Vendor import of OpenSSH 4.1p1.
This commit is contained in:
parent
11a09ab416
commit
c4dfc1ed3b
@ -1,3 +1,178 @@
|
||||
20050524
|
||||
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
||||
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
|
||||
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
|
||||
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
|
||||
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
|
||||
USE_POSIX_THREADS will now generate an error so we don't silently change
|
||||
behaviour. ok djm@
|
||||
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
|
||||
allocation when retrieving core Windows environment. Add CYGWIN variable
|
||||
to propagated variables. Patch from vinschen at redhat.com, ok djm@
|
||||
- (djm) Release 4.1p1
|
||||
|
||||
20050524
|
||||
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
|
||||
terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
|
||||
"looks ok" dtucker@
|
||||
|
||||
20050512
|
||||
- (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
|
||||
hard link section. Bug 1038.
|
||||
|
||||
20050509
|
||||
- (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
|
||||
user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
|
||||
|
||||
20050504
|
||||
- (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
|
||||
unix domain socket, so catch that too; from jakob@ ok dtucker@
|
||||
|
||||
20050503
|
||||
- (dtucker) [canohost.c] normalise socket addresses returned by
|
||||
get_remote_hostname(). This means that IPv4 addresses in log messages
|
||||
on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
|
||||
AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
|
||||
addresses only for 4-in-6 mapped connections, regardless of whether
|
||||
or not the machine is IPv6 enabled. ok djm@
|
||||
|
||||
20050425
|
||||
- (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
|
||||
existence of a process since it's more portable. Found by jbasney at
|
||||
ncsa.uiuc.edu; ok tim@
|
||||
- (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
|
||||
will clean up anyway. From tim@
|
||||
- (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
|
||||
"make tests" works even if you're building on a filesystem that doesn't
|
||||
support sockets. From deengert at anl.gov, ok djm@
|
||||
|
||||
20050424
|
||||
- (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
|
||||
1.2.1.2 or higher. With tim@, ok djm@
|
||||
|
||||
20050423
|
||||
- (tim) [config.guess] Add support for OpenServer 6.
|
||||
|
||||
20050421
|
||||
- (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
|
||||
UseLogin is set as PAM is not used to establish credentials in that
|
||||
case. Found by Michael Selvesteen, ok djm@
|
||||
|
||||
20050419
|
||||
- (dtucker) [INSTALL] Reference README.privsep for the privilege separation
|
||||
requirements. Pointed out by Bengt Svensson.
|
||||
- (dtucker) [INSTALL] Put the s/key text and URL back together.
|
||||
- (dtucker) [INSTALL] Fix s/key text too.
|
||||
|
||||
20050411
|
||||
- (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
|
||||
|
||||
20050405
|
||||
- (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
|
||||
- (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
|
||||
Tru64. Patch from cmadams at hiwaay.net.
|
||||
- (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
|
||||
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
|
||||
|
||||
20050403
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- deraadt@cvs.openbsd.org 2005/03/31 18:39:21
|
||||
[scp.c]
|
||||
copy argv[] element instead of smashing the one that ps will see; ok otto
|
||||
- djm@cvs.openbsd.org 2005/04/02 12:41:16
|
||||
[scp.c]
|
||||
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
|
||||
build
|
||||
- (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
|
||||
will free as needed. ok tim@ djm@
|
||||
|
||||
20050331
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
|
||||
[ssh_config.5]
|
||||
get the syntax right for {Local,Remote}Forward;
|
||||
based on a diff from markus;
|
||||
problem report from ponraj;
|
||||
ok dtucker@ markus@ deraadt@
|
||||
- markus@cvs.openbsd.org 2005/03/16 21:17:39
|
||||
[version.h]
|
||||
4.1
|
||||
- jmc@cvs.openbsd.org 2005/03/18 17:05:00
|
||||
[sshd_config.5]
|
||||
typo;
|
||||
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
|
||||
handling of password expiry messages returned by AIX's authentication
|
||||
routines, originally reported by robvdwal at sara.nl.
|
||||
- (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
|
||||
message on some platforms. Patch from pete at seebeyond.com via djm.
|
||||
- (dtucker) [monitor.c] Remaining part of fix for bug #1006.
|
||||
|
||||
20050329
|
||||
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
|
||||
interested in which is much faster in large (eg LDAP or NIS) environments.
|
||||
Patch from dleonard at vintela.com.
|
||||
|
||||
20050321
|
||||
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
|
||||
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
|
||||
with & ok tim@
|
||||
- (dtucker) [configure.ac] Make configure error out if the user specifies
|
||||
--with-libedit but the required libs can't be found, rather than silently
|
||||
ignoring and continuing. ok tim@
|
||||
- (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
|
||||
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
|
||||
|
||||
20050317
|
||||
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
|
||||
Make --without-opensc work.
|
||||
- (tim) [configure.ac] portability changes on test statements. Some shells
|
||||
have problems with -a operator.
|
||||
- (tim) [configure.ac] make some configure options a little more error proof.
|
||||
- (tim) [configure.ac] remove trailing white space.
|
||||
|
||||
20050314
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
|
||||
[readconf.c]
|
||||
Check listen addresses for null, prevents xfree from dying during
|
||||
ClearAllForwardings (bz #996). From Craig Leres, ok markus@
|
||||
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
|
||||
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
|
||||
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
|
||||
readconf.c bufaux.c sftp.c]
|
||||
spacing
|
||||
- deraadt@cvs.openbsd.org 2005/03/10 22:40:38
|
||||
[auth-options.c]
|
||||
spacing
|
||||
- markus@cvs.openbsd.org 2005/03/11 14:59:06
|
||||
[ssh-keygen.c]
|
||||
typo, missing \n; mpech
|
||||
- jmc@cvs.openbsd.org 2005/03/12 11:55:03
|
||||
[ssh_config.5]
|
||||
escape `.' at eol to avoid double spacing issues;
|
||||
- dtucker@cvs.openbsd.org 2005/03/14 10:09:03
|
||||
[ssh-keygen.1]
|
||||
Correct description of -H (bz #997); ok markus@, punctuation jmc@
|
||||
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
|
||||
[auth.c]
|
||||
Populate host for log message for logins denied by AllowUsers and
|
||||
DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
|
||||
- markus@cvs.openbsd.org 2005/03/14 11:46:56
|
||||
[buffer.c buffer.h channels.c]
|
||||
limit input buffer size for channels; bugzilla #896; with and ok dtucker@
|
||||
- (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
|
||||
with a rpm -F
|
||||
|
||||
20050313
|
||||
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
|
||||
localized name of the local administrators group more reliable. From
|
||||
vinschen at redhat.com.
|
||||
|
||||
20050312
|
||||
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
|
||||
output ends up in the client's output, causing regress failures. Found
|
||||
by Corinna Vinschen.
|
||||
|
||||
20050309
|
||||
- (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
|
||||
so that regress tests behave. From Chris Adams.
|
||||
@ -2321,4 +2496,4 @@
|
||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $
|
||||
$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
You will need working installations of Zlib and OpenSSL.
|
||||
|
||||
Zlib 1.1.4 or greater:
|
||||
Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
|
||||
http://www.gzip.org/zlib/
|
||||
|
||||
OpenSSL 0.9.6 or greater:
|
||||
@ -50,20 +50,20 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
|
||||
http://www.lothar.com/tech/crypto/
|
||||
|
||||
S/Key Libraries:
|
||||
|
||||
If you wish to use --with-skey then you will need the library below
|
||||
installed. No other S/Key library is currently known to be supported.
|
||||
|
||||
http://www.sparc.spb.su/solaris/skey/
|
||||
|
||||
LibEdit:
|
||||
|
||||
sftp now supports command-line editing via NetBSD's libedit. If your
|
||||
platform has it available natively you can use that, alternatively
|
||||
you might try these multi-platform ports:
|
||||
|
||||
http://www.thrysoee.dk/editline/
|
||||
http://sourceforge.net/projects/libedit/
|
||||
|
||||
If you wish to use --with-skey then you will need the above library
|
||||
installed. No other current S/Key library is currently known to be
|
||||
supported.
|
||||
|
||||
2. Building / Installation
|
||||
--------------------------
|
||||
|
||||
@ -91,6 +91,10 @@ make install
|
||||
This will install the binaries in /opt/{bin,lib,sbin}, but will place the
|
||||
configuration files in /etc/ssh.
|
||||
|
||||
If you are using Privilege Separation (which is enabled by default)
|
||||
then you will also need to create the user, group and directory used by
|
||||
sshd for privilege separation. See README.privsep for details.
|
||||
|
||||
If you are using PAM, you may need to manually install a PAM control
|
||||
file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
|
||||
them). Note that the service name used to start PAM is __progname,
|
||||
@ -221,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at
|
||||
http://www.openssh.com/
|
||||
|
||||
|
||||
$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $
|
||||
$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $
|
||||
|
@ -61,4 +61,4 @@ References -
|
||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||
[7] http://www.openssh.com/faq.html
|
||||
|
||||
$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $
|
||||
$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $
|
||||
|
@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $");
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
@ -247,7 +247,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
host = hpdelim(&p);
|
||||
if (host == NULL || strlen(host) >= NI_MAXHOST) {
|
||||
debug("%.100s, line %lu: Bad permitopen "
|
||||
"specification <%.100s>", file, linenum,
|
||||
"specification <%.100s>", file, linenum,
|
||||
patterns);
|
||||
auth_debug_add("%.100s, line %lu: "
|
||||
"Bad permitopen specification", file,
|
||||
@ -255,8 +255,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
xfree(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
host = cleanhostname(host);
|
||||
if (p == NULL || (port = a2port(p)) == 0) {
|
||||
host = cleanhostname(host);
|
||||
if (p == NULL || (port = a2port(p)) == 0) {
|
||||
debug("%.100s, line %lu: Bad permitopen port "
|
||||
"<%.100s>", file, linenum, p ? p : "");
|
||||
auth_debug_add("%.100s, line %lu: "
|
||||
|
@ -47,7 +47,7 @@
|
||||
|
||||
/* Based on $FreeBSD$ */
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $");
|
||||
RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $");
|
||||
|
||||
#ifdef USE_PAM
|
||||
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
||||
@ -76,7 +76,17 @@ extern Buffer loginmsg;
|
||||
extern int compat20;
|
||||
extern u_int utmp_len;
|
||||
|
||||
/* so we don't silently change behaviour */
|
||||
#ifdef USE_POSIX_THREADS
|
||||
# error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Formerly known as USE_POSIX_THREADS, using this is completely unsupported
|
||||
* and generally a bad idea. Use at own risk and do not expect support if
|
||||
* this breaks.
|
||||
*/
|
||||
#ifdef UNSUPPORTED_POSIX_THREADS_HACK
|
||||
#include <pthread.h>
|
||||
/*
|
||||
* Avoid namespace clash when *not* using pthreads for systems *with*
|
||||
@ -98,7 +108,7 @@ struct pam_ctxt {
|
||||
static void sshpam_free_ctx(void *);
|
||||
static struct pam_ctxt *cleanup_ctxt;
|
||||
|
||||
#ifndef USE_POSIX_THREADS
|
||||
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
|
||||
/*
|
||||
* Simulate threads with processes.
|
||||
*/
|
||||
@ -255,7 +265,7 @@ import_environments(Buffer *b)
|
||||
|
||||
debug3("PAM: %s entering", __func__);
|
||||
|
||||
#ifndef USE_POSIX_THREADS
|
||||
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
|
||||
/* Import variables set by do_pam_account */
|
||||
sshpam_account_status = buffer_get_int(b);
|
||||
sshpam_password_change_required(buffer_get_int(b));
|
||||
@ -384,7 +394,7 @@ sshpam_thread(void *ctxtp)
|
||||
struct pam_conv sshpam_conv;
|
||||
int flags = (options.permit_empty_passwd == 0 ?
|
||||
PAM_DISALLOW_NULL_AUTHTOK : 0);
|
||||
#ifndef USE_POSIX_THREADS
|
||||
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
|
||||
extern char **environ;
|
||||
char **env_from_pam;
|
||||
u_int i;
|
||||
@ -428,7 +438,7 @@ sshpam_thread(void *ctxtp)
|
||||
|
||||
buffer_put_cstring(&buffer, "OK");
|
||||
|
||||
#ifndef USE_POSIX_THREADS
|
||||
#ifndef UNSUPPORTED_POSIX_THREADS_HACK
|
||||
/* Export variables set by do_pam_account */
|
||||
buffer_put_int(&buffer, sshpam_account_status);
|
||||
buffer_put_int(&buffer, sshpam_authctxt->force_pwchange);
|
||||
@ -447,7 +457,7 @@ sshpam_thread(void *ctxtp)
|
||||
buffer_put_int(&buffer, i);
|
||||
for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
|
||||
buffer_put_cstring(&buffer, env_from_pam[i]);
|
||||
#endif /* USE_POSIX_THREADS */
|
||||
#endif /* UNSUPPORTED_POSIX_THREADS_HACK */
|
||||
|
||||
/* XXX - can't do much about an error here */
|
||||
ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
|
||||
|
@ -47,7 +47,6 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $");
|
||||
|
||||
extern Buffer loginmsg;
|
||||
extern ServerOptions options;
|
||||
int sys_auth_passwd(Authctxt *, const char *);
|
||||
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
extern login_cap_t *lc;
|
||||
|
@ -47,7 +47,7 @@ extern int saved_argc;
|
||||
extern char **saved_argv;
|
||||
|
||||
int
|
||||
sys_auth_passwd(Authctxt *authctxt, char *pass)
|
||||
sys_auth_passwd(Authctxt *authctxt, const char *pass)
|
||||
{
|
||||
int ret;
|
||||
SIAENTITY *ent = NULL;
|
||||
|
@ -26,7 +26,6 @@
|
||||
|
||||
#ifdef HAVE_OSF_SIA
|
||||
|
||||
int sys_auth_passwd(Authctxt *, char *);
|
||||
void session_setup_sia(struct passwd *, char *);
|
||||
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $");
|
||||
RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $");
|
||||
|
||||
#ifdef HAVE_LOGIN_H
|
||||
#include <login.h>
|
||||
@ -145,7 +145,8 @@ allowed_user(struct passwd * pw)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (options.num_deny_users > 0 || options.num_allow_users > 0) {
|
||||
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
|
||||
options.num_deny_groups > 0 || options.num_allow_groups > 0) {
|
||||
hostname = get_canonical_hostname(options.use_dns);
|
||||
ipaddr = get_remote_ipaddr();
|
||||
}
|
||||
|
@ -30,6 +30,7 @@
|
||||
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "buffer.h"
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
@ -68,6 +69,7 @@ struct Authctxt {
|
||||
char *krb5_ticket_file;
|
||||
char *krb5_ccname;
|
||||
#endif
|
||||
Buffer *loginmsg;
|
||||
void *methoddata;
|
||||
};
|
||||
/*
|
||||
@ -185,6 +187,8 @@ void auth_debug_reset(void);
|
||||
|
||||
struct passwd *fakepw(void);
|
||||
|
||||
int sys_auth_passwd(Authctxt *, const char *);
|
||||
|
||||
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
|
||||
|
||||
#define SKEY_PROMPT "\nS/Key Password: "
|
||||
|
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.34 2004/12/06 16:00:43 markus Exp $");
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include "bufaux.h"
|
||||
@ -179,7 +179,7 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
u_int len;
|
||||
u_char *bin;
|
||||
|
||||
|
||||
if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
|
||||
error("buffer_get_bignum2_ret: invalid bignum");
|
||||
return (-1);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */
|
||||
/* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -40,7 +40,7 @@ void buffer_put_string(Buffer *, const void *, u_int);
|
||||
void buffer_put_cstring(Buffer *, const char *);
|
||||
|
||||
#define buffer_skip_string(b) \
|
||||
do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0)
|
||||
do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
|
||||
|
||||
int buffer_put_bignum_ret(Buffer *, const BIGNUM *);
|
||||
int buffer_get_bignum_ret(Buffer *, BIGNUM *);
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $");
|
||||
RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
@ -78,7 +78,7 @@ buffer_append_space(Buffer *buffer, u_int len)
|
||||
u_int newlen;
|
||||
void *p;
|
||||
|
||||
if (len > 0x100000)
|
||||
if (len > BUFFER_MAX_CHUNK)
|
||||
fatal("buffer_append_space: len %u not supported", len);
|
||||
|
||||
/* If the buffer is empty, start using it from the beginning. */
|
||||
@ -97,7 +97,7 @@ buffer_append_space(Buffer *buffer, u_int len)
|
||||
* If the buffer is quite empty, but all data is at the end, move the
|
||||
* data to the beginning and retry.
|
||||
*/
|
||||
if (buffer->offset > buffer->alloc / 2) {
|
||||
if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
|
||||
memmove(buffer->buf, buffer->buf + buffer->offset,
|
||||
buffer->end - buffer->offset);
|
||||
buffer->end -= buffer->offset;
|
||||
@ -107,7 +107,7 @@ buffer_append_space(Buffer *buffer, u_int len)
|
||||
/* Increase the size of the buffer and retry. */
|
||||
|
||||
newlen = buffer->alloc + len + 32768;
|
||||
if (newlen > 0xa00000)
|
||||
if (newlen > BUFFER_MAX_LEN)
|
||||
fatal("buffer_append_space: alloc %u not supported",
|
||||
newlen);
|
||||
buffer->buf = xrealloc(buffer->buf, newlen);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */
|
||||
/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -23,6 +23,9 @@ typedef struct {
|
||||
u_int end; /* Offset of last byte containing data. */
|
||||
} Buffer;
|
||||
|
||||
#define BUFFER_MAX_CHUNK 0x100000
|
||||
#define BUFFER_MAX_LEN 0xa00000
|
||||
|
||||
void buffer_init(Buffer *);
|
||||
void buffer_clear(Buffer *);
|
||||
void buffer_free(Buffer *);
|
||||
|
@ -282,11 +282,11 @@ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SY
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||
else
|
||||
[ "$RCS_D" = yes ] && \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
[ "$RC1_D" = no ] || \
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||
fi
|
||||
|
||||
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
|
||||
|
@ -251,6 +251,8 @@ get_socket_address(int sock, int remote, int flags)
|
||||
if (addr.ss_family == AF_INET6)
|
||||
addrlen = sizeof(struct sockaddr_in6);
|
||||
|
||||
ipv64_normalise_mapped(&addr, &addrlen);
|
||||
|
||||
/* Get the address in ascii. */
|
||||
if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
|
||||
sizeof(ntop), NULL, 0, flags)) != 0) {
|
||||
|
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $");
|
||||
RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -58,6 +58,8 @@ RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $");
|
||||
|
||||
/* -- channel core */
|
||||
|
||||
#define CHAN_RBUF 16*1024
|
||||
|
||||
/*
|
||||
* Pointer to an array containing all allocated channels. The array is
|
||||
* dynamically extended as needed.
|
||||
@ -712,6 +714,9 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
|
||||
|
||||
/* check buffer limits */
|
||||
limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF));
|
||||
|
||||
if (c->istate == CHAN_INPUT_OPEN &&
|
||||
limit > 0 &&
|
||||
buffer_len(&c->input) < limit)
|
||||
@ -1018,7 +1023,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
debug2("channel %d: only socks5 connect supported", c->self);
|
||||
return -1;
|
||||
}
|
||||
switch(s5_req.atyp){
|
||||
switch (s5_req.atyp){
|
||||
case SSH_SOCKS5_IPV4:
|
||||
addrlen = 4;
|
||||
af = AF_INET;
|
||||
@ -1360,7 +1365,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
static int
|
||||
channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
char buf[16*1024];
|
||||
char buf[CHAN_RBUF];
|
||||
int len;
|
||||
|
||||
if (c->rfd != -1 &&
|
||||
@ -1454,7 +1459,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
static int
|
||||
channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
char buf[16*1024];
|
||||
char buf[CHAN_RBUF];
|
||||
int len;
|
||||
|
||||
/** XXX handle drain efd, too */
|
||||
@ -2199,11 +2204,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
|
||||
|
||||
/*
|
||||
* Determine whether or not a port forward listens to loopback,
|
||||
* specified address or wildcard. On the client, a specified bind
|
||||
* address will always override gateway_ports. On the server, a
|
||||
* gateway_ports of 1 (``yes'') will override the client's
|
||||
* specification and force a wildcard bind, whereas a value of 2
|
||||
* (``clientspecified'') will bind to whatever address the client
|
||||
* specified address or wildcard. On the client, a specified bind
|
||||
* address will always override gateway_ports. On the server, a
|
||||
* gateway_ports of 1 (``yes'') will override the client's
|
||||
* specification and force a wildcard bind, whereas a value of 2
|
||||
* (``clientspecified'') will bind to whatever address the client
|
||||
* asked for.
|
||||
*
|
||||
* Special-case listen_addrs are:
|
||||
@ -2317,7 +2322,7 @@ channel_cancel_rport_listener(const char *host, u_short port)
|
||||
u_int i;
|
||||
int found = 0;
|
||||
|
||||
for(i = 0; i < channels_alloc; i++) {
|
||||
for (i = 0; i < channels_alloc; i++) {
|
||||
Channel *c = channels[i];
|
||||
|
||||
if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
|
||||
@ -2629,7 +2634,7 @@ channel_send_window_changes(void)
|
||||
struct winsize ws;
|
||||
|
||||
for (i = 0; i < channels_alloc; i++) {
|
||||
if (channels[i] == NULL || !channels[i]->client_tty ||
|
||||
if (channels[i] == NULL || !channels[i]->client_tty ||
|
||||
channels[i]->type != SSH_CHANNEL_OPEN)
|
||||
continue;
|
||||
if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
|
||||
|
@ -59,7 +59,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $");
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -627,7 +627,7 @@ client_process_control(fd_set * readset)
|
||||
"to %s? ", host);
|
||||
if (allowed)
|
||||
quit_pending = 1;
|
||||
/* FALLTHROUGH */
|
||||
/* FALLTHROUGH */
|
||||
case SSHMUX_COMMAND_ALIVE_CHECK:
|
||||
/* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
|
||||
buffer_clear(&m);
|
||||
|
3
crypto/openssh/config.guess
vendored
3
crypto/openssh/config.guess
vendored
@ -995,7 +995,8 @@ EOF
|
||||
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
|
||||
fi
|
||||
exit 0 ;;
|
||||
i*86:*:5:[78]*)
|
||||
i*86:*:5:[678]*)
|
||||
# Unixware 7.x, OpenUNIX 8, & OpenServer 6
|
||||
case `/bin/uname -X | grep "^Machine"` in
|
||||
*486*) UNAME_MACHINE=i486 ;;
|
||||
*Pentium) UNAME_MACHINE=i586 ;;
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $
|
||||
# $Id: configure.ac,v 1.260 2005/04/24 07:52:23 dtucker Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
@ -75,7 +75,7 @@ if test -z "$LD" ; then
|
||||
LD=$CC
|
||||
fi
|
||||
AC_SUBST(LD)
|
||||
|
||||
|
||||
AC_C_INLINE
|
||||
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
||||
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
|
||||
@ -84,7 +84,7 @@ fi
|
||||
AC_ARG_WITH(rpath,
|
||||
[ --without-rpath Disable auto-added -R linker paths],
|
||||
[
|
||||
if test "x$withval" = "xno" ; then
|
||||
if test "x$withval" = "xno" ; then
|
||||
need_dash_r=""
|
||||
fi
|
||||
if test "x$withval" = "xyes" ; then
|
||||
@ -123,7 +123,7 @@ case "$host" in
|
||||
])
|
||||
dnl Check for various auth function declarations in headers.
|
||||
AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
|
||||
passwdexpired], , , [#include <usersec.h>])
|
||||
passwdexpired, setauthdb], , , [#include <usersec.h>])
|
||||
dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
|
||||
AC_CHECK_DECLS(loginfailed,
|
||||
[AC_MSG_CHECKING(if loginfailed takes 4 arguments)
|
||||
@ -274,7 +274,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
;;
|
||||
*-*-netbsd*)
|
||||
check_for_libcrypt_before=1
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xno" ; then
|
||||
need_dash_r=1
|
||||
fi
|
||||
;;
|
||||
@ -297,7 +297,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
AC_DEFINE(BROKEN_SAVED_UIDS)
|
||||
;;
|
||||
*-*-solaris*)
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xno" ; then
|
||||
need_dash_r=1
|
||||
fi
|
||||
AC_DEFINE(PAM_SUN_CODEBASE)
|
||||
@ -361,6 +361,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
AC_DEFINE(SETEUID_BREAKS_SETUID)
|
||||
AC_DEFINE(BROKEN_SETREUID)
|
||||
AC_DEFINE(BROKEN_SETREGID)
|
||||
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
|
||||
;;
|
||||
# UnixWare 7.x, OpenUNIX 8
|
||||
*-*-sysv5*)
|
||||
@ -368,6 +369,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
AC_DEFINE(SETEUID_BREAKS_SETUID)
|
||||
AC_DEFINE(BROKEN_SETREUID)
|
||||
AC_DEFINE(BROKEN_SETREGID)
|
||||
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
|
||||
;;
|
||||
*-*-sysv*)
|
||||
;;
|
||||
@ -472,15 +474,17 @@ esac
|
||||
AC_ARG_WITH(cflags,
|
||||
[ --with-cflags Specify additional flags to pass to compiler],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
CFLAGS="$CFLAGS $withval"
|
||||
fi
|
||||
]
|
||||
]
|
||||
)
|
||||
AC_ARG_WITH(cppflags,
|
||||
[ --with-cppflags Specify additional flags to pass to preprocessor] ,
|
||||
[
|
||||
if test "x$withval" != "xno"; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
CPPFLAGS="$CPPFLAGS $withval"
|
||||
fi
|
||||
]
|
||||
@ -488,18 +492,20 @@ AC_ARG_WITH(cppflags,
|
||||
AC_ARG_WITH(ldflags,
|
||||
[ --with-ldflags Specify additional flags to pass to linker],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
LDFLAGS="$LDFLAGS $withval"
|
||||
fi
|
||||
]
|
||||
]
|
||||
)
|
||||
AC_ARG_WITH(libs,
|
||||
[ --with-libs Specify additional libraries to link with],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
LIBS="$LIBS $withval"
|
||||
fi
|
||||
]
|
||||
]
|
||||
)
|
||||
|
||||
AC_MSG_CHECKING(compiler and flags for sanity)
|
||||
@ -583,10 +589,9 @@ AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
|
||||
dnl zlib is required
|
||||
AC_ARG_WITH(zlib,
|
||||
[ --with-zlib=PATH Use zlib in PATH],
|
||||
[
|
||||
if test "x$withval" = "xno" ; then
|
||||
AC_MSG_ERROR([*** zlib is required ***])
|
||||
fi
|
||||
[ if test "x$withval" = "xno" ; then
|
||||
AC_MSG_ERROR([*** zlib is required ***])
|
||||
elif test "x$withval" != "xyes"; then
|
||||
if test -d "$withval/lib"; then
|
||||
if test -n "${need_dash_r}"; then
|
||||
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
|
||||
@ -605,7 +610,7 @@ AC_ARG_WITH(zlib,
|
||||
else
|
||||
CPPFLAGS="-I${withval} ${CPPFLAGS}"
|
||||
fi
|
||||
]
|
||||
fi ]
|
||||
)
|
||||
|
||||
AC_CHECK_LIB(z, deflate, ,
|
||||
@ -638,29 +643,40 @@ AC_ARG_WITH(zlib-version-check,
|
||||
]
|
||||
)
|
||||
|
||||
AC_MSG_CHECKING(for zlib 1.1.4 or greater)
|
||||
AC_MSG_CHECKING(for possibly buggy zlib)
|
||||
AC_RUN_IFELSE([AC_LANG_SOURCE([[
|
||||
#include <stdio.h>
|
||||
#include <zlib.h>
|
||||
int main()
|
||||
{
|
||||
int a, b, c, v;
|
||||
if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
|
||||
int a=0, b=0, c=0, d=0, n, v;
|
||||
n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
|
||||
if (n != 3 && n != 4)
|
||||
exit(1);
|
||||
v = a*1000000 + b*1000 + c;
|
||||
if (v >= 1001004)
|
||||
v = a*1000000 + b*10000 + c*100 + d;
|
||||
fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
|
||||
|
||||
/* 1.1.4 is OK */
|
||||
if (a == 1 && b == 1 && c >= 4)
|
||||
exit(0);
|
||||
|
||||
/* 1.2.1.2 and up are OK */
|
||||
if (v >= 1020102)
|
||||
exit(0);
|
||||
|
||||
exit(2);
|
||||
}
|
||||
]])],
|
||||
AC_MSG_RESULT(yes),
|
||||
[ AC_MSG_RESULT(no)
|
||||
AC_MSG_RESULT(no),
|
||||
[ AC_MSG_RESULT(yes)
|
||||
if test -z "$zlib_check_nonfatal" ; then
|
||||
AC_MSG_ERROR([*** zlib too old - check config.log ***
|
||||
Your reported zlib version has known security problems. It's possible your
|
||||
vendor has fixed these problems without changing the version number. If you
|
||||
are sure this is the case, you can disable the check by running
|
||||
"./configure --without-zlib-version-check".
|
||||
If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
|
||||
If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
|
||||
See http://www.gzip.org/zlib/ for details.])
|
||||
else
|
||||
AC_MSG_WARN([zlib version may have security problems])
|
||||
fi
|
||||
@ -730,7 +746,7 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
|
||||
AC_MSG_RESULT(no)
|
||||
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
|
||||
],
|
||||
[
|
||||
[
|
||||
AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
|
||||
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
|
||||
]
|
||||
@ -759,7 +775,7 @@ AC_ARG_WITH(skey,
|
||||
AC_DEFINE(SKEY)
|
||||
LIBS="-lskey $LIBS"
|
||||
SKEY_MSG="yes"
|
||||
|
||||
|
||||
AC_MSG_CHECKING([for s/key support])
|
||||
AC_TRY_RUN(
|
||||
[
|
||||
@ -794,7 +810,8 @@ AC_ARG_WITH(tcp-wrappers,
|
||||
saved_LIBS="$LIBS"
|
||||
saved_LDFLAGS="$LDFLAGS"
|
||||
saved_CPPFLAGS="$CPPFLAGS"
|
||||
if test -n "${withval}" -a "${withval}" != "yes"; then
|
||||
if test -n "${withval}" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
if test -d "${withval}/lib"; then
|
||||
if test -n "${need_dash_r}"; then
|
||||
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
|
||||
@ -846,13 +863,18 @@ LIBEDIT_MSG="no"
|
||||
AC_ARG_WITH(libedit,
|
||||
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
|
||||
[ if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xyes"; then
|
||||
CPPFLAGS="$CPPFLAGS -I$withval/include"
|
||||
LDFLAGS="$LDFLAGS -L$withval/lib"
|
||||
fi
|
||||
AC_CHECK_LIB(edit, el_init,
|
||||
[ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
|
||||
LIBEDIT="-ledit -lcurses"
|
||||
LIBEDIT_MSG="yes"
|
||||
AC_SUBST(LIBEDIT)
|
||||
],
|
||||
[], [-lcurses]
|
||||
[ AC_MSG_ERROR(libedit not found) ],
|
||||
[ -lcurses ]
|
||||
)
|
||||
fi ]
|
||||
)
|
||||
@ -1011,7 +1033,9 @@ if test "x$ac_cv_func_getpeereid" != "xyes" ; then
|
||||
[#include <sys/types.h>
|
||||
#include <sys/socket.h>],
|
||||
[int i = SO_PEERCRED;],
|
||||
[AC_MSG_RESULT(yes)],
|
||||
[ AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
|
||||
],
|
||||
[AC_MSG_RESULT(no)
|
||||
NO_PEERCHECK=1]
|
||||
)
|
||||
@ -1090,7 +1114,8 @@ main()
|
||||
)
|
||||
fi
|
||||
|
||||
if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
|
||||
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
|
||||
test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
|
||||
AC_MSG_CHECKING(if getaddrinfo seems to work)
|
||||
AC_TRY_RUN(
|
||||
[
|
||||
@ -1158,7 +1183,8 @@ main(void)
|
||||
)
|
||||
fi
|
||||
|
||||
if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then
|
||||
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
|
||||
test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
|
||||
AC_MSG_CHECKING(if getaddrinfo seems to work)
|
||||
AC_TRY_RUN(
|
||||
[
|
||||
@ -1467,7 +1493,7 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
|
||||
[
|
||||
AC_MSG_WARN([cross compiling: assuming yes])
|
||||
# This is safe, since all recent OpenSSL versions will
|
||||
# complain at runtime if not seeded correctly.
|
||||
# complain at runtime if not seeded correctly.
|
||||
OPENSSL_SEEDS_ITSELF=yes
|
||||
]
|
||||
)
|
||||
@ -1489,10 +1515,10 @@ AC_ARG_WITH(rand-helper,
|
||||
USE_RAND_HELPER=yes
|
||||
fi
|
||||
],
|
||||
)
|
||||
)
|
||||
|
||||
# Which randomness source do we use?
|
||||
if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
|
||||
if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
|
||||
# OpenSSL only
|
||||
AC_DEFINE(OPENSSL_PRNG_ONLY)
|
||||
RAND_MSG="OpenSSL internal ONLY"
|
||||
@ -1582,10 +1608,11 @@ entropy_timeout=200
|
||||
AC_ARG_WITH(entropy-timeout,
|
||||
[ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
entropy_timeout=$withval
|
||||
fi
|
||||
]
|
||||
]
|
||||
)
|
||||
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
|
||||
|
||||
@ -1593,10 +1620,11 @@ SSH_PRIVSEP_USER=sshd
|
||||
AC_ARG_WITH(privsep-user,
|
||||
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
|
||||
[
|
||||
if test -n "$withval"; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
SSH_PRIVSEP_USER=$withval
|
||||
fi
|
||||
]
|
||||
]
|
||||
)
|
||||
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
|
||||
AC_SUBST(SSH_PRIVSEP_USER)
|
||||
@ -2030,9 +2058,9 @@ fi
|
||||
AC_CHECK_TYPES(struct timespec)
|
||||
|
||||
# We need int64_t or else certian parts of the compile will fail.
|
||||
if test "x$ac_cv_have_int64_t" = "xno" -a \
|
||||
"x$ac_cv_sizeof_long_int" != "x8" -a \
|
||||
"x$ac_cv_sizeof_long_long_int" = "x0" ; then
|
||||
if test "x$ac_cv_have_int64_t" = "xno" && \
|
||||
test "x$ac_cv_sizeof_long_int" != "x8" && \
|
||||
test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
|
||||
echo "OpenSSH requires int64_t support. Contact your vendor or install"
|
||||
echo "an alternative compiler (I.E., GCC) before continuing."
|
||||
echo ""
|
||||
@ -2324,23 +2352,28 @@ AC_ARG_WITH(sectok,
|
||||
)
|
||||
|
||||
# Check whether user wants OpenSC support
|
||||
OPENSC_CONFIG="no"
|
||||
AC_ARG_WITH(opensc,
|
||||
AC_HELP_STRING([--with-opensc=PFX],
|
||||
[Enable smartcard support using OpenSC]),
|
||||
opensc_config_prefix="$withval", opensc_config_prefix="")
|
||||
if test x$opensc_config_prefix != x ; then
|
||||
OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
|
||||
AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
|
||||
if test "$OPENSC_CONFIG" != "no"; then
|
||||
LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
|
||||
LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
|
||||
CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
|
||||
LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
|
||||
AC_DEFINE(SMARTCARD)
|
||||
AC_DEFINE(USE_OPENSC)
|
||||
SCARD_MSG="yes, using OpenSC"
|
||||
fi
|
||||
fi
|
||||
[--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xyes" ; then
|
||||
OPENSC_CONFIG=$withval/bin/opensc-config
|
||||
else
|
||||
AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
|
||||
fi
|
||||
if test "$OPENSC_CONFIG" != "no"; then
|
||||
LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
|
||||
LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
|
||||
CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
|
||||
LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
|
||||
AC_DEFINE(SMARTCARD)
|
||||
AC_DEFINE(USE_OPENSC)
|
||||
SCARD_MSG="yes, using OpenSC"
|
||||
fi
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
# Check libraries needed by DNS fingerprint support
|
||||
AC_SEARCH_LIBS(getrrsetbyname, resolv,
|
||||
@ -2423,7 +2456,7 @@ AC_ARG_WITH(kerberos5,
|
||||
AC_DEFINE(HEIMDAL)
|
||||
K5LIBS="-lkrb5 -ldes"
|
||||
K5LIBS="$K5LIBS -lcom_err -lasn1"
|
||||
AC_CHECK_LIB(roken, net_write,
|
||||
AC_CHECK_LIB(roken, net_write,
|
||||
[K5LIBS="$K5LIBS -lroken"])
|
||||
],
|
||||
[ AC_MSG_RESULT(no)
|
||||
@ -2442,7 +2475,7 @@ AC_ARG_WITH(kerberos5,
|
||||
$K5LIBS)
|
||||
],
|
||||
$K5LIBS)
|
||||
|
||||
|
||||
AC_CHECK_HEADER(gssapi.h, ,
|
||||
[ unset ac_cv_header_gssapi_h
|
||||
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
|
||||
@ -2482,7 +2515,8 @@ PRIVSEP_PATH=/var/empty
|
||||
AC_ARG_WITH(privsep-path,
|
||||
[ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
|
||||
[
|
||||
if test "x$withval" != "$no" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
PRIVSEP_PATH=$withval
|
||||
fi
|
||||
]
|
||||
@ -2492,7 +2526,8 @@ AC_SUBST(PRIVSEP_PATH)
|
||||
AC_ARG_WITH(xauth,
|
||||
[ --with-xauth=PATH Specify path to xauth program ],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
xauth_path=$withval
|
||||
fi
|
||||
],
|
||||
@ -2610,7 +2645,7 @@ AC_ARG_WITH(md5-passwords,
|
||||
AC_ARG_WITH(shadow,
|
||||
[ --without-shadow Disable shadow password support],
|
||||
[
|
||||
if test "x$withval" = "xno" ; then
|
||||
if test "x$withval" = "xno" ; then
|
||||
AC_DEFINE(DISABLE_SHADOW)
|
||||
disable_shadow=yes
|
||||
fi
|
||||
@ -2645,7 +2680,7 @@ else
|
||||
AC_ARG_WITH(ipaddr-display,
|
||||
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xno" ; then
|
||||
AC_DEFINE(IPADDR_IN_DISPLAY)
|
||||
DISPLAY_HACK_MSG="yes"
|
||||
fi
|
||||
@ -2677,8 +2712,8 @@ if test "x$etc_default_login" != "xno"; then
|
||||
fi
|
||||
|
||||
dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
|
||||
if test $ac_cv_func_login_getcapbool = "yes" -a \
|
||||
$ac_cv_header_login_cap_h = "yes" ; then
|
||||
if test $ac_cv_func_login_getcapbool = "yes" && \
|
||||
test $ac_cv_header_login_cap_h = "yes" ; then
|
||||
external_path_file=/etc/login.conf
|
||||
fi
|
||||
|
||||
@ -2691,7 +2726,7 @@ AC_ARG_WITH(default-path,
|
||||
AC_MSG_WARN([
|
||||
--with-default-path=PATH has no effect on this system.
|
||||
Edit /etc/login.conf instead.])
|
||||
elif test "x$withval" != "xno" ; then
|
||||
elif test "x$withval" != "xno" ; then
|
||||
if test ! -z "$external_path_file" ; then
|
||||
AC_MSG_WARN([
|
||||
--with-default-path=PATH will only be used if PATH is not defined in
|
||||
@ -2732,11 +2767,11 @@ main()
|
||||
{
|
||||
FILE *fd;
|
||||
int rc;
|
||||
|
||||
|
||||
fd = fopen(DATA,"w");
|
||||
if(fd == NULL)
|
||||
exit(1);
|
||||
|
||||
|
||||
if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
|
||||
exit(1);
|
||||
|
||||
@ -2773,7 +2808,8 @@ fi
|
||||
AC_ARG_WITH(superuser-path,
|
||||
[ --with-superuser-path= Specify different path for super-user],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
|
||||
superuser_path=$withval
|
||||
fi
|
||||
@ -2809,7 +2845,7 @@ BSD_AUTH_MSG=no
|
||||
AC_ARG_WITH(bsd-auth,
|
||||
[ --with-bsd-auth Enable BSD auth support],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xno" ; then
|
||||
AC_DEFINE(BSD_AUTH)
|
||||
BSD_AUTH_MSG=yes
|
||||
fi
|
||||
@ -2819,7 +2855,7 @@ AC_ARG_WITH(bsd-auth,
|
||||
# Where to place sshd.pid
|
||||
piddir=/var/run
|
||||
# make sure the directory exists
|
||||
if test ! -d $piddir ; then
|
||||
if test ! -d $piddir ; then
|
||||
piddir=`eval echo ${sysconfdir}`
|
||||
case $piddir in
|
||||
NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
|
||||
@ -2829,9 +2865,10 @@ fi
|
||||
AC_ARG_WITH(pid-dir,
|
||||
[ --with-pid-dir=PATH Specify location of ssh.pid file],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n "$withval" && test "x$withval" != "xno" && \
|
||||
test "x${withval}" != "xyes"; then
|
||||
piddir=$withval
|
||||
if test ! -d $piddir ; then
|
||||
if test ! -d $piddir ; then
|
||||
AC_MSG_WARN([** no $piddir directory on this system **])
|
||||
fi
|
||||
fi
|
||||
@ -2909,9 +2946,9 @@ AC_ARG_ENABLE(pututxline,
|
||||
AC_ARG_WITH(lastlog,
|
||||
[ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
|
||||
[
|
||||
if test "x$withval" = "xno" ; then
|
||||
if test "x$withval" = "xno" ; then
|
||||
AC_DEFINE(DISABLE_LASTLOG)
|
||||
else
|
||||
elif test -n "$withval" && test "x${withval}" != "xyes"; then
|
||||
conf_lastlog_location=$withval
|
||||
fi
|
||||
]
|
||||
@ -2978,7 +3015,7 @@ fi
|
||||
|
||||
if test -n "$conf_lastlog_location"; then
|
||||
AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl utmp detection
|
||||
AC_MSG_CHECKING([if your system defines UTMP_FILE])
|
||||
@ -3008,7 +3045,7 @@ if test -z "$conf_utmp_location"; then
|
||||
fi
|
||||
if test -n "$conf_utmp_location"; then
|
||||
AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl wtmp detection
|
||||
AC_MSG_CHECKING([if your system defines WTMP_FILE])
|
||||
@ -3038,7 +3075,7 @@ if test -z "$conf_wtmp_location"; then
|
||||
fi
|
||||
if test -n "$conf_wtmp_location"; then
|
||||
AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
dnl utmpx detection - I don't know any system so perverse as to require
|
||||
@ -3066,7 +3103,7 @@ if test -z "$conf_utmpx_location"; then
|
||||
fi
|
||||
else
|
||||
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl wtmpx detection
|
||||
AC_MSG_CHECKING([if your system defines WTMPX_FILE])
|
||||
@ -3091,7 +3128,7 @@ if test -z "$conf_wtmpx_location"; then
|
||||
fi
|
||||
else
|
||||
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if test ! -z "$blibpath" ; then
|
||||
|
@ -36,7 +36,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: hostfile.c,v 1.33 2005/03/01 10:40:26 djm Exp $");
|
||||
RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include <resolv.h>
|
||||
#include <openssl/hmac.h>
|
||||
@ -92,7 +92,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
|
||||
salt_len, ret);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -123,7 +123,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
|
||||
HMAC_Final(&mac_ctx, result, NULL);
|
||||
HMAC_cleanup(&mac_ctx);
|
||||
|
||||
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
|
||||
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
|
||||
__b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
|
||||
fatal("host_hash: __b64_ntop failed");
|
||||
|
||||
@ -310,7 +310,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host,
|
||||
*/
|
||||
|
||||
int
|
||||
add_host_to_hostfile(const char *filename, const char *host, const Key *key,
|
||||
add_host_to_hostfile(const char *filename, const char *host, const Key *key,
|
||||
int store_hash)
|
||||
{
|
||||
FILE *f;
|
||||
|
@ -196,6 +196,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
|
||||
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
|
||||
struct syslog_data sdata = SYSLOG_DATA_INIT;
|
||||
#endif
|
||||
|
||||
argv0 = av0;
|
||||
|
||||
switch (level) {
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $");
|
||||
RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include "misc.h"
|
||||
#include "log.h"
|
||||
@ -303,13 +303,13 @@ hpdelim(char **cp)
|
||||
case '\0':
|
||||
*cp = NULL; /* no more fields*/
|
||||
break;
|
||||
|
||||
|
||||
case ':':
|
||||
case '/':
|
||||
*s = '\0'; /* terminate */
|
||||
*cp = s + 1;
|
||||
break;
|
||||
|
||||
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
@ -391,7 +391,7 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
|
||||
debug("%s: %s line %lu exceeds size limit", __func__,
|
||||
filename, *lineno);
|
||||
/* discard remainder of line */
|
||||
while(fgetc(f) != '\n' && !feof(f))
|
||||
while (fgetc(f) != '\n' && !feof(f))
|
||||
; /* nothing */
|
||||
}
|
||||
}
|
||||
|
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $");
|
||||
RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
||||
@ -310,6 +310,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
||||
authctxt = _authctxt;
|
||||
memset(authctxt, 0, sizeof(*authctxt));
|
||||
|
||||
authctxt->loginmsg = &loginmsg;
|
||||
|
||||
if (compat20) {
|
||||
mon_dispatch = mon_dispatch_proto20;
|
||||
|
||||
@ -976,7 +978,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
debug3("%s: key_from_blob: %p", __func__, key);
|
||||
|
||||
if (key != NULL && authctxt->valid) {
|
||||
switch(type) {
|
||||
switch (type) {
|
||||
case MM_USERKEY:
|
||||
allowed = options.pubkey_authentication &&
|
||||
user_key_allowed(authctxt->pw, key);
|
||||
@ -1523,7 +1525,6 @@ mm_answer_audit_event(int socket, Buffer *m)
|
||||
debug3("%s entering", __func__);
|
||||
|
||||
event = buffer_get_int(m);
|
||||
buffer_free(m);
|
||||
switch(event) {
|
||||
case SSH_AUTH_FAIL_PUBKEY:
|
||||
case SSH_AUTH_FAIL_HOSTBASED:
|
||||
@ -1552,7 +1553,6 @@ mm_answer_audit_command(int socket, Buffer *m)
|
||||
/* sanity check command, if so how? */
|
||||
audit_run_command(cmd);
|
||||
xfree(cmd);
|
||||
buffer_free(m);
|
||||
return (0);
|
||||
}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
|
@ -29,7 +29,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $");
|
||||
RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $");
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
|
||||
@ -247,6 +247,7 @@ static struct wenv {
|
||||
{ NL("COMMONPROGRAMFILES=") },
|
||||
{ NL("COMPUTERNAME=") },
|
||||
{ NL("COMSPEC=") },
|
||||
{ NL("CYGWIN=") },
|
||||
{ NL("NUMBER_OF_PROCESSORS=") },
|
||||
{ NL("OS=") },
|
||||
{ NL("PATH=") },
|
||||
@ -260,7 +261,7 @@ static struct wenv {
|
||||
{ NL("SYSTEMROOT=") },
|
||||
{ NL("TMP=") },
|
||||
{ NL("TEMP=") },
|
||||
{ NL("WINDIR=") },
|
||||
{ NL("WINDIR=") }
|
||||
};
|
||||
|
||||
char **
|
||||
@ -269,7 +270,7 @@ fetch_windows_environment(void)
|
||||
char **e, **p;
|
||||
int i, idx = 0;
|
||||
|
||||
p = xmalloc(WENV_SIZ * sizeof(char *));
|
||||
p = xmalloc((WENV_SIZ + 1) * sizeof(char *));
|
||||
for (e = environ; *e != NULL; ++e) {
|
||||
for (i = 0; i < WENV_SIZ; ++i) {
|
||||
if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))
|
||||
|
@ -151,7 +151,7 @@ aix_valid_authentications(const char *user)
|
||||
* returns 0.
|
||||
*/
|
||||
int
|
||||
sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
|
||||
sys_auth_passwd(Authctxt *ctxt, const char *password)
|
||||
{
|
||||
char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
|
||||
int authsuccess = 0, expired, reenter, result;
|
||||
@ -181,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
|
||||
*/
|
||||
expired = passwdexpired(name, &msg);
|
||||
if (msg && *msg) {
|
||||
buffer_append(loginmsg, msg, strlen(msg));
|
||||
buffer_append(ctxt->loginmsg, msg, strlen(msg));
|
||||
aix_remove_embedded_newlines(msg);
|
||||
}
|
||||
debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */
|
||||
/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
@ -47,7 +47,9 @@
|
||||
|
||||
/* These should be in the system headers but are not. */
|
||||
int usrinfo(int, char *, int);
|
||||
#if (HAVE_DECL_SETAUTHDB == 0)
|
||||
int setauthdb(const char *, char *);
|
||||
#endif
|
||||
/* these may or may not be in the headers depending on the version */
|
||||
#if (HAVE_DECL_AUTHENTICATE == 0)
|
||||
int authenticate(char *, char *, int *, char **);
|
||||
|
@ -137,8 +137,11 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
|
||||
(void)write(output, "\n", 1);
|
||||
|
||||
/* Restore old terminal settings and signals. */
|
||||
if (memcmp(&term, &oterm, sizeof(term)) != 0)
|
||||
(void)tcsetattr(input, _T_FLUSH, &oterm);
|
||||
if (memcmp(&term, &oterm, sizeof(term)) != 0) {
|
||||
while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
|
||||
errno == EINTR)
|
||||
continue;
|
||||
}
|
||||
(void)sigaction(SIGALRM, &savealrm, NULL);
|
||||
(void)sigaction(SIGHUP, &savehup, NULL);
|
||||
(void)sigaction(SIGINT, &saveint, NULL);
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $");
|
||||
RCSID("$OpenBSD: readconf.c,v 1.139 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
@ -253,12 +253,14 @@ clear_forwardings(Options *options)
|
||||
int i;
|
||||
|
||||
for (i = 0; i < options->num_local_forwards; i++) {
|
||||
xfree(options->local_forwards[i].listen_host);
|
||||
if (options->local_forwards[i].listen_host != NULL)
|
||||
xfree(options->local_forwards[i].listen_host);
|
||||
xfree(options->local_forwards[i].connect_host);
|
||||
}
|
||||
options->num_local_forwards = 0;
|
||||
for (i = 0; i < options->num_remote_forwards; i++) {
|
||||
xfree(options->remote_forwards[i].listen_host);
|
||||
if (options->remote_forwards[i].listen_host != NULL)
|
||||
xfree(options->remote_forwards[i].listen_host);
|
||||
xfree(options->remote_forwards[i].connect_host);
|
||||
}
|
||||
options->num_remote_forwards = 0;
|
||||
@ -299,7 +301,7 @@ process_config_line(Options *options, const char *host,
|
||||
Forward fwd;
|
||||
|
||||
/* Strip trailing whitespace */
|
||||
for(len = strlen(line) - 1; len > 0; len--) {
|
||||
for (len = strlen(line) - 1; len > 0; len--) {
|
||||
if (strchr(WHITESPACE, line[len]) == NULL)
|
||||
break;
|
||||
line[len] = '\0';
|
||||
|
@ -1,7 +1,7 @@
|
||||
# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $
|
||||
# Placed in the Public Domain.
|
||||
|
||||
CTL=$OBJ/ctl-sock
|
||||
CTL=/tmp/openssh.regress.ctl-sock.$$
|
||||
|
||||
tid="connection multiplexing"
|
||||
|
||||
@ -89,6 +89,4 @@ ${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed"
|
||||
# Wait for master to exit
|
||||
sleep 2
|
||||
|
||||
ps -p $MASTER_PID >/dev/null && fail "exit command failed"
|
||||
|
||||
cleanup
|
||||
kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed"
|
||||
|
@ -197,7 +197,7 @@ cat << EOF > $OBJ/sshd_config
|
||||
#ListenAddress ::1
|
||||
PidFile $PIDFILE
|
||||
AuthorizedKeysFile $OBJ/authorized_keys_%u
|
||||
LogLevel DEBUG
|
||||
LogLevel VERBOSE
|
||||
AcceptEnv _XXX_TEST_*
|
||||
AcceptEnv _XXX_TEST
|
||||
Subsystem sftp $SFTPSERVER
|
||||
|
@ -71,7 +71,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: scp.c,v 1.119 2005/01/24 10:22:06 dtucker Exp $");
|
||||
RCSID("$OpenBSD: scp.c,v 1.121 2005/04/02 12:41:16 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "atomicio.h"
|
||||
@ -361,20 +361,21 @@ void
|
||||
toremote(char *targ, int argc, char **argv)
|
||||
{
|
||||
int i, len;
|
||||
char *bp, *host, *src, *suser, *thost, *tuser;
|
||||
char *bp, *host, *src, *suser, *thost, *tuser, *arg;
|
||||
|
||||
*targ++ = 0;
|
||||
if (*targ == 0)
|
||||
targ = ".";
|
||||
|
||||
if ((thost = strrchr(argv[argc - 1], '@'))) {
|
||||
arg = xstrdup(argv[argc - 1]);
|
||||
if ((thost = strrchr(arg, '@'))) {
|
||||
/* user@host */
|
||||
*thost++ = 0;
|
||||
tuser = argv[argc - 1];
|
||||
tuser = arg;
|
||||
if (*tuser == '\0')
|
||||
tuser = NULL;
|
||||
} else {
|
||||
thost = argv[argc - 1];
|
||||
thost = arg;
|
||||
tuser = NULL;
|
||||
}
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $");
|
||||
RCSID("$OpenBSD: servconf.c,v 1.140 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
@ -1001,7 +1001,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf)
|
||||
|
||||
obuf = cbuf = xstrdup(buffer_ptr(conf));
|
||||
linenum = 1;
|
||||
while((cp = strsep(&cbuf, "\n")) != NULL) {
|
||||
while ((cp = strsep(&cbuf, "\n")) != NULL) {
|
||||
if (process_server_config_line(options, cp, filename,
|
||||
linenum++) != 0)
|
||||
bad_options++;
|
||||
|
@ -1477,7 +1477,8 @@ do_child(Session *s, const char *command)
|
||||
}
|
||||
|
||||
#ifdef USE_PAM
|
||||
if (options.use_pam && !is_pam_session_open()) {
|
||||
if (options.use_pam && !options.use_login && !is_pam_session_open()) {
|
||||
debug3("PAM session not opened, exiting");
|
||||
display_loginmsg();
|
||||
exit(254);
|
||||
}
|
||||
|
@ -20,7 +20,7 @@
|
||||
/* XXX: copy between two remote sites */
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $");
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@ -856,7 +856,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
||||
debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
|
||||
|
||||
/* Find the request in our queue */
|
||||
for(req = TAILQ_FIRST(&requests);
|
||||
for (req = TAILQ_FIRST(&requests);
|
||||
req != NULL && req->id != id;
|
||||
req = TAILQ_NEXT(req, tq))
|
||||
;
|
||||
@ -1109,7 +1109,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
debug3("SSH2_FXP_STATUS %d", status);
|
||||
|
||||
/* Find the request in our queue */
|
||||
for(ack = TAILQ_FIRST(&acks);
|
||||
for (ack = TAILQ_FIRST(&acks);
|
||||
ack != NULL && ack->id != r_id;
|
||||
ack = TAILQ_NEXT(ack, tq))
|
||||
;
|
||||
|
@ -16,7 +16,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $");
|
||||
RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
|
||||
|
||||
#ifdef USE_LIBEDIT
|
||||
#include <histedit.h>
|
||||
@ -357,7 +357,7 @@ parse_ls_flags(const char **cpp, int *lflag)
|
||||
|
||||
/* Check for flags */
|
||||
if (cp++[0] == '-') {
|
||||
for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
|
||||
for (; strchr(WHITESPACE, *cp) == NULL; cp++) {
|
||||
switch (*cp) {
|
||||
case 'l':
|
||||
*lflag &= ~VIEW_FLAGS;
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-add.c,v 1.70 2004/05/08 00:21:31 djm Exp $");
|
||||
RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -389,7 +389,7 @@ main(int argc, char **argv)
|
||||
goto done;
|
||||
}
|
||||
|
||||
for(i = 0; default_files[i]; i++) {
|
||||
for (i = 0; default_files[i]; i++) {
|
||||
snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
|
||||
default_files[i]);
|
||||
if (stat(buf, &st) < 0)
|
||||
@ -402,7 +402,7 @@ main(int argc, char **argv)
|
||||
if (count == 0)
|
||||
ret = 1;
|
||||
} else {
|
||||
for(i = 0; i < argc; i++) {
|
||||
for (i = 0; i < argc; i++) {
|
||||
if (do_file(ac, deleting, argv[i]) == -1)
|
||||
ret = 1;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
@ -232,8 +232,10 @@ command.
|
||||
.It Fl H
|
||||
Hash a
|
||||
.Pa known_hosts
|
||||
file, printing the result to standard output.
|
||||
This replaces all hostnames and addresses with hashed representations.
|
||||
file.
|
||||
This replaces all hostnames and addresses with hashed representations
|
||||
within the specified file; the original content is moved to a file with
|
||||
a .old suffix.
|
||||
These hashes may be used normally by
|
||||
.Nm ssh
|
||||
and
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
@ -684,7 +684,7 @@ do_known_hosts(struct passwd *pw, const char *name)
|
||||
if (delete_host && !c)
|
||||
print_host(out, cp, public, 0);
|
||||
} else if (hash_hosts) {
|
||||
for(cp2 = strsep(&cp, ",");
|
||||
for (cp2 = strsep(&cp, ",");
|
||||
cp2 != NULL && *cp2 != '\0';
|
||||
cp2 = strsep(&cp, ",")) {
|
||||
if (strcspn(cp2, "*?!") != strlen(cp2))
|
||||
@ -707,7 +707,7 @@ do_known_hosts(struct passwd *pw, const char *name)
|
||||
identity_file);
|
||||
if (inplace) {
|
||||
fprintf(stderr, "Not replacing existing known_hosts "
|
||||
"file beacuse of errors");
|
||||
"file because of errors\n");
|
||||
fclose(out);
|
||||
unlink(tmp);
|
||||
}
|
||||
|
@ -40,7 +40,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $");
|
||||
RCSID("$OpenBSD: ssh.c,v 1.234 2005/03/10 22:01:06 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
@ -856,8 +856,8 @@ ssh_init_forwarding(void)
|
||||
for (i = 0; i < options.num_local_forwards; i++) {
|
||||
debug("Local connections to %.200s:%d forwarded to remote "
|
||||
"address %.200s:%d",
|
||||
(options.local_forwards[i].listen_host == NULL) ?
|
||||
(options.gateway_ports ? "*" : "LOCALHOST") :
|
||||
(options.local_forwards[i].listen_host == NULL) ?
|
||||
(options.gateway_ports ? "*" : "LOCALHOST") :
|
||||
options.local_forwards[i].listen_host,
|
||||
options.local_forwards[i].listen_port,
|
||||
options.local_forwards[i].connect_host,
|
||||
@ -876,6 +876,8 @@ ssh_init_forwarding(void)
|
||||
for (i = 0; i < options.num_remote_forwards; i++) {
|
||||
debug("Remote connections from %.200s:%d forwarded to "
|
||||
"local address %.200s:%d",
|
||||
(options.remote_forwards[i].listen_host == NULL) ?
|
||||
(options.gateway_ports ? "*" : "LOCALHOST") :
|
||||
options.remote_forwards[i].listen_host,
|
||||
options.remote_forwards[i].listen_port,
|
||||
options.remote_forwards[i].connect_host,
|
||||
@ -1093,7 +1095,7 @@ ssh_control_listener(void)
|
||||
old_umask = umask(0177);
|
||||
if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {
|
||||
control_fd = -1;
|
||||
if (errno == EINVAL)
|
||||
if (errno == EINVAL || errno == EADDRINUSE)
|
||||
fatal("ControlSocket %s already exists",
|
||||
options.control_path);
|
||||
else
|
||||
@ -1343,7 +1345,7 @@ control_client(const char *path)
|
||||
|
||||
switch (mux_command) {
|
||||
case SSHMUX_COMMAND_ALIVE_CHECK:
|
||||
fprintf(stderr, "Master running (pid=%d)\r\n",
|
||||
fprintf(stderr, "Master running (pid=%d)\r\n",
|
||||
control_server_pid);
|
||||
exit(0);
|
||||
case SSHMUX_COMMAND_TERMINATE:
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.49 2005/03/16 11:10:38 jmc Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
@ -495,21 +495,17 @@ The default is to use the server specified list.
|
||||
.It Cm LocalForward
|
||||
Specifies that a TCP/IP port on the local machine be forwarded over
|
||||
the secure channel to the specified host and port from the remote machine.
|
||||
The first argument must be a port number, and the second must be
|
||||
.Xo
|
||||
The first argument must be
|
||||
.Sm off
|
||||
.Oo Ar bind_address : Oc
|
||||
.Ar host : port
|
||||
.Oo Ar bind_address : Oc Ar port
|
||||
.Sm on
|
||||
.Xc .
|
||||
and the second argument must be
|
||||
.Ar host : Ns Ar hostport .
|
||||
IPv6 addresses can be specified by enclosing addresses in square brackets or
|
||||
by using an alternative syntax:
|
||||
.Sm off
|
||||
.Xo
|
||||
.Op Ar bind_address No /
|
||||
.Ar host No / Ar port
|
||||
.Xc .
|
||||
.Sm on
|
||||
.Oo Ar bind_address Ns / Oc Ns Ar port
|
||||
and
|
||||
.Ar host Ns / Ns Ar hostport .
|
||||
Multiple forwardings may be specified, and additional forwardings can be
|
||||
given on the command line.
|
||||
Only the superuser can forward privileged ports.
|
||||
@ -571,9 +567,9 @@ Default is 22.
|
||||
.It Cm PreferredAuthentications
|
||||
Specifies the order in which the client should try protocol 2
|
||||
authentication methods.
|
||||
This allows a client to prefer one method (e.g.
|
||||
This allows a client to prefer one method (e.g.\&
|
||||
.Cm keyboard-interactive )
|
||||
over another method (e.g.
|
||||
over another method (e.g.\&
|
||||
.Cm password )
|
||||
The default for this option is:
|
||||
.Dq hostbased,publickey,keyboard-interactive,password .
|
||||
@ -632,21 +628,17 @@ This option applies to protocol version 2 only.
|
||||
.It Cm RemoteForward
|
||||
Specifies that a TCP/IP port on the remote machine be forwarded over
|
||||
the secure channel to the specified host and port from the local machine.
|
||||
The first argument must be a port number, and the second must be
|
||||
.Xo
|
||||
The first argument must be
|
||||
.Sm off
|
||||
.Oo Ar bind_address : Oc
|
||||
.Ar host : port
|
||||
.Sm on
|
||||
.Xc .
|
||||
IPv6 addresses can be specified by enclosing any addresses in square brackets
|
||||
or by using the alternative syntax:
|
||||
.Sm off
|
||||
.Xo
|
||||
.Op Ar bind_address No /
|
||||
.Ar host No / Ar port
|
||||
.Xc .
|
||||
.Oo Ar bind_address : Oc Ar port
|
||||
.Sm on
|
||||
and the second argument must be
|
||||
.Ar host : Ns Ar hostport .
|
||||
IPv6 addresses can be specified by enclosing addresses in square brackets
|
||||
or by using an alternative syntax:
|
||||
.Oo Ar bind_address Ns / Oc Ns Ar port
|
||||
and
|
||||
.Ar host Ns / Ns Ar hostport .
|
||||
Multiple forwardings may be specified, and additional
|
||||
forwardings can be given on the command line.
|
||||
Only the superuser can forward privileged ports.
|
||||
|
@ -13,7 +13,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.162 2005/03/10 22:01:06 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
@ -247,13 +247,13 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
|
||||
tv.tv_sec = timeout;
|
||||
tv.tv_usec = 0;
|
||||
|
||||
for(;;) {
|
||||
for (;;) {
|
||||
rc = select(sockfd + 1, NULL, fdset, NULL, &tv);
|
||||
if (rc != -1 || errno != EINTR)
|
||||
break;
|
||||
}
|
||||
|
||||
switch(rc) {
|
||||
switch (rc) {
|
||||
case 0:
|
||||
/* Timed out */
|
||||
errno = ETIMEDOUT;
|
||||
|
@ -1673,6 +1673,8 @@ main(int ac, char **av)
|
||||
authctxt = xmalloc(sizeof(*authctxt));
|
||||
memset(authctxt, 0, sizeof(*authctxt));
|
||||
|
||||
authctxt->loginmsg = &loginmsg;
|
||||
|
||||
/* XXX global for cleanup, access from other modules */
|
||||
the_authctxt = authctxt;
|
||||
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
@ -630,7 +630,7 @@ To disable TCP keepalive messages, the value should be set to
|
||||
.It Cm UseDNS
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
should lookup the remote host name and check that
|
||||
should look up the remote host name and check that
|
||||
the resolved host name for the remote IP address maps back to the
|
||||
very same IP address.
|
||||
The default is
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */
|
||||
/* $OpenBSD: version.h,v 1.44 2005/03/16 21:17:39 markus Exp $ */
|
||||
|
||||
#define SSH_VERSION "OpenSSH_4.0"
|
||||
#define SSH_VERSION "OpenSSH_4.1"
|
||||
|
||||
#define SSH_PORTABLE "p1"
|
||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
||||
|
Loading…
Reference in New Issue
Block a user