endif
if (ssh_msg_send(fd, 0, &m) == -1)
fatal("%s: ssh_msg_send failed", __func__);
@ -866,6 +864,11 @@ recv_rexec_state(int fd, Buffer *conf)
rsa_generate_additional_parameters(
sensitive_data.server_key->rsa);
}
#ifndef OPENSSL_PRNG_ONLY
rexec_recv_rng_seed(&m);
#endif
buffer_free(&m);
debug3("%s: done", __func__);
@ -922,6 +925,9 @@ main(int ac, char **av)
if (geteuid() == 0 && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
@ -1059,8 +1065,6 @@ main(int ac, char **av)
drop_cray_privs();
#endif
seed_rng();
sensitive_data.server_key = NULL;
sensitive_data.ssh1_host_key = NULL;
sensitive_data.have_ssh1_key = 0;
@ -1079,6 +1083,8 @@ main(int ac, char **av)
if (!rexec_flag)
buffer_free(&cfg);
seed_rng();
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
@ -1669,7 +1675,12 @@ main(int ac, char **av)
debug("get_remote_port failed");
cleanup_exit(255);
}
remote_ip = get_remote_ipaddr();
/*
* We use get_canonical_hostname with usedns = 0 instead of
* get_remote_ipaddr here so IP options will be checked.
*/
remote_ip = get_canonical_hostname(0);
#ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port);
@ -1695,10 +1706,10 @@ main(int ac, char **av)
verbose("Connection from %.500s port %d", remote_ip, remote_port);
/*
* We don\'t want to listen forever unless the other side
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
* cleared after successful authentication. A limit of zero
* indicates no limit. Note that we don\'t set the alarm in debugging
* indicates no limit. Note that we don't set the alarm in debugging
* mode; it is just annoying to have the server exit just when you
* are about to discover the bug.
*/
@ -1745,6 +1756,17 @@ main(int ac, char **av)
}
authenticated:
/*
* Cancel the alarm we set to limit the time taken for
* authentication.
*/
alarm(0);
signal(SIGALRM, SIG_DFL);
if (startup_pipe != -1) {
close(startup_pipe);
startup_pipe = -1;
}
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_AUTH_SUCCESS);
#endif

5
crypto/openssh/sshd_config
View File

@ -1,4 +1,4 @@
# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# $FreeBSD$
# This is the sshd server system-wide configuration file. See
@ -14,7 +14,7 @@
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
#VersionAddendum FreeBSD-20050903
#VersionAddendum FreeBSD-20060322
#Port 22
#Protocol 2
@ -101,6 +101,7 @@
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path

22
crypto/openssh/sshd_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $
.\" $OpenBSD: sshd_config.5,v 1.48 2006/01/02 17:09:49 jmc Exp $
.\" $FreeBSD$
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
@ -189,7 +189,7 @@ The default is
aes192-ctr,aes256-ctr''
.Ed
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see above) which may be
Sets the number of client alive messages (see below) which may be
sent without
.Nm sshd
receiving any messages back from the client.
@ -211,7 +211,7 @@ server depend on knowing when a connection has become inactive.
The default value is 3.
If
.Cm ClientAliveInterval
(above) is set to 15, and
(see below) is set to 15, and
.Cm ClientAliveCountMax
is left at the default, unresponsive ssh clients
will be disconnected after approximately 45 seconds.
@ -354,7 +354,7 @@ Kerberos servtab which allows the verification of the KDC's identity.
Default is
.Dq no .
.It Cm KerberosGetAFSToken
If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire
If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
an AFS token before accessing the user's home directory.
Default is
.Dq no .
@ -530,6 +530,18 @@ All other authentication methods are disabled for root.
If this option is set to
.Dq no
root is not allowed to log in.
.It Cm PermitTunnel
Specifies whether
.Xr tun 4
device forwarding is allowed.
The argument must be
.Dq yes ,
.Dq point-to-point ,
.Dq ethernet
or
.Dq no .
The default is
.Dq no .
.It Cm PermitUserEnvironment
Specifies whether
.Pa ~/.ssh/environment
@ -725,7 +737,7 @@ The default is
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
.Dq FreeBSD-20050903 .
.Dq FreeBSD-20060322 .
.It Cm X11DisplayOffset
Specifies the first display number available for
.Nm sshd Ns 's

6
crypto/openssh/version.h
View File

@ -1,12 +1,12 @@
/* $OpenBSD: version.h,v 1.45 2005/08/31 09:28:42 markus Exp $ */
/* $OpenBSD: version.h,v 1.46 2006/02/01 11:27:22 markus Exp $ */
/* $FreeBSD$ */
#ifndef SSH_VERSION
#define SSH_VERSION (ssh_version_get())
#define SSH_RELEASE (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_4.2p1"
#define SSH_VERSION_ADDENDUM "FreeBSD-20050903"
#define SSH_VERSION_BASE "OpenSSH_4.3p1"
#define SSH_VERSION_ADDENDUM "FreeBSD-20060322"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);